org.bouncycastle.tls.crypto.impl.jcajce

Class JcaTlsCertificate

java.lang.Object

org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCertificate

All Implemented Interfaces:

TlsCertificate

public class JcaTlsCertificate
extends java.lang.Object
implements TlsCertificate

Implementation class for a single X.509 certificate based on the JCA.

Field Summary

Fields

Modifier and Type	Field and Description
protected java.security.cert.X509Certificate	certificate
protected JcaTlsCrypto	crypto
protected static int	KU_CRL_SIGN
protected static int	KU_DATA_ENCIPHERMENT
protected static int	KU_DECIPHER_ONLY
protected static int	KU_DIGITAL_SIGNATURE
protected static int	KU_ENCIPHER_ONLY
protected static int	KU_KEY_AGREEMENT
protected static int	KU_KEY_CERT_SIGN
protected static int	KU_KEY_ENCIPHERMENT
protected static int	KU_NON_REPUDIATION
protected javax.crypto.interfaces.DHPublicKey	pubKeyDH
protected java.security.interfaces.ECPublicKey	pubKeyEC
protected java.security.PublicKey	pubKeyRSA

Constructor Summary

Constructors

Constructor and Description
JcaTlsCertificate(JcaTlsCrypto crypto, byte[] encoding)
JcaTlsCertificate(JcaTlsCrypto crypto, java.security.cert.X509Certificate certificate)

Method Summary

Modifier and Type	Method and Description
TlsCertificate	checkUsageInRole(int tlsCertificateRole)
static JcaTlsCertificate	convert(JcaTlsCrypto crypto, TlsCertificate certificate)
TlsEncryptor	createEncryptor(int tlsCertificateRole) Return an encryptor based on the public key in this certificate.
Tls13Verifier	createVerifier(int signatureScheme)
TlsVerifier	createVerifier(short signatureAlgorithm)
byte[]	getEncoded()
byte[]	getExtension(org.bouncycastle.asn1.ASN1ObjectIdentifier extensionOID)
short	getLegacySignatureAlgorithm()
protected java.security.PublicKey	getPublicKey()
java.math.BigInteger	getSerialNumber()
java.lang.String	getSigAlgOID()
org.bouncycastle.asn1.ASN1Encodable	getSigAlgParams()
protected org.bouncycastle.asn1.x509.SubjectPublicKeyInfo	getSubjectPublicKeyInfo()
java.security.cert.X509Certificate	getX509Certificate()
protected boolean	implSupportsSignatureAlgorithm(short signatureAlgorithm)
static java.security.cert.X509Certificate	parseCertificate(org.bouncycastle.jcajce.util.JcaJceHelper helper, byte[] encoding)
protected boolean	supportsKeyUsageBit(int keyUsageBit)
protected boolean	supportsRSA_PKCS1()
protected boolean	supportsRSA_PSS_PSS(short signatureAlgorithm)
protected boolean	supportsRSA_PSS_RSAE()
boolean	supportsSignatureAlgorithm(short signatureAlgorithm)
boolean	supportsSignatureAlgorithmCA(short signatureAlgorithm)
protected void	validateKeyUsageBit(int keyUsageBit)
protected void	validateRSA_PKCS1()
protected void	validateRSA_PSS_PSS(short signatureAlgorithm)
protected void	validateRSA_PSS_RSAE()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

KU_DIGITAL_SIGNATURE

protected static final int KU_DIGITAL_SIGNATURE

See Also:

Constant Field Values

KU_NON_REPUDIATION

protected static final int KU_NON_REPUDIATION

See Also:

Constant Field Values

KU_KEY_ENCIPHERMENT

protected static final int KU_KEY_ENCIPHERMENT

See Also:

Constant Field Values

KU_DATA_ENCIPHERMENT

protected static final int KU_DATA_ENCIPHERMENT

See Also:

Constant Field Values

KU_KEY_AGREEMENT

protected static final int KU_KEY_AGREEMENT

See Also:

Constant Field Values

KU_KEY_CERT_SIGN

protected static final int KU_KEY_CERT_SIGN

See Also:

Constant Field Values

KU_CRL_SIGN

protected static final int KU_CRL_SIGN

See Also:

Constant Field Values

KU_ENCIPHER_ONLY

protected static final int KU_ENCIPHER_ONLY

See Also:

Constant Field Values

KU_DECIPHER_ONLY

protected static final int KU_DECIPHER_ONLY

See Also:

Constant Field Values

crypto

protected final JcaTlsCrypto crypto

certificate

protected final java.security.cert.X509Certificate certificate

pubKeyDH

protected javax.crypto.interfaces.DHPublicKey pubKeyDH

pubKeyEC

protected java.security.interfaces.ECPublicKey pubKeyEC

pubKeyRSA

protected java.security.PublicKey pubKeyRSA

Constructor Detail

JcaTlsCertificate

public JcaTlsCertificate(JcaTlsCrypto crypto,
                         byte[] encoding)
                  throws java.io.IOException

Throws:

java.io.IOException

JcaTlsCertificate

public JcaTlsCertificate(JcaTlsCrypto crypto,
                         java.security.cert.X509Certificate certificate)

Method Detail

convert

public static JcaTlsCertificate convert(JcaTlsCrypto crypto,
                                        TlsCertificate certificate)
                                 throws java.io.IOException

Throws:

java.io.IOException

parseCertificate

public static java.security.cert.X509Certificate parseCertificate(org.bouncycastle.jcajce.util.JcaJceHelper helper,
                                                                  byte[] encoding)
                                                           throws java.io.IOException

Throws:

java.io.IOException

createEncryptor

public TlsEncryptor createEncryptor(int tlsCertificateRole)
                             throws java.io.IOException

Description copied from interface: TlsCertificate

Return an encryptor based on the public key in this certificate.

Specified by:

createEncryptor in interface TlsCertificate

Parameters:

tlsCertificateRole - TlsCertificateRole

Returns:

a TlsEncryptor based on this certificate's public key.

Throws:

java.io.IOException

createVerifier

public TlsVerifier createVerifier(short signatureAlgorithm)
                           throws java.io.IOException

Specified by:

createVerifier in interface TlsCertificate

Parameters:

signatureAlgorithm - SignatureAlgorithm

Throws:

java.io.IOException

createVerifier

public Tls13Verifier createVerifier(int signatureScheme)
                             throws java.io.IOException

Specified by:

createVerifier in interface TlsCertificate

Parameters:

signatureScheme - SignatureScheme

Throws:

java.io.IOException

getEncoded

public byte[] getEncoded()
                  throws java.io.IOException

Specified by:

getEncoded in interface TlsCertificate

Throws:

java.io.IOException

getExtension

public byte[] getExtension(org.bouncycastle.asn1.ASN1ObjectIdentifier extensionOID)
                    throws java.io.IOException

Specified by:

getExtension in interface TlsCertificate

Throws:

java.io.IOException

getSerialNumber

public java.math.BigInteger getSerialNumber()

Specified by:

getSerialNumber in interface TlsCertificate

getSigAlgOID

public java.lang.String getSigAlgOID()

Specified by:

getSigAlgOID in interface TlsCertificate

Returns:

the OID of this certificate's 'signatureAlgorithm', as a String.

getSigAlgParams

public org.bouncycastle.asn1.ASN1Encodable getSigAlgParams()
                                                    throws java.io.IOException

Specified by:

getSigAlgParams in interface TlsCertificate

Throws:

java.io.IOException

getLegacySignatureAlgorithm

public short getLegacySignatureAlgorithm()
                                  throws java.io.IOException

Specified by:

getLegacySignatureAlgorithm in interface TlsCertificate

Returns:

SignatureAlgorithm

Throws:

java.io.IOException

supportsSignatureAlgorithm

public boolean supportsSignatureAlgorithm(short signatureAlgorithm)
                                   throws java.io.IOException

Specified by:

supportsSignatureAlgorithm in interface TlsCertificate

Parameters:

signatureAlgorithm - SignatureAlgorithm

Returns:

true if (and only if) this certificate can be used to verify the given signature algorithm.

Throws:

java.io.IOException

supportsSignatureAlgorithmCA

public boolean supportsSignatureAlgorithmCA(short signatureAlgorithm)
                                     throws java.io.IOException

Specified by:

supportsSignatureAlgorithmCA in interface TlsCertificate

Throws:

java.io.IOException

checkUsageInRole

public TlsCertificate checkUsageInRole(int tlsCertificateRole)
                                throws java.io.IOException

Specified by:

checkUsageInRole in interface TlsCertificate

Parameters:

tlsCertificateRole - TlsCertificateRole

Throws:

java.io.IOException

implSupportsSignatureAlgorithm

protected boolean implSupportsSignatureAlgorithm(short signatureAlgorithm)
                                          throws java.io.IOException

Throws:

java.io.IOException

getPublicKey

protected java.security.PublicKey getPublicKey()
                                        throws java.io.IOException

Throws:

java.io.IOException

getSubjectPublicKeyInfo

protected org.bouncycastle.asn1.x509.SubjectPublicKeyInfo getSubjectPublicKeyInfo()
                                                                           throws java.io.IOException

Throws:

java.io.IOException

getX509Certificate

public java.security.cert.X509Certificate getX509Certificate()

supportsKeyUsageBit

protected boolean supportsKeyUsageBit(int keyUsageBit)

supportsRSA_PKCS1

protected boolean supportsRSA_PKCS1()
                             throws java.io.IOException

Throws:

java.io.IOException

supportsRSA_PSS_PSS

protected boolean supportsRSA_PSS_PSS(short signatureAlgorithm)
                               throws java.io.IOException

Throws:

java.io.IOException

supportsRSA_PSS_RSAE

protected boolean supportsRSA_PSS_RSAE()
                                throws java.io.IOException

Throws:

java.io.IOException

validateKeyUsageBit

protected void validateKeyUsageBit(int keyUsageBit)
                            throws java.io.IOException

Throws:

java.io.IOException

validateRSA_PKCS1

protected void validateRSA_PKCS1()
                          throws java.io.IOException

Throws:

java.io.IOException

validateRSA_PSS_PSS

protected void validateRSA_PSS_PSS(short signatureAlgorithm)
                            throws java.io.IOException

Throws:

java.io.IOException

validateRSA_PSS_RSAE

protected void validateRSA_PSS_RSAE()
                             throws java.io.IOException

Throws:

java.io.IOException