Class JcaTlsCertificate
- java.lang.Object
-
- org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCertificate
-
- All Implemented Interfaces:
TlsCertificate
public class JcaTlsCertificate extends java.lang.Object implements TlsCertificate
Implementation class for a single X.509 certificate based on the JCA.
-
-
Field Summary
Fields Modifier and Type Field Description protected java.security.cert.X509Certificate
certificate
protected JcaTlsCrypto
crypto
protected static int
KU_CRL_SIGN
protected static int
KU_DATA_ENCIPHERMENT
protected static int
KU_DECIPHER_ONLY
protected static int
KU_DIGITAL_SIGNATURE
protected static int
KU_ENCIPHER_ONLY
protected static int
KU_KEY_AGREEMENT
protected static int
KU_KEY_CERT_SIGN
protected static int
KU_KEY_ENCIPHERMENT
protected static int
KU_NON_REPUDIATION
protected javax.crypto.interfaces.DHPublicKey
pubKeyDH
protected java.security.interfaces.ECPublicKey
pubKeyEC
protected java.security.PublicKey
pubKeyRSA
-
Constructor Summary
Constructors Constructor Description JcaTlsCertificate(JcaTlsCrypto crypto, byte[] encoding)
JcaTlsCertificate(JcaTlsCrypto crypto, java.security.cert.X509Certificate certificate)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description TlsCertificate
checkUsageInRole(int tlsCertificateRole)
static JcaTlsCertificate
convert(JcaTlsCrypto crypto, TlsCertificate certificate)
TlsEncryptor
createEncryptor(int tlsCertificateRole)
Return an encryptor based on the public key in this certificate.Tls13Verifier
createVerifier(int signatureScheme)
TlsVerifier
createVerifier(short signatureAlgorithm)
byte[]
getEncoded()
byte[]
getExtension(org.bouncycastle.asn1.ASN1ObjectIdentifier extensionOID)
short
getLegacySignatureAlgorithm()
protected java.security.PublicKey
getPublicKey()
java.math.BigInteger
getSerialNumber()
java.lang.String
getSigAlgOID()
org.bouncycastle.asn1.ASN1Encodable
getSigAlgParams()
protected org.bouncycastle.asn1.x509.SubjectPublicKeyInfo
getSubjectPublicKeyInfo()
java.security.cert.X509Certificate
getX509Certificate()
protected boolean
implSupportsSignatureAlgorithm(short signatureAlgorithm)
static java.security.cert.X509Certificate
parseCertificate(org.bouncycastle.jcajce.util.JcaJceHelper helper, byte[] encoding)
protected boolean
supportsKeyUsageBit(int keyUsageBit)
protected boolean
supportsRSA_PKCS1()
protected boolean
supportsRSA_PSS_PSS(short signatureAlgorithm)
protected boolean
supportsRSA_PSS_RSAE()
boolean
supportsSignatureAlgorithm(short signatureAlgorithm)
boolean
supportsSignatureAlgorithmCA(short signatureAlgorithm)
protected void
validateKeyUsageBit(int keyUsageBit)
protected void
validateRSA_PKCS1()
protected void
validateRSA_PSS_PSS(short signatureAlgorithm)
protected void
validateRSA_PSS_RSAE()
-
-
-
Field Detail
-
KU_DIGITAL_SIGNATURE
protected static final int KU_DIGITAL_SIGNATURE
- See Also:
- Constant Field Values
-
KU_NON_REPUDIATION
protected static final int KU_NON_REPUDIATION
- See Also:
- Constant Field Values
-
KU_KEY_ENCIPHERMENT
protected static final int KU_KEY_ENCIPHERMENT
- See Also:
- Constant Field Values
-
KU_DATA_ENCIPHERMENT
protected static final int KU_DATA_ENCIPHERMENT
- See Also:
- Constant Field Values
-
KU_KEY_AGREEMENT
protected static final int KU_KEY_AGREEMENT
- See Also:
- Constant Field Values
-
KU_KEY_CERT_SIGN
protected static final int KU_KEY_CERT_SIGN
- See Also:
- Constant Field Values
-
KU_CRL_SIGN
protected static final int KU_CRL_SIGN
- See Also:
- Constant Field Values
-
KU_ENCIPHER_ONLY
protected static final int KU_ENCIPHER_ONLY
- See Also:
- Constant Field Values
-
KU_DECIPHER_ONLY
protected static final int KU_DECIPHER_ONLY
- See Also:
- Constant Field Values
-
crypto
protected final JcaTlsCrypto crypto
-
certificate
protected final java.security.cert.X509Certificate certificate
-
pubKeyDH
protected javax.crypto.interfaces.DHPublicKey pubKeyDH
-
pubKeyEC
protected java.security.interfaces.ECPublicKey pubKeyEC
-
pubKeyRSA
protected java.security.PublicKey pubKeyRSA
-
-
Constructor Detail
-
JcaTlsCertificate
public JcaTlsCertificate(JcaTlsCrypto crypto, byte[] encoding) throws java.io.IOException
- Throws:
java.io.IOException
-
JcaTlsCertificate
public JcaTlsCertificate(JcaTlsCrypto crypto, java.security.cert.X509Certificate certificate)
-
-
Method Detail
-
convert
public static JcaTlsCertificate convert(JcaTlsCrypto crypto, TlsCertificate certificate) throws java.io.IOException
- Throws:
java.io.IOException
-
parseCertificate
public static java.security.cert.X509Certificate parseCertificate(org.bouncycastle.jcajce.util.JcaJceHelper helper, byte[] encoding) throws java.io.IOException
- Throws:
java.io.IOException
-
createEncryptor
public TlsEncryptor createEncryptor(int tlsCertificateRole) throws java.io.IOException
Description copied from interface:TlsCertificate
Return an encryptor based on the public key in this certificate.- Specified by:
createEncryptor
in interfaceTlsCertificate
- Parameters:
tlsCertificateRole
-TlsCertificateRole
- Returns:
- a TlsEncryptor based on this certificate's public key.
- Throws:
java.io.IOException
-
createVerifier
public TlsVerifier createVerifier(short signatureAlgorithm) throws java.io.IOException
- Specified by:
createVerifier
in interfaceTlsCertificate
- Parameters:
signatureAlgorithm
-SignatureAlgorithm
- Throws:
java.io.IOException
-
createVerifier
public Tls13Verifier createVerifier(int signatureScheme) throws java.io.IOException
- Specified by:
createVerifier
in interfaceTlsCertificate
- Parameters:
signatureScheme
-SignatureScheme
- Throws:
java.io.IOException
-
getEncoded
public byte[] getEncoded() throws java.io.IOException
- Specified by:
getEncoded
in interfaceTlsCertificate
- Throws:
java.io.IOException
-
getExtension
public byte[] getExtension(org.bouncycastle.asn1.ASN1ObjectIdentifier extensionOID) throws java.io.IOException
- Specified by:
getExtension
in interfaceTlsCertificate
- Throws:
java.io.IOException
-
getSerialNumber
public java.math.BigInteger getSerialNumber()
- Specified by:
getSerialNumber
in interfaceTlsCertificate
-
getSigAlgOID
public java.lang.String getSigAlgOID()
- Specified by:
getSigAlgOID
in interfaceTlsCertificate
- Returns:
- the OID of this certificate's 'signatureAlgorithm', as a String.
-
getSigAlgParams
public org.bouncycastle.asn1.ASN1Encodable getSigAlgParams() throws java.io.IOException
- Specified by:
getSigAlgParams
in interfaceTlsCertificate
- Throws:
java.io.IOException
-
getLegacySignatureAlgorithm
public short getLegacySignatureAlgorithm() throws java.io.IOException
- Specified by:
getLegacySignatureAlgorithm
in interfaceTlsCertificate
- Returns:
SignatureAlgorithm
- Throws:
java.io.IOException
-
supportsSignatureAlgorithm
public boolean supportsSignatureAlgorithm(short signatureAlgorithm) throws java.io.IOException
- Specified by:
supportsSignatureAlgorithm
in interfaceTlsCertificate
- Parameters:
signatureAlgorithm
-SignatureAlgorithm
- Returns:
- true if (and only if) this certificate can be used to verify the given signature algorithm.
- Throws:
java.io.IOException
-
supportsSignatureAlgorithmCA
public boolean supportsSignatureAlgorithmCA(short signatureAlgorithm) throws java.io.IOException
- Specified by:
supportsSignatureAlgorithmCA
in interfaceTlsCertificate
- Throws:
java.io.IOException
-
checkUsageInRole
public TlsCertificate checkUsageInRole(int tlsCertificateRole) throws java.io.IOException
- Specified by:
checkUsageInRole
in interfaceTlsCertificate
- Parameters:
tlsCertificateRole
-TlsCertificateRole
- Throws:
java.io.IOException
-
implSupportsSignatureAlgorithm
protected boolean implSupportsSignatureAlgorithm(short signatureAlgorithm) throws java.io.IOException
- Throws:
java.io.IOException
-
getPublicKey
protected java.security.PublicKey getPublicKey() throws java.io.IOException
- Throws:
java.io.IOException
-
getSubjectPublicKeyInfo
protected org.bouncycastle.asn1.x509.SubjectPublicKeyInfo getSubjectPublicKeyInfo() throws java.io.IOException
- Throws:
java.io.IOException
-
getX509Certificate
public java.security.cert.X509Certificate getX509Certificate()
-
supportsKeyUsageBit
protected boolean supportsKeyUsageBit(int keyUsageBit)
-
supportsRSA_PKCS1
protected boolean supportsRSA_PKCS1() throws java.io.IOException
- Throws:
java.io.IOException
-
supportsRSA_PSS_PSS
protected boolean supportsRSA_PSS_PSS(short signatureAlgorithm) throws java.io.IOException
- Throws:
java.io.IOException
-
supportsRSA_PSS_RSAE
protected boolean supportsRSA_PSS_RSAE() throws java.io.IOException
- Throws:
java.io.IOException
-
validateKeyUsageBit
protected void validateKeyUsageBit(int keyUsageBit) throws java.io.IOException
- Throws:
java.io.IOException
-
validateRSA_PKCS1
protected void validateRSA_PKCS1() throws java.io.IOException
- Throws:
java.io.IOException
-
validateRSA_PSS_PSS
protected void validateRSA_PSS_PSS(short signatureAlgorithm) throws java.io.IOException
- Throws:
java.io.IOException
-
validateRSA_PSS_RSAE
protected void validateRSA_PSS_RSAE() throws java.io.IOException
- Throws:
java.io.IOException
-
-