Package org.mozilla.jss.pkcs11
Class PK11Cert
java.lang.Object
java.security.cert.Certificate
java.security.cert.X509Certificate
org.mozilla.jss.pkcs11.PK11Cert
- All Implemented Interfaces:
Serializable
,AutoCloseable
,X509Extension
,InternalCertificate
,TokenCertificate
,X509Certificate
- Direct Known Subclasses:
PK11InternalCert
public class PK11Cert
extends X509Certificate
implements InternalCertificate, TokenCertificate, AutoCloseable
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionprotected static class
A class that implements Principal with a String.Nested classes/interfaces inherited from class java.security.cert.Certificate
Certificate.CertificateRep
-
Field Summary
FieldsModifier and TypeFieldDescriptionprotected CertProxy
static final int
static final int
static final int
static org.slf4j.Logger
protected String
static final int
static final int
static final int
static final int
protected TokenProxy
static final int
static final int
static final int
static final int
static final int
static final int
private X509CertImpl
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoid
void
checkValidity
(Date date) void
close()
static int
decodeTrustFlags
(String flags) static String
encodeTrustFlags
(int flags) boolean
void
finalize()
int
int
Get the email (S/MIME) trust flags for this certificate.byte[]
byte[]
getExtensionValue
(String oid) protected String
boolean[]
boolean[]
int
Get the object signing trust flags for this certificate.Returns the CryptoToken that owns this certificate.protected byte[]
byte[]
byte[]
int
Get the SSL trust flags for this certificate.protected String
boolean[]
byte[]
protected int
getTrust
(int type) Gets the trust flags for this cert.byte[]
Returns the unique ID of this key.int
int
hashCode()
boolean
static boolean
isTrustFlagEnabled
(int flag, int flags) void
setEmailTrust
(int trust) Set the email (S/MIME) trust flags for this certificate.void
setObjectSigningTrust
(int trust) Set the object signing trust flags for this certificate.void
setSSLTrust
(int trust) Set the SSL trust flags for this certificate.protected void
setTrust
(int type, int trust) Sets the trust flags for this cert.void
setTrustFlags
(String trustFlags) toString()
void
void
Methods inherited from class java.security.cert.X509Certificate
getExtendedKeyUsage, getIssuerAlternativeNames, getIssuerX500Principal, getSubjectAlternativeNames, getSubjectX500Principal, verify
Methods inherited from class java.security.cert.Certificate
getType, writeReplace
-
Field Details
-
logger
public static org.slf4j.Logger logger -
VALID_PEER
public static final int VALID_PEER- See Also:
-
TRUSTED_PEER
public static final int TRUSTED_PEER- See Also:
-
SEND_WARN
public static final int SEND_WARN- See Also:
-
VALID_CA
public static final int VALID_CA- See Also:
-
TRUSTED_CA
public static final int TRUSTED_CA- See Also:
-
NS_TRUSTED_CA
public static final int NS_TRUSTED_CA- See Also:
-
USER
public static final int USER- See Also:
-
TRUSTED_CLIENT_CA
public static final int TRUSTED_CLIENT_CA- See Also:
-
INVISIBLE_CA
public static final int INVISIBLE_CA- See Also:
-
GOVT_APPROVED_CA
public static final int GOVT_APPROVED_CA- See Also:
-
SSL
public static final int SSL- See Also:
-
EMAIL
public static final int EMAIL- See Also:
-
OBJECT_SIGNING
public static final int OBJECT_SIGNING- See Also:
-
x509
-
certProxy
-
tokenProxy
-
nickname
-
-
Constructor Details
-
PK11Cert
PK11Cert(byte[] certPtr, byte[] slotPtr, String nickname)
-
-
Method Details
-
isTrustFlagEnabled
public static boolean isTrustFlagEnabled(int flag, int flags) -
encodeTrustFlags
-
decodeTrustFlags
- Throws:
Exception
-
getEncoded
- Specified by:
getEncoded
in interfaceX509Certificate
- Specified by:
getEncoded
in classCertificate
- Returns:
- The DER encoding of this certificate.
- Throws:
CertificateEncodingException
- If an error occurred.
-
getNickname
- Specified by:
getNickname
in interfaceX509Certificate
- Returns:
- The nickname of this certificate (could be null).
-
hashCode
public int hashCode()- Overrides:
hashCode
in classCertificate
-
equals
- Overrides:
equals
in classCertificate
-
getSubjectDN
- Specified by:
getSubjectDN
in interfaceX509Certificate
- Specified by:
getSubjectDN
in classX509Certificate
- Returns:
- The RFC 1485 ASCII encoding of the Subject Name.
-
getIssuerDN
- Specified by:
getIssuerDN
in interfaceX509Certificate
- Specified by:
getIssuerDN
in classX509Certificate
- Returns:
- The RFC 1485 ASCII encoding of the issuer's Subject Name.
-
getSerialNumber
- Specified by:
getSerialNumber
in interfaceX509Certificate
- Specified by:
getSerialNumber
in classX509Certificate
- Returns:
- The serial number of this certificate.
-
getSerialNumberByteArray
protected byte[] getSerialNumberByteArray() -
getSubjectDNString
-
getIssuerDNString
-
getPublicKey
- Specified by:
getPublicKey
in interfaceX509Certificate
- Specified by:
getPublicKey
in classCertificate
- Returns:
- The Public Key from this certificate.
-
getVersion
public int getVersion()- Specified by:
getVersion
in interfaceX509Certificate
- Specified by:
getVersion
in classX509Certificate
- Returns:
- the version number of this X.509 certificate. 0 means v1, 1 means v2, 2 means v3.
-
getBasicConstraints
public int getBasicConstraints()- Specified by:
getBasicConstraints
in classX509Certificate
-
getKeyUsage
public boolean[] getKeyUsage()- Specified by:
getKeyUsage
in classX509Certificate
-
getSubjectUniqueID
public boolean[] getSubjectUniqueID()- Specified by:
getSubjectUniqueID
in classX509Certificate
-
getIssuerUniqueID
public boolean[] getIssuerUniqueID()- Specified by:
getIssuerUniqueID
in classX509Certificate
-
getSigAlgParams
public byte[] getSigAlgParams()- Specified by:
getSigAlgParams
in classX509Certificate
-
getSigAlgName
- Specified by:
getSigAlgName
in classX509Certificate
-
getSigAlgOID
- Specified by:
getSigAlgOID
in classX509Certificate
-
getSignature
public byte[] getSignature()- Specified by:
getSignature
in classX509Certificate
-
getTBSCertificate
- Specified by:
getTBSCertificate
in classX509Certificate
- Throws:
CertificateEncodingException
-
getNotAfter
- Specified by:
getNotAfter
in classX509Certificate
-
getNotBefore
- Specified by:
getNotBefore
in classX509Certificate
-
checkValidity
- Specified by:
checkValidity
in classX509Certificate
- Throws:
CertificateExpiredException
CertificateNotYetValidException
-
checkValidity
public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException - Specified by:
checkValidity
in classX509Certificate
- Throws:
CertificateExpiredException
CertificateNotYetValidException
-
toString
- Specified by:
toString
in classCertificate
-
verify
public void verify(PublicKey key) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException - Specified by:
verify
in classCertificate
- Throws:
CertificateException
NoSuchAlgorithmException
InvalidKeyException
NoSuchProviderException
SignatureException
-
verify
public void verify(PublicKey key, String sigProvider) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException - Specified by:
verify
in classCertificate
- Throws:
CertificateException
NoSuchAlgorithmException
InvalidKeyException
NoSuchProviderException
SignatureException
-
getExtensionValue
- Specified by:
getExtensionValue
in interfaceX509Extension
-
getCriticalExtensionOIDs
- Specified by:
getCriticalExtensionOIDs
in interfaceX509Extension
-
getNonCriticalExtensionOIDs
- Specified by:
getNonCriticalExtensionOIDs
in interfaceX509Extension
-
hasUnsupportedCriticalExtension
public boolean hasUnsupportedCriticalExtension()- Specified by:
hasUnsupportedCriticalExtension
in interfaceX509Extension
-
finalize
-
close
- Specified by:
close
in interfaceAutoCloseable
- Throws:
Exception
-
getUniqueID
public byte[] getUniqueID()Description copied from interface:TokenCertificate
Returns the unique ID of this key. Unique IDs can be used to match certificates to keys.- Specified by:
getUniqueID
in interfaceTokenCertificate
- See Also:
-
getOwningToken
Description copied from interface:TokenCertificate
Returns the CryptoToken that owns this certificate. Cryptographic operations with this key may only be performed on the token that owns the key.- Specified by:
getOwningToken
in interfaceTokenCertificate
-
setTrust
protected void setTrust(int type, int trust) Sets the trust flags for this cert.- Parameters:
type
- SSL, EMAIL, or OBJECT_SIGNING.trust
- The trust flags for this type of trust.
-
getTrust
protected int getTrust(int type) Gets the trust flags for this cert.- Parameters:
type
- SSL, EMAIL, or OBJECT_SIGNING.- Returns:
- The trust flags for this type of trust.
-
setSSLTrust
public void setSSLTrust(int trust) Set the SSL trust flags for this certificate.- Specified by:
setSSLTrust
in interfaceInternalCertificate
- Parameters:
trust
- A bitwise OR of the trust flags VALID_PEER, VALID_CA, TRUSTED_CA, USER, and TRUSTED_CLIENT_CA.
-
setEmailTrust
public void setEmailTrust(int trust) Set the email (S/MIME) trust flags for this certificate.- Specified by:
setEmailTrust
in interfaceInternalCertificate
- Parameters:
trust
- A bitwise OR of the trust flags VALID_PEER, VALID_CA, TRUSTED_CA, USER, and TRUSTED_CLIENT_CA.
-
setObjectSigningTrust
public void setObjectSigningTrust(int trust) Set the object signing trust flags for this certificate.- Specified by:
setObjectSigningTrust
in interfaceInternalCertificate
- Parameters:
trust
- A bitwise OR of the trust flags VALID_PEER, VALID_CA, TRUSTED_CA, USER, and TRUSTED_CLIENT_CA.
-
getSSLTrust
public int getSSLTrust()Get the SSL trust flags for this certificate.- Specified by:
getSSLTrust
in interfaceInternalCertificate
- Returns:
- A bitwise OR of the trust flags VALID_PEER, VALID_CA, TRUSTED_CA, USER, and TRUSTED_CLIENT_CA.
-
getEmailTrust
public int getEmailTrust()Get the email (S/MIME) trust flags for this certificate.- Specified by:
getEmailTrust
in interfaceInternalCertificate
- Returns:
- A bitwise OR of the trust flags VALID_PEER, VALID_CA, TRUSTED_CA, USER, and TRUSTED_CLIENT_CA.
-
getObjectSigningTrust
public int getObjectSigningTrust()Get the object signing trust flags for this certificate.- Specified by:
getObjectSigningTrust
in interfaceInternalCertificate
- Returns:
- A bitwise OR of the trust flags VALID_PEER, VALID_CA, TRUSTED_CA, USER, and TRUSTED_CLIENT_CA.
-
getTrustFlags
-
setTrustFlags
- Throws:
Exception
-