|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--com.rsa.certj.crmf.ProofOfPossession
This class contains the ProofOfPossession field from CertReqMsg defined in "CertificateRequest Message Format" (RFC 2511).
ProofOfPossession ::= CHOICE { raVerified [0] NULL, -- used if the RA has already verified that the requester is in -- possession of the private key signature [1] POPOSigningKey, keyEncipherment [2] POPOPrivKey, keyAgreement [3] POPOPrivKey } POPOSigningKey ::= SEQUENCE { poposkInput [0] POPOSigningKeyInput OPTIONAL, algorithmIdentifier AlgorithmIdentifier, signature BIT STRING } -- The signature (using "algorithmIdentifier") is on the -- DER-encoded value of poposkInput. NOTE: If the CertReqMsg -- certReq CertTemplate contains the subject and publicKey values, -- then poposkInput MUST be omitted and the signature MUST be -- computed on the DER-encoded value of CertReqMsg certReq. If -- the CertReqMsg certReq CertTemplate does not contain the public -- key and subject values, then poposkInput MUST be present and -- MUST be signed. This strategy ensures that the public key is -- not present in both the poposkInput and CertReqMsg certReq -- CertTemplate fields. |
POPOSigningKey
properly,
pass a CertRequest
message
that contains the CertTemplate
that has SubjectName
and PublicKey
set.
If the CertTemplate
does not have both values set,
pass the POPOSigningKeyInput
object instead.
Copyright © RSA Security Inc., 2000-2001. All rights reserved.
See Also
Field Summary |
|
static int |
AGREEMENT_POP
|
static int |
ENCIPHERMENT_POP
|
static int |
RA_VERIFIED_POP
|
static int |
SIGNATURE_POP
|
Constructor Summary |
|
ProofOfPossession()
Empty constructor |
|
ProofOfPossession(CertJ certJContext)
Constructs an object with CertJ context specified. |
|
ProofOfPossession(int type)
Creates an empty ProofOfPossession object of the specified type. |
|
ProofOfPossession(int type,
CertJ certJContext)
Creates an empty ProofOfPossession object of the specified type and specified CertJ context. |
Method Summary |
|
clone()
Overrides the default |
|
void |
decodeProofOfPossession(byte[] dataBER,
int offset,
int special)
This method decodes the BER-encoding of ProofOfPossession object, setting it with the value given by dataBER beginning at offset. |
boolean |
equals(Object obj)
Returns true if this object and obj contain the same ProofOfPossession, returns false otherwise. |
byte[] |
getAlgBER()
Gets the signature algorithm ID BER-encoded |
getAlgTransformation()
Gets the signature algorithm ID as a transformation String |
|
getCertJ()
Gets CertJ context. |
|
int |
getDEREncoding(byte[] encoding,
int offset,
int special)
Places the DER encoding of the ProofOfPossession object into encoding, beginning at offset. |
int |
getDERLen(int special)
Returns the number of bytes that will be used by the DER encoding of the ProofOfPossession. |
static int |
getNextBEROffset(byte[] popBER,
int offset)
Finds the index of the next element to encode, given popBER, the BER of a ProofOfPossession beginning at offset. |
getPOPOPrivKey()
Gets the POPOPrivKey object for keyEncipherment or keyAgreement POP. |
|
getPOPOSigningKeyInput()
Gets the POPOSigningKeyInput data. |
|
int |
getPOPType()
Gets the POP type |
byte[] |
getSignature()
Gets the Signature |
void |
setCertJ(CertJ certJContext)
This is a method to set the CertJ context dynamically. |
void |
setCertRequest(CertRequest request)
Pass in the |
void |
setEnvironment(CertJ certJ,
com.rsa.jsafe.JSAFE_PublicKey pubKey,
com.rsa.jsafe.JSAFE_PrivateKey privKey)
Sets the environment variables; use this method only if this POP is for keyEncipherment or keyAgreement. |
void |
setKeys(com.rsa.jsafe.JSAFE_PublicKey pubKey,
com.rsa.jsafe.JSAFE_PrivateKey privKey)
Sets the keys: use this method only if this POP is for keyEncipherment or keyAgreement. |
void |
setPOPOPrivKey(POPOPrivKey privateKey)
Sets the POPOPrivKey object for keyEncipherment or keyAgreement POP. |
void |
setPOPOSigningKeyInput(POPOSigningKeyInput input)
Sets the POPOSigningKeyInput data, including public key. |
void |
setSignatureAlgorithm(byte[] algID,
int offset,
int len)
Sets the signature algorithm ID. |
void |
setSignatureAlgorithm(String trans)
Sets the signature algorithm ID. |
void |
signPOP(String device,
com.rsa.jsafe.JSAFE_PrivateKey signingKey,
SecureRandom random)
If Subject Name and Public Key are set, sign the DER encoding of the CertRequest. |
boolean |
verifySignature(String device,
SecureRandom random)
Verifies the POP's signature. |
Methods inherited from class java.lang.Object |
getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
public static final int RA_VERIFIED_POP
public static final int SIGNATURE_POP
public static final int ENCIPHERMENT_POP
public static final int AGREEMENT_POP
Constructor Detail |
public ProofOfPossession()
public ProofOfPossession(CertJ certJContext)
Parameters
certJContext |
|
public ProofOfPossession(int type) throws CRMFException
Parameters
type | One of the POP types, specified as constants in this class |
Throws
CRMFException
- If specified type is invalid or not supportedpublic ProofOfPossession(int type, CertJ certJContext) throws CRMFException
Parameters
type | One of the POP types, specified as constants in this class | ||
certJContext |
|
Throws
CRMFException
- If specified type is invalid or not supportedMethod Detail |
public void decodeProofOfPossession(byte[] dataBER, int offset, int special) throws CRMFException
Parameters
dataBER | The BER encoding of a ProofOfPossession data | ||
offset | The offset into dataBER where the encoding begins | ||
special | That contains any special ASN.1 info, such as OPTIONAL |
Throws
CRMFException
- If the BER is not a valid ProofOfPossession datapublic boolean verifySignature(String device, SecureRandom random) throws CRMFException
setCertRequest
method to set CertTemplate that contains
the public keyParameters
device | A String specifying the device or choice of devices to use in computing the signature. | ||
random | If the signature algorithm needs random bytes, get them from this object. |
Returns
true
if the signature is verified;
otherwise, false
.
Throws
If
- This POP is not of the
POPOSigningKey
type, or if not all
required values are set.public int getPOPType()
Returns
public POPOSigningKeyInput getPOPOSigningKeyInput()
Returns
public void setPOPOSigningKeyInput(POPOSigningKeyInput input) throws CRMFException
setCertRequest
method,
the POPOSigningKeyInput
data this is passed in
is ignored.Parameters
input | The POPOSigningKeyInput structure. |
Throws
CRMFException
- If this POP is not of
the POPOSigningKey
type,
or if input is null
.public String getAlgTransformation()
Returns
"SHA1/RSA/PKCS1Block01Pad".
returns null
if it is not set, or if this POP is not of
POPOSigningKey typepublic byte[] getAlgBER()
Returns
public void setSignatureAlgorithm(String trans) throws CRMFException
Parameters
trans | A transformation |
Throws
CRMFException
- If this POP is not of
the POPOSigningKey
type,
or if input is null
.public void setSignatureAlgorithm(byte[] algID, int offset, int len) throws CRMFException
Parameters
algID | A | ||
offset | The offset into | ||
len | The length of |
Throws
CRMFException
- If this POP is not of
the POPOSigningKey
type,
or if input is null
.public byte[] getSignature()
Returns
public void setCertRequest(CertRequest request) throws CRMFException
CertRequest
object
that contains CertTemplate with
Subject Name and Public Key values set.
This CertRequest
will be
signed to generate POP. Use this method ONLY if CertTemplate contains
both subject name and public key.
If CertTemplate is missing any of those
two values, use setPOPOSigningKeyInput
)
method to pass in
public key and name. If you passed in
CertTemplate
with both values set,
do not call setPOPOSigningKeyInput
method, it will be ignored.Parameters
certRequest | Contains CertTemplate with Subject Name and Public Key values set. |
Throws
CRMFException
- If
CertRequest
is invalid, or CertTemplate
does not contain both Subject Name and Public Key values,
or if this POP
is not of the POPOSigningKey
type.public void signPOP(String device, com.rsa.jsafe.JSAFE_PrivateKey signingKey, SecureRandom random) throws CRMFException
getSignature()
method.Parameters
device | A String specifying the device or choice of devices to use in computing the signature. | ||
signingKey | A JSAFE_PrivateKey used to compute the signature. | ||
random | If the signature algorithm needs random bytes, get them from this object. |
Throws
CRMFException
- If we cannot sign the data, or if this POP
is not of POPOSigningKey typepublic void setEnvironment(CertJ certJ, com.rsa.jsafe.JSAFE_PublicKey pubKey, com.rsa.jsafe.JSAFE_PrivateKey privKey)
Parameters
certJ | CertJ object that contains environment information | ||
pubKey | Public key used to encrypt the Secret key in EncryptedValue structure (pass NULL if decoding, or not using EncryptedValue option in EncryptedKey in PKIArchiveOptions control) | ||
privKey | Private key used to decrypt the Secret key in EncryptedValue structure (pass NULL if encoding, or not using EncryptedValue option in EncryptedKey in PKIArchiveOptions control) |
public void setCertJ(CertJ certJContext)
Parameters
certJContex |
|
public CertJ getCertJ()
Returns
CertJ
referencepublic void setKeys(com.rsa.jsafe.JSAFE_PublicKey pubKey, com.rsa.jsafe.JSAFE_PrivateKey privKey)
Parameters
pubKey | Public key used to encrypt the Secret key in EncryptedValue structure (pass NULL if decoding, or not using EncryptedValue option in EncryptedKey in PKIArchiveOptions control) | ||
privKey | Private key used to decrypt the Secret key in EncryptedValue structure (pass NULL if encoding, or not using EncryptedValue option in EncryptedKey in PKIArchiveOptions control) |
public void setPOPOPrivKey(POPOPrivKey privateKey) throws CRMFException
Parameters
privateKey | The POPOPrivKey object that contains data for keyEncipherment or keyAgreement POP. |
Throws
CRMFException
- If there is a clone error, or if this object is
not ENCIPHERMENT_POP
or AGREEMENT_POP
POP.public POPOPrivKey getPOPOPrivKey() throws CRMFException
Returns
Throws
CRMFException
- If there is a clone error.public Object clone() throws CloneNotSupportedException
clone
method
to get a deeper clone.
Returns
Throws
CloneNotSupportedException
- If the cloning operation
is not successful.public boolean equals(Object obj)
Overrides
equals
in class Object
Parameters
obj | The instance of ProofOfPossession object |
Returns
boolean
that indicates whether
these objects are equal.public static int getNextBEROffset(byte[] popBER, int offset) throws CRMFException
Parameters
popBER | The BER encoding of a ProofOfPossession | ||
offset | The offset into popBER where the encoding begins |
Returns
Throws
CRMFException
- If the method cannot read the BER
encodingpublic int getDERLen(int special) throws CRMFException
Parameters
special | That contains any special ASN.1 info, such as OPTIONAL |
Returns
public int getDEREncoding(byte[] encoding, int offset, int special) throws CRMFException
data [1] IMPLICIT INTEGER |
APP_IMPLICIT
, APP_EXPLICIT
,
PRIVATE_IMPLICIT
, PRIVATE_EXPLICIT
,
OPTIONAL
, DEFAULT
,
CONTEXT_IMPLICIT
,
or CONTEXT_EXPLICIT
.Parameters
encoding | The byte array into which the result will be placed. | ||
offset | The offset into encoding where the writing is to begin. | ||
special | That contains any special ASN.1 info, such as OPTIONAL |
Returns
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |