oracle.security.crypto.cmp

Class SignaturePOP

java.lang.Object

oracle.security.crypto.cmp.ProofOfPossession

oracle.security.crypto.cmp.SignaturePOP

public class SignaturePOP
extends ProofOfPossession

CRMF proof-of-possession structure of type signature.

See Also:

ProofOfPossession, RAVerifiedPOP, KeyEnciphermentPOP, KeyAgreementPOP

Nested Class Summary

Nested classes/interfaces inherited from class oracle.security.crypto.cmp.ProofOfPossession

ProofOfPossession.SubsequentMsg, ProofOfPossession.Type

Constructor Summary

Constructors

Constructor and Description
SignaturePOP() Create an empty SignaturePOP.
SignaturePOP(AlgorithmIdentifier sigAlgID) Create a SignaturePOP with the given signature algorithm to sign the CertRequest from the enclosing CertReqMsg.
SignaturePOP(AlgorithmIdentifier sigAlgID, java.security.PublicKey pubKey, byte[] password) Create a SignaturePOP with the given signature algorithm to sign the given public key and a PasswordBasedMAC of the public key using the given password bytes.
SignaturePOP(AlgorithmIdentifier sigAlgID, java.security.PublicKey pubKey, byte[] password, java.security.SecureRandom sr) Note the changes in the method signature
SignaturePOP(AlgorithmIdentifier sigAlgID, java.security.PublicKey pubKey, GeneralName sender) Create a SignaturePOP with the given signature algorithm to sign the given public key and sender name.

Method Summary

Modifier and Type	Method and Description
AlgorithmIdentifier	getMacAlgID() Returns the password-based-MAC algorithm identifier.
byte[]	getMacBytes() Returns the bytes of the public key password-based-MAC.
java.security.PublicKey	getPublicKey() Returns the public key if it was provided separately from the CertRequest's CertTemplate.
GeneralName	getSenderName() Returns the sender's name if it was provided separately from the CertRequest's CertTemplate.
AlgorithmIdentifier	getSignatureAlgID() Returns the algorithm identifier for the signature.
byte[]	getSignatureBytes()
ProofOfPossession.Type	getType() Returns one of the values defined in ProofOfPossession.Type.
void	input(java.io.InputStream is)
void	sign(CertRequest certReq, java.security.PrivateKey privKey, java.security.SecureRandom sr) Computes the signature for this SignaturePOP using the the enclosing CertReqMsg's CertRequest.
void	sign(java.security.PrivateKey privKey, java.security.SecureRandom sr) Computes the signature for this SignaturePOP using the public key and sender name or the password-based MAC of the public key.
java.lang.String	toString()
boolean	verify(java.security.PublicKey pubKey, byte[] password) Verify the public key MAC in this POP's POPOSigningKeyInput structure and the signature on the structure.
boolean	verify(java.security.PublicKey pubKey, CertRequest certReq) Verify the POP signature on the enclosing CertReqMsg's CertRequest.
boolean	verify(java.security.PublicKey pubKey, GeneralName sender) Verify the sender name in this POP's POPOSigningKeyInput structure and the signature on the structure.

Methods inherited from class oracle.security.crypto.cmp.ProofOfPossession

inputInstance, length, output

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

SignaturePOP

public SignaturePOP()

Create an empty SignaturePOP. The resulting object is not a valid proof-of-possession structure, and is intended primarily for use in conjunction with the input(java.io.InputStream) method.

SignaturePOP

public SignaturePOP(AlgorithmIdentifier sigAlgID)

Create a SignaturePOP with the given signature algorithm to sign the CertRequest from the enclosing CertReqMsg.

Note: This constructor must be used when the CertRequest's CertTemplate contains both the public key and subject name. Otherwise, use either the SignaturePOP(AlgorithmIdentifier, PublicKey, GeneralName) or the SignaturePOP(AlgorithmIdentifier, PublicKey, byte[]) constructor.

Parameters:

sigAlgID - The signature algorithm to use.

SignaturePOP

public SignaturePOP(AlgorithmIdentifier sigAlgID,
                    java.security.PublicKey pubKey,
                    GeneralName sender)
             throws java.security.InvalidKeyException

Create a SignaturePOP with the given signature algorithm to sign the given public key and sender name.

Note: This constructor (or SignaturePOP(AlgorithmIdentifier, PublicKey, byte[])) must be used only when the CertRequest's CertTemplate does not contain both the public key and subject name. If neither value is missing from the template use the constructor SignaturePOP(AlgorithmIdentifier).

Note the changes in the method signature

Previously public SignaturePOP (AlgorithmIdentifier , oracle.security.crypto.core.PublicKey , GeneralName )

Now public SignaturePOP (AlgorithmIdentifier , java.security.PublicKey, GeneralName )

Parameters:

sigAlgID - The signature algorithm to use.

pubKey - The subject public key of the certificate request.

sender - The sender's GeneralName.

Throws:

java.security.InvalidKeyException

SignaturePOP

public SignaturePOP(AlgorithmIdentifier sigAlgID,
                    java.security.PublicKey pubKey,
                    byte[] password)
             throws java.security.NoSuchAlgorithmException,
                    AlgorithmIdentifierException

Create a SignaturePOP with the given signature algorithm to sign the given public key and a PasswordBasedMAC of the public key using the given password bytes.

Note: This constructor (or SignaturePOP(AlgorithmIdentifier, PublicKey pubKey, GeneralName sender)) must be used only when the CertRequest's CertTemplate does not contain both the public key and subject name. If neither value is missing from the template, use the constructor SignaturePOP(AlgorithmIdentifier).

Note the changes in the method signature

Previously public SignaturePOP (AlgorithmIdentifier , oracle.security.crypto.core.PublicKey , byte[] )

Now public SignaturePOP (AlgorithmIdentifier , java.security.PublicKey, byte[])

Note the changes in the exceptions thrown

Exceptions introduced -- NoSuchAlgorithmException

Parameters:

sigAlgID - The signature algorithm to use.

pubKey - The subject public key of the certificate request.

password - The bytes of the shared secret to be used in computing a password-based MAC. It is recommended (PKCS #5) that the password be at least 12 bytes, to complement a default salt length of 8 bytes and a hash value length of 20 bytes (SHA-1).

Throws:

java.security.NoSuchAlgorithmException

AlgorithmIdentifierException

SignaturePOP

public SignaturePOP(AlgorithmIdentifier sigAlgID,
                    java.security.PublicKey pubKey,
                    byte[] password,
                    java.security.SecureRandom sr)
             throws AlgorithmIdentifierException

Note the changes in the method signature

Previously public SignaturePOP (AlgorithmIdentifier , oracle.security.crypto.core.PublicKey , byte[] , RandomBitsSource )

Now public SignaturePOP (AlgorithmIdentifier , java.security.PublicKey , byte[], SecureRandom)

Throws:

AlgorithmIdentifierException

Method Detail

getType

public ProofOfPossession.Type getType()

Description copied from class: ProofOfPossession

Returns one of the values defined in ProofOfPossession.Type.

Specified by:

getType in class ProofOfPossession

sign

public void sign(java.security.PrivateKey privKey,
                 java.security.SecureRandom sr)
          throws java.security.SignatureException

Computes the signature for this SignaturePOP using the public key and sender name or the password-based MAC of the public key. If this method is not invoked explicitly on the SignaturePOP instance, it will be called by the enclosing CertReqMsg's constructor.

Note the changes in the method signature

Previouslypublic void sign (oracle.security.crypto.core.PrivateKey , RandomBitsSource)

Now public void sign (java.security.PrivateKey , SecureRandom )

Note: This method must be used only when the CertRequest's CertTemplate does not contain both the public key and subject name. If neither value is missing from the template use the SignaturePOP(AlgorithmIdentifier) constructor and the signing method sign(CertRequest, PrivateKey, SecureRandom).

Throws:

java.security.SignatureException

sign

public void sign(CertRequest certReq,
                 java.security.PrivateKey privKey,
                 java.security.SecureRandom sr)
          throws java.security.SignatureException

Computes the signature for this SignaturePOP using the the enclosing CertReqMsg's CertRequest. If this method is not invoked explicitly on the SignaturePOP instance, it will be called by the enclosing CertReqMsg's constructor.

Note the changes in the method signature

Previouslypublic void sign (CertRequest ,oracle.security.crypto.core.PrivateKey , RandomBitsSource)

Now public void sign (CertRequest ,java.security.PrivateKey , SecureRandom )

Note: This method must be used only when the CertRequest's CertTemplate contains both the public key and subject name. If either value is missing from the template use the SignaturePOP(AlgorithmIdentifier, PublicKey, GeneralName) or the SignaturePOP(AlgorithmIdentifier, PublicKey, byte[]) constructor, and the signing method sign(PrivateKey, SecureRandom).

Throws:

java.security.SignatureException

verify

public boolean verify(java.security.PublicKey pubKey,
                      CertRequest certReq)
               throws java.security.SignatureException

Verify the POP signature on the enclosing CertReqMsg's CertRequest.

Note the changes in the method signature

Previouslypublic boolean verify (oracle.security.crypto.core.PublicKey , CertRequest )

Now public boolean verify (java.security.PublicKey , CertRequest )

Parameters:

pubKey - The public key intended for the certificate, preferably taken from the CertRequest's CertTemplate.

certReq - The CertRequest structure.

Throws:

java.security.SignatureException

verify

public boolean verify(java.security.PublicKey pubKey,
                      GeneralName sender)
               throws java.security.SignatureException

Verify the sender name in this POP's POPOSigningKeyInput structure and the signature on the structure.

Note the changes in the method signature

Previouslypublic boolean verify (oracle.security.crypto.core.PublicKey , GeneralName )

Now public boolean verify (java.security.PublicKey , GeneralName )

Parameters:

pubKey - The public key intended for the certificate, preferably taken from the CertRequest's CertTemplate.

sender - The sender's name, preferably taken from the message header.

Throws:

java.security.SignatureException

verify

public boolean verify(java.security.PublicKey pubKey,
                      byte[] password)
               throws java.security.SignatureException,
                      InvalidMACException

Verify the public key MAC in this POP's POPOSigningKeyInput structure and the signature on the structure.

Note the changes in the method signature

Previouslypublic boolean verify (oracle.security.crypto.core.PublicKey , byte[] )

Now public boolean verify (java.security.PublicKey , byte[] )

Parameters:

pubKey - The public key intended for the certificate, preferably taken from the CertRequest's CertTemplate.

password - The shared secret for the password-based-MAC on the public key.

Throws:

java.security.SignatureException

InvalidMACException

getSignatureAlgID

public AlgorithmIdentifier getSignatureAlgID()

Returns the algorithm identifier for the signature.

Returns:

the signature algorithm identifier

getSignatureBytes

public byte[] getSignatureBytes()

getSenderName

public GeneralName getSenderName()

Returns the sender's name if it was provided separately from the CertRequest's CertTemplate.

Returns:

The sender's GeneralName if present, otherwise null.

getMacAlgID

public AlgorithmIdentifier getMacAlgID()

Returns the password-based-MAC algorithm identifier.

Returns:

A PBMacAlgID if present, otherwise null.

getMacBytes

public byte[] getMacBytes()

Returns the bytes of the public key password-based-MAC.

Returns:

The public key password-based-MAC bytes if present, otherwise returns null.

getPublicKey

public java.security.PublicKey getPublicKey()

Returns the public key if it was provided separately from the CertRequest's CertTemplate.

Returns:

The public key if present, otherwise null. Note : This method returns a java.security.PublicKey

toString

public java.lang.String toString()

Overrides:

toString in class java.lang.Object

input

public void input(java.io.InputStream is)
           throws java.io.IOException

Throws:

java.io.IOException