net.ripe.rpki.commons.crypto.cms

Class RpkiSignedObject

java.lang.Object

net.ripe.rpki.commons.crypto.cms.RpkiSignedObject

All Implemented Interfaces:

Serializable, CertificateRepositoryObject

Direct Known Subclasses:

GhostbustersCms, ManifestCms, RoaCms

public abstract class RpkiSignedObject
extends Object
implements CertificateRepositoryObject

See Also:

Serialized Form

Field Summary

Fields

Modifier and Type	Field and Description
static List<String>	ALLOWED_SIGNATURE_ALGORITHM_OIDS
static String	DIGEST_ALGORITHM_OID The digestAlgorithms set MUST include only SHA-256, the OID for which is 2.16.840.1.101.3.4.2.1.
static String	RSA_ENCRYPTION_OID However, older versions of BouncyCastle did not support this OID and use "rsaEncryption" instead.
static String	SHA256WITHRSA_ENCRYPTION_OID CMS signed objects must indicate signing algorithm as "sha256WithRsa".

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	RpkiSignedObject(byte[] encoded, X509ResourceCertificate certificate, org.bouncycastle.asn1.ASN1ObjectIdentifier oid, org.joda.time.DateTime signingTime)
protected	RpkiSignedObject(RpkiSignedObjectInfo cmsObjectData)

Method Summary

Modifier and Type	Method and Description
boolean	equals(Object obj)
X509ResourceCertificate	getCertificate()
X500Principal	getCertificateIssuer()
X500Principal	getCertificateSubject()
org.bouncycastle.asn1.ASN1ObjectIdentifier	getContentType()
URI	getCrlUri()
byte[]	getEncoded()
org.joda.time.DateTime	getNotValidAfter()
org.joda.time.DateTime	getNotValidBefore()
org.joda.time.DateTime	getSigningTime()
ValidityPeriod	getValidityPeriod()
int	hashCode()
boolean	isPastValidityTime()
boolean	isRevoked()
boolean	signedBy(X509ResourceCertificate certificate)
void	validate(String location, CertificateRepositoryObjectValidationContext context, CrlLocator crlLocator, ValidationOptions options, ValidationResult result)
void	validate(String location, CertificateRepositoryObjectValidationContext context, X509Crl crl, URI crlUri, ValidationOptions options, ValidationResult result)
protected abstract void	validateWithCrl(String location, CertificateRepositoryObjectValidationContext context, ValidationOptions options, ValidationResult result, X509Crl crl)

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.ripe.rpki.commons.crypto.CertificateRepositoryObject

getParentCertificateUri

Field Detail

SHA256WITHRSA_ENCRYPTION_OID

public static final String SHA256WITHRSA_ENCRYPTION_OID

CMS signed objects must indicate signing algorithm as "sha256WithRsa".

RSA_ENCRYPTION_OID

public static final String RSA_ENCRYPTION_OID

However, older versions of BouncyCastle did not support this OID and use "rsaEncryption" instead. We accept both when parsing and validating, but sign with "sha256WithRsa" now.

ALLOWED_SIGNATURE_ALGORITHM_OIDS

public static final List<String> ALLOWED_SIGNATURE_ALGORITHM_OIDS

DIGEST_ALGORITHM_OID

public static final String DIGEST_ALGORITHM_OID

The digestAlgorithms set MUST include only SHA-256, the OID for which is 2.16.840.1.101.3.4.2.1. [RFC4055] It MUST NOT contain any other algorithms.

Constructor Detail

RpkiSignedObject

protected RpkiSignedObject(RpkiSignedObjectInfo cmsObjectData)

RpkiSignedObject

protected RpkiSignedObject(byte[] encoded,
                           X509ResourceCertificate certificate,
                           org.bouncycastle.asn1.ASN1ObjectIdentifier oid,
                           org.joda.time.DateTime signingTime)

Method Detail

getEncoded

public byte[] getEncoded()

Specified by:

getEncoded in interface CertificateRepositoryObject

getSigningTime

public org.joda.time.DateTime getSigningTime()

getContentType

public org.bouncycastle.asn1.ASN1ObjectIdentifier getContentType()

getCertificate

public X509ResourceCertificate getCertificate()

signedBy

public boolean signedBy(X509ResourceCertificate certificate)

getValidityPeriod

public ValidityPeriod getValidityPeriod()

getNotValidBefore

public org.joda.time.DateTime getNotValidBefore()

getNotValidAfter

public org.joda.time.DateTime getNotValidAfter()

getCertificateIssuer

public X500Principal getCertificateIssuer()

getCertificateSubject

public X500Principal getCertificateSubject()

getCrlUri

public URI getCrlUri()

Specified by:

getCrlUri in interface CertificateRepositoryObject

validate

public void validate(String location,
                     CertificateRepositoryObjectValidationContext context,
                     CrlLocator crlLocator,
                     ValidationOptions options,
                     ValidationResult result)

Specified by:

validate in interface CertificateRepositoryObject

validate

public void validate(String location,
                     CertificateRepositoryObjectValidationContext context,
                     X509Crl crl,
                     URI crlUri,
                     ValidationOptions options,
                     ValidationResult result)

Specified by:

validate in interface CertificateRepositoryObject

validateWithCrl

protected abstract void validateWithCrl(String location,
                                        CertificateRepositoryObjectValidationContext context,
                                        ValidationOptions options,
                                        ValidationResult result,
                                        X509Crl crl)

isPastValidityTime

public boolean isPastValidityTime()

Specified by:

isPastValidityTime in interface CertificateRepositoryObject

isRevoked

public boolean isRevoked()

Specified by:

isRevoked in interface CertificateRepositoryObject

hashCode

public int hashCode()

Overrides:

hashCode in class Object

equals

public boolean equals(Object obj)

Overrides:

equals in class Object