Skip navigation links

oracle.security.crypto.tsp
Class TSPUtils

java.lang.Object
oracle.security.crypto.tsp.TSPUtils

public class TSPUtils

extends java.lang.Object

Defines various utility methods for the oracle.security.crypto.cert.tsp</code. package.

Field Summary

static java.lang.String	DEFAULT_RandomGenerator_ALGO
static java.lang.String	HASH_ALG_MD2
static java.lang.String	HASH_ALG_MD5
static java.lang.String	HASH_ALG_SHA_1

Constructor Summary

TSPUtils()

Method Summary

static oracle.security.crypto.cert.X509	convertX509(java.security.cert.X509Certificate cert) Converts an X509Certificate object to an X509 object
static oracle.security.crypto.core.AlgorithmIdentifier	getAlgoID(java.lang.String name) Algoname to algoId mapping
static java.lang.String	getAlgoName(oracle.security.crypto.core.AlgorithmIdentifier oid) Algoid to algoname mapping
static java.lang.String	getAlgoName(oracle.security.crypto.core.AlgorithmIdentifier oid, boolean removeMode) Algoid to algoname mapping
static oracle.security.crypto.cert.X509ExtensionSet	getExtensionSet(java.security.cert.X509Certificate cert) Returns a list of Extensions associated with an X509Certificate
static void	validateMessageImprint(MessageImprint mi) Verifies that the algorithm specified in the given MessageImprint object is supported and that the length of the hash in the MessageImprint object is correct for the specified algorithm.
static void	validateStatus(TSPTimeStampResp tsr) Validates the status field for the given TimeStampResp message.
static void	verifyKeyPurposeID(java.security.cert.X509Certificate cert) Verifies that the id-kp-timeStamping KeyPuposeID is present in the given X.509 certificate.
static void	verifyTimeStampTokenSignature(oracle.security.crypto.cms.CMSSignedDataContentInfo timeStampToken, java.security.cert.X509Certificate tsaCert) Verifies the signature of the given timeStampToken using the given X.509 certificate.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DEFAULT_RandomGenerator_ALGO

public static final java.lang.String DEFAULT_RandomGenerator_ALGO

See Also:

Constant Field Values

HASH_ALG_MD5

public static final java.lang.String HASH_ALG_MD5

See Also:

Constant Field Values

HASH_ALG_MD2

public static final java.lang.String HASH_ALG_MD2

See Also:

Constant Field Values

HASH_ALG_SHA_1

public static final java.lang.String HASH_ALG_SHA_1

See Also:

Constant Field Values

Constructor Detail

TSPUtils

public TSPUtils()

Method Detail

verifyKeyPurposeID

public static void verifyKeyPurposeID(java.security.cert.X509Certificate cert)
                               throws TSPException,
                                      java.io.IOException

Verifies that the id-kp-timeStamping KeyPuposeID is present in the given X.509 certificate.

Note the changes in the method signature

Previously public static void verifyKeyPurposeID (X509)

Now public static void verifyKeyPurposeID (X509Certificate)

Parameters:

cert - The certificate

Throws:

TSPException - If the id-kp-timeStamping KeyPuposeID is not present.

java.io.IOException

validateMessageImprint

public static void validateMessageImprint(MessageImprint mi)
                                   throws TSPException,
                                          java.security.NoSuchAlgorithmException

Verifies that the algorithm specified in the given MessageImprint object is supported and that the length of the hash in the MessageImprint object is correct for the specified algorithm.

Note the changes in the exceptions thrown

NoSuchAlgorithmException is introduced

AlgorithmIdentifierException is no longer thrown

Parameters:

mi - The MessageImprint object.

Throws:

java.security.NoSuchAlgorithmException - If the algorithm is not supported.

TSPException - If the hash length is incorrect.

validateStatus

public static void validateStatus(TSPTimeStampResp tsr)
                           throws TSPException

Validates the status field for the given TimeStampResp message.

Parameters:

tsr - The TimeStampResp message.

Throws:

TSPException - Can occur under the following circumstances:
a) The PKIStatus value is unsupported. b) The PKIStatus is either GRANTED or GRANTED_WITH_MODS, and the failInfo field is present. c) The PKIStatus is neither GRANTED nor GRANTED_WITH_MODS, and the failInfo field is not present. d) The failInfo value is not supported.

verifyTimeStampTokenSignature

public static void verifyTimeStampTokenSignature(oracle.security.crypto.cms.CMSSignedDataContentInfo timeStampToken,
                                                 java.security.cert.X509Certificate tsaCert)
                                          throws TSPException

Verifies the signature of the given timeStampToken using the given X.509 certificate. Also verifies that only one signature exists for the timeStampToken, that the TSA's certificate identifier (ESSCertID) is included as a signerInfo attribute, and that the certificate identifier corresponds to the given X.509 certificate.

Note the changes in the method signature

Previouslypublic static void verifyTimeStampTokenSignature (CMSSignedDataContentInfo, X509)

Now public static void verifyTimeStampTokenSignature (CMSSignedDataContentInfo. X509Certificate)

Parameters:

timeStampToken - The given timeStampToken.

tsaCert - The given X.509 certificate.

Throws:

TSPException

getExtensionSet

public static oracle.security.crypto.cert.X509ExtensionSet getExtensionSet(java.security.cert.X509Certificate cert)
                                                                    throws java.io.IOException

Returns a list of Extensions associated with an X509Certificate

Parameters:

cert - java.security.X509Certificate

Returns:

X509Extensionset - set of extensions associated with the Certificate

Throws:

java.io.IOException

getAlgoID

public static oracle.security.crypto.core.AlgorithmIdentifier getAlgoID(java.lang.String name)
                                                                 throws java.security.NoSuchAlgorithmException

Algoname to algoId mapping

Parameters:

name - Name of the algorithm

Returns:

AlgorithmIdentifier corresponding to the name of the algorithm

Throws:

java.security.NoSuchAlgorithmException

getAlgoName

public static java.lang.String getAlgoName(oracle.security.crypto.core.AlgorithmIdentifier oid)
                                    throws java.security.NoSuchAlgorithmException

Algoid to algoname mapping

Parameters:

oid - Algorithmidentifier for which algorithm name is required

Returns:

The algorithm name corresponding to the algoid

Throws:

java.security.NoSuchAlgorithmException

getAlgoName

public static java.lang.String getAlgoName(oracle.security.crypto.core.AlgorithmIdentifier oid,
                                           boolean removeMode)
                                    throws java.security.NoSuchAlgorithmException

Algoid to algoname mapping

Parameters:

oid - Algorithmidentifier for which algorithm name is required

Returns:

The algorithm name corresponding to the algoid

Throws:

java.security.NoSuchAlgorithmException

convertX509

public static oracle.security.crypto.cert.X509 convertX509(java.security.cert.X509Certificate cert)
                                                    throws java.security.cert.CertificateEncodingException

Converts an X509Certificate object to an X509 object

Parameters:

cert - X509Certificate object

Returns:

X509 object

Throws:

java.security.cert.CertificateEncodingException

Skip navigation links