|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--com.rsa.certj.cert.extensions.X509V3Extension | +--com.rsa.certj.cert.extensions.KeyUsage
This class builds, holds, encodes, and decodes the
KeyUsage
extension. The key usage
extension defines the purpose (for example,
encipherment, signature, certificate signing) of the
key contained in the certificate. The usage
restriction might be employed when a key that could be
used for more than one operation must be restricted.
For example, when an RSA key should be used only for
signing, you would assert the
digitalSignature
or
nonRepudiation
bits. Likewise, when an
RSA key should be used only for key management, you
would assert the keyEncipherment
bit.
keyUsage EXTENSION ::= { SYNTAX KeyUsage IDENTIFIED BY id-ce-keyUsage } KeyUsage ::= BIT STRING { digitalSignature (0), nonRepudiation (1), keyEncipherment (2), dataEncipherment (3), keyAgreement (4), keyCertSign (5), cRLSign (6), encipherOnly (7), decipherOnly (8) } |
keyCertSign
or cRLSign
).keyEncipherment
. keyAgreement
bit.
If this bit is set, the only other bit to set is
keyAgreement
.
If any other key usage bit besides keyAgreement
is set when this bit is set, this bit has no meaning. keyAgreement
bit.
If this bit is set, the only other bit to set is
keyAgreement
.
If any other key usage bit besides keyAgreement
is set when this bit is set, this bit has no meaning. keyCertSign
bit is used in CA
certificates only. This extension may, at the option
of the certificate issuer, be either critical or
non-critical. If the extension is flagged critical,
then the certificate shall be used only for a purpose
for which the corresponding key usage bit is set to
one. If the extension is flagged non-critical, then it
indicates the intended purpose or purposes of the key,
and may be used in finding the correct key or
certificate of an entity that has multiple keys or
certificates.
Copyright © RSA Security Inc., 1998-2001. All rights reserved.
See Also
Field Summary |
|
static int |
CRL_SIGN
Indicates the key is used in verifying the CA's signature on a CRL. |
static int |
DATA_ENCIPHERMENT
Indicates the key is used in encrypting data other than KEY_ENCIPHERMENT. |
static int |
DECIPHER_ONLY
Indicates that the key is used in deciphering data, and
that no other bit (except |
static int |
DIGITAL_SIGNATURE
Indicates the key is for use in verifying digital
signatures other than |
static int |
ENCIPHER_ONLY
Indicates the key is used in enciphering data, and any
other bit (except |
static int |
KEY_AGREEMENT
Indicates the key is used in key agreement. |
static int |
KEY_CERT_SIGN
Indicates the key is used in verifying the CA's signature on a certificate. |
static int |
KEY_ENCIPHERMENT
Indicates the key is used in encrypting keys; for example, for key transport. |
static int |
KEY_USAGE_BITS
Indicates the number of possible |
static int |
KEY_USAGE_MASK
Indicates which |
static int |
NON_REPUDIATION
Indicates the key is used in verifying digital
signatures protecting against falsely denying some action, other
than |
Constructor Summary |
|
KeyUsage()
Constructs an empty |
|
KeyUsage(int keyUsage,
boolean criticality)
Creates a |
Method Summary |
|
clone()
Overrides the default |
|
void |
decodeValue(byte[] valueBER,
int offset)
Decode the value. |
int |
derEncodeValue(byte[] encoding,
int offset)
Place the encoding of the value into encoding, beginning at offset. |
int |
derEncodeValueInit()
Initialize for encoding the value. |
int |
getKeyUsage()
Gets the value of this object, the |
boolean |
verifyKeyUsage(int usageToVerify)
Given usageToVerify, a value set with flags of the proposed usage, verifies that the extension is set with these flags. |
Methods inherited from class com.rsa.certj.cert.extensions.X509V3Extension |
extend, getCriticality, getDEREncoding, getDERLen, getExtensionType, getExtensionTypeString, getInstance, getNextBEROffset, isExtensionType, setCriticality, setEncoding, setSpecialOID, setStandardOID |
Methods inherited from class java.lang.Object |
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
public static final int KEY_USAGE_BITS
KeyUsage
bits.public static final int KEY_USAGE_MASK
KeyUsage
bits to check.public static final int DIGITAL_SIGNATURE
NON_REPUDIATION
,
KEY_CERT_SIGN
, or CRL_SIGN
.public static final int NON_REPUDIATION
KEY_CERT_SIGN
or CRL_SIGN
.public static final int KEY_ENCIPHERMENT
public static final int DATA_ENCIPHERMENT
public static final int KEY_AGREEMENT
public static final int KEY_CERT_SIGN
public static final int CRL_SIGN
public static final int ENCIPHER_ONLY
KEY_AGREEMENT
) is not set.public static final int DECIPHER_ONLY
KEY_AGREEMENT
) is set.Constructor Detail |
public KeyUsage()
KeyUsage
object.public KeyUsage(int keyUsage, boolean criticality)
KeyUsage
object and initializes it
with the given values.Parameters
keyUsage | The value of keyUsage is the logical bitwise-ORing of the fields previously defined in this class. | ||
criticality | The user-specified criticality. |
Method Detail |
public void decodeValue(byte[] valueBER, int offset) throws CertificateException
Overrides
decodeValue
in class X509V3Extension
Parameters
valueBER | The BER encoding of the extension's value. | ||
offset | The offset into valueBER where the encoding begins. |
Throws
CertificateException
- If the encoding is invalid for this
extension.public int getKeyUsage()
KeyUsage
bits.
If this object
does not have key usage bits, this method returns zero.
Returns
int
that contains
the KeyUsage
bits.public boolean verifyKeyUsage(int usageToVerify)
Parameters
usageToVerify | An |
Returns
boolean
that indicates whether the fields
in this extension, corresponding to the proposed usage, are set.public int derEncodeValueInit()
Overrides
derEncodeValueInit
in class X509V3Extension
Returns
public int derEncodeValue(byte[] encoding, int offset)
Overrides
derEncodeValue
in class X509V3Extension
Parameters
encoding | The byte array into which the result will be placed. | ||
offset | The offest into encoding where the writing is to begin. |
Returns
public Object clone() throws CloneNotSupportedException
clone
method
to get a deeper clone.
Overrides
clone
in class X509V3Extension
Returns
KeyUsage
object,
a copy of this object.
Throws
CloneNotSupportedException
- If the cloning operation
is not successful.
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |