Contents Previous Next Index

Appendix   C

Reference Documentation for com.sun.midp.ssl


This appendix reproduces the reference documentation for the com.sun.ssl package that is generated by the Javadoc™ tool.

Package

com.sun.midp.ssl

Description

Provides a reference implementation of SSLv3.0 for MIDP. The code is modified version of KSSL ( http://sunlabs.eng/~vgupta/ssl/kssl/index.html) from Sun Labs.

Supports abbreviated SSL handshakes.

Does not support SSL client authentication. This is because purpose of HTTPS for MIDP is to provide the wireless device with end-to-end confidentiality. The authentication must be done at the application level, which is what nearly all consumer applications do.

Only supports the SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, and SSL_RSA_EXPORT_WITH_RC4_40_MD5 cipher suites. All known HTTPS servers support these suites.

Only Supports RSA X.509 certificates, these are the defacto standard. KSSL supports version 1, 2, and 3 X.509 certificates signed using RSA with either SHA-1, MD5 and MD2. For security reasons only version 3 certificates are allowed to be chained. While the key usage extension is supported, the name constraints extension is not.

Related Information

SSL for Java™ 2 Micro-Edition
( http://sunlabs.eng/~vgupta/ssl/kssl/index.html)

A Good Introduction to SSL
( http://docs.iplanet.com/docs/manuals/security/sslin/index.htm)

A Good Introduction to Public Key Cryptography
( http://docs.iplanet.com/docs/manuals/security/pkin/index.htm)

RFC 2246, The TLS Protocol Version 1.0
( http://www.ietf.org/rfc/rfc2246.txt)

SSL Protocol Version 3.0
( http://home.netscape.com/eng/ssl3/draft302.txt)

RFC 2459, Internet X.509 Public Key Infrastructure Certificate and CRL Profile ( http://www.ietf.org/rfc/rfc2459.txt)

RSA’s PKCS (Public Key Cryptography Standards) document set.
( http://www.rsasecurity.com/rsalabs/pkcs/)

Since:

MIDP 2.0

Class Summary
Interfaces
CertStore 
This interface supports storage of certificates (not private keys or symmetric keys).
Key 
Implements an abstract class that represents all keys (both symmetric and asymmetric).
PrivateKey 
The PrivateKey abstract class is the base class for all private keys used in asymmetric algorithms.
PublicKey 
The PublicKey abstract class is the base class for all public keys used in asymmetric algorithms.
RSAPrivateKey 
Specifies the RSA private key interface.
RSAPublicKey 
Specifies the RSA public key interface.
Classes
KeyBuilder 
The KeyBuilder class is used to generate key objects for use in cryptographic operations.
MessageDigest 
Implements an abstract class that generalizes all message digests.
RandomData 
Implements an abstract class that generalizes random number generators.
SecretKey 
Implements the base interface for keys used in symmetric algorithms.
Signature 
Implements an abstract class that generalizes all signature algorithms.
SSLStreamConnection 
The SSLStreamConnection class implements the StreamConnection interface.
X509Certificate 
This class implements methods for creating X.509 certificates and accessing their attributes such as subject/issuer names, public keys and validity information.
Exceptions
CryptoException 
Implements CryptoException which is thrown when a cryptographic method encounters an error.

com.sun.midp.ssl

CertStore

Declaration

public interface CertStore 

Description

This interface supports storage of certificates (not private keys or symmetric keys).

Member Summary
Methods
 X509Certificate[] 
getCertificates(java.lang.String subjectName) 
Returns the certificate(s) corresponding to a subject name string.

Methods

getCertificates(String)

public com.sun.midp.ssl.X509Certificate[] getCertificates(java.lang.String subjectName) 

Returns the certificate(s) corresponding to a subject name string.

Parameters:

subjectName - subject name of the certificate in printable form.

Returns:

corresponding certificates or null (if not found)

com.sun.midp.ssl

CryptoException

Declaration

public class CryptoException extends java.lang.Exception 
  
java.lang.Object 
  | 
  +--java.lang.Throwable 
        | 
        +--java.lang.Exception 
              | 
              +--com.sun.midp.ssl.CryptoException 

All Implemented Interfaces:

java.io.Serializable 

Description

Implements CryptoException which is thrown when a cryptographic method encounters an error.

Member Summary
Fields
static short 
ILLEGAL_ENCODING 
Indicates that encrypted message was illegal encoded.
static short 
ILLEGAL_USE 
Indicates illegal use of a method.
static short 
ILLEGAL_VALUE 
Indicates a method was passed illegal parameter values.
static short 
INVALID_INIT 
Indicates an object has not been properly initialized for the requested operation.
static short 
NO_SUCH_ALGORITHM 
Indicates that a requested algorithm or key type is not supported.
static short 
UNINITIALIZED_KEY 
Indicates that is key object has not been properly initialized.
Constructors
  
CryptoException(short reason) 
Constructs a CryptoException with the specified reason code.
Methods
static void 
throwIt(short reason) 
Throws a CryptoException with the specified reason code.
java.lang.String 
toString() 
Returns a human readable string describing the CryptoException.

Inherited Member Summary
Methods inherited from class Object
equals(Object), getClass(), hashCode(), notify(), notifyAll(), wait(), wait(), wait() 
Methods inherited from class Throwable
fillInStackTrace(), getLocalizedMessage(), getMessage(), printStackTrace(PrintWriter), printStackTrace(PrintWriter), printStackTrace(PrintWriter) 

Fields

ILLEGAL_ENCODING

public static final short ILLEGAL_ENCODING 

Indicates that encrypted message was illegal encoded.

ILLEGAL_USE

public static final short ILLEGAL_USE 

Indicates illegal use of a method.

ILLEGAL_VALUE

public static final short ILLEGAL_VALUE 

Indicates a method was passed illegal parameter values.

INVALID_INIT

public static final short INVALID_INIT 

Indicates an object has not been properly initialized for the requested operation.

NO_SUCH_ALGORITHM

public static final short NO_SUCH_ALGORITHM 

Indicates that a requested algorithm or key type is not supported.

UNINITIALIZED_KEY

public static final short UNINITIALIZED_KEY 

Indicates that is key object has not been properly initialized.

Constructors

CryptoException(short)

public CryptoException(short reason) 

Constructs a CryptoException with the specified reason code.

Parameters:

reason - reason code

Methods

throwIt(short)

public static void throwIt(short reason)throws CryptoException 

Throws a CryptoException with the specified reason code.

Parameters:

reason - reason code

Throws:

CryptoException - with the specified reason code

toString()

public java.lang.String toString() 

Returns a human readable string describing the CryptoException.

Overrides:

toString in class Throwable

Returns:

string representation of the CryptoException

com.sun.midp.ssl

Key

Declaration

public interface Key 

All Known Subinterfaces:

PrivateKey, PublicKey, RSAPrivateKey, RSAPublicKey

All Known Implementing Classes:

SecretKey

Description

Implements an abstract class that represents all keys (both symmetric and asymmetric).

Member Summary
Methods
 void 
clearKey() 
Clears the key and sets it to an uninitialized state.
 short 
getSize() 
Returns the key size in number of bits.
 byte 
getType() 
Returns the key type.
 boolean 
isInitialized() 
Returns true if and only if a key has been initialized.
 java.lang.String 
toString() 
Converts a key object to its human readable string representation.

Methods

clearKey()

public void clearKey() 

Clears the key and sets it to an uninitialized state.

getSize()

public short getSize() 

Returns the key size in number of bits.

Returns:

the key size in number of bits

getType()

public byte getType() 

Returns the key type.

Returns:

the key type

isInitialized()

public boolean isInitialized() 

Returns true if and only if a key has been initialized. A key is not initialized until all associated set methods have been called at least once since the last time the key was in an uninitialized state.

Returns:

true if the key has been initialized, false otherwise

toString()

public java.lang.String toString() 

Converts a key object to its human readable string representation.

Overrides:

toString in class Object

Returns:

a human readable string representation of the key

com.sun.midp.ssl

KeyBuilder

Declaration

public class KeyBuilder 
  
java.lang.Object 
  | 
  +--com.sun.midp.ssl.KeyBuilder 

Description

The KeyBuilder class is used to generate key objects for use in cryptographic operations. It is a key object factory. This version of the implementation only supports symmetric keys and RSA keys with modulus lengths up to and including 1024-bits. DSA keys are not supported.

See Also:

Key

Member Summary
Fields
static byte 
TYPE_ARCFOUR 
Indicates an ARCfour key type.
static byte 
TYPE_RSA_PRIVATE 
Indicates an RSA private key type.
static byte 
TYPE_RSA_PUBLIC 
Indicates an RSA public key type.
Constructors
  
KeyBuilder() 
Methods
static Key 
buildKey(byte kType, short kLen, boolean kEnc) 
Creates cryptographic keys of the specified type and length.

Inherited Member Summary
Methods inherited from class Object
equals(Object), getClass(), hashCode(), notify(), notifyAll(), toString(), wait(), wait(), wait() 

Fields

TYPE_ARCFOUR

public static final byte TYPE_ARCFOUR 

Indicates an ARCfour key type.

TYPE_RSA_PRIVATE

public static final byte TYPE_RSA_PRIVATE 

Indicates an RSA private key type.

TYPE_RSA_PUBLIC

public static final byte TYPE_RSA_PUBLIC 

Indicates an RSA public key type.

Constructors

KeyBuilder()

public KeyBuilder() 

Methods

buildKey(byte, short, boolean)

public static com.sun.midp.ssl.Key buildKey(byte kType, short kLen, boolean kEnc) throws CryptoException 

Creates cryptographic keys of the specified type and length. For now, the third argument is ignored —- it is included here only for compatibility with the javacard.security.KeyBuilder class. Note that the object returned by this method must be cast to their appropriate key type interface.

Parameters:

kType - type of key to be generated

kLen - the desired size of the key in bits

kEnc - this parameter is ignored

Returns:

a key with the specified attributes

Throws:

CryptoException - with the NO_SUCH_ALGORITHM reason code if the requested key type is not supported.

com.sun.midp.ssl

MessageDigest

Declaration

public abstract class MessageDigest 
  
java.lang.Object 
  | 
  +--com.sun.midp.ssl.MessageDigest 

Description

Implements an abstract class that generalizes all message digests. It is modelled after javacard.security.MessageDigest. This version of the implementation only supports ALG_MD5 (which produces a 16-byte hash as described in RFC 2313) and ALG_SHA (which produces a 20-byte hash using NIST’s SHA1 algorithm). MD2, a predecessor to MD5, is not supported.

Member Summary
Fields
static byte 
ALG_MD2 
Indicates the MD2 message digest algorithm.
static byte 
ALG_MD5 
Indicates the MD5 message digest algorithm.
static byte 
ALG_SHA 
Indicates the SHA message digest algorithm.
Methods
abstract java.lang.Object 
clone() 
Clones the MessageDigest object.
abstract short 
doFinal(byte[] inBuf, int inOff, int inLen, byte[] outBuf, int outOff) 
Generates a hash of all/last input data.
abstract byte 
getAlgorithm() 
Gets the message digest algorithm.
static MessageDigest 
getInstance(byte alg, boolean ext) 
Creates a MessageDigest object instance of the specified algorithm.
abstract byte 
getLength() 
Gets the length (in bytes) of the hash.
abstract void 
reset() 
Resets the MessageDigest to the initial state for further use.
abstract void 
update(byte[] inBuf, int inOff, int inLen) 
Accumulates a hash of the input data.

Inherited Member Summary
Methods inherited from class Object
equals(Object), getClass(), hashCode(), notify(), notifyAll(), toString(), wait(), wait(), wait() 

Fields

ALG_MD2

public static final byte ALG_MD2 

Indicates the MD2 message digest algorithm.

ALG_MD5

public static final byte ALG_MD5 

Indicates the MD5 message digest algorithm.

ALG_SHA

public static final byte ALG_SHA 

Indicates the SHA message digest algorithm.

Methods

clone()

public abstract java.lang.Object clone() 

Clones the MessageDigest object.

Returns:

a clone of this object

doFinal(byte[], int, int, byte[], int)

public abstract short doFinal(byte[] inBuf, int inOff, int inLen, byte[] outBuf, int outOff) 

Generates a hash of all/last input data. Completes and returns the hash computation after performing final operations such as padding. The MessageDigest object is reset after this call.

Parameters:

inBuf - input buffer of data to be hashed

inOff - offset within inBuf where input data begins

inLen - length (in bytes) of data to be hashed

outBuf - output buffer where the hash should be placed

outOff - offset within outBuf where the resulting hash begins

Returns:

number of bytes of hash left in outBuf

getAlgorithm()

public abstract byte getAlgorithm() 

Gets the message digest algorithm.

Returns:

algorithm implemented by this MessageDigest object

getInstance(byte, boolean)

public static com.sun.midp.ssl.MessageDigest getInstance(byte alg, boolean ext)throws CryptoException 

Creates a MessageDigest object instance of the specified algorithm. The second parameter is ignored for now —- it is here only for compatibility with the javacard.security.MessageDigest class.

Parameters:

alg - the desired message digest algorithm, e.g. ALG_MD5

ext - ignored

Returns:

a MessageDigest object instance of the requested algorithm

Throws:

CryptoException - with NO_SUCH_ALGORITHM reason code if the requested algorithm is not supported.

getLength()

public abstract byte getLength() 

Gets the length (in bytes) of the hash.

Returns:

byte-length of the hash produced by this object

reset()

public abstract void reset() 

Resets the MessageDigest to the initial state for further use.

update(byte[], int, int)

public abstract void update(byte[] inBuf, int inOff, int inLen) 

Accumulates a hash of the input data. This method is useful when the input data to be hashed is not available in one byte array.

Parameters:

inBuf - input buffer of data to be hashed

inOff - offset within inBuf where input data begins

inLen - length (in bytes) of data to be hashed

See Also:

doFinal(byte[], int, int, byte[], int)

com.sun.midp.ssl

PrivateKey

Declaration

public interface PrivateKey extends Key 

All Superinterfaces:

Key

All Known Subinterfaces:

RSAPrivateKey

Description

The PrivateKey abstract class is the base class for all private keys used in asymmetric algorithms.

Inherited Member Summary
Methods inherited from interface Key
clearKey(), 
getSize(),
getType(),
isInitialized(),
toString() 

com.sun.midp.ssl

PublicKey

Declaration

public interface PublicKey extends Key 

All Superinterfaces:

Key

All Known Subinterfaces:

RSAPublicKey

Description

The PublicKey abstract class is the base class for all public keys used in asymmetric algorithms.

Inherited Member Summary
Methods inherited from interface Key
clearKey(), getSize(), getType(), isInitialized(), toString() 

com.sun.midp.ssl

RandomData

Declaration

public abstract class RandomData 
  
java.lang.Object 
  | 
  +--com.sun.midp.ssl.RandomData 

Description

Implements an abstract class that generalizes random number generators.

Member Summary
Fields
static byte 
ALG_PSEUDO_RANDOM 
Identifies a utility pseudo random number generation algorithm.
static byte 
ALG_SECURE_RANDOM 
Identifies a cryptographically secure random number generation algorithm.
Methods
abstract void 
generateData(byte[] buf, short off, short len) 
Generates random data.
static RandomData 
getInstance(byte alg) 
Creates a RandomData instance of the selected algorithm.
abstract void 
setSeed(byte[] buf, short off, short len) 
Seeds the random number generator.

Inherited Member Summary
Methods inherited from class Object
equals(Object), getClass(), hashCode(), notify(), notifyAll(), toString(), wait(), wait(), wait() 

Fields

ALG_PSEUDO_RANDOM

public static final byte ALG_PSEUDO_RANDOM 

Identifies a utility pseudo random number generation algorithm.

ALG_SECURE_RANDOM

public static final byte ALG_SECURE_RANDOM 

Identifies a cryptographically secure random number generation algorithm.

Methods

generateData(byte[], short, short)

public abstract void generateData(byte[] buf, short off, short len) 

Generates random data.

Parameters:

buf - output buffer in which the random data is to be placed

off - starting offset within buf for the random data

len - number of bytes of random data to be placed in buf

getInstance(byte)

public static com.sun.midp.ssl.RandomData getInstance(byte alg)throws CryptoException 

Creates a RandomData instance of the selected algorithm.

Parameters:

alg - the desired random number generation algorithm, e.g. ALG_PSEUDO_RANDOM

Returns:

a RandomData instance implementing the selected algorithm.

Throws:

CryptoException - with reason code set to NO_SUCH_ALGORITHM if an unsupported algorithm is requested.

WARNING: Requests for a secure random number generator are currently redirected to a class that implements a weakly unpredictable source of random data. Licensees of this reference implementation are strongly urged to link requests for ALG_SECURE_RANDOM to better generators that may be available on their specific platforms.

setSeed(byte[], short, short)

public abstract void setSeed(byte[] buf, short off, short len) 

Seeds the random number generator.

Parameters:

buf - input buffer containing the seed

off - offset within buf where the seed starts

len - number of bytes of seed data in buf

com.sun.midp.ssl

RSAPrivateKey

Declaration

public interface RSAPrivateKey extends PrivateKey 

All Superinterfaces:

Key, PrivateKey

Description

Specifies the RSA private key interface. An RSA key is not ready for us until both the modulus and exponent have been set.

Member Summary
Methods
 boolean 
equals(RSAPrivateKey k) 
Checks if this RSAPrivateKey has the same exponent and modulus as the specified key.
 short 
getExponent(byte[] buf, short offset) 
Returns the private exponent value of the key in the specified buffer.
 short 
getModulus(byte[] buf, short offset) 
Returns the modulus value of the key in the specified buffer.
 void 
setExponent(byte[] buf, short offset, short len) 
Sets the private exponent value of the key.
 void 
setModulus(byte[] buf, short offset, short len) 
Sets the modulus value of the key.

Inherited Member Summary
Methods inherited from interface Key
clearKey(), getSize(), getType(), isInitialized(), toString() 

Methods

equals(RSAPrivateKey)

public boolean equals(com.sun.midp.ssl.RSAPrivateKey k) 

Checks if this RSAPrivateKey has the same exponent and modulus as the specified key.

Parameters:

k - an RSAPrivateKey against which this key is to be compared

Returns:

true if the two keys have the same exponent and modulus, false otherwise

getExponent(byte[], short)

public short getExponent(byte[] buf, short offset) 

Returns the private exponent value of the key in the specified buffer. The data format is big-endian and right-aligned (the least significant bit is the least significant bit of the last byte).

Parameters:

buf - the output buffer where the exponent is placed

offset - offset within buf where the exponent starts

Returns:

byte length of the exponent copied into buf

See Also:

setExponent(byte[], short, short)

getModulus(byte[], short)

public short getModulus(byte[] buf, short offset) 

Returns the modulus value of the key in the specified buffer. The data format is big-endian and right-aligned (the least significant bit is the least significant bit of the last byte).

Parameters:

buf - the output buffer where the modulus is placed

offset - offset within buf where the modulus starts

Returns:

byte length of the modulus copied into buf

See Also:

setModulus(byte[], short, short)

setExponent(byte[], short, short)

public void setExponent(byte[] buf, short offset, short len)throws CryptoException 

Sets the private exponent value of the key. The data format is big-endian and right-aligned (the least significant bit is the least significant bit of the last byte).

Parameters:

buf - the input buffer containing the exponent

offset - offset within buf where the exponent starts

len - exponent length in bytes

Throws:

CryptoException - with reason code set to ILLEGAL_VALUE if the specified exponent data is inconsistent with the key size.

See Also:

getExponent(byte[], short)

setModulus(byte[], short, short)

public void setModulus(byte[] buf, short offset, short len)throws CryptoException 

Sets the modulus value of the key. The data format is big-endian and right-aligned (the least significant bit is the least significant bit of the last byte).

Parameters:

buf - the input buffer containing the modulus

offset - offset within buf where the modulus starts

len - modulus length in bytes

Throws:

CryptoException - with reason code set to ILLEGAL_VALUE if the specified modulus data is inconsistent with the key size.

See Also:

getModulus(byte[], short)

com.sun.midp.ssl

RSAPublicKey

Declaration

public interface RSAPublicKey extends PublicKey 

All Superinterfaces:

Key, PublicKey

Description

Specifies the RSA public key interface. An RSA key is not ready for us until both the modulus and exponent have been set.

Member Summary
Methods
 boolean 
equals(RSAPublicKey k) 
Checks if this RSAPublicKey has the same exponent and modulus as the specified key.
 short 
getExponent(byte[] buf, short offset) 
Returns the public exponent value of the key in the specified buffer.
 short 
getModulus(byte[] buf, short offset) 
Returns the modulus value of the key in the specified buffer.
 void 
setExponent(byte[] buf, short offset, short len) 
Sets the public exponent value of the key.
 void 
setModulus(byte[] buf, short offset, short len) 
Sets the modulus value of the key.

Inherited Member Summary
Methods inherited from interface Key
clearKey(), getSize(), getType(), isInitialized(), toString() 

Methods

equals(RSAPublicKey)

public boolean equals(com.sun.midp.ssl.RSAPublicKey k) 

Checks if this RSAPublicKey has the same exponent and modulus as the specified key.

Parameters:

k - an RSAPublicKey against which this key is to be compared

Returns:

true if the two keys have the same exponent and modulus, false otherwise

getExponent(byte[], short)

public short getExponent(byte[] buf, short offset) 

Returns the public exponent value of the key in the specified buffer. The data format is big-endian and right-aligned (the least significant bit is the least significant bit of the last byte).

Parameters:

buf - the output buffer where the exponent is placed

offset - offset within buf where the exponent starts

Returns:

byte length of the exponent copied into buf

See Also:

setExponent(byte[], short, short)

getModulus(byte[], short)

public short getModulus(byte[] buf, short offset) 

Returns the modulus value of the key in the specified buffer. The data format is big-endian and right-aligned (the least significant bit is the least significant bit of the last byte).

Parameters:

buf - the output buffer where the modulus is placed

offset - offset within buf where the modulus starts

Returns:

byte length of the modulus copied into buf

See Also:

setModulus(byte[], short, short)

setExponent(byte[], short, short)

public void setExponent(byte[] buf, short offset, short len)throws CryptoException 

Sets the public exponent value of the key. The data format is big-endian and right-aligned (the least significant bit is the least significant bit of the last byte).

Parameters:

buf - the input buffer containing the exponent

offset - offset within buf where the exponent starts

len - exponent length in bytes

Throws:

CryptoException - with reason code set to ILLEGAL_VALUE if the specified exponent data is inconsistent with the key size.

See Also:

getExponent(byte[], short)

setModulus(byte[], short, short)

public void setModulus(byte[] buf, short offset, short len)throws CryptoException 

Sets the modulus value of the key. The data format is big-endian and right-aligned (the least significant bit is the least significant bit of the last byte).

Parameters:

buf - the input buffer containing the modulus

offset - offset within buf where the modulus starts

len - modulus length in bytes

Throws:

CryptoException - with reason code set to ILLEGAL_VALUE if the specified modulus data is inconsistent with the key size.

See Also:

getModulus(byte[], short)

com.sun.midp.ssl

SecretKey

Declaration

public final class SecretKey implements Key 
  
java.lang.Object 
  | 
  +--com.sun.midp.ssl.SecretKey 

All Implemented Interfaces:

Key

Description

Implements the base interface for keys used in symmetric algorithms.

Member Summary
Methods
 void 
clearKey() 
Clears the key and sets it to uninitialized state.
 byte 
getKey(byte[] buf, short off) 
Gets the key data.
 short 
getSize() 
Gets the key size in bits.
 byte 
getType() 
Gets the key type.
 boolean 
isInitialized() 
Checks if the key is initialized.
 void 
setKey(byte[] buf, short off) 
Sets the key data.
 java.lang.String 
toString() 
Converts the key to its corresponding human readable string representation.

Inherited Member Summary
Methods inherited from class Object
equals(Object), getClass(), hashCode(), notify(), notifyAll(), wait(), wait(), wait() 

Methods

clearKey()

public void clearKey() 

Clears the key and sets it to uninitialized state.

Specified By:

clearKey in interface Key

getKey(byte[], short)

public byte getKey(byte[] buf, short off) 

Gets the key data. The data format is big-endian and right-aligned (the least significant bit is the least significant bit of last byte).

Parameters:

buf - the output buffer in which key data is to be placed

off - starting offset within buf for the key data.

Returns:

number of bytes of key data placed in buf.

See Also:

setKey(byte[], short)

getSize()

public short getSize() 

Gets the key size in bits.

Specified By:

getSize in interface Key

Returns:

the key size in bits

getType()

public byte getType() 

Gets the key type.

Specified By:

getType in interface Key

Returns:

the key type

isInitialized()

public boolean isInitialized() 

Checks if the key is initialized.

Specified By:

isInitialized in interface Key

Returns:

true if the key has been initialized, false otherwise

setKey(byte[], short)

public void setKey(byte[] buf, short off)throws CryptoException 

Sets the key data. The data format is big-endian and right-aligned (the least significant bit is the least significant bit of last byte).

Parameters:

buf - the input buffer containing key data

off - starting offset within buf for the key data.

Throws:

CryptoException - with reason code set to ILLEGAL_VALUE if the specified secret data is inconsistent with the key size.

See Also:

getKey(byte[], short)

toString()

public java.lang.String toString() 

Converts the key to its corresponding human readable string representation.

Specified By:

toString in interface Key

Overrides:

toString in class Object

Returns:

a string representation of the secret key

com.sun.midp.ssl

Signature

Declaration

public abstract class Signature 
  
java.lang.Object 
  | 
  +--com.sun.midp.ssl.Signature 

Description

Implements an abstract class that generalizes all signature algorithms. This version of the implementation only supports ALG_RSA_MD5_PKCS1 and ALG_RSA_SHA_PKCS1.

Member Summary
Fields
static byte 
ALG_RSA_MD5_PKCS1 
Signature algorithm ALG_RSA_MD5_PKCS1 encrypts the 16-byte MD5 digest using RSA.
static byte 
ALG_RSA_SHA_PKCS1 
Signature algorithm ALG_RSA_SHA_PKCS1 encrypts the 20-byte SHA digest using RSA.
static byte 
MODE_SIGN 
Used in init() methods to indicate signature sign mode.
static byte 
MODE_VERIFY 
Used in init() methods to indicate signature verify mode.
Methods
abstract byte 
getAlgorithm() 
Gets the signature algorithm.
static Signature 
getInstance(byte alg, boolean ext) 
Creates a Signature object instance of the selected algorithm.
abstract short 
getLength() 
Gets the byte length of the signature data.
abstract void 
init(Key theKey, byte theMode) 
Initializes the Signature object with the appropriate Key for signature creation or verification.
abstract void 
init(Key theKey, byte theMode, byte[] b, int off, int len) 
Initializes the Signature object with the appropriate Key and algorithm specific parameters for signature creation or verification.
abstract short 
sign(byte[] inBuf, int inOff, int inLen, byte[] sigBuf, int sigOff) 
Generates the signature of all/last input data.
abstract void 
update(byte[] inBuf, int inOff, int inLen) 
Accumulates a signature of the input data.
abstract boolean 
verify(byte[] inBuf, int inOff, int inLen, byte[] sigBuf, int sigOff, short sigLen) 
Verifies the signature of all/last input data against the passed in signature.

Inherited Member Summary
Methods inherited from class Object
equals(Object), getClass(), hashCode(), notify(), notifyAll(), toString(), wait(), wait(), wait() 

Fields

ALG_RSA_MD5_PKCS1

public static final byte ALG_RSA_MD5_PKCS1 

Signature algorithm ALG_RSA_MD5_PKCS1 encrypts the 16-byte MD5 digest using RSA. The digest is padded according to the PKCS#1 (v1.5) scheme.

ALG_RSA_SHA_PKCS1

public static final byte ALG_RSA_SHA_PKCS1 

Signature algorithm ALG_RSA_SHA_PKCS1 encrypts the 20-byte SHA digest using RSA. The digest is padded according to the PKCS#1 (v1.5) scheme.

MODE_SIGN

public static final byte MODE_SIGN 

Used in init() methods to indicate signature sign mode.

MODE_VERIFY

public static final byte MODE_VERIFY 

Used in init() methods to indicate signature verify mode.

Methods

getAlgorithm()

public abstract byte getAlgorithm() 

Gets the signature algorithm.

Returns:

the algorithm code defined above

getInstance(byte, boolean)

public static com.sun.midp.ssl.Signature getInstance(byte alg, boolean ext)throws CryptoException 

Creates a Signature object instance of the selected algorithm.

Parameters:

alg - desired signature algorithm

ext - this parameter is here only for compatibility with javacard.security.Signature, it is ignored

Returns:

a Signature object instance of the requested algorithm

Throws:

CryptoException - with reason code NO_SUCH_ALGORITHM if the requested algorithm is not supported

getLength()

public abstract short getLength() 

Gets the byte length of the signature data.

Returns:

the byte length of signature data

init(Key, byte)

public abstract void init(com.sun.midp.ssl.Key theKey, byte theMode)throws CryptoException 

Initializes the Signature object with the appropriate Key for signature creation or verification.

Parameters:

theKey - the key object to use for signing or verification

theMode - one of MODE_SIGN or MODE_VERIFY

Throws:

CryptoException - with reason code ILLEGAL_VALUE if an invalid mode is specified or if the key type is inconsistent with the mode or signature implementation.

init(Key, byte, byte[], int, int)

public abstract void init(com.sun.midp.ssl.Key theKey, byte theMode, byte[] b, int off, int len)throws CryptoException 

Initializes the Signature object with the appropriate Key and algorithm specific parameters for signature creation or verification.

Parameters:

theKey - the key object to use for signing or verification

theMode - one of MODE_SIGN or MODE_VERIFY

b - byte array containing algorithm specific parameters

off - starting offset of parameter data within the byte array

len - byte length of parameter data

Throws:

CryptoException - with reason code ILLEGAL_VALUE if an invalid mode is specified or if the key type is inconsistent with the mode or signature implementation or if this initialization mode is not supported by the signature algorithm

sign(byte[], int, int, byte[], int)

public abstract short sign(byte[] inBuf, int inOff, int inLen, byte[] sigBuf, int sigOff)throws CryptoException 

Generates the signature of all/last input data. A call to this method also resets this signature object to the state it was in when previously initialized via a call to init(). That is, the object is reset and available to sign another message.

Parameters:

inBuf - the input buffer of data to be signed

inOff - starting offset within the input buffer for data to be signed

inLen - the byte length of data to be signed

sigBuf - the output buffer to store signature data

sigOff - starting offset within the output buffer at which to begin signature data

Returns:

number of bytes of signature output in sigBuf

Throws:

CryptoException - with the following reason codes: (i) UNINITIALIZED_KEY if key is not initialized, (ii) INVALID_INIT if signature object wasn not properly initialized, for signing (iii) ILLEGAL_USE if the signature algorithm does not pad the message and the message is not block aligned

update(byte[], int, int)

public abstract void update(byte[] inBuf, int inOff, int inLen)throws CryptoException 

Accumulates a signature of the input data. When this method is used, temporary storage of intermediate results is required. This method should only be used if all the input data required for the signature is not available in one byte array. The sign() or verify() method is recommended whenever possible.

Parameters:

inBuf - the input buffer of data to be signed

inOff - starting offset within the input buffer for data to be signed

inLen - the byte length of data to be signed

Throws:

CryptoException - with UNINITIALIZED_KEY or INVALID_INIT if the signature object is not properly initialized

See Also:

sign(byte[], int, int, byte[], int), verify(byte[], int, int, byte[], int, short)

verify(byte[], int, int, byte[], int, short)

public abstract boolean verify(byte[] inBuf, int inOff, int inLen, byte[] sigBuf, int sigOff, short sigLen)throws CryptoException 

Verifies the signature of all/last input data against the passed in signature. A call to this method also resets this signature object to the state it was in when previously initialized via a call to init(). That is, the object is reset and available to verify another message.

Parameters:

inBuf - the input buffer of data to be verified

inOff - starting offset within the input buffer for data to be verified

inLen - the byte length of data to be verified

sigBuf - the input buffer containing signature data

sigOff - starting offset within the sigBuf where signature data begins

sigLen - byte length of signature data

Returns:

true if signature verifies, false otherwise

Throws:

CryptoException - with the following reason codes: (i) UNINITIALIZED_KEY if key is not initialized, (ii) INVALID_INIT if signature object wasn not properly initialized, for verification (iii) ILLEGAL_USE if the signature algorithm does not pad the message and the message is not block aligned

com.sun.midp.ssl

SSLStreamConnection

Declaration

public class SSLStreamConnection implements javax.microedition.io.StreamConnection 
  
java.lang.Object 
  | 
  +--com.sun.midp.ssl.SSLStreamConnection 

All Implemented Interfaces:

javax.microedition.io.Connection, javax.microedition.io.InputConnection, javax.microedition.io.OutputConnection, javax.microedition.io.StreamConnection

Description

The SSLStreamConnection class implements the StreamConnection interface. Data exchanged through a SSLStreamConnection is automatically protected by SSL. Currently, only SSL version 3.0 is supported and the list of cipher suites proposed by the client is hard coded to {SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_EXPORT_WITH_RC4_40_MD5}. This version of the implementation does not support client authentication at the SSL layer —- a feature that is rarely used. Typical usage of this class by an application would be along the following lines:

      // create a TCP connection 
      StreamConnection t =  
          Connector.open(“socket://www.server.com:443”); 
      // Create an SSL connection 
      SSLStreamConnection s =  
          new SSLStreamConnection(“www.server.com”, 443, 
                 t.openInputStream(), t.openOutputStream()); 
      t.close(); 
  
      // obtain the associated input/output streams 
      OutputStream sout = s.openOutputStream(); 
      InputStream sin = s.openInputStream(); 
      ... 
      // send SSL-protected data by writing to sout and 
      // receive SSL-protected by reading from sin 
      ... 
      sin.close(); 
      sout.close(); 
      s.close();   // close the SSL connection when done 

Member Summary
Constructors
  
SSLStreamConnection(java.lang.String host, int port, java.io.InputStream in, java.io.OutputStream out) 
Establish and SSL session over a reliable stream.
Methods
 void 
close() 
Closes the SSL connection.
 javax.microedition.io.SecurityInfo 
getSecurityInfo() 
Returns the security information associated with this connection.
 X509Certificate 
getServerCertificate() 
Returns the server certificate associated with this connection.
static CertStore 
getTrustedCertStore() 
Gets the certificate store containing trusted root certificates used to verify SSL server certificate chains.
static void 
lockTrustedCertStore() 
Locks the current trusted certificate store so it cannot be changed.
 java.io.DataInputStream 
openDataInputStream() 
Returns the DataInputStream associated with this SSLStreamConnection.
 java.io.DataOutputStream 
openDataOutputStream() 
Returns the DataOutputStream associated with this SSLStreamConnection.
 java.io.InputStream 
openInputStream() 
Returns the InputStream associated with this SSLStreamConnection.
 java.io.OutputStream 
openOutputStream() 
Returns the OutputStream associated with this SSLStreamConnection.
static void 
setTrustedCertStore(CertStore cs) 
Sets the trusted certificate store which contains root certificates used to verify certificate chains sent by an SSL server.

Inherited Member Summary
Methods inherited from class Object
equals(Object), getClass(), hashCode(), notify(), notifyAll(), toString(), wait(), wait(), wait() 

Constructors

SSLStreamConnection(String, int, InputStream, OutputStream)

public SSLStreamConnection(java.lang.String host, int port, java.io.InputStream in, java.io.OutputStream out)throws IOException 

Establish and SSL session over a reliable stream. This connection will forward the input and output stream close methods to the given connection. If the caller wants to have the given connection closed with this connection, the caller can close given connection after constructing this connection, but leaving the closing of the streams to this connection.

Parameters:

host - hostname of the SSL server

port - port number of the SSL server

in - InputStream associated with the StreamConnection

out - OutputStream associated with the StreamConnection

Throws:

java.io.IOException - if there is a problem initializing the SSL data structures or the SSL handshake fails

Methods

close()

public void close()throws IOException 

Closes the SSL connection. The underlying TCP socket, over which SSL is layered, is also closed unless the latter was opened by an external application and its input/output streams were passed as argument to the SSLStreamConnection constructor.

Specified By:

close in interface Connection

Throws:

java.io.IOException - if the SSL connection could not be terminated cleanly

getSecurityInfo()

public javax.microedition.io.SecurityInfo getSecurityInfo()throws IOException 

Returns the security information associated with this connection.

Returns:

the security information associated with this open connection

Throws:

java.io.IOException - if the connection is closed

getServerCertificate()

public com.sun.midp.ssl.X509Certificate getServerCertificate() 

Returns the server certificate associated with this connection.

Returns:

the server certificate associated with this connection

getTrustedCertStore()

public static com.sun.midp.ssl.CertStore getTrustedCertStore() 

Gets the certificate store containing trusted root certificates used to verify SSL server certificate chains.

Returns:

certificate store containing trusted certificates

See Also:

setTrustedCertStore(CertStore)

lockTrustedCertStore()

public static void lockTrustedCertStore() 

Locks the current trusted certificate store so it cannot be changed. This method does nothing if the trusted certificate store is null.

openDataInputStream()

public java.io.DataInputStream openDataInputStream()throws IOException 

Returns the DataInputStream associated with this SSLStreamConnection.

Specified By:

openDataInputStream in interface InputConnection

Returns:

a DataInputStream object

Throws:

java.io.IOException - if the connection is not open or the stream was already open

openDataOutputStream()

public java.io.DataOutputStream openDataOutputStream()throws IOException 

Returns the DataOutputStream associated with this SSLStreamConnection.

Specified By:

openDataOutputStream in interface OutputConnection

Returns:

a DataOutputStream object

Throws:

java.io.IOException - if the connection is not open or the stream was already open

openInputStream()

public java.io.InputStream openInputStream()throws IOException 

Returns the InputStream associated with this SSLStreamConnection.

Specified By:

openInputStream in interface InputConnection

Returns:

InputStream object from which SSL protected bytes can be read

Throws:

java.io.IOException - if the connection is not open or the stream was already open

openOutputStream()

public java.io.OutputStream openOutputStream()throws IOException 

Returns the OutputStream associated with this SSLStreamConnection.

Specified By:

openOutputStream in interface OutputConnection

Returns:

OutputStream object such that bytes written to this stream are sent over an SSL secured channel

Throws:

java.io.IOException - if the connection is not open or the stream was already open

setTrustedCertStore(CertStore)

public static void setTrustedCertStore(com.sun.midp.ssl.CertStore cs) 

Sets the trusted certificate store which contains root certificates used to verify certificate chains sent by an SSL server. This method does nothing if the certificate store is already locked.

Parameters:

cs - trusted certificate store to be used

See Also:

lockTrustedCertStore(), getTrustedCertStore()

com.sun.midp.ssl

X509Certificate

Declaration

public class X509Certificate implements javax.microedition.pki.Certificate 
  
java.lang.Object 
  | 
  +--com.sun.midp.ssl.X509Certificate 

All Implemented Interfaces:

javax.microedition.pki.Certificate

Description

This class implements methods for creating X.509 certificates and accessing their attributes such as subject/issuer names, public keys and validity information. Publicly visible methods are modeled after those in the X509Certificate classes from J2SE™ (Java 2 Platform, Standard Edition) but there are some differences and these are documented below.

NOTE: For now, only X.509 certificates containing RSA public keys and signed either using md5WithRSA or sha-1WithRSA are supported. This version of the implementation is unable to parse certificates containing DSA keys or signed using DSA. Certificates containing RSA keys but signed using an unsupported algorithm (e.g. RSA_MD2) can be parsed but cannot be verified. Not all version 3 extensions are supported (only subjectAltName, basicConstraints, keyUsage and extendedKeyUsage are recognized) but if an unrecognized extension is marked critical, an error notification is generated.

Member Summary
Fields
static int 
CERT_SIGN_KEY_USAGE 
Bit mask for key certificate sign key usage.
static int 
CLIENT_AUTH_EXT_KEY_USAGE 
Bit mask client auth for extended key usage.
static int 
CODE_SIGN_EXT_KEY_USAGE 
Bit code signing mask for extended key usage.
static int 
CRL_SIGN_KEY_USAGE 
Bit mask for CRL sign key usage.
static int 
DATA_ENCIPHER_KEY_USAGE 
Bit mask for data encipherment key usage.
static int 
DECIPHER_ONLY_KEY_USAGE 
Bit mask for decipher only key usage.
static int 
DIGITAL_SIG_KEY_USAGE 
Bit mask for digital signature key usage.
static int 
EMAIL_EXT_KEY_USAGE 
Bit email protection mask for extended key usage.
static int 
ENCIPHER_ONLY_KEY_USAGE 
Bit mask for encipher only key usage.
static int 
IPSEC_END_SYS_EXT_KEY_USAGE 
Bit IPSEC end system mask for extended key usage.
static int 
IPSEC_TUNNEL_EXT_KEY_USAGE 
Bit IPSEC tunnel mask for extended key usage.
static int 
IPSEC_USER_EXT_KEY_USAGE 
Bit IPSEC user mask for extended key usage.
static int 
KEY_AGREEMENT_KEY_USAGE 
Bit mask for key agreement key usage.
static int 
KEY_ENCIPHER_KEY_USAGE 
Bit mask for key encipherment key usage.
static int 
MISSING_PATH_LENGTH_CONSTRAINT 
Indicates that no information is available on the pathLengthConstraint associated with this certificate (this could happen if the certifiate is a v1 or v2 cert or a v3 cert without basicConstraints or a non-CA v3 certificate).
static byte 
NO_ERROR 
Indicates a no error condition.
static int 
NON_REPUDIATION_KEY_USAGE 
Bit mask for non repudiation key usage.
static int 
SERVER_AUTH_EXT_KEY_USAGE 
Bit mask server auth for extended key usage.
static int 
TIME_STAMP_EXT_KEY_USAGE 
Bit time stamping mask for extended key usage.
static byte 
TYPE_DNS_NAME 
DNS name alternative name type code.
static byte 
TYPE_EMAIL_ADDRESS 
Email address (rfc 822) alternative name type code.
static byte 
TYPE_URI 
URI alternative name type code.
static int 
UNLIMITED_CERT_CHAIN_LENGTH 
Indicates there is no limit to the server certificate chain length.
Constructors
  
X509Certificate(byte ver, byte[] rawSerialNumber, java.lang.String sub, java.lang.String iss, long notBefore, long notAfter, byte[] mod, byte[] exp, byte[] chash, int pLen) 
Creates an X.509 certificate with the specified attributes.
Methods
 void 
checkExtensions() 
Checks if a certificate has any (version 3) extensions that were not properly processed and continued use of this certificate may be inconsistent with the issuer’s intent.
 void 
checkValidity() 
Checks if the certificate is currently valid.
 void 
checkValidity(long time) 
Checks if the certificate is valid on the specified time.
static X509Certificate 
generateCertificate(byte[] buf, int off, int len) 
Creates a certificate by parsing the ASN.1 DER X.509 certificate encoding in the specified buffer.
NOTE: In the standard edition, equivalent functionality is provided by CertificateFactory.generateCertificate(InputStream).
 int 
getBasicConstraints() 
Gets the certificate constraints path length from the BasicConstraints extension.
 int 
getExtKeyUsage() 
Gets a 32-bit bit vector (in the form of an integer) in which each position represents a purpose for which the public key in the certificate may be used (iff that bit is set).
 byte[] 
getFingerprint() 
Gets the MD5 fingerprint of this certificate.
NOTE: this implementation returns a byte array filled with zeros if there is no fingerprint associated with this certificate.
 java.lang.String 
getIssuer() 
Gets the name of this certificate’s issuer.
 int 
getKeyUsage() 
Gets a 32-bit bit vector (in the form of an integer) in which each position represents a purpose for which the public key in the certificate may be used (iff that bit is set).
 long 
getNotAfter() 
Gets the NotAfter date from the certificate’s validity period.
 long 
getNotBefore() 
Gets the NotBefore date from the certificate’s validity period.
 PublicKey 
getPublicKey() 
Gets the public key from this certificate.
 java.lang.String 
getSerialNumber() 
Gets the printable form of the serial number of this Certificate.
 java.lang.String 
getSigAlgName() 
Gets the name of the algorithm used to sign the certificate.
 java.lang.String 
getSubject() 
Gets the name of this certificate’s subject.
 java.lang.Object 
getSubjectAltName() 
Gets the subject alternative name or null if it was not in the certificate.
 int 
getSubjectAltNameType() 
Gets the type of subject alternative name.
 java.lang.String 
getType() 
Get the type of the Certificate.
 java.lang.String 
getVersion() 
Gets the raw X.509 version number of this certificate.
 java.lang.String 
toString() 
Returns a string representation of this certificate.
 void 
verify(PublicKey pk) 
Checks if this certificate was signed using the private key corresponding to the specified public key.
static X509Certificate 
verifyChain(java.util.Vector certs, int keyUsage, int extKeyUsage, CertStore certStore) 
Verify a chain of certificates.

Inherited Member Summary
Methods inherited from class Object
equals(Object), getClass(), hashCode(), notify(), notifyAll(), wait(), wait(), wait() 

Fields

CERT_SIGN_KEY_USAGE

public static final int CERT_SIGN_KEY_USAGE 

Bit mask for key certificate sign key usage.

CLIENT_AUTH_EXT_KEY_USAGE

public static final int CLIENT_AUTH_EXT_KEY_USAGE 

Bit mask client auth for extended key usage.

CODE_SIGN_EXT_KEY_USAGE

public static final int CODE_SIGN_EXT_KEY_USAGE 

Bit code signing mask for extended key usage.

CRL_SIGN_KEY_USAGE

public static final int CRL_SIGN_KEY_USAGE 

Bit mask for CRL sign key usage.

DATA_ENCIPHER_KEY_USAGE

public static final int DATA_ENCIPHER_KEY_USAGE 

Bit mask for data encipherment key usage.

DECIPHER_ONLY_KEY_USAGE

public static final int DECIPHER_ONLY_KEY_USAGE 

Bit mask for decipher only key usage.

DIGITAL_SIG_KEY_USAGE

public static final int DIGITAL_SIG_KEY_USAGE 

Bit mask for digital signature key usage.

EMAIL_EXT_KEY_USAGE

public static final int EMAIL_EXT_KEY_USAGE 

Bit email protection mask for extended key usage.

ENCIPHER_ONLY_KEY_USAGE

public static final int ENCIPHER_ONLY_KEY_USAGE 

Bit mask for encipher only key usage.

IPSEC_END_SYS_EXT_KEY_USAGE

public static final int IPSEC_END_SYS_EXT_KEY_USAGE 

Bit IPSEC end system mask for extended key usage.

IPSEC_TUNNEL_EXT_KEY_USAGE

public static final int IPSEC_TUNNEL_EXT_KEY_USAGE 

Bit IPSEC tunnel mask for extended key usage.

IPSEC_USER_EXT_KEY_USAGE

public static final int IPSEC_USER_EXT_KEY_USAGE 

Bit IPSEC user mask for extended key usage.

KEY_AGREEMENT_KEY_USAGE

public static final int KEY_AGREEMENT_KEY_USAGE 

Bit mask for key agreement key usage.

KEY_ENCIPHER_KEY_USAGE

public static final int KEY_ENCIPHER_KEY_USAGE 

Bit mask for key encipherment key usage.

MISSING_PATH_LENGTH_CONSTRAINT

public static final int MISSING_PATH_LENGTH_CONSTRAINT 

Indicates that no information is available on the pathLengthConstraint associated with this certificate (this could happen if the certifiate is a v1 or v2 cert or a v3 cert without basicConstraints or a non-CA v3 certificate).

NO_ERROR

public static final byte NO_ERROR 

Indicates a no error condition.

NON_REPUDIATION_KEY_USAGE

public static final int NON_REPUDIATION_KEY_USAGE 

Bit mask for non repudiation key usage.

SERVER_AUTH_EXT_KEY_USAGE

public static final int SERVER_AUTH_EXT_KEY_USAGE 

Bit mask server auth for extended key usage.

TIME_STAMP_EXT_KEY_USAGE

public static final int TIME_STAMP_EXT_KEY_USAGE 

Bit time stamping mask for extended key usage.

TYPE_DNS_NAME

public static final byte TYPE_DNS_NAME 

DNS name alternative name type code.

TYPE_EMAIL_ADDRESS

public static final byte TYPE_EMAIL_ADDRESS 

Email address (rfc 822) alternative name type code.

TYPE_URI

public static final byte TYPE_URI 

URI alternative name type code.

UNLIMITED_CERT_CHAIN_LENGTH

public static final int UNLIMITED_CERT_CHAIN_LENGTH 

Indicates there is no limit to the server certificate chain length.

Constructors

X509Certificate(byte, byte[], String, String, long, long, byte[], byte[], byte[], int)

public X509Certificate(byte ver, byte[] rawSerialNumber, java.lang.String sub, java.lang.String iss, long notBefore, long notAfter, byte[] mod, byte[] exp, byte[] chash, int pLen)throws Exception 

Creates an X.509 certificate with the specified attributes. This constructor is only used for creating trusted certificates.

NOTE: All signature related values in these certificates (such as the signing algorithm and signature) are set to null and invoking methods that access signature information, e.g. verify() and getSigAlgName() can produce unexpected errors.

Parameters:

ver - byte containing X.509 version

rawSerialNumber - byte array containing the serial number

sub - subject name

iss - issuer name

notBefore - start of validity period expressed in milliseconds since midnight Jan 1, 1970 UTC

notAfter - end of validity period expressed as above

mod - modulus associated with the RSA Public Key

exp - exponent associated with the RSA Public Key

chash - 16-byte MD5 hash of the certificate’s ASN.1 DER encoding

pLen - Is the pathLenConstraint associated with a version 3 certificate. This parameter is ignored for v1 and v2 certificates. If a v3 certificate does not have basicConstraints or is not a CA cert, callers should pass MISSING_PATH_LENGTH_CONSTRAINT. If the v3 certificate has basicConstraints, CA is set but pathLenConstraint is missing (indicating no limit on the certificate chain), callers should pass UNLIMITED_CERT_CHAIN_LENGTH.

Throws:

java.lang.Exception - in case of a problem with RSA public key parameters

Methods

checkExtensions()

public void checkExtensions()throws CertificateException 

Checks if a certificate has any (version 3) extensions that were not properly processed and continued use of this certificate may be inconsistent with the issuer’s intent. This may happen, for example, if the certificate has unrecognized critical extensions.

Throws:

javax.microedition.pki.CertificateException - with a reason ofr BAD_EXTENSIONS if there are any bad extensions

checkValidity()

public void checkValidity()throws CertificateException 

Checks if the certificate is currently valid. It is if the current date and time are within the certificate’s validity period.

Throws:

javax.microedition.pki.CertificateException - with a reason of EXPIRED or NOT_YET_VALID

checkValidity(long)

public void checkValidity(long time)throws CertificateException 

Checks if the certificate is valid on the specified time. It is if the specified time is within the certificate’s validity period.

NOTE: The standard edition provides a method with this name but it throws different types of exceptions rather than returning error codes.

Parameters:

time - the time in milliseconds for which a certificate’s validity is to be checked

Throws:

javax.microedition.pki.CertificateException - with a reason of EXPIRED or NOT_YET_VALID

generateCertificate(byte[], int, int)

public static com.sun.midp.ssl.X509Certificate generateCertificate(byte[] buf, int off, int len)throws IOException 

Creates a certificate by parsing the ASN.1 DER X.509 certificate encoding in the specified buffer.

NOTE: In the standard edition, equivalent functionality is provided by CertificateFactory.generateCertificate(InputStream).

Parameters:

buf - byte array to be read

off - offset within the byte array

len - number of bytes to be read

Returns:

a certificate object corresponding to the DER encoding or null (in case of an encoding problem)

Throws:

java.io.IOException - if there is a parsing error

getBasicConstraints()

public int getBasicConstraints() 

Gets the certificate constraints path length from the BasicConstraints extension.

The BasicConstraints extension identifies whether the subject of the certificate is a Certificate Authority (CA) and how deep a certification path may exist through the CA. The pathLenConstraint field (see below) is meaningful only if cA is set to TRUE. In this case, it gives the maximum number of CA certificates that may follow this certificate in a certification path. A value of zero indicates that only an end-entity certificate may follow in the path.

Note that for RFC 2459 this extension is always marked critical if cA is TRUE, meaning this certificate belongs to a Certificate Authority.

The ASN.1 definition for this is:

      BasicConstraints ::= SEQUENCE { 
            cA                  BOOLEAN DEFAULT FALSE, 
            pathLenConstraint   INTEGER (0..MAX) OPTIONAL  
      } 
   
Returns:

MISSING_PATH_LENGTH_CONSTRAINT if the BasicConstraints extension is absent or the subject of the certificate is not a CA. If the subject of the certificate is a CA and pathLenConstraint does not appear, UNLIMITED_CERT_CHAIN_LENGTH is returned to indicate that there is no limit to the allowed length of the certification path. In all other situations, the actual value of the pathLenConstraint is returned.

getExtKeyUsage()

public int getExtKeyUsage() 

Gets a 32-bit bit vector (in the form of an integer) in which each position represents a purpose for which the public key in the certificate may be used (iff that bit is set). The correspondence between bit positions and purposes is as follows:

serverAuth
1
clientAuth
2
codeSigning
3
emailProtection
4
ipsecEndSystem
5
ipsecTunnel
6
ipsecUser
7
timeStamping
8

Returns:

a bitvector indicating extended usage of the certificate public key, -1 if a critical extendedKeyUsage extension is not present.

getFingerprint()

public byte[] getFingerprint() 

Gets the MD5 fingerprint of this certificate.

NOTE: this implementation returns a byte array filled with zeros if there is no fingerprint associated with this certificate. This may happen if a null was passed to the X509Certificate constructor.

Returns:

a byte array containing this certificate’s MD5 hash

getIssuer()

public java.lang.String getIssuer() 

Gets the name of this certificate’s issuer.

NOTE: The corresponding method in the standard edition is getIssuerDN() and returns a Principal.

Specified By:

getIssuer in interface Certificate

Returns:

a string containing this certificate’s issuer in user-friendly form

getKeyUsage()

public int getKeyUsage() 

Gets a 32-bit bit vector (in the form of an integer) in which each position represents a purpose for which the public key in the certificate may be used (iff that bit is set). The correspondence between bit positions and purposes is as follows:

digitalSignature
0
nonRepudiation
1
keyEncipherment
2
dataEncipherment
3
keyAgreement
4
keyCertSign
5
cRLSign
6
encipherOnly
7
decipherOnly
8

Returns:

a bitvector indicating approved key usage of the certificate public key, -1 if a KeyUsage extension is not present.

getNotAfter()

public long getNotAfter() 

Gets the NotAfter date from the certificate’s validity period.

Specified By:

getNotAfter in interface Certificate

Returns:

a date after which the certificate is not valid (expiration date)

getNotBefore()

public long getNotBefore() 

Gets the NotBefore date from the certificate’s validity period.

Specified By:

getNotBefore in interface Certificate

Returns:

a date before which the certificate is not valid

getPublicKey()

public com.sun.midp.ssl.PublicKey getPublicKey()throws CertificateException 

Gets the public key from this certificate.

Returns:

the public key contained in the certificate

Throws:

javax.microedition.pki.CertificateException - if public key is not a supported type (could not be parsed).

getSerialNumber()

public java.lang.String getSerialNumber() 

Gets the printable form of the serial number of this Certificate. If the serial number within the certificate is binary is should be formatted as a string using hexadecimal notation with each byte represented as two hex digits separated byte “:” (Unicode x3A). For example, 27:56:FA:80.

Specified By:

getSerialNumber in interface Certificate

Returns:

A string containing the serial number in user-friendly form; NULL is returned if there is no serial number.

getSigAlgName()

public java.lang.String getSigAlgName() 

Gets the name of the algorithm used to sign the certificate.

Specified By:

getSigAlgName in interface Certificate

Returns:

the name of signature algorithm

getSubject()

public java.lang.String getSubject() 

Gets the name of this certificate’s subject.

NOTE: The corresponding method in the standard edition is getSubjectDN() and returns a Principal.

Specified By:

getSubject in interface Certificate

Returns:

a string containing this certificate’s subject in user-friendly form

getSubjectAltName()

public java.lang.Object getSubjectAltName() 

Gets the subject alternative name or null if it was not in the certificate.

Returns:

type of subject alternative name or null

getSubjectAltNameType()

public int getSubjectAltNameType() 

Gets the type of subject alternative name.

Returns:

type of subject alternative name

getType()

public java.lang.String getType() 

Get the type of the Certificate.

Specified By:

getType in interface Certificate

Returns:

The type of the Certificate; the value MUST NOT be NULL.

getVersion()

public java.lang.String getVersion() 

Gets the raw X.509 version number of this certificate. Version 1 is 0.

Specified By:

getVersion in interface Certificate

Returns:

the X.509 logic version number (1, 2, 3) of the certificate

toString()

public java.lang.String toString() 

Returns a string representation of this certificate.

Overrides:

toString in class Object

Returns:

a human readable string representation of this certificate

verify(PublicKey)

public void verify(com.sun.midp.ssl.PublicKey pk)throws CertificateException 

Checks if this certificate was signed using the private key corresponding to the specified public key.

Parameters:

pk - public key to be used for verifying certificate signature

Throws:

javax.microedition.pki.CertificateException - if there is an error

verifyChain(Vector, int, int, CertStore)

public static com.sun.midp.ssl.X509Certificate verifyChain(java.util.Vector certs, int keyUsage, int extKeyUsage, com.sun.midp.ssl.CertStore certStore)throws CertificateException 

Verify a chain of certificates.

Parameters:

certs - list of certificates with first being entity certificate and the last being the CA issued certificate.

keyUsage - -1 to not check the key usage extension, or a key usage bit mask to check for if the extension is present

extKeyUsage - -1 to not check the extended key usage extension, or a extended key usage bit mask to check for if the extension is present

certStore - store of trusted CA certificates

Returns:

first certificate signed by a CA in the given certificate store

Throws:

javax.microedition.pki.CertificateException - if there is an error verifying the chain

 


Contents Previous Next Index Porting MIDP
MIDP Reference Implementation, Version 2.0 FCS