|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--com.rsa.certj.crmf.CertTemplate
This class contains the CertTemplate
field from
CertReqMsg
message,
defined in "CertificateRequest Message Format" (RFC 2511).
CertTemplate ::= SEQUENCE { version [0] Version OPTIONAL, serialNumber [1] INTEGER OPTIONAL, signingAlg [2] AlgorithmIdentifier OPTIONAL, issuer [3] Name OPTIONAL, validity [4] OptionalValidity OPTIONAL, subject [5] Name OPTIONAL, publicKey [6] SubjectPublicKeyInfo OPTIONAL, issuerUID [7] UniqueIdentifier OPTIONAL, subjectUID [8] UniqueIdentifier OPTIONAL, extensions [9] Extensions OPTIONAL } OptionalValidity ::= SEQUENCE { notBefore [0] Time OPTIONAL, notAfter [1] Time OPTIONAL } --at least one must be present Time ::= CHOICE { utcTime UTCTime, generalTime GeneralizedTime |
See Also
Field Summary |
|
static int |
DSA_WITH_SHA1_X930
Use this flag in |
static int |
DSA_WITH_SHA1_X957
Use this flag in |
static int |
RSA_WITH_SHA1_ISO_OIW
Use this flag in |
static int |
RSA_WITH_SHA1_PKCS
Use this flag in |
Constructor Summary |
|
CertTemplate()
Constructs an empty |
|
CertTemplate(byte[] certBER,
int offset,
int special)
Constructs a |
Method Summary |
|
clone()
Gets a deeper clone than the default. |
|
boolean |
equals(Object obj)
Returns |
int |
getDEREncoding(byte[] encoding,
int offset,
int special)
Places the DER encoding of the cert template into encoding, beginning at offset. |
int |
getDERLen(int special)
Returns the number of bytes in the DER encoding
of |
getEndDate()
Gets the end (also known as "not after") date of the certificate. |
|
getExtensions()
Gets the extensions in this certificate template. |
|
getIssuerName()
Gets the issuer name in this certificate template. |
|
byte[] |
getIssuerUniqueID()
Gets the issuer's UniqueIdentifier in this certificate template. |
static int |
getNextBEROffset(byte[] certBER,
int offset)
Finds the index of the next element to encode, given certBER, the BER of a certificate template beginning at offset. |
byte[] |
getSerialNumber()
Gets the serial number of the certificate. |
getSignatureAlgorithm()
Gets the signature algorithm. |
|
byte[] |
getSignatureAlgorithmDER()
Gets the DER encoding of the signature algorithm. |
getSignatureFormat(String transformation)
Gets the String to use when calling the JSAFE_Signature
method |
|
int |
getSignatureStandard()
Gets this object's signature standard. |
getStartDate()
Gets the start (also known as "not before") date of the certificate. |
|
getSubjectName()
Gets the subject name in this certificate template. |
|
com.rsa.jsafe.JSAFE_PublicKey |
getSubjectPublicKey()
Gets the public key out of the certificate template. |
byte[] |
getSubjectPublicKeyBER()
Gets the public-key BER encoding out of the certificate template. |
byte[] |
getSubjectUniqueID()
Gets the subject's UniqueIdentifier in this certificate template. |
int |
getVersion()
Gets the version of the certificate. |
void |
setCertTemplateBER(byte[] certTemplateBER,
int offset,
int special)
Set this object to be cert template represented by the value given by certTemplateBER beginning at offset, the BER encoding of a certificate template. |
void |
setExtensions(X509V3Extensions extensions)
Sets the extensions in this certificate template to extensions. |
void |
setIssuerName(X500Name issuerName)
Sets the issuer name in this certificate template to be issuerName. |
void |
setIssuerUniqueID(byte[] issuerUniqueID,
int offset,
int len)
Sets the issuer's |
void |
setSerialNumber(byte[] serialNumber,
int offset,
int len)
Sets the serial number of the certificate to be serialNumber, a value of length len beginning at offset. |
void |
setSignatureAlgorithm(byte[] algID,
int offset,
int len)
Sets the signature algorithm to the given DER-encoded algorithm ID. |
void |
setSignatureAlgorithm(String algName)
Sets the signature algorithm to the given signature algorithm. |
void |
setSignatureStandard(int standardFlag)
Sets this object to the specified standard. |
void |
setSubjectName(X500Name subjectName)
Sets the subject name of this certificate template to be subjectName. |
void |
setSubjectPublicKey(byte[] publicKeyBER,
int offset)
Sets the public key in this certificate template to be the public key represented by the BER encoding publicKeyBER. |
void |
setSubjectPublicKey(com.rsa.jsafe.JSAFE_PublicKey publicKey)
Sets the public key in this certificate template to be publicKey. |
void |
setSubjectUniqueID(byte[] subjectUniqueID,
int offset,
int len)
Sets the subject's UniqueIdentifier in this certificate template to be subjectUniqueID, a value of length len beginning at offset. |
void |
setTimeType(boolean flag)
Sets the flag specifing which time encoding type user wants to use. |
void |
setValidity(Date start,
Date end)
Sets the validity dates in the certificate template with the start and end dates (also known as "not before" and "not after"). |
void |
setVersion(int version)
Sets the version of the certificate to be version. |
Methods inherited from class java.lang.Object |
getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
public static final int RSA_WITH_SHA1_PKCS
setSignatureStandard
if the signing
transformation is "SHA1/RSA/PKCS1Block01Pad" and the OID and ASN.1
definition to use for the signature algorithm's BER encoding should
follow the PKCS. This is the default. That is, if
setSignatureStandard
is not called and the transformation
is "SHA1/RSA/PKCS1Block01Pad", the signature algorithm's BER
encoding will follow the PKCS.
Note that this is only used when the digest algorithm is SHA1. For
all other RSA signatures, do not set the signature standard.public static final int RSA_WITH_SHA1_ISO_OIW
setSignatureStandard
if the signing
transformation is "SHA1/RSA/PKCS1Block01Pad" and the OID and ASN.1
definition to use for the signature algorithm's BER encoding should
follow the ISO OIW.
Note that this is NOT the default. That is, if
setSignatureStandard
is not called and the transformation
is "SHA1/RSA/PKCS1Block01Pad", the signature algorithm's BER encoding
will follow the ISO OIW.
Note that this is only used when the digest algorithm is SHA1. For
all other RSA signatures, do not set the signature standard.public static final int DSA_WITH_SHA1_X930
setSignatureStandard
if the signing
transformation is "SHA1/DSA" and the OID and ASN.1 definition to use
for the signature algorithm's BER encoding should follow the X9.30
standard. This is the default. That is, if
setSignatureStandard
is not called and the transformation
is "SHA1/DSA", the signature algorithm's BER encoding will follow X9.30.public static final int DSA_WITH_SHA1_X957
setSignatureStandard
if the signing
transformation is "SHA1/DSA" and the OID and ASN.1 definition to use
for the signature algorithm's BER encoding should follow the X9.57
standard.
Note that this is NOT the default. That is, if
setSignatureStandard
is not called and the transformation
is "SHA1/DSA", the signature algorithm's BER encoding will follow X9.30.Constructor Detail |
public CertTemplate()
CertTemplate
object.public CertTemplate(byte[] certBER, int offset, int special) throws CRMFException
CertTemplate
object and
initializes it with the values given by certBER beginning at
offset, the BER encoding of a certificate template.
This constructor only reads the certificate template, it does not
perform any verification.Parameters
certBER | The BER encoding of a certificate template. | ||
offset | The offset into certBER where the encoding begins. | ||
special | The special BER circumstances of the encoding, if there
are any.
The following ASN.1 constants are
possible values for special:
|
Throws
CRMFException
- If the BER is not a valid
certificate template.Method Detail |
public static int getNextBEROffset(byte[] certBER, int offset) throws CRMFException
certBER[120]
is the first byte in the encoding of the cert template,
certBER[1938]
is the last byte in
the encoding of the certificate
template, and the next element begins at index 1939.Parameters
certBER | The BER encoding of a certificate template | ||
offset | The offset into certBER where the encoding begins. |
Returns
Throws
CRMFException
- If the method cannot read the BER
encoding.public void setCertTemplateBER(byte[] certTemplateBER, int offset, int special) throws CRMFException
Parameters
certTemplateBER | The BER encoding of a certificate template. | ||
offset | The offset into certTemplateBER where the encoding begins. | ||
special | The special BER circumstances of the encoding,
if there are any.
The following ASN.1 constants are
possible values for special:
|
Throws
CRMFException
- If the BER is not a valid
certificate template.public void setVersion(int version)
Parameters
version | The version number the certificate is supposed to be. |
public int getVersion()
Returns
int
that is the version number.public void setSignatureAlgorithm(String algName) throws CRMFException
Parameters
algName | A |
Throws
CRMFException
- If the algorithm is not recognized, or if
algName is null
.public void setSignatureAlgorithm(byte[] algID, int offset, int len) throws CRMFException
Parameters
algID | The algorithm identifier of the signature algorithm. | ||
offset | The offest into algID where the encoding begins. | ||
len | The length of the algorithm ID. |
Throws
CRMFException
- If JSAFE does not
recognize the algorithm, or if
SignatureAlgorithm
is null
.public void setSignatureStandard(int standardFlag)
sha1WithRSAEncryption
. Later on, the
ISO Open Systems Environment Implementors' Workshop (OIW) defined a new
OID. This class will be able to read either OID in an existing
certificate, but if you wish to create a certificate using the ISO OIW
OID, you must call this method with the argument
RSA_WITH_SHA1_ISO_OIW
. If you do not call this method (or
call it with the argument RSA_WITH_SHA1_PKCS
), when
creating certificates, this class will use the OID defined in the PKCS.
For DSA, the X9.30 standard defines the sha1WithDSA
signature OID and the DSA key OID. Later on, the X9.57 standard came up
with a new OID's. It also redefined the ASN.1 definition of the DSA
parameters (p, q, and g). This class will be able to read either OID in
an existing certificate, but if you wish to create a certificate using
the X9.57 OID, and to represent the public key herein with DSA
parameters as defined in X9.57, you must call this method with the
argument DSA_WITH_SHA1_X957
. If you do not call this method
(or call it with the argument DSA_WITH_SHA1_X930
), when
creating certificates, this class will use the OID defined in X9.30 and
represent the public key as defined in X9.30.Parameters
standardFlag | A field defined in this class, it indicates which standard to use. |
public int getSignatureStandard()
sha1WithRSAEncryption
. Later on, the
ISO OIW defined a new OID.
For DSA, the X9.30 standard defines the sha1WithDSA
signature OID and the DSA key OID. Later on, the X9.57 standard came up
with a new OID. It also redefined the ASN.1 definition of the DSA
parameters (p, q, and g).
If the signature standard is not set, it will return -1
.
Returns
public String getSignatureFormat(String transformation)
getDERAlgorithmID
.
A return value of null means one of the following default value will be
used: PKCS defined sha1WithRSAEncryption
for RSA, and
X.930 defined DSA_WITH_SHA1_X930
for DSA.Parameters
transformation | A String following the format specified in the Crypto-J class JSAFE_Signature. The following are examples (although not a complete list) of transformation: "SHA1/RSA/PKCS1Block01Pad" "SHA1/DSA" |
Returns
String
indicating the appropriate format.public int getDERLen(int special) throws CRMFException
certTemplate
.
If this object is not set with values,
this method returns 0
.Parameters
special | The special DER circumstances of the encoding, if there
are any.
The following ASN.1 constants are
possible values for special:
|
Returns
Throws
CRMFException
- If unable to get encoding length.public int getDEREncoding(byte[] encoding, int offset, int special) throws CRMFException
Parameters
encoding | The | ||
offset | The offset into encoding where the writing begins. | ||
special | The special DER circumstances of the encoding, if there
are any.
The following ASN.1 constants are
possible values for special:
|
Returns
Throws
CRMFException
- If ASN.1 encoding fails.public Date getStartDate()
Returns
Date
object specifying when the cert is activated.public Date getEndDate()
null
.
Returns
Date
object specifying the expiration date
of the certificate.public void setTimeType(boolean flag)
Parameters
flag | 'true' value means GenTime encoding, 'false' value means UTC encoding. |
public void setValidity(Date start, Date end) throws CRMFException
Parameters
start | A | ||
end | A |
Throws
CRMFException
- If the two dates do not make sense,
such as an end before the start.public void setSerialNumber(byte[] serialNumber, int offset, int len) throws CRMFException
Parameters
serialNumber | A | ||
offset | The offset into serialNumber where the value begins. | ||
len | The number of bytes of serialNumber that make up the serial number. |
Throws
CRMFException
- If the passed-in value is null
.public byte[] getSerialNumber()
null
.
Returns
byte
array that contains the serial number.public void setIssuerName(X500Name issuerName) throws CRMFException
Parameters
issuerName | An X500Name object that contains the name. |
Throws
CRMFException
- If the issuerName is invalid or
null
.public X500Name getIssuerName()
null
.
Returns
public void setSubjectName(X500Name subjectName) throws CRMFException
Parameters
subjectName | An X500Name object that contains the subject name. |
Throws
CRMFException
- If the subjectName is invalid or
null
.public X500Name getSubjectName()
null
.
Returns
public void setIssuerUniqueID(byte[] issuerUniqueID, int offset, int len) throws CRMFException
UniqueIdentifier
in this certificate
template to be
issuerUniqueID, a value of length len beginning at
offset.Parameters
issuerUniqueID | A | ||
offset | The offset into issuerUniqueID where the value begins. | ||
len | The number of bytes of issuerUniqueID that make up the issuer ID. |
Throws
CRMFException
- If there is an ASN.1 error;
or the passed-in value is null
.public byte[] getIssuerUniqueID()
null
.
Returns
public void setSubjectUniqueID(byte[] subjectUniqueID, int offset, int len) throws CRMFException
Parameters
subjectUniqueID | A | ||
offset | The offset into subjectUniqueID where the value begins. | ||
len | The number of bytes of subjectUniqueID that make up the unique ID. |
Throws
CRMFException
- If there is an ASN.1 error;
or if the passed-in value is null
.public byte[] getSubjectUniqueID()
byte
array. If this
certificate does
not have a subject unique ID, returns null
.
Returns
byte
array that contains the subject's uniqueID.public String getSignatureAlgorithm() throws CRMFException
JSAFE_Signature
.
The following are examples (although not a complete list):
"MD5/RSA/PKCS1Block01Pad" "SHA1/DSA" |
Returns
String
specifying the signature algorithm.
Throws
CRMFException
- If the certificate template has not yet been
set with a signature algorithm.public byte[] getSignatureAlgorithmDER() throws CRMFException
Returns
Throws
CRMFException
- If the certificate template has
not yet been set with a signature algorithm.public void setSubjectPublicKey(com.rsa.jsafe.JSAFE_PublicKey publicKey) throws CRMFException
Parameters
publicKey | A |
Throws
CRMFException
- If the public-key object is not
valid.public void setSubjectPublicKey(byte[] publicKeyBER, int offset) throws CRMFException
SubjectPublicKeyInfo ::= SEQUENCE { algorithmID AlgorithmIdentifier, subjectPublicKey BIT STRING } |
Parameters
publicKeyBER | The BER encoding of a public key. | ||
offset | The offset into publicKeyBER where the encoding begins. |
Throws
CRMFException
- If the public-key BER encoding is not a
valid public key.public com.rsa.jsafe.JSAFE_PublicKey getSubjectPublicKey() throws CRMFException
Returns
JSAFE_PublicKey
object that contains the public key.
Throws
CRMFException
- If there is ASN.1 error.public byte[] getSubjectPublicKeyBER()
Returns
byte
array that contains the public-key BER
encoding.public void setExtensions(X509V3Extensions extensions) throws CRMFException
Parameters
extensions | An X509V3Extensions object that contains the extensions. |
Throws
CRMFException
- If extensions are of the wrong type.public X509V3Extensions getExtensions()
0
.
Returns
public boolean equals(Object obj)
true
if this object and obj contain
the same CertTemplate
object; returns
false
otherwise.
Overrides
equals
in class Object
Parameters
obj | The instance of CertTemplate object. |
Returns
boolean
that indicates whether
these objects are equal.public Object clone() throws CloneNotSupportedException
Returns
Throws
CloneNotSupportedException
- If the cloning operation
is not successful.
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |