|
Oracle Fusion Middleware PKI SDK CMP Java API Reference for Oracle Security Developer Tools 11g Release 1 (11.1.1) E10666-04 |
||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object
oracle.security.crypto.cmp.ProofOfPossession
oracle.security.crypto.cmp.SignaturePOP
public class SignaturePOP
CRMF proof-of-possession structure of type signature
.
ProofOfPossession
, RAVerifiedPOP
, KeyEnciphermentPOP
, KeyAgreementPOP
Nested Class Summary |
---|
Nested classes/interfaces inherited from class oracle.security.crypto.cmp.ProofOfPossession |
---|
ProofOfPossession.SubsequentMsg, ProofOfPossession.Type |
Constructor Summary | |
---|---|
SignaturePOP() Create an empty SignaturePOP . |
|
SignaturePOP(oracle.security.crypto.core.AlgorithmIdentifier sigAlgID) Create a SignaturePOP with the given signature algorithm to sign the CertRequest from the enclosing CertReqMsg . |
|
SignaturePOP(oracle.security.crypto.core.AlgorithmIdentifier sigAlgID, java.security.PublicKey pubKey, byte[] password) Create a SignaturePOP with the given signature algorithm to sign the given public key and a PasswordBasedMAC of the public key using the given password bytes. |
|
SignaturePOP(oracle.security.crypto.core.AlgorithmIdentifier sigAlgID, java.security.PublicKey pubKey, byte[] password, java.security.SecureRandom sr) Note the changes in the method signature |
|
SignaturePOP(oracle.security.crypto.core.AlgorithmIdentifier sigAlgID, java.security.PublicKey pubKey, oracle.security.crypto.cert.GeneralName sender) Create a SignaturePOP with the given signature algorithm to sign the given public key and sender name. |
|
SignaturePOP(java.io.InputStream is) |
Method Summary | |
---|---|
oracle.security.crypto.core.AlgorithmIdentifier |
getMacAlgID() Returns the password-based-MAC algorithm identifier. |
byte[] |
getMacBytes() Returns the bytes of the public key password-based-MAC. |
java.security.PublicKey |
getPublicKey() Returns the public key if it was provided separately from the CertRequest 's CertTemplate . |
oracle.security.crypto.cert.GeneralName |
getSenderName() Returns the sender's name if it was provided separately from the CertRequest 's CertTemplate . |
oracle.security.crypto.core.AlgorithmIdentifier |
getSignatureAlgID() Returns the algorithm identifier for the signature. |
byte[] |
getSignatureBytes() |
ProofOfPossession.Type |
getType() Returns one of the values defined in ProofOfPossession.Type . |
void |
input(java.io.InputStream is) |
void |
sign(CertRequest certReq, java.security.PrivateKey privKey, java.security.SecureRandom sr) Computes the signature for this SignaturePOP using the the enclosing CertReqMsg 's CertRequest . |
void |
sign(java.security.PrivateKey privKey, java.security.SecureRandom sr) Computes the signature for this SignaturePOP using the public key and sender name or the password-based MAC of the public key. |
java.lang.String |
toString() |
boolean |
verify(java.security.PublicKey pubKey, byte[] password) Verify the public key MAC in this POP's <coce>POPOSigningKeyInput structure and the signature on the structure. |
boolean |
verify(java.security.PublicKey pubKey, CertRequest certReq) Verify the POP signature on the enclosing CertReqMsg 's CertRequest . |
boolean |
verify(java.security.PublicKey pubKey, oracle.security.crypto.cert.GeneralName sender) Verify the sender name in this POP's <coce>POPOSigningKeyInput structure and the signature on the structure. |
Methods inherited from class oracle.security.crypto.cmp.ProofOfPossession |
---|
inputInstance, length, output |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait |
Constructor Detail |
---|
public SignaturePOP()
SignaturePOP
. The resulting object is not a valid proof-of-possession structure, and is intended primarily for use in conjunction with the input(java.io.InputStream)
method.public SignaturePOP(oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)
SignaturePOP
with the given signature algorithm to sign the CertRequest
from the enclosing CertReqMsg
.
Note: This constructor must be used when the CertRequest
's CertTemplate
contains both the public key and subject name. Otherwise, use either the SignaturePOP(AlgorithmIdentifier, PublicKey, GeneralName)
or the SignaturePOP(AlgorithmIdentifier, PublicKey, byte[])
constructor.
sigAlgID
- The signature algorithm to use.public SignaturePOP(oracle.security.crypto.core.AlgorithmIdentifier sigAlgID, java.security.PublicKey pubKey, oracle.security.crypto.cert.GeneralName sender) throws java.security.InvalidKeyException
SignaturePOP
with the given signature algorithm to sign the given public key and sender name.
Note: This constructor (or SignaturePOP(AlgorithmIdentifier, PublicKey, byte[])
) must be used only when the CertRequest
's CertTemplate
does not contain both the public key and subject name. If neither value is missing from the template use the constructor SignaturePOP(AlgorithmIdentifier)
.
Note the changes in the method signature
Previously public SignaturePOP (AlgorithmIdentifier , oracle.security.crypto.core.PublicKey , GeneralName )
Now public SignaturePOP (AlgorithmIdentifier , java.security.PublicKey, GeneralName )
sigAlgID
- The signature algorithm to use.pubKey
- The subject public key of the certificate request.sender
- The sender's GeneralName
.java.security.InvalidKeyException
public SignaturePOP(oracle.security.crypto.core.AlgorithmIdentifier sigAlgID, java.security.PublicKey pubKey, byte[] password) throws java.security.NoSuchAlgorithmException, oracle.security.crypto.core.AlgorithmIdentifierException
SignaturePOP
with the given signature algorithm to sign the given public key and a PasswordBasedMAC
of the public key using the given password bytes.
Note: This constructor (or SignaturePOP(AlgorithmIdentifier, PublicKey pubKey, GeneralName sender)
) must be used only when the CertRequest
's CertTemplate
does not contain both the public key and subject name. If neither value is missing from the template, use the constructor SignaturePOP(AlgorithmIdentifier)
.
Note the changes in the method signature
Previously public SignaturePOP (AlgorithmIdentifier , oracle.security.crypto.core.PublicKey , byte[] )
Now public SignaturePOP (AlgorithmIdentifier , java.security.PublicKey, byte[])
Note the changes in the exceptions thrown
Exceptions introduced -- NoSuchAlgorithmException
sigAlgID
- The signature algorithm to use.pubKey
- The subject public key of the certificate request.password
- The bytes of the shared secret to be used in computing a password-based MAC. It is recommended (PKCS #5) that the password be at least 12 bytes, to complement a default salt length of 8 bytes and a hash value length of 20 bytes (SHA-1).java.security.NoSuchAlgorithmException
oracle.security.crypto.core.AlgorithmIdentifierException
public SignaturePOP(oracle.security.crypto.core.AlgorithmIdentifier sigAlgID, java.security.PublicKey pubKey, byte[] password, java.security.SecureRandom sr) throws oracle.security.crypto.core.AlgorithmIdentifierException
Note the changes in the method signature
Previously public SignaturePOP (AlgorithmIdentifier , oracle.security.crypto.core.PublicKey , byte[] , RandomBitsSource )
Now public SignaturePOP (AlgorithmIdentifier , java.security.PublicKey , byte[], SecureRandom)
oracle.security.crypto.core.AlgorithmIdentifierException
public SignaturePOP(java.io.InputStream is) throws java.io.IOException
java.io.IOException
Method Detail |
---|
public ProofOfPossession.Type getType()
ProofOfPossession
ProofOfPossession.Type
.getType
in class ProofOfPossession
public void sign(java.security.PrivateKey privKey, java.security.SecureRandom sr) throws java.security.SignatureException
SignaturePOP
using the public key and sender name or the password-based MAC of the public key. If this method is not invoked explicitly on the SignaturePOP
instance, it will be called by the enclosing CertReqMsg
's constructor.
Note the changes in the method signature
Previouslypublic void sign (oracle.security.crypto.core.PrivateKey , RandomBitsSource)
Now public void sign (java.security.PrivateKey , SecureRandom )
Note: This method must be used only when the CertRequest
's CertTemplate
does not contain both the public key and subject name. If neither value is missing from the template use the SignaturePOP(AlgorithmIdentifier)
constructor and the signing method sign(CertRequest, PrivateKey, SecureRandom)
.
java.security.SignatureException
public void sign(CertRequest certReq, java.security.PrivateKey privKey, java.security.SecureRandom sr) throws java.security.SignatureException
SignaturePOP
using the the enclosing CertReqMsg
's CertRequest
. If this method is not invoked explicitly on the SignaturePOP
instance, it will be called by the enclosing CertReqMsg
's constructor.
Note the changes in the method signature
Previouslypublic void sign (CertRequest ,oracle.security.crypto.core.PrivateKey , RandomBitsSource)
Now public void sign (CertRequest ,java.security.PrivateKey , SecureRandom )
Note: This method must be used only when the CertRequest
's CertTemplate
contains both the public key and subject name. If either value is missing from the template use the SignaturePOP(AlgorithmIdentifier, PublicKey, GeneralName)
or the SignaturePOP(AlgorithmIdentifier, PublicKey, byte[])
constructor, and the signing method sign(PrivateKey, SecureRandom)
.
java.security.SignatureException
public boolean verify(java.security.PublicKey pubKey, CertRequest certReq) throws java.security.SignatureException
CertReqMsg
's CertRequest
.
Note the changes in the method signature
Previouslypublic boolean verify (oracle.security.crypto.core.PublicKey , CertRequest )
Now public boolean verify (java.security.PublicKey , CertRequest )
pubKey
- The public key intended for the certificate, preferably taken from the CertRequest
's CertTemplate
.certReq
- The CertRequest
structure.java.security.SignatureException
public boolean verify(java.security.PublicKey pubKey, oracle.security.crypto.cert.GeneralName sender) throws java.security.SignatureException
Note the changes in the method signature
Previouslypublic boolean verify (oracle.security.crypto.core.PublicKey , GeneralName )
Now public boolean verify (java.security.PublicKey , GeneralName )
pubKey
- The public key intended for the certificate, preferably taken from the CertRequest
's CertTemplate
.sender
- The sender's name, preferably taken from the message header.java.security.SignatureException
public boolean verify(java.security.PublicKey pubKey, byte[] password) throws java.security.SignatureException, oracle.security.crypto.core.InvalidMACException
Note the changes in the method signature
Previouslypublic boolean verify (oracle.security.crypto.core.PublicKey , byte[] )
Now public boolean verify (java.security.PublicKey , byte[] )
pubKey
- The public key intended for the certificate, preferably taken from the CertRequest
's CertTemplate
.password
- The shared secret for the password-based-MAC on the public key.java.security.SignatureException
oracle.security.crypto.core.InvalidMACException
public oracle.security.crypto.core.AlgorithmIdentifier getSignatureAlgID()
public byte[] getSignatureBytes()
public oracle.security.crypto.cert.GeneralName getSenderName()
CertRequest
's CertTemplate
.GeneralName
if present, otherwise null
.public oracle.security.crypto.core.AlgorithmIdentifier getMacAlgID()
PBMacAlgID
if present, otherwise null
.public byte[] getMacBytes()
null
.public java.security.PublicKey getPublicKey()
CertRequest
's CertTemplate
.null
. Note : This method returns a java.security.PublicKeypublic java.lang.String toString()
toString
in class java.lang.Object
public void input(java.io.InputStream is) throws java.io.IOException
java.io.IOException
|
Oracle Fusion Middleware PKI SDK CMP Java API Reference for Oracle Security Developer Tools 11g Release 1 (11.1.1) E10666-04 |
||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |