Package net.ripe.rpki.commons.crypto.cms
Class RpkiSignedObject
- java.lang.Object
-
- net.ripe.rpki.commons.crypto.cms.RpkiSignedObject
-
- All Implemented Interfaces:
Serializable,CertificateRepositoryObject
- Direct Known Subclasses:
AspaCms,GhostbustersCms,ManifestCms,RoaCms
public abstract class RpkiSignedObject extends Object implements CertificateRepositoryObject
- See Also:
- Serialized Form
-
-
Field Summary
Fields Modifier and Type Field Description static List<String>ALLOWED_SIGNATURE_ALGORITHM_OIDSstatic StringDIGEST_ALGORITHM_OIDThe digestAlgorithms set MUST include only SHA-256, the OID for which is 2.16.840.1.101.3.4.2.1.static StringRSA_ENCRYPTION_OIDHowever, older versions of BouncyCastle did not support this OID and use "rsaEncryption" instead.static StringSHA256WITHRSA_ENCRYPTION_OIDCMS signed objects must indicate signing algorithm as "sha256WithRsa".
-
Constructor Summary
Constructors Modifier Constructor Description protectedRpkiSignedObject(byte[] encoded, X509ResourceCertificate certificate, org.bouncycastle.asn1.ASN1ObjectIdentifier oid, org.joda.time.DateTime signingTime)protectedRpkiSignedObject(RpkiSignedObjectInfo cmsObjectData)
-
Method Summary
-
-
-
Field Detail
-
SHA256WITHRSA_ENCRYPTION_OID
public static final String SHA256WITHRSA_ENCRYPTION_OID
CMS signed objects must indicate signing algorithm as "sha256WithRsa".
-
RSA_ENCRYPTION_OID
public static final String RSA_ENCRYPTION_OID
However, older versions of BouncyCastle did not support this OID and use "rsaEncryption" instead. We accept both when parsing and validating, but sign with "sha256WithRsa" now.
-
DIGEST_ALGORITHM_OID
public static final String DIGEST_ALGORITHM_OID
The digestAlgorithms set MUST include only SHA-256, the OID for which is 2.16.840.1.101.3.4.2.1. [RFC4055] It MUST NOT contain any other algorithms.
-
-
Constructor Detail
-
RpkiSignedObject
protected RpkiSignedObject(RpkiSignedObjectInfo cmsObjectData)
-
RpkiSignedObject
protected RpkiSignedObject(byte[] encoded, X509ResourceCertificate certificate, org.bouncycastle.asn1.ASN1ObjectIdentifier oid, org.joda.time.DateTime signingTime)
-
-
Method Detail
-
getEncoded
public byte[] getEncoded()
- Specified by:
getEncodedin interfaceCertificateRepositoryObject
-
getSigningTime
public org.joda.time.DateTime getSigningTime()
-
getContentType
public org.bouncycastle.asn1.ASN1ObjectIdentifier getContentType()
-
getCertificate
public X509ResourceCertificate getCertificate()
-
signedBy
public boolean signedBy(X509ResourceCertificate certificate)
-
getValidityPeriod
public ValidityPeriod getValidityPeriod()
-
getNotValidBefore
public org.joda.time.DateTime getNotValidBefore()
-
getNotValidAfter
public org.joda.time.DateTime getNotValidAfter()
-
getCertificateIssuer
public X500Principal getCertificateIssuer()
-
getCertificateSubject
public X500Principal getCertificateSubject()
-
getCrlUri
public URI getCrlUri()
- Specified by:
getCrlUriin interfaceCertificateRepositoryObject
-
validate
public void validate(String location, CertificateRepositoryObjectValidationContext context, CrlLocator crlLocator, ValidationOptions options, ValidationResult result)
- Specified by:
validatein interfaceCertificateRepositoryObject
-
validate
public void validate(String location, CertificateRepositoryObjectValidationContext context, X509Crl crl, URI crlUri, ValidationOptions options, ValidationResult result)
- Specified by:
validatein interfaceCertificateRepositoryObject
-
getParentCertificateUri
public URI getParentCertificateUri()
- Specified by:
getParentCertificateUriin interfaceCertificateRepositoryObject
-
validateWithCrl
protected void validateWithCrl(String location, CertificateRepositoryObjectValidationContext context, ValidationOptions options, ValidationResult result, X509Crl crl)
-
isPastValidityTime
public boolean isPastValidityTime()
- Specified by:
isPastValidityTimein interfaceCertificateRepositoryObject
-
isRevoked
public boolean isRevoked()
- Specified by:
isRevokedin interfaceCertificateRepositoryObject
-
-