anon.crypto
Class JAPCertificate

java.lang.Object
  anon.crypto.JAPCertificate

All Implemented Interfaces:

ICertificate, IXMLEncodable, java.lang.Cloneable

public final class JAPCertificate
extends java.lang.Object
implements IXMLEncodable, java.lang.Cloneable, ICertificate

This class represents an X509 certificate.

Nested Class Summary

private static class	JAPCertificate.X509CertificateGenerator This class is used to create, duplicate and sign X509 certificates.
private static class	JAPCertificate.X509CertificateInstantiator

Field Summary

private static java.lang.String	BASE64_ALTERNATIVE_TAG
private static java.lang.String	BASE64_TAG
static int	CERTIFICATE_TYPE_INFOSERVICE This is the certificate type constant for infoservice certificates.
static int	CERTIFICATE_TYPE_MIX This is the certificate type constant for mix certificates.
static int	CERTIFICATE_TYPE_PAYMENT Other certificate types
static int	CERTIFICATE_TYPE_ROOT
static int	CERTIFICATE_TYPE_ROOT_INFOSERVICE
static int	CERTIFICATE_TYPE_ROOT_MIX This are the certificate type constant for root certificates.
static int	CERTIFICATE_TYPE_ROOT_PAYMENT
static int	CERTIFICATE_TYPE_ROOT_TERMS_AND_CONDITIONS
static int	CERTIFICATE_TYPE_ROOT_UPDATE
static int	CERTIFICATE_TYPE_TERMS_AND_CONDITIONS
static int	CERTIFICATE_TYPE_UPDATE This is the certificate type constant for update certificates.
private static java.lang.String	DSA_WITH_SHA1
private static java.lang.String	ECDSA_WITH_SHA1
private static java.lang.String	IDENTIFIER_DSA_WITH_SHA1 SignatureAlgorithmIdentifiers and their names as specified by RFC 3279
private static java.lang.String	IDENTIFIER_ECDSA_WITH_SHA1
private static java.lang.String	IDENTIFIER_MD2_WITH_RSA_ENCRYPTION
private static java.lang.String	IDENTIFIER_MD5_WITH_RSA_ENCRYPTION
private static java.lang.String	IDENTIFIER_SHA1_WITH_RSA_ENCRYPTION
private org.bouncycastle.asn1.x509.X509CertificateStructure	m_bcCertificate
private X509Extensions	m_extensions
private java.lang.String	m_id
private X509DistinguishedName	m_issuer
private java.lang.String	m_md5Fingerprint
private IMyPublicKey	m_PubKey
private java.lang.String	m_sha1Fingerprint
private X509DistinguishedName	m_subject
private X509SubjectKeyIdentifier	m_subjectKeyIdentifier
private Validity	m_validity
private static java.lang.String	MD2_WITH_RSA_ENCRYPTION
private static java.lang.String	MD5_WITH_RSA_ENCRYPTION
private static IMyPrivateKey	ms_dummyPrivateKey The dummy private key is used to create temporary certificates.
private static java.lang.String	SHA1_WITH_RSA_ENCRYPTION
static java.lang.String	XML_ELEMENT_CONTAINER_NAME
static java.lang.String	XML_ELEMENT_NAME

Fields inherited from interface anon.util.IXMLEncodable

FIELD_XML_ELEMENT_CONTAINER_NAME, FIELD_XML_ELEMENT_NAME, XML_ATTR_ID, XML_ATTR_LANGUAGE, XML_ATTR_VERSION

Constructor Summary

private

JAPCertificate(org.bouncycastle.asn1.x509.X509CertificateStructure x509cert) Creates a new certificate from a valid X509 certificate structure.

Method Summary

static java.lang.String	calculateXORofSKIs(java.util.Vector a_certificates)
java.lang.Object	clone()
protected static java.lang.String	createFingerprint(org.bouncycastle.crypto.digests.GeneralDigest a_digestGenerator, byte[] a_data) Creates a human readable fingerprint for this certificate.
boolean	equals(java.lang.Object a_certificate)
java.lang.String	getAnyEmailAddress() getAnyEmailAddress: checks all reasonably likely places in the certificate for an email address
(package private) org.bouncycastle.asn1.DEREncodable	getBouncyCastleCertificate()
(package private) org.bouncycastle.asn1.x509.SubjectPublicKeyInfo	getBouncyCastleSubjectPublicKeyInfo()
private static IMyPrivateKey	getDummyPrivateKey() Gets a dummy private key for creating X509 certificates from trusted public keys.
X509Extensions	getExtensions() Returns the certificate's X509 extensions.
java.lang.String	getId() Returns a unique id for this certificate.
static JAPCertificate	getInstance(byte[] a_certificate) Creates a certificate instance by using the encoded variant of the certificate.
static JAPCertificate	getInstance(java.io.File a_file) Creates a certificate instance by using a file (either DER encoded or PEM).
static JAPCertificate	getInstance(IMyPublicKey a_publicKey, java.util.Calendar a_validFrom) Creates an X509 certificate with a short validity from a public key.
static JAPCertificate	getInstance(java.io.InputStream a_in) Creates a certificate by using an input stream.
static JAPCertificate	getInstance(JAPCertificate x509cert) Creates a new certificate from a valid X509 certificate.
static JAPCertificate	getInstance(org.w3c.dom.Node a_NodeRoot) Creates a certificate instance by using a XML Node as input.
static JAPCertificate	getInstance(java.lang.String a_certString) Creates a certificate instance by using a file name.
static java.util.Hashtable	getInstance(java.lang.String a_strResourceSearchPath, boolean a_bRecursive) Instantiates all certificates found in the specified relative resource path.
static java.util.Hashtable	getInstance(java.lang.String a_strResourceSearchPath, boolean a_bRecursive, java.lang.String a_strIgnoreCertMark)
static JAPCertificate	getInstance(org.bouncycastle.asn1.x509.X509CertificateStructure x509cert) Creates a new certificate from a valid X509 certificate structure.
static JAPCertificate	getInstance(X509DistinguishedName a_ownerAlias, AsymmetricCryptoKeyPair a_keyPair, Validity a_validity) Creates an X509 certificate from a key pair.
static JAPCertificate	getInstance(X509DistinguishedName a_ownerAlias, AsymmetricCryptoKeyPair a_keyPair, Validity a_validity, X509Extensions a_extensions) Creates an X509 certificate from a key pair.
static JAPCertificate	getInstance(X509DistinguishedName a_ownerAlias, X509DistinguishedName a_issuer, IMyPrivateKey a_privateKey, IMyPublicKey a_publicKey, Validity a_validity, X509Extensions a_extensions, java.math.BigInteger a_serialNumber) Creates an X509 certificate.
X509DistinguishedName	getIssuer()
java.lang.String	getMD5Fingerprint() Gets a human readable MD5 fingerprint for this certificate.
IMyPublicKey	getPublicKey() Returns the public key of the certificate.
byte[]	getRawSubjectKeyIdentifier() Returns the byte representation of the X509SubjectKeyIdentifier
java.math.BigInteger	getSerialNumber()
java.lang.String	getSHA1Fingerprint() Gets a human readable SHA1 fingerprint for this certificate.
java.lang.String	getSignatureAlgorithmName() Converts the ObjectIdentifier from the certificate's signature algorithm into its human-readable Name as specified by RFC 3279.
X509DistinguishedName	getSubject() Returns the distinguished name.
java.lang.String	getSubjectKeyIdentifier() Returns the String representation of the X509SubjectKeyIdentifier
java.lang.String	getSubjectKeyIdentifierConcatenated()
Validity	getValidity() Returns the validity period of this certificate.
JAPCertificate	getX509Certificate() Returns a reference to this certificate.
int	hashCode() The hash code is derived from the certificate`s id.
boolean	isRevoked()
boolean	isSelfSigned() Returns true if this cert is self-signed.
JAPCertificate	sign(PKCS12 a_signerCertificate) Creates a duplicate of this certificate that is signed with a the PKCS12 certificate.
JAPCertificate	sign(PKCS12 a_signerCertificate, Validity a_validity, X509Extensions a_extensions, java.math.BigInteger a_serialNumber) Creates a duplicate of this certificate that is signed with a the PKCS12 certificate.
void	store(java.io.OutputStream a_ostream) Writes this certificate to an output stream.
void	store(java.io.OutputStream a_ostream, boolean a_bBase64Encoded) Writes this certificate to an output stream.
(package private) static org.bouncycastle.asn1.ASN1Sequence	toASN1Sequence(byte[] a_bytes, java.lang.String a_xmlElementName) Converts a DER or BER encoded byte array into an ASN1 sequence.
byte[]	toByteArray() Converts the certificate to a byte array.
byte[]	toByteArray(boolean a_Base64Encoded) Converts the certificate to a byte array.
org.w3c.dom.Element	toXmlElement(org.w3c.dom.Document a_doc) Creates XML element of certificate consisting of: Base64 encocded cert
boolean	verify(java.util.Enumeration a_verifyingCertificates) Checks if a given Certificate could be directly verified against a set of other certificates.
boolean	verify(java.util.Hashtable a_verifyingCertificates) Checks if a given Certificate could be directly verified against a set of other certificates.
boolean	verify(IMyPublicKey a_publicKey) Verifies the certificate by using the public key.
boolean	verify(JAPCertificate a_certificate) Verifies the certificate using an other X509 certificate.
boolean	verify(java.util.Vector a_verifyingCertificates) Checks if a given Certificate could be directly verified against a set of other certificates.

Methods inherited from class java.lang.Object

finalize, getClass, notify, notifyAll, toString, wait, wait, wait

Field Detail

CERTIFICATE_TYPE_ROOT_MIX

public static final int CERTIFICATE_TYPE_ROOT_MIX

This are the certificate type constant for root certificates. Root certificates are used to verify other certificates (at the moment only one indirection is supported, so root certificates cannot verify other root certificates). At the moment we have root certificates for Mixes and for InfoServices.

See Also:

Constant Field Values

CERTIFICATE_TYPE_ROOT_INFOSERVICE

public static final int CERTIFICATE_TYPE_ROOT_INFOSERVICE

See Also:

Constant Field Values

CERTIFICATE_TYPE_ROOT_UPDATE

public static final int CERTIFICATE_TYPE_ROOT_UPDATE

See Also:

Constant Field Values

CERTIFICATE_TYPE_ROOT_PAYMENT

public static final int CERTIFICATE_TYPE_ROOT_PAYMENT

See Also:

Constant Field Values

CERTIFICATE_TYPE_MIX

public static final int CERTIFICATE_TYPE_MIX

This is the certificate type constant for mix certificates. Mix certificates are used to create or verify the signature of mix, mixcascade or cascade-state XML structures.

See Also:

Constant Field Values

CERTIFICATE_TYPE_INFOSERVICE

public static final int CERTIFICATE_TYPE_INFOSERVICE

This is the certificate type constant for infoservice certificates. InfoService certificates are used to create or verify the signature of an infoservice XML structure.

See Also:

Constant Field Values

CERTIFICATE_TYPE_UPDATE

public static final int CERTIFICATE_TYPE_UPDATE

This is the certificate type constant for update certificates. Update certificates are used to create or verify the signature of all JAP update related structures like the minimum required JAP version or the Java WebStart files for the release or development version of JAP.

See Also:

Constant Field Values

CERTIFICATE_TYPE_PAYMENT

public static final int CERTIFICATE_TYPE_PAYMENT

Other certificate types

See Also:

Constant Field Values

CERTIFICATE_TYPE_TERMS_AND_CONDITIONS

public static final int CERTIFICATE_TYPE_TERMS_AND_CONDITIONS

See Also:

Constant Field Values

CERTIFICATE_TYPE_ROOT_TERMS_AND_CONDITIONS

public static final int CERTIFICATE_TYPE_ROOT_TERMS_AND_CONDITIONS

See Also:

Constant Field Values

CERTIFICATE_TYPE_ROOT

public static final int CERTIFICATE_TYPE_ROOT

See Also:

Constant Field Values

XML_ELEMENT_NAME

public static final java.lang.String XML_ELEMENT_NAME

See Also:

Constant Field Values

XML_ELEMENT_CONTAINER_NAME

public static final java.lang.String XML_ELEMENT_CONTAINER_NAME

See Also:

Constant Field Values

BASE64_TAG

private static final java.lang.String BASE64_TAG

See Also:

Constant Field Values

BASE64_ALTERNATIVE_TAG

private static final java.lang.String BASE64_ALTERNATIVE_TAG

See Also:

Constant Field Values

IDENTIFIER_DSA_WITH_SHA1

private static final java.lang.String IDENTIFIER_DSA_WITH_SHA1

SignatureAlgorithmIdentifiers and their names as specified by RFC 3279

See Also:

Constant Field Values

DSA_WITH_SHA1

private static final java.lang.String DSA_WITH_SHA1

See Also:

Constant Field Values

IDENTIFIER_MD2_WITH_RSA_ENCRYPTION

private static final java.lang.String IDENTIFIER_MD2_WITH_RSA_ENCRYPTION

See Also:

Constant Field Values

MD2_WITH_RSA_ENCRYPTION

private static final java.lang.String MD2_WITH_RSA_ENCRYPTION

See Also:

Constant Field Values

IDENTIFIER_MD5_WITH_RSA_ENCRYPTION

private static final java.lang.String IDENTIFIER_MD5_WITH_RSA_ENCRYPTION

See Also:

Constant Field Values

MD5_WITH_RSA_ENCRYPTION

private static final java.lang.String MD5_WITH_RSA_ENCRYPTION

See Also:

Constant Field Values

IDENTIFIER_SHA1_WITH_RSA_ENCRYPTION

private static final java.lang.String IDENTIFIER_SHA1_WITH_RSA_ENCRYPTION

See Also:

Constant Field Values

SHA1_WITH_RSA_ENCRYPTION

private static final java.lang.String SHA1_WITH_RSA_ENCRYPTION

See Also:

Constant Field Values

IDENTIFIER_ECDSA_WITH_SHA1

private static final java.lang.String IDENTIFIER_ECDSA_WITH_SHA1

See Also:

Constant Field Values

ECDSA_WITH_SHA1

private static final java.lang.String ECDSA_WITH_SHA1

See Also:

Constant Field Values

ms_dummyPrivateKey

private static IMyPrivateKey ms_dummyPrivateKey

The dummy private key is used to create temporary certificates.

m_bcCertificate

private org.bouncycastle.asn1.x509.X509CertificateStructure m_bcCertificate

m_subject

private X509DistinguishedName m_subject

m_issuer

private X509DistinguishedName m_issuer

m_extensions

private X509Extensions m_extensions

m_subjectKeyIdentifier

private X509SubjectKeyIdentifier m_subjectKeyIdentifier

m_PubKey

private IMyPublicKey m_PubKey

m_id

private java.lang.String m_id

m_sha1Fingerprint

private java.lang.String m_sha1Fingerprint

m_md5Fingerprint

private java.lang.String m_md5Fingerprint

m_validity

private Validity m_validity

Constructor Detail

JAPCertificate

private JAPCertificate(org.bouncycastle.asn1.x509.X509CertificateStructure x509cert)
                throws java.lang.IllegalArgumentException

Creates a new certificate from a valid X509 certificate structure.

Parameters:

x509cert - a valid X509 certificate structure

Throws:

java.lang.IllegalArgumentException - if the certificate structure is invalid

Method Detail

getInstance

public static JAPCertificate getInstance(org.bouncycastle.asn1.x509.X509CertificateStructure x509cert)

Creates a new certificate from a valid X509 certificate structure.

Parameters:

x509cert - a valid X509 certificate structure

Returns:

null if no certificate could be created from the certificate structure

getInstance

public static JAPCertificate getInstance(JAPCertificate x509cert)

Creates a new certificate from a valid X509 certificate.

Parameters:

x509cert - a valid X509 certificate

Returns:

null if no certificate could be created from the certificate

getInstance

public static JAPCertificate getInstance(byte[] a_certificate)

Creates a certificate instance by using the encoded variant of the certificate.

Parameters:

a_certificate - Byte Array of the Certificate

Returns:

Certificate

getInstance

public static java.util.Hashtable getInstance(java.lang.String a_strResourceSearchPath,
                                              boolean a_bRecursive,
                                              java.lang.String a_strIgnoreCertMark)

getInstance

public static java.util.Hashtable getInstance(java.lang.String a_strResourceSearchPath,
                                              boolean a_bRecursive)

Instantiates all certificates found in the specified relative resource path.

Parameters:

a_strResourceSearchPath - a relative path to a resource

a_bRecursive - if true subdirectories are searched, too

Returns:

a Hashtable with all instanciated certificates

getInstance

public static JAPCertificate getInstance(java.io.InputStream a_in)

Creates a certificate by using an input stream.

Parameters:

a_in - Inputstream that holds the certificate

Returns:

Certificate

getInstance

public static JAPCertificate getInstance(org.w3c.dom.Node a_NodeRoot)

Creates a certificate instance by using a XML Node as input.

Parameters:

a_NodeRoot - XML Node

Returns:

Certificate

getInstance

public static JAPCertificate getInstance(java.io.File a_file)

Creates a certificate instance by using a file (either DER encoded or PEM).

Parameters:

a_file - File that holds the certificate

Returns:

Certificate

getInstance

public static JAPCertificate getInstance(java.lang.String a_certString)

Creates a certificate instance by using a file name.

Parameters:

a_strFileName - Name of File that holds the certificate

Returns:

Certificate

getInstance

public static final JAPCertificate getInstance(IMyPublicKey a_publicKey,
                                               java.util.Calendar a_validFrom)

Creates an X509 certificate with a short validity from a public key. The certificate has no owner an no valid signature, and it is not enabled. But this method is useful if there is a trusted public key, but no corresponding certificate available. Use this method with care, and enable the certificate only if the public key is really trusted!

Parameters:

a_publicKey - IMyPublicKey

a_validFrom - The date from which the certificate is valid.

Returns:

JAPCertificate

getInstance

public static JAPCertificate getInstance(X509DistinguishedName a_ownerAlias,
                                         AsymmetricCryptoKeyPair a_keyPair,
                                         Validity a_validity)

Creates an X509 certificate from a key pair. This method is used to create a self-signed public certificate.

Parameters:

a_ownerAlias - The owner of the certificate.

a_keyPair - a key pair

a_validity - the validity period of this certificate

Returns:

an X509 certificate

getInstance

public static JAPCertificate getInstance(X509DistinguishedName a_ownerAlias,
                                         AsymmetricCryptoKeyPair a_keyPair,
                                         Validity a_validity,
                                         X509Extensions a_extensions)

Creates an X509 certificate from a key pair. This method is used to create a self-signed public certificate.

Parameters:

a_ownerAlias - The owner of the certificate.

a_keyPair - a key pair

a_validity - the validity period of this certificate

a_extensions - some X509 extensions (may be null)

Returns:

an X509 certificate

calculateXORofSKIs

public static java.lang.String calculateXORofSKIs(java.util.Vector a_certificates)

equals

public boolean equals(java.lang.Object a_certificate)

Overrides:

equals in class java.lang.Object

hashCode

public int hashCode()

The hash code is derived from the certificate`s id.

Overrides:

hashCode in class java.lang.Object

Returns:

the hash code

clone

public java.lang.Object clone()

Overrides:

clone in class java.lang.Object

getId

public java.lang.String getId()

Returns a unique id for this certificate.

Returns:

a unique id for this certificate

getPublicKey

public IMyPublicKey getPublicKey()

Returns the public key of the certificate.

Specified by:

getPublicKey in interface ICertificate

Returns:

public key

getExtensions

public X509Extensions getExtensions()

Returns the certificate's X509 extensions.

Returns:

the certificate's X509 extensions

getSubjectKeyIdentifier

public java.lang.String getSubjectKeyIdentifier()

Returns the String representation of the X509SubjectKeyIdentifier

Returns:

this certificate's SubjectKeyIdentifier as a string

getSubjectKeyIdentifierConcatenated

public java.lang.String getSubjectKeyIdentifierConcatenated()

getRawSubjectKeyIdentifier

public byte[] getRawSubjectKeyIdentifier()

Returns the byte representation of the X509SubjectKeyIdentifier

Returns:

this certificate's SubjectKeyIdentifier as a raw byte-array

getSignatureAlgorithmName

public java.lang.String getSignatureAlgorithmName()

Converts the ObjectIdentifier from the certificate's signature algorithm into its human-readable Name as specified by RFC 3279.

Returns:

the human-readable Name of the algorithm the certificate was signed with or the ObjectIdentifier as String, if the algorithm is unknown.

getSerialNumber

public java.math.BigInteger getSerialNumber()

getIssuer

public X509DistinguishedName getIssuer()

getSubject

public X509DistinguishedName getSubject()

Returns the distinguished name.

Returns:

the distinguished name.

getAnyEmailAddress

public java.lang.String getAnyEmailAddress()

getAnyEmailAddress: checks all reasonably likely places in the certificate for an email address

Returns:

String: the first email address found, or null if none exists

getX509Certificate

public JAPCertificate getX509Certificate()

Returns a reference to this certificate.

Specified by:

getX509Certificate in interface ICertificate

Returns:

a reference to this certificate

getSHA1Fingerprint

public java.lang.String getSHA1Fingerprint()

Gets a human readable SHA1 fingerprint for this certificate. This fingerprint may be compared by a user with an other certificate's fingerprint to proof their equality.

Returns:

a human readable SHA1 fingerprint for this certificate

getMD5Fingerprint

public java.lang.String getMD5Fingerprint()

Gets a human readable MD5 fingerprint for this certificate. This fingerprint may be compared by a user with an other certificate's fingerprint to proof their equality.

Returns:

a human readable MD5 fingerprint for this certificate

toByteArray

public byte[] toByteArray()

Converts the certificate to a byte array.

Specified by:

toByteArray in interface ICertificate

Returns:

the certificate as a byte array

Throws:

java.io.IOException

toByteArray

public byte[] toByteArray(boolean a_Base64Encoded)

Converts the certificate to a byte array.

Parameters:

a_Base64Encoded - if the certificate is converted to a Base64 encoded form.

Returns:

the certificate as a byte array

Throws:

java.io.IOException

store

public void store(java.io.OutputStream a_ostream)
           throws java.io.IOException

Writes this certificate to an output stream.

Parameters:

a_ostream - a OutputStream

Throws:

java.io.IOException - if the certificate could not be written to the output stream

store

public void store(java.io.OutputStream a_ostream,
                  boolean a_bBase64Encoded)
           throws java.io.IOException

Writes this certificate to an output stream.

Parameters:

a_ostream - a OutputStream

a_bBase64Encoded - if the certificate should be written Base64 encoded.

Throws:

java.io.IOException - if the certificate could not be written to the output stream

getValidity

public Validity getValidity()

Returns the validity period of this certificate.

Returns:

the validity period of this certificate

verify

public boolean verify(java.util.Vector a_verifyingCertificates)

Checks if a given Certificate could be directly verified against a set of other certificates.

Parameters:

a_verifyingCertificates - A Vector of JAPCertificates to verify this JAPCertificate.

Returns:

True, if this certificate could be verified.

verify

public boolean verify(java.util.Hashtable a_verifyingCertificates)

Checks if a given Certificate could be directly verified against a set of other certificates.

Parameters:

a_verifyingCertificates - A Hashtable of JAPCertificates to verify this JAPCertificate.

Returns:

True, if this certificate could be verified.

verify

public boolean verify(java.util.Enumeration a_verifyingCertificates)

Checks if a given Certificate could be directly verified against a set of other certificates.

Parameters:

a_verifyingCertificates - An Enumeration of JAPCertificates to verify this JAPCertificate.

Returns:

True, if this certificate could be verified.

verify

public boolean verify(JAPCertificate a_certificate)

Verifies the certificate using an other X509 certificate.

Parameters:

a_certificate - an X509 certificate

Returns:

true if it could be verified; false otherwise

verify

public boolean verify(IMyPublicKey a_publicKey)

Verifies the certificate by using the public key.

Parameters:

a_publicKey - given public key

Returns:

true if it could be verified; false otherwise

sign

public JAPCertificate sign(PKCS12 a_signerCertificate)

Creates a duplicate of this certificate that is signed with a the PKCS12 certificate. A certificate can have only one signature.

Parameters:

a_signerCertificate - the PKCS12 certificate of the signer

Returns:

a duplicate of this certificate that is signed with a the PKCS12 certificate

sign

public JAPCertificate sign(PKCS12 a_signerCertificate,
                           Validity a_validity,
                           X509Extensions a_extensions,
                           java.math.BigInteger a_serialNumber)

Creates a duplicate of this certificate that is signed with a the PKCS12 certificate. A certificate can have only one signature.

Parameters:

a_signerCertificate - the PKCS12 certificate of the signer

a_validity - the validity period of this certificate

a_extensions - some X509 extensions (may be null)

a_serialNumber - the serial number for this certificate (may be null)

Returns:

a duplicate of this certificate that is signed with a the PKCS12 certificate

getInstance

public static JAPCertificate getInstance(X509DistinguishedName a_ownerAlias,
                                         X509DistinguishedName a_issuer,
                                         IMyPrivateKey a_privateKey,
                                         IMyPublicKey a_publicKey,
                                         Validity a_validity,
                                         X509Extensions a_extensions,
                                         java.math.BigInteger a_serialNumber)

Creates an X509 certificate.

Parameters:

a_ownerAlias - The owner of the certificate.

a_issuer - The issuer and signer of this X509 certificate.

a_privateKey - a private key

a_publicKey - a public key

a_validity - the validity period of this certificate

a_extensions - some X509 extensions (may be null)

a_serialNumber - the serial number for this certificate (may be null)

Returns:

an X509 certificate

toXmlElement

public org.w3c.dom.Element toXmlElement(org.w3c.dom.Document a_doc)

Creates XML element of certificate consisting of: Base64 encocded cert

Specified by:

toXmlElement in interface IXMLEncodable

Parameters:

a_doc - The XML document, which is the environment for the created XML element.

Returns:

Certificate as XML element.

getBouncyCastleCertificate

org.bouncycastle.asn1.DEREncodable getBouncyCastleCertificate()

getBouncyCastleSubjectPublicKeyInfo

org.bouncycastle.asn1.x509.SubjectPublicKeyInfo getBouncyCastleSubjectPublicKeyInfo()

toASN1Sequence

static org.bouncycastle.asn1.ASN1Sequence toASN1Sequence(byte[] a_bytes,
                                                         java.lang.String a_xmlElementName)

Converts a DER or BER encoded byte array into an ASN1 sequence. The array may additionally be Base64 encoded.

Parameters:

a_bytes - an array of bytes

a_xmlElementName - the name of the containing XML element or null if the object is not expected to be in an XML element

Returns:

the byte array as ASN1Sequence

createFingerprint

protected static java.lang.String createFingerprint(org.bouncycastle.crypto.digests.GeneralDigest a_digestGenerator,
                                                    byte[] a_data)

Creates a human readable fingerprint for this certificate. This fingerprint may be compared by a user with an other certificate's fingerprint to proof their equality.

Parameters:

a_digestGenerator - a digest generator

a_data - the data to be 'fingerprinted'

Returns:

the fingerprint

getDummyPrivateKey

private static IMyPrivateKey getDummyPrivateKey()

Gets a dummy private key for creating X509 certificates from trusted public keys.

Returns:

a dummy private key for creating X509 certificates from trusted public keys

isSelfSigned

public boolean isSelfSigned()

Returns true if this cert is self-signed.

Returns:

if this cert is self-signed.

isRevoked

public boolean isRevoked()