Package org.mozilla.jss.pkcs11
Class PK11Cert
- java.lang.Object
-
- java.security.cert.Certificate
-
- java.security.cert.X509Certificate
-
- org.mozilla.jss.pkcs11.PK11Cert
-
- All Implemented Interfaces:
java.io.Serializable,java.lang.AutoCloseable,java.security.cert.X509Extension,InternalCertificate,TokenCertificate,X509Certificate
- Direct Known Subclasses:
PK11InternalCert
public class PK11Cert extends java.security.cert.X509Certificate implements InternalCertificate, TokenCertificate, java.lang.AutoCloseable
- See Also:
- Serialized Form
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description protected static classPK11Cert.StringPrincipalA class that implements Principal with a String.
-
Field Summary
Fields Modifier and Type Field Description protected org.mozilla.jss.pkcs11.CertProxycertProxystatic intEMAILstatic intGOVT_APPROVED_CAstatic intINVISIBLE_CAstatic org.slf4j.Loggerloggerprotected java.lang.Stringnicknamestatic intNS_TRUSTED_CAstatic intOBJECT_SIGNINGstatic intSEND_WARNstatic intSSLprotected TokenProxytokenProxystatic intTRUSTED_CAstatic intTRUSTED_CLIENT_CAstatic intTRUSTED_PEERstatic intUSERstatic intVALID_CAstatic intVALID_PEER
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description voidcheckValidity()voidcheckValidity(java.util.Date date)voidclose()static intdecodeTrustFlags(java.lang.String flags)static java.lang.StringencodeTrustFlags(int flags)booleanequals(java.lang.Object other)voidfinalize()intgetBasicConstraints()java.util.Set<java.lang.String>getCriticalExtensionOIDs()intgetEmailTrust()Get the email (S/MIME) trust flags for this certificate.byte[]getEncoded()byte[]getExtensionValue(java.lang.String oid)java.security.PrincipalgetIssuerDN()protected java.lang.StringgetIssuerDNString()boolean[]getIssuerUniqueID()boolean[]getKeyUsage()java.lang.StringgetNickname()java.util.Set<java.lang.String>getNonCriticalExtensionOIDs()java.util.DategetNotAfter()java.util.DategetNotBefore()intgetObjectSigningTrust()Get the object signing trust flags for this certificate.CryptoTokengetOwningToken()Returns the CryptoToken that owns this certificate.java.security.PublicKeygetPublicKey()java.math.BigIntegergetSerialNumber()protected byte[]getSerialNumberByteArray()java.lang.StringgetSigAlgName()java.lang.StringgetSigAlgOID()byte[]getSigAlgParams()byte[]getSignature()intgetSSLTrust()Get the SSL trust flags for this certificate.java.security.PrincipalgetSubjectDN()protected java.lang.StringgetSubjectDNString()boolean[]getSubjectUniqueID()byte[]getTBSCertificate()protected intgetTrust(int type)Gets the trust flags for this cert.java.lang.StringgetTrustFlags()byte[]getUniqueID()Returns the unique ID of this key.intgetVersion()inthashCode()booleanhasUnsupportedCriticalExtension()static booleanisTrustFlagEnabled(int flag, int flags)voidsetEmailTrust(int trust)Set the email (S/MIME) trust flags for this certificate.voidsetObjectSigningTrust(int trust)Set the object signing trust flags for this certificate.voidsetSSLTrust(int trust)Set the SSL trust flags for this certificate.protected voidsetTrust(int type, int trust)Sets the trust flags for this cert.voidsetTrustFlags(java.lang.String trustFlags)java.lang.StringtoString()voidverify(java.security.PublicKey key)voidverify(java.security.PublicKey key, java.lang.String sigProvider)
-
-
-
Field Detail
-
logger
public static org.slf4j.Logger logger
-
VALID_PEER
public static final int VALID_PEER
- See Also:
- Constant Field Values
-
TRUSTED_PEER
public static final int TRUSTED_PEER
- See Also:
- Constant Field Values
-
SEND_WARN
public static final int SEND_WARN
- See Also:
- Constant Field Values
-
VALID_CA
public static final int VALID_CA
- See Also:
- Constant Field Values
-
TRUSTED_CA
public static final int TRUSTED_CA
- See Also:
- Constant Field Values
-
NS_TRUSTED_CA
public static final int NS_TRUSTED_CA
- See Also:
- Constant Field Values
-
USER
public static final int USER
- See Also:
- Constant Field Values
-
TRUSTED_CLIENT_CA
public static final int TRUSTED_CLIENT_CA
- See Also:
- Constant Field Values
-
INVISIBLE_CA
public static final int INVISIBLE_CA
- See Also:
- Constant Field Values
-
GOVT_APPROVED_CA
public static final int GOVT_APPROVED_CA
- See Also:
- Constant Field Values
-
SSL
public static final int SSL
- See Also:
- Constant Field Values
-
EMAIL
public static final int EMAIL
- See Also:
- Constant Field Values
-
OBJECT_SIGNING
public static final int OBJECT_SIGNING
- See Also:
- Constant Field Values
-
certProxy
protected org.mozilla.jss.pkcs11.CertProxy certProxy
-
tokenProxy
protected TokenProxy tokenProxy
-
nickname
protected java.lang.String nickname
-
-
Method Detail
-
isTrustFlagEnabled
public static boolean isTrustFlagEnabled(int flag, int flags)
-
encodeTrustFlags
public static java.lang.String encodeTrustFlags(int flags)
-
decodeTrustFlags
public static int decodeTrustFlags(java.lang.String flags) throws java.lang.Exception- Throws:
java.lang.Exception
-
getEncoded
public byte[] getEncoded() throws java.security.cert.CertificateEncodingException- Specified by:
getEncodedin interfaceX509Certificate- Specified by:
getEncodedin classjava.security.cert.Certificate- Returns:
- The DER encoding of this certificate.
- Throws:
java.security.cert.CertificateEncodingException- If an error occurred.
-
getNickname
public java.lang.String getNickname()
- Specified by:
getNicknamein interfaceX509Certificate- Returns:
- The nickname of this certificate (could be null).
-
hashCode
public int hashCode()
- Overrides:
hashCodein classjava.security.cert.Certificate
-
equals
public boolean equals(java.lang.Object other)
- Overrides:
equalsin classjava.security.cert.Certificate
-
getSubjectDN
public java.security.Principal getSubjectDN()
- Specified by:
getSubjectDNin interfaceX509Certificate- Specified by:
getSubjectDNin classjava.security.cert.X509Certificate- Returns:
- The RFC 1485 ASCII encoding of the Subject Name.
-
getIssuerDN
public java.security.Principal getIssuerDN()
- Specified by:
getIssuerDNin interfaceX509Certificate- Specified by:
getIssuerDNin classjava.security.cert.X509Certificate- Returns:
- The RFC 1485 ASCII encoding of the issuer's Subject Name.
-
getSerialNumber
public java.math.BigInteger getSerialNumber()
- Specified by:
getSerialNumberin interfaceX509Certificate- Specified by:
getSerialNumberin classjava.security.cert.X509Certificate- Returns:
- The serial number of this certificate.
-
getSerialNumberByteArray
protected byte[] getSerialNumberByteArray()
-
getSubjectDNString
protected java.lang.String getSubjectDNString()
-
getIssuerDNString
protected java.lang.String getIssuerDNString()
-
getPublicKey
public java.security.PublicKey getPublicKey()
- Specified by:
getPublicKeyin interfaceX509Certificate- Specified by:
getPublicKeyin classjava.security.cert.Certificate- Returns:
- The Public Key from this certificate.
-
getVersion
public int getVersion()
- Specified by:
getVersionin interfaceX509Certificate- Specified by:
getVersionin classjava.security.cert.X509Certificate- Returns:
- the version number of this X.509 certificate. 0 means v1, 1 means v2, 2 means v3.
-
getBasicConstraints
public int getBasicConstraints()
- Specified by:
getBasicConstraintsin classjava.security.cert.X509Certificate
-
getKeyUsage
public boolean[] getKeyUsage()
- Specified by:
getKeyUsagein classjava.security.cert.X509Certificate
-
getSubjectUniqueID
public boolean[] getSubjectUniqueID()
- Specified by:
getSubjectUniqueIDin classjava.security.cert.X509Certificate
-
getIssuerUniqueID
public boolean[] getIssuerUniqueID()
- Specified by:
getIssuerUniqueIDin classjava.security.cert.X509Certificate
-
getSigAlgParams
public byte[] getSigAlgParams()
- Specified by:
getSigAlgParamsin classjava.security.cert.X509Certificate
-
getSigAlgName
public java.lang.String getSigAlgName()
- Specified by:
getSigAlgNamein classjava.security.cert.X509Certificate
-
getSigAlgOID
public java.lang.String getSigAlgOID()
- Specified by:
getSigAlgOIDin classjava.security.cert.X509Certificate
-
getSignature
public byte[] getSignature()
- Specified by:
getSignaturein classjava.security.cert.X509Certificate
-
getTBSCertificate
public byte[] getTBSCertificate() throws java.security.cert.CertificateEncodingException- Specified by:
getTBSCertificatein classjava.security.cert.X509Certificate- Throws:
java.security.cert.CertificateEncodingException
-
getNotAfter
public java.util.Date getNotAfter()
- Specified by:
getNotAfterin classjava.security.cert.X509Certificate
-
getNotBefore
public java.util.Date getNotBefore()
- Specified by:
getNotBeforein classjava.security.cert.X509Certificate
-
checkValidity
public void checkValidity() throws java.security.cert.CertificateExpiredException, java.security.cert.CertificateNotYetValidException- Specified by:
checkValidityin classjava.security.cert.X509Certificate- Throws:
java.security.cert.CertificateExpiredExceptionjava.security.cert.CertificateNotYetValidException
-
checkValidity
public void checkValidity(java.util.Date date) throws java.security.cert.CertificateExpiredException, java.security.cert.CertificateNotYetValidException- Specified by:
checkValidityin classjava.security.cert.X509Certificate- Throws:
java.security.cert.CertificateExpiredExceptionjava.security.cert.CertificateNotYetValidException
-
toString
public java.lang.String toString()
- Specified by:
toStringin classjava.security.cert.Certificate
-
verify
public void verify(java.security.PublicKey key) throws java.security.cert.CertificateException, java.security.NoSuchAlgorithmException, java.security.InvalidKeyException, java.security.NoSuchProviderException, java.security.SignatureException- Specified by:
verifyin classjava.security.cert.Certificate- Throws:
java.security.cert.CertificateExceptionjava.security.NoSuchAlgorithmExceptionjava.security.InvalidKeyExceptionjava.security.NoSuchProviderExceptionjava.security.SignatureException
-
verify
public void verify(java.security.PublicKey key, java.lang.String sigProvider) throws java.security.cert.CertificateException, java.security.NoSuchAlgorithmException, java.security.InvalidKeyException, java.security.NoSuchProviderException, java.security.SignatureException- Specified by:
verifyin classjava.security.cert.Certificate- Throws:
java.security.cert.CertificateExceptionjava.security.NoSuchAlgorithmExceptionjava.security.InvalidKeyExceptionjava.security.NoSuchProviderExceptionjava.security.SignatureException
-
getExtensionValue
public byte[] getExtensionValue(java.lang.String oid)
- Specified by:
getExtensionValuein interfacejava.security.cert.X509Extension
-
getCriticalExtensionOIDs
public java.util.Set<java.lang.String> getCriticalExtensionOIDs()
- Specified by:
getCriticalExtensionOIDsin interfacejava.security.cert.X509Extension
-
getNonCriticalExtensionOIDs
public java.util.Set<java.lang.String> getNonCriticalExtensionOIDs()
- Specified by:
getNonCriticalExtensionOIDsin interfacejava.security.cert.X509Extension
-
hasUnsupportedCriticalExtension
public boolean hasUnsupportedCriticalExtension()
- Specified by:
hasUnsupportedCriticalExtensionin interfacejava.security.cert.X509Extension
-
finalize
public void finalize() throws java.lang.Throwable- Overrides:
finalizein classjava.lang.Object- Throws:
java.lang.Throwable
-
close
public void close() throws java.lang.Exception- Specified by:
closein interfacejava.lang.AutoCloseable- Throws:
java.lang.Exception
-
getUniqueID
public byte[] getUniqueID()
Description copied from interface:TokenCertificateReturns the unique ID of this key. Unique IDs can be used to match certificates to keys.- Specified by:
getUniqueIDin interfaceTokenCertificate- See Also:
PrivateKey.getUniqueID()
-
getOwningToken
public CryptoToken getOwningToken()
Description copied from interface:TokenCertificateReturns the CryptoToken that owns this certificate. Cryptographic operations with this key may only be performed on the token that owns the key.- Specified by:
getOwningTokenin interfaceTokenCertificate
-
setTrust
protected void setTrust(int type, int trust)Sets the trust flags for this cert.- Parameters:
type- SSL, EMAIL, or OBJECT_SIGNING.trust- The trust flags for this type of trust.
-
getTrust
protected int getTrust(int type)
Gets the trust flags for this cert.- Parameters:
type- SSL, EMAIL, or OBJECT_SIGNING.- Returns:
- The trust flags for this type of trust.
-
setSSLTrust
public void setSSLTrust(int trust)
Set the SSL trust flags for this certificate.- Specified by:
setSSLTrustin interfaceInternalCertificate- Parameters:
trust- A bitwise OR of the trust flags VALID_PEER, VALID_CA, TRUSTED_CA, USER, and TRUSTED_CLIENT_CA.
-
setEmailTrust
public void setEmailTrust(int trust)
Set the email (S/MIME) trust flags for this certificate.- Specified by:
setEmailTrustin interfaceInternalCertificate- Parameters:
trust- A bitwise OR of the trust flags VALID_PEER, VALID_CA, TRUSTED_CA, USER, and TRUSTED_CLIENT_CA.
-
setObjectSigningTrust
public void setObjectSigningTrust(int trust)
Set the object signing trust flags for this certificate.- Specified by:
setObjectSigningTrustin interfaceInternalCertificate- Parameters:
trust- A bitwise OR of the trust flags VALID_PEER, VALID_CA, TRUSTED_CA, USER, and TRUSTED_CLIENT_CA.
-
getSSLTrust
public int getSSLTrust()
Get the SSL trust flags for this certificate.- Specified by:
getSSLTrustin interfaceInternalCertificate- Returns:
- A bitwise OR of the trust flags VALID_PEER, VALID_CA, TRUSTED_CA, USER, and TRUSTED_CLIENT_CA.
-
getEmailTrust
public int getEmailTrust()
Get the email (S/MIME) trust flags for this certificate.- Specified by:
getEmailTrustin interfaceInternalCertificate- Returns:
- A bitwise OR of the trust flags VALID_PEER, VALID_CA, TRUSTED_CA, USER, and TRUSTED_CLIENT_CA.
-
getObjectSigningTrust
public int getObjectSigningTrust()
Get the object signing trust flags for this certificate.- Specified by:
getObjectSigningTrustin interfaceInternalCertificate- Returns:
- A bitwise OR of the trust flags VALID_PEER, VALID_CA, TRUSTED_CA, USER, and TRUSTED_CLIENT_CA.
-
getTrustFlags
public java.lang.String getTrustFlags()
-
setTrustFlags
public void setTrustFlags(java.lang.String trustFlags) throws java.lang.Exception- Throws:
java.lang.Exception
-
-