public class LunaCertificateX509 extends java.security.cert.X509Certificate implements LunaCertificate
Modifier | Constructor and Description |
---|---|
|
LunaCertificateX509(byte[] certEncoding)
Create a LunaCertificateX509 object from the given DER encoding.
|
|
LunaCertificateX509(byte[] certEncoding,
int slot)
Create a LunaCertificateX509 object from the given DER encoding.
|
protected |
LunaCertificateX509(LunaTokenObject object)
Define a LunaCertificateX509 object from a certificate stored on Luna hardware.
|
protected |
LunaCertificateX509(LunaTokenObject obj,
com.safenetinc.luna.X509.AsnCertificate cert)
Used by the factory methods to create a LunaCert when we've already retrieved/created the token object and
certificate.
|
|
LunaCertificateX509(java.security.cert.X509Certificate cert)
Create a LunaCertificateX509 object and initialize it using values from the given certificate.
|
|
LunaCertificateX509(java.security.cert.X509Certificate cert,
int slot)
Create a LunaCertificateX509 object and initialize it using values from the given certificate.
|
Modifier and Type | Method and Description |
---|---|
void |
checkValidity()
Checks that the certificate is currently valid.
|
void |
checkValidity(java.util.Date date)
Checks that the given date is within the certificate's validity period.
|
void |
DestroyCert()
Destroy the certificate object and remove it from the token.
|
int |
getBasicConstraints()
Gets the certificate constraints path length from the critical BasicConstraints extension, (OID = 2.5.29.19).
|
protected static java.lang.String |
GetCertChainEntryName(java.lang.String alias,
int index) |
int |
GetCertHandle()
Returns the handle of the certificate stored in hardware.
|
java.util.Set<java.lang.String> |
getCriticalExtensionOIDs()
Gets a Set of the OID strings for the extension(s) marked CRITICAL.
|
java.util.Date |
GetDateMadePersistent() |
byte[] |
getEncoded()
Retrieve the encoding of the certificate.
|
java.util.List<java.lang.String> |
getExtendedKeyUsage()
Gets a list of extended key usage details
|
byte[] |
getExtensionValue(java.lang.String oid)
Gets the DER-encoded OCTET string for the extension value (extnValue) identified by the passed-in oid String.
|
byte[] |
GetFingerprint() |
java.security.Principal |
getIssuerDN()
Deprecated.
This method has been denigrated by SUN as of Java 5.0. Use
getIssuerX500Principal()
instead.
CANNOT REMOVE THIS : X509Certificate DECLARES IT ABSTRACT, SO MUST IMPLEMENT. |
boolean[] |
getIssuerUniqueID()
Gets the issuerUniqueID value from the certificate.
|
javax.security.auth.x500.X500Principal |
getIssuerX500Principal()
Gets the issuer distinguished name from the certificate.
|
boolean[] |
getKeyUsage()
Gets a boolean array representing bits of the KeyUsage extension, (OID = 2.5.29.15).
|
java.util.Set<java.lang.String> |
getNonCriticalExtensionOIDs()
Gets a Set of the OID strings for the extension(s) marked NON-CRITICAL.
|
java.util.Date |
getNotAfter()
Gets the notAfter date from the validity period of the certificate.
|
java.util.Date |
getNotBefore()
Gets the notBefore date from the validity period of the certificate.
|
byte[] |
GetOUID()
Returns the CKA_OUID of the certificate object in the HSM.
|
java.security.PublicKey |
getPublicKey()
Gets the public key from this certificate.
|
java.math.BigInteger |
getSerialNumber()
Gets the serialNumber value from the certificate.
|
java.lang.String |
getSigAlgName()
Gets the signature algorithm name for the certificate signature algorithm.
|
java.lang.String |
getSigAlgOID()
Gets the signature algorithm OID string from the certificate.
|
byte[] |
getSigAlgParams()
Gets the DER-encoded signature algorithm parameters from this certificate's signature algorithm.
|
byte[] |
getSignature()
Gets the signature value (the raw signature bits) from the certificate.
|
java.security.Principal |
getSubjectDN()
Deprecated.
This method has been denigrated by SUN as of Java 5.0. Use
getSubjectX500Principal()
instead.
CANNOT REMOVE THIS : X509Certificate DECLARES IT ABSTRACT, SO MUST IMPLEMENT. |
boolean[] |
getSubjectUniqueID()
Gets the subjectUniqueID value from the certificate.
|
javax.security.auth.x500.X500Principal |
getSubjectX500Principal() |
byte[] |
getTBSCertificate()
Gets the DER-encoded certificate information, the tbsCertificate from this certificate.
|
int |
getVersion()
Gets the version (version number) value from the certificate.
|
boolean |
hasUnsupportedCriticalExtension()
Check if there is a critical extension that is not supported.
|
boolean |
IsCertPersistent() |
static LunaCertificateX509 |
LocateCertByAlias(java.lang.String alias)
Create a LunaCertificateX509 object by searching the default token for a certificate with the given alias.
|
static LunaCertificateX509 |
LocateCertByAlias(java.lang.String alias,
int slot)
Create a LunaCertificateX509 object by searching the specified token for a
certificate with the given alias.
|
static LunaCertificateX509 |
LocateCertByHandle(int handle)
Locate a certificate on the default slot by using the object handle.
|
static LunaCertificateX509 |
LocateCertByHandle(int handle,
int slot)
Locate a certificate on the specified slot by using the object handle.
|
static LunaCertificateX509 |
LocateCertByOUID(byte[] ouid)
Create a LunaCertificateX509 object by searching the default token for a certificate with the given CKA_OUID.
|
static LunaCertificateX509 |
LocateCertByOUID(byte[] ouid,
int slot)
Create a LunaCertificateX509 object by searching the specified token for a certificate with the given CKA_OUID.
|
void |
MakePersistent(java.lang.String alias)
Store a LunaCertificateX509 on a Luna token
|
static LunaCertificateX509 |
SelfSign(java.security.KeyPair kp,
java.lang.String subject,
java.math.BigInteger serialNumber,
java.util.Date notBefore,
java.util.Date notAfter)
Create a LunaCertificateX509 on the default slot by self-signing a key pair.
|
static LunaCertificateX509 |
SelfSign(java.security.KeyPair kp,
java.lang.String subject,
java.math.BigInteger serialNumber,
java.util.Date notBefore,
java.util.Date notAfter,
int slot)
Create a LunaCertificateX509 on the specified slot by self-signing a key pair.
|
static LunaCertificateX509 |
SelfSign(java.lang.String algorithm,
java.security.KeyPair kp,
java.lang.String subject,
java.math.BigInteger serialNumber,
java.util.Date notBefore,
java.util.Date notAfter,
int pssSaltValue)
Create a LunaCertificateX509 in the default slot by self-signing a key pair.
|
static LunaCertificateX509 |
SelfSign(java.lang.String algorithm,
java.security.KeyPair kp,
java.lang.String subject,
java.math.BigInteger serialNumber,
java.util.Date notBefore,
java.util.Date notAfter,
int pssSaltValue,
int slot)
Create a LunaCertificateX509 in the specified slot by self-signing a key pair.
|
java.lang.String |
toString()
Retrieve a (short) string representation of the object
|
void |
verify(java.security.PublicKey key)
Verifies that this certificate was signed using the private key that corresponds to the specified public key.
|
void |
verify(java.security.PublicKey key,
java.lang.String sigProvider)
Verifies that this certificate was signed using the private key that corresponds to the specified public key.
|
public LunaCertificateX509(java.security.cert.X509Certificate cert) throws java.security.cert.CertificateEncodingException
The resulting certificate is stored on the Luna hardware on the currently set default token, although it will not be persistent until it is stored in a LunaKeyStore or the MakePersistent() method is invoked.
cert
- The certificate from which the LunaCertificateX509 object is derived.java.security.cert.CertificateEncodingException
- exceptionpublic LunaCertificateX509(java.security.cert.X509Certificate cert, int slot) throws java.security.cert.CertificateEncodingException
The resulting certificate is stored on the Luna hardware on the token in the specified slot, although it will not be persistent until it is stored in a LunaKeyStore or the MakePersistent() method is invoked.
cert
- The certificate from which the LunaCertificateX509 object is derived.slot
- slot numberjava.security.cert.CertificateEncodingException
- exceptionpublic LunaCertificateX509(byte[] certEncoding)
The resulting certificate is stored on the Luna hardware on the currently set default token, although it will not be persistent until it is stored in a LunaKeyStore or the MakePersistent() method is invoked.
certEncoding
- The DER encoding of a certificate.public LunaCertificateX509(byte[] certEncoding, int slot)
The resulting certificate is stored on the Luna hardware on the token in the specified slot, although it will not be persistent until it is stored in a LunaKeyStore or the MakePersistent() method is invoked.
certEncoding
- The DER encoding of a certificate.slot
- slot numberprotected LunaCertificateX509(LunaTokenObject object)
object
- generic Luna objectprotected LunaCertificateX509(LunaTokenObject obj, com.safenetinc.luna.X509.AsnCertificate cert)
obj
- generic Luna objectcert
- ASN-encoded certificatepublic static LunaCertificateX509 SelfSign(java.lang.String algorithm, java.security.KeyPair kp, java.lang.String subject, java.math.BigInteger serialNumber, java.util.Date notBefore, java.util.Date notAfter, int pssSaltValue) throws java.security.InvalidKeyException, java.security.cert.CertificateEncodingException
Accepts an RSA, DSA or ECDSA key pair and creates a self-signed certificate from them.
algorithm
- The algorithm to use for the signaturekp
- The key pair.subject
- The distinguished name for the subject and issuerserialNumber
- The serial number of the certificatenotBefore
- The notBefore date of the certificatenotAfter
- The notAfter date of the certificatepssSaltValue
- Salt value used if a PSS algorthm is specifiedjava.security.InvalidKeyException
- if the key pair is not RSA or DSA.java.security.cert.CertificateEncodingException
- if we have problems encoding the certificate.public static LunaCertificateX509 SelfSign(java.lang.String algorithm, java.security.KeyPair kp, java.lang.String subject, java.math.BigInteger serialNumber, java.util.Date notBefore, java.util.Date notAfter, int pssSaltValue, int slot) throws java.security.InvalidKeyException, java.security.cert.CertificateEncodingException
Accepts an RSA, DSA or ECDSA key pair and creates a self-signed certificate from them.
algorithm
- The algorithm to use for the signaturekp
- The key pair.subject
- The distinguished name for the subject and issuerserialNumber
- The serial number of the certificatenotBefore
- The notBefore date of the certificatenotAfter
- The notAfter date of the certificatepssSaltValue
- Salt value used if a PSS algorthm is specifiedslot
- slot numberjava.security.InvalidKeyException
- if the key pair is not RSA or DSA.java.security.cert.CertificateEncodingException
- if we have problems encoding the certificate.public static LunaCertificateX509 SelfSign(java.security.KeyPair kp, java.lang.String subject, java.math.BigInteger serialNumber, java.util.Date notBefore, java.util.Date notAfter) throws java.security.InvalidKeyException, java.security.cert.CertificateEncodingException
Accepts an RSA, DSA or ECDSA key pair and creates a self-signed certificate from them. If the key pair is RSA, SHA1withRSA is used as the signature algorithm. If the key pair is DSA, SHA1withDSA is used. If the key pair is ECDSA, SHA1withECDSA is used.
kp
- The key pairsubject
- The distinguished name for the subject and issuerserialNumber
- The serial number of the certificatenotBefore
- the notBefore date of the certificatenotAfter
- the notAfter date of the certificatejava.security.InvalidKeyException
- Returned if the key pair is not RSA or DSAjava.security.cert.CertificateEncodingException
- Returned if there are problems encoding the certificatepublic static LunaCertificateX509 SelfSign(java.security.KeyPair kp, java.lang.String subject, java.math.BigInteger serialNumber, java.util.Date notBefore, java.util.Date notAfter, int slot) throws java.security.InvalidKeyException, java.security.cert.CertificateEncodingException
Accepts an RSA, DSA or ECDSA key pair and creates a self-signed certificate from them. If the key pair is RSA, SHA1withRSA is used as the signature algorithm. If the key pair is DSA, SHA1withDSA is used. If the key pair is ECDSA, SHA1withECDSA is used.
kp
- The key pairsubject
- The distinguished name for the subject and issuerserialNumber
- The serial number of the certificatenotBefore
- the notBefore date of the certificatenotAfter
- the notAfter date of the certificateslot
- slot numberjava.security.InvalidKeyException
- Returned if the key pair is not RSA, DSA or ECDSAjava.security.cert.CertificateEncodingException
- Returned if there are problems encoding the certificatepublic static LunaCertificateX509 LocateCertByAlias(java.lang.String alias)
alias
- The alias of the certificate to search forpublic static LunaCertificateX509 LocateCertByAlias(java.lang.String alias, int slot)
alias
- The alias of the certificate to search forslot
- The slot to searchpublic static LunaCertificateX509 LocateCertByOUID(byte[] ouid)
ouid
- The OUID of the certificate to search forpublic static LunaCertificateX509 LocateCertByOUID(byte[] ouid, int slot)
ouid
- The OUID of the certificate to search forslot
- The slot to searchpublic static LunaCertificateX509 LocateCertByHandle(int handle)
handle
- The handle of the certificate to retrievepublic static LunaCertificateX509 LocateCertByHandle(int handle, int slot)
handle
- The handle of the certificate to retrieveslot
- The slot the certificate lives onLunaException
- if the handle does not point to a certificate object on the HSMpublic byte[] getEncoded() throws java.security.cert.CertificateEncodingException
getEncoded
in class java.security.cert.Certificate
java.security.cert.CertificateEncodingException
public java.lang.String toString()
toString
in class java.security.cert.Certificate
public void verify(java.security.PublicKey key) throws java.security.cert.CertificateException, java.security.NoSuchAlgorithmException, java.security.InvalidKeyException, java.security.NoSuchProviderException, java.security.SignatureException
verify
in class java.security.cert.Certificate
java.security.cert.CertificateException
java.security.NoSuchAlgorithmException
java.security.InvalidKeyException
java.security.NoSuchProviderException
java.security.SignatureException
public void verify(java.security.PublicKey key, java.lang.String sigProvider) throws java.security.cert.CertificateException, java.security.NoSuchAlgorithmException, java.security.InvalidKeyException, java.security.NoSuchProviderException, java.security.SignatureException
verify
in class java.security.cert.Certificate
java.security.cert.CertificateException
java.security.NoSuchAlgorithmException
java.security.InvalidKeyException
java.security.NoSuchProviderException
java.security.SignatureException
public java.security.PublicKey getPublicKey()
getPublicKey
in class java.security.cert.Certificate
public void checkValidity() throws java.security.cert.CertificateExpiredException, java.security.cert.CertificateNotYetValidException
checkValidity
in class java.security.cert.X509Certificate
java.security.cert.CertificateExpiredException
java.security.cert.CertificateNotYetValidException
public void checkValidity(java.util.Date date) throws java.security.cert.CertificateExpiredException, java.security.cert.CertificateNotYetValidException
checkValidity
in class java.security.cert.X509Certificate
java.security.cert.CertificateExpiredException
java.security.cert.CertificateNotYetValidException
public int getBasicConstraints()
getBasicConstraints
in class java.security.cert.X509Certificate
@Deprecated public java.security.Principal getIssuerDN()
getIssuerX500Principal()
instead.
CANNOT REMOVE THIS : X509Certificate DECLARES IT ABSTRACT, SO MUST IMPLEMENT.getIssuerDN
in class java.security.cert.X509Certificate
public javax.security.auth.x500.X500Principal getIssuerX500Principal()
getIssuerX500Principal
in class java.security.cert.X509Certificate
X509Certificate.getIssuerX500Principal()
public boolean[] getIssuerUniqueID()
getIssuerUniqueID
in class java.security.cert.X509Certificate
public boolean[] getKeyUsage()
getKeyUsage
in class java.security.cert.X509Certificate
public java.util.List<java.lang.String> getExtendedKeyUsage()
getExtendedKeyUsage
in class java.security.cert.X509Certificate
public java.util.Date getNotAfter()
getNotAfter
in class java.security.cert.X509Certificate
public java.util.Date getNotBefore()
getNotBefore
in class java.security.cert.X509Certificate
public java.math.BigInteger getSerialNumber()
getSerialNumber
in class java.security.cert.X509Certificate
public java.lang.String getSigAlgName()
getSigAlgName
in class java.security.cert.X509Certificate
public java.lang.String getSigAlgOID()
getSigAlgOID
in class java.security.cert.X509Certificate
public byte[] getSigAlgParams()
getSigAlgParams
in class java.security.cert.X509Certificate
public byte[] getSignature()
getSignature
in class java.security.cert.X509Certificate
@Deprecated public java.security.Principal getSubjectDN()
getSubjectX500Principal()
instead.
CANNOT REMOVE THIS : X509Certificate DECLARES IT ABSTRACT, SO MUST IMPLEMENT.getSubjectDN
in class java.security.cert.X509Certificate
public javax.security.auth.x500.X500Principal getSubjectX500Principal()
getSubjectX500Principal
in class java.security.cert.X509Certificate
public boolean[] getSubjectUniqueID()
getSubjectUniqueID
in class java.security.cert.X509Certificate
public byte[] getTBSCertificate() throws java.security.cert.CertificateEncodingException
getTBSCertificate
in class java.security.cert.X509Certificate
java.security.cert.CertificateEncodingException
public int getVersion()
getVersion
in class java.security.cert.X509Certificate
public byte[] getExtensionValue(java.lang.String oid)
getExtensionValue
in interface java.security.cert.X509Extension
public java.util.Set<java.lang.String> getNonCriticalExtensionOIDs()
getNonCriticalExtensionOIDs
in interface java.security.cert.X509Extension
public java.util.Set<java.lang.String> getCriticalExtensionOIDs()
getCriticalExtensionOIDs
in interface java.security.cert.X509Extension
public boolean hasUnsupportedCriticalExtension()
hasUnsupportedCriticalExtension
in interface java.security.cert.X509Extension
protected static java.lang.String GetCertChainEntryName(java.lang.String alias, int index)
public int GetCertHandle()
public void MakePersistent(java.lang.String alias)
alias
- The alias to assign to the certificatepublic boolean IsCertPersistent()
public java.util.Date GetDateMadePersistent()
public void DestroyCert()
public byte[] GetFingerprint()
public byte[] GetOUID()
Copyright 2014-2018 SafeNet. All rights reserved.