Skip navigation links

Overview  Package   Class  Tree  Deprecated  Index  Help 
Oracle Security Developer Tools PKI SDK CMP Java API Reference
11g (11.1.1)
E10666-02
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

oracle.security.crypto.cmp
Class SignaturePOP

java.lang.Object
  extended by oracle.security.crypto.cmp.ProofOfPossession
      extended by oracle.security.crypto.cmp.SignaturePOP

All Implemented Interfaces:
oracle.security.crypto.asn1.ASN1Object, oracle.security.crypto.util.Streamable
public class SignaturePOP
extends ProofOfPossession

CRMF proof-of-possession structure of type signature.

See Also:
ProofOfPossession, RAVerifiedPOP, KeyEnciphermentPOP, KeyAgreementPOP

Nested Class Summary

 

Nested classes/interfaces inherited from class oracle.security.crypto.cmp.ProofOfPossession
ProofOfPossession.SubsequentMsg, ProofOfPossession.Type

 

Constructor Summary
SignaturePOP()
          Create an empty SignaturePOP.
SignaturePOP(oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)
          Create a SignaturePOP with the given signature algorithm to sign the CertRequest from the enclosing CertReqMsg.
SignaturePOP(oracle.security.crypto.core.AlgorithmIdentifier sigAlgID, java.security.PublicKey pubKey, byte[] password)
          Create a SignaturePOP with the given signature algorithm to sign the given public key and a PasswordBasedMAC of the public key using the given password bytes.
SignaturePOP(oracle.security.crypto.core.AlgorithmIdentifier sigAlgID, java.security.PublicKey pubKey, byte[] password, java.security.SecureRandom sr)
          Note the changes in the method signature
SignaturePOP(oracle.security.crypto.core.AlgorithmIdentifier sigAlgID, java.security.PublicKey pubKey, oracle.security.crypto.cert.GeneralName sender)
          Create a SignaturePOP with the given signature algorithm to sign the given public key and sender name.
SignaturePOP(java.io.InputStream is)
           

 

Method Summary
 oracle.security.crypto.core.AlgorithmIdentifier getMacAlgID()
          Returns the password-based-MAC algorithm identifier.
 byte[] getMacBytes()
          Returns the bytes of the public key password-based-MAC.
 java.security.PublicKey getPublicKey()
          Returns the public key if it was provided separately from the CertRequest's CertTemplate.
 oracle.security.crypto.cert.GeneralName getSenderName()
          Returns the sender's name if it was provided separately from the CertRequest's CertTemplate.
 oracle.security.crypto.core.AlgorithmIdentifier getSignatureAlgID()
          Returns the algorithm identifier for the signature.
 byte[] getSignatureBytes()
           
 ProofOfPossession.Type getType()
          Returns one of the values defined in ProofOfPossession.Type.
 void input(java.io.InputStream is)
           
 void sign(CertRequest certReq, java.security.PrivateKey privKey, java.security.SecureRandom sr)
          Computes the signature for this SignaturePOP using the the enclosing CertReqMsg's CertRequest.
 void sign(java.security.PrivateKey privKey, java.security.SecureRandom sr)
          Computes the signature for this SignaturePOP using the public key and sender name or the password-based MAC of the public key.
 java.lang.String toString()
           
 boolean verify(java.security.PublicKey pubKey, byte[] password)
          Verify the public key MAC in this POP's <coce>POPOSigningKeyInput structure and the signature on the structure.
 boolean verify(java.security.PublicKey pubKey, CertRequest certReq)
          Verify the POP signature on the enclosing CertReqMsg's CertRequest.
 boolean verify(java.security.PublicKey pubKey, oracle.security.crypto.cert.GeneralName sender)
          Verify the sender name in this POP's <coce>POPOSigningKeyInput structure and the signature on the structure.

 

Methods inherited from class oracle.security.crypto.cmp.ProofOfPossession
inputInstance, length, output

 

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

 

Constructor Detail

SignaturePOP

public SignaturePOP()
Create an empty SignaturePOP. The resulting object is not a valid proof-of-possession structure, and is intended primarily for use in conjunction with the input(java.io.InputStream) method.

SignaturePOP

public SignaturePOP(oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)
Create a SignaturePOP with the given signature algorithm to sign the CertRequest from the enclosing CertReqMsg.

Note: This constructor must be used when the CertRequest's CertTemplate contains both the public key and subject name. Otherwise, use either the SignaturePOP(AlgorithmIdentifier, PublicKey, GeneralName) or the SignaturePOP(AlgorithmIdentifier, PublicKey, byte[]) constructor.

Parameters:
sigAlgID - The signature algorithm to use.

SignaturePOP

public SignaturePOP(oracle.security.crypto.core.AlgorithmIdentifier sigAlgID,
                    java.security.PublicKey pubKey,
                    oracle.security.crypto.cert.GeneralName sender)
             throws java.security.InvalidKeyException
Create a SignaturePOP with the given signature algorithm to sign the given public key and sender name.

Note: This constructor (or SignaturePOP(AlgorithmIdentifier, PublicKey, byte[])) must be used only when the CertRequest's CertTemplate does not contain both the public key and subject name. If neither value is missing from the template use the constructor SignaturePOP(AlgorithmIdentifier).

Note the changes in the method signature

Previously public SignaturePOP (AlgorithmIdentifier , oracle.security.crypto.core.PublicKey , GeneralName )

Now public SignaturePOP (AlgorithmIdentifier , java.security.PublicKey, GeneralName )

Parameters:
sigAlgID - The signature algorithm to use.
pubKey - The subject public key of the certificate request.
sender - The sender's GeneralName.
Throws:
java.security.InvalidKeyException

SignaturePOP

public SignaturePOP(oracle.security.crypto.core.AlgorithmIdentifier sigAlgID,
                    java.security.PublicKey pubKey,
                    byte[] password)
             throws java.security.NoSuchAlgorithmException,
                    oracle.security.crypto.core.AlgorithmIdentifierException
Create a SignaturePOP with the given signature algorithm to sign the given public key and a PasswordBasedMAC of the public key using the given password bytes.

Note: This constructor (or SignaturePOP(AlgorithmIdentifier, PublicKey pubKey, GeneralName sender)) must be used only when the CertRequest's CertTemplate does not contain both the public key and subject name. If neither value is missing from the template, use the constructor SignaturePOP(AlgorithmIdentifier).

Note the changes in the method signature

Previously public SignaturePOP (AlgorithmIdentifier , oracle.security.crypto.core.PublicKey , byte[] )

Now public SignaturePOP (AlgorithmIdentifier , java.security.PublicKey, byte[])

Note the changes in the exceptions thrown

Exceptions introduced -- NoSuchAlgorithmException

Parameters:
sigAlgID - The signature algorithm to use.
pubKey - The subject public key of the certificate request.
password - The bytes of the shared secret to be used in computing a password-based MAC. It is recommended (PKCS #5) that the password be at least 12 bytes, to complement a default salt length of 8 bytes and a hash value length of 20 bytes (SHA-1).
Throws:
java.security.NoSuchAlgorithmException
oracle.security.crypto.core.AlgorithmIdentifierException

SignaturePOP

public SignaturePOP(oracle.security.crypto.core.AlgorithmIdentifier sigAlgID,
                    java.security.PublicKey pubKey,
                    byte[] password,
                    java.security.SecureRandom sr)
             throws oracle.security.crypto.core.AlgorithmIdentifierException

Note the changes in the method signature

Previously public SignaturePOP (AlgorithmIdentifier , oracle.security.crypto.core.PublicKey , byte[] , RandomBitsSource )

Now public SignaturePOP (AlgorithmIdentifier , java.security.PublicKey , byte[], SecureRandom)

Throws:
oracle.security.crypto.core.AlgorithmIdentifierException

SignaturePOP

public SignaturePOP(java.io.InputStream is)
             throws java.io.IOException
Throws:
java.io.IOException

Method Detail

getType

public ProofOfPossession.Type getType()
Description copied from class: ProofOfPossession
Returns one of the values defined in ProofOfPossession.Type.
Specified by:
getType in class ProofOfPossession

sign

public void sign(java.security.PrivateKey privKey,
                 java.security.SecureRandom sr)
          throws java.security.SignatureException
Computes the signature for this SignaturePOP using the public key and sender name or the password-based MAC of the public key. If this method is not invoked explicitly on the SignaturePOP instance, it will be called by the enclosing CertReqMsg's constructor.

Note the changes in the method signature

Previouslypublic void sign (oracle.security.crypto.core.PrivateKey , RandomBitsSource)

Now public void sign (java.security.PrivateKey , SecureRandom )

Note: This method must be used only when the CertRequest's CertTemplate does not contain both the public key and subject name. If neither value is missing from the template use the SignaturePOP(AlgorithmIdentifier) constructor and the signing method sign(CertRequest, PrivateKey, SecureRandom).

Throws:
java.security.SignatureException

sign

public void sign(CertRequest certReq,
                 java.security.PrivateKey privKey,
                 java.security.SecureRandom sr)
          throws java.security.SignatureException
Computes the signature for this SignaturePOP using the the enclosing CertReqMsg's CertRequest. If this method is not invoked explicitly on the SignaturePOP instance, it will be called by the enclosing CertReqMsg's constructor.

Note the changes in the method signature

Previouslypublic void sign (CertRequest ,oracle.security.crypto.core.PrivateKey , RandomBitsSource)

Now public void sign (CertRequest ,java.security.PrivateKey , SecureRandom )

Note: This method must be used only when the CertRequest's CertTemplate contains both the public key and subject name. If either value is missing from the template use the SignaturePOP(AlgorithmIdentifier, PublicKey, GeneralName) or the SignaturePOP(AlgorithmIdentifier, PublicKey, byte[]) constructor, and the signing method sign(PrivateKey, SecureRandom).

Throws:
java.security.SignatureException

verify

public boolean verify(java.security.PublicKey pubKey,
                      CertRequest certReq)
               throws java.security.SignatureException
Verify the POP signature on the enclosing CertReqMsg's CertRequest.

Note the changes in the method signature

Previouslypublic boolean verify (oracle.security.crypto.core.PublicKey , CertRequest )

Now public boolean verify (java.security.PublicKey , CertRequest )

Parameters:
pubKey - The public key intended for the certificate, preferably taken from the CertRequest's CertTemplate.
certReq - The CertRequest structure.
Throws:
java.security.SignatureException

verify

public boolean verify(java.security.PublicKey pubKey,
                      oracle.security.crypto.cert.GeneralName sender)
               throws java.security.SignatureException
Verify the sender name in this POP's <coce>POPOSigningKeyInput structure and the signature on the structure.

Note the changes in the method signature

Previouslypublic boolean verify (oracle.security.crypto.core.PublicKey , GeneralName )

Now public boolean verify (java.security.PublicKey , GeneralName )

Parameters:
pubKey - The public key intended for the certificate, preferably taken from the CertRequest's CertTemplate.
sender - The sender's name, preferably taken from the message header.
Throws:
java.security.SignatureException

verify

public boolean verify(java.security.PublicKey pubKey,
                      byte[] password)
               throws java.security.SignatureException,
                      oracle.security.crypto.core.InvalidMACException
Verify the public key MAC in this POP's <coce>POPOSigningKeyInput structure and the signature on the structure.

Note the changes in the method signature

Previouslypublic boolean verify (oracle.security.crypto.core.PublicKey , byte[] )

Now public boolean verify (java.security.PublicKey , byte[] )

Parameters:
pubKey - The public key intended for the certificate, preferably taken from the CertRequest's CertTemplate.
password - The shared secret for the password-based-MAC on the public key.
Throws:
java.security.SignatureException
oracle.security.crypto.core.InvalidMACException

getSignatureAlgID

public oracle.security.crypto.core.AlgorithmIdentifier getSignatureAlgID()
Returns the algorithm identifier for the signature.
Returns:
the signature algorithm identifier

getSignatureBytes

public byte[] getSignatureBytes()

getSenderName

public oracle.security.crypto.cert.GeneralName getSenderName()
Returns the sender's name if it was provided separately from the CertRequest's CertTemplate.
Returns:
The sender's GeneralName if present, otherwise null.

getMacAlgID

public oracle.security.crypto.core.AlgorithmIdentifier getMacAlgID()
Returns the password-based-MAC algorithm identifier.
Returns:
A PBMacAlgID if present, otherwise null.

getMacBytes

public byte[] getMacBytes()
Returns the bytes of the public key password-based-MAC.
Returns:
The public key password-based-MAC bytes if present, otherwise returns null.

getPublicKey

public java.security.PublicKey getPublicKey()
Returns the public key if it was provided separately from the CertRequest's CertTemplate.
Returns:
The public key if present, otherwise null. Note : This method returns a java.security.PublicKey

toString

public java.lang.String toString()
Overrides:
toString in class java.lang.Object

input

public void input(java.io.InputStream is)
           throws java.io.IOException
Throws:
java.io.IOException

Skip navigation links

Overview  Package   Class  Tree  Deprecated  Index  Help 
Oracle Security Developer Tools PKI SDK CMP Java API Reference
11g (11.1.1)
E10666-02
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

Copyright © 2005, 2009, Oracle. All rights reserved.