|
This appendix reproduces the reference documentation for the com.sun.ssl package that is generated by the Javadoc™ tool.
Provides a reference implementation of SSLv3.0 for MIDP. The code is modified version of KSSL ( http://sunlabs.eng/~vgupta/ssl/kssl/index.html) from Sun Labs.
Supports abbreviated SSL handshakes.
Does not support SSL client authentication. This is because purpose of HTTPS for MIDP is to provide the wireless device with end-to-end confidentiality. The authentication must be done at the application level, which is what nearly all consumer applications do.
Only supports the SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, and SSL_RSA_EXPORT_WITH_RC4_40_MD5 cipher suites. All known HTTPS servers support these suites.
Only Supports RSA X.509 certificates, these are the defacto standard. KSSL supports version 1, 2, and 3 X.509 certificates signed using RSA with either SHA-1, MD5 and MD2. For security reasons only version 3 certificates are allowed to be chained. While the key usage extension is supported, the name constraints extension is not.
SSL for Java™ 2 Micro-Edition
(
http://sunlabs.eng/~vgupta/ssl/kssl/index.html)
A Good Introduction to SSL
(
http://docs.iplanet.com/docs/manuals/security/sslin/index.htm)
A Good Introduction to Public Key Cryptography
(
http://docs.iplanet.com/docs/manuals/security/pkin/index.htm)
RFC 2246, The TLS Protocol Version 1.0
(
http://www.ietf.org/rfc/rfc2246.txt)
SSL Protocol Version 3.0
(
http://home.netscape.com/eng/ssl3/draft302.txt)
RFC 2459, Internet X.509 Public Key Infrastructure Certificate and CRL Profile ( http://www.ietf.org/rfc/rfc2459.txt)
RSA’s PKCS (Public Key Cryptography Standards) document set.
(
http://www.rsasecurity.com/rsalabs/pkcs/)
MIDP 2.0
This interface supports storage of certificates (not private keys or symmetric keys).
Returns the certificate(s) corresponding to a subject name string.
subjectName - subject name of the certificate in printable form.
corresponding certificates or null (if not found)
public class CryptoException extendsjava.lang.Exceptionjava.lang.Object| +--java.lang.Throwable| +--java.lang.Exception| +--com.sun.midp.ssl.CryptoException
Implements CryptoException which is thrown when a cryptographic method encounters an error.
Indicates that encrypted message was illegal encoded.
Indicates illegal use of a method.
Indicates a method was passed illegal parameter values.
Indicates an object has not been properly initialized for the requested operation.
Indicates that a requested algorithm or key type is not supported.
Indicates that is key object has not been properly initialized.
Constructs a CryptoException with the specified reason code.
reason - reason code
Throws a CryptoException with the specified reason code.
reason - reason code
CryptoException - with the specified reason code
Returns a human readable string describing the CryptoException.
toString in class Throwable
string representation of the CryptoException
PrivateKey, PublicKey, RSAPrivateKey, RSAPublicKey
SecretKey
Implements an abstract class that represents all keys (both symmetric and asymmetric).
Clears the key and sets it to an uninitialized state.
Returns the key size in number of bits.
the key size in number of bits
Returns the key type.
the key type
Returns true if and only if a key has been initialized. A key is not initialized until all associated set methods have been called at least once since the last time the key was in an uninitialized state.
true if the key has been initialized, false otherwise
Converts a key object to its human readable string representation.
toString in class Object
a human readable string representation of the key
The KeyBuilder class is used to generate key objects for use in cryptographic operations. It is a key object factory. This version of the implementation only supports symmetric keys and RSA keys with modulus lengths up to and including 1024-bits. DSA keys are not supported.
Key
Indicates an ARCfour key type.
Indicates an RSA private key type.
Indicates an RSA public key type.
public static com.sun.midp.ssl.Key buildKey(byte kType, short kLen, boolean kEnc) throws CryptoException
Creates cryptographic keys of the specified type and length. For now, the third argument is ignored —- it is included here only for compatibility with the javacard.security.KeyBuilder class. Note that the object returned by this method must be cast to their appropriate key type interface.
kType - type of key to be generated
kLen - the desired size of the key in bits
kEnc - this parameter is ignored
a key with the specified attributes
CryptoException - with the NO_SUCH_ALGORITHM reason code if the requested key type is not supported.
Implements an abstract class that generalizes all message digests. It is modelled after javacard.security.MessageDigest. This version of the implementation only supports ALG_MD5 (which produces a 16-byte hash as described in RFC 2313) and ALG_SHA (which produces a 20-byte hash using NIST’s SHA1 algorithm). MD2, a predecessor to MD5, is not supported.
Indicates the MD2 message digest algorithm.
Indicates the MD5 message digest algorithm.
Indicates the SHA message digest algorithm.
Clones the MessageDigest object.
a clone of this object
Generates a hash of all/last input data. Completes and returns the hash computation after performing final operations such as padding. The MessageDigest object is reset after this call.
inBuf - input buffer of data to be hashed
inOff - offset within inBuf where input data begins
inLen - length (in bytes) of data to be hashed
outBuf - output buffer where the hash should be placed
outOff - offset within outBuf where the resulting hash begins
number of bytes of hash left in outBuf
Gets the message digest algorithm.
algorithm implemented by this MessageDigest object
public static com.sun.midp.ssl.MessageDigest getInstance(byte alg, boolean ext)throws CryptoException
Creates a MessageDigest object instance of the specified algorithm. The second parameter is ignored for now —- it is here only for compatibility with the javacard.security.MessageDigest class.
alg - the desired message digest algorithm, e.g. ALG_MD5
ext - ignored
a MessageDigest object instance of the requested algorithm
CryptoException - with NO_SUCH_ALGORITHM reason code if the requested algorithm is not supported.
Gets the length (in bytes) of the hash.
byte-length of the hash produced by this object
Resets the MessageDigest to the initial state for further use.
Accumulates a hash of the input data. This method is useful when the input data to be hashed is not available in one byte array.
inBuf - input buffer of data to be hashed
inOff - offset within inBuf where input data begins
inLen - length (in bytes) of data to be hashed
doFinal(byte[], int, int, byte[], int)
Key
RSAPrivateKey
The PrivateKey abstract class is the base class for all private keys used in asymmetric algorithms.
Key
RSAPublicKey
The PublicKey abstract class is the base class for all public keys used in asymmetric algorithms.
Implements an abstract class that generalizes random number generators.
Identifies a utility pseudo random number generation algorithm.
Identifies a cryptographically secure random number generation algorithm.
Generates random data.
buf - output buffer in which the random data is to be placed
off - starting offset within buf for the random data
len - number of bytes of random data to be placed in buf
Creates a RandomData instance of the selected algorithm.
alg - the desired random number generation algorithm, e.g. ALG_PSEUDO_RANDOM
a RandomData instance implementing the selected algorithm.
CryptoException - with reason code set to NO_SUCH_ALGORITHM if an unsupported algorithm is requested.
WARNING: Requests for a secure random number generator are currently redirected to a class that implements a weakly unpredictable source of random data. Licensees of this reference implementation are strongly urged to link requests for ALG_SECURE_RANDOM to better generators that may be available on their specific platforms.
Seeds the random number generator.
buf - input buffer containing the seed
off - offset within buf where the seed starts
len - number of bytes of seed data in buf
Key, PrivateKey
Specifies the RSA private key interface. An RSA key is not ready for us until both the modulus and exponent have been set.
Checks if this RSAPrivateKey has the same exponent and modulus as the specified key.
k - an RSAPrivateKey against which this key is to be compared
true if the two keys have the same exponent and modulus, false otherwise
Returns the private exponent value of the key in the specified buffer. The data format is big-endian and right-aligned (the least significant bit is the least significant bit of the last byte).
buf - the output buffer where the exponent is placed
offset - offset within buf where the exponent starts
byte length of the exponent copied into buf
setExponent(byte[], short, short)
Returns the modulus value of the key in the specified buffer. The data format is big-endian and right-aligned (the least significant bit is the least significant bit of the last byte).
buf - the output buffer where the modulus is placed
offset - offset within buf where the modulus starts
byte length of the modulus copied into buf
setModulus(byte[], short, short)
Sets the private exponent value of the key. The data format is big-endian and right-aligned (the least significant bit is the least significant bit of the last byte).
buf - the input buffer containing the exponent
offset - offset within buf where the exponent starts
len - exponent length in bytes
CryptoException - with reason code set to ILLEGAL_VALUE if the specified exponent data is inconsistent with the key size.
getExponent(byte[], short)
Sets the modulus value of the key. The data format is big-endian and right-aligned (the least significant bit is the least significant bit of the last byte).
buf - the input buffer containing the modulus
offset - offset within buf where the modulus starts
len - modulus length in bytes
CryptoException - with reason code set to ILLEGAL_VALUE if the specified modulus data is inconsistent with the key size.
getModulus(byte[], short)
Key, PublicKey
Specifies the RSA public key interface. An RSA key is not ready for us until both the modulus and exponent have been set.
Checks if this RSAPublicKey has the same exponent and modulus as the specified key.
k - an RSAPublicKey against which this key is to be compared
true if the two keys have the same exponent and modulus, false otherwise
Returns the public exponent value of the key in the specified buffer. The data format is big-endian and right-aligned (the least significant bit is the least significant bit of the last byte).
buf - the output buffer where the exponent is placed
offset - offset within buf where the exponent starts
byte length of the exponent copied into buf
setExponent(byte[], short, short)
Returns the modulus value of the key in the specified buffer. The data format is big-endian and right-aligned (the least significant bit is the least significant bit of the last byte).
buf - the output buffer where the modulus is placed
offset - offset within buf where the modulus starts
byte length of the modulus copied into buf
setModulus(byte[], short, short)
Sets the public exponent value of the key. The data format is big-endian and right-aligned (the least significant bit is the least significant bit of the last byte).
buf - the input buffer containing the exponent
offset - offset within buf where the exponent starts
len - exponent length in bytes
CryptoException - with reason code set to ILLEGAL_VALUE if the specified exponent data is inconsistent with the key size.
getExponent(byte[], short)
Sets the modulus value of the key. The data format is big-endian and right-aligned (the least significant bit is the least significant bit of the last byte).
buf - the input buffer containing the modulus
offset - offset within buf where the modulus starts
len - modulus length in bytes
CryptoException - with reason code set to ILLEGAL_VALUE if the specified modulus data is inconsistent with the key size.
getModulus(byte[], short)
Key
Implements the base interface for keys used in symmetric algorithms.
Clears the key and sets it to uninitialized state.
clearKey in interface Key
Gets the key data. The data format is big-endian and right-aligned (the least significant bit is the least significant bit of last byte).
buf - the output buffer in which key data is to be placed
off - starting offset within buf for the key data.
number of bytes of key data placed in buf.
setKey(byte[], short)
Gets the key size in bits.
getSize in interface Key
the key size in bits
Gets the key type.
getType in interface Key
the key type
Checks if the key is initialized.
isInitialized in interface Key
true if the key has been initialized, false otherwise
Sets the key data. The data format is big-endian and right-aligned (the least significant bit is the least significant bit of last byte).
buf - the input buffer containing key data
off - starting offset within buf for the key data.
CryptoException - with reason code set to ILLEGAL_VALUE if the specified secret data is inconsistent with the key size.
getKey(byte[], short)
Converts the key to its corresponding human readable string representation.
toString in interface Key
toString in class Object
a string representation of the secret key
Implements an abstract class that generalizes all signature algorithms. This version of the implementation only supports ALG_RSA_MD5_PKCS1 and ALG_RSA_SHA_PKCS1.
Signature algorithm ALG_RSA_MD5_PKCS1 encrypts the 16-byte MD5 digest using RSA. The digest is padded according to the PKCS#1 (v1.5) scheme.
Signature algorithm ALG_RSA_SHA_PKCS1 encrypts the 20-byte SHA digest using RSA. The digest is padded according to the PKCS#1 (v1.5) scheme.
Used in init() methods to indicate signature sign mode.
Used in init() methods to indicate signature verify mode.
Gets the signature algorithm.
the algorithm code defined above
Creates a Signature object instance of the selected algorithm.
alg - desired signature algorithm
ext - this parameter is here only for compatibility with javacard.security.Signature, it is ignored
a Signature object instance of the requested algorithm
CryptoException - with reason code NO_SUCH_ALGORITHM if the requested algorithm is not supported
Gets the byte length of the signature data.
the byte length of signature data
Initializes the Signature object with the appropriate Key for signature creation or verification.
theKey - the key object to use for signing or verification
theMode - one of MODE_SIGN or MODE_VERIFY
CryptoException - with reason code ILLEGAL_VALUE if an invalid mode is specified or if the key type is inconsistent with the mode or signature implementation.
public abstract void init(com.sun.midp.ssl.Key theKey, byte theMode, byte[] b, int off, int len)throws CryptoException
Initializes the Signature object with the appropriate Key and algorithm specific parameters for signature creation or verification.
theKey - the key object to use for signing or verification
theMode - one of MODE_SIGN or MODE_VERIFY
b - byte array containing algorithm specific parameters
off - starting offset of parameter data within the byte array
len - byte length of parameter data
CryptoException - with reason code ILLEGAL_VALUE if an invalid mode is specified or if the key type is inconsistent with the mode or signature implementation or if this initialization mode is not supported by the signature algorithm
public abstract short sign(byte[] inBuf, int inOff, int inLen, byte[] sigBuf, int sigOff)throws CryptoException
Generates the signature of all/last input data. A call to this method also resets this signature object to the state it was in when previously initialized via a call to init(). That is, the object is reset and available to sign another message.
inBuf - the input buffer of data to be signed
inOff - starting offset within the input buffer for data to be signed
inLen - the byte length of data to be signed
sigBuf - the output buffer to store signature data
sigOff - starting offset within the output buffer at which to begin signature data
number of bytes of signature output in sigBuf
CryptoException - with the following reason codes: (i) UNINITIALIZED_KEY if key is not initialized, (ii) INVALID_INIT if signature object wasn not properly initialized, for signing (iii) ILLEGAL_USE if the signature algorithm does not pad the message and the message is not block aligned
Accumulates a signature of the input data. When this method is used, temporary storage of intermediate results is required. This method should only be used if all the input data required for the signature is not available in one byte array. The sign() or verify() method is recommended whenever possible.
inBuf - the input buffer of data to be signed
inOff - starting offset within the input buffer for data to be signed
inLen - the byte length of data to be signed
CryptoException - with UNINITIALIZED_KEY or INVALID_INIT if the signature object is not properly initialized
sign(byte[], int, int, byte[], int), verify(byte[], int, int, byte[], int, short)
public abstract boolean verify(byte[] inBuf, int inOff, int inLen, byte[] sigBuf, int sigOff, short sigLen)throws CryptoException
Verifies the signature of all/last input data against the passed in signature. A call to this method also resets this signature object to the state it was in when previously initialized via a call to init(). That is, the object is reset and available to verify another message.
inBuf - the input buffer of data to be verified
inOff - starting offset within the input buffer for data to be verified
inLen - the byte length of data to be verified
sigBuf - the input buffer containing signature data
sigOff - starting offset within the sigBuf where signature data begins
sigLen - byte length of signature data
true if signature verifies, false otherwise
CryptoException - with the following reason codes: (i) UNINITIALIZED_KEY if key is not initialized, (ii) INVALID_INIT if signature object wasn not properly initialized, for verification (iii) ILLEGAL_USE if the signature algorithm does not pad the message and the message is not block aligned
public class SSLStreamConnection implementsjavax.microedition.io.StreamConnectionjava.lang.Object| +--com.sun.midp.ssl.SSLStreamConnection
javax.microedition.io.Connection, javax.microedition.io.InputConnection, javax.microedition.io.OutputConnection, javax.microedition.io.StreamConnection
The SSLStreamConnection class implements the StreamConnection interface. Data exchanged through a SSLStreamConnection is automatically protected by SSL. Currently, only SSL version 3.0 is supported and the list of cipher suites proposed by the client is hard coded to {SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_EXPORT_WITH_RC4_40_MD5}. This version of the implementation does not support client authentication at the SSL layer —- a feature that is rarely used. Typical usage of this class by an application would be along the following lines:
// create a TCP connection StreamConnection t = Connector.open(“socket://www.server.com:443”); // Create an SSL connection SSLStreamConnection s = new SSLStreamConnection(“www.server.com”, 443, t.openInputStream(), t.openOutputStream()); t.close(); // obtain the associated input/output streams OutputStream sout = s.openOutputStream(); InputStream sin = s.openInputStream(); ... // send SSL-protected data by writing to sout and // receive SSL-protected by reading from sin ... sin.close(); sout.close(); s.close(); // close the SSL connection when done
public SSLStreamConnection(java.lang.Stringhost, int port,java.io.InputStreamin,java.io.OutputStreamout)throws IOException
Establish and SSL session over a reliable stream. This connection will forward the input and output stream close methods to the given connection. If the caller wants to have the given connection closed with this connection, the caller can close given connection after constructing this connection, but leaving the closing of the streams to this connection.
host - hostname of the SSL server
port - port number of the SSL server
in - InputStream associated with the StreamConnection
out - OutputStream associated with the StreamConnection
java.io.IOException - if there is a problem initializing the SSL data structures or the SSL handshake fails
Closes the SSL connection. The underlying TCP socket, over which SSL is layered, is also closed unless the latter was opened by an external application and its input/output streams were passed as argument to the SSLStreamConnection constructor.
close in interface Connection
java.io.IOException - if the SSL connection could not be terminated cleanly
Returns the security information associated with this connection.
the security information associated with this open connection
java.io.IOException - if the connection is closed
Returns the server certificate associated with this connection.
the server certificate associated with this connection
Gets the certificate store containing trusted root certificates used to verify SSL server certificate chains.
certificate store containing trusted certificates
setTrustedCertStore(CertStore)
Locks the current trusted certificate store so it cannot be changed. This method does nothing if the trusted certificate store is null.
Returns the DataInputStream associated with this SSLStreamConnection.
openDataInputStream in interface InputConnection
a DataInputStream object
java.io.IOException - if the connection is not open or the stream was already open
Returns the DataOutputStream associated with this SSLStreamConnection.
openDataOutputStream in interface OutputConnection
a DataOutputStream object
java.io.IOException - if the connection is not open or the stream was already open
Returns the InputStream associated with this SSLStreamConnection.
openInputStream in interface InputConnection
InputStream object from which SSL protected bytes can be read
java.io.IOException - if the connection is not open or the stream was already open
Returns the OutputStream associated with this SSLStreamConnection.
openOutputStream in interface OutputConnection
OutputStream object such that bytes written to this stream are sent over an SSL secured channel
java.io.IOException - if the connection is not open or the stream was already open
Sets the trusted certificate store which contains root certificates used to verify certificate chains sent by an SSL server. This method does nothing if the certificate store is already locked.
cs - trusted certificate store to be used
lockTrustedCertStore(), getTrustedCertStore()
public class X509Certificate implementsjavax.microedition.pki.Certificatejava.lang.Object| +--com.sun.midp.ssl.X509Certificate
javax.microedition.pki.Certificate
This class implements methods for creating X.509 certificates and accessing their attributes such as subject/issuer names, public keys and validity information. Publicly visible methods are modeled after those in the X509Certificate classes from J2SE™ (Java 2 Platform, Standard Edition) but there are some differences and these are documented below.
NOTE: For now, only X.509 certificates containing RSA public keys and signed either using md5WithRSA or sha-1WithRSA are supported. This version of the implementation is unable to parse certificates containing DSA keys or signed using DSA. Certificates containing RSA keys but signed using an unsupported algorithm (e.g. RSA_MD2) can be parsed but cannot be verified. Not all version 3 extensions are supported (only subjectAltName, basicConstraints, keyUsage and extendedKeyUsage are recognized) but if an unrecognized extension is marked critical, an error notification is generated.
Bit mask for key certificate sign key usage.
Bit mask client auth for extended key usage.
Bit code signing mask for extended key usage.
Bit mask for CRL sign key usage.
Bit mask for data encipherment key usage.
Bit mask for decipher only key usage.
Bit mask for digital signature key usage.
Bit email protection mask for extended key usage.
Bit mask for encipher only key usage.
Bit IPSEC end system mask for extended key usage.
Bit IPSEC tunnel mask for extended key usage.
Bit IPSEC user mask for extended key usage.
Bit mask for key agreement key usage.
Bit mask for key encipherment key usage.
Indicates that no information is available on the pathLengthConstraint associated with this certificate (this could happen if the certifiate is a v1 or v2 cert or a v3 cert without basicConstraints or a non-CA v3 certificate).
Indicates a no error condition.
Bit mask for non repudiation key usage.
Bit mask server auth for extended key usage.
Bit time stamping mask for extended key usage.
DNS name alternative name type code.
Email address (rfc 822) alternative name type code.
URI alternative name type code.
Indicates there is no limit to the server certificate chain length.
public X509Certificate(byte ver, byte[] rawSerialNumber,java.lang.Stringsub,java.lang.Stringiss, long notBefore, long notAfter, byte[] mod, byte[] exp, byte[] chash, int pLen)throws Exception
Creates an X.509 certificate with the specified attributes. This constructor is only used for creating trusted certificates.
NOTE: All signature related values in these certificates (such as the signing algorithm and signature) are set to null and invoking methods that access signature information, e.g. verify() and getSigAlgName() can produce unexpected errors.
ver - byte containing X.509 version
rawSerialNumber - byte array containing the serial number
sub - subject name
iss - issuer name
notBefore - start of validity period expressed in milliseconds since midnight Jan 1, 1970 UTC
notAfter - end of validity period expressed as above
mod - modulus associated with the RSA Public Key
exp - exponent associated with the RSA Public Key
chash - 16-byte MD5 hash of the certificate’s ASN.1 DER encoding
pLen - Is the pathLenConstraint associated with a version 3 certificate. This parameter is ignored for v1 and v2 certificates. If a v3 certificate does not have basicConstraints or is not a CA cert, callers should pass MISSING_PATH_LENGTH_CONSTRAINT. If the v3 certificate has basicConstraints, CA is set but pathLenConstraint is missing (indicating no limit on the certificate chain), callers should pass UNLIMITED_CERT_CHAIN_LENGTH.
java.lang.Exception - in case of a problem with RSA public key parameters
Checks if a certificate has any (version 3) extensions that were not properly processed and continued use of this certificate may be inconsistent with the issuer’s intent. This may happen, for example, if the certificate has unrecognized critical extensions.
javax.microedition.pki.CertificateException - with a reason ofr BAD_EXTENSIONS if there are any bad extensions
Checks if the certificate is currently valid. It is if the current date and time are within the certificate’s validity period.
javax.microedition.pki.CertificateException - with a reason of EXPIRED or NOT_YET_VALID
Checks if the certificate is valid on the specified time. It is if the specified time is within the certificate’s validity period.
NOTE: The standard edition provides a method with this name but it throws different types of exceptions rather than returning error codes.
time - the time in milliseconds for which a certificate’s validity is to be checked
javax.microedition.pki.CertificateException - with a reason of EXPIRED or NOT_YET_VALID
public static com.sun.midp.ssl.X509Certificate generateCertificate(byte[] buf, int off, int len)throws IOException
Creates a certificate by parsing the ASN.1 DER X.509 certificate encoding in the specified buffer.
NOTE: In the standard edition, equivalent functionality is provided by CertificateFactory.generateCertificate(InputStream).
buf - byte array to be read
off - offset within the byte array
len - number of bytes to be read
a certificate object corresponding to the DER encoding or null (in case of an encoding problem)
java.io.IOException - if there is a parsing error
Gets the certificate constraints path length from the BasicConstraints extension.
The BasicConstraints extension identifies whether the subject of the certificate is a Certificate Authority (CA) and how deep a certification path may exist through the CA. The pathLenConstraint field (see below) is meaningful only if cA is set to TRUE. In this case, it gives the maximum number of CA certificates that may follow this certificate in a certification path. A value of zero indicates that only an end-entity certificate may follow in the path.
Note that for RFC 2459 this extension is always marked critical if cA is TRUE, meaning this certificate belongs to a Certificate Authority.
The ASN.1 definition for this is:
BasicConstraints ::= SEQUENCE {
cA BOOLEAN DEFAULT FALSE,
pathLenConstraint INTEGER (0..MAX) OPTIONAL
}
MISSING_PATH_LENGTH_CONSTRAINT if the BasicConstraints extension is absent or the subject of the certificate is not a CA. If the subject of the certificate is a CA and pathLenConstraint does not appear, UNLIMITED_CERT_CHAIN_LENGTH is returned to indicate that there is no limit to the allowed length of the certification path. In all other situations, the actual value of the pathLenConstraint is returned.
Gets a 32-bit bit vector (in the form of an integer) in which each position represents a purpose for which the public key in the certificate may be used (iff that bit is set). The correspondence between bit positions and purposes is as follows:
|
serverAuth
|
1
|
|||||||||||||
|
clientAuth
|
2
|
|||||||||||||
|
codeSigning
|
3
|
|||||||||||||
|
emailProtection
|
4
|
|||||||||||||
|
ipsecEndSystem
|
5
|
|||||||||||||
|
ipsecTunnel
|
6
|
|||||||||||||
|
ipsecUser
|
7
|
|||||||||||||
|
timeStamping
|
8
|
|||||||||||||
a bitvector indicating extended usage of the certificate public key, -1 if a critical extendedKeyUsage extension is not present.
Gets the MD5 fingerprint of this certificate.
NOTE: this implementation returns a byte array filled with zeros if there is no fingerprint associated with this certificate. This may happen if a null was passed to the X509Certificate constructor.
a byte array containing this certificate’s MD5 hash
Gets the name of this certificate’s issuer.
NOTE: The corresponding method in the standard edition is getIssuerDN() and returns a Principal.
getIssuer in interface Certificate
a string containing this certificate’s issuer in user-friendly form
Gets a 32-bit bit vector (in the form of an integer) in which each position represents a purpose for which the public key in the certificate may be used (iff that bit is set). The correspondence between bit positions and purposes is as follows:
|
digitalSignature
|
0
|
|||||||||||||
|
nonRepudiation
|
1
|
|||||||||||||
|
keyEncipherment
|
2
|
|||||||||||||
|
dataEncipherment
|
3
|
|||||||||||||
|
keyAgreement
|
4
|
|||||||||||||
|
keyCertSign
|
5
|
|||||||||||||
|
cRLSign
|
6
|
|||||||||||||
|
encipherOnly
|
7
|
|||||||||||||
|
decipherOnly
|
8
|
|||||||||||||
a bitvector indicating approved key usage of the certificate public key, -1 if a KeyUsage extension is not present.
Gets the NotAfter date from the certificate’s validity period.
getNotAfter in interface Certificate
a date after which the certificate is not valid (expiration date)
Gets the NotBefore date from the certificate’s validity period.
getNotBefore in interface Certificate
a date before which the certificate is not valid
Gets the public key from this certificate.
the public key contained in the certificate
javax.microedition.pki.CertificateException - if public key is not a supported type (could not be parsed).
Gets the printable form of the serial number of this Certificate. If the serial number within the certificate is binary is should be formatted as a string using hexadecimal notation with each byte represented as two hex digits separated byte “:” (Unicode x3A). For example, 27:56:FA:80.
getSerialNumber in interface Certificate
A string containing the serial number in user-friendly form; NULL is returned if there is no serial number.
Gets the name of the algorithm used to sign the certificate.
getSigAlgName in interface Certificate
the name of signature algorithm
Gets the name of this certificate’s subject.
NOTE: The corresponding method in the standard edition is getSubjectDN() and returns a Principal.
getSubject in interface Certificate
a string containing this certificate’s subject in user-friendly form
Gets the subject alternative name or null if it was not in the certificate.
type of subject alternative name or null
Gets the type of subject alternative name.
type of subject alternative name
Get the type of the Certificate.
getType in interface Certificate
The type of the Certificate; the value MUST NOT be NULL.
Gets the raw X.509 version number of this certificate. Version 1 is 0.
getVersion in interface Certificate
the X.509 logic version number (1, 2, 3) of the certificate
Returns a string representation of this certificate.
toString in class Object
a human readable string representation of this certificate
Checks if this certificate was signed using the private key corresponding to the specified public key.
pk - public key to be used for verifying certificate signature
javax.microedition.pki.CertificateException - if there is an error
public static com.sun.midp.ssl.X509Certificate verifyChain(java.util.Vector certs, int keyUsage, int extKeyUsage, com.sun.midp.ssl.CertStore certStore)throws CertificateException
Verify a chain of certificates.
certs - list of certificates with first being entity certificate and the last being the CA issued certificate.
keyUsage - -1 to not check the key usage extension, or a key usage bit mask to check for if the extension is present
extKeyUsage - -1 to not check the extended key usage extension, or a extended key usage bit mask to check for if the extension is present
certStore - store of trusted CA certificates
first certificate signed by a CA in the given certificate store
javax.microedition.pki.CertificateException - if there is an error verifying the chain
|
Porting MIDP MIDP Reference Implementation, Version 2.0 FCS |
Copyright © 2002 Sun Microsystems, Inc. All rights reserved.