info.pppc.base.security

Interface ICertificate

All Known Implementing Classes:

AbstractCertificate, ECCCertificate, RSACertificate

public interface ICertificate

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	AES_ENCRYPTION_MODE
static java.lang.String	CERTIFICATE_TYPE
static java.lang.String	DIGEST_TYPE
static java.lang.String	HMAC_ALGORITHM
static java.lang.String	RSA_ENCRYPTION_MODE

Method Summary

Methods

Modifier and Type	Method and Description
byte[]	decrypt(byte[] encryptedMessage) Decrypts a message, so that the plain text is accessible.
byte[]	encrypt(byte[] message) Encrypts a message, so that it can only be read by the owner of the corresponding private key of this certificate.
boolean	equals(java.lang.Object obj) Every certificate type has to implement a comparison operator.
java.util.Date	getEndDate() Returns the time after that the certificate is invalid.
byte[]	getFingerprint() Gets the SHA-1 fingerprint of the certificate.
java.lang.String	getIssuer() Get the issuer of the certificate
IPublicKey	getPublicKey() Get the public key of the certificate
byte[]	getSignature() Get the signature of the issuer of this certificate.
byte[]	getSignedPart() Returns the part of the certificate, that was signed by the issuer.
java.util.Date	getStartDate() Returns the time from which the certificate is valid.
java.lang.String	getSubject() Get the subject of the certificate.
int	hashCode() Returns a hash code for the certificate.
boolean	hasPrivateKey() Can be used to check if the device owns the corresponding private key of this certificate.
boolean	isValidRegardingStartAndEndDate() Validates the start and end date of a certificate.
byte[]	sign(byte[] toSign) Signs a given byte array.
byte[][]	toByteArray() Get the certificate as byte array (DER encoded), contains also the private key as byte array, if it does exist.
java.lang.String	toString() Convert the bytes of the certificate to a BASE64-encoded string.
boolean	verifyCertificate(IKeyStore keystore) Verify if the certificate is trusted or issued by a trusted CA.
boolean	verifySignature(byte[] message, byte[] signature) Verifies a signature which was created with the private key of this certificate (only needs the public key for verification).

Field Detail

CERTIFICATE_TYPE

static final java.lang.String CERTIFICATE_TYPE

See Also:

Constant Field Values

DIGEST_TYPE

static final java.lang.String DIGEST_TYPE

See Also:

Constant Field Values

AES_ENCRYPTION_MODE

static final java.lang.String AES_ENCRYPTION_MODE

See Also:

Constant Field Values

RSA_ENCRYPTION_MODE

static final java.lang.String RSA_ENCRYPTION_MODE

See Also:

Constant Field Values

HMAC_ALGORITHM

static final java.lang.String HMAC_ALGORITHM

See Also:

Constant Field Values

Method Detail

getPublicKey

IPublicKey getPublicKey()

Get the public key of the certificate

Returns:

The public key of the certificate or null, if no public key exists

getSubject

java.lang.String getSubject()

Get the subject of the certificate.

Returns:

The subject (name) of the certificate as X509Name

getIssuer

java.lang.String getIssuer()

Get the issuer of the certificate

Returns:

The issuer of the certificate as X509Name

verifyCertificate

boolean verifyCertificate(IKeyStore keystore)

Verify if the certificate is trusted or issued by a trusted CA.
The result is not cached and reevaluated every time this method is called. You can use the is trusted method instead, to get a cached value.

Parameters:

-

Returns:

True, if the certificate is trusted, false otherwise.

getFingerprint

byte[] getFingerprint()

Gets the SHA-1 fingerprint of the certificate.

Returns:

The SHA-1 fingerprint of the certificate (160 bit = 20 byte)

Throws:

java.io.IOException - This exception is thrown if the certificate is stored in a file and cannot properly accessed.

sign

byte[] sign(byte[] toSign)

Signs a given byte array. First creates the SHA-1-Hash and then signs it. Returns the signed SHA-1 hash value.

This is only possible, if the device also has the private key!

Parameters:

toSign - The byte array which should be hashed and signed

Returns:

The signature for the SHA-1 hash of the given byte array. Returns null, if the device does not know the private key for this certificate.

verifySignature

boolean verifySignature(byte[] message,
                      byte[] signature)

Verifies a signature which was created with the private key of this certificate (only needs the public key for verification).

Parameters:

message - The message which was signed

signature - The signature of the message

Returns:

True if the signature is valid and was created by the subject of this certificate

encrypt

byte[] encrypt(byte[] message)

Encrypts a message, so that it can only be read by the owner of the corresponding private key of this certificate.
Please ensure, that this message contains some "randomness", e.g. at least the current date and time.

Parameters:

message - The message which should be encrypted

Returns:

A message encrypted with the public key of this certificate, if the certificate contains the public key; null, if not or if an IOException occurred

decrypt

byte[] decrypt(byte[] encryptedMessage)

Decrypts a message, so that the plain text is accessible.

Parameters:

encryptedMessage - A message which was encrypted using the public key of this certificate

Returns:

The plain text of the message, if the certificate contains the private key; null, if not or if an IOException occurred

Throws:

java.io.IOException

hasPrivateKey

boolean hasPrivateKey()

Can be used to check if the device owns the corresponding private key of this certificate.

Returns:

True, if the private key exists, false otherwise

toString

java.lang.String toString()

Convert the bytes of the certificate to a BASE64-encoded string.

Overrides:

toString in class java.lang.Object

Returns:

The certificate as BASE64-encoded string!

toByteArray

byte[][] toByteArray()

Get the certificate as byte array (DER encoded), contains also the private key as byte array, if it does exist.

Returns:

The certificate ([0]) and the private key ([1]) as byte array. [1] can be null.

equals

boolean equals(java.lang.Object obj)

Every certificate type has to implement a comparison operator. Usually an certificate equals another one, if ALL fields are identical. This method must returns true, if the certificate equal each other.

Overrides:

equals in class java.lang.Object

Parameters:

obj - The object of the type CertificateAbstraction that should be compared to the current certificate

Returns:

True, if the current certificate and the given certificate are equal, false otherwise

See Also:

Object.equals(java.lang.Object)

getSignedPart

byte[] getSignedPart()

Returns the part of the certificate, that was signed by the issuer. In combination with the signature (and the certificate of the issuer), the authenticity of this certificate can be checked by anyone.

Returns:

The part of the certificate, that was signed by the certificate issuer.

getSignature

byte[] getSignature()

Get the signature of the issuer of this certificate. This is usually a signature about the signed part of the certificate.

Returns:

The signature of this certificate.

See Also:

getSignedPart()

hashCode

int hashCode()

Returns a hash code for the certificate. The hash code is computed from the actual byte sequence of the certificate.

Overrides:

hashCode in class java.lang.Object

Returns:

The hash code of the certificate.

getStartDate

java.util.Date getStartDate()

Returns the time from which the certificate is valid. The certificate is invalid before this time.

Returns:

A Date object containing the start date of this certificate

See Also:

getEndDate()

getEndDate

java.util.Date getEndDate()

Returns the time after that the certificate is invalid.

Returns:

A Date object containing the end date of this certificate

See Also:

getStartDate()

isValidRegardingStartAndEndDate

boolean isValidRegardingStartAndEndDate()

Validates the start and end date of a certificate. If the current time is between both of these timestamps, the certificate is valid and true is returned.

Returns:

True, if the certificate is valid regarding start and end date, false otherwise.