Package de.mtg.jzlint.lints.mozilla

Class MpEcdsaSignatureEncodingCorrect

java.lang.Object

de.mtg.jzlint.lints.mozilla.MpEcdsaSignatureEncodingCorrect

All Implemented Interfaces:

JavaLint

public class MpEcdsaSignatureEncodingCorrect
extends Object
implements JavaLint

https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/ When a root or intermediate certificate's ECDSA key is used to produce a signature, only the following algorithms may be used, and with the following encoding requirements: If the signing key is P-256, the signature MUST use ECDSA with SHA-256. The encoded AlgorithmIdentifier MUST match the following hex-encoded bytes: 300a06082a8648ce3d040302. If the signing key is P-384, the signature MUST use ECDSA with SHA-384. The encoded AlgorithmIdentifier MUST match the following hex-encoded bytes: 300a06082a8648ce3d040303. The above encodings consist of the corresponding OID with the parameters field omitted, as specified by RFC 5758, Section 3.2. Certificates MUST NOT include a NULL parameter. Note this differs from RSASSA-PKCS1-v1_5, which includes an explicit NULL.

Constructor Summary

Constructors

Constructor	Description
MpEcdsaSignatureEncodingCorrect()

Method Summary

Modifier and Type	Method	Description
boolean	checkApplies(X509Certificate certificate)
LintResult	execute(X509Certificate certificate)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

MpEcdsaSignatureEncodingCorrect

public MpEcdsaSignatureEncodingCorrect()

Method Details

execute

public LintResult execute(X509Certificate certificate)

Specified by:

execute in interface JavaLint

checkApplies

public boolean checkApplies(X509Certificate certificate)

Specified by:

checkApplies in interface JavaLint