Package org.mozilla.jss.pkcs11

Class PK11Cert

java.lang.Object

java.security.cert.Certificate

java.security.cert.X509Certificate

org.mozilla.jss.pkcs11.PK11Cert

All Implemented Interfaces:

Serializable, AutoCloseable, X509Extension, InternalCertificate, TokenCertificate, X509Certificate

Direct Known Subclasses:

PK11InternalCert

public class PK11Cert
extends X509Certificate
implements InternalCertificate, TokenCertificate, AutoCloseable

See Also:

• Serialized Form

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
protected static class	PK11Cert.StringPrincipal	A class that implements Principal with a String.

Nested classes/interfaces inherited from class java.security.cert.Certificate

Certificate.CertificateRep

Field Summary

Fields

Modifier and Type	Field	Description
protected org.mozilla.jss.pkcs11.CertProxy	certProxy
static final int	EMAIL
static final int	GOVT_APPROVED_CA
static final int	INVISIBLE_CA
static org.slf4j.Logger	logger
protected String	nickname
static final int	NS_TRUSTED_CA
static final int	OBJECT_SIGNING
static final int	SEND_WARN
static final int	SSL
protected TokenProxy	tokenProxy
static final int	TRUSTED_CA
static final int	TRUSTED_CLIENT_CA
static final int	TRUSTED_PEER
static final int	USER
static final int	VALID_CA
static final int	VALID_PEER

Method Summary

Modifier and Type	Method	Description
void	checkValidity()
void	checkValidity(Date date)
void	close()
static int	decodeTrustFlags(String flags)
static String	encodeTrustFlags(int flags)
boolean	equals(Object other)
void	finalize()
int	getBasicConstraints()
Set<String>	getCriticalExtensionOIDs()
int	getEmailTrust()	Get the email (S/MIME) trust flags for this certificate.
byte[]	getEncoded()
byte[]	getExtensionValue(String oid)
Principal	getIssuerDN()
protected String	getIssuerDNString()
boolean[]	getIssuerUniqueID()
boolean[]	getKeyUsage()
String	getNickname()
Set<String>	getNonCriticalExtensionOIDs()
Date	getNotAfter()
Date	getNotBefore()
int	getObjectSigningTrust()	Get the object signing trust flags for this certificate.
CryptoToken	getOwningToken()	Returns the CryptoToken that owns this certificate.
PublicKey	getPublicKey()
BigInteger	getSerialNumber()
protected byte[]	getSerialNumberByteArray()
String	getSigAlgName()
String	getSigAlgOID()
byte[]	getSigAlgParams()
byte[]	getSignature()
int	getSSLTrust()	Get the SSL trust flags for this certificate.
Principal	getSubjectDN()
protected String	getSubjectDNString()
boolean[]	getSubjectUniqueID()
byte[]	getTBSCertificate()
protected int	getTrust(int type)	Gets the trust flags for this cert.
String	getTrustFlags()
byte[]	getUniqueID()	Returns the unique ID of this key.
int	getVersion()
int	hashCode()
boolean	hasUnsupportedCriticalExtension()
static boolean	isTrustFlagEnabled(int flag, int flags)
void	setEmailTrust(int trust)	Set the email (S/MIME) trust flags for this certificate.
void	setObjectSigningTrust(int trust)	Set the object signing trust flags for this certificate.
void	setSSLTrust(int trust)	Set the SSL trust flags for this certificate.
protected void	setTrust(int type, int trust)	Sets the trust flags for this cert.
void	setTrustFlags(String trustFlags)
String	toString()
void	verify(PublicKey key)
void	verify(PublicKey key, String sigProvider)

Methods inherited from class java.security.cert.X509Certificate

getExtendedKeyUsage, getIssuerAlternativeNames, getIssuerX500Principal, getSubjectAlternativeNames, getSubjectX500Principal, verify

Methods inherited from class java.security.cert.Certificate

getType, writeReplace

Methods inherited from class java.lang.Object

clone, getClass, notify, notifyAll, wait, wait, wait

Field Details

logger

public static org.slf4j.Logger logger

VALID_PEER

public static final int VALID_PEER

See Also:

• Constant Field Values

TRUSTED_PEER

public static final int TRUSTED_PEER

See Also:

• Constant Field Values

SEND_WARN

public static final int SEND_WARN

See Also:

• Constant Field Values

VALID_CA

public static final int VALID_CA

See Also:

• Constant Field Values

TRUSTED_CA

public static final int TRUSTED_CA

See Also:

• Constant Field Values

NS_TRUSTED_CA

public static final int NS_TRUSTED_CA

See Also:

• Constant Field Values

USER

public static final int USER

See Also:

• Constant Field Values

TRUSTED_CLIENT_CA

public static final int TRUSTED_CLIENT_CA

See Also:

• Constant Field Values

INVISIBLE_CA

public static final int INVISIBLE_CA

See Also:

• Constant Field Values

GOVT_APPROVED_CA

public static final int GOVT_APPROVED_CA

See Also:

• Constant Field Values

SSL

public static final int SSL

See Also:

• Constant Field Values

EMAIL

public static final int EMAIL

See Also:

• Constant Field Values

OBJECT_SIGNING

public static final int OBJECT_SIGNING

See Also:

• Constant Field Values

certProxy

protected org.mozilla.jss.pkcs11.CertProxy certProxy

tokenProxy

protected TokenProxy tokenProxy

nickname

protected String nickname

Method Details

isTrustFlagEnabled

public static boolean isTrustFlagEnabled(int flag,
 int flags)

encodeTrustFlags

public static String encodeTrustFlags(int flags)

decodeTrustFlags

public static int decodeTrustFlags(String flags)
                            throws Exception

Throws:

Exception

getEncoded

public byte[] getEncoded()
                  throws CertificateEncodingException

Specified by:

getEncoded in interface X509Certificate

Specified by:

getEncoded in class Certificate

Returns:

The DER encoding of this certificate.

Throws:

CertificateEncodingException - If an error occurred.

getNickname

public String getNickname()

Specified by:

getNickname in interface X509Certificate

Returns:

The nickname of this certificate (could be null).

hashCode

public int hashCode()

Overrides:

hashCode in class Certificate

equals

public boolean equals(Object other)

Overrides:

equals in class Certificate

getSubjectDN

public Principal getSubjectDN()

Specified by:

getSubjectDN in interface X509Certificate

Specified by:

getSubjectDN in class X509Certificate

Returns:

The RFC 1485 ASCII encoding of the Subject Name.

getIssuerDN

public Principal getIssuerDN()

Specified by:

getIssuerDN in interface X509Certificate

Specified by:

getIssuerDN in class X509Certificate

Returns:

The RFC 1485 ASCII encoding of the issuer's Subject Name.

getSerialNumber

public BigInteger getSerialNumber()

Specified by:

getSerialNumber in interface X509Certificate

Specified by:

getSerialNumber in class X509Certificate

Returns:

The serial number of this certificate.

getSerialNumberByteArray

protected byte[] getSerialNumberByteArray()

getSubjectDNString

protected String getSubjectDNString()

getIssuerDNString

protected String getIssuerDNString()

getPublicKey

public PublicKey getPublicKey()

Specified by:

getPublicKey in interface X509Certificate

Specified by:

getPublicKey in class Certificate

Returns:

The Public Key from this certificate.

getVersion

public int getVersion()

Specified by:

getVersion in interface X509Certificate

Specified by:

getVersion in class X509Certificate

Returns:

the version number of this X.509 certificate. 0 means v1, 1 means v2, 2 means v3.

getBasicConstraints

public int getBasicConstraints()

Specified by:

getBasicConstraints in class X509Certificate

getKeyUsage

public boolean[] getKeyUsage()

Specified by:

getKeyUsage in class X509Certificate

getSubjectUniqueID

public boolean[] getSubjectUniqueID()

Specified by:

getSubjectUniqueID in class X509Certificate

getIssuerUniqueID

public boolean[] getIssuerUniqueID()

Specified by:

getIssuerUniqueID in class X509Certificate

getSigAlgParams

public byte[] getSigAlgParams()

Specified by:

getSigAlgParams in class X509Certificate

getSigAlgName

public String getSigAlgName()

Specified by:

getSigAlgName in class X509Certificate

getSigAlgOID

public String getSigAlgOID()

Specified by:

getSigAlgOID in class X509Certificate

getSignature

public byte[] getSignature()

Specified by:

getSignature in class X509Certificate

getTBSCertificate

public byte[] getTBSCertificate()
                         throws CertificateEncodingException

Specified by:

getTBSCertificate in class X509Certificate

Throws:

CertificateEncodingException

getNotAfter

public Date getNotAfter()

Specified by:

getNotAfter in class X509Certificate

getNotBefore

public Date getNotBefore()

Specified by:

getNotBefore in class X509Certificate

checkValidity

public void checkValidity()
                   throws CertificateExpiredException,
CertificateNotYetValidException

Specified by:

checkValidity in class X509Certificate

Throws:

CertificateExpiredException

CertificateNotYetValidException

checkValidity

public void checkValidity(Date date)
                   throws CertificateExpiredException,
CertificateNotYetValidException

Specified by:

checkValidity in class X509Certificate

Throws:

CertificateExpiredException

CertificateNotYetValidException

toString

public String toString()

Specified by:

toString in class Certificate

verify

public void verify(PublicKey key)
            throws CertificateException,
NoSuchAlgorithmException,
InvalidKeyException,
NoSuchProviderException,
SignatureException

Specified by:

verify in class Certificate

Throws:

CertificateException

NoSuchAlgorithmException

InvalidKeyException

NoSuchProviderException

SignatureException

verify

public void verify(PublicKey key,
 String sigProvider)
            throws CertificateException,
NoSuchAlgorithmException,
InvalidKeyException,
NoSuchProviderException,
SignatureException

Specified by:

verify in class Certificate

Throws:

CertificateException

NoSuchAlgorithmException

InvalidKeyException

NoSuchProviderException

SignatureException

getExtensionValue

public byte[] getExtensionValue(String oid)

Specified by:

getExtensionValue in interface X509Extension

getCriticalExtensionOIDs

public Set<String> getCriticalExtensionOIDs()

Specified by:

getCriticalExtensionOIDs in interface X509Extension

getNonCriticalExtensionOIDs

public Set<String> getNonCriticalExtensionOIDs()

Specified by:

getNonCriticalExtensionOIDs in interface X509Extension

hasUnsupportedCriticalExtension

public boolean hasUnsupportedCriticalExtension()

Specified by:

hasUnsupportedCriticalExtension in interface X509Extension

finalize

public void finalize()
              throws Throwable

Overrides:

finalize in class Object

Throws:

Throwable

close

public void close()
           throws Exception

Specified by:

close in interface AutoCloseable

Throws:

Exception

getUniqueID

public byte[] getUniqueID()

Description copied from interface: TokenCertificate

Returns the unique ID of this key. Unique IDs can be used to match certificates to keys.

Specified by:

getUniqueID in interface TokenCertificate

See Also:

• PrivateKey.getUniqueID()

getOwningToken

public CryptoToken getOwningToken()

Description copied from interface: TokenCertificate

Returns the CryptoToken that owns this certificate. Cryptographic operations with this key may only be performed on the token that owns the key.

Specified by:

getOwningToken in interface TokenCertificate

setTrust

protected void setTrust(int type,
 int trust)

Sets the trust flags for this cert.

Parameters:

type - SSL, EMAIL, or OBJECT_SIGNING.

trust - The trust flags for this type of trust.

getTrust

protected int getTrust(int type)

Gets the trust flags for this cert.

Parameters:

type - SSL, EMAIL, or OBJECT_SIGNING.

Returns:

The trust flags for this type of trust.

setSSLTrust

public void setSSLTrust(int trust)

Set the SSL trust flags for this certificate.

Specified by:

setSSLTrust in interface InternalCertificate

Parameters:

trust - A bitwise OR of the trust flags VALID_PEER, VALID_CA, TRUSTED_CA, USER, and TRUSTED_CLIENT_CA.

setEmailTrust

public void setEmailTrust(int trust)

Set the email (S/MIME) trust flags for this certificate.

Specified by:

setEmailTrust in interface InternalCertificate

Parameters:

trust - A bitwise OR of the trust flags VALID_PEER, VALID_CA, TRUSTED_CA, USER, and TRUSTED_CLIENT_CA.

setObjectSigningTrust

public void setObjectSigningTrust(int trust)

Set the object signing trust flags for this certificate.

Specified by:

setObjectSigningTrust in interface InternalCertificate

Parameters:

trust - A bitwise OR of the trust flags VALID_PEER, VALID_CA, TRUSTED_CA, USER, and TRUSTED_CLIENT_CA.

getSSLTrust

public int getSSLTrust()

Get the SSL trust flags for this certificate.

Specified by:

getSSLTrust in interface InternalCertificate

Returns:

A bitwise OR of the trust flags VALID_PEER, VALID_CA, TRUSTED_CA, USER, and TRUSTED_CLIENT_CA.

getEmailTrust

public int getEmailTrust()

Get the email (S/MIME) trust flags for this certificate.

Specified by:

getEmailTrust in interface InternalCertificate

Returns:

A bitwise OR of the trust flags VALID_PEER, VALID_CA, TRUSTED_CA, USER, and TRUSTED_CLIENT_CA.

getObjectSigningTrust

public int getObjectSigningTrust()

Get the object signing trust flags for this certificate.

Specified by:

getObjectSigningTrust in interface InternalCertificate

Returns:

A bitwise OR of the trust flags VALID_PEER, VALID_CA, TRUSTED_CA, USER, and TRUSTED_CLIENT_CA.

getTrustFlags

public String getTrustFlags()

setTrustFlags

public void setTrustFlags(String trustFlags)
                   throws Exception

Throws:

Exception