|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--com.novell.security.japi.pki.NPKIToolbox | +--com.novell.security.japi.pki.NPKITx509
Decodes various parts of an x.509 certificate.
Field Summary | |
static int |
NPKIT_ACCESS_METHOD_CAISSUERS
Specifies that the AIA (Authority Information Access) method is CAIssuers. |
static int |
NPKIT_ACCESS_METHOD_OCSP
Specifies that the AIA (Authority Information Access) method is OCSP. |
static int |
NPKIT_ACCESS_METHOD_UNKNOWN
Specifies that the AIA (Authority Information Access) method is unknown and unsupported. |
static int |
NPKIT_EXTENDED_KEY_USAGE_CLIENT_AUTHENTICAION
Indicates that the Extended Key Usage is intended to be used for client authentication. |
static int |
NPKIT_EXTENDED_KEY_USAGE_CODE_SIGNING
Indicates that the Extended Key Usage is intended to be used for code signing. |
static int |
NPKIT_EXTENDED_KEY_USAGE_EMAIL_PROTECTION
Indicates that the Extended Key Usage is intended to be used for email protection. |
static int |
NPKIT_EXTENDED_KEY_USAGE_OCSP_SIGNING
Indicates that the Extended Key Usage is intended to be used for OCSP signing. |
static int |
NPKIT_EXTENDED_KEY_USAGE_SERVER_AUTHENTICAION
Indicates that the Extended Key Usage is intended to be used for server authentication. |
static int |
NPKIT_EXTENDED_KEY_USAGE_TIME_STAMPING
Indicates that the Extended Key Usage is intended to be used for time stamping. |
static int |
NPKIT_EXTENDED_KEY_USAGE_UNKNOWN
Indicates that the Extended Key Usage type is unknown. |
Constructor Summary | |
NPKITx509()
Constructor. |
Method Summary | |
void |
aIA(int index,
java.lang.Integer accessMethod,
java.lang.Integer nameType,
byte[][] nameValue,
java.lang.String[] name)
Returns information about the specified AIA (Authority Information Access). |
int |
aIAInfo()
Returns the number of AIA (Authority Information Access) encoded in the certificate. |
void |
basicConstraintsInfo(java.lang.Boolean ca,
java.lang.Integer pathLenConstraint)
Retrieves the details about the basic constraints extension, if a basic constraints extension exists in the x.509 DER encoded certificate. |
int |
certificatePoliciesInfo()
Returns the number of Certificate Policies encoded in the certificate. |
void |
certificatePolicy(int index,
java.lang.String[] certPolicyId,
java.lang.Integer numPolicyQualifiers)
Returns information about the specified Certificate Policy. |
void |
createContext()
Creates a new NPKITx509 context structure and initializes it with default values. |
void |
crlDistributionPoint(int index,
java.lang.Integer dataSets,
java.lang.Integer fullNameType,
byte[][] fullNameValue,
java.lang.String[] fullName,
java.lang.String[] nameRelativeToCRLIssuer,
java.lang.Integer reasons,
java.lang.Integer crlIssuerType,
byte[][] crlIssuerValue,
java.lang.String[] crlIssuerName)
Returns information about a CRL Distribution Point in the certificate. |
int |
crlDistributionPointsInfo()
Returns the number of CRL (Certificate Revocation List) Distribution Points encoded in the certificate. |
void |
decodeCertificate(byte[] certificate,
byte[][] unsignedCert,
byte[][] signature,
byte[][] serialNumber,
byte[][] keyModulus,
byte[][] keyExponent,
java.lang.String[] publicKeyAlgorithmOID,
java.lang.String[] signatureAlgorithmOID,
java.lang.String[] subjectName,
java.lang.String[] issuerName,
java.lang.Integer startSeconds,
java.lang.Integer endSeconds,
java.lang.Integer numExtensions,
java.lang.Integer version,
java.lang.Integer keySize)
Decodes the specified certificate from its ASN.1 DER encoding. |
void |
extendedKeyUsage(int index,
java.lang.Integer type,
java.lang.String[] keyPurposeId)
Returns information about the specified Extended Key Usage. |
int |
extendedKeyUsageInfo()
Returns the number of Extened Key Usages encoded in the certificate. |
void |
freeContext()
Frees a previously allocated NPKITx509 context and all associated memory. |
byte[] |
getExtensionData(int index,
java.lang.Integer x509ExtType,
java.lang.String[] oid,
java.lang.Boolean critical)
Retrieves the ASN.1 encoded certificate extension specified by index . |
void |
initialize()
Initializes NPKITx509. |
byte[] |
issuerAltName(int index,
java.lang.Integer generalNameType,
java.lang.String[] name)
Retrieves the specified issuer alternative name and related information. |
int |
issuerAltNamesInfo()
Retrieves the number of issuer alternative names encoded in the certificate if the issuer alternative names extension exists in the certificate. |
short |
keyUsageInfo()
Retrieves the information from the Key Usage extension of the certificate if a Key Usage extension is encoded in the certificate. |
void |
noticeNumber(int index,
byte[][] numberValue,
java.lang.String[] number)
Returns information about the specified Notice Number. |
void |
novellExtensionInfo(java.lang.String[] version,
java.lang.String[] uriReference,
java.lang.Boolean keyQEnforceQuality,
java.lang.Short keyQCSCriteria,
java.lang.Short keyQCSRating,
java.lang.Short keyQCryptoCriteria,
java.lang.Short keyQCryptoRating,
java.lang.Short keyQKeyStorage,
java.lang.Boolean cryptoProEnforceQuality,
java.lang.Short cryptoProCSCriteria,
java.lang.Short cryptoProCSRating,
java.lang.Short cryptoProCryptoCriteria,
java.lang.Short cryptoProCryptoRating,
java.lang.Short cryptoProKeyStorage,
java.lang.Short certificateClass,
byte[][] eidRootLabel,
byte[][] eidEnterpriseLabel,
byte[][] eidRegistryLabel)
Retrieves the Novell Securty Attribute extension information encoded in the certificate if the Novell Security Attribute extension exists in the certificate. |
void |
policyQualifier(int index,
java.lang.Integer qualifierType,
byte[][] cPSuriValue,
java.lang.String[] cPSuri,
java.lang.Integer organizationType,
byte[][] organizationValue,
java.lang.String[] organization,
java.lang.Integer numNoticeNumbers,
java.lang.Integer explicitTextType,
byte[][] explicitTextValue,
java.lang.String[] explicitText)
Returns information about the specified Policy Qualifier. |
byte[] |
subjectAltName(int index,
java.lang.Integer generalNameType,
java.lang.String[] name)
Retrieves the specified subject alternative name and related information. |
int |
subjectAltNamesInfo()
Retrieves the number of subject alternative names encoded in the certificate if the subject alternative names extension exists in the certificate. |
Methods inherited from class com.novell.security.japi.pki.NPKIToolbox |
decodeCSR, destroy, finalize, getUTCString, loadLibrary, version |
Methods inherited from class java.lang.Object |
clone, equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
public static final int NPKIT_ACCESS_METHOD_UNKNOWN
(NPKIT_ACCESS_METHOD_UNKNOWN = 0)
public static final int NPKIT_ACCESS_METHOD_OCSP
(NPKIT_ACCESS_METHOD_OCSP = 1)
public static final int NPKIT_ACCESS_METHOD_CAISSUERS
(NPKIT_ACCESS_METHOD_CAISSUERS = 2)
public static final int NPKIT_EXTENDED_KEY_USAGE_UNKNOWN
(NPKIT_EXTENDED_KEY_USAGE_UNKNOWN = 0)
public static final int NPKIT_EXTENDED_KEY_USAGE_SERVER_AUTHENTICAION
(NPKIT_EXTENDED_KEY_USAGE_SERVER_AUTHENTICAION = 1)
public static final int NPKIT_EXTENDED_KEY_USAGE_CLIENT_AUTHENTICAION
(NPKIT_EXTENDED_KEY_USAGE_CLIENT_AUTHENTICAION = 2)
public static final int NPKIT_EXTENDED_KEY_USAGE_CODE_SIGNING
(NPKIT_EXTENDED_KEY_USAGE_CODE_SIGNING = 3)
public static final int NPKIT_EXTENDED_KEY_USAGE_EMAIL_PROTECTION
(NPKIT_EXTENDED_KEY_USAGE_EMAIL_PROTECTION = 4)
public static final int NPKIT_EXTENDED_KEY_USAGE_TIME_STAMPING
(NPKIT_EXTENDED_KEY_USAGE_TIME_STAMPING = 5)
public static final int NPKIT_EXTENDED_KEY_USAGE_OCSP_SIGNING
(NPKIT_EXTENDED_KEY_USAGE_OCSP_SIGNING = 6)
Constructor Detail |
public NPKITx509() throws NPKI_Exception
NPKI_Exception
- if there is a PKI or NICI error.Method Detail |
public void initialize() throws NPKI_Exception
initialize
in class NPKIToolbox
NPKI_Exception
- Throws a PKI
error code if not successful.public void createContext() throws NPKI_Exception
The context will be used for ASN.1 decoding of X.509 objects.
createContext
in class NPKIToolbox
NPKI_Exception
- Throws a PKI
error code if not successful.freeContext
public void freeContext()
freeContext
in class NPKIToolbox
createContext
public void basicConstraintsInfo(java.lang.Boolean ca, java.lang.Integer pathLenConstraint) throws NPKI_Exception
A successful call to decodeCertificate
must have been made
prior to calling basicConstraintsInfo
.
NOTE: The Basic Constraints extension is an optional extension, so not all certificates will have Basic Constraints infomation.
ca
- (OUT) The value cA
as encoded in the extension.
If this value is false then the certificate is not for a CA (Certificate
Authority). If the value is true then the certificate is for a CA.pathLenConstraint
- (OUT) The value pathLenConstraint
as encoded in the
extension. This value represents the number of levels of CAs that this
Certificate Authority is authorized to create. The value -1 is returned if
there is no constraint.
NPKI_Exception
- Throws a PKI error code if not successful.decodeCertificate
,
getExtensionData
public void crlDistributionPoint(int index, java.lang.Integer dataSets, java.lang.Integer fullNameType, byte[][] fullNameValue, java.lang.String[] fullName, java.lang.String[] nameRelativeToCRLIssuer, java.lang.Integer reasons, java.lang.Integer crlIssuerType, byte[][] crlIssuerValue, java.lang.String[] crlIssuerName) throws NPKI_Exception
A successful call to decodeCertificate
must have been made prior
to calling crlDistributionPoint
. A call to
crlDistributionPointsInfo
, while not necessary,
should be made prior to calling this API to determine if distribution
points exist, and how many there are. Passing in a null to any of the
OUT parameters is permitted, in which case no value is returned for
that parameter.
NOTE: The CRL Distribution Points extension is an optional extension, so not all certificates will have CRL Distribution Points infomation.
index
- (IN) Indicates which Certificate Revocation List distribution point is to be
returned.NOTE: Index is 0 based.
dataSets
- (OUT) Returns an Integer which specifies which set(s) of data the API has returned.
These flags have the following values:NPKIT_x509DistPtsFullName - (0x0001)
Indicates the full name of the distribution point is
being passed back.
NPKIT_x509DistPtsNameRelativeToCRLIssuer - (0x0002)
Indicates the distribution points name
is relative to the CRL (Certificate Revocation List) issuer.
NPKIT_x509DistPtsReasons - (0x0004)
Indicates that the reason codes are being passed back.
NPKIT_x509DistPtsCRLIssue - (0x0008)
Indicates the CRL (Certificate Revocation List) Issuer name
is being passed back.fullNameType
- (OUT) Returns an Integer representation of the type of the ASN.1 NAME in the CDP,
for example: URI, Directory Name, etc. This value will only be set if dataSets
includes
the value NPKIT_x509DistPtsFullName
.fullNameValue
- (OUT) Returns a byte array of the ASN.1 encoded value of where the CRL can be acquired.
This value will only be set if dataSets
includes the value NPKIT_x509DistPtsFullName
.fullName
- (OUT) Returns a String with the human readable value of where the CRL can be acquired.
This will only be set if the fullName
type can be converted to human readable.
This value will only be set if dataSets
includes the value NPKIT_x509DistPtsFullName
.nameRelativeToCRLIssuer
- (OUT) Returns a String with where the CRL can be acquired,
relative to the defined CRL Issuer name. This value will only be set if
dataSets
includes NPKIT_x509DistPtsNameRelativeToCRLIssuer
.reasons
- (OUT) Returns an Integer representation of the reasons contained in the CRL. This will be filled
out only if the parameter dataSets
includes NPKIT_x509DistPtsReasons
.
reasons
will be one of the reasons as defined below:NPKIx509CertificateValid - (0x0000000)
Indicates that the certificate is valid.
NPKIx509Invalid_System_Error - (0x0000001)
Indicates there were some
hardware problems or network problems.
NPKIx509Invalid_Decode_Error - (0x0000002)
Indicates there was a
problem decoding the certificate.
NPKIx509Invalid_Subject_Issuer_Name - (0x0000003)
Indicates that
the subject name of the issuing certificate does not match the
issuer name of subject certificate.
NPKIx509Invalid_Future - (0x0000004)
Indicates that the certificate's
start date is in the future.
NPKIx509Invalid_Expired - (0x0000005)
Indicates that the certificate has expired.
NPKIx509Invalid_Issuer_Not_CA - (0x0000006)
Indicates that the issuer
is not a valid CA (Certification Authority).
NPKIx509Invalid_Path_Length - (0x0000007)
Indicates that the x.509 b
asic constraints path length has been violated.
NPKIx509Invalid_Unknown_Critical_Extension - (0x0000008)
Indicates
the certificate contained a critical extension that could not be
understood.
NPKIx509Invalid_KeyUsage - (0x0000009)
Indicates that the key does
not support the requested usage.
NPKIx509Invalid_CRL_Decode_Error - (0x000000A)
Indicates an error
occurred during the decoding of the CRL (Certificate
Revocation List).
NPKIx509Invalid_Certificate_On_CRL - (0x000000B)
Indicates that one
of the certificates in the chain is on a CRL (Certificate Revocation List).
NPKIx509Invalid_Cant_Process_CDP - (0x000000C)
Indicates the
certificate contained a distribution point that can not be processed.
NPKIx509Invalid_Cant_Read_CRL - (0x000000D)
Indicates that the CRL
could not be read.
NPKIx509Invalid_Invalid_CRL - (0x000000E)
Indicates the CRL was not
valid for this certificate.
NPKIx509Invalid_Expired_CRL - (0x000000F)
Indicates the CRL
has expired and a new one has not been issued.
NPKIx509Invalid_CRL_Issuer_Name - (0x0000010)
Indicates that the
issuer name of the CRL identified in the certificate does not match
the issuer name in the actual CRL retrieved.
NPKIx509Invalid_CDP_Exists_Did_Not_Check_CRL - (0x0000012)
This is
an advisory flag. The CDP (Certificate Distribution Point) exists but the
CRL (Certificate Revocation List) was not checked because the caller of the API
requested that it not be checked.crlIssuerType
- (OUT) Returns an Integer representation of the Issuer type; for example, X.500, distinguished
name (DN), rfc822 (electronic mail address), DNS name, IP address, or URI. This
value will only be set if dataSets
includes the value NPKIT_x509DistPtsCRLIssuer
.crlIssuerValue
- (OUT) Returns the ASN.1 encoded Issuer name. This value will only be set if
dataSets includes the value NPKIT_x509DistPtsCRLIssuer.crlIssuerName
- (OUT) Returns a String with the human readable representation of the CRL Issuer's Name.
This will only be set if the crlIssuerName type can be converted to human readable.
This value will only be set if dataSets includes the value NPKIT_x509DistPtsCRLIssuer.
NPKI_Exception
- Throws a PKI error code if not successful.crlDistributionPointsInfo
,
decodeCertificate
,
getExtensionData
public int crlDistributionPointsInfo() throws NPKI_Exception
A successful call to the decodeCertificate
must have been
made prior to calling crlDistributionPointsInfo
.
NOTE: The CRL Distribution Points extension is an optional extension, so not all certificates will have CRL Distribution Points information.
NPKI_Exception
- Throws a PKI error code if not successful.crlDistributionPoint
,
decodeCertificate
,
getExtensionData
public int extendedKeyUsageInfo() throws NPKI_Exception
A successful call to the decodeCertificate
must have been
made prior to calling extendedKeyUsageInfo
.
NOTE: The Extended Key Usage extension is an optional extension, so not all certificates will have Extended Key Usage information.
NPKI_Exception
- Throws a PKI error code if not successful.extendedKeyUsage
,
decodeCertificate
,
keyUsageInfo
,
getExtensionData
public void extendedKeyUsage(int index, java.lang.Integer type, java.lang.String[] keyPurposeId) throws NPKI_Exception
A successful call to decodeCertificate
must have been made prior
to calling extendedKeyUsage
. A call to extendedKeyUsageInfo
, while not
necessary, should be made prior to calling this API to determine if Extended Key Usages exist, and how many
there are. Passing in a null to any of the OUT parameters is permitted, in which case no value
is returned for that parameter.
NOTE: The Extended Key Usage extension is an optional extension, so not all certificates will have Extended Key Usage infomation.
index
- (IN) Indicates which Extended Key Usage is to be returned.NOTE: Index is 0 based.
type
- (OUT) Returns an Integer with the Extended Key Usage type. The possible Extended Key Usages
types are:NPKIT_EXTENDED_KEY_USAGE_UNKNOWN
Indicates that the Extended Key Usage type
is unknown.
NPKIT_EXTENDED_KEY_USAGE_SERVER_AUTHENTICAION
Indicates that the Extended Key Usage
is intended to be used for server authentication.
NPKIT_EXTENDED_KEY_USAGE_CLIENT_AUTHENTICAION
Indicates that the Extended Key Usage
is intended to be used for client authentication.
NPKIT_EXTENDED_KEY_USAGE_CODE_SIGNING
Indicates that the Extended Key Usage
is intended to be used for code signing.
NPKIT_EXTENDED_KEY_USAGE_EMAIL_PROTECTION
Indicates that the Extended Key Usage
is intended to be used for email protection.
NPKIT_EXTENDED_KEY_USAGE_TIME_STAMPING
Indicates that the Extended Key Usage
is intended to be used for time stamping.
NPKIT_EXTENDED_KEY_USAGE_OCSP_SIGNING
Indicates that the Extended Key Usage
is intended to be used for OCSP signing.keyPurposeId
- (OUT) A human readable representation of the OID (object identifier) specifing
the Extended Key Usage type.
NPKI_Exception
- Throws a PKI error code if not successful.extendedKeyUsageInfo
,
decodeCertificate
,
keyUsageInfo
,
getExtensionData
public int aIAInfo() throws NPKI_Exception
A successful call to the decodeCertificate
must have been
made prior to calling aIAInfo
.
NOTE: The AIA extension is an optional extension, so not all certificates will have AIA information.
NPKI_Exception
- Throws a PKI error code if not successful.aIA
,
decodeCertificate
,
getExtensionData
public void aIA(int index, java.lang.Integer accessMethod, java.lang.Integer nameType, byte[][] nameValue, java.lang.String[] name) throws NPKI_Exception
A successful call to decodeCertificate
must have been made prior
to calling aIA
. A call to aIAInfo
, while not
necessary, should be made prior to calling this API to determine if AIAs exist, and how many
there are. Passing in a null to any of the OUT parameters is permitted, in which case no value
is returned for that parameter.
NOTE: The AIA extension is an optional extension, so not all certificates will have AIA infomation.
index
- (IN) Indicates which AIA is to be returned.NOTE: Index is 0 based.
accessMethod
- (OUT) Returns an Integer indicating which type of access method is
specified. The possible AIA access methods are:NPKIT_ACCESS_METHOD_UNKNOWN
Indicates that the AIA (Authority Information Access)
method is unknown and unsupported.
NPKIT_ACCESS_METHOD_OCSP
Indicates that the AIA (Authority Information Access)
method is OCSP.
NPKIT_ACCESS_METHOD_CAISSUERS
Indicates that the AIA (Authority Information Access)
method is CAIssuers.nameType
- (OUT) An Integer representation of the type of name in the AIA.
This may be one of the following values:X509_GENERAL_NAME_OTHER_NAME - (0x0000)
The name is encoded as
an OtherName type of GeneralName as specified in RFC 2459.
X509_GENERAL_NAME_RFC822_NAME - (0x0001)
The name is encoded as
an IA5String type of GeneralName as specified in RFC 2459.
X509_GENERAL_NAME_DNS_NAME - (0x0002)
The name is encoded as
an IA5String type of GeneralName as specified in RFC 2459.
X509_GENERAL_X400_ADDRESS - (0x0003)
The name is encoded as
an ORAddress type of GeneralName as specified in RFC 2459.
X509_GENERAL_NAME_DIRECTORY_NAME - (0x0004)
The name is encoded as
a Name type of GeneralName as specified in RFC 2459.
X509_GENERAL_NAME_EDI_PARTY_NAME - (0x0005)
The name is encoded as
an EDIPartyName type of GeneralName as specified in RFC 2459.
X509_GENERAL_NAME_UNIFORM_RESOURCE_IDENTIFIER - (0x0006)
The name is encoded as
an IA5String type of GeneralName as specified in RFC 2459.
X509_GENERAL_NAME_IP_ADDRESS - (0x0007)
The name is encoded as
an OCTECT STRING type of GeneralName in "network byte order" as specified by ASN.1,
RFC 2459 and RFC 791.
X509_GENERAL_NAME_REGISTERED_ID - (0x0008)
The name is encoded as
an OBJECT IDENTIFIER type of GeneralName as specified in ASN.1. and RFC 2459nameValue
- (OUT) The ASN.1 encoded value of the general name for accessLocation within the AIA.name
- (OUT) A unicode representation of the general name for accessLocation within the AIA..
NOTE: This field is only set when nameType
is one of the
following types:
X509_GENERAL_NAME_RFC822_NAME
X509_GENERAL_NAME_DNS_NAME
X509_GENERAL_NAME_DIRECTORY_NAME
X509_GENERAL_NAME_UNIFORM_RESOURCE_IDENTIFIER
X509_GENERAL_NAME_IP_ADDRESS
NPKI_Exception
- Throws a PKI error code if not successful.aIAInfo
,
decodeCertificate
,
getExtensionData
public int certificatePoliciesInfo() throws NPKI_Exception
A successful call to the decodeCertificate
must have been
made prior to calling certificatePoliciesInfo
.
NOTE: The Certificate Policies extension is an optional extension, so not all certificates will have Certificate Policies information.
NPKI_Exception
- Throws a PKI error code if not successful.certificatePolicy
,
decodeCertificate
,
getExtensionData
public void certificatePolicy(int index, java.lang.String[] certPolicyId, java.lang.Integer numPolicyQualifiers) throws NPKI_Exception
A successful call to decodeCertificate
must have been made prior
to calling certificatePolicy
. A call to certificatePoliciesInfo
, while not
necessary, should be made prior to calling this API to determine if Certificate Policies exist, and how many
there are. Passing in a null to any of the OUT parameters is permitted, in which case no value
is returned for that parameter.
NOTE: The Certificate Policies extension is an optional extension, so not all certificates will have Certificate Policies infomation.
index
- (IN) Indicates which Certificate Policy is to be returned.NOTE: Index is 0 based.
certPolicyId
- (OUT) A human readable representation of the OID (object identifier) specifing
the Certificate Policy .numPolicyQualifiers
- (OUT) Returns the number of Policy Qualifiers that are encoded for this Certificate Policy.
A call(s) to policyQualifier
can be made to retrieve the Policy Qualifier(s).
NPKI_Exception
- Throws a PKI error code if not successful.certificatePoliciesInfo
,
policyQualifier
,
decodeCertificate
,
getExtensionData
public void policyQualifier(int index, java.lang.Integer qualifierType, byte[][] cPSuriValue, java.lang.String[] cPSuri, java.lang.Integer organizationType, byte[][] organizationValue, java.lang.String[] organization, java.lang.Integer numNoticeNumbers, java.lang.Integer explicitTextType, byte[][] explicitTextValue, java.lang.String[] explicitText) throws NPKI_Exception
A successful call to decodeCertificate
followed by a successful
call to certificatePolicy
must have been made prior
to calling policyQualifier
. Passing in a null to any of the OUT parameters is
permitted, in which case no value is returned for that parameter.
NOTE: The Policy Qualifier is part of the Certificate Policy (previously selected by the
call to certificatePolicy
.
index
- (IN) Indicates which Policy Qualifier is to be returned.NOTE: Index is 0 based.
qualifierType
- (OUT) Returns an Integer indicating which Policy Qualifier type is
specified. The possible Policy Qualifier types are:NPKIT_QUALIFIER_TYPE_UNKNOWN
Indicates that the Policy Qualifier type
is unknown.
NPKIT_QUALIFIER_TYPE_CPS
Indicates that the Policy Qualifier type
is CPS (Certificate Practice Statement).
NPKIT_QUALIFIER_TYPE_UNOTICE
Indicates that the Policy Qualifier type
is User Notice.cPSuriValue
- (OUT) Returns a byte array of the ASN.1 encoded value of where the CSP (Certificate
Practice Statement) can be acquired. This value will only be set if qualifierType
is set
to the value NPKIT_QUALIFIER_TYPE_CPS
.cPSuri
- (OUT) Returns a String with the human readable value of where the the CSP (Certificate
Practice Statement) can be acquired. This value will only be set if qualifierType
is set
to the value NPKIT_QUALIFIER_TYPE_CPS
.organizationType
- (OUT) Returns an Integer representation of the type of General Name used to
identify the organization within the noticeRef portion of the user notice. This value will only be set
if 1) qualifierType
is set to the value NPKIT_QUALIFIER_TYPE_UNOTICE
, 2) The
optional noticeRef field is used with the user notice, and 3) an organization is specified.
See ***general name listing *** for the possible values of organizationType
.organizationValue
- (OUT) Returns a byte array of the ASN.1 encoded value of organization within
the noticeRef portion of the user notice. This value will only be set if 1) qualifierType
is set to the value NPKIT_QUALIFIER_TYPE_UNOTICE
, 2) The optional noticeRef field is
used with the user notice, and 3) an organization is specified.organization
- (OUT) Returns a String with the human readable value of organization within
the noticeRef portion of the user notice. This value will only be set if 1) qualifierType
is set to the value NPKIT_QUALIFIER_TYPE_UNOTICE
, 2) The optional noticeRef field is
used with the user notice and 3) an organization is specified.numNoticeNumbers
- (OUT) Returns an Integer specifing how many Notice Numbers are included within
the noticeRef portion of the user notice. A call(s) to noticeNumber
can be made
to acquire the actual value of the Notice Number(s). This value will be greater than zero only if 1) qualifierType
is set to the value NPKIT_QUALIFIER_TYPE_UNOTICE
, 2) The optional noticeRef field is
used with the user notice and 3) an organization is specified.explicitTextType
- (OUT) Returns an Integer representation of the type of General Name in which
the explicit text is encoded. This value will only be set if 1) qualifierType
is set to
the value NPKIT_QUALIFIER_TYPE_UNOTICE
, 2) The optional noticeRef field is used with the
user notice and 3) an explicitText is specified. See ***general name listing *** for
the possible values of explicitTextType
.explicitTextValue
- (OUT) Returns a byte array of the ASN.1 encoded value of the explicitText within
the noticeRef portion of the user notice. This value will only be set if 1) qualifierType
is set to the value NPKIT_QUALIFIER_TYPE_UNOTICE
, 2) The optional noticeRef field is
used with the user notice and 3) an explicitText is specified.explicitText
- (OUT) Returns a String with the human readable value of the explicitText within
the noticeRef portion of the user notice. This value will only be set if 1) qualifierType
is set to the value NPKIT_QUALIFIER_TYPE_UNOTICE
, 2) The optional noticeRef field is
used with the user notice and 3) an explicitText is specified.
NPKI_Exception
- Throws a PKI error code if not successful.certificatePolicy
,
noticeNumber
,
decodeCertificate
,
getExtensionData
public void noticeNumber(int index, byte[][] numberValue, java.lang.String[] number) throws NPKI_Exception
A successful call to decodeCertificate
followed by a successful
call to certificatePolicy
followed by a successful call to
policyQualifier
must have been made prior to calling
noticeNumber
. Passing in a null to any of the OUT parameters is
permitted, in which case no value is returned for that parameter.
NOTE: The Notice Number(s) are an optional part of the Policy Qualifier which in turn is
part of the Certificate Policy.
index
- (IN) Indicates which Notice Number is to be returned.NOTE: Index is 0 based.
numberValue
- (OUT) Returns a byte array of the ASN.1 encoded value of the Notice Number.number
- (OUT) Returns a String with the human readable value of the Notice Number.
NPKI_Exception
- Throws a PKI error code if not successful.certificatePolicy
,
policyQualifier
,
decodeCertificate
,
getExtensionData
public void decodeCertificate(byte[] certificate, byte[][] unsignedCert, byte[][] signature, byte[][] serialNumber, byte[][] keyModulus, byte[][] keyExponent, java.lang.String[] publicKeyAlgorithmOID, java.lang.String[] signatureAlgorithmOID, java.lang.String[] subjectName, java.lang.String[] issuerName, java.lang.Integer startSeconds, java.lang.Integer endSeconds, java.lang.Integer numExtensions, java.lang.Integer version, java.lang.Integer keySize) throws NPKI_Exception
After a successful call to decodeCertificate
iterative
calls to getExtensionData
can be made to retrieve the ASN.1
encoded certificate extensions. Also, if the corresponding extension(s)
exist in the certificate, calls can be made to the following functions
to get the decoded specifics about the extension:
basicConstraintsInfo
subjectAltNamesInfo
issuerAltNamesInfo
keyUsageInfo
crlDistributionPointsInfo
novellExtensionInfo
certificate
- (IN) A byte array of the DER encoded x.509 certificate
you wish to be ASN.1 decoded.unsignedCert
- (OUT) The unsigned certificate. This
is a byte array of the tbsCertificate
field of the ASN.1
object Certificate. (The unsigned portion of the certificate should
be used along with the signature to validate that the data in the
certificate has not been modified or corrupted.)signature
- (OUT) The signature. This is a byte array
of the signatureValue
field of the ASN.1
object Certificate.
(The unsigned portion of the certificate should be used along with the
signature
to validate that the data in the certificate has
not been modified or corrupted.)serialNumber
- (OUT) A byte array of the serial number.keyModulus
- (OUT) A byte array of the key modulus.keyExponent
- (OUT) A byte array of the key exponent.publicKeyAlgorithmOID
- (OUT) The unicode string that
has a human-readable form of the public key algorithm OID
(i.e., {1 2 840 113549 1 1 1}).signatureAlgorithmOID
- (OUT) The unicode string that
has a human-readable form of the signature key algorithm OID
(i.e., {1 2 840 113549 1 1 5}).subjectName
- (OUT) The unicode string representation
of the subject name.issuerName
- (OUT) The unicode string representation of the
issuer name.startSeconds
- (OUT) An Integer representation (UTC
standard time) of the validFrom
portion of the Validity.
NOTE: Represented as a the number of seconds since 00:00:00 UTC January 1, 1970.
endSeconds
- (OUT) An Integer representation of the
validTo portion of the Validity.
NOTE: Represented as a the number of seconds since 00:00:00 UTC January 1, 1970.
numExtensions
- (OUT) Returns the number of extensions encoded
in the certificate.version
- (OUT) Returns the version of the certificate.keySize
- (OUT) Returns the key size of the public key in the certificate.
NPKI_Exception
- Throws a PKI error code if not successful.getExtensionData
,
basicConstraintsInfo
,
keyUsageInfo
,
subjectAltNamesInfo
,
subjectAltName
,
issuerAltNamesInfo
,
issuerAltName
,
crlDistributionPointsInfo
,
novellExtensionInfo
public byte[] getExtensionData(int index, java.lang.Integer x509ExtType, java.lang.String[] oid, java.lang.Boolean critical) throws NPKI_Exception
index
.
A successful call to decodeCertificate
must have been made
prior to calling getExtensionData
. If the extension is of
the corresponding type, a call can be made to one of the following
functions to retrieve the decoded extension information:
basicConstraintsInfo
subjectAltNamesInfo
issuerAltNamesInfo
keyUsageInfo
crlDistributionPointsInfo
novellExtensionInfo
index
- (IN) Indicates which extension is to be returned.
NOTE: index is 0 based.
x509ExtType
- (OUT) An Integer representation of the type of extension. Consult NPKIT "C" documentation
under X.509 Extension Descriptions for more information on this value.oid
- (OUT) A unicode representation of the OID (Object
Identifier).critical
- (OUT) Returns whether the extension is critical or not.
NPKI_Exception
- Throws a PKI error code if not successful.decodeCertificate
,
basicConstraintsInfo
,
keyUsageInfo
,
subjectAltNamesInfo
,
issuerAltNamesInfo
,
crlDistributionPointsInfo
,
novellExtensionInfo
public int issuerAltNamesInfo() throws NPKI_Exception
A successful call to decodeCertificate
must have been made
prior to calling issuerAltNamesInfo
. Iterative calls to
issuerAltName
can be made to retrieve each of the issuer
alternative names.
NOTE: The Issuer Alternative Names extension is optional so not all certificates will have Issue Alternative Names.
NPKI_Exception
- Throws a PKI error code if not successful.public byte[] issuerAltName(int index, java.lang.Integer generalNameType, java.lang.String[] name) throws NPKI_Exception
A successful call to decodeCertificate
must have been made
prior to calling issuerAltName
. A prior call to issuerAltNamesInfo
should have been made to determine how many issuer alternative names
are encoded in the certificate.
NOTE: Issuer alternative names have the same format as subject alternative names.
index
- (IN) Indicates which issuer alternative name is to be returned.
NOTE: index
is 0 based.
generalNameType
- (OUT) An Integer representation of the type of issuer alternative name.
This may be one of the following values:X509_SUBJECT_ALT_NAME_OTHER_NAME - (0x0000)
The alternative name must be encoded as
an OtherName sequence as specified in RFC 2459.
X509_SUBJECT_ALT_NAME_RFC822_NAME - (0x0001)
The alternative name is a unicode
representation of an IA5String.
X509_SUBJECT_ALT_NAME_DNS_NAME - (0x0002)
The alternative name is a unicode
representation of an IA5String.
X509_SUBJECT_ALT_NAME_X400_ADDRESS - (0x0003)
The alternative name is encoded as an
ORAddress sequence as specified in RFC 2459.
X509_SUBJECT_ALT_NAME_DIRECTORY_NAME - (0x0004)
The alternative name is encoded as a
Name choice as specified in x.501.
X509_SUBJECT_ALT_NAME_EDI_PARTY_NAME - (0x0005)
The alternative name is encoded as
an EDIPartyName sequence as specified in RFC 2459.
X509_SUBJECT_ALT_NAME_UNIFORM_RESOURCE_IDENTIFIER - (0x0006)
The alternative name
is a unicode representation of an IA5String.
X509_SUBJECT_ALT_NAME_IP_ADDRESS - (0x0007)
The alternative name is an OCTET STRING in
"network byte order" as specified in ASN.1. (network byte order specified in RFC 791)
X509_SUBJECT_ALT_NAME_REGISTERED_ID - (0x0008)
The alternative name is encoded as an
OBJECT IDENTIFIER as specified in ASN.1.name
- (OUT) A unicode representation of the issuer alternative name.
NOTE: This field is only set when the issuer alternative name is one of the following types:
X509_SUBJECT_ALT_NAME_RFC822_NAME
X509_SUBJECT_ALT_NAME_DNS_NAME
X509_SUBJECT_ALT_NAME_DIRECTORY_NAME
X509_SUBJECT_ALT_NAME_UNIFORM_RESOURCE_IDENTIFIER
X509_SUBJECT_ALT_NAME_IP_ADDRESS
NPKI_Exception
- Throws a PKI error code if not successful.decodeCertificate
,
subjectAltName
,
issuerAltNamesInfo
public byte[] subjectAltName(int index, java.lang.Integer generalNameType, java.lang.String[] name) throws NPKI_Exception
A successful call to decodeCertificate
must have been made prior
to calling subjectAltName
.
A prior call to subjectAltNamesInfo
should have been made to determine how many
subject alternative names are encoded in the certificate.
index
- (IN) Indicates which subject alternative name is to be returned.
NOTE: index is 0 based.
generalNameType
- (OUT) An Integer representation of the type of subject alternative name.
This may be one of the following values:X509_SUBJECT_ALT_NAME_OTHER_NAME - (0x0000)
The alternative name must be encoded as
an OtherName sequence as specified in RFC 2459.
X509_SUBJECT_ALT_NAME_RFC822_NAME - (0x0001)
The alternative name is a unicode
representation of an IA5String.
X509_SUBJECT_ALT_NAME_DNS_NAME - (0x0002)
The alternative name is a unicode
representation of an IA5String.
X509_SUBJECT_ALT_NAME_X400_ADDRESS - (0x0003)
The alternative name is encoded as an
ORAddress sequence as specified in RFC 2459.
X509_SUBJECT_ALT_NAME_DIRECTORY_NAME - (0x0004)
The alternative name is encoded as a
Name choice as specified in x.501.
X509_SUBJECT_ALT_NAME_EDI_PARTY_NAME - (0x0005)
The alternative name is encoded as
an EDIPartyName sequence as specified in RFC 2459.
X509_SUBJECT_ALT_NAME_UNIFORM_RESOURCE_IDENTIFIER - (0x0006)
The alternative name
is a unicode representation of an IA5String.
X509_SUBJECT_ALT_NAME_IP_ADDRESS - (0x0007)
The alternative name is an OCTET STRING in
"network byte order" as specified in ASN.1. (network byte order specified in RFC 791)
X509_SUBJECT_ALT_NAME_REGISTERED_ID - (0x0008)
The alternative name is encoded as an
OBJECT IDENTIFIER as specified in ASN.1.name
- (OUT) A unicode representation of the issuer alternative
name.
NOTE: This field is only set when the subject alternative name is one of the following types:
X509_SUBJECT_ALT_NAME_RFC822_NAME
X509_SUBJECT_ALT_NAME_DNS_NAME
X509_SUBJECT_ALT_NAME_DIRECTORY_NAME
X509_SUBJECT_ALT_NAME_UNIFORM_RESOURCE_IDENTIFIER
X509_SUBJECT_ALT_NAME_IP_ADDRESS
NPKI_Exception
- Throws a PKI error code if not successful.public int subjectAltNamesInfo() throws NPKI_Exception
A successful call to decodeCertificate
must have been made
prior to calling subjectAltNamesInfo
. Iterative calls to
subjectAltName
can be made to retrieve each of the subject
alternative names.
NOTE: The Subject Alternative Name extension is optional so not all certificates will have Subject Alternative Names.
NPKI_Exception
- Throws a PKI error code if not successful.decodeCertificate
,
subjectAltName
public short keyUsageInfo() throws NPKI_Exception
A successful call to decodeCertificate
must have been made prior to calling keyUsageInfo
.
NOTE: The Key Usage extension is optional so not all certificates will have Key Usages.
X509_KEY_USAGE_DIGITAL_SIGNATURE - (0x8000)
The key may be used to create
digital signatures.
X509_KEY_USAGE_NON_REPUDIATION - (0x4000)
The key may be used for non-repudiation.
This type of key usually has legal ramifications.
X509_KEY_USAGE_KEY_ENCIPHERMENT - (0x2000)
The key may be used to encrypt other keys.
X509_KEY_USAGE_DATA_ENCIPHERMENT - (0x1000)
The key may be used to directly encrypt data.
X509_KEY_USAGE_KEY_AGREEMENT - (0x0800)
The key may be used for key agreement, for
example, when a Diffie_Hellman key is to be used for key management. Not valid for RSA keys.
X509_KEY_USAGE_KEY_CERT_SIGN - (0x0400)
The key may be used to sign certificates.
X509_KEY_USAGE_CRL_SIGN - (0x0200)
The key may be used to sign CRLs (Certificate Revocation Lists).
X509_KEY_USAGE_ENCIPHER_ONLY - (0x0100)
The key may be used only for enciphering data while
performing key agreement (X509_KEY_USAGE_KEY_AGREEMENT
bit must also be set). Not valid for RSA keys.
X509_KEY_USAGE_DECIPHER_ONLY - (0x0080)
The key may be used only for deciphering data while performing
key agreement (X509_KEY_USAGE_KEY_AGREEMENT
bit must also be set). Not valid for RSA keys.NPKI_Exception
- Throws a PKI error code if not successful.public void novellExtensionInfo(java.lang.String[] version, java.lang.String[] uriReference, java.lang.Boolean keyQEnforceQuality, java.lang.Short keyQCSCriteria, java.lang.Short keyQCSRating, java.lang.Short keyQCryptoCriteria, java.lang.Short keyQCryptoRating, java.lang.Short keyQKeyStorage, java.lang.Boolean cryptoProEnforceQuality, java.lang.Short cryptoProCSCriteria, java.lang.Short cryptoProCSRating, java.lang.Short cryptoProCryptoCriteria, java.lang.Short cryptoProCryptoRating, java.lang.Short cryptoProKeyStorage, java.lang.Short certificateClass, byte[][] eidRootLabel, byte[][] eidEnterpriseLabel, byte[][] eidRegistryLabel) throws NPKI_Exception
A successful call to decodeCertificate
must have been
made prior to calling novellExtensionInfo
. The Novell
Security Attribute contains information about the cryptographic key
quality and operating system's security assurance.
NOTE: The Novell Security Attributes extension is optional so not all certificates will have Novell Security Attributes.
version
- (OUT) A unicode string containing the
version of the Novell Security Attribute.uriReference
- (OUT) A unicode string containing a
URI where more information about the Novell Security Attributes can be found.keyQEnforceQuality
- (OUT) The Enforce Quality flag
which specifies whether the cryptoprovider can use the private key on
a platform that does not meet the minimum Key Quality attributes specified.keyQCSCriteria
- The computer security criteria under which the
machine used to generate the key pair was evaluated (i.e., TCSEC or
Common Criteria).keyQCSRating
- (OUT) The computer security rating of
the machine used to generate the key pair (i.e., TCSEC C2 EVALUATED).keyQCryptoCriteria
- (OUT) The cryptographic module criteria under which
the machine used to generate the key pair was evaluated (i.e., FIPS 140-1).keyQCryptoRating
- (OUT) The cryptographic module rating
of the machine used to generate the key pair (i.e., FIPS 140-1 VENDOR INSPECTED).keyQKeyStorage
- (OUT) The key storage quality which
represents the protection used to secure the private key (i.e.,
password, biometric).cryptoProEnforceQuality
- (OUT) The Enforce Quality
flag which specifies whether the user will use the private key on a
platform that meets the minimum Crypto Process attributes specified.cryptoProCSCriteria
- (OUT) The computer seciruty
criteria under which the machine that uses the private key was
evaluated (i.e., TCSEC or Common Criteria).cryptoProCSRating
- (OUT) The cryptographic module r
ating of the machine that uses the private key (i.e., FIPS 140-1
VENDOR INSPECTED).cryptoProCryptoCriteria
- (OUT) The cryptographic
module criteria under which the machine that uses the private key was
evaluated (i.e., FIPS 140-1).cryptoProCryptoRating
- (OUT) The cryptographic module
rating of the machine that uses the private key (i.e., FIPS 140-1
VENDOR INSPECTED).cryptoProKeyStorage
- (OUT) The crypto process storage
quality which represents the protection used to secure the private key
(i.e., password, biometric).certificateClass
- (OUT) The Certificate class that
represents the amount of due diligence performed by the CA before
signing the certificate (i.e., email, address, enterprice name,
government agency).eidRootLabel
- (OUT) The Enterprise Identifier that
specifies the levels and categories for secrecy and integrity for the
Root authority.eidEnterpriseLabel
- (OUT) The Enterprise Identifier
that specifies the levels and categories for secrecy and integrity for
the Enterprise authority.eidRegistryLabel
- (OUT) The Enterprise Identifier that
specifies the levels and categories for secrecy and integrity for the
Registry authority.
NPKI_Exception
- Throws a PKI error code if not successful.decodeCertificate
,
getExtensionData
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |