diff --git a/packages/BouncyCastle.1.7.0/BouncyCastle.1.7.0.nupkg b/packages/BouncyCastle.1.7.0/BouncyCastle.1.7.0.nupkg
deleted file mode 100644
index f5b7aa01..00000000
Binary files a/packages/BouncyCastle.1.7.0/BouncyCastle.1.7.0.nupkg and /dev/null differ
diff --git a/packages/BouncyCastle.1.7.0/BouncyCastle.1.7.0.nuspec b/packages/BouncyCastle.1.7.0/BouncyCastle.1.7.0.nuspec
deleted file mode 100644
index b27275c9..00000000
--- a/packages/BouncyCastle.1.7.0/BouncyCastle.1.7.0.nuspec
+++ /dev/null
@@ -1,34 +0,0 @@
-
-
-
- BouncyCastle
- 1.7.0
- Bouncy Castle
- Bouncy Castle Project Contributors
- Bouncy Castle Project Contributors
- http://www.bouncycastle.org/csharp/
- false
- BouncyCastle.Crypto is a cryptography API providing:
- -Generation and parsing of PKCS#12 files.
- -X.509: Generators and parsers for V1 and V3 certificates, V2 CRLs and attribute certificates.
- -PBE algorithms supported by PBEUtil: PBEwithMD2andDES-CBC, PBEwithMD2andRC2-CBC, PBEwithMD5andDES-CBC, PBEwithMD5andRC2-CBC, PBEwithSHA1andDES-CBC, PBEwithSHA1andRC2-CBC, PBEwithSHA-1and128bitRC4, PBEwithSHA-1and40bitRC4, PBEwithSHA-1and3-keyDESEDE-CBC, PBEwithSHA-1and2-keyDESEDE-CBC, PBEwithSHA-1and128bitRC2-CBC, PBEwithSHA-1and40bitRC2-CBC, PBEwithHmacSHA-1, PBEwithHmacSHA-224, PBEwithHmacSHA-256, PBEwithHmacRIPEMD128, PBEwithHmacRIPEMD160, and PBEwithHmacRIPEMD256.
- -Signature algorithms supported by SignerUtilities: MD2withRSA, MD4withRSA, MD5withRSA, RIPEMD128withRSA, RIPEMD160withRSA, RIPEMD256withRSA, SHA-1withRSA, SHA-224withRSA, SHA-256withRSAandMGF1, SHA-384withRSAandMGF1, SHA-512withRSAandMGF1, SHA-1withDSA, and SHA-1withECDSA.
- -Symmetric key algorithms: AES, Blowfish, Camellia, CAST5, CAST6, DESede, DES, GOST28147, HC-128, HC-256, IDEA, NaccacheStern, RC2, RC4, RC5-32, RC5-64, RC6, Rijndael, Serpent, Skipjack, TEA/XTEA, Twofish, and VMPC.
- -Symmetric key modes: CBC, CFB, CTS, GOFB, OFB, OpenPGPCFB, and SIC (or CTR).
- -Symmetric key paddings: ISO10126d2, ISO7816d4, PKCS#5/7, TBC, X.923, and Zero Byte.
- -Asymmetric key algorithms: RSA (with blinding), ElGamal, DSA, ECDSA.
- -Asymmetric key paddings/encodings: ISO9796d1, OAEP, and PKCS#1.
- -Digests: GOST3411, MD2, MD4, MD5, RIPEMD128, RIPEMD160, RIPEMD256, RIPEMD320, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, Tiger, and Whirlpool.
- -Signer mechanisms: DSA, ECDSA, ECGOST3410, GOST3410, ISO9796d2, PSS, RSA.
- -Key Agreement: Diffie-Hellman and EC-DH.
- -Macs: CBCBlockCipher, CFBBlockCipher, GOST28147, HMac, and ISO9797 Alg. 3.
- -PBE generators: PKCS#12, and PKCS#5 - schemes 1 and 2.
- -OpenPGP (RFC 2440)
- -Cryptographic Message Syntax (CMS, RFC 3852), including streaming API.
- -Online Certificate Status Protocol (OCSP, RFC 2560).
- -Time Stamp Protocol (TSP, RFC 3161).
- -TLS/SSL Client with support for client side authentication.
- BouncyCastle.Crypto is a cryptography API providing: -Generation and parsing of PKCS#12 files. -X.509: Generators and parsers for V1 and V3 certificates, V2 CRLs and attribute certificates. -PBE algorithms supported by PBEUtil: PBEwithMD2andDES-CBC, PBEwithMD2andRC2-CBC, PBEwithMD5andDES-CBC, PBEwithMD5andRC2-CBC, PBEwithSHA1andDES-CBC, PBEwithSHA1andRC2-CBC, PBEwithSHA-1and128bitRC4, PBEwithSHA-1and40bitRC4, PBEwithSHA-1and3-keyDESEDE-CBC, PBEwithSHA-1and2-keyDESEDE-CBC, PBEwithSHA-1and128bitRC2-CBC, PBEwithSHA-1and40bitRC2-CBC, PBEwithHmacSHA-1, PBEwithHmacSHA-224, PBEwithHmacSHA-256, PBEwithHmacRIPEMD128, PBEwithHmacRIPEMD160, and PBEwithHmacRIPEMD256. -Signature algorithms supported by SignerUtilities: MD2withRSA, MD4withRSA, MD5withRSA, RIPEMD128withRSA, RIPEMD160withRSA, RIPEMD256withRSA, SHA-1withRSA, SHA-224withRSA, SHA-256withRSAandMGF1, SHA-384withRSAandMGF1, SHA-512withRSAandMGF1, SHA-1withDSA, and SHA-1withECDSA. -Symmetric key algorithms: AES, Blowfish, Camellia, CAST5, CAST6, DESede, DES, GOST28147, HC-128, HC-256, IDEA, NaccacheStern, RC2, RC4, RC5-32, RC5-64, RC6, Rijndael, Serpent, Skipjack, TEA/XTEA, Twofish, and VMPC. -Symmetric key modes: CBC, CFB, CTS, GOFB, OFB, OpenPGPCFB, and SIC (or CTR). -Symmetric key paddings: ISO10126d2, ISO7816d4, PKCS#5/7, TBC, X.923, and Zero Byte. -Asymmetric key algorithms: RSA (with blinding), ElGamal, DSA, ECDSA. -Asymmetric key paddings/encodings: ISO9796d1, OAEP, and PKCS#1. -Digests: GOST3411, MD2, MD4, MD5, RIPEMD128, RIPEMD160, RIPEMD256, RIPEMD320, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, Tiger, and Whirlpool. -Signer mechanisms: DSA, ECDSA, ECGOST3410, GOST3410, ISO9796d2, PSS, RSA. -Key Agreement: Diffie-Hellman and EC-DH. -Macs: CBCBlockCipher, CFBBlockCipher, GOST28147, HMac, and ISO9797 Alg. 3. -PBE generators: PKCS#12, and PKCS#5 - schemes 1 and 2. -OpenPGP (RFC 2440) -Cryptographic Message Syntax (CMS, RFC 3852), including streaming API. -Online Certificate Status Protocol (OCSP, RFC 2560). -Time Stamp Protocol (TSP, RFC 3161). -TLS/SSL Client with support for client side authentication.
- bouncycastle cryptography encryption security
-
-
\ No newline at end of file
diff --git a/packages/BouncyCastle.1.7.0/Readme.txt b/packages/BouncyCastle.1.7.0/Readme.txt
deleted file mode 100644
index 45162c5f..00000000
--- a/packages/BouncyCastle.1.7.0/Readme.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-
-For documentation and mailing lists, see the project web site: http://www.bouncycastle.org/csharp/
-
-Contact me directly for package/build issues: www.soygul.com/contact
-
-© 2011, Bouncy Castle Project
\ No newline at end of file
diff --git a/packages/BouncyCastle.1.7.0/lib/Net40-Client/crypto.xml b/packages/BouncyCastle.1.7.0/lib/Net40-Client/crypto.xml
deleted file mode 100644
index 6a920635..00000000
--- a/packages/BouncyCastle.1.7.0/lib/Net40-Client/crypto.xml
+++ /dev/null
@@ -1,19392 +0,0 @@
-
-
-
- BouncyCastle.Crypto
-
-
-
- class to produce an X.509 Version 2 CRL.
-
-
- reset the generator
-
-
- Set the issuer distinguished name - the issuer is the entity whose private key is used to sign the
- certificate.
-
-
- Reason being as indicated by CrlReason, i.e. CrlReason.KeyCompromise
- or 0 if CrlReason is not to be used
-
-
-
- Add a CRL entry with an Invalidity Date extension as well as a CrlReason extension.
- Reason being as indicated by CrlReason, i.e. CrlReason.KeyCompromise
- or 0 if CrlReason is not to be used
-
-
-
- Add a CRL entry with extensions.
-
-
-
- Add the CRLEntry objects contained in a previous CRL.
-
- @param other the X509Crl to source the other entries from.
-
-
- Set the signature algorithm. This can be either a name or an oid, names
- are treated as case insensitive.
-
- @param signatureAlgorithm string representation of the algorithm name.
-
-
- add a given extension field for the standard extensions tag (tag 0)
-
-
- add a given extension field for the standard extensions tag (tag 0)
-
-
- add a given extension field for the standard extensions tag (tag 0)
-
-
- add a given extension field for the standard extensions tag (tag 0)
-
-
- Generate an X509 CRL, based on the current issuer and subject.
- The key used for signing.
-
-
- Generate an X509 CRL, based on the current issuer and subject.
- The key used for signing.
- A user-defined source of randomness.
-
-
-
- Allows enumeration of the signature names supported by the generator.
-
-
-
- class for dealing with X509 certificates.
-
- At the moment this will deal with "-----BEGIN CERTIFICATE-----" to "-----END CERTIFICATE-----"
- base 64 encoded certs, as well as the BER binaries of certificates and some classes of PKCS#7
- objects.
-
-
-
- Create loading data from byte array.
-
-
-
-
-
- Create loading data from byte array.
-
-
-
-
- Generates a certificate object and initializes it with the data
- read from the input stream inStream.
-
-
- Returns a (possibly empty) collection view of the certificates
- read from the given input stream inStream.
-
-
- This class contains a collection for collection based X509Store
s.
-
-
-
- Constructor.
-
- The collection is copied.
-
-
- The collection containing X.509 object types.
- If collection is null.
-
-
- Returns a copy of the ICollection
.
-
-
- Returns a formatted string describing the parameters.
-
-
- A high level subject key identifier.
-
-
- The SubjectKeyIdentifier object.
-
- SubjectKeyIdentifier::= OCTET STRING
-
-
-
- Return the DER encoding of the object, null if the DER encoding can not be made.
-
- @return a DER byte array, null otherwise.
-
-
- Calculates the keyIdentifier using a SHA1 hash over the BIT STRING
- from SubjectPublicKeyInfo as defined in RFC3280.
-
- @param spki the subject public key info.
-
-
- Return a RFC 3280 type 1 key identifier. As in:
-
- (1) The keyIdentifier is composed of the 160-bit SHA-1 hash of the
- value of the BIT STRING subjectPublicKey (excluding the tag,
- length, and number of unused bits).
-
- @param keyInfo the key info object containing the subjectPublicKey field.
- @return the key identifier.
-
-
- Return a RFC 3280 type 2 key identifier. As in:
-
- (2) The keyIdentifier is composed of a four bit type field with
- the value 0100 followed by the least significant 60 bits of the
- SHA-1 hash of the value of the BIT STRING subjectPublicKey.
-
- @param keyInfo the key info object containing the subjectPublicKey field.
- @return the key identifier.
-
-
- Constructor which will take the byte[] returned from getExtensionValue()
-
- @param encodedValue a DER octet encoded string with the extension structure in it.
- @throws IOException on parsing errors.
-
-
-
- Return the number of milliseconds since the Unix epoch (1 Jan., 1970 UTC) for a given DateTime value.
-
- A UTC DateTime value not before epoch.
- Number of whole milliseconds after epoch.
- 'dateTime' is before epoch.
-
-
-
- Create a DateTime value from the number of milliseconds since the Unix epoch (1 Jan., 1970 UTC).
-
- Number of milliseconds since the epoch.
- A UTC DateTime value
-
-
-
- Return the current number of milliseconds since the Unix epoch (1 Jan., 1970 UTC).
-
-
-
- Use the specified instance of IRandomGenerator as random source.
-
- This constructor performs no seeding of either the IRandomGenerator or the
- constructed SecureRandom. It is the responsibility of the client to provide
- proper seed material as necessary/appropriate for the given IRandomGenerator
- implementation.
-
- The source to generate all random bytes from.
-
-
-
- Summary description for PkixPolicyNode.
-
-
-
- Constructors
-
-
- simply return the cert entry for the private key
-
-
- PEM generator for the original set of PEM objects used in Open SSL.
-
-
-
- A
-
-
-
-
- Holder for a list of PgpOnePassSignature objects.
-
-
-
- General class for reading a PGP object stream.
-
- Note: if this class finds a PgpPublicKey or a PgpSecretKey it
- will create a PgpPublicKeyRing, or a PgpSecretKeyRing for each
- key found. If all you are trying to do is read a key ring file use
- either PgpPublicKeyRingBundle or PgpSecretKeyRingBundle.
-
-
-
- Return the next object in the stream, or null if the end is reached.
- On a parse error
-
-
-
- Return all available objects in a list.
-
- An IList containing all objects from this factory, in order.
-
-
- A holder for a list of PGP encryption method packets.
-
-
- Compressed data objects
-
-
- Get the raw input stream contained in the object.
-
-
- Return an uncompressed input stream which allows reading of the compressed data.
-
-
- The algorithm used for compression
-
-
- Carrier for a ResponderID.
-
-
- Some helper fuctions for MicroTLS.
-
-
-
- A certificate verifyer, that will always return true.
-
- DO NOT USE THIS FILE UNLESS YOU KNOW EXACTLY WHAT YOU ARE DOING.
-
-
-
-
-
- This should be implemented by any class which can find out, if a given
- certificate chain is being accepted by an client.
-
-
-
- The certs, which are part of the chain.
- True, if the chain is accepted, false otherwise
-
-
- Return true.
-
-
- ISO9796-2 - mechanism using a hash function with recovery (scheme 1)
-
-
- Signer with message recovery.
-
-
- Initialise the signer for signing or verification.
-
- @param forSigning true if for signing, false otherwise
- @param param necessary parameters.
-
-
- update the internal digest with the byte b
-
-
- update the internal digest with the byte array in
-
-
- Generate a signature for the message we've been loaded with using
- the key we were initialised with.
-
-
- return true if the internal state represents the signature described
- in the passed in array.
-
-
- reset the internal state
-
-
- Return the name of the algorithm the signer implements.
-
- @return the name of the algorithm the signer implements.
-
-
- Returns true if the signer has recovered the full message as
- part of signature verification.
-
- @return true if full message recovered.
-
-
- Returns a reference to what message was recovered (if any).
-
- @return full/partial message, null if nothing.
-
-
- Perform an update with the recovered message before adding any other data. This must
- be the first update method called, and calling it will result in the signer assuming
- that further calls to update will include message content past what is recoverable.
-
- @param signature the signature that we are in the process of verifying.
- @throws IllegalStateException
-
-
-
- Return a reference to the recoveredMessage message.
-
- The full/partial recoveredMessage message.
-
-
-
-
- Generate a signer for the with either implicit or explicit trailers
- for ISO9796-2.
-
- base cipher to use for signature creation/verification
- digest to use.
- whether or not the trailer is implicit or gives the hash.
-
-
- Constructor for a signer with an explicit digest trailer.
-
-
- cipher to use.
-
- digest to sign with.
-
-
-
- compare two byte arrays - constant time.
-
-
- clear possible sensitive data
-
-
- update the internal digest with the byte b
-
-
- update the internal digest with the byte array in
-
-
- reset the internal state
-
-
- Generate a signature for the loaded message using the key we were
- initialised with.
-
-
-
- return true if the signature represents a ISO9796-2 signature
- for the passed in message.
-
-
-
-
- Return true if the full message was recoveredMessage.
-
- true on full message recovery, false otherwise.
-
-
-
- all parameter classes implement this.
-
-
- Base interface for a public/private key block cipher.
-
-
- Initialise the cipher.
- Initialise for encryption if true, for decryption if false.
- The key or other data required by the cipher.
-
-
- The maximum size, in bytes, an input block may be.
-
-
- The maximum size, in bytes, an output block will be.
-
-
- Process a block.
- The input buffer.
- The offset into inBuf that the input block begins.
- The length of the input block.
- Input decrypts improperly.
- Input is too large for the cipher.
-
-
- The name of the algorithm this cipher implements.
-
-
- which Generates the p and g values from the given parameters,
- returning the DHParameters object.
-
- Note: can take a while...
-
-
- this does your basic RSA algorithm.
-
-
- initialise the RSA engine.
-
- @param forEncryption true if we are encrypting, false otherwise.
- @param param the necessary RSA key parameters.
-
-
- Return the maximum size for an input block to this engine.
- For RSA this is always one byte less than the key size on
- encryption, and the same length as the key size on decryption.
-
- @return maximum size for an input block.
-
-
- Return the maximum size for an output block to this engine.
- For RSA this is always one byte less than the key size on
- decryption, and the same length as the key size on encryption.
-
- @return maximum size for an output block.
-
-
- Process a single block using the basic RSA algorithm.
-
- @param inBuf the input array.
- @param inOff the offset into the input buffer where the data starts.
- @param inLen the length of the data to be processed.
- @return the result of the RSA process.
- @exception DataLengthException the input block is too large.
-
-
- The interface stream ciphers conform to.
-
-
- Initialise the cipher.
- If true the cipher is initialised for encryption,
- if false for decryption.
- The key and other data required by the cipher.
-
- If the parameters argument is inappropriate.
-
-
-
- encrypt/decrypt a single byte returning the result.
- the byte to be processed.
- the result of processing the input byte.
-
-
-
- Process a block of bytes from input putting the result into output.
-
- The input byte array.
-
- The offset into input where the data to be processed starts.
-
- The number of bytes to be processed.
- The output buffer the processed bytes go into.
-
- The offset into output the processed data starts at.
-
- If the output buffer is too small.
-
-
-
- Reset the cipher to the same state as it was after the last init (if there was one).
-
-
-
- The name of the algorithm this cipher implements.
-
-
- initialise a RC4 cipher.
-
- @param forEncryption whether or not we are for encryption.
- @param parameters the parameters required to set up the cipher.
- @exception ArgumentException if the parameters argument is
- inappropriate.
-
-
- * A class that provides a basic International Data Encryption Algorithm (IDEA) engine.
- *
- * This implementation is based on the "HOWTO: INTERNATIONAL DATA ENCRYPTION ALGORITHM"
- * implementation summary by Fauzan Mirza (F.U.Mirza@sheffield.ac.uk). (baring 1 typo at the
- * end of the mulinv function!).
- *
- *
- * It can be found at ftp://ftp.funet.fi/pub/crypt/cryptography/symmetric/idea/
- *
- *
- * Note 1: This algorithm is patented in the USA, Japan, and Europe including
- * at least Austria, France, Germany, Italy, Netherlands, Spain, Sweden, Switzerland
- * and the United Kingdom. Non-commercial use is free, however any commercial
- * products are liable for royalties. Please see
- * www.mediacrypt.com for
- * further details. This announcement has been included at the request of
- * the patent holders.
- *
- *
- * Note 2: Due to the requests concerning the above, this algorithm is now only
- * included in the extended assembly. It is not included in the default distributions.
- *
-
-
- Base interface for a symmetric key block cipher.
-
-
- Initialise the cipher.
- Initialise for encryption if true, for decryption if false.
- The key or other data required by the cipher.
-
-
- The block size for this cipher, in bytes.
-
-
- Process a block.
- The input buffer.
- The offset into inBuf that the input block begins.
- The output buffer.
- The offset into outBuf to write the output block.
- If input block is wrong size, or outBuf too small.
- The number of bytes processed and produced.
-
-
-
- Reset the cipher to the same state as it was after the last init (if there was one).
-
-
-
- The name of the algorithm this cipher implements.
-
-
- Indicates whether this cipher can handle partial blocks.
-
-
- standard constructor.
-
-
- initialise an IDEA cipher.
-
- @param forEncryption whether or not we are for encryption.
- @param parameters the parameters required to set up the cipher.
- @exception ArgumentException if the parameters argument is
- inappropriate.
-
-
- return x = x * y where the multiplication is done modulo
- 65537 (0x10001) (as defined in the IDEA specification) and
- a zero input is taken to be 65536 (0x10000).
-
- @param x the x value
- @param y the y value
- @return x = x * y
-
-
- The following function is used to expand the user key to the encryption
- subkey. The first 16 bytes are the user key, and the rest of the subkey
- is calculated by rotating the previous 16 bytes by 25 bits to the left,
- and so on until the subkey is completed.
-
-
- * This function computes multiplicative inverse using Euclid's Greatest
- * Common Divisor algorithm. Zero and one are self inverse.
- *
- * i.e. x * MulInv(x) == 1 (modulo BASE)
- *
-
-
- * Return the additive inverse of x.
- *
- * i.e. x + AddInv(x) == 0
- *
-
-
- The function to invert the encryption subkey to the decryption subkey.
- It also involves the multiplicative inverse and the additive inverse functions.
-
-
- an implementation of the AES (Rijndael), from FIPS-197.
-
- For further details see: http://csrc.nist.gov/encryption/aes/.
-
- This implementation is based on optimizations from Dr. Brian Gladman's paper and C code at
- http://fp.gladman.plus.com/cryptography_technology/rijndael/
-
- There are three levels of tradeoff of speed vs memory
- Because java has no preprocessor, they are written as three separate classes from which to choose
-
- The fastest uses 8Kbytes of static tables to precompute round calculations, 4 256 word tables for encryption
- and 4 for decryption.
-
- The middle performance version uses only one 256 word table for each, for a total of 2Kbytes,
- adding 12 rotate operations per round to compute the values contained in the other tables from
- the contents of the first.
-
- The slowest version uses no static tables at all and computes the values in each round.
-
-
- This file contains the middle performance version with 2Kbytes of static tables for round precomputation.
-
-
-
- Calculate the necessary round keys
- The number of calculations depends on key size and block size
- AES specified a fixed block size of 128 bits and key sizes 128/192/256 bits
- This code is written assuming those are the only possible values
-
-
- default constructor - 128 bit block size.
-
-
- initialise an AES cipher.
-
- @param forEncryption whether or not we are for encryption.
- @param parameters the parameters required to set up the cipher.
- @exception ArgumentException if the parameters argument is
- inappropriate.
-
-
- implementation of MD5 as outlined in "Handbook of Applied Cryptography", pages 346 - 347.
-
-
- base implementation of MD4 family style digest as outlined in
- "Handbook of Applied Cryptography", pages 344 - 347.
-
-
- interface that a message digest conforms to.
-
-
- return the size, in bytes, of the digest produced by this message digest.
-
- @return the size, in bytes, of the digest produced by this message digest.
-
-
- return the size, in bytes, of the internal buffer used by this digest.
-
- @return the size, in bytes, of the internal buffer used by this digest.
-
-
- update the message digest with a single byte.
-
- @param inByte the input byte to be entered.
-
-
- update the message digest with a block of bytes.
-
- @param input the byte array containing the data.
- @param inOff the offset into the byte array where the data starts.
- @param len the length of the data.
-
-
- Close the digest, producing the final digest value. The doFinal
- call leaves the digest reset.
-
- @param output the array the digest is to be copied into.
- @param outOff the offset into the out array the digest is to start at.
-
-
- reset the digest back to it's initial state.
-
-
- return the algorithm name
-
- @return the algorithm name
-
-
- Copy constructor. This will copy the state of the provided
- message digest.
-
-
- reset the chaining variables to the IV values.
-
-
- Return the first RecipientInformation object that matches the
- passed in selector. Null if there are no matches.
-
- @param selector to identify a recipient
- @return a single RecipientInformation object. Null if none matches.
-
-
- Return all recipients in the collection
-
- @return a collection of recipients.
-
-
- Return possible empty collection with recipients matching the passed in RecipientID
-
- @param selector a recipient id to select against.
- @return a collection of RecipientInformation objects.
-
-
- Return the number of recipients in the collection.
-
- @return number of recipients identified.
-
-
- Return the digest algorithm using one of the standard JCA string
- representations rather than the algorithm identifier (if possible).
-
-
- Return the digest encryption algorithm using one of the standard
- JCA string representations rather than the algorithm identifier (if
- possible).
-
-
-
- General class for generating a CMS enveloped-data message.
-
- A simple example of usage.
-
-
- CmsEnvelopedDataGenerator fact = new CmsEnvelopedDataGenerator();
-
- fact.AddKeyTransRecipient(cert);
-
- CmsEnvelopedData data = fact.Generate(content, algorithm);
-
-
-
-
- General class for generating a CMS enveloped-data message.
-
- A simple example of usage.
-
-
- CMSEnvelopedDataGenerator fact = new CMSEnvelopedDataGenerator();
-
- fact.addKeyTransRecipient(cert);
-
- CMSEnvelopedData data = fact.generate(content, algorithm, "BC");
-
-
-
- Constructor allowing specific source of randomness
- Instance of SecureRandom to use.
-
-
- add a recipient.
-
- @param cert recipient's public key certificate
- @exception ArgumentException if there is a problem with the certificate
-
-
- add a recipient
-
- @param key the public key used by the recipient
- @param subKeyId the identifier for the recipient's public key
- @exception ArgumentException if there is a problem with the key
-
-
- add a KEK recipient.
- @param key the secret key to use for wrapping
- @param keyIdentifier the byte string that identifies the key
-
-
- add a KEK recipient.
- @param key the secret key to use for wrapping
- @param keyIdentifier the byte string that identifies the key
-
-
- Add a key agreement based recipient.
-
- @param agreementAlgorithm key agreement algorithm to use.
- @param senderPrivateKey private key to initialise sender side of agreement with.
- @param senderPublicKey sender public key to include with message.
- @param recipientCert recipient's public key certificate.
- @param cekWrapAlgorithm OID for key wrapping algorithm to use.
- @exception SecurityUtilityException if the algorithm requested cannot be found
- @exception InvalidKeyException if the keys are inappropriate for the algorithm specified
-
-
- Add multiple key agreement based recipients (sharing a single KeyAgreeRecipientInfo structure).
-
- @param agreementAlgorithm key agreement algorithm to use.
- @param senderPrivateKey private key to initialise sender side of agreement with.
- @param senderPublicKey sender public key to include with message.
- @param recipientCerts recipients' public key certificates.
- @param cekWrapAlgorithm OID for key wrapping algorithm to use.
- @exception SecurityUtilityException if the algorithm requested cannot be found
- @exception InvalidKeyException if the keys are inappropriate for the algorithm specified
-
-
- Constructor allowing specific source of randomness
- Instance of SecureRandom to use.
-
-
-
- Generate an enveloped object that contains a CMS Enveloped Data
- object using the passed in key generator.
-
-
-
- Generate an enveloped object that contains an CMS Enveloped Data object.
-
-
- Generate an enveloped object that contains an CMS Enveloped Data object.
-
-
- General class for generating a CMS authenticated-data message stream.
-
- A simple example of usage.
-
- CMSAuthenticatedDataStreamGenerator edGen = new CMSAuthenticatedDataStreamGenerator();
-
- edGen.addKeyTransRecipient(cert);
-
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- OutputStream out = edGen.open(
- bOut, CMSAuthenticatedDataGenerator.AES128_CBC, "BC");*
- out.write(data);
-
- out.close();
-
-
-
-
- base constructor
-
-
- constructor allowing specific source of randomness
-
- @param rand instance of SecureRandom to use
-
-
- base constructor
-
-
- constructor allowing specific source of randomness
- @param rand instance of SecureRandom to use
-
-
- Set the underlying string size for encapsulated data
-
- @param bufferSize length of octet strings to buffer the data.
-
-
- Use a BER Set to store the recipient information
-
-
- generate an enveloped object that contains an CMS Enveloped Data
- object using the given provider and the passed in key generator.
- @throws java.io.IOException
-
-
- generate an enveloped object that contains an CMS Enveloped Data object
-
-
- generate an enveloped object that contains an CMS Enveloped Data object
-
-
- Parsing class for an CMS Authenticated Data object from an input stream.
-
- Note: that because we are in a streaming mode only one recipient can be tried and it is important
- that the methods on the parser are called in the appropriate order.
-
-
- Example of use - assuming the first recipient matches the private key we have.
-
- CMSAuthenticatedDataParser ad = new CMSAuthenticatedDataParser(inputStream);
-
- RecipientInformationStore recipients = ad.getRecipientInfos();
-
- Collection c = recipients.getRecipients();
- Iterator it = c.iterator();
-
- if (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- CMSTypedStream recData = recipient.getContentStream(privateKey, "BC");
-
- processDataStream(recData.getContentStream());
-
- if (!Arrays.equals(ad.getMac(), recipient.getMac())
- {
- System.err.println("Data corrupted!!!!");
- }
- }
-
- Note: this class does not introduce buffering - if you are processing large files you should create
- the parser with:
-
- CMSAuthenticatedDataParser ep = new CMSAuthenticatedDataParser(new BufferedInputStream(inputStream, bufSize));
-
- where bufSize is a suitably large buffer size.
-
-
-
- Close the underlying data stream.
- @throws IOException if the close fails.
-
-
- return a store of the intended recipients for this message
-
-
- return a table of the unauthenticated attributes indexed by
- the OID of the attribute.
- @exception java.io.IOException
-
-
- return a table of the unauthenticated attributes indexed by
- the OID of the attribute.
- @exception java.io.IOException
-
-
- return the object identifier for the mac algorithm.
-
-
- return the ASN.1 encoded encryption algorithm parameters, or null if
- there aren't any.
-
-
- Basic type for a symmetric encrypted session key packet
-
-
- Basic type for a PGP packet.
-
-
- @return byte[]
-
-
- @return int
-
-
- @return S2k
-
-
- @return int
-
-
- Note: you can only read from this once...
-
-
- Basic type for a PGP Signature sub-packet.
-
-
- Return the generic data making up the packet.
-
-
- Generic literal data packet.
-
-
- The format tag value.
-
-
- The modification time of the file in milli-seconds (since Jan 1, 1970 UTC)
-
-
- Basic output stream.
-
-
- Create a stream representing a general packet.
- Output stream to write to.
-
-
- Create a stream representing an old style partial object.
- Output stream to write to.
- The packet tag for the object.
-
-
- Create a stream representing a general packet.
- Output stream to write to.
- Packet tag.
- Size of chunks making up the packet.
- If true, the header is written out in old format.
-
-
- Create a new style partial input stream buffered into chunks.
- Output stream to write to.
- Packet tag.
- Size of chunks making up the packet.
-
-
- Create a new style partial input stream buffered into chunks.
- Output stream to write to.
- Packet tag.
- Buffer to use for collecting chunks.
-
-
- Flush the underlying stream.
-
-
- Finish writing out the current packet without closing the underlying stream.
-
-
- Generator for Version 2 TbsCertList structures.
-
- TbsCertList ::= Sequence {
- version Version OPTIONAL,
- -- if present, shall be v2
- signature AlgorithmIdentifier,
- issuer Name,
- thisUpdate Time,
- nextUpdate Time OPTIONAL,
- revokedCertificates Sequence OF Sequence {
- userCertificate CertificateSerialNumber,
- revocationDate Time,
- crlEntryExtensions Extensions OPTIONAL
- -- if present, shall be v2
- } OPTIONAL,
- crlExtensions [0] EXPLICIT Extensions OPTIONAL
- -- if present, shall be v2
- }
-
-
- Note: This class may be subject to change
-
-
- PolicyMappings V3 extension, described in RFC3280.
-
- PolicyMappings ::= Sequence SIZE (1..MAX) OF Sequence {
- issuerDomainPolicy CertPolicyId,
- subjectDomainPolicy CertPolicyId }
-
-
- @see RFC 3280, section 4.2.1.6
-
-
- Creates a new PolicyMappings
instance.
-
- @param seq an Asn1Sequence
constructed as specified
- in RFC 3280
-
-
- Creates a new PolicyMappings
instance.
-
- @param mappings a HashMap
value that maps
- string
oids
- to other string
oids.
-
-
- ObjectDigestInfo ASN.1 structure used in v2 attribute certificates.
-
-
-
- ObjectDigestInfo ::= SEQUENCE {
- digestedObjectType ENUMERATED {
- publicKey (0),
- publicKeyCert (1),
- otherObjectTypes (2) },
- -- otherObjectTypes MUST NOT
- -- be used in this profile
- otherObjectTypeID OBJECT IDENTIFIER OPTIONAL,
- digestAlgorithm AlgorithmIdentifier,
- objectDigest BIT STRING
- }
-
-
-
-
-
- The public key is hashed.
-
-
- The public key certificate is hashed.
-
-
- An other object is hashed.
-
-
- Constructor from given details.
-
- If digestedObjectType
is not {@link #publicKeyCert} or
- {@link #publicKey} otherObjectTypeID
must be given,
- otherwise it is ignored.
-
- @param digestedObjectType The digest object type.
- @param otherObjectTypeID The object type ID for
- otherObjectDigest
.
- @param digestAlgorithm The algorithm identifier for the hash.
- @param objectDigest The hash value.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
-
-
- ObjectDigestInfo ::= SEQUENCE {
- digestedObjectType ENUMERATED {
- publicKey (0),
- publicKeyCert (1),
- otherObjectTypes (2) },
- -- otherObjectTypes MUST NOT
- -- be used in this profile
- otherObjectTypeID OBJECT IDENTIFIER OPTIONAL,
- digestAlgorithm AlgorithmIdentifier,
- objectDigest BIT STRING
- }
-
-
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- IssuerSerial ::= Sequence {
- issuer GeneralNames,
- serial CertificateSerialNumber,
- issuerUid UniqueIdentifier OPTIONAL
- }
-
-
-
- The DigestInfo object.
-
- DigestInfo::=Sequence{
- digestAlgorithm AlgorithmIdentifier,
- digest OCTET STRING }
-
-
-
- The CRLNumber object.
-
- CRLNumber::= Integer(0..MAX)
-
-
-
- Create a base ASN.1 object from a byte array.
- The byte array to parse.
- The base ASN.1 object represented by the byte array.
- If there is a problem parsing the data.
-
-
- Read a base ASN.1 object from a stream.
- The stream to parse.
- The base ASN.1 object represented by the byte array.
- If there is a problem parsing the data.
-
-
- return an integer from the passed in object
-
- @exception ArgumentException if the object cannot be converted.
-
-
- return an Integer from a tagged object.
-
- @param obj the tagged object holding the object we want
- @param isExplicit true if the object is meant to be explicitly
- tagged false otherwise.
- @exception ArgumentException if the tagged object cannot
- be converted.
-
-
- in some cases positive values Get crammed into a space,
- that's not quite big enough...
-
-
- The SmimeEncryptionKeyPreference object.
-
- SmimeEncryptionKeyPreference ::= CHOICE {
- issuerAndSerialNumber [0] IssuerAndSerialNumber,
- receipentKeyId [1] RecipientKeyIdentifier,
- subjectAltKeyIdentifier [2] SubjectKeyIdentifier
- }
-
-
-
- return an Attr object from the given object.
-
- @param o the object we want converted.
- @exception ArgumentException if the object cannot be converted.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- Attr ::= Sequence {
- attrType OBJECT IDENTIFIER,
- attrValues Set OF AttributeValue
- }
-
-
-
- @param sKeyId the subjectKeyIdentifier value (normally the X.509 one)
-
-
- The default version
-
-
-
- RSAES-OAEP-params ::= SEQUENCE {
- hashAlgorithm [0] OAEP-PSSDigestAlgorithms DEFAULT sha1,
- maskGenAlgorithm [1] PKCS1MGFAlgorithms DEFAULT mgf1SHA1,
- pSourceAlgorithm [2] PKCS1PSourceAlgorithms DEFAULT pSpecifiedEmpty
- }
-
- OAEP-PSSDigestAlgorithms ALGORITHM-IDENTIFIER ::= {
- { OID id-sha1 PARAMETERS NULL }|
- { OID id-sha256 PARAMETERS NULL }|
- { OID id-sha384 PARAMETERS NULL }|
- { OID id-sha512 PARAMETERS NULL },
- ... -- Allows for future expansion --
- }
- PKCS1MGFAlgorithms ALGORITHM-IDENTIFIER ::= {
- { OID id-mgf1 PARAMETERS OAEP-PSSDigestAlgorithms },
- ... -- Allows for future expansion --
- }
- PKCS1PSourceAlgorithms ALGORITHM-IDENTIFIER ::= {
- { OID id-pSpecified PARAMETERS OCTET STRING },
- ... -- Allows for future expansion --
- }
-
- @return the asn1 primitive representing the parameters.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- ContentInfo ::= Sequence {
- contentType ContentType,
- content
- [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL }
-
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- OcspResponse ::= Sequence {
- responseStatus OcspResponseStatus,
- responseBytes [0] EXPLICIT ResponseBytes OPTIONAL }
-
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- OcspRequest ::= Sequence {
- tbsRequest TBSRequest,
- optionalSignature [0] EXPLICIT Signature OPTIONAL }
-
-
-
- Der IA5String object - this is an ascii string.
-
-
- basic interface for Der string objects.
-
-
- return a IA5 string from the passed in object
-
- @exception ArgumentException if the object cannot be converted.
-
-
- return an IA5 string from a tagged object.
-
- @param obj the tagged object holding the object we want
- @param explicitly true if the object is meant to be explicitly
- tagged false otherwise.
- @exception ArgumentException if the tagged object cannot
- be converted.
-
-
- basic constructor - with bytes.
-
-
- basic constructor - without validation.
-
-
- Constructor with optional validation.
-
- @param string the base string to wrap.
- @param validate whether or not to check the string.
- @throws ArgumentException if validate is true and the string
- contains characters that should not be in an IA5String.
-
-
- return true if the passed in String can be represented without
- loss as an IA5String, false otherwise.
-
- @return true if in printable set, false otherwise.
-
-
- return a bool from the passed in object.
-
- @exception ArgumentException if the object cannot be converted.
-
-
- return a DerBoolean from the passed in bool.
-
-
- return a Boolean from a tagged object.
-
- @param obj the tagged object holding the object we want
- @param explicitly true if the object is meant to be explicitly
- tagged false otherwise.
- @exception ArgumentException if the tagged object cannot
- be converted.
-
-
- Base class for an application specific object
-
-
- Return the enclosed object assuming explicit tagging.
-
- @return the resulting object
- @throws IOException if reconstruction fails.
-
-
- Return the enclosed object assuming implicit tagging.
-
- @param derTagNo the type tag that should be applied to the object's contents.
- @return the resulting object
- @throws IOException if reconstruction fails.
-
-
- table of the available named parameters for GOST 3410-94.
-
-
- return the GOST3410ParamSetParameters object for the given OID, null if it
- isn't present.
-
- @param oid an object identifier representing a named parameters, if present.
-
-
- returns an enumeration containing the name strings for parameters
- contained in this structure.
-
-
-
- Gost28147-89-Parameters ::=
- SEQUENCE {
- iv Gost28147-89-IV,
- encryptionParamSet OBJECT IDENTIFIER
- }
-
- Gost28147-89-IV ::= OCTET STRING (SIZE (8))
-
-
-
- Creates a new Proof of Possession object for a signing key.
- @param poposkIn the PopoSigningKeyInput structure, or null if the
- CertTemplate includes both subject and publicKey values.
- @param aid the AlgorithmIdentifier used to sign the proof of possession.
- @param signature a signature over the DER-encoded value of poposkIn,
- or the DER-encoded value of certReq if poposkIn is null.
-
-
-
- PopoSigningKey ::= SEQUENCE {
- poposkInput [0] PopoSigningKeyInput OPTIONAL,
- algorithmIdentifier AlgorithmIdentifier,
- signature BIT STRING }
- -- The signature (using "algorithmIdentifier") is on the
- -- DER-encoded value of poposkInput. NOTE: If the CertReqMsg
- -- certReq CertTemplate contains the subject and publicKey values,
- -- then poposkInput MUST be omitted and the signature MUST be
- -- computed on the DER-encoded value of CertReqMsg certReq. If
- -- the CertReqMsg certReq CertTemplate does not contain the public
- -- key and subject values, then poposkInput MUST be present and
- -- MUST be signed. This strategy ensures that the public key is
- -- not present in both the poposkInput and CertReqMsg certReq
- -- CertTemplate fields.
-
- @return a basic ASN.1 object representation.
-
-
- Marker interface for CHOICE objects - if you implement this in a roll-your-own
- object, any attempt to tag the object implicitly will convert the tag to an
- explicit one as the encoding rules require.
-
- If you use this interface your class should also implement the getInstance
- pattern which takes a tag object and the tagging mode used.
-
-
-
-
- EncryptedKey ::= CHOICE {
- encryptedValue EncryptedValue, -- deprecated
- envelopedData [0] EnvelopedData }
- -- The encrypted private key MUST be placed in the envelopedData
- -- encryptedContentInfo encryptedContent OCTET STRING.
-
-
-
- return a RecipientIdentifier object from the given object.
-
- @param o the object we want converted.
- @exception ArgumentException if the object cannot be converted.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- RecipientIdentifier ::= CHOICE {
- issuerAndSerialNumber IssuerAndSerialNumber,
- subjectKeyIdentifier [0] SubjectKeyIdentifier
- }
-
- SubjectKeyIdentifier ::= OCTET STRING
-
-
-
- return an OtherKeyAttribute object from the given object.
-
- @param o the object we want converted.
- @exception ArgumentException if the object cannot be converted.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- OtherKeyAttribute ::= Sequence {
- keyAttrId OBJECT IDENTIFIER,
- keyAttr ANY DEFINED BY keyAttrId OPTIONAL
- }
-
-
-
-
- CrlAnnContent ::= SEQUENCE OF CertificateList
-
- @return a basic ASN.1 object representation.
-
-
- A simple class the hold and calculate the CRC for sanity checking
- of the data.
-
- @author Keiron Liddle
-
-
- An implementation of a version 2 X.509 Attribute Certificate.
-
-
-
- Get all critical extension values, by oid
-
- IDictionary with string (OID) keys and Asn1OctetString values
-
-
-
- Get all non-critical extension values, by oid
-
- IDictionary with string (OID) keys and Asn1OctetString values
-
-
-
- Get non critical extensions.
-
- A set of non critical extension oids.
-
-
-
- Get any critical extensions.
-
- A sorted list of critical entension.
-
-
-
- Get the value of a given extension.
-
- The object ID of the extension.
- An Asn1OctetString object if that extension is found or null if not.
-
-
- Interface for an X.509 Attribute Certificate.
-
-
- Return the attributes contained in the attribute block in the certificate.
- An array of attributes.
-
-
- Return the attributes with the same type as the passed in oid.
- The object identifier we wish to match.
- An array of matched attributes, null if there is no match.
-
-
- Return an ASN.1 encoded byte array representing the attribute certificate.
- An ASN.1 encoded byte array.
- If the certificate cannot be encoded.
-
-
- The version number for the certificate.
-
-
- The serial number for the certificate.
-
-
- The UTC DateTime before which the certificate is not valid.
-
-
- The UTC DateTime after which the certificate is not valid.
-
-
- The holder of the certificate.
-
-
- The issuer details for the certificate.
-
-
- A holding class for constructing an X509 Key Usage extension.
-
-
- id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 }
-
- KeyUsage ::= BIT STRING {
- digitalSignature (0),
- nonRepudiation (1),
- keyEncipherment (2),
- dataEncipherment (3),
- keyAgreement (4),
- keyCertSign (5),
- cRLSign (6),
- encipherOnly (7),
- decipherOnly (8) }
-
-
-
- Basic constructor.
-
- @param usage - the bitwise OR of the Key Usage flags giving the
- allowed uses for the key.
- e.g. (X509KeyUsage.keyEncipherment | X509KeyUsage.dataEncipherment)
-
-
-
- This class contains a cross certificate pair. Cross certificates pairs may
- contain two cross signed certificates from two CAs. A certificate from the
- other CA to this CA is contained in the forward certificate, the certificate
- from this CA to the other CA is contained in the reverse certificate.
-
-
-
- Constructor
- Certificate from the other CA to this CA.
- Certificate from this CA to the other CA.
-
-
- Constructor from a ASN.1 CertificatePair structure.
- The CertificatePair ASN.1 object.
-
-
- Returns the certificate from the other CA to this CA.
-
-
- Returns the certificate from this CA to the other CA.
-
-
-
- Class to decode and encode Hex.
-
-
-
- encode the input data producing a Hex encoded byte array.
-
- @return a byte array containing the Hex encoded data.
-
-
- encode the input data producing a Hex encoded byte array.
-
- @return a byte array containing the Hex encoded data.
-
-
- Hex encode the byte data writing it to the given output stream.
-
- @return the number of bytes produced.
-
-
- Hex encode the byte data writing it to the given output stream.
-
- @return the number of bytes produced.
-
-
- decode the Hex encoded input data. It is assumed the input data is valid.
-
- @return a byte array representing the decoded data.
-
-
- decode the Hex encoded string data - whitespace will be ignored.
-
- @return a byte array representing the decoded data.
-
-
- decode the Hex encoded string data writing it to the given output stream,
- whitespace characters will be ignored.
-
- @return the number of bytes produced.
-
-
- Encode and decode byte arrays (typically from binary to 7-bit ASCII
- encodings).
-
-
- encode the input data producing a base 64 output stream.
-
- @return the number of bytes produced.
-
-
- decode the base 64 encoded byte data writing it to the given output stream,
- whitespace characters will be ignored.
-
- @return the number of bytes produced.
-
-
- decode the base 64 encoded string data writing it to the given output stream,
- whitespace characters will be ignored.
-
- @return the number of bytes produced.
-
-
- Returns the intersection of the permitted IP ranges in
- permitted
with ip
.
-
- @param permitted A Set
of permitted IP addresses with
- their subnet mask as byte arrays.
- @param ips The IP address with its subnet mask.
- @return The Set
of permitted IP ranges intersected with
- ip
.
-
-
- Returns the union of the excluded IP ranges in excluded
- with ip
.
-
- @param excluded A Set
of excluded IP addresses with their
- subnet mask as byte arrays.
- @param ip The IP address with its subnet mask.
- @return The Set
of excluded IP ranges unified with
- ip
as byte arrays.
-
-
- Calculates the union if two IP ranges.
-
- @param ipWithSubmask1 The first IP address with its subnet mask.
- @param ipWithSubmask2 The second IP address with its subnet mask.
- @return A Set
with the union of both addresses.
-
-
- Calculates the interesction if two IP ranges.
-
- @param ipWithSubmask1 The first IP address with its subnet mask.
- @param ipWithSubmask2 The second IP address with its subnet mask.
- @return A Set
with the single IP address with its subnet
- mask as a byte array or an empty Set
.
-
-
- Concatenates the IP address with its subnet mask.
-
- @param ip The IP address.
- @param subnetMask Its subnet mask.
- @return The concatenated IP address with its subnet mask.
-
-
- Splits the IP addresses and their subnet mask.
-
- @param ipWithSubmask1 The first IP address with the subnet mask.
- @param ipWithSubmask2 The second IP address with the subnet mask.
- @return An array with two elements. Each element contains the IP address
- and the subnet mask in this order.
-
-
- Based on the two IP addresses and their subnet masks the IP range is
- computed for each IP address - subnet mask pair and returned as the
- minimum IP address and the maximum address of the range.
-
- @param ip1 The first IP address.
- @param subnetmask1 The subnet mask of the first IP address.
- @param ip2 The second IP address.
- @param subnetmask2 The subnet mask of the second IP address.
- @return A array with two elements. The first/second element contains the
- min and max IP address of the first/second IP address and its
- subnet mask.
-
-
- Checks if the IP ip
is included in the permitted ISet
- permitted
.
-
- @param permitted A Set
of permitted IP addresses with
- their subnet mask as byte arrays.
- @param ip The IP address.
- @throws PkixNameConstraintValidatorException
- if the IP is not permitted.
-
-
- Checks if the IP ip
is included in the excluded ISet
- excluded
.
-
- @param excluded A Set
of excluded IP addresses with their
- subnet mask as byte arrays.
- @param ip The IP address.
- @throws PkixNameConstraintValidatorException
- if the IP is excluded.
-
-
- Checks if the IP address ip
is constrained by
- constraint
.
-
- @param ip The IP address.
- @param constraint The constraint. This is an IP address concatenated with
- its subnetmask.
- @return true
if constrained, false
- otherwise.
-
-
- The common part of email1
and email2
is
- added to the union union
. If email1
and
- email2
have nothing in common they are added both.
-
- @param email1 Email address constraint 1.
- @param email2 Email address constraint 2.
- @param union The union.
-
-
- The most restricting part from email1
and
- email2
is added to the intersection intersect
.
-
- @param email1 Email address constraint 1.
- @param email2 Email address constraint 2.
- @param intersect The intersection.
-
-
- Checks if the given GeneralName is in the permitted ISet.
-
- @param name The GeneralName
- @throws PkixNameConstraintValidatorException
- If the name
-
-
- Check if the given GeneralName is contained in the excluded ISet.
-
- @param name The GeneralName.
- @throws PkixNameConstraintValidatorException
- If the name
is
- excluded.
-
-
- Updates the permitted ISet of these name constraints with the intersection
- with the given subtree.
-
- @param permitted The permitted subtrees
-
-
- Adds a subtree to the excluded ISet of these name constraints.
-
- @param subtree A subtree with an excluded GeneralName.
-
-
- Returns the maximum IP address.
-
- @param ip1 The first IP address.
- @param ip2 The second IP address.
- @return The maximum IP address.
-
-
- Returns the minimum IP address.
-
- @param ip1 The first IP address.
- @param ip2 The second IP address.
- @return The minimum IP address.
-
-
- Compares IP address ip1
with ip2
. If ip1
- is equal to ip2 0 is returned. If ip1 is bigger 1 is returned, -1
- otherwise.
-
- @param ip1 The first IP address.
- @param ip2 The second IP address.
- @return 0 if ip1 is equal to ip2, 1 if ip1 is bigger, -1 otherwise.
-
-
- Returns the logical OR of the IP addresses ip1
and
- ip2
.
-
- @param ip1 The first IP address.
- @param ip2 The second IP address.
- @return The OR of ip1
and ip2
.
-
-
- Stringifies an IPv4 or v6 address with subnet mask.
-
- @param ip The IP with subnet mask.
- @return The stringified IP address.
-
-
- A one pass signature object.
-
-
- Initialise the signature object for verification.
-
-
- Verify the calculated signature against the passed in PgpSignature.
-
-
- Class for producing compressed data packets.
-
-
-
-
- Return an output stream which will save the data being written to
- the compressed object.
-
-
- The stream created can be closed off by either calling Close()
- on the stream or Close() on the generator. Closing the returned
- stream does not close off the Stream parameter outStr.
-
-
- Stream to be used for output.
- A Stream for output of the compressed data.
-
-
-
-
-
-
-
- Return an output stream which will compress the data as it is written to it.
- The stream will be written out in chunks according to the size of the passed in buffer.
-
-
- The stream created can be closed off by either calling Close()
- on the stream or Close() on the generator. Closing the returned
- stream does not close off the Stream parameter outStr.
-
-
- Note: if the buffer is not a power of 2 in length only the largest power of 2
- bytes worth of the buffer will be used.
-
-
- Note: using this may break compatibility with RFC 1991 compliant tools.
- Only recent OpenPGP implementations are capable of accepting these streams.
-
-
- Stream to be used for output.
- The buffer to use.
- A Stream for output of the compressed data.
-
-
-
-
-
-
- Close the compressed object.summary>
-
-
- An output stream that compresses into the BZip2 format (with the file
- header chars) into another stream.
-
- @author Keiron Liddle
-
- TODO: Update to BZip2 1.0.1
- NB: note this class has been modified to add a leading BZ to the
- start of the BZIP2 stream to make it compatible with other PGP programs.
-
-
-
- modified by Oliver Merkel, 010128
-
-
-
- Return the status object for the response - null indicates good.
-
- @return the status object for the response, null if it is good.
-
-
- return the NextUpdate value - note: this is an optional field so may
- be returned as null.
-
- @return nextUpdate, or null if not present.
-
-
- Class implementing the WNAF (Window Non-Adjacent Form) multiplication
- algorithm.
-
-
- Interface for classes encapsulating a point multiplication algorithm
- for ECPoint
s.
-
-
- Multiplies the ECPoint p
by k
, i.e.
- p
is added k
times to itself.
- @param p The ECPoint
to be multiplied.
- @param k The factor by which p
i multiplied.
- @return p
multiplied by k
.
-
-
- Computes the Window NAF (non-adjacent Form) of an integer.
- @param width The width w
of the Window NAF. The width is
- defined as the minimal number w
, such that for any
- w
consecutive digits in the resulting representation, at
- most one is non-zero.
- @param k The integer of which the Window NAF is computed.
- @return The Window NAF of the given width, such that the following holds:
- k = −i=0l-1 ki2i
-
, where the ki
denote the elements of the
- returned sbyte[]
.
-
-
- Multiplies this
by an integer k
using the
- Window NAF method.
- @param k The integer by which this
is multiplied.
- @return A new ECPoint
which equals this
- multiplied by k
.
-
-
- Class holding methods for point multiplication based on the window
- τ-adic nonadjacent form (WTNAF). The algorithms are based on the
- paper "Improved Algorithms for Arithmetic on Anomalous Binary Curves"
- by Jerome A. Solinas. The paper first appeared in the Proceedings of
- Crypto 1997.
-
-
- The window width of WTNAF. The standard value of 4 is slightly less
- than optimal for running time, but keeps space requirements for
- precomputation low. For typical curves, a value of 5 or 6 results in
- a better running time. When changing this value, the
- αu
's must be computed differently, see
- e.g. "Guide to Elliptic Curve Cryptography", Darrel Hankerson,
- Alfred Menezes, Scott Vanstone, Springer-Verlag New York Inc., 2004,
- p. 121-122
-
-
- 24
-
-
- The αu
's for a=0
as an array
- of ZTauElement
s.
-
-
- The αu
's for a=0
as an array
- of TNAFs.
-
-
- The αu
's for a=1
as an array
- of ZTauElement
s.
-
-
- The αu
's for a=1
as an array
- of TNAFs.
-
-
- Computes the norm of an element λ
of
- Z[τ]
.
- @param mu The parameter μ
of the elliptic curve.
- @param lambda The element λ
of
- Z[τ]
.
- @return The norm of λ
.
-
-
- Computes the norm of an element λ
of
- R[τ]
, where λ = u + vτ
- and u
and u
are real numbers (elements of
- R
).
- @param mu The parameter μ
of the elliptic curve.
- @param u The real part of the element λ
of
- R[τ]
.
- @param v The τ
-adic part of the element
- λ
of R[τ]
.
- @return The norm of λ
.
-
-
- Rounds an element λ
of R[τ]
- to an element of Z[τ]
, such that their difference
- has minimal norm. λ
is given as
- λ = λ0 + λ1τ
.
- @param lambda0 The component λ0
.
- @param lambda1 The component λ1
.
- @param mu The parameter μ
of the elliptic curve. Must
- equal 1 or -1.
- @return The rounded element of Z[τ]
.
- @throws ArgumentException if lambda0
and
- lambda1
do not have same scale.
-
-
- Approximate division by n
. For an integer
- k
, the value λ = s k / n
is
- computed to c
bits of accuracy.
- @param k The parameter k
.
- @param s The curve parameter s0
or
- s1
.
- @param vm The Lucas Sequence element Vm
.
- @param a The parameter a
of the elliptic curve.
- @param m The bit length of the finite field
- Fm
.
- @param c The number of bits of accuracy, i.e. the scale of the returned
- SimpleBigDecimal
.
- @return The value λ = s k / n
computed to
- c
bits of accuracy.
-
-
- Computes the τ
-adic NAF (non-adjacent form) of an
- element λ
of Z[τ]
.
- @param mu The parameter μ
of the elliptic curve.
- @param lambda The element λ
of
- Z[τ]
.
- @return The τ
-adic NAF of λ
.
-
-
- Applies the operation τ()
to an
- F2mPoint
.
- @param p The F2mPoint to which τ()
is applied.
- @return τ(p)
-
-
- Returns the parameter μ
of the elliptic curve.
- @param curve The elliptic curve from which to obtain μ
.
- The curve must be a Koblitz curve, i.e. a
Equals
- 0
or 1
and b
Equals
- 1
.
- @return μ
of the elliptic curve.
- @throws ArgumentException if the given ECCurve is not a Koblitz
- curve.
-
-
- Calculates the Lucas Sequence elements Uk-1
and
- Uk
or Vk-1
and
- Vk
.
- @param mu The parameter μ
of the elliptic curve.
- @param k The index of the second element of the Lucas Sequence to be
- returned.
- @param doV If set to true, computes Vk-1
and
- Vk
, otherwise Uk-1
and
- Uk
.
- @return An array with 2 elements, containing Uk-1
- and Uk
or Vk-1
- and Vk
.
-
-
- Computes the auxiliary value tw
. If the width is
- 4, then for mu = 1
, tw = 6
and for
- mu = -1
, tw = 10
- @param mu The parameter μ
of the elliptic curve.
- @param w The window width of the WTNAF.
- @return the auxiliary value tw
-
-
- Computes the auxiliary values s0
and
- s1
used for partial modular reduction.
- @param curve The elliptic curve for which to compute
- s0
and s1
.
- @throws ArgumentException if curve
is not a
- Koblitz curve (Anomalous Binary Curve, ABC).
-
-
- Partial modular reduction modulo
- (τm - 1)/(τ - 1)
.
- @param k The integer to be reduced.
- @param m The bitlength of the underlying finite field.
- @param a The parameter a
of the elliptic curve.
- @param s The auxiliary values s0
and
- s1
.
- @param mu The parameter μ of the elliptic curve.
- @param c The precision (number of bits of accuracy) of the partial
- modular reduction.
- @return ρ := k partmod (τm - 1)/(τ - 1)
-
-
- Multiplies a {@link org.bouncycastle.math.ec.F2mPoint F2mPoint}
- by a BigInteger
using the reduced τ
-adic
- NAF (RTNAF) method.
- @param p The F2mPoint to Multiply.
- @param k The BigInteger
by which to Multiply p
.
- @return k * p
-
-
- Multiplies a {@link org.bouncycastle.math.ec.F2mPoint F2mPoint}
- by an element λ
of Z[τ]
- using the τ
-adic NAF (TNAF) method.
- @param p The F2mPoint to Multiply.
- @param lambda The element λ
of
- Z[τ]
.
- @return λ * p
-
-
- Multiplies a {@link org.bouncycastle.math.ec.F2mPoint F2mPoint}
- by an element λ
of Z[τ]
- using the τ
-adic NAF (TNAF) method, given the TNAF
- of λ
.
- @param p The F2mPoint to Multiply.
- @param u The the TNAF of λ
..
- @return λ * p
-
-
- Computes the [τ]
-adic window NAF of an element
- λ
of Z[τ]
.
- @param mu The parameter μ of the elliptic curve.
- @param lambda The element λ
of
- Z[τ]
of which to compute the
- [τ]
-adic NAF.
- @param width The window width of the resulting WNAF.
- @param pow2w 2width.
- @param tw The auxiliary value tw
.
- @param alpha The αu
's for the window width.
- @return The [τ]
-adic window NAF of
- λ
.
-
-
- Does the precomputation for WTNAF multiplication.
- @param p The ECPoint
for which to do the precomputation.
- @param a The parameter a
of the elliptic curve.
- @return The precomputation array for p
.
-
-
-
- A generic interface for key exchange implementations in TLS 1.0.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- RFC 2246 7.2
-
-
-
- update the internal digest with the byte b
-
-
- update the internal digest with the byte array in
-
-
- Generate a signature for the message we've been loaded with using
- the key we were initialised with.
-
-
- true if the internal state represents the signature described in the passed in array.
-
-
- Reset the internal state
-
-
-
- Takes bytes generated by an underling RandomGenerator and reverses the order in
- each small window (of configurable size).
-
- Access to internals is synchronized so a single one of these can be shared.
-
-
-
-
- Generic interface for objects generating random bytes.
-
-
- Add more seed material to the generator.
- A byte array to be mixed into the generator's state.
-
-
- Add more seed material to the generator.
- A long value to be mixed into the generator's state.
-
-
- Fill byte array with random values.
- Array to be filled.
-
-
- Fill byte array with random values.
- Array to receive bytes.
- Index to start filling at.
- Length of segment to fill.
-
-
- Add more seed material to the generator.
- A byte array to be mixed into the generator's state.
-
-
- Add more seed material to the generator.
- A long value to be mixed into the generator's state.
-
-
- Fill byte array with random values.
- Array to be filled.
-
-
- Fill byte array with random values.
- Array to receive bytes.
- Index to start filling at.
- Length of segment to fill.
-
-
-
- Uses Microsoft's RNGCryptoServiceProvider
-
-
-
- Block cipher padders are expected to conform to this interface
-
-
- Initialise the padder.
-
- @param param parameters, if any required.
-
-
- add the pad bytes to the passed in block, returning the
- number of bytes added.
-
-
- return the number of pad bytes present in the block.
- @exception InvalidCipherTextException if the padding is badly formed
- or invalid.
-
-
- Return the name of the algorithm the cipher implements.
-
- @return the name of the algorithm the cipher implements.
-
-
- CMAC - as specified at www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html
-
- CMAC is analogous to OMAC1 - see also en.wikipedia.org/wiki/CMAC
-
- CMAC is a NIST recomendation - see
- csrc.nist.gov/CryptoToolkit/modes/800-38_Series_Publications/SP800-38B.pdf
-
- CMAC/OMAC1 is a blockcipher-based message authentication code designed and
- analyzed by Tetsu Iwata and Kaoru Kurosawa.
-
- CMAC/OMAC1 is a simple variant of the CBC MAC (Cipher Block Chaining Message
- Authentication Code). OMAC stands for One-Key CBC MAC.
-
- It supports 128- or 64-bits block ciphers, with any key size, and returns
- a MAC with dimension less or equal to the block size of the underlying
- cipher.
-
-
-
- The base interface for implementations of message authentication codes (MACs).
-
-
- Initialise the MAC.
-
- @param param the key and other data required by the MAC.
- @exception ArgumentException if the parameters argument is
- inappropriate.
-
-
- Return the block size for this MAC (in bytes).
-
- @return the block size for this MAC in bytes.
-
-
- add a single byte to the mac for processing.
-
- @param in the byte to be processed.
- @exception InvalidOperationException if the MAC is not initialised.
-
-
- @param in the array containing the input.
- @param inOff the index in the array the data begins at.
- @param len the length of the input starting at inOff.
- @exception InvalidOperationException if the MAC is not initialised.
- @exception DataLengthException if there isn't enough data in in.
-
-
- Compute the final stage of the MAC writing the output to the out
- parameter.
-
- doFinal leaves the MAC in the same state it was after the last init.
-
- @param out the array the MAC is to be output to.
- @param outOff the offset into the out buffer the output is to start at.
- @exception DataLengthException if there isn't enough space in out.
- @exception InvalidOperationException if the MAC is not initialised.
-
-
- Reset the MAC. At the end of resetting the MAC should be in the
- in the same state it was after the last init (if there was one).
-
-
- Return the name of the algorithm the MAC implements.
-
- @return the name of the algorithm the MAC implements.
-
-
- create a standard MAC based on a CBC block cipher (64 or 128 bit block).
- This will produce an authentication code the length of the block size
- of the cipher.
-
- @param cipher the cipher to be used as the basis of the MAC generation.
-
-
- create a standard MAC based on a block cipher with the size of the
- MAC been given in bits.
-
- Note: the size of the MAC must be at least 24 bits (FIPS Publication 81),
- or 16 bits if being used as a data authenticator (FIPS Publication 113),
- and in general should be less than the size of the block cipher as it reduces
- the chance of an exhaustive attack (see Handbook of Applied Cryptography).
-
- @param cipher the cipher to be used as the basis of the MAC generation.
- @param macSizeInBits the size of the MAC in bits, must be a multiple of 8 and @lt;= 128.
-
-
- Reset the mac generator.
-
-
- this exception is thrown whenever we find something we don't expect in a
- message.
-
-
- base constructor.
-
-
- create a InvalidCipherTextException with the given message.
-
- @param message the message to be carried with the exception.
-
-
- Generator for Pbe derived keys and ivs as defined by Pkcs 12 V1.0.
-
- The document this implementation is based on can be found at
-
- RSA's Pkcs12 Page
-
-
-
- super class for all Password Based Encyrption (Pbe) parameter generator classes.
-
-
- base constructor.
-
-
- initialise the Pbe generator.
-
- @param password the password converted into bytes (see below).
- @param salt the salt to be mixed with the password.
- @param iterationCount the number of iterations the "mixing" function
- is to be applied for.
-
-
- return the password byte array.
-
- @return the password byte array.
-
-
- return the salt byte array.
-
- @return the salt byte array.
-
-
- Generate derived parameters for a key of length keySize.
-
- @param keySize the length, in bits, of the key required.
- @return a parameters object representing a key.
-
-
- Generate derived parameters for a key of length keySize, and
- an initialisation vector (IV) of length ivSize.
-
- @param keySize the length, in bits, of the key required.
- @param ivSize the length, in bits, of the iv required.
- @return a parameters object representing a key and an IV.
-
-
- Generate derived parameters for a key of length keySize, specifically
- for use with a MAC.
-
- @param keySize the length, in bits, of the key required.
- @return a parameters object representing a key.
-
-
- converts a password to a byte array according to the scheme in
- Pkcs5 (ascii, no padding)
-
- @param password a character array reqpresenting the password.
- @return a byte array representing the password.
-
-
- converts a password to a byte array according to the scheme in
- PKCS5 (UTF-8, no padding)
-
- @param password a character array reqpresenting the password.
- @return a byte array representing the password.
-
-
- converts a password to a byte array according to the scheme in
- Pkcs12 (unicode, big endian, 2 zero pad bytes at the end).
-
- @param password a character array representing the password.
- @return a byte array representing the password.
-
-
- return the iteration count.
-
- @return the iteration count.
-
-
- Construct a Pkcs 12 Parameters generator.
-
- @param digest the digest to be used as the source of derived keys.
- @exception ArgumentException if an unknown digest is passed in.
-
-
- add a + b + 1, returning the result in a. The a value is treated
- as a BigInteger of length (b.Length * 8) bits. The result is
- modulo 2^b.Length in case of overflow.
-
-
- generation of a derived key ala Pkcs12 V1.0.
-
-
- Generate a key parameter derived from the password, salt, and iteration
- count we are currently initialised with.
-
- @param keySize the size of the key we want (in bits)
- @return a KeyParameter object.
-
-
- Generate a key with initialisation vector parameter derived from
- the password, salt, and iteration count we are currently initialised
- with.
-
- @param keySize the size of the key we want (in bits)
- @param ivSize the size of the iv we want (in bits)
- @return a ParametersWithIV object.
-
-
- Generate a key parameter for use with a MAC derived from the password,
- salt, and iteration count we are currently initialised with.
-
- @param keySize the size of the key we want (in bits)
- @return a KeyParameter object.
-
-
- Generator for PBE derived keys and ivs as usd by OpenSSL.
-
- The scheme is a simple extension of PKCS 5 V2.0 Scheme 1 using MD5 with an
- iteration count of 1.
-
-
-
- Construct a OpenSSL Parameters generator.
-
-
- Initialise - note the iteration count for this algorithm is fixed at 1.
-
- @param password password to use.
- @param salt salt to use.
-
-
- the derived key function, the ith hash of the password and the salt.
-
-
- Generate a key parameter derived from the password, salt, and iteration
- count we are currently initialised with.
-
- @param keySize the size of the key we want (in bits)
- @return a KeyParameter object.
- @exception ArgumentException if the key length larger than the base hash size.
-
-
- Generate a key with initialisation vector parameter derived from
- the password, salt, and iteration count we are currently initialised
- with.
-
- @param keySize the size of the key we want (in bits)
- @param ivSize the size of the iv we want (in bits)
- @return a ParametersWithIV object.
- @exception ArgumentException if keySize + ivSize is larger than the base hash size.
-
-
- Generate a key parameter for use with a MAC derived from the password,
- salt, and iteration count we are currently initialised with.
-
- @param keySize the size of the key we want (in bits)
- @return a KeyParameter object.
- @exception ArgumentException if the key length larger than the base hash size.
-
-
- Generator for MGF1 as defined in Pkcs 1v2
-
-
- base interface for general purpose byte derivation functions.
-
-
- return the message digest used as the basis for the function
-
-
- @param digest the digest to be used as the source of Generated bytes
-
-
- int to octet string.
-
-
- fill len bytes of the output buffer with bytes Generated from
- the derivation function.
-
- @throws DataLengthException if the out buffer is too small.
-
-
- return the underlying digest.
-
-
- a Diffie-Hellman key pair generator.
-
- This generates keys consistent for use in the MTI/A0 key agreement protocol
- as described in "Handbook of Applied Cryptography", Pages 516-519.
-
-
- interface that a public/private key pair generator should conform to.
-
-
- intialise the key pair generator.
-
- @param the parameters the key pair is to be initialised with.
-
-
- return an AsymmetricCipherKeyPair containing the Generated keys.
-
- @return an AsymmetricCipherKeyPair containing the Generated keys.
-
-
- this does your basic RSA algorithm with blinding
-
-
- initialise the RSA engine.
-
- @param forEncryption true if we are encrypting, false otherwise.
- @param param the necessary RSA key parameters.
-
-
- Return the maximum size for an input block to this engine.
- For RSA this is always one byte less than the key size on
- encryption, and the same length as the key size on decryption.
-
- @return maximum size for an input block.
-
-
- Return the maximum size for an output block to this engine.
- For RSA this is always one byte less than the key size on
- decryption, and the same length as the key size on encryption.
-
- @return maximum size for an output block.
-
-
- Process a single block using the basic RSA algorithm.
-
- @param inBuf the input array.
- @param inOff the offset into the input buffer where the data starts.
- @param inLen the length of the data to be processed.
- @return the result of the RSA process.
- @exception DataLengthException the input block is too large.
-
-
- Implementation of Bob Jenkin's ISAAC (Indirection Shift Accumulate Add and Count).
- see: http://www.burtleburtle.net/bob/rand/isaacafa.html
-
-
- initialise an ISAAC cipher.
-
- @param forEncryption whether or not we are for encryption.
- @param params the parameters required to set up the cipher.
- @exception ArgumentException if the params argument is
- inappropriate.
-
-
-
- An implementation of the AES Key Wrapper from the NIST Key Wrap Specification.
-
- For further details see: http://csrc.nist.gov/encryption/kms/key-wrap.pdf.
-
-
-
-
- An implementation of the AES Key Wrapper from the NIST Key Wrap
- Specification as described in RFC 3394.
-
- For further details see: http://www.ietf.org/rfc/rfc3394.txt
- and http://csrc.nist.gov/encryption/kms/key-wrap.pdf.
-
-
-
- The name of the algorithm this cipher implements.
-
-
-
- Generate a RecipientInfo object for the given key.
-
-
- A
-
-
- A
-
-
- A
-
-
-
-
- Basic PGP user attribute sub-packet tag types.
-
-
- Class provided a NotationData object according to
- RFC2440, Chapter 5.2.3.15. Notation Data
-
-
- Base class for an RSA secret (or priate) key.
-
-
- Base class for a PGP object.
-
-
- Base interface for a PGP key.
-
-
-
- The base format for this key - in the case of the symmetric keys it will generally
- be raw indicating that the key is just a straight byte representation, for an asymmetric
- key the format will be PGP, indicating the key is a string of MPIs encoded in PGP format.
-
- "RAW" or "PGP".
-
-
- Return the standard PGP encoding of the key.
-
-
- The format, as a string, always "PGP".
-
-
- Public Key Algorithm tag numbers.
-
-
- Class for processing an ECFieldElement as a DER object.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- FieldElement ::= OCTET STRING
-
-
-
- - if q is an odd prime then the field element is
- processed as an Integer and converted to an octet string
- according to x 9.62 4.3.1.
- - if q is 2m then the bit string
- contained in the field element is converted into an octet
- string with the same ordering padded at the front if necessary.
-
-
-
-
-
-
- Accuracy ::= SEQUENCE {
- seconds INTEGER OPTIONAL,
- millis [0] INTEGER (1..999) OPTIONAL,
- micros [1] INTEGER (1..999) OPTIONAL
- }
-
-
-
- return the X9ECParameters object for the named curve represented by
- the passed in object identifier. Null if the curve isn't present.
-
- @param oid an object identifier representing a named curve, if present.
-
-
- return the object identifier signified by the passed in name. Null
- if there is no object identifier associated with name.
-
- @return the object identifier associated with name, if present.
-
-
- return the named curve name represented by the given object identifier.
-
-
- returns an enumeration containing the name strings for curves
- contained in this structure.
-
-
- a Pkcs#7 signer info object.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- SignerInfo ::= Sequence {
- version Version,
- issuerAndSerialNumber IssuerAndSerialNumber,
- digestAlgorithm DigestAlgorithmIdentifier,
- authenticatedAttributes [0] IMPLICIT Attributes OPTIONAL,
- digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier,
- encryptedDigest EncryptedDigest,
- unauthenticatedAttributes [1] IMPLICIT Attributes OPTIONAL
- }
-
- EncryptedDigest ::= OCTET STRING
-
- DigestAlgorithmIdentifier ::= AlgorithmIdentifier
-
- DigestEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
-
-
-
- a general purpose ASN.1 decoder - note: this class differs from the
- others in that it returns null after it has read the last object in
- the stream. If an ASN.1 Null is encountered a Der/BER Null object is
- returned.
-
-
- Create an ASN1InputStream where no DER object will be longer than limit.
-
- @param input stream containing ASN.1 encoded data.
- @param limit maximum size of a DER encoded object.
-
-
- Create an ASN1InputStream based on the input byte array. The length of DER objects in
- the stream is automatically limited to the length of the input array.
-
- @param input array containing ASN.1 encoded data.
-
-
- build an object given its tag and the number of bytes to construct it from.
-
-
- Names of authorities which are responsible for the administration of title
- registers.
-
-
- NamingAuthority ::= SEQUENCE
- {
- namingAuthorityID OBJECT IDENTIFIER OPTIONAL,
- namingAuthorityUrl IA5String OPTIONAL,
- namingAuthorityText DirectoryString(SIZE(1..128)) OPTIONAL
- }
-
- @see Org.BouncyCastle.Asn1.IsisMtt.X509.AdmissionSyntax
-
-
-
- Profession OIDs should always be defined under the OID branch of the
- responsible naming authority. At the time of this writing, the work group
- �Recht, Wirtschaft, Steuern� (�Law, Economy, Taxes�) is registered as the
- first naming authority under the OID id-isismtt-at-namingAuthorities.
-
-
- Constructor from Asn1Sequence.
-
-
-
- NamingAuthority ::= SEQUENCE
- {
- namingAuthorityID OBJECT IDENTIFIER OPTIONAL,
- namingAuthorityUrl IA5String OPTIONAL,
- namingAuthorityText DirectoryString(SIZE(1..128)) OPTIONAL
- }
-
-
- @param seq The ASN.1 sequence.
-
-
- Constructor from given details.
-
- All parameters can be combined.
-
- @param namingAuthorityID ObjectIdentifier for naming authority.
- @param namingAuthorityUrl URL for naming authority.
- @param namingAuthorityText Textual representation of naming authority.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- Returns:
-
-
- NamingAuthority ::= SEQUENCE
- {
- namingAuthorityID OBJECT IDENTIFIER OPTIONAL,
- namingAuthorityUrl IA5String OPTIONAL,
- namingAuthorityText DirectoryString(SIZE(1..128)) OPTIONAL
- }
-
-
- @return an Asn1Object
-
-
- @return Returns the namingAuthorityID.
-
-
- @return Returns the namingAuthorityText.
-
-
- @return Returns the namingAuthorityUrl.
-
-
- constructor
-
-
-
- EssCertID ::= SEQUENCE {
- certHash Hash,
- issuerSerial IssuerSerial OPTIONAL }
-
-
-
-
-
- OtherHash ::= CHOICE {
- sha1Hash OtherHashValue, -- This contains a SHA-1 hash
- otherHash OtherHashAlgAndValue
- }
-
- OtherHashValue ::= OCTET STRING
-
-
-
-
-
- SinglePubInfo ::= SEQUENCE {
- pubMethod INTEGER {
- dontCare (0),
- x500 (1),
- web (2),
- ldap (3) },
- pubLocation GeneralName OPTIONAL }
-
- @return a basic ASN.1 object representation.
-
-
- return a SignerIdentifier object from the given object.
-
- @param o the object we want converted.
- @exception ArgumentException if the object cannot be converted.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- SignerIdentifier ::= CHOICE {
- issuerAndSerialNumber IssuerAndSerialNumber,
- subjectKeyIdentifier [0] SubjectKeyIdentifier
- }
-
- SubjectKeyIdentifier ::= OCTET STRING
-
-
-
-
- SignedData ::= SEQUENCE {
- version CMSVersion,
- digestAlgorithms DigestAlgorithmIdentifiers,
- encapContentInfo EncapsulatedContentInfo,
- certificates [0] IMPLICIT CertificateSet OPTIONAL,
- crls [1] IMPLICIT CertificateRevocationLists OPTIONAL,
- signerInfos SignerInfos
- }
-
-
-
-
- RevRepContent ::= SEQUENCE {
- status SEQUENCE SIZE (1..MAX) OF PKIStatusInfo,
- -- in same order as was sent in RevReqContent
- revCerts [0] SEQUENCE SIZE (1..MAX) OF CertId OPTIONAL,
- -- IDs for which revocation was requested
- -- (same order as status)
- crls [1] SEQUENCE SIZE (1..MAX) OF CertificateList OPTIONAL
- -- the resulting CRLs (there may be more than one)
- }
-
- @return a basic ASN.1 object representation.
-
-
-
- PKIFailureInfo ::= BIT STRING {
- badAlg (0),
- -- unrecognized or unsupported Algorithm Identifier
- badMessageCheck (1), -- integrity check failed (e.g., signature did not verify)
- badRequest (2),
- -- transaction not permitted or supported
- badTime (3), -- messageTime was not sufficiently close to the system time, as defined by local policy
- badCertId (4), -- no certificate could be found matching the provided criteria
- badDataFormat (5),
- -- the data submitted has the wrong format
- wrongAuthority (6), -- the authority indicated in the request is different from the one creating the response token
- incorrectData (7), -- the requester's data is incorrect (for notary services)
- missingTimeStamp (8), -- when the timestamp is missing but should be there (by policy)
- badPOP (9) -- the proof-of-possession failed
- timeNotAvailable (14),
- -- the TSA's time source is not available
- unacceptedPolicy (15),
- -- the requested TSA policy is not supported by the TSA
- unacceptedExtension (16),
- -- the requested extension is not supported by the TSA
- addInfoNotAvailable (17)
- -- the additional information requested could not be understood
- -- or is not available
- systemFailure (25)
- -- the request cannot be handled due to system failure
-
-
-
- return the correct number of pad bits for a bit string defined in
- a 32 bit constant
-
-
- return the correct number of bytes for a bit string defined in
- a 32 bit constant
-
-
- return a Bit string from the passed in object
-
- @exception ArgumentException if the object cannot be converted.
-
-
- return a Bit string from a tagged object.
-
- @param obj the tagged object holding the object we want
- @param explicitly true if the object is meant to be explicitly
- tagged false otherwise.
- @exception ArgumentException if the tagged object cannot
- be converted.
-
-
- @param data the octets making up the bit string.
- @param padBits the number of extra bits at the end of the string.
-
-
- @return the value of the bit string as an int (truncating if necessary)
-
-
- Basic constructor.
-
-
-
- ErrorMsgContent ::= SEQUENCE {
- pKIStatusInfo PKIStatusInfo,
- errorCode INTEGER OPTIONAL,
- -- implementation-specific error codes
- errorDetails PKIFreeText OPTIONAL
- -- implementation-specific error details
- }
-
- @return a basic ASN.1 object representation.
-
-
-
- CertConfirmContent ::= SEQUENCE OF CertStatus
-
- @return a basic ASN.1 object representation.
-
-
- Class to produce an X.509 Version 2 AttributeCertificate.
-
-
- Reset the generator
-
-
- Set the Holder of this Attribute Certificate.
-
-
- Set the issuer.
-
-
- Set the serial number for the certificate.
-
-
-
- Set the signature algorithm. This can be either a name or an OID, names
- are treated as case insensitive.
-
- The algorithm name.
-
-
- Add an attribute.
-
-
- Add a given extension field for the standard extensions tag.
-
-
-
- Add a given extension field for the standard extensions tag.
- The value parameter becomes the contents of the octet string associated
- with the extension.
-
-
-
-
- Generate an X509 certificate, based on the current issuer and subject.
-
-
-
-
- Generate an X509 certificate, based on the current issuer and subject,
- using the supplied source of randomness, if required.
-
-
-
-
- Allows enumeration of the signature names supported by the generator.
-
-
-
-
- Create loading data from byte array.
-
-
-
-
-
- Create loading data from byte array.
-
-
-
-
- Generates a certificate revocation list (CRL) object and initializes
- it with the data read from the input stream inStream.
-
-
- Returns a (possibly empty) collection view of the CRLs read from
- the given input stream inStream.
-
- The inStream may contain a sequence of DER-encoded CRLs, or
- a PKCS#7 CRL set. This is a PKCS#7 SignedData object, with the
- only significant field being crls. In particular the signature
- and the contents are ignored.
-
-
-
- Summary description for DeflaterOutputStream.
-
-
-
- Recognised hash algorithms for the time stamp protocol.
-
-
-
- Utility class for creating IWrapper objects from their names/Oids
-
-
-
-
- Summary description for PkixCertPathValidatorUtilities.
-
-
-
-
- key usage bits
-
-
-
-
- Search the given Set of TrustAnchor's for one that is the
- issuer of the given X509 certificate.
-
- the X509 certificate
- a Set of TrustAnchor's
- the TrustAnchor
object if found or
- null
if not.
-
- @exception
-
-
-
- Returns the issuer of an attribute certificate or certificate.
-
- The attribute certificate or certificate.
- The issuer as X500Principal
.
-
-
- Return the next working key inheriting DSA parameters if necessary.
-
- This methods inherits DSA parameters from the indexed certificate or
- previous certificates in the certificate chain to the returned
- PublicKey
. The list is searched upwards, meaning the end
- certificate is at position 0 and previous certificates are following.
-
-
- If the indexed certificate does not contain a DSA key this method simply
- returns the public key. If the DSA key already contains DSA parameters
- the key is also only returned.
-
-
- @param certs The certification path.
- @param index The index of the certificate which contains the public key
- which should be extended with DSA parameters.
- @return The public key of the certificate in list position
- index
extended with DSA parameters if applicable.
- @throws Exception if DSA parameters cannot be inherited.
-
-
-
- Return a Collection of all certificates or attribute certificates found
- in the X509Store's that are matching the certSelect criteriums.
-
- a {@link Selector} object that will be used to select
- the certificates
- a List containing only X509Store objects. These
- are used to search for certificates.
- a Collection of all found or
- org.bouncycastle.x509.X509AttributeCertificate objects.
- May be empty but never null
.
-
-
-
- Add the CRL issuers from the cRLIssuer field of the distribution point or
- from the certificate if not given to the issuer criterion of the
- selector
.
-
- The issuerPrincipals
are a collection with a single
- X500Principal
for X509Certificate
s. For
- {@link X509AttributeCertificate}s the issuer may contain more than one
- X500Principal
.
-
-
- @param dp The distribution point.
- @param issuerPrincipals The issuers of the certificate or attribute
- certificate which contains the distribution point.
- @param selector The CRL selector.
- @param pkixParams The PKIX parameters containing the cert stores.
- @throws Exception if an exception occurs while processing.
- @throws ClassCastException if issuerPrincipals
does not
- contain only X500Principal
s.
-
-
- Fetches complete CRLs according to RFC 3280.
-
- @param dp The distribution point for which the complete CRL
- @param cert The X509Certificate
or
- {@link org.bouncycastle.x509.X509AttributeCertificate} for
- which the CRL should be searched.
- @param currentDate The date for which the delta CRLs must be valid.
- @param paramsPKIX The extended PKIX parameters.
- @return A Set
of X509CRL
s with complete
- CRLs.
- @throws Exception if an exception occurs while picking the CRLs
- or no CRLs are found.
-
-
- Fetches delta CRLs according to RFC 3280 section 5.2.4.
-
- @param currentDate The date for which the delta CRLs must be valid.
- @param paramsPKIX The extended PKIX parameters.
- @param completeCRL The complete CRL the delta CRL is for.
- @return A Set
of X509CRL
s with delta CRLs.
- @throws Exception if an exception occurs while picking the delta
- CRLs.
-
-
- Find the issuer certificates of a given certificate.
-
- @param cert
- The certificate for which an issuer should be found.
- @param pkixParams
- @return A Collection
object containing the issuer
- X509Certificate
s. Never null
.
-
- @exception Exception
- if an error occurs.
-
-
-
- Extract the value of the given extension, if it exists.
-
- The extension object.
- The object identifier to obtain.
- Asn1Object
- if the extension cannot be read.
-
-
-
- Summary description for PkixCertPathBuilderResult.
-
-
-
-
- Summary description for PkixCertPathValidatorResult.
-
-
-
-
- Summary description for PkixCertPathBuilderException.
-
-
-
- Returns an immutable Set
of X.509 attribute certificate
- extensions that this PkixAttrCertChecker
supports or
- null
if no extensions are supported.
-
- Each element of the set is a String
representing the
- Object Identifier (OID) of the X.509 extension that is supported.
-
-
- All X.509 attribute certificate extensions that a
- PkixAttrCertChecker
might possibly be able to process
- should be included in the set.
-
-
- @return an immutable Set
of X.509 extension OIDs (in
- String
format) supported by this
- PkixAttrCertChecker
, or null
if no
- extensions are supported
-
-
- Performs checks on the specified attribute certificate. Every handled
- extension is rmeoved from the unresolvedCritExts
- collection.
-
- @param attrCert The attribute certificate to be checked.
- @param certPath The certificate path which belongs to the attribute
- certificate issuer public key certificate.
- @param holderCertPath The certificate path which belongs to the holder
- certificate.
- @param unresolvedCritExts a Collection
of OID strings
- representing the current set of unresolved critical extensions
- @throws CertPathValidatorException if the specified attribute certificate
- does not pass the check.
-
-
- Returns a clone of this object.
-
- @return a copy of this PkixAttrCertChecker
-
-
- Class for producing literal data packets.
-
-
- The special name indicating a "for your eyes only" packet.
-
-
-
- Generates literal data objects in the old format.
- This is important if you need compatibility with PGP 2.6.x.
-
- If true, uses old format.
-
-
-
-
- Open a literal data packet, returning a stream to store the data inside the packet.
-
-
- The stream created can be closed off by either calling Close()
- on the stream or Close() on the generator. Closing the returned
- stream does not close off the Stream parameter outStr.
-
-
- The stream we want the packet in.
- The format we are using.
- The name of the 'file'.
- The length of the data we will write.
- The time of last modification we want stored.
-
-
-
-
- Open a literal data packet, returning a stream to store the data inside the packet,
- as an indefinite length stream. The stream is written out as a series of partial
- packets with a chunk size determined by the size of the passed in buffer.
-
-
- The stream created can be closed off by either calling Close()
- on the stream or Close() on the generator. Closing the returned
- stream does not close off the Stream parameter outStr.
-
-
- Note: if the buffer is not a power of 2 in length only the largest power of 2
- bytes worth of the buffer will be used.
-
- The stream we want the packet in.
- The format we are using.
- The name of the 'file'.
- The time of last modification we want stored.
- The buffer to use for collecting data to put into chunks.
-
-
-
-
- Open a literal data packet for the passed in FileInfo object, returning
- an output stream for saving the file contents.
-
-
- The stream created can be closed off by either calling Close()
- on the stream or Close() on the generator. Closing the returned
- stream does not close off the Stream parameter outStr.
-
-
- The stream we want the packet in.
- The format we are using.
- The FileInfo object containg the packet details.
-
-
-
- Close the literal data packet - this is equivalent to calling Close()
- on the stream returned by the Open() method.
-
-
-
-
- General class to handle JCA key pairs and convert them into OpenPGP ones.
-
- A word for the unwary, the KeyId for an OpenPGP public key is calculated from
- a hash that includes the time of creation, if you pass a different date to the
- constructor below with the same public private key pair the KeyIs will not be the
- same as for previous generations of the key, so ideally you only want to do
- this once.
-
-
-
-
- Create a key pair from a PgpPrivateKey and a PgpPublicKey.
- The public key.
- The private key.
-
-
- The keyId associated with this key pair.
-
-
- Key flag values for the KeyFlags subpacket.
-
-
- Generator for encrypted objects.
-
-
- Existing SecureRandom constructor.
- The symmetric algorithm to use.
- Source of randomness.
-
-
- Creates a cipher stream which will have an integrity packet associated with it.
-
-
- Base constructor.
- The symmetric algorithm to use.
- Source of randomness.
- PGP 2.6.x compatibility required.
-
-
-
- Add a PBE encryption method to the encrypted object using the default algorithm (S2K_SHA1).
-
-
-
- Add a PBE encryption method to the encrypted object.
-
-
- Add a public key encrypted session key to the encrypted object.
-
-
-
-
- If buffer is non null stream assumed to be partial, otherwise the length will be used
- to output a fixed length packet.
-
-
- The stream created can be closed off by either calling Close()
- on the stream or Close() on the generator. Closing the returned
- stream does not close off the Stream parameter outStr.
-
-
-
-
-
-
- Return an output stream which will encrypt the data as it is written to it.
-
-
- The stream created can be closed off by either calling Close()
- on the stream or Close() on the generator. Closing the returned
- stream does not close off the Stream parameter outStr.
-
-
-
-
-
-
- Return an output stream which will encrypt the data as it is written to it.
- The stream will be written out in chunks according to the size of the passed in buffer.
-
-
- The stream created can be closed off by either calling Close()
- on the stream or Close() on the generator. Closing the returned
- stream does not close off the Stream parameter outStr.
-
-
- Note: if the buffer is not a power of 2 in length only the largest power of 2
- bytes worth of the buffer will be used.
-
-
-
-
-
-
- Close off the encrypted object - this is equivalent to calling Close() on the stream
- returned by the Open() method.
-
-
- Note: This does not close the underlying output stream, only the stream on top of
- it created by the Open() method.
-
-
-
-
-
-
-
- DES has 16 weak keys. This method will check
- if the given DES key material is weak or semi-weak.
- Key material that is too short is regarded as weak.
-
- See "Applied
- Cryptography" by Bruce Schneier for more information.
-
- @return true if the given DES key material is weak or semi-weak,
- false otherwise.
-
-
- DES Keys use the LSB as the odd parity bit. This can
- be used to check for corrupt keys.
-
- @param bytes the byte array to set the parity on.
-
-
- Implements the Segmented Integer Counter (SIC) mode on top of a simple
- block cipher.
-
-
- Basic constructor.
-
- @param c the block cipher to be used.
-
-
- return the underlying block cipher that we are wrapping.
-
- @return the underlying block cipher that we are wrapping.
-
-
- Generator for Pbe derived keys and ivs as defined by Pkcs 5 V2.0 Scheme 1.
- Note this generator is limited to the size of the hash produced by the
- digest used to drive it.
-
- The document this implementation is based on can be found at
-
- RSA's Pkcs5 Page
-
-
-
- Construct a Pkcs 5 Scheme 1 Parameters generator.
-
- @param digest the digest to be used as the source of derived keys.
-
-
- the derived key function, the ith hash of the mPassword and the mSalt.
-
-
- Generate a key parameter derived from the mPassword, mSalt, and iteration
- count we are currently initialised with.
-
- @param keySize the size of the key we want (in bits)
- @return a KeyParameter object.
- @exception ArgumentException if the key length larger than the base hash size.
-
-
- Generate a key with initialisation vector parameter derived from
- the mPassword, mSalt, and iteration count we are currently initialised
- with.
-
- @param keySize the size of the key we want (in bits)
- @param ivSize the size of the iv we want (in bits)
- @return a ParametersWithIV object.
- @exception ArgumentException if keySize + ivSize is larger than the base hash size.
-
-
- Generate a key parameter for use with a MAC derived from the mPassword,
- mSalt, and iteration count we are currently initialised with.
-
- @param keySize the size of the key we want (in bits)
- @return a KeyParameter object.
- @exception ArgumentException if the key length larger than the base hash size.
-
-
- The base class for symmetric, or secret, cipher key generators.
-
-
- initialise the key generator.
-
- @param param the parameters to be used for key generation
-
-
- Generate a secret key.
-
- @return a byte array containing the key value.
-
-
- initialise the key generator - if strength is set to zero
- the key generated will be 64 bits in size, otherwise
- strength can be 64 or 56 bits (if you don't count the parity bits).
-
- @param param the parameters to be used for key generation
-
-
- initialise the key generator - if strength is set to zero
- the key Generated will be 192 bits in size, otherwise
- strength can be 128 or 192 (or 112 or 168 if you don't count
- parity bits), depending on whether you wish to do 2-key or 3-key
- triple DES.
-
- @param param the parameters to be used for key generation
-
-
- An TEA engine.
-
-
- Create an instance of the TEA encryption algorithm
- and set some defaults
-
-
- initialise
-
- @param forEncryption whether or not we are for encryption.
- @param params the parameters required to set up the cipher.
- @exception ArgumentException if the params argument is
- inappropriate.
-
-
- Re-key the cipher.
-
- @param key the key to be used
-
-
- This does your basic RSA Chaum's blinding and unblinding as outlined in
- "Handbook of Applied Cryptography", page 475. You need to use this if you are
- trying to get another party to generate signatures without them being aware
- of the message they are signing.
-
-
- Initialise the blinding engine.
-
- @param forEncryption true if we are encrypting (blinding), false otherwise.
- @param param the necessary RSA key parameters.
-
-
- Return the maximum size for an input block to this engine.
- For RSA this is always one byte less than the key size on
- encryption, and the same length as the key size on decryption.
-
- @return maximum size for an input block.
-
-
- Return the maximum size for an output block to this engine.
- For RSA this is always one byte less than the key size on
- decryption, and the same length as the key size on encryption.
-
- @return maximum size for an output block.
-
-
- Process a single block using the RSA blinding algorithm.
-
- @param in the input array.
- @param inOff the offset into the input buffer where the data starts.
- @param inLen the length of the data to be processed.
- @return the result of the RSA process.
- @throws DataLengthException the input block is too large.
-
-
- Wrap keys according to RFC 3217 - RC2 mechanism
-
-
- Field engine
-
-
- Field param
-
-
- Field paramPlusIV
-
-
- Field iv
-
-
- Field forWrapping
-
-
- Field IV2
-
-
- Method init
-
- @param forWrapping
- @param param
-
-
- Method wrap
-
- @param in
- @param inOff
- @param inLen
- @return
-
-
- Method unwrap
-
- @param in
- @param inOff
- @param inLen
- @return
- @throws InvalidCipherTextException
-
-
- Some key wrap algorithms make use of the Key Checksum defined
- in CMS [CMS-Algorithms]. This is used to provide an integrity
- check value for the key being wrapped. The algorithm is
-
- - Compute the 20 octet SHA-1 hash on the key being wrapped.
- - Use the first 8 octets of this hash as the checksum value.
-
- @param key
- @return
- @throws Exception
- @see http://www.w3.org/TR/xmlenc-core/#sec-CMSKeyChecksum
-
-
- @param key
- @param checksum
- @return
- @see http://www.w3.org/TR/xmlenc-core/#sec-CMSKeyChecksum
-
-
- Method GetAlgorithmName
-
- @return
-
-
- Camellia - based on RFC 3713.
-
-
- Optimal Asymmetric Encryption Padding (OAEP) - see PKCS 1 V 2.
-
-
- @exception InvalidCipherTextException if the decrypted block turns out to
- be badly formatted.
-
-
- int to octet string.
-
-
- mask generator function, as described in PKCS1v2.
-
-
- implementation of MD2
- as outlined in RFC1319 by B.Kaliski from RSA Laboratories April 1992
-
-
- Close the digest, producing the final digest value. The doFinal
- call leaves the digest reset.
-
- @param out the array the digest is to be copied into.
- @param outOff the offset into the out array the digest is to start at.
-
-
- reset the digest back to it's initial state.
-
-
- update the message digest with a single byte.
-
- @param in the input byte to be entered.
-
-
- update the message digest with a block of bytes.
-
- @param in the byte array containing the data.
- @param inOff the offset into the byte array where the data starts.
- @param len the length of the data.
-
-
- return the algorithm name
-
- @return the algorithm name
-
-
- Base class for SHA-384 and SHA-512.
-
-
- Constructor for variable length word
-
-
- Copy constructor. We are using copy constructors in place
- of the object.Clone() interface as this interface is not
- supported by J2ME.
-
-
- adjust the byte counts so that byteCount2 represents the
- upper long (less 3 bits) word of the byte count.
-
-
- Generates new SRP verifier for user
-
-
- Initialises generator to create new verifiers
- @param N The safe prime to use (see DHParametersGenerator)
- @param g The group parameter to use (see DHParametersGenerator)
- @param digest The digest to use. The same digest type will need to be used later for the actual authentication
- attempt. Also note that the final session key size is dependent on the chosen digest.
-
-
- Creates a new SRP verifier
- @param salt The salt to use, generally should be large and random
- @param identity The user's identifying information (eg. username)
- @param password The user's password
- @return A new verifier for use in future SRP authentication
-
-
- Return the MAC calculated for the content stream. Note: this call is only meaningful once all
- the content has been read.
-
- @return byte array containing the mac.
-
-
- * return the object identifier for the key encryption algorithm.
- *
- * @return OID for key encryption algorithm.
-
-
- * return the ASN.1 encoded key encryption algorithm parameters, or null if
- * there aren't any.
- *
- * @return ASN.1 encoding of key encryption algorithm parameters.
-
-
- Parsing class for an CMS Signed Data object from an input stream.
-
- Note: that because we are in a streaming mode only one signer can be tried and it is important
- that the methods on the parser are called in the appropriate order.
-
-
- A simple example of usage for an encapsulated signature.
-
-
- Two notes: first, in the example below the validity of
- the certificate isn't verified, just the fact that one of the certs
- matches the given signer, and, second, because we are in a streaming
- mode the order of the operations is important.
-
-
- CmsSignedDataParser sp = new CmsSignedDataParser(encapSigData);
-
- sp.GetSignedContent().Drain();
-
- IX509Store certs = sp.GetCertificates();
- SignerInformationStore signers = sp.GetSignerInfos();
-
- foreach (SignerInformation signer in signers.GetSigners())
- {
- ArrayList certList = new ArrayList(certs.GetMatches(signer.SignerID));
- X509Certificate cert = (X509Certificate) certList[0];
-
- Console.WriteLine("verify returns: " + signer.Verify(cert));
- }
-
- Note also: this class does not introduce buffering - if you are processing large files you should create
- the parser with:
-
- CmsSignedDataParser ep = new CmsSignedDataParser(new BufferedInputStream(encapSigData, bufSize));
-
- where bufSize is a suitably large buffer size.
-
-
- base constructor - with encapsulated content
-
-
- base constructor
-
- @param signedContent the content that was signed.
- @param sigData the signature object.
-
-
- return the collection of signers that are associated with the
- signatures for the message.
- @throws CmsException
-
-
- return a X509Store containing the attribute certificates, if any, contained
- in this message.
-
- @param type type of store to create
- @return a store of attribute certificates
- @exception org.bouncycastle.x509.NoSuchStoreException if the store type isn't available.
- @exception CmsException if a general exception prevents creation of the X509Store
-
-
- return a X509Store containing the public key certificates, if any, contained
- in this message.
-
- @param type type of store to create
- @return a store of public key certificates
- @exception NoSuchStoreException if the store type isn't available.
- @exception CmsException if a general exception prevents creation of the X509Store
-
-
- return a X509Store containing CRLs, if any, contained
- in this message.
-
- @param type type of store to create
- @return a store of CRLs
- @exception NoSuchStoreException if the store type isn't available.
- @exception CmsException if a general exception prevents creation of the X509Store
-
-
- Replace the signerinformation store associated with the passed
- in message contained in the stream original with the new one passed in.
- You would probably only want to do this if you wanted to change the unsigned
- attributes associated with a signer, or perhaps delete one.
-
- The output stream is returned unclosed.
-
- @param original the signed data stream to be used as a base.
- @param signerInformationStore the new signer information store to use.
- @param out the stream to Write the new signed data object to.
- @return out.
-
-
- Replace the certificate and CRL information associated with this
- CMSSignedData object with the new one passed in.
-
- The output stream is returned unclosed.
-
- @param original the signed data stream to be used as a base.
- @param certsAndCrls the new certificates and CRLs to be used.
- @param out the stream to Write the new signed data object to.
- @return out.
- @exception CmsException if there is an error processing the CertStore
-
-
- Return the version number for the SignedData object
-
- @return the version number
-
-
-
- Return the DerObjectIdentifier associated with the encapsulated
- content info structure carried in the signed data.
-
-
-
- * general class for generating a pkcs7-signature message.
- *
- * A simple example of usage.
- *
- *
- * IX509Store certs...
- * IX509Store crls...
- * CmsSignedDataGenerator gen = new CmsSignedDataGenerator();
- *
- * gen.AddSigner(privKey, cert, CmsSignedGenerator.DigestSha1);
- * gen.AddCertificates(certs);
- * gen.AddCrls(crls);
- *
- * CmsSignedData data = gen.Generate(content);
- *
- *
-
-
- Default type for the signed data.
-
-
- Constructor allowing specific source of randomness
- Instance of SecureRandom to use.
-
-
- Add the attribute certificates contained in the passed in store to the
- generator.
-
- @param store a store of Version 2 attribute certificates
- @throws CmsException if an error occurse processing the store.
-
-
- Add a store of precalculated signers to the generator.
-
- @param signerStore store of signers
-
-
- Return a map of oids and byte arrays representing the digests calculated on the content during
- the last generate.
-
- @return a map of oids (as String objects) and byte[] representing digests.
-
-
- Constructor allowing specific source of randomness
- Instance of SecureRandom to use.
-
-
- * add a signer - no attributes other than the default ones will be
- * provided here.
- *
- * @param key signing key to use
- * @param cert certificate containing corresponding public key
- * @param digestOID digest algorithm OID
-
-
- add a signer, specifying the digest encryption algorithm to use - no attributes other than the default ones will be
- provided here.
-
- @param key signing key to use
- @param cert certificate containing corresponding public key
- @param encryptionOID digest encryption algorithm OID
- @param digestOID digest algorithm OID
-
-
- add a signer - no attributes other than the default ones will be
- provided here.
-
-
- add a signer, specifying the digest encryption algorithm to use - no attributes other than the default ones will be
- provided here.
-
-
- * add a signer with extra signed/unsigned attributes.
- *
- * @param key signing key to use
- * @param cert certificate containing corresponding public key
- * @param digestOID digest algorithm OID
- * @param signedAttr table of attributes to be included in signature
- * @param unsignedAttr table of attributes to be included as unsigned
-
-
- add a signer, specifying the digest encryption algorithm, with extra signed/unsigned attributes.
-
- @param key signing key to use
- @param cert certificate containing corresponding public key
- @param encryptionOID digest encryption algorithm OID
- @param digestOID digest algorithm OID
- @param signedAttr table of attributes to be included in signature
- @param unsignedAttr table of attributes to be included as unsigned
-
-
- * add a signer with extra signed/unsigned attributes.
- *
- * @param key signing key to use
- * @param subjectKeyID subjectKeyID of corresponding public key
- * @param digestOID digest algorithm OID
- * @param signedAttr table of attributes to be included in signature
- * @param unsignedAttr table of attributes to be included as unsigned
-
-
- add a signer, specifying the digest encryption algorithm, with extra signed/unsigned attributes.
-
- @param key signing key to use
- @param subjectKeyID subjectKeyID of corresponding public key
- @param encryptionOID digest encryption algorithm OID
- @param digestOID digest algorithm OID
- @param signedAttr table of attributes to be included in signature
- @param unsignedAttr table of attributes to be included as unsigned
-
-
- add a signer with extra signed/unsigned attributes based on generators.
-
-
- add a signer, specifying the digest encryption algorithm, with extra signed/unsigned attributes based on generators.
-
-
- add a signer with extra signed/unsigned attributes based on generators.
-
-
- add a signer, including digest encryption algorithm, with extra signed/unsigned attributes based on generators.
-
-
- generate a signed object that for a CMS Signed Data object
-
-
- generate a signed object that for a CMS Signed Data
- object - if encapsulate is true a copy
- of the message will be included in the signature. The content type
- is set according to the OID represented by the string signedContentType.
-
-
- generate a signed object that for a CMS Signed Data
- object - if encapsulate is true a copy
- of the message will be included in the signature with the
- default content type "data".
-
-
- generate a set of one or more SignerInformation objects representing counter signatures on
- the passed in SignerInformation object.
-
- @param signer the signer to be countersigned
- @param sigProvider the provider to be used for counter signing.
- @return a store containing the signers.
-
-
-
- Generic routine to copy out the data we want processed.
-
-
- This routine may be called multiple times.
-
-
-
- Basic packet for a PGP secret key.
-
-
- Basic type for a image attribute packet.
-
-
- Basic type for a user attribute sub-packet.
-
-
- return the generic data making up the packet.
-
-
- table of the current named curves defined in X.962 EC-DSA.
-
-
- return the X9ECParameters object for the named curve represented by
- the passed in object identifier. Null if the curve isn't present.
-
- @param oid an object identifier representing a named curve, if present.
-
-
- return the object identifier signified by the passed in name. Null
- if there is no object identifier associated with name.
-
- @return the object identifier associated with name, if present.
-
-
- return the named curve name represented by the given object identifier.
-
-
- returns an enumeration containing the name strings for curves
- contained in this structure.
-
-
- an object for the elements in the X.509 V3 extension block.
-
-
- Convert the value of the passed in extension to an object.
- The extension to parse.
- The object the value string contains.
- If conversion is not possible.
-
-
- The default converter for X509 DN entries when going from their
- string value to ASN.1 strings.
-
-
- * It turns out that the number of standard ways the fields in a DN should be
- * encoded into their ASN.1 counterparts is rapidly approaching the
- * number of machines on the internet. By default the X509Name class
- * will produce UTF8Strings in line with the current recommendations (RFC 3280).
- *
- * An example of an encoder look like below:
- *
- * public class X509DirEntryConverter
- * : X509NameEntryConverter
- * {
- * public Asn1Object GetConvertedValue(
- * DerObjectIdentifier oid,
- * string value)
- * {
- * if (str.Length() != 0 && str.charAt(0) == '#')
- * {
- * return ConvertHexEncoded(str, 1);
- * }
- * if (oid.Equals(EmailAddress))
- * {
- * return new DerIA5String(str);
- * }
- * else if (CanBePrintable(str))
- * {
- * return new DerPrintableString(str);
- * }
- * else if (CanBeUTF8(str))
- * {
- * return new DerUtf8String(str);
- * }
- * else
- * {
- * return new DerBmpString(str);
- * }
- * }
- * }
- *
- *
-
-
- Convert an inline encoded hex string rendition of an ASN.1
- object back into its corresponding ASN.1 object.
-
- @param str the hex encoded object
- @param off the index at which the encoding starts
- @return the decoded object
-
-
- return true if the passed in string can be represented without
- loss as a PrintableString, false otherwise.
-
-
- Convert the passed in string value into the appropriate ASN.1
- encoded object.
-
- @param oid the oid associated with the value in the DN.
- @param value the value of the particular DN component.
- @return the ASN.1 equivalent for the value.
-
-
- Apply default conversion for the given value depending on the oid
- and the character range of the value.
-
- @param oid the object identifier for the DN entry
- @param value the value associated with it
- @return the ASN.1 equivalent for the string value.
-
-
- The TbsCertificate object.
-
- TbsCertificate ::= Sequence {
- version [ 0 ] Version DEFAULT v1(0),
- serialNumber CertificateSerialNumber,
- signature AlgorithmIdentifier,
- issuer Name,
- validity Validity,
- subject Name,
- subjectPublicKeyInfo SubjectPublicKeyInfo,
- issuerUniqueID [ 1 ] IMPLICIT UniqueIdentifier OPTIONAL,
- subjectUniqueID [ 2 ] IMPLICIT UniqueIdentifier OPTIONAL,
- extensions [ 3 ] Extensions OPTIONAL
- }
-
-
- Note: issuerUniqueID and subjectUniqueID are both deprecated by the IETF. This class
- will parse them, but you really shouldn't be creating new ones.
-
-
- NoticeReference
class, used in
- CertificatePolicies
X509 V3 extensions
- (in policy qualifiers).
-
-
- NoticeReference ::= Sequence {
- organization DisplayText,
- noticeNumbers Sequence OF Integer }
-
-
-
- @see PolicyQualifierInfo
- @see PolicyInformation
-
-
- Creates a new NoticeReference
instance.
-
- @param orgName a string
value
- @param numbers a ArrayList
value
-
-
- Creates a new NoticeReference
instance.
-
- @param orgName a string
value
- @param numbers an Asn1Sequence
value
-
-
- Creates a new NoticeReference
instance.
-
- @param displayTextType an int
value
- @param orgName a string
value
- @param numbers an Asn1Sequence
value
-
-
- Creates a new NoticeReference
instance.
- Useful for reconstructing a NoticeReference
- instance from its encodable/encoded form.
-
- @param as an Asn1Sequence
value obtained from either
- calling @{link ToAsn1Object()} for a NoticeReference
- instance or from parsing it from a Der-encoded stream.
-
-
- Describe ToAsn1Object
method here.
-
- @return a Asn1Object
value
-
-
- The KeyPurposeID object.
-
- KeyPurposeID ::= OBJECT IDENTIFIER
-
-
-
- return an Oid from the passed in object
-
- @exception ArgumentException if the object cannot be converted.
-
-
- return an object Identifier from a tagged object.
-
- @param obj the tagged object holding the object we want
- @param explicitly true if the object is meant to be explicitly
- tagged false otherwise.
- @exception ArgumentException if the tagged object cannot
- be converted.
-
-
- The AccessDescription object.
-
- AccessDescription ::= SEQUENCE {
- accessMethod OBJECT IDENTIFIER,
- accessLocation GeneralName }
-
-
-
- create an AccessDescription with the oid and location provided.
-
-
-
- @return the access method.
-
-
-
- @return the access location
-
-
- the elliptic curve private key object from SEC 1
-
-
- ECPrivateKey ::= SEQUENCE {
- version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
- privateKey OCTET STRING,
- parameters [0] Parameters OPTIONAL,
- publicKey [1] BIT STRING OPTIONAL }
-
-
-
-
- OtherSigningCertificate ::= SEQUENCE {
- certs SEQUENCE OF OtherCertID,
- policies SEQUENCE OF PolicyInformation OPTIONAL
- }
-
-
-
-
-
-
- OtherCertID ::= SEQUENCE {
- otherCertHash OtherHash,
- issuerSerial IssuerSerial OPTIONAL
- }
-
-
-
-
-
- RFC 3126: 4.2.2 Complete Revocation Refs Attribute Definition
-
- CompleteRevocationRefs ::= SEQUENCE OF CrlOcspRef
-
-
-
-
- Der VisibleString object.
-
-
- return a Visible string from the passed in object.
-
- @exception ArgumentException if the object cannot be converted.
-
-
- return a Visible string from a tagged object.
-
- @param obj the tagged object holding the object we want
- @param explicitly true if the object is meant to be explicitly
- tagged false otherwise.
- @exception ArgumentException if the tagged object cannot
- be converted.
-
-
- basic constructor - byte encoded string.
-
-
- basic constructor
-
-
- We insert one of these when we find a tag we don't recognise.
-
-
- @param tag the tag value.
- @param data the contents octets.
-
-
- Der PrintableString object.
-
-
- return a printable string from the passed in object.
-
- @exception ArgumentException if the object cannot be converted.
-
-
- return a Printable string from a tagged object.
-
- @param obj the tagged object holding the object we want
- @param explicitly true if the object is meant to be explicitly
- tagged false otherwise.
- @exception ArgumentException if the tagged object cannot
- be converted.
-
-
- basic constructor - byte encoded string.
-
-
- basic constructor - this does not validate the string
-
-
- Constructor with optional validation.
-
- @param string the base string to wrap.
- @param validate whether or not to check the string.
- @throws ArgumentException if validate is true and the string
- contains characters that should not be in a PrintableString.
-
-
- return true if the passed in String can be represented without
- loss as a PrintableString, false otherwise.
-
- @return true if in printable set, false otherwise.
-
-
-
- PkiArchiveOptions ::= CHOICE {
- encryptedPrivKey [0] EncryptedKey,
- -- the actual value of the private key
- keyGenParameters [1] KeyGenParameters,
- -- parameters which allow the private key to be re-generated
- archiveRemGenPrivKey [2] BOOLEAN }
- -- set to TRUE if sender wishes receiver to archive the private
- -- key of a key pair that the receiver generates in response to
- -- this request; set to FALSE if no archival is desired.
-
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- SignerInfo ::= Sequence {
- version Version,
- SignerIdentifier sid,
- digestAlgorithm DigestAlgorithmIdentifier,
- authenticatedAttributes [0] IMPLICIT Attributes OPTIONAL,
- digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier,
- encryptedDigest EncryptedDigest,
- unauthenticatedAttributes [1] IMPLICIT Attributes OPTIONAL
- }
-
- EncryptedDigest ::= OCTET STRING
-
- DigestAlgorithmIdentifier ::= AlgorithmIdentifier
-
- DigestEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
-
-
-
-
- GenRepContent ::= SEQUENCE OF InfoTypeAndValue
-
- @return a basic ASN.1 object representation.
-
-
- return an ASN1Set from the given object.
-
- @param obj the object we want converted.
- @exception ArgumentException if the object cannot be converted.
-
-
- Return an ASN1 set from a tagged object. There is a special
- case here, if an object appears to have been explicitly tagged on
- reading but we were expecting it to be implicitly tagged in the
- normal course of events it indicates that we lost the surrounding
- set - so we need to add it back (this will happen if the tagged
- object is a sequence that contains other sequences). If you are
- dealing with implicitly tagged sets you really should
- be using this method.
-
- @param obj the tagged object.
- @param explicitly true if the object is meant to be explicitly tagged
- false otherwise.
- @exception ArgumentException if the tagged object cannot
- be converted.
-
-
- return true if a <= b (arrays are assumed padded with zeros).
-
-
- return the object at the set position indicated by index.
-
- @param index the set number (starting at zero) of the object
- @return the object at the set position indicated by index.
-
-
- A high level authority key identifier.
-
-
- The AuthorityKeyIdentifier object.
-
- id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 }
-
- AuthorityKeyIdentifier ::= Sequence {
- keyIdentifier [0] IMPLICIT KeyIdentifier OPTIONAL,
- authorityCertIssuer [1] IMPLICIT GeneralNames OPTIONAL,
- authorityCertSerialNumber [2] IMPLICIT CertificateSerialNumber OPTIONAL }
-
- KeyIdentifier ::= OCTET STRING
-
-
-
-
- *
- * Calulates the keyidentifier using a SHA1 hash over the BIT STRING
- * from SubjectPublicKeyInfo as defined in RFC2459.
- *
- * Example of making a AuthorityKeyIdentifier:
- *
- * SubjectPublicKeyInfo apki = new SubjectPublicKeyInfo((ASN1Sequence)new ASN1InputStream(
- * publicKey.getEncoded()).readObject());
- * AuthorityKeyIdentifier aki = new AuthorityKeyIdentifier(apki);
- *
- *
- *
-
-
- create an AuthorityKeyIdentifier with the GeneralNames tag and
- the serial number provided as well.
-
-
- create an AuthorityKeyIdentifier with the GeneralNames tag and
- the serial number provided.
-
-
- create an AuthorityKeyIdentifier with a precomputed key identifier
-
-
- create an AuthorityKeyIdentifier with a precomupted key identifier
- and the GeneralNames tag and the serial number provided as well.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
-
- Constructor which will take the byte[] returned from getExtensionValue()
-
- @param encodedValue a DER octet encoded string with the extension structure in it.
- @throws IOException on parsing errors.
-
-
- Create an AuthorityKeyIdentifier using the passed in certificate's public
- key, issuer and serial number.
-
- @param certificate the certificate providing the information.
- @throws CertificateParsingException if there is a problem processing the certificate
-
-
- Create an AuthorityKeyIdentifier using just the hash of the
- public key.
-
- @param pubKey the key to generate the hash from.
- @throws InvalidKeyException if there is a problem using the key.
-
-
-
- Pipe all bytes from inStr to outStr, throwing StreamFlowException if greater
- than limit bytes in inStr.
-
-
- A
-
-
- A
-
-
- A
-
- The number of bytes actually transferred, if not greater than limit
-
-
-
- basic creation - only the default attributes will be included here.
-
-
- create with a signer with extra signed/unsigned attributes.
-
-
- Base class for an RFC 3161 Time Stamp Request.
-
-
- Create a TimeStampRequest from the past in byte array.
-
- @param req byte array containing the request.
- @throws IOException if the request is malformed.
-
-
- Create a TimeStampRequest from the past in input stream.
-
- @param in input stream containing the request.
- @throws IOException if the request is malformed.
-
-
- Validate the timestamp request, checking the digest to see if it is of an
- accepted type and whether it is of the correct length for the algorithm specified.
-
- @param algorithms a set of string OIDS giving accepted algorithms.
- @param policies if non-null a set of policies we are willing to sign under.
- @param extensions if non-null a set of extensions we are willing to accept.
- @throws TspException if the request is invalid, or processing fails.
-
-
- return the ASN.1 encoded representation of this object.
-
-
-
- Utility class for creating IBasicAgreement objects from their names/Oids
-
-
-
- If the complete CRL includes an issuing distribution point (IDP) CRL
- extension check the following:
-
- (i) If the distribution point name is present in the IDP CRL extension
- and the distribution field is present in the DP, then verify that one of
- the names in the IDP matches one of the names in the DP. If the
- distribution point name is present in the IDP CRL extension and the
- distribution field is omitted from the DP, then verify that one of the
- names in the IDP matches one of the names in the cRLIssuer field of the
- DP.
-
-
- (ii) If the onlyContainsUserCerts boolean is asserted in the IDP CRL
- extension, verify that the certificate does not include the basic
- constraints extension with the cA boolean asserted.
-
-
- (iii) If the onlyContainsCACerts boolean is asserted in the IDP CRL
- extension, verify that the certificate includes the basic constraints
- extension with the cA boolean asserted.
-
-
- (iv) Verify that the onlyContainsAttributeCerts boolean is not asserted.
-
-
- @param dp The distribution point.
- @param cert The certificate.
- @param crl The CRL.
- @throws AnnotatedException if one of the conditions is not met or an error occurs.
-
-
- If the DP includes cRLIssuer, then verify that the issuer field in the
- complete CRL matches cRLIssuer in the DP and that the complete CRL
- contains an
- g distribution point extension with the indirectCRL
- boolean asserted. Otherwise, verify that the CRL issuer matches the
- certificate issuer.
-
- @param dp The distribution point.
- @param cert The certificate ot attribute certificate.
- @param crl The CRL for cert
.
- @throws AnnotatedException if one of the above conditions does not apply or an error
- occurs.
-
-
- Obtain and validate the certification path for the complete CRL issuer.
- If a key usage extension is present in the CRL issuer's certificate,
- verify that the cRLSign bit is set.
-
- @param crl CRL which contains revocation information for the certificate
- cert
.
- @param cert The attribute certificate or certificate to check if it is
- revoked.
- @param defaultCRLSignCert The issuer certificate of the certificate cert
.
- @param defaultCRLSignKey The public key of the issuer certificate
- defaultCRLSignCert
.
- @param paramsPKIX paramsPKIX PKIX parameters.
- @param certPathCerts The certificates on the certification path.
- @return A Set
with all keys of possible CRL issuer
- certificates.
- @throws AnnotatedException if the CRL is not valid or the status cannot be checked or
- some error occurs.
-
-
- Checks a distribution point for revocation information for the
- certificate cert
.
-
- @param dp The distribution point to consider.
- @param paramsPKIX PKIX parameters.
- @param cert Certificate to check if it is revoked.
- @param validDate The date when the certificate revocation status should be
- checked.
- @param defaultCRLSignCert The issuer certificate of the certificate cert
.
- @param defaultCRLSignKey The public key of the issuer certificate
- defaultCRLSignCert
.
- @param certStatus The current certificate revocation status.
- @param reasonMask The reasons mask which is already checked.
- @param certPathCerts The certificates of the certification path.
- @throws AnnotatedException if the certificate is revoked or the status cannot be checked
- or some error occurs.
-
-
- Checks a certificate if it is revoked.
-
- @param paramsPKIX PKIX parameters.
- @param cert Certificate to check if it is revoked.
- @param validDate The date when the certificate revocation status should be
- checked.
- @param sign The issuer certificate of the certificate cert
.
- @param workingPublicKey The public key of the issuer certificate sign
.
- @param certPathCerts The certificates of the certification path.
- @throws AnnotatedException if the certificate is revoked or the status cannot be checked
- or some error occurs.
-
-
- If use-deltas is set, verify the issuer and scope of the delta CRL.
-
- @param deltaCRL The delta CRL.
- @param completeCRL The complete CRL.
- @param pkixParams The PKIX paramaters.
- @throws AnnotatedException if an exception occurs.
-
-
- base generator for an OCSP response - at the moment this only supports the
- generation of responses containing BasicOCSP responses.
-
-
- Class implementing the WTNAF (Window
- τ
-adic Non-Adjacent Form) algorithm.
-
-
- Multiplies a {@link org.bouncycastle.math.ec.F2mPoint F2mPoint}
- by k
using the reduced τ
-adic NAF (RTNAF)
- method.
- @param p The F2mPoint to multiply.
- @param k The integer by which to multiply k
.
- @return p
multiplied by k
.
-
-
- Multiplies a {@link org.bouncycastle.math.ec.F2mPoint F2mPoint}
- by an element λ
of Z[τ]
using
- the τ
-adic NAF (TNAF) method.
- @param p The F2mPoint to multiply.
- @param lambda The element λ
of
- Z[τ]
of which to compute the
- [τ]
-adic NAF.
- @return p
multiplied by λ
.
-
-
- Multiplies a {@link org.bouncycastle.math.ec.F2mPoint F2mPoint}
- by an element λ
of Z[τ]
- using the window τ
-adic NAF (TNAF) method, given the
- WTNAF of λ
.
- @param p The F2mPoint to multiply.
- @param u The the WTNAF of λ
..
- @return λ * p
-
-
- return a = a + b - b preserved.
-
-
- unsigned comparison on two arrays - note the arrays may
- start with leading zeros.
-
-
- return z = x / y - done in place (z value preserved, x contains the
- remainder)
-
-
- return whether or not a BigInteger is probably prime with a
- probability of 1 - (1/2)**certainty.
- From Knuth Vol 2, pg 395.
-
-
- Calculate the numbers u1, u2, and u3 such that:
-
- u1 * a + u2 * b = u3
-
- where u3 is the greatest common divider of a and b.
- a and b using the extended Euclid algorithm (refer p. 323
- of The Art of Computer Programming vol 2, 2nd ed).
- This also seems to have the side effect of calculating
- some form of multiplicative inverse.
-
- @param a First number to calculate gcd for
- @param b Second number to calculate gcd for
- @param u1Out the return object for the u1 value
- @param u2Out the return object for the u2 value
- @return The greatest common divisor of a and b
-
-
- return w with w = x * x - w is assumed to have enough space.
-
-
- return x with x = y * z - x is assumed to have enough space.
-
-
- Calculate mQuote = -m^(-1) mod b with b = 2^32 (32 = word size)
-
-
- Montgomery multiplication: a = x * y * R^(-1) mod m
-
- Based algorithm 14.36 of Handbook of Applied Cryptography.
-
- m, x, y should have length n
- a should have length (n + 1)
- b = 2^32, R = b^n
-
- The result is put in x
-
- NOTE: the indices of x, y, m, a different in HAC and in Java
-
-
- return x = x % y - done in place (y value preserved)
-
-
- do a left shift - this returns a new array.
-
-
- do a right shift - this does it in place.
-
-
- do a right shift by one - this does it in place.
-
-
- returns x = x - y - we assume x is >= y
-
-
-
- Called by the protocol handler to report the server certificate.
-
-
- This method is responsible for certificate verification and validation
-
- The server received
-
-
-
-
- Return client credentials in response to server's certificate request
-
-
- A containing server certificate request details
-
-
- A to be used for client authentication
- (or null for no client authentication)
-
-
-
-
-
- Called at the start of a new TLS session, before any other methods.
-
-
- A
-
-
-
-
- Get the list of cipher suites that this client supports.
-
-
- An array of , each specifying a supported cipher suite.
-
-
-
-
- Get the list of compression methods that this client supports.
-
-
- An array of , each specifying a supported compression method.
-
-
-
-
- Get the (optional) table of client extensions to be included in (extended) client hello.
-
-
- A ( -> byte[]). May be null.
-
-
-
-
-
- Reports the session ID once it has been determined.
-
-
- A
-
-
-
-
- Report the cipher suite that was selected by the server.
-
-
- The protocol handler validates this value against the offered cipher suites
-
-
-
- A
-
-
-
-
- Report the compression method that was selected by the server.
-
-
- The protocol handler validates this value against the offered compression methods
-
-
-
- A
-
-
-
-
- Report whether the server supports secure renegotiation
-
-
- The protocol handler automatically processes the relevant extensions
-
-
- A , true if the server supports secure renegotiation
-
-
-
-
-
- Report the extensions from an extended server hello.
-
-
- Will only be called if we returned a non-null result from .
-
-
- A ( -> byte[])
-
-
-
-
- Return an implementation of to negotiate the key exchange
- part of the protocol.
-
-
- A
-
-
-
-
-
- Return an implementation of to handle authentication
- part of the protocol.
-
-
-
-
-
- Return an implementation of to handle record compression.
-
-
-
-
-
- Return an implementation of to use for encryption/decryption.
-
-
- A
-
-
-
-
- Public key parameters for NaccacheStern cipher. For details on this cipher,
- please see
-
- http://www.gemplus.com/smart/rd/publications/pdf/NS98pkcs.pdf
-
-
- @param privateKey
-
-
- @return Returns the g.
-
-
- @return Returns the lowerSigmaBound.
-
-
- @return Returns the n.
-
-
- A Two-Pass Authenticated-Encryption Scheme Optimized for Simplicity and
- Efficiency - by M. Bellare, P. Rogaway, D. Wagner.
-
- http://www.cs.ucdavis.edu/~rogaway/papers/eax.pdf
-
- EAX is an AEAD scheme based on CTR and OMAC1/CMAC, that uses a single block
- cipher to encrypt and authenticate data. It's on-line (the length of a
- message isn't needed to begin processing it), has good performances, it's
- simple and provably secure (provided the underlying block cipher is secure).
-
- Of course, this implementations is NOT thread-safe.
-
-
-
- A block cipher mode that includes authenticated encryption with a streaming mode
- and optional associated data.
-
-
-
- Initialise the cipher.
- Parameter can either be an AeadParameters or a ParametersWithIV object.
- Initialise for encryption if true, for decryption if false.
- The key or other data required by the cipher.
-
-
- The block size for this cipher, in bytes.
-
-
- Encrypt/decrypt a single byte.
-
- @param input the byte to be processed.
- @param outBytes the output buffer the processed byte goes into.
- @param outOff the offset into the output byte array the processed data starts at.
- @return the number of bytes written to out.
- @exception DataLengthException if the output buffer is too small.
-
-
- Process a block of bytes from in putting the result into out.
-
- @param inBytes the input byte array.
- @param inOff the offset into the in array where the data to be processed starts.
- @param len the number of bytes to be processed.
- @param outBytes the output buffer the processed bytes go into.
- @param outOff the offset into the output byte array the processed data starts at.
- @return the number of bytes written to out.
- @exception DataLengthException if the output buffer is too small.
-
-
- Finish the operation either appending or verifying the MAC at the end of the data.
-
- @param outBytes space for any resulting output data.
- @param outOff offset into out to start copying the data at.
- @return number of bytes written into out.
- @throws InvalidOperationException if the cipher is in an inappropriate state.
- @throws InvalidCipherTextException if the MAC fails to match.
-
-
- Return the value of the MAC associated with the last stream processed.
-
- @return MAC for plaintext data.
-
-
- Return the size of the output buffer required for a ProcessBytes
- an input of len bytes.
-
- @param len the length of the input.
- @return the space required to accommodate a call to ProcessBytes
- with len bytes of input.
-
-
- Return the size of the output buffer required for a ProcessBytes plus a
- DoFinal with an input of len bytes.
-
- @param len the length of the input.
- @return the space required to accommodate a call to ProcessBytes and DoFinal
- with len bytes of input.
-
-
-
- Reset the cipher to the same state as it was after the last init (if there was one).
-
-
-
- The name of the algorithm this cipher implements.
-
-
- Constructor that accepts an instance of a block cipher engine.
-
- @param cipher the engine to use
-
-
- implements a Cipher-FeedBack (CFB) mode on top of a simple cipher.
-
-
- Basic constructor.
-
- @param cipher the block cipher to be used as the basis of the
- feedback mode.
- @param blockSize the block size in bits (note: a multiple of 8)
-
-
- return the underlying block cipher that we are wrapping.
-
- @return the underlying block cipher that we are wrapping.
-
-
- Initialise the cipher and, possibly, the initialisation vector (IV).
- If an IV isn't passed as part of the parameter, the IV will be all zeros.
- An IV which is too short is handled in FIPS compliant fashion.
-
- @param forEncryption if true the cipher is initialised for
- encryption, if false for decryption.
- @param param the key and other data required by the cipher.
- @exception ArgumentException if the parameters argument is
- inappropriate.
-
-
- return the block size we are operating at.
-
- @return the block size we are operating at (in bytes).
-
-
- Process one block of input from the array in and write it to
- the out array.
-
- @param in the array containing the input data.
- @param inOff offset into the in array the data starts at.
- @param out the array the output data will be copied into.
- @param outOff the offset into the out array the output will start at.
- @exception DataLengthException if there isn't enough data in in, or
- space in out.
- @exception InvalidOperationException if the cipher isn't initialised.
- @return the number of bytes processed and produced.
-
-
- Do the appropriate processing for CFB mode encryption.
-
- @param in the array containing the data to be encrypted.
- @param inOff offset into the in array the data starts at.
- @param out the array the encrypted data will be copied into.
- @param outOff the offset into the out array the output will start at.
- @exception DataLengthException if there isn't enough data in in, or
- space in out.
- @exception InvalidOperationException if the cipher isn't initialised.
- @return the number of bytes processed and produced.
-
-
- Do the appropriate processing for CFB mode decryption.
-
- @param in the array containing the data to be decrypted.
- @param inOff offset into the in array the data starts at.
- @param out the array the encrypted data will be copied into.
- @param outOff the offset into the out array the output will start at.
- @exception DataLengthException if there isn't enough data in in, or
- space in out.
- @exception InvalidOperationException if the cipher isn't initialised.
- @return the number of bytes processed and produced.
-
-
- reset the chaining vector back to the IV and reset the underlying
- cipher.
-
-
- return the algorithm name and mode.
-
- @return the name of the underlying algorithm followed by "/CFB"
- and the block size in bits.
-
-
- Block cipher engines are expected to conform to this interface.
-
-
- Initialise the cipher.
- If true the cipher is initialised for encryption,
- if false for decryption.
- The key and other data required by the cipher.
-
-
-
- Reset the cipher. After resetting the cipher is in the same state
- as it was after the last init (if there was one).
-
-
-
- The name of the algorithm this cipher implements.
-
-
- * Serpent is a 128-bit 32-round block cipher with variable key lengths,
- * including 128, 192 and 256 bit keys conjectured to be at least as
- * secure as three-key triple-DES.
- *
- * Serpent was designed by Ross Anderson, Eli Biham and Lars Knudsen as a
- * candidate algorithm for the NIST AES Quest.>
- *
- *
- * For full details see the The Serpent home page
- *
-
-
- initialise a Serpent cipher.
-
- @param forEncryption whether or not we are for encryption.
- @param parameters the parameters required to set up the cipher.
- @exception ArgumentException if the parameters argument is
- inappropriate.
-
-
- Process one block of input from the array in and write it to
- the out array.
-
- @param in the array containing the input data.
- @param inOff offset into the in array the data starts at.
- @param out the array the output data will be copied into.
- @param outOff the offset into the out array the output will start at.
- @exception DataLengthException if there isn't enough data in in, or
- space in out.
- @exception InvalidOperationException if the cipher isn't initialised.
- @return the number of bytes processed and produced.
-
-
- Expand a user-supplied key material into a session key.
-
- @param key The user-key bytes (multiples of 4) to use.
- @exception ArgumentException
-
-
- Encrypt one block of plaintext.
-
- @param in the array containing the input data.
- @param inOff offset into the in array the data starts at.
- @param out the array the output data will be copied into.
- @param outOff the offset into the out array the output will start at.
-
-
- Decrypt one block of ciphertext.
-
- @param in the array containing the input data.
- @param inOff offset into the in array the data starts at.
- @param out the array the output data will be copied into.
- @param outOff the offset into the out array the output will start at.
-
-
- S0 - { 3, 8,15, 1,10, 6, 5,11,14,13, 4, 2, 7, 0, 9,12 } - 15 terms.
-
-
- InvSO - {13, 3,11, 0,10, 6, 5,12, 1,14, 4, 7,15, 9, 8, 2 } - 15 terms.
-
-
- S1 - {15,12, 2, 7, 9, 0, 5,10, 1,11,14, 8, 6,13, 3, 4 } - 14 terms.
-
-
- InvS1 - { 5, 8, 2,14,15, 6,12, 3,11, 4, 7, 9, 1,13,10, 0 } - 14 steps.
-
-
- S2 - { 8, 6, 7, 9, 3,12,10,15,13, 1,14, 4, 0,11, 5, 2 } - 16 terms.
-
-
- InvS2 - {12, 9,15, 4,11,14, 1, 2, 0, 3, 6,13, 5, 8,10, 7 } - 16 steps.
-
-
- S3 - { 0,15,11, 8,12, 9, 6, 3,13, 1, 2, 4,10, 7, 5,14 } - 16 terms.
-
-
- InvS3 - { 0, 9,10, 7,11,14, 6,13, 3, 5,12, 2, 4, 8,15, 1 } - 15 terms
-
-
- S4 - { 1,15, 8, 3,12, 0,11, 6, 2, 5, 4,10, 9,14, 7,13 } - 15 terms.
-
-
- InvS4 - { 5, 0, 8, 3,10, 9, 7,14, 2,12,11, 6, 4,15,13, 1 } - 15 terms.
-
-
- S5 - {15, 5, 2,11, 4,10, 9,12, 0, 3,14, 8,13, 6, 7, 1 } - 16 terms.
-
-
- InvS5 - { 8,15, 2, 9, 4, 1,13,14,11, 6, 5, 3, 7,12,10, 0 } - 16 terms.
-
-
- S6 - { 7, 2,12, 5, 8, 4, 6,11,14, 9, 1,15,13, 3,10, 0 } - 15 terms.
-
-
- InvS6 - {15,10, 1,13, 5, 3, 6, 0, 4, 9,14, 7, 2,12, 8,11 } - 15 terms.
-
-
- S7 - { 1,13,15, 0,14, 8, 2,11, 7, 4,12,10, 9, 3, 5, 6 } - 16 terms.
-
-
- InvS7 - { 3, 0, 6,13, 9,14,15, 8, 5,12,11, 7,10, 1, 4, 2 } - 17 terms.
-
-
- Apply the linear transformation to the register set.
-
-
- Apply the inverse of the linear transformation to the register set.
-
-
-
- An implementation of the SEED key wrapper based on RFC 4010/RFC 3394.
-
- For further details see: http://www.ietf.org/rfc/rfc4010.txt.
-
-
-
- A class that provides CAST key encryption operations,
- such as encoding data and generating keys.
-
- All the algorithms herein are from the Internet RFC's
-
- RFC2144 - Cast5 (64bit block, 40-128bit key)
- RFC2612 - CAST6 (128bit block, 128-256bit key)
-
- and implement a simplified cryptography interface.
-
-
- initialise a CAST cipher.
-
- @param forEncryption whether or not we are for encryption.
- @param parameters the parameters required to set up the cipher.
- @exception ArgumentException if the parameters argument is
- inappropriate.
-
-
- Encrypt the given input starting at the given offset and place
- the result in the provided buffer starting at the given offset.
-
- @param src The plaintext buffer
- @param srcIndex An offset into src
- @param dst The ciphertext buffer
- @param dstIndex An offset into dst
-
-
- Decrypt the given input starting at the given offset and place
- the result in the provided buffer starting at the given offset.
-
- @param src The plaintext buffer
- @param srcIndex An offset into src
- @param dst The ciphertext buffer
- @param dstIndex An offset into dst
-
-
- The first of the three processing functions for the
- encryption and decryption.
-
- @param D the input to be processed
- @param Kmi the mask to be used from Km[n]
- @param Kri the rotation value to be used
-
-
-
- The second of the three processing functions for the
- encryption and decryption.
-
- @param D the input to be processed
- @param Kmi the mask to be used from Km[n]
- @param Kri the rotation value to be used
-
-
-
- The third of the three processing functions for the
- encryption and decryption.
-
- @param D the input to be processed
- @param Kmi the mask to be used from Km[n]
- @param Kri the rotation value to be used
-
-
-
- Does the 16 rounds to encrypt the block.
-
- @param L0 the LH-32bits of the plaintext block
- @param R0 the RH-32bits of the plaintext block
-
-
-
- Implementation of RipeMD 320.
- Note: this algorithm offers the same level of security as RipeMD160.
-
-
-
- Standard constructor
-
-
- Copy constructor. This will copy the state of the provided
- message digest.
-
-
-
- reset the chaining variables to the IV values.
-
-
- The AEAD block ciphers already handle buffering internally, so this class
- just takes care of implementing IBufferedCipher methods.
-
-
- initialise the cipher.
-
- @param forEncryption if true the cipher is initialised for
- encryption, if false for decryption.
- @param param the key and other data required by the cipher.
- @exception ArgumentException if the parameters argument is
- inappropriate.
-
-
- return the blocksize for the underlying cipher.
-
- @return the blocksize for the underlying cipher.
-
-
- return the size of the output buffer required for an update
- an input of len bytes.
-
- @param len the length of the input.
- @return the space required to accommodate a call to update
- with len bytes of input.
-
-
- return the size of the output buffer required for an update plus a
- doFinal with an input of len bytes.
-
- @param len the length of the input.
- @return the space required to accommodate a call to update and doFinal
- with len bytes of input.
-
-
- process a single byte, producing an output block if neccessary.
-
- @param in the input byte.
- @param out the space for any output that might be produced.
- @param outOff the offset from which the output will be copied.
- @return the number of output bytes copied to out.
- @exception DataLengthException if there isn't enough space in out.
- @exception InvalidOperationException if the cipher isn't initialised.
-
-
- process an array of bytes, producing output if necessary.
-
- @param in the input byte array.
- @param inOff the offset at which the input data starts.
- @param len the number of bytes to be copied out of the input array.
- @param out the space for any output that might be produced.
- @param outOff the offset from which the output will be copied.
- @return the number of output bytes copied to out.
- @exception DataLengthException if there isn't enough space in out.
- @exception InvalidOperationException if the cipher isn't initialised.
-
-
- Process the last block in the buffer.
-
- @param out the array the block currently being held is copied into.
- @param outOff the offset at which the copying starts.
- @return the number of output bytes copied to out.
- @exception DataLengthException if there is insufficient space in out for
- the output, or the input is not block size aligned and should be.
- @exception InvalidOperationException if the underlying cipher is not
- initialised.
- @exception InvalidCipherTextException if padding is expected and not found.
- @exception DataLengthException if the input is not block size
- aligned.
-
-
- Reset the buffer and cipher. After resetting the object is in the same
- state as it was after the last init (if there was one).
-
-
- Basic type for a user ID packet.
-
-
- Basic type for a trust packet.
-
-
- packet giving whether or not is revocable.
-
-
- packet giving signature creation time.
-
-
- packet giving signature creation time.
-
-
- Basic type for a marker packet.
-
-
- Base class for an ElGamal public key.
-
-
- Return the standard PGP encoding of the key.
-
-
- The format, as a string, always "PGP".
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- Parameters ::= CHOICE {
- ecParameters ECParameters,
- namedCurve CURVES.&id({CurveNames}),
- implicitlyCA Null
- }
-
-
-
- Class for containing a restriction object subtrees in NameConstraints. See
- RFC 3280.
-
-
-
- GeneralSubtree ::= SEQUENCE
- {
- baseName GeneralName,
- minimum [0] BaseDistance DEFAULT 0,
- maximum [1] BaseDistance OPTIONAL
- }
-
-
- @see org.bouncycastle.asn1.x509.NameConstraints
-
-
-
- Constructor from a given details.
-
- According RFC 3280, the minimum and maximum fields are not used with any
- name forms, thus minimum MUST be zero, and maximum MUST be absent.
-
- If minimum is null
, zero is assumed, if
- maximum is null
, maximum is absent.
-
- @param baseName
- A restriction.
- @param minimum
- Minimum
-
- @param maximum
- Maximum
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- Returns:
-
-
- GeneralSubtree ::= SEQUENCE
- {
- baseName GeneralName,
- minimum [0] BaseDistance DEFAULT 0,
- maximum [1] BaseDistance OPTIONAL
- }
-
-
- @return a DERObject
-
-
- DisplayText
class, used in
- CertificatePolicies
X509 V3 extensions (in policy qualifiers).
-
- It stores a string in a chosen encoding.
-
- DisplayText ::= CHOICE {
- ia5String IA5String (SIZE (1..200)),
- visibleString VisibleString (SIZE (1..200)),
- bmpString BMPString (SIZE (1..200)),
- utf8String UTF8String (SIZE (1..200)) }
-
- @see PolicyQualifierInfo
- @see PolicyInformation
-
-
- Constant corresponding to ia5String encoding.
-
-
-
- Constant corresponding to bmpString encoding.
-
-
-
- Constant corresponding to utf8String encoding.
-
-
-
- Constant corresponding to visibleString encoding.
-
-
-
- Describe constant DisplayTextMaximumSize
here.
-
-
-
- Creates a new DisplayText
instance.
-
- @param type the desired encoding type for the text.
- @param text the text to store. Strings longer than 200
- characters are truncated.
-
-
- Creates a new DisplayText
instance.
-
- @param text the text to encapsulate. Strings longer than 200
- characters are truncated.
-
-
- Creates a new DisplayText
instance.
- Useful when reading back a DisplayText
class
- from it's Asn1Encodable form.
-
- @param contents an Asn1Encodable
instance.
-
-
- Returns the stored string
object.
-
- @return the stored text as a string
.
-
-
- create a cA=true object for the given path length constraint.
-
- @param pathLenConstraint
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- BasicConstraints := Sequence {
- cA Boolean DEFAULT FALSE,
- pathLenConstraint Integer (0..MAX) OPTIONAL
- }
-
-
-
- Handler for creating a vector S/MIME Capabilities
-
-
- Handler class for dealing with S/MIME Capabilities
-
-
- general preferences
-
-
- encryption algorithms preferences
-
-
- return an Attr object from the given object.
-
- @param o the object we want converted.
- @exception ArgumentException if the object cannot be converted.
-
-
- returns an ArrayList with 0 or more objects of all the capabilities
- matching the passed in capability Oid. If the Oid passed is null the
- entire set is returned.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- SMIMECapabilities ::= Sequence OF SMIMECapability
-
-
-
- This outputs the key in Pkcs1v2 format.
-
- RsaPrivateKey ::= Sequence {
- version Version,
- modulus Integer, -- n
- publicExponent Integer, -- e
- privateExponent Integer, -- d
- prime1 Integer, -- p
- prime2 Integer, -- q
- exponent1 Integer, -- d mod (p-1)
- exponent2 Integer, -- d mod (q-1)
- coefficient Integer -- (inverse of q) mod p
- }
-
- Version ::= Integer
-
- This routine is written to output Pkcs1 version 0, private keys.
-
-
- constructor
-
-
-
- OtherCertID ::= SEQUENCE {
- otherCertHash OtherHash,
- issuerSerial IssuerSerial OPTIONAL }
-
- OtherHash ::= CHOICE {
- sha1Hash OCTET STRING,
- otherHash OtherHashAlgAndValue }
-
- OtherHashAlgAndValue ::= SEQUENCE {
- hashAlgorithm AlgorithmIdentifier,
- hashValue OCTET STRING }
-
-
-
-
-
- Summary description for OtherHashAlgAndValue.
-
-
-
- OtherHashAlgAndValue ::= SEQUENCE {
- hashAlgorithm AlgorithmIdentifier,
- hashValue OtherHashValue
- }
-
- OtherHashValue ::= OCTET STRING
-
-
-
-
-
- RFC 3126: 4.2.2 Complete Revocation Refs Attribute Definition
-
- OcspIdentifier ::= SEQUENCE {
- ocspResponderID ResponderID,
- -- As in OCSP response data
- producedAt GeneralizedTime
- -- As in OCSP response data
- }
-
-
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- AuthenticatedData ::= SEQUENCE {
- version CMSVersion,
- originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
- recipientInfos RecipientInfos,
- macAlgorithm MessageAuthenticationCodeAlgorithm,
- digestAlgorithm [1] DigestAlgorithmIdentifier OPTIONAL,
- encapContentInfo EncapsulatedContentInfo,
- authAttrs [2] IMPLICIT AuthAttributes OPTIONAL,
- mac MessageAuthenticationCode,
- unauthAttrs [3] IMPLICIT UnauthAttributes OPTIONAL }
-
- AuthAttributes ::= SET SIZE (1..MAX) OF Attribute
-
- UnauthAttributes ::= SET SIZE (1..MAX) OF Attribute
-
- MessageAuthenticationCode ::= OCTET STRING
-
-
-
-
- RevDetails ::= SEQUENCE {
- certDetails CertTemplate,
- -- allows requester to specify as much as they can about
- -- the cert. for which revocation is requested
- -- (e.g., for cases in which serialNumber is not available)
- crlEntryDetails Extensions OPTIONAL
- -- requested crlEntryExtensions
- }
-
- @return a basic ASN.1 object representation.
-
-
-
- CertStatus ::= SEQUENCE {
- certHash OCTET STRING,
- -- the hash of the certificate, using the same hash algorithm
- -- as is used to create and verify the certificate signature
- certReqId INTEGER,
- -- to match this confirmation with the corresponding req/rep
- statusInfo PKIStatusInfo OPTIONAL
- }
-
- @return a basic ASN.1 object representation.
-
-
- BER TaggedObject - in ASN.1 notation this is any object preceded by
- a [n] where n is some number - these are assumed to follow the construction
- rules (as with sequences).
-
-
- DER TaggedObject - in ASN.1 notation this is any object preceded by
- a [n] where n is some number - these are assumed to follow the construction
- rules (as with sequences).
-
-
- ASN.1 TaggedObject - in ASN.1 notation this is any object preceded by
- a [n] where n is some number - these are assumed to follow the construction
- rules (as with sequences).
-
-
- @param tagNo the tag number for this object.
- @param obj the tagged object.
-
-
- @param explicitly true if the object is explicitly tagged.
- @param tagNo the tag number for this object.
- @param obj the tagged object.
-
-
- return whether or not the object may be explicitly tagged.
-
- Note: if the object has been read from an input stream, the only
- time you can be sure if isExplicit is returning the true state of
- affairs is if it returns false. An implicitly tagged object may appear
- to be explicitly tagged, so you need to understand the context under
- which the reading was done as well, see GetObject below.
-
-
- return whatever was following the tag.
-
- Note: tagged objects are generally context dependent if you're
- trying to extract a tagged object you should be going via the
- appropriate GetInstance method.
-
-
- Return the object held in this tagged object as a parser assuming it has
- the type of the passed in tag. If the object doesn't have a parser
- associated with it, the base object is returned.
-
-
- @param tagNo the tag number for this object.
- @param obj the tagged object.
-
-
- @param explicitly true if an explicitly tagged object.
- @param tagNo the tag number for this object.
- @param obj the tagged object.
-
-
- create an implicitly tagged object that contains a zero
- length sequence.
-
-
- @param tagNo the tag number for this object.
- @param obj the tagged object.
-
-
- @param explicitly true if an explicitly tagged object.
- @param tagNo the tag number for this object.
- @param obj the tagged object.
-
-
- create an implicitly tagged object that contains a zero
- length sequence.
-
-
- A generic PEM writer, based on RFC 1421
-
-
- Base constructor.
-
- @param out output stream to use.
-
-
- Return the number of bytes or characters required to contain the
- passed in object if it is PEM encoded.
-
- @param obj pem object to be output
- @return an estimate of the number of bytes
-
-
-
- A
-
-
-
-
- Basic utility class.
-
-
- Write out the passed in file as a literal data packet.
-
-
- Write out the passed in file as a literal data packet in partial packet format.
-
-
-
- Return either an ArmoredInputStream or a BcpgInputStream based on whether
- the initial characters of the stream are binary PGP encodings or not.
-
-
-
-
- RFC 4492 5.1.1
- The named curves defined here are those specified in SEC 2 [13]. Note that many of
- these curves are also recommended in ANSI X9.62 [7] and FIPS 186-2 [11]. Values 0xFE00
- through 0xFEFF are reserved for private use. Values 0xFF01 and 0xFF02 indicate that the
- client supports arbitrary prime and characteristic-2 curves, respectively (the curve
- parameters must be encoded explicitly in ECParameters).
-
-
-
- ISO9796-2 - mechanism using a hash function with recovery (scheme 2 and 3).
-
- Note: the usual length for the salt is the length of the hash
- function used in bytes.
-
-
-
-
- Return a reference to the recoveredMessage message.
-
- The full/partial recoveredMessage message.
-
-
-
-
- Generate a signer for the with either implicit or explicit trailers
- for ISO9796-2, scheme 2 or 3.
-
- base cipher to use for signature creation/verification
- digest to use.
- length of salt in bytes.
- whether or not the trailer is implicit or gives the hash.
-
-
- Constructor for a signer with an explicit digest trailer.
-
-
- cipher to use.
-
- digest to sign with.
-
- length of salt in bytes.
-
-
-
- Initialise the signer.
- true if for signing, false if for verification.
- parameters for signature generation/verification. If the
- parameters are for generation they should be a ParametersWithRandom,
- a ParametersWithSalt, or just an RsaKeyParameters object. If RsaKeyParameters
- are passed in a SecureRandom will be created.
-
- if wrong parameter type or a fixed
- salt is passed in which is the wrong length.
-
-
-
- compare two byte arrays - constant time.
-
-
- clear possible sensitive data
-
-
- update the internal digest with the byte b
-
-
- update the internal digest with the byte array in
-
-
- reset the internal state
-
-
- Generate a signature for the loaded message using the key we were
- initialised with.
-
-
-
- return true if the signature represents a ISO9796-2 signature
- for the passed in message.
-
-
-
-
- Return true if the full message was recoveredMessage.
-
- true on full message recovery, false otherwise, or if not sure.
-
-
-
- int to octet string.
- int to octet string.
-
-
- long to octet string.
-
-
- mask generator function, as described in Pkcs1v2.
-
-
- EC-NR as described in IEEE 1363-2000
-
-
- interface for classes implementing the Digital Signature Algorithm
-
-
- initialise the signer for signature generation or signature
- verification.
-
- @param forSigning true if we are generating a signature, false
- otherwise.
- @param param key parameters for signature generation.
-
-
- sign the passed in message (usually the output of a hash function).
-
- @param message the message to be signed.
- @return two big integers representing the r and s values respectively.
-
-
- verify the message message against the signature values r and s.
-
- @param message the message that was supposed to have been signed.
- @param r the r signature value.
- @param s the s signature value.
-
-
- generate a signature for the given message using the key we were
- initialised with. Generally, the order of the curve should be at
- least as long as the hash of the message of interest, and with
- ECNR it *must* be at least as long.
-
- @param digest the digest to be signed.
- @exception DataLengthException if the digest is longer than the key allows
-
-
- return true if the value r and s represent a signature for the
- message passed in. Generally, the order of the curve should be at
- least as long as the hash of the message of interest, and with
- ECNR, it *must* be at least as long. But just in case the signer
- applied mod(n) to the longer digest, this implementation will
- apply mod(n) during verification.
-
- @param digest the digest to be verified.
- @param r the r value of the signature.
- @param s the s value of the signature.
- @exception DataLengthException if the digest is longer than the key allows
-
-
- The base class for parameters to key generators.
-
-
- initialise the generator with a source of randomness
- and a strength (in bits).
-
- @param random the random byte source.
- @param strength the size, in bits, of the keys we want to produce.
-
-
- return the random source associated with this
- generator.
-
- @return the generators random source.
-
-
- return the bit strength for keys produced by this generator,
-
- @return the strength of the keys this generator produces (in bits).
-
-
- Parameters for NaccacheStern public private key generation. For details on
- this cipher, please see
-
- http://www.gemplus.com/smart/rd/publications/pdf/NS98pkcs.pdf
-
-
- Parameters for generating a NaccacheStern KeyPair.
-
- @param random
- The source of randomness
- @param strength
- The desired strength of the Key in Bits
- @param certainty
- the probability that the generated primes are not really prime
- as integer: 2^(-certainty) is then the probability
- @param countSmallPrimes
- How many small key factors are desired
-
-
- Parameters for a NaccacheStern KeyPair.
-
- @param random
- The source of randomness
- @param strength
- The desired strength of the Key in Bits
- @param certainty
- the probability that the generated primes are not really prime
- as integer: 2^(-certainty) is then the probability
- @param cntSmallPrimes
- How many small key factors are desired
- @param debug
- Turn debugging on or off (reveals secret information, use with
- caution)
-
-
- @return Returns the certainty.
-
-
- @return Returns the countSmallPrimes.
-
-
- return the generator - g
-
-
- return private value limit - l
-
-
- A padder that adds Trailing-Bit-Compliment padding to a block.
-
- This padding pads the block out compliment of the last bit
- of the plain text.
-
-
-
-
- Initialise the padder.
- - a SecureRandom if available.
-
-
-
- add the pad bytes to the passed in block, returning the
- number of bytes added.
-
- Note: this assumes that the last block of plain text is always
- passed to it inside in. i.e. if inOff is zero, indicating the
- entire block is to be overwritten with padding the value of in
- should be the same as the last block of plain text.
-
-
-
-
- return the number of pad bytes present in the block.
-
-
- Return the name of the algorithm the cipher implements.
- the name of the algorithm the cipher implements.
-
-
-
- implements a Output-FeedBack (OFB) mode on top of a simple cipher.
-
-
- Basic constructor.
-
- @param cipher the block cipher to be used as the basis of the
- feedback mode.
- @param blockSize the block size in bits (note: a multiple of 8)
-
-
- return the underlying block cipher that we are wrapping.
-
- @return the underlying block cipher that we are wrapping.
-
-
- Initialise the cipher and, possibly, the initialisation vector (IV).
- If an IV isn't passed as part of the parameter, the IV will be all zeros.
- An IV which is too short is handled in FIPS compliant fashion.
-
- @param forEncryption if true the cipher is initialised for
- encryption, if false for decryption.
- @param param the key and other data required by the cipher.
- @exception ArgumentException if the parameters argument is
- inappropriate.
-
-
- return the block size we are operating at (in bytes).
-
- @return the block size we are operating at (in bytes).
-
-
- Process one block of input from the array in and write it to
- the out array.
-
- @param in the array containing the input data.
- @param inOff offset into the in array the data starts at.
- @param out the array the output data will be copied into.
- @param outOff the offset into the out array the output will start at.
- @exception DataLengthException if there isn't enough data in in, or
- space in out.
- @exception InvalidOperationException if the cipher isn't initialised.
- @return the number of bytes processed and produced.
-
-
- reset the feedback vector back to the IV and reset the underlying
- cipher.
-
-
- return the algorithm name and mode.
-
- @return the name of the underlying algorithm followed by "/OFB"
- and the block size in bits
-
-
- HMAC implementation based on RFC2104
-
- H(K XOR opad, H(K XOR ipad, text))
-
-
- Reset the mac generator.
-
-
- Parameters for key/byte stream derivation classes
-
-
- Generate suitable parameters for DSA, in line with FIPS 186-2.
-
-
- initialise the key generator.
-
- @param size size of the key (range 2^512 -> 2^1024 - 64 bit increments)
- @param certainty measure of robustness of prime (for FIPS 186-2 compliance this should be at least 80).
- @param random random byte source.
-
-
- which Generates the p and g values from the given parameters,
- returning the DsaParameters object.
-
- Note: can take a while...
-
-
- generate suitable parameters for DSA, in line with
- FIPS 186-3 A.1 Generation of the FFC Primes p and q.
-
-
- The specification for RC5 came from the RC5 Encryption Algorithm
- publication in RSA CryptoBytes, Spring of 1995.
- http://www.rsasecurity.com/rsalabs/cryptobytes.
-
- This implementation has a word size of 32 bits.
-
-
- Create an instance of the RC5 encryption algorithm
- and set some defaults
-
-
- initialise a RC5-32 cipher.
-
- @param forEncryption whether or not we are for encryption.
- @param parameters the parameters required to set up the cipher.
- @exception ArgumentException if the parameters argument is
- inappropriate.
-
-
- Re-key the cipher.
-
- @param key the key to be used
-
-
- Encrypt the given block starting at the given offset and place
- the result in the provided buffer starting at the given offset.
-
- @param in in byte buffer containing data to encrypt
- @param inOff offset into src buffer
- @param out out buffer where encrypted data is written
- @param outOff offset into out buffer
-
-
- Perform a left "spin" of the word. The rotation of the given
- word x is rotated left by y bits.
- Only the lg(32) low-order bits of y
- are used to determine the rotation amount. Here it is
- assumed that the wordsize used is a power of 2.
-
- @param x word to rotate
- @param y number of bits to rotate % 32
-
-
- Perform a right "spin" of the word. The rotation of the given
- word x is rotated left by y bits.
- Only the lg(32) low-order bits of y
- are used to determine the rotation amount. Here it is
- assumed that the wordsize used is a power of 2.
-
- @param x word to rotate
- @param y number of bits to rotate % 32
-
-
- support class for constructing intergrated encryption ciphers
- for doing basic message exchanges on top of key agreement ciphers
-
-
- set up for use with stream mode, where the key derivation function
- is used to provide a stream of bytes to xor with the message.
-
- @param agree the key agreement used as the basis for the encryption
- @param kdf the key derivation function used for byte generation
- @param mac the message authentication code generator for the message
-
-
- set up for use in conjunction with a block cipher to handle the
- message.
-
- @param agree the key agreement used as the basis for the encryption
- @param kdf the key derivation function used for byte generation
- @param mac the message authentication code generator for the message
- @param cipher the cipher to used for encrypting the message
-
-
- Initialise the encryptor.
-
- @param forEncryption whether or not this is encryption/decryption.
- @param privParam our private key parameters
- @param pubParam the recipient's/sender's public key parameters
- @param param encoding and derivation parameters.
-
-
-
- An implementation of the Camellia key wrapper based on RFC 3657/RFC 3394.
-
- For further details see: http://www.ietf.org/rfc/rfc3657.txt.
-
-
-
- Draft FIPS 180-2 implementation of SHA-384. Note: As this is
- based on a draft this implementation is subject to change.
-
-
- block word digest
- SHA-1 512 32 160
- SHA-256 512 32 256
- SHA-384 1024 64 384
- SHA-512 1024 64 512
-
-
-
- Copy constructor. This will copy the state of the provided
- message digest.
-
-
- reset the chaining variables
-
-
- X9.63 based key derivation function for ECDH CMS.
-
-
- The basic interface that basic Diffie-Hellman implementations
- conforms to.
-
-
- initialise the agreement engine.
-
-
- given a public key from a given party calculate the next
- message in the agreement sequence.
-
-
- P1363 7.2.2 ECSVDP-DHC
-
- ECSVDP-DHC is Elliptic Curve Secret Value Derivation Primitive,
- Diffie-Hellman version with cofactor multiplication. It is based on
- the work of [DH76], [Mil86], [Kob87], [LMQ98] and [Kal98a]. This
- primitive derives a shared secret value from one party's private key
- and another party's public key, where both have the same set of EC
- domain parameters. If two parties correctly execute this primitive,
- they will produce the same output. This primitive can be invoked by a
- scheme to derive a shared secret key; specifically, it may be used
- with the schemes ECKAS-DH1 and DL/ECKAS-DH2. It does not assume the
- validity of the input public key (see also Section 7.2.1).
-
- Note: As stated P1363 compatibility mode with ECDH can be preset, and
- in this case the implementation doesn't have a ECDH compatibility mode
- (if you want that just use ECDHBasicAgreement and note they both implement
- BasicAgreement!).
-
-
- packet giving time after creation at which the key expires.
-
-
- Return the number of seconds after creation time a key is valid for.
-
- @return second count for key validity.
-
-
- Basic output stream.
-
-
- encode the input data producing a base 64 encoded byte array.
-
-
- Set an additional header entry.
-
- @param name the name of the header entry.
- @param v the value of the header entry.
-
-
- Reset the headers to only contain a Version string.
-
-
- Start a clear text signed message.
- @param hashAlgorithm
-
-
- Note: close does nor close the underlying stream. So it is possible to write
- multiple objects using armoring to a single stream.
-
-
- Generator for Version 3 TbsCertificateStructures.
-
- TbsCertificate ::= Sequence {
- version [ 0 ] Version DEFAULT v1(0),
- serialNumber CertificateSerialNumber,
- signature AlgorithmIdentifier,
- issuer Name,
- validity Validity,
- subject Name,
- subjectPublicKeyInfo SubjectPublicKeyInfo,
- issuerUniqueID [ 1 ] IMPLICIT UniqueIdentifier OPTIONAL,
- subjectUniqueID [ 2 ] IMPLICIT UniqueIdentifier OPTIONAL,
- extensions [ 3 ] Extensions OPTIONAL
- }
-
-
-
-
-
-
- PrivateKeyUsagePeriod ::= SEQUENCE
- {
- notBefore [0] GeneralizedTime OPTIONAL,
- notAfter [1] GeneralizedTime OPTIONAL }
-
-
-
-
- Implementation of IetfAttrSyntax
as specified by RFC3281.
-
-
-
-
-
-
-
-
- IetfAttrSyntax ::= Sequence {
- policyAuthority [0] GeneralNames OPTIONAL,
- values Sequence OF CHOICE {
- octets OCTET STRING,
- oid OBJECT IDENTIFIER,
- string UTF8String
- }
- }
-
-
-
-
-
-
- TstInfo ::= SEQUENCE {
- version INTEGER { v1(1) },
- policy TSAPolicyId,
- messageImprint MessageImprint,
- -- MUST have the same value as the similar field in
- -- TimeStampReq
- serialNumber INTEGER,
- -- Time-Stamping users MUST be ready to accommodate integers
- -- up to 160 bits.
- genTime GeneralizedTime,
- accuracy Accuracy OPTIONAL,
- ordering BOOLEAN DEFAULT FALSE,
- nonce INTEGER OPTIONAL,
- -- MUST be present if the similar field was present
- -- in TimeStampReq. In that case it MUST have the same value.
- tsa [0] GeneralName OPTIONAL,
- extensions [1] IMPLICIT Extensions OPTIONAL }
-
-
-
-
- a Pkcs#7 signed data object.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- SignedData ::= Sequence {
- version Version,
- digestAlgorithms DigestAlgorithmIdentifiers,
- contentInfo ContentInfo,
- certificates
- [0] IMPLICIT ExtendedCertificatesAndCertificates
- OPTIONAL,
- crls
- [1] IMPLICIT CertificateRevocationLists OPTIONAL,
- signerInfos SignerInfos }
-
-
-
-
- MacData ::= SEQUENCE {
- mac DigestInfo,
- macSalt OCTET STRING,
- iterations INTEGER DEFAULT 1
- -- Note: The default is for historic reasons and its use is deprecated. A
- -- higher value, like 1024 is recommended.
-
- @return the basic DERObject construction.
-
-
- Pkcs10 Certfication request object.
-
- CertificationRequest ::= Sequence {
- certificationRequestInfo CertificationRequestInfo,
- signatureAlgorithm AlgorithmIdentifier{{ SignatureAlgorithms }},
- signature BIT STRING
- }
-
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- SingleResponse ::= Sequence {
- certID CertID,
- certStatus CertStatus,
- thisUpdate GeneralizedTime,
- nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL,
- singleExtensions [1] EXPLICIT Extensions OPTIONAL }
-
-
-
- create a CertStatus object with a tag of zero.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- CertStatus ::= CHOICE {
- good [0] IMPLICIT Null,
- revoked [1] IMPLICIT RevokedInfo,
- unknown [2] IMPLICIT UnknownInfo }
-
-
-
- ISIS-MTT PROFILE: The responder may include this extension in a response to
- send the hash of the requested certificate to the responder. This hash is
- cryptographically bound to the certificate and serves as evidence that the
- certificate is known to the responder (i.e. it has been issued and is present
- in the directory). Hence, this extension is a means to provide a positive
- statement of availability as described in T8.[8]. As explained in T13.[1],
- clients may rely on this information to be able to validate signatures after
- the expiry of the corresponding certificate. Hence, clients MUST support this
- extension. If a positive statement of availability is to be delivered, this
- extension syntax and OID MUST be used.
-
-
-
- CertHash ::= SEQUENCE {
- hashAlgorithm AlgorithmIdentifier,
- certificateHash OCTET STRING
- }
-
-
-
- Constructor from Asn1Sequence.
-
- The sequence is of type CertHash:
-
-
- CertHash ::= SEQUENCE {
- hashAlgorithm AlgorithmIdentifier,
- certificateHash OCTET STRING
- }
-
-
- @param seq The ASN.1 sequence.
-
-
- Constructor from a given details.
-
- @param hashAlgorithm The hash algorithm identifier.
- @param certificateHash The hash of the whole DER encoding of the certificate.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- Returns:
-
-
- CertHash ::= SEQUENCE {
- hashAlgorithm AlgorithmIdentifier,
- certificateHash OCTET STRING
- }
-
-
- @return an Asn1Object
-
-
- The definition of SigningCertificateV2 is
-
- SigningCertificateV2 ::= SEQUENCE {
- certs SEQUENCE OF EssCertIDv2,
- policies SEQUENCE OF PolicyInformation OPTIONAL
- }
-
- id-aa-signingCertificateV2 OBJECT IDENTIFIER ::= { iso(1)
- member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
- smime(16) id-aa(2) 47 }
-
-
- constructors
-
-
- The definition of SigningCertificate is
-
- SigningCertificate ::= SEQUENCE {
- certs SEQUENCE OF EssCertID,
- policies SEQUENCE OF PolicyInformation OPTIONAL
- }
-
- id-aa-signingCertificate OBJECT IDENTIFIER ::= { iso(1)
- member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
- smime(16) id-aa(2) 12 }
-
-
- constructor
-
-
-
- ContentHints ::= SEQUENCE {
- contentDescription UTF8String (SIZE (1..MAX)) OPTIONAL,
- contentType ContentType }
-
-
-
-
- RFC 3126: 4.3.2 Revocation Values Attribute Definition
-
- OtherRevVals ::= SEQUENCE
- {
- otherRevValType OtherRevValType,
- otherRevVals ANY DEFINED BY otherRevValType
- }
-
- OtherRevValType ::= OBJECT IDENTIFIER
-
-
-
-
-
- RFC 3126: 4.2.2 Complete Revocation Refs Attribute Definition
-
- CrlIdentifier ::= SEQUENCE
- {
- crlissuer Name,
- crlIssuedTime UTCTime,
- crlNumber INTEGER OPTIONAL
- }
-
-
-
-
-
- RFC 3126: 4.3.1 Certificate Values Attribute Definition
-
- CertificateValues ::= SEQUENCE OF Certificate
-
-
-
-
- A Der encoded set object
-
-
- create an empty set
-
-
- @param obj - a single object that makes up the set.
-
-
- @param v - a vector of objects making up the set.
-
-
- Password-based MAC value for use with POPOSigningKeyInput.
-
-
- Creates a new PKMACValue.
- @param params parameters for password-based MAC
- @param value MAC of the DER-encoded SubjectPublicKeyInfo
-
-
- Creates a new PKMACValue.
- @param aid CMPObjectIdentifiers.passwordBasedMAC, with PBMParameter
- @param value MAC of the DER-encoded SubjectPublicKeyInfo
-
-
-
- PKMACValue ::= SEQUENCE {
- algId AlgorithmIdentifier,
- -- algorithm value shall be PasswordBasedMac 1.2.840.113533.7.66.13
- -- parameter value is PBMParameter
- value BIT STRING }
-
- @return a basic ASN.1 object representation.
-
-
- return a KekRecipientInfo object from a tagged object.
-
- @param obj the tagged object holding the object we want.
- @param explicitly true if the object is meant to be explicitly
- tagged false otherwise.
- @exception ArgumentException if the object held by the
- tagged object cannot be converted.
-
-
- return a KekRecipientInfo object from the given object.
-
- @param obj the object we want converted.
- @exception ArgumentException if the object cannot be converted.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- KekRecipientInfo ::= Sequence {
- version CMSVersion, -- always set to 4
- kekID KekIdentifier,
- keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
- encryptedKey EncryptedKey
- }
-
-
-
- return an EnvelopedData object from a tagged object.
-
- @param obj the tagged object holding the object we want.
- @param explicitly true if the object is meant to be explicitly
- tagged false otherwise.
- @exception ArgumentException if the object held by the
- tagged object cannot be converted.
-
-
- return an EnvelopedData object from the given object.
-
- @param obj the object we want converted.
- @exception ArgumentException if the object cannot be converted.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- EnvelopedData ::= Sequence {
- version CMSVersion,
- originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
- recipientInfos RecipientInfos,
- encryptedContentInfo EncryptedContentInfo,
- unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL
- }
-
-
-
- RFC 3274 - CMS Compressed Data.
-
- CompressedData ::= SEQUENCE {
- version CMSVersion,
- compressionAlgorithm CompressionAlgorithmIdentifier,
- encapContentInfo EncapsulatedContentInfo
- }
-
-
-
-
- A utility class that will extract X509Principal objects from X.509 certificates.
-
- Use this in preference to trying to recreate a principal from a string, not all
- DNs are what they should be, so it's best to leave them encoded where they
- can be.
-
-
-
- Return the issuer of the given cert as an X509Principal.
-
-
- Return the subject of the given cert as an X509Principal.
-
-
- Return the issuer of the given CRL as an X509Principal.
-
-
- General string utilities.
-
-
-
- A
-
-
- A
-
-
-
-
- encode the input data producing a Hex output stream.
-
- @return the number of bytes produced.
-
-
- decode the Hex encoded byte data writing it to the given output stream,
- whitespace characters will be ignored.
-
- @return the number of bytes produced.
-
-
- decode the Hex encoded string data writing it to the given output stream,
- whitespace characters will be ignored.
-
- @return the number of bytes produced.
-
-
- Exception thrown if a TSP request or response fails to validate.
-
- If a failure code is assciated with the exception it can be retrieved using
- the getFailureCode() method.
-
-
- Return the failure code associated with this exception - if one is set.
-
- @return the failure code if set, -1 otherwise.
-
-
- A PGP signature object.
-
-
-
- Verify the signature as certifying the passed in public key as associated
- with the passed in user attributes.
-
- User attributes the key was stored under.
- The key to be verified.
- True, if the signature matches, false otherwise.
-
-
-
- Verify the signature as certifying the passed in public key as associated
- with the passed in ID.
-
- ID the key was stored under.
- The key to be verified.
- True, if the signature matches, false otherwise.
-
-
- Verify a certification for the passed in key against the passed in master key.
- The key we are verifying against.
- The key we are verifying.
- True, if the certification is valid, false otherwise.
-
-
- Verify a key certification, such as revocation, for the passed in key.
- The key we are checking.
- True, if the certification is valid, false otherwise.
-
-
- The OpenPGP version number for this signature.
-
-
- The key algorithm associated with this signature.
-
-
- The hash algorithm associated with this signature.
-
-
- The ID of the key that created the signature.
-
-
- The creation time of this signature.
-
-
-
- Return true if the signature has either hashed or unhashed subpackets.
-
-
-
-
- Often a PGP key ring file is made up of a succession of master/sub-key key rings.
- If you want to read an entire secret key file in one hit this is the class for you.
-
-
-
- Build a PgpSecretKeyRingBundle from the passed in input stream.
- Input stream containing data.
- If a problem parsing the stream occurs.
- If an object is encountered which isn't a PgpSecretKeyRing.
-
-
- Allow enumeration of the secret key rings making up this collection.
-
-
- Allow enumeration of the key rings associated with the passed in userId.
- The user ID to be matched.
- An IEnumerable of key rings which matched (possibly none).
-
-
- Allow enumeration of the key rings associated with the passed in userId.
- The user ID to be matched.
- If true, userId need only be a substring of an actual ID string to match.
- An IEnumerable of key rings which matched (possibly none).
-
-
- Allow enumeration of the key rings associated with the passed in userId.
- The user ID to be matched.
- If true, userId need only be a substring of an actual ID string to match.
- If true, case is ignored in user ID comparisons.
- An IEnumerable of key rings which matched (possibly none).
-
-
- Return the PGP secret key associated with the given key id.
- The ID of the secret key to return.
-
-
- Return the secret key ring which contains the key referred to by keyId
- The ID of the secret key
-
-
-
- Return true if a key matching the passed in key ID is present, false otherwise.
-
- key ID to look for.
-
-
-
- Return a new bundle containing the contents of the passed in bundle and
- the passed in secret key ring.
-
- The PgpSecretKeyRingBundle the key ring is to be added to.
- The key ring to be added.
- A new PgpSecretKeyRingBundle merging the current one with the passed in key ring.
- If the keyId for the passed in key ring is already present.
-
-
-
- Return a new bundle containing the contents of the passed in bundle with
- the passed in secret key ring removed.
-
- The PgpSecretKeyRingBundle the key ring is to be removed from.
- The key ring to be removed.
- A new PgpSecretKeyRingBundle not containing the passed in key ring.
- If the keyId for the passed in key ring is not present.
-
-
- Return the number of rings in this collection.
-
-
-
- Often a PGP key ring file is made up of a succession of master/sub-key key rings.
- If you want to read an entire public key file in one hit this is the class for you.
-
-
-
- Build a PgpPublicKeyRingBundle from the passed in input stream.
- Input stream containing data.
- If a problem parsing the stream occurs.
- If an object is encountered which isn't a PgpPublicKeyRing.
-
-
- Allow enumeration of the public key rings making up this collection.
-
-
- Allow enumeration of the key rings associated with the passed in userId.
- The user ID to be matched.
- An IEnumerable of key rings which matched (possibly none).
-
-
- Allow enumeration of the key rings associated with the passed in userId.
- The user ID to be matched.
- If true, userId need only be a substring of an actual ID string to match.
- An IEnumerable of key rings which matched (possibly none).
-
-
- Allow enumeration of the key rings associated with the passed in userId.
- The user ID to be matched.
- If true, userId need only be a substring of an actual ID string to match.
- If true, case is ignored in user ID comparisons.
- An IEnumerable of key rings which matched (possibly none).
-
-
- Return the PGP public key associated with the given key id.
- The ID of the public key to return.
-
-
- Return the public key ring which contains the key referred to by keyId
- key ID to match against
-
-
-
- Return true if a key matching the passed in key ID is present, false otherwise.
-
- key ID to look for.
-
-
-
- Return a new bundle containing the contents of the passed in bundle and
- the passed in public key ring.
-
- The PgpPublicKeyRingBundle the key ring is to be added to.
- The key ring to be added.
- A new PgpPublicKeyRingBundle merging the current one with the passed in key ring.
- If the keyId for the passed in key ring is already present.
-
-
-
- Return a new bundle containing the contents of the passed in bundle with
- the passed in public key ring removed.
-
- The PgpPublicKeyRingBundle the key ring is to be removed from.
- The key ring to be removed.
- A new PgpPublicKeyRingBundle not containing the passed in key ring.
- If the keyId for the passed in key ring is not present.
-
-
- Return the number of key rings in this collection.
-
-
- General class to handle a PGP public key object.
-
-
-
- Create a PgpPublicKey from the passed in lightweight one.
-
-
- Note: the time passed in affects the value of the key's keyId, so you probably only want
- to do this once for a lightweight key, or make sure you keep track of the time you used.
-
- Asymmetric algorithm type representing the public key.
- Actual public key to associate.
- Date of creation.
- If pubKey is not public.
- On key creation problem.
-
-
- Constructor for a sub-key.
-
-
- Copy constructor.
- The public key to copy.
-
-
- Return the trust data associated with the public key, if present.
- A byte array with trust data, null otherwise.
-
-
- The number of valid seconds from creation time - zero means no expiry.
-
-
- The fingerprint of the key
-
-
- The public key contained in the object.
- A lightweight public key.
- If the key algorithm is not recognised.
-
-
- Allows enumeration of any user IDs associated with the key.
- An IEnumerable of string objects.
-
-
- Allows enumeration of any user attribute vectors associated with the key.
- An IEnumerable of PgpUserAttributeSubpacketVector objects.
-
-
- Allows enumeration of any signatures associated with the passed in id.
- The ID to be matched.
- An IEnumerable of PgpSignature objects.
-
-
- Allows enumeration of signatures associated with the passed in user attributes.
- The vector of user attributes to be matched.
- An IEnumerable of PgpSignature objects.
-
-
- Allows enumeration of signatures of the passed in type that are on this key.
- The type of the signature to be returned.
- An IEnumerable of PgpSignature objects.
-
-
- Allows enumeration of all signatures/certifications associated with this key.
- An IEnumerable with all signatures/certifications.
-
-
- Check whether this (sub)key has a revocation signature on it.
- True, if this (sub)key has been revoked.
-
-
- Add a certification for an id to the given public key.
- The key the certification is to be added to.
- The ID the certification is associated with.
- The new certification.
- The re-certified key.
-
-
- Add a certification for the given UserAttributeSubpackets to the given public key.
- The key the certification is to be added to.
- The attributes the certification is associated with.
- The new certification.
- The re-certified key.
-
-
-
- Remove any certifications associated with a user attribute subpacket on a key.
-
- The key the certifications are to be removed from.
- The attributes to be removed.
-
- The re-certified key, or null if the user attribute subpacket was not found on the key.
-
-
-
- Remove any certifications associated with a given ID on a key.
- The key the certifications are to be removed from.
- The ID that is to be removed.
- The re-certified key, or null if the ID was not found on the key.
-
-
- Remove a certification associated with a given ID on a key.
- The key the certifications are to be removed from.
- The ID that the certfication is to be removed from.
- The certfication to be removed.
- The re-certified key, or null if the certification was not found.
-
-
- Remove a certification associated with a given user attributes on a key.
- The key the certifications are to be removed from.
- The user attributes that the certfication is to be removed from.
- The certification to be removed.
- The re-certified key, or null if the certification was not found.
-
-
- Add a revocation or some other key certification to a key.
- The key the revocation is to be added to.
- The key signature to be added.
- The new changed public key object.
-
-
- Remove a certification from the key.
- The key the certifications are to be removed from.
- The certfication to be removed.
- The modified key, null if the certification was not found.
-
-
- The version of this key.
-
-
- The creation time of this key.
-
-
- The number of valid days from creation time - zero means no expiry.
-
-
- The keyId associated with the public key.
-
-
-
- Check if this key has an algorithm type that makes it suitable to use for encryption.
-
-
- Note: with version 4 keys KeyFlags subpackets should also be considered when present for
- determining the preferred use of the key.
-
-
- true if this key algorithm is suitable for encryption.
-
-
-
- True, if this is a master key.
-
-
- The algorithm code associated with the public key.
-
-
- The strength of the key in bits.
-
-
- note 4 is not used.
-
-
- Add a request for the given CertificateID.
-
- @param certId certificate ID of interest
-
-
- Add a request with extensions
-
- @param certId certificate ID of interest
- @param singleRequestExtensions the extensions to attach to the request
-
-
- Set the requestor name to the passed in X509Principal
-
- @param requestorName a X509Principal representing the requestor name.
-
-
- Generate an unsigned request
-
- @return the OcspReq
- @throws OcspException
-
-
- Return an IEnumerable of the signature names supported by the generator.
-
- @return an IEnumerable containing recognised names.
-
-
- Simple shift-and-add multiplication. Serves as reference implementation
- to verify (possibly faster) implementations in
- {@link org.bouncycastle.math.ec.ECPoint ECPoint}.
-
- @param p The point to multiply.
- @param k The factor by which to multiply.
- @return The result of the point multiplication k * p
.
-
-
- Interface for classes storing precomputation data for multiplication
- algorithms. Used as a Memento (see GOF patterns) for
- WNafMultiplier
.
-
-
- ECDH key exchange (see RFC 4492)
-
-
- ECDHE key exchange (see RFC 4492)
-
-
-
-
-
-
-
-
-
-
-
-
- RFC 2246 6.2.1
-
-
-
- parameters for using an integrated cipher in stream mode.
-
-
- @param derivation the derivation parameter for the KDF function.
- @param encoding the encoding parameter for the KDF function.
- @param macKeySize the size of the MAC key (in bits).
-
-
- NaccacheStern Engine. For details on this cipher, please see
- http://www.gemplus.com/smart/rd/publications/pdf/NS98pkcs.pdf
-
-
- Initializes this algorithm. Must be called before all other Functions.
-
- @see org.bouncycastle.crypto.AsymmetricBlockCipher#init(bool,
- org.bouncycastle.crypto.CipherParameters)
-
-
- Returns the input block size of this algorithm.
-
- @see org.bouncycastle.crypto.AsymmetricBlockCipher#GetInputBlockSize()
-
-
- Returns the output block size of this algorithm.
-
- @see org.bouncycastle.crypto.AsymmetricBlockCipher#GetOutputBlockSize()
-
-
- Process a single Block using the Naccache-Stern algorithm.
-
- @see org.bouncycastle.crypto.AsymmetricBlockCipher#ProcessBlock(byte[],
- int, int)
-
-
- Encrypts a BigInteger aka Plaintext with the public key.
-
- @param plain
- The BigInteger to encrypt
- @return The byte[] representation of the encrypted BigInteger (i.e.
- crypted.toByteArray())
-
-
- Adds the contents of two encrypted blocks mod sigma
-
- @param block1
- the first encrypted block
- @param block2
- the second encrypted block
- @return encrypt((block1 + block2) mod sigma)
- @throws InvalidCipherTextException
-
-
- Convenience Method for data exchange with the cipher.
-
- Determines blocksize and splits data to blocksize.
-
- @param data the data to be processed
- @return the data after it went through the NaccacheSternEngine.
- @throws InvalidCipherTextException
-
-
- Computes the integer x that is expressed through the given primes and the
- congruences with the chinese remainder theorem (CRT).
-
- @param congruences
- the congruences c_i
- @param primes
- the primes p_i
- @return an integer x for that x % p_i == c_i
-
-
- implementation of RipeMD see,
- http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html
-
-
- Standard constructor
-
-
- Copy constructor. This will copy the state of the provided
- message digest.
-
-
- reset the chaining variables to the IV values.
-
-
-
- An ISet
of DerObjectIdentifier
objects.
-
-
-
- a basic index for an originator.
-
-
- * General class for generating a compressed CMS message.
- *
- * A simple example of usage.
- *
- *
- * CMSCompressedDataGenerator fact = new CMSCompressedDataGenerator();
- * CMSCompressedData data = fact.Generate(content, algorithm);
- *
- *
-
-
- Generate an object that contains an CMS Compressed Data
-
-
- reader for signature sub-packets
-
-
- Basic PGP packet tag types.
-
-
- Generator for X.509 extensions
-
-
- Reset the generator
-
-
-
- Add an extension with the given oid and the passed in value to be included
- in the OCTET STRING associated with the extension.
-
- OID for the extension.
- True if critical, false otherwise.
- The ASN.1 object to be included in the extension.
-
-
-
- Add an extension with the given oid and the passed in byte array to be wrapped
- in the OCTET STRING associated with the extension.
-
- OID for the extension.
- True if critical, false otherwise.
- The byte array to be wrapped.
-
-
- Generate an X509Extensions object based on the current state of the generator.
- An X509Extensions object
-
-
- Return true if there are no extension present in this generator.
- True if empty, false otherwise
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- V2Form ::= Sequence {
- issuerName GeneralNames OPTIONAL,
- baseCertificateID [0] IssuerSerial OPTIONAL,
- objectDigestInfo [1] ObjectDigestInfo OPTIONAL
- -- issuerName MUST be present in this profile
- -- baseCertificateID and objectDigestInfo MUST NOT
- -- be present in this profile
- }
-
-
-
- Target structure used in target information extension for attribute
- certificates from RFC 3281.
-
-
- Target ::= CHOICE {
- targetName [0] GeneralName,
- targetGroup [1] GeneralName,
- targetCert [2] TargetCert
- }
-
-
-
- The targetCert field is currently not supported and must not be used
- according to RFC 3281.
-
-
- Creates an instance of a Target from the given object.
-
- obj
can be a Target or a {@link Asn1TaggedObject}
-
- @param obj The object.
- @return A Target instance.
- @throws ArgumentException if the given object cannot be
- interpreted as Target.
-
-
- Constructor from Asn1TaggedObject.
-
- @param tagObj The tagged object.
- @throws ArgumentException if the encoding is wrong.
-
-
- Constructor from given details.
-
- Exactly one of the parameters must be not null
.
-
- @param type the choice type to apply to the name.
- @param name the general name.
- @throws ArgumentException if type is invalid.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- Returns:
-
-
- Target ::= CHOICE {
- targetName [0] GeneralName,
- targetGroup [1] GeneralName,
- targetCert [2] TargetCert
- }
-
-
- @return an Asn1Object
-
-
- @return Returns the targetGroup.
-
-
- @return Returns the targetName.
-
-
-
- Don't use this one if you are trying to be RFC 3281 compliant.
- Use it for v1 attribute certificates only.
-
- Our GeneralNames structure
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- AttCertIssuer ::= CHOICE {
- v1Form GeneralNames, -- MUST NOT be used in this
- -- profile
- v2Form [0] V2Form -- v2 only
- }
-
-
-
-
- TimeStampResp ::= SEQUENCE {
- status PkiStatusInfo,
- timeStampToken TimeStampToken OPTIONAL }
-
-
-
-
- TimeStampReq ::= SEQUENCE {
- version INTEGER { v1(1) },
- messageImprint MessageImprint,
- --a hash algorithm OID and the hash value of the data to be
- --time-stamped
- reqPolicy TSAPolicyId OPTIONAL,
- nonce INTEGER OPTIONAL,
- certReq BOOLEAN DEFAULT FALSE,
- extensions [0] IMPLICIT Extensions OPTIONAL
- }
-
-
-
- Some other information of non-restrictive nature regarding the usage of this
- certificate.
-
-
- AdditionalInformationSyntax ::= DirectoryString (SIZE(1..2048))
-
-
-
- Constructor from a given details.
-
- @param information The describtion of the information.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- Returns:
-
-
- AdditionalInformationSyntax ::= DirectoryString (SIZE(1..2048))
-
-
- @return an Asn1Object
-
-
- Der UTF8String object.
-
-
- return an UTF8 string from the passed in object.
-
- @exception ArgumentException if the object cannot be converted.
-
-
- return an UTF8 string from a tagged object.
-
- @param obj the tagged object holding the object we want
- @param explicitly true if the object is meant to be explicitly
- tagged false otherwise.
- @exception ArgumentException if the tagged object cannot
- be converted.
-
-
- basic constructor - byte encoded string.
-
-
- basic constructor
-
-
- Class representing the DER-type External
-
-
- Creates a new instance of DerExternal
- See X.690 for more informations about the meaning of these parameters
- @param directReference The direct reference or null
if not set.
- @param indirectReference The indirect reference or null
if not set.
- @param dataValueDescriptor The data value descriptor or null
if not set.
- @param externalData The external data in its encoded form.
-
-
- Creates a new instance of DerExternal.
- See X.690 for more informations about the meaning of these parameters
- @param directReference The direct reference or null
if not set.
- @param indirectReference The indirect reference or null
if not set.
- @param dataValueDescriptor The data value descriptor or null
if not set.
- @param encoding The encoding to be used for the external data
- @param externalData The external data
-
-
- The encoding of the content. Valid values are
-
- 0
single-ASN1-type
- 1
OCTET STRING
- 2
BIT STRING
-
-
-
-
- EncKeyWithID ::= SEQUENCE {
- privateKey PrivateKeyInfo,
- identifier CHOICE {
- string UTF8String,
- generalName GeneralName
- } OPTIONAL
- }
-
- @return
-
-
-
- TimeStampedData ::= SEQUENCE {
- version INTEGER { v1(1) },
- dataUri IA5String OPTIONAL,
- metaData MetaData OPTIONAL,
- content OCTET STRING OPTIONAL,
- temporalEvidence Evidence
- }
-
- @return
-
-
- a signed data object.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- SignedData ::= Sequence {
- version CMSVersion,
- digestAlgorithms DigestAlgorithmIdentifiers,
- encapContentInfo EncapsulatedContentInfo,
- certificates [0] IMPLICIT CertificateSet OPTIONAL,
- crls [1] IMPLICIT CertificateRevocationLists OPTIONAL,
- signerInfos SignerInfos
- }
-
-
-
- return an RecipientEncryptedKey object from a tagged object.
-
- @param obj the tagged object holding the object we want.
- @param isExplicit true if the object is meant to be explicitly
- tagged false otherwise.
- @exception ArgumentException if the object held by the
- tagged object cannot be converted.
-
-
- return a RecipientEncryptedKey object from the given object.
-
- @param obj the object we want converted.
- @exception ArgumentException if the object cannot be converted.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- RecipientEncryptedKey ::= SEQUENCE {
- rid KeyAgreeRecipientIdentifier,
- encryptedKey EncryptedKey
- }
-
-
-
-
- EncryptedData ::= SEQUENCE {
- version CMSVersion,
- encryptedContentInfo EncryptedContentInfo,
- unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL }
-
- @return a basic ASN.1 object representation.
-
-
-
- ProtectedPart ::= SEQUENCE {
- header PKIHeader,
- body PKIBody
- }
-
- @return a basic ASN.1 object representation.
-
-
-
- KeyRecRepContent ::= SEQUENCE {
- status PKIStatusInfo,
- newSigCert [0] CMPCertificate OPTIONAL,
- caCerts [1] SEQUENCE SIZE (1..MAX) OF
- CMPCertificate OPTIONAL,
- keyPairHist [2] SEQUENCE SIZE (1..MAX) OF
- CertifiedKeyPair OPTIONAL
- }
-
- @return a basic ASN.1 object representation.
-
-
- return an Octet string from a tagged object.
-
- @param obj the tagged object holding the object we want.
- @param explicitly true if the object is meant to be explicitly
- tagged false otherwise.
- @exception ArgumentException if the tagged object cannot
- be converted.
-
-
- return an Octet string from the given object.
-
- @param obj the object we want converted.
- @exception ArgumentException if the object cannot be converted.
-
-
- @param string the octets making up the octet string.
-
-
- A Null object.
-
-
- Carrying class for an attribute certificate issuer.
-
-
- Set the issuer directly with the ASN.1 structure.
-
- @param issuer The issuer
-
-
- Return any principal objects inside the attribute certificate issuer object.
- An array of IPrincipal objects (usually X509Principal).
-
-
-
- A class that allows encoding of data using a specific encoder to be processed in chunks.
-
-
-
-
- Create.
-
- The translator to use.
- Size of the chunks.
-
-
-
- Process one byte of data.
-
- The byte.
- An array to store output in.
- Offset within output array to start writing from.
-
-
-
-
- Process data from a byte array.
-
- Input data Byte array containing data to be processed.
- Start position within input data array.
- Amount of input data to be processed.
- Output data array.
- Offset within output data array to start writing to.
- The amount of data written.
-
-
- Fetches the signature time-stamp attributes from a SignerInformation object.
- Checks that the MessageImprint for each time-stamp matches the signature field.
- (see RFC 3161 Appendix A).
-
- @param signerInfo a SignerInformation to search for time-stamps
- @return a collection of TimeStampToken objects
- @throws TSPValidationException
-
-
- Validate the passed in certificate as being of the correct type to be used
- for time stamping. To be valid it must have an ExtendedKeyUsage extension
- which has a key purpose identifier of id-kp-timeStamping.
-
- @param cert the certificate of interest.
- @throws TspValidationException if the certicate fails on one of the check points.
-
-
-
- Return the digest algorithm using one of the standard JCA string
- representations rather than the algorithm identifier (if possible).
-
-
-
- An exception indicating one of a variety of problems encountered when
- validating a certification path.
-
- A CertPathValidatorException
provides support for wrapping
- exceptions. The {@link #getCause getCause} method returns the throwable,
- if any, that caused this exception to be thrown.
-
- A CertPathValidatorException
may also include the
- certification path that was being validated when the exception was thrown
- and the index of the certificate in the certification path that caused the
- exception to be thrown. Use the {@link #getCertPath getCertPath} and
- {@link #getIndex getIndex} methods to retrieve this information.
-
- Concurrent Access
-
- Unless otherwise specified, the methods defined in this class are not
- thread-safe. Multiple threads that need to access a single
- object concurrently should synchronize amongst themselves and
- provide the necessary locking. Multiple threads each manipulating
- separate objects need not synchronize.
-
- @see CertPathValidator
-
-
-
-
- Creates a PkixCertPathValidatorException
with the given detail
- message. A detail message is a String
that describes this
- particular exception.
-
- the detail message
-
-
-
- Creates a PkixCertPathValidatorException
with the specified
- detail message and cause.
-
- the detail message
- the cause (which is saved for later retrieval by the
- {@link #getCause getCause()} method). (A null
- value is permitted, and indicates that the cause is
- nonexistent or unknown.)
-
-
-
- Creates a PkixCertPathValidatorException
with the specified
- detail message, cause, certification path, and index.
-
- the detail message (or null
if none)
- the cause (or null
if none)
- the certification path that was in the process of being
- validated when the error was encountered
- the index of the certificate in the certification path that *
-
-
-
- Returns the detail message for this CertPathValidatorException
.
-
- the detail message, or null
if neither the message nor cause were specified
-
-
- Returns the certification path that was being validated when the
- exception was thrown.
-
- @return the CertPath
that was being validated when the
- exception was thrown (or null
if not specified)
-
-
- Returns the index of the certificate in the certification path that
- caused the exception to be thrown. Note that the list of certificates in
- a CertPath
is zero based. If no index has been set, -1 is
- returned.
-
- @return the index that has been set, or -1 if none has been set
-
-
-
- A class for creating and verifying Pkcs10 Certification requests (this is an extension on ).
- The requests are made using delay signing. This is useful for situations where
- the private key is in another environment and not directly accessible (e.g. HSM)
- So the first step creates the request, then the signing is done outside this
- object and the signature is then used to complete the request.
-
-
- CertificationRequest ::= Sequence {
- certificationRequestInfo CertificationRequestInfo,
- signatureAlgorithm AlgorithmIdentifier{{ SignatureAlgorithms }},
- signature BIT STRING
- }
-
- CertificationRequestInfo ::= Sequence {
- version Integer { v1(0) } (v1,...),
- subject Name,
- subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }},
- attributes [0] Attributes{{ CRIAttributes }}
- }
-
- Attributes { ATTRIBUTE:IOSet } ::= Set OF Attr{{ IOSet }}
-
- Attr { ATTRIBUTE:IOSet } ::= Sequence {
- type ATTRIBUTE.&id({IOSet}),
- values Set SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{\@type})
- }
-
- see
-
-
-
- A class for verifying and creating Pkcs10 Certification requests.
-
-
- CertificationRequest ::= Sequence {
- certificationRequestInfo CertificationRequestInfo,
- signatureAlgorithm AlgorithmIdentifier{{ SignatureAlgorithms }},
- signature BIT STRING
- }
-
- CertificationRequestInfo ::= Sequence {
- version Integer { v1(0) } (v1,...),
- subject Name,
- subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }},
- attributes [0] Attributes{{ CRIAttributes }}
- }
-
- Attributes { ATTRIBUTE:IOSet } ::= Set OF Attr{{ IOSet }}
-
- Attr { ATTRIBUTE:IOSet } ::= Sequence {
- type ATTRIBUTE.&id({IOSet}),
- values Set SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{\@type})
- }
-
- see
-
-
-
- Instantiate a Pkcs10CertificationRequest object with the necessary credentials.
-
- Name of Sig Alg.
- X509Name of subject eg OU="My unit." O="My Organisatioin" C="au"
- Public Key to be included in cert reqest.
- ASN1Set of Attributes.
- Matching Private key for nominated (above) public key to be used to sign the request.
-
-
-
- Get the public key.
-
- The public key.
-
-
-
- Verify Pkcs10 Cert Request is valid.
-
- true = valid.
-
-
-
- Instantiate a Pkcs10CertificationRequest object with the necessary credentials.
-
- Name of Sig Alg.
- X509Name of subject eg OU="My unit." O="My Organisatioin" C="au"
- Public Key to be included in cert reqest.
- ASN1Set of Attributes.
-
- After the object is constructed use the and finally the
- SignRequest methods to finalize the request.
-
-
-
- Generator for signature subpackets.
-
-
-
- Add a TrustSignature packet to the signature. The values for depth and trust are largely
- installation dependent but there are some guidelines in RFC 4880 - 5.2.3.13.
-
- true if the packet is critical.
- depth level.
- trust amount.
-
-
-
- Set the number of seconds a key is valid for after the time of its creation.
- A value of zero means the key never expires.
-
- True, if should be treated as critical, false otherwise.
- The number of seconds the key is valid, or zero if no expiry.
-
-
-
- Set the number of seconds a signature is valid for after the time of its creation.
- A value of zero means the signature never expires.
-
- True, if should be treated as critical, false otherwise.
- The number of seconds the signature is valid, or zero if no expiry.
-
-
-
- Set the creation time for the signature.
-
- Note: this overrides the generation of a creation time when the signature
- is generated.
-
-
-
-
- Class to hold a single master public key and its subkeys.
-
- Often PGP keyring files consist of multiple master keys, if you are trying to process
- or construct one of these you should use the PgpPublicKeyRingBundle class.
-
-
-
-
- Return the first public key in the ring.
-
-
- Return the public key referred to by the passed in key ID if it is present.
-
-
- Allows enumeration of all the public keys.
- An IEnumerable of PgpPublicKey objects.
-
-
-
- Returns a new key ring with the public key passed in either added or
- replacing an existing one.
-
- The public key ring to be modified.
- The public key to be inserted.
- A new PgpPublicKeyRing
-
-
- Returns a new key ring with the public key passed in removed from the key ring.
- The public key ring to be modified.
- The public key to be removed.
- A new PgpPublicKeyRing, or null if pubKey is not found.
-
-
- wrapper for the UnknownInfo object
-
-
- base class for points on elliptic curves.
-
-
- Sets the PreCompInfo
. Used by ECMultiplier
s
- to save the precomputation for this ECPoint
to store the
- precomputation result for use by subsequent multiplication.
- @param preCompInfo The values precomputed by the
- ECMultiplier
.
-
-
- Sets the appropriate ECMultiplier
, unless already set.
-
-
- return the field element encoded with point compression. (S 4.3.6)
-
-
- Multiplies this ECPoint
by the given number.
- @param k The multiplicator.
- @return k * this
.
-
-
- Elliptic curve points over Fp
-
-
- Create a point which encodes with point compression.
-
- @param curve the curve to use
- @param x affine x co-ordinate
- @param y affine y co-ordinate
-
-
- Create a point that encodes with or without point compresion.
-
- @param curve the curve to use
- @param x affine x co-ordinate
- @param y affine y co-ordinate
- @param withCompression if true encode with point compression
-
-
- Sets the default ECMultiplier
, unless already set.
-
-
- Elliptic curve points over F2m
-
-
- @param curve base curve
- @param x x point
- @param y y point
-
-
- @param curve base curve
- @param x x point
- @param y y point
- @param withCompression true if encode with point compression.
-
-
- Constructor for point at infinity
-
-
- Check, if two ECPoint
s can be added or subtracted.
- @param a The first ECPoint
to check.
- @param b The second ECPoint
to check.
- @throws IllegalArgumentException if a
and b
- cannot be added.
-
-
- Adds another ECPoints.F2m
to this
without
- checking if both points are on the same curve. Used by multiplication
- algorithms, because there all points are a multiple of the same point
- and hence the checks can be omitted.
- @param b The other ECPoints.F2m
to add to
- this
.
- @return this + b
-
-
- Subtracts another ECPoints.F2m
from this
- without checking if both points are on the same curve. Used by
- multiplication algorithms, because there all points are a multiple
- of the same point and hence the checks can be omitted.
- @param b The other ECPoints.F2m
to subtract from
- this
.
- @return this - b
-
-
- Sets the appropriate ECMultiplier
, unless already set.
-
-
- Class representing a simple version of a big decimal. A
- SimpleBigDecimal
is basically a
- {@link java.math.BigInteger BigInteger} with a few digits on the right of
- the decimal point. The number of (binary) digits on the right of the decimal
- point is called the scale
of the SimpleBigDecimal
.
- Unlike in {@link java.math.BigDecimal BigDecimal}, the scale is not adjusted
- automatically, but must be set manually. All SimpleBigDecimal
s
- taking part in the same arithmetic operation must have equal scale. The
- result of a multiplication of two SimpleBigDecimal
s returns a
- SimpleBigDecimal
with double scale.
-
-
- Returns a SimpleBigDecimal
representing the same numerical
- value as value
.
- @param value The value of the SimpleBigDecimal
to be
- created.
- @param scale The scale of the SimpleBigDecimal
to be
- created.
- @return The such created SimpleBigDecimal
.
-
-
- Constructor for SimpleBigDecimal
. The value of the
- constructed SimpleBigDecimal
Equals bigInt /
- 2scale
.
- @param bigInt The bigInt
value parameter.
- @param scale The scale of the constructed SimpleBigDecimal
.
-
-
-
- A NULL cipher suite, for use during handshake.
-
-
-
- @param derivation the derivation parameter for the KDF function.
- @param encoding the encoding parameter for the KDF function.
- @param macKeySize the size of the MAC key (in bits).
- @param cipherKeySize the size of the associated Cipher key (in bits).
-
-
- implements a Cipher-FeedBack (CFB) mode on top of a simple cipher.
-
-
- Basic constructor.
-
- @param cipher the block cipher to be used as the basis of the
- feedback mode.
- @param blockSize the block size in bits (note: a multiple of 8)
-
-
- Initialise the cipher and, possibly, the initialisation vector (IV).
- If an IV isn't passed as part of the parameter, the IV will be all zeros.
- An IV which is too short is handled in FIPS compliant fashion.
-
- @param param the key and other data required by the cipher.
- @exception ArgumentException if the parameters argument is
- inappropriate.
-
-
- return the block size we are operating at.
-
- @return the block size we are operating at (in bytes).
-
-
- Process one block of input from the array in and write it to
- the out array.
-
- @param in the array containing the input data.
- @param inOff offset into the in array the data starts at.
- @param out the array the output data will be copied into.
- @param outOff the offset into the out array the output will start at.
- @exception DataLengthException if there isn't enough data in in, or
- space in out.
- @exception InvalidOperationException if the cipher isn't initialised.
- @return the number of bytes processed and produced.
-
-
- reset the chaining vector back to the IV and reset the underlying
- cipher.
-
-
- return the algorithm name and mode.
-
- @return the name of the underlying algorithm followed by "/CFB"
- and the block size in bits.
-
-
- create a standard MAC based on a CFB block cipher. This will produce an
- authentication code half the length of the block size of the cipher, with
- the CFB mode set to 8 bits.
-
- @param cipher the cipher to be used as the basis of the MAC generation.
-
-
- create a standard MAC based on a CFB block cipher. This will produce an
- authentication code half the length of the block size of the cipher, with
- the CFB mode set to 8 bits.
-
- @param cipher the cipher to be used as the basis of the MAC generation.
- @param padding the padding to be used.
-
-
- create a standard MAC based on a block cipher with the size of the
- MAC been given in bits. This class uses CFB mode as the basis for the
- MAC generation.
-
- Note: the size of the MAC must be at least 24 bits (FIPS Publication 81),
- or 16 bits if being used as a data authenticator (FIPS Publication 113),
- and in general should be less than the size of the block cipher as it reduces
- the chance of an exhaustive attack (see Handbook of Applied Cryptography).
-
- @param cipher the cipher to be used as the basis of the MAC generation.
- @param cfbBitSize the size of an output block produced by the CFB mode.
- @param macSizeInBits the size of the MAC in bits, must be a multiple of 8.
-
-
- create a standard MAC based on a block cipher with the size of the
- MAC been given in bits. This class uses CFB mode as the basis for the
- MAC generation.
-
- Note: the size of the MAC must be at least 24 bits (FIPS Publication 81),
- or 16 bits if being used as a data authenticator (FIPS Publication 113),
- and in general should be less than the size of the block cipher as it reduces
- the chance of an exhaustive attack (see Handbook of Applied Cryptography).
-
- @param cipher the cipher to be used as the basis of the MAC generation.
- @param cfbBitSize the size of an output block produced by the CFB mode.
- @param macSizeInBits the size of the MAC in bits, must be a multiple of 8.
- @param padding a padding to be used.
-
-
- Reset the mac generator.
-
-
- Implementation of Daniel J. Bernstein's Salsa20 stream cipher, Snuffle 2005
-
-
- Constants
-
-
- initialise a Salsa20 cipher.
-
- @param forEncryption whether or not we are for encryption.
- @param params the parameters required to set up the cipher.
- @exception ArgumentException if the params argument is
- inappropriate.
-
-
- Salsa20 function
-
- @param input input data
-
- @return keystream
-
-
- 32 bit word to 4 byte array in little endian order
-
- @param x value to 'unpack'
-
- @return value of x expressed as a byte[] array in little endian order
-
-
- Rotate left
-
- @param x value to rotate
- @param y amount to rotate x
-
- @return rotated x
-
-
- Pack byte[] array into an int in little endian order
-
- @param x byte array to 'pack'
- @param offset only x[offset]..x[offset+3] will be packed
-
- @return x[offset]..x[offset+3] 'packed' into an int in little-endian order
-
-
- a basic index for a signer.
-
-
- Default authenticated attributes generator.
-
-
- Initialise to use all defaults
-
-
- Initialise with some extra attributes or overrides.
-
- @param attributeTable initial attribute table to use.
-
-
- Create a standard attribute table from the passed in parameters - this will
- normally include contentType and messageDigest. If the constructor
- using an AttributeTable was used, entries in it for contentType and
- messageDigest will override the generated ones.
-
- @param parameters source parameters for table generation.
-
- @return a filled in IDictionary of attributes.
-
-
- @param parameters source parameters
- @return the populated attribute table
-
-
- packet giving signature creation time.
-
-
- Generic signature packet.
-
-
- Generate a version 4 signature packet.
-
- @param signatureType
- @param keyAlgorithm
- @param hashAlgorithm
- @param hashedData
- @param unhashedData
- @param fingerprint
- @param signature
-
-
- Generate a version 2/3 signature packet.
-
- @param signatureType
- @param keyAlgorithm
- @param hashAlgorithm
- @param fingerprint
- @param signature
-
-
- return the signature trailer that must be included with the data
- to reconstruct the signature
-
- @return byte[]
-
-
- * return the signature as a set of integers - note this is normalised to be the
- * ASN.1 encoding of what appears in the signature packet.
-
-
- Return the byte encoding of the signature section.
- @return uninterpreted signature bytes.
-
-
- return the keyId
- @return the keyId that created the signature.
-
-
- Return the creation time in milliseconds since 1 Jan., 1970 UTC.
-
-
- Subject Directory Attributes
-
-
- Subject Key Identifier
-
-
- Key Usage
-
-
- Private Key Usage Period
-
-
- Subject Alternative Name
-
-
- Issuer Alternative Name
-
-
- Basic Constraints
-
-
- CRL Number
-
-
- Reason code
-
-
- Hold Instruction Code
-
-
- Invalidity Date
-
-
- Delta CRL indicator
-
-
- Issuing Distribution Point
-
-
- Certificate Issuer
-
-
- Name Constraints
-
-
- CRL Distribution Points
-
-
- Certificate Policies
-
-
- Policy Mappings
-
-
- Authority Key Identifier
-
-
- Policy Constraints
-
-
- Extended Key Usage
-
-
- Freshest CRL
-
-
- Inhibit Any Policy
-
-
- Authority Info Access
-
-
- Subject Info Access
-
-
- Logo Type
-
-
- BiometricInfo
-
-
- QCStatements
-
-
- Audit identity extension in attribute certificates.
-
-
- NoRevAvail extension in attribute certificates.
-
-
- TargetInformation extension in attribute certificates.
-
-
- Constructor from Asn1Sequence.
-
- the extensions are a list of constructed sequences, either with (Oid, OctetString) or (Oid, Boolean, OctetString)
-
-
- constructor from a table of extensions.
-
- it's is assumed the table contains Oid/string pairs.
-
-
- Constructor from a table of extensions with ordering.
-
- It's is assumed the table contains Oid/string pairs.
-
-
- Constructor from two vectors
-
- @param objectIDs an ArrayList of the object identifiers.
- @param values an ArrayList of the extension values.
-
-
- constructor from a table of extensions.
-
- it's is assumed the table contains Oid/string pairs.
-
-
- Constructor from a table of extensions with ordering.
-
- It's is assumed the table contains Oid/string pairs.
-
-
- Constructor from two vectors
-
- @param objectIDs an ArrayList of the object identifiers.
- @param values an ArrayList of the extension values.
-
-
- return the extension represented by the object identifier
- passed in.
-
- @return the extension if it's present, null otherwise.
-
-
-
- Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
-
- Extension ::= SEQUENCE {
- extnId EXTENSION.&id ({ExtensionSet}),
- critical BOOLEAN DEFAULT FALSE,
- extnValue OCTET STRING }
-
-
-
- return an Enumeration of the extension field's object ids.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- ResponderID ::= CHOICE {
- byName [1] Name,
- byKey [2] KeyHash }
-
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- CrlID ::= Sequence {
- crlUrl [0] EXPLICIT IA5String OPTIONAL,
- crlNum [1] EXPLICIT Integer OPTIONAL,
- crlTime [2] EXPLICIT GeneralizedTime OPTIONAL }
-
-
-
-
-
- SigPolicyQualifierInfo ::= SEQUENCE {
- sigPolicyQualifierId SigPolicyQualifierId,
- sigQualifier ANY DEFINED BY sigPolicyQualifierId
- }
-
- SigPolicyQualifierId ::= OBJECT IDENTIFIER
-
-
-
-
-
- RFC 3126: 4.2.2 Complete Revocation Refs Attribute Definition
-
- OcspListID ::= SEQUENCE {
- ocspResponses SEQUENCE OF OcspResponsesID
- }
-
-
-
-
- return an integer from the passed in object
-
- @exception ArgumentException if the object cannot be converted.
-
-
- return an Enumerated from a tagged object.
-
- @param obj the tagged object holding the object we want
- @param explicitly true if the object is meant to be explicitly
- tagged false otherwise.
- @exception ArgumentException if the tagged object cannot
- be converted.
-
-
- Creates a ProofOfPossession with type raVerified.
-
-
- Creates a ProofOfPossession for a signing key.
-
-
- Creates a ProofOfPossession for key encipherment or agreement.
- @param type one of TYPE_KEY_ENCIPHERMENT or TYPE_KEY_AGREEMENT
-
-
-
- ProofOfPossession ::= CHOICE {
- raVerified [0] NULL,
- -- used if the RA has already verified that the requester is in
- -- possession of the private key
- signature [1] PopoSigningKey,
- keyEncipherment [2] PopoPrivKey,
- keyAgreement [3] PopoPrivKey }
-
- @return a basic ASN.1 object representation.
-
-
-
- OptionalValidity ::= SEQUENCE {
- notBefore [0] Time OPTIONAL,
- notAfter [1] Time OPTIONAL } --at least one MUST be present
-
- @return a basic ASN.1 object representation.
-
-
-
- Controls ::= SEQUENCE SIZE(1..MAX) OF AttributeTypeAndValue
-
- @return a basic ASN.1 object representation.
-
-
-
- CertRequest ::= SEQUENCE {
- certReqId INTEGER, -- ID for matching request and reply
- certTemplate CertTemplate, -- Selected fields of cert to be issued
- controls Controls OPTIONAL } -- Attributes affecting issuance
-
- @return a basic ASN.1 object representation.
-
-
- Creates a new CertReqMsg.
- @param certReq CertRequest
- @param popo may be null
- @param regInfo may be null
-
-
-
- CertReqMsg ::= SEQUENCE {
- certReq CertRequest,
- pop ProofOfPossession OPTIONAL,
- -- content depends upon key type
- regInfo SEQUENCE SIZE(1..MAX) OF AttributeTypeAndValue OPTIONAL }
-
- @return a basic ASN.1 object representation.
-
-
-
- MetaData ::= SEQUENCE {
- hashProtected BOOLEAN,
- fileName UTF8String OPTIONAL,
- mediaType IA5String OPTIONAL,
- otherMetaData Attributes OPTIONAL
- }
-
- @return
-
-
-
- PbmParameter ::= SEQUENCE {
- salt OCTET STRING,
- -- note: implementations MAY wish to limit acceptable sizes
- -- of this string to values appropriate for their environment
- -- in order to reduce the risk of denial-of-service attacks
- owf AlgorithmIdentifier,
- -- AlgId for a One-Way Function (SHA-1 recommended)
- iterationCount INTEGER,
- -- number of times the OWF is applied
- -- note: implementations MAY wish to limit acceptable sizes
- -- of this integer to values appropriate for their environment
- -- in order to reduce the risk of denial-of-service attacks
- mac AlgorithmIdentifier
- -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11],
- } -- or HMAC [RFC2104, RFC2202])
-
- @return a basic ASN.1 object representation.
-
-
-
- GenMsgContent ::= SEQUENCE OF InfoTypeAndValue
-
- @return a basic ASN.1 object representation.
-
-
-
- CertResponse ::= SEQUENCE {
- certReqId INTEGER,
- -- to match this response with corresponding request (a value
- -- of -1 is to be used if certReqId is not specified in the
- -- corresponding request)
- status PKIStatusInfo,
- certifiedKeyPair CertifiedKeyPair OPTIONAL,
- rspInfo OCTET STRING OPTIONAL
- -- analogous to the id-regInfo-utf8Pairs string defined
- -- for regInfo in CertReqMsg [CRMF]
- }
-
- @return a basic ASN.1 object representation.
-
-
-
- CertRepMessage ::= SEQUENCE {
- caPubs [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate
- OPTIONAL,
- response SEQUENCE OF CertResponse
- }
-
- @return a basic ASN.1 object representation.
-
-
-
- A class to Generate Version 3 X509Certificates.
-
-
-
-
- Reset the Generator.
-
-
-
-
- Set the certificate's serial number.
-
- Make serial numbers long, if you have no serial number policy make sure the number is at least 16 bytes of secure random data.
- You will be surprised how ugly a serial number collision can Get.
- The serial number.
-
-
-
- Set the distinguished name of the issuer.
- The issuer is the entity which is signing the certificate.
-
- The issuer's DN.
-
-
-
- Set the date that this certificate is to be valid from.
-
-
-
-
-
- Set the date after which this certificate will no longer be valid.
-
-
-
-
-
- Set the DN of the entity that this certificate is about.
-
-
-
-
-
- Set the public key that this certificate identifies.
-
-
-
-
-
- Set the signature algorithm that will be used to sign this certificate.
-
-
-
-
-
- Set the subject unique ID - note: it is very rare that it is correct to do this.
-
-
-
-
-
- Set the issuer unique ID - note: it is very rare that it is correct to do this.
-
-
-
-
-
- Add a given extension field for the standard extensions tag (tag 3).
-
- string containing a dotted decimal Object Identifier.
- Is it critical.
- The value.
-
-
-
- Add an extension to this certificate.
-
- Its Object Identifier.
- Is it critical.
- The value.
-
-
-
- Add an extension using a string with a dotted decimal OID.
-
- string containing a dotted decimal Object Identifier.
- Is it critical.
- byte[] containing the value of this extension.
-
-
-
- Add an extension to this certificate.
-
- Its Object Identifier.
- Is it critical.
- byte[] containing the value of this extension.
-
-
-
- Add a given extension field for the standard extensions tag (tag 3),
- copying the extension value from another certificate.
-
-
-
- add a given extension field for the standard extensions tag (tag 3)
- copying the extension value from another certificate.
- @throws CertificateParsingException if the extension cannot be extracted.
-
-
-
- Generate an X509Certificate.
-
- The private key of the issuer that is signing this certificate.
- An X509Certificate.
-
-
-
- Generate an X509Certificate using your own SecureRandom.
-
- The private key of the issuer that is signing this certificate.
- You Secure Random instance.
- An X509Certificate.
-
-
-
- Allows enumeration of the signature names supported by the generator.
-
-
-
-
- Create loading data from byte array.
-
-
-
-
-
- Create loading data from byte array.
-
-
-
-
- Generates a certificate object and initializes it with the data
- read from the input stream inStream.
-
-
- Returns a (possibly empty) collection view of the certificates
- read from the given input stream inStream.
-
-
-
- Translator interface.
-
-
-
- General array utilities.
-
-
-
- Are two arrays equal.
-
- Left side.
- Right side.
- True if equal.
-
-
-
- A constant time equals comparison - does not terminate early if
- test will fail.
-
- first array
- second array
- true if arrays equal, false otherwise.
-
-
- @return the nonce value, null if there isn't one.
-
-
- Generator for RFC 3161 Time Stamp Request objects.
-
-
- add a given extension field for the standard extensions tag (tag 3)
- @throws IOException
-
-
- add a given extension field for the standard extensions tag
- The value parameter becomes the contents of the octet string associated
- with the extension.
-
-
-
- Summary description for PkixParameters.
-
-
-
- This is the default PKIX validity model. Actually there are two variants
- of this: The PKIX model and the modified PKIX model. The PKIX model
- verifies that all involved certificates must have been valid at the
- current time. The modified PKIX model verifies that all involved
- certificates were valid at the signing time. Both are indirectly choosen
- with the {@link PKIXParameters#setDate(java.util.Date)} method, so this
- methods sets the Date when all certificates must have been
- valid.
-
-
- This model uses the following validity model. Each certificate must have
- been valid at the moment where is was used. That means the end
- certificate must have been valid at the time the signature was done. The
- CA certificate which signed the end certificate must have been valid,
- when the end certificate was signed. The CA (or Root CA) certificate must
- have been valid, when the CA certificate was signed and so on. So the
- {@link PKIXParameters#setDate(java.util.Date)} method sets the time, when
- the end certificate must have been valid. It is used e.g.
- in the German signature law.
-
-
- Creates an instance of PKIXParameters with the specified Set of
- most-trusted CAs. Each element of the set is a TrustAnchor.
-
- Note that the Set is copied to protect against subsequent modifications.
-
- @param trustAnchors
- a Set of TrustAnchors
-
- @exception InvalidAlgorithmParameterException
- if the specified Set is empty
- (trustAnchors.isEmpty() == true)
- @exception NullPointerException
- if the specified Set is null
- @exception ClassCastException
- if any of the elements in the Set are not of type
- java.security.cert.TrustAnchor
-
-
- Returns the required constraints on the target certificate. The
- constraints are returned as an instance of CertSelector. If
- null
, no constraints are defined.
-
- Note that the CertSelector returned is cloned to protect against
- subsequent modifications.
-
- @return a CertSelector specifying the constraints on the target
- certificate (or null
)
-
- @see #setTargetCertConstraints(CertSelector)
-
-
- Sets the required constraints on the target certificate. The constraints
- are specified as an instance of CertSelector. If null, no constraints are
- defined.
-
- Note that the CertSelector specified is cloned to protect against
- subsequent modifications.
-
- @param selector
- a CertSelector specifying the constraints on the target
- certificate (or null
)
-
- @see #getTargetCertConstraints()
-
-
- Returns an immutable Set of initial policy identifiers (OID strings),
- indicating that any one of these policies would be acceptable to the
- certificate user for the purposes of certification path processing. The
- default return value is an empty Set
, which is
- interpreted as meaning that any policy would be acceptable.
-
- @return an immutable Set
of initial policy OIDs in String
- format, or an empty Set
(implying any policy is
- acceptable). Never returns null
.
-
- @see #setInitialPolicies(java.util.Set)
-
-
- Sets the Set
of initial policy identifiers (OID strings),
- indicating that any one of these policies would be acceptable to the
- certificate user for the purposes of certification path processing. By
- default, any policy is acceptable (i.e. all policies), so a user that
- wants to allow any policy as acceptable does not need to call this
- method, or can call it with an empty Set
(or
- null
).
-
- Note that the Set is copied to protect against subsequent modifications.
-
-
- @param initialPolicies
- a Set of initial policy OIDs in String format (or
- null
)
-
- @exception ClassCastException
- if any of the elements in the set are not of type String
-
- @see #getInitialPolicies()
-
-
- Sets a List
of additional certification path checkers. If
- the specified List contains an object that is not a PKIXCertPathChecker,
- it is ignored.
-
- Each PKIXCertPathChecker
specified implements additional
- checks on a certificate. Typically, these are checks to process and
- verify private extensions contained in certificates. Each
- PKIXCertPathChecker
should be instantiated with any
- initialization parameters needed to execute the check.
-
- This method allows sophisticated applications to extend a PKIX
- CertPathValidator
or CertPathBuilder
. Each
- of the specified PKIXCertPathCheckers will be called, in turn, by a PKIX
- CertPathValidator
or CertPathBuilder
for
- each certificate processed or validated.
-
- Regardless of whether these additional PKIXCertPathCheckers are set, a
- PKIX CertPathValidator
or CertPathBuilder
- must perform all of the required PKIX checks on each certificate. The one
- exception to this rule is if the RevocationEnabled flag is set to false
- (see the {@link #setRevocationEnabled(boolean) setRevocationEnabled}
- method).
-
- Note that the List supplied here is copied and each PKIXCertPathChecker
- in the list is cloned to protect against subsequent modifications.
-
- @param checkers
- a List of PKIXCertPathCheckers. May be null, in which case no
- additional checkers will be used.
- @exception ClassCastException
- if any of the elements in the list are not of type
- java.security.cert.PKIXCertPathChecker
- @see #getCertPathCheckers()
-
-
- Returns the List of certification path checkers. Each PKIXCertPathChecker
- in the returned IList is cloned to protect against subsequent modifications.
-
- @return an immutable List of PKIXCertPathCheckers (may be empty, but not
- null
)
-
- @see #setCertPathCheckers(java.util.List)
-
-
- Adds a PKIXCertPathChecker
to the list of certification
- path checkers. See the {@link #setCertPathCheckers setCertPathCheckers}
- method for more details.
-
- Note that the PKIXCertPathChecker
is cloned to protect
- against subsequent modifications.
-
- @param checker a PKIXCertPathChecker
to add to the list of
- checks. If null
, the checker is ignored (not added to list).
-
-
- Method to support Clone()
under J2ME.
- super.Clone()
does not exist and fields are not copied.
-
- @param params Parameters to set. If this are
- ExtendedPkixParameters
they are copied to.
-
-
- Sets the Bouncy Castle Stores for finding CRLs, certificates, attribute
- certificates or cross certificates.
-
- The IList
is cloned.
-
-
- @param stores A list of stores to use.
- @see #getStores
- @throws ClassCastException if an element of stores
is not
- a {@link Store}.
-
-
- Adds a Bouncy Castle {@link Store} to find CRLs, certificates, attribute
- certificates or cross certificates.
-
- This method should be used to add local stores, like collection based
- X.509 stores, if available. Local stores should be considered first,
- before trying to use additional (remote) locations, because they do not
- need possible additional network traffic.
-
- If store
is null
it is ignored.
-
-
- @param store The store to add.
- @see #getStores
-
-
- Adds an additional Bouncy Castle {@link Store} to find CRLs, certificates,
- attribute certificates or cross certificates.
-
- You should not use this method. This method is used for adding additional
- X.509 stores, which are used to add (remote) locations, e.g. LDAP, found
- during X.509 object processing, e.g. in certificates or CRLs. This method
- is used in PKIX certification path processing.
-
- If store
is null
it is ignored.
-
-
- @param store The store to add.
- @see #getStores()
-
-
- Returns an IList
of additional Bouncy Castle
- Store
s used for finding CRLs, certificates, attribute
- certificates or cross certificates.
-
- @return an immutable IList
of additional Bouncy Castle
- Store
s. Never null
.
-
- @see #addAddionalStore(Store)
-
-
- Returns an IList
of Bouncy Castle
- Store
s used for finding CRLs, certificates, attribute
- certificates or cross certificates.
-
- @return an immutable IList
of Bouncy Castle
- Store
s. Never null
.
-
- @see #setStores(IList)
-
-
- Sets if additional {@link X509Store}s for locations like LDAP found in
- certificates or CRLs should be used.
-
- @param enabled true
if additional stores are used.
-
-
- Returns the required constraints on the target certificate or attribute
- certificate. The constraints are returned as an instance of
- IX509Selector
. If null
, no constraints are
- defined.
-
-
- The target certificate in a PKIX path may be a certificate or an
- attribute certificate.
-
- Note that the IX509Selector
returned is cloned to protect
- against subsequent modifications.
-
- @return a IX509Selector
specifying the constraints on the
- target certificate or attribute certificate (or null
)
- @see #setTargetConstraints
- @see X509CertStoreSelector
- @see X509AttributeCertStoreSelector
-
-
- Sets the required constraints on the target certificate or attribute
- certificate. The constraints are specified as an instance of
- IX509Selector
. If null
, no constraints are
- defined.
-
- The target certificate in a PKIX path may be a certificate or an
- attribute certificate.
-
- Note that the IX509Selector
specified is cloned to protect
- against subsequent modifications.
-
-
- @param selector a IX509Selector
specifying the constraints on
- the target certificate or attribute certificate (or
- null
)
- @see #getTargetConstraints
- @see X509CertStoreSelector
- @see X509AttributeCertStoreSelector
-
-
- Returns the trusted attribute certificate issuers. If attribute
- certificates is verified the trusted AC issuers must be set.
-
- The returned ISet
consists of TrustAnchor
s.
-
- The returned ISet
is immutable. Never null
-
-
- @return Returns an immutable set of the trusted AC issuers.
-
-
- Sets the trusted attribute certificate issuers. If attribute certificates
- is verified the trusted AC issuers must be set.
-
- The trustedACIssuers
must be a ISet
of
- TrustAnchor
-
- The given set is cloned.
-
-
- @param trustedACIssuers The trusted AC issuers to set. Is never
- null
.
- @throws ClassCastException if an element of stores
is not
- a TrustAnchor
.
-
-
- Returns the neccessary attributes which must be contained in an attribute
- certificate.
-
- The returned ISet
is immutable and contains
- String
s with the OIDs.
-
-
- @return Returns the necessary AC attributes.
-
-
- Sets the neccessary which must be contained in an attribute certificate.
-
- The ISet
must contain String
s with the
- OIDs.
-
- The set is cloned.
-
-
- @param necessaryACAttributes The necessary AC attributes to set.
- @throws ClassCastException if an element of
- necessaryACAttributes
is not a
- String
.
-
-
- Returns the attribute certificates which are not allowed.
-
- The returned ISet
is immutable and contains
- String
s with the OIDs.
-
-
- @return Returns the prohibited AC attributes. Is never null
.
-
-
- Sets the attribute certificates which are not allowed.
-
- The ISet
must contain String
s with the
- OIDs.
-
- The set is cloned.
-
-
- @param prohibitedACAttributes The prohibited AC attributes to set.
- @throws ClassCastException if an element of
- prohibitedACAttributes
is not a
- String
.
-
-
- Returns the attribute certificate checker. The returned set contains
- {@link PKIXAttrCertChecker}s and is immutable.
-
- @return Returns the attribute certificate checker. Is never
- null
.
-
-
- Sets the attribute certificate checkers.
-
- All elements in the ISet
must a {@link PKIXAttrCertChecker}.
-
-
- The given set is cloned.
-
-
- @param attrCertCheckers The attribute certificate checkers to set. Is
- never null
.
- @throws ClassCastException if an element of attrCertCheckers
- is not a PKIXAttrCertChecker
.
-
-
- Whether delta CRLs should be used for checking the revocation status.
- Defaults to false
.
-
-
- The validity model.
- @see #CHAIN_VALIDITY_MODEL
- @see #PKIX_VALIDITY_MODEL
-
-
- Returns if additional {@link X509Store}s for locations like LDAP found
- in certificates or CRLs should be used.
-
- @return Returns true
if additional stores are used.
-
-
- Build and validate a CertPath using the given parameter.
-
- @param params PKIXBuilderParameters object containing all information to
- build the CertPath
-
-
- Utility class for reencoding PKCS#12 files to definite length.
-
-
- Just re-encode the outer layer of the PKCS#12 file to definite length encoding.
-
- @param berPKCS12File - original PKCS#12 file
- @return a byte array representing the DER encoding of the PFX structure
- @throws IOException
-
-
- Re-encode the PKCS#12 structure to definite length encoding at the inner layer
- as well, recomputing the MAC accordingly.
-
- @param berPKCS12File - original PKCS12 file.
- @param provider - provider to use for MAC calculation.
- @return a byte array representing the DER encoding of the PFX structure.
- @throws IOException on parsing, encoding errors.
-
-
-
- Generator for a PGP master and subkey ring.
- This class will generate both the secret and public key rings
-
-
-
-
- Create a new key ring generator using old style checksumming. It is recommended to use
- SHA1 checksumming where possible.
-
- The certification level for keys on this ring.
- The master key pair.
- The id to be associated with the ring.
- The algorithm to be used to protect secret keys.
- The passPhrase to be used to protect secret keys.
- Packets to be included in the certification hash.
- Packets to be attached unhashed to the certification.
- input secured random.
-
-
-
- Create a new key ring generator.
-
- The certification level for keys on this ring.
- The master key pair.
- The id to be associated with the ring.
- The algorithm to be used to protect secret keys.
- The passPhrase to be used to protect secret keys.
- Checksum the secret keys with SHA1 rather than the older 16 bit checksum.
- Packets to be included in the certification hash.
- Packets to be attached unhashed to the certification.
- input secured random.
-
-
- Add a subkey to the key ring to be generated with default certification.
-
-
-
- Add a subkey with specific hashed and unhashed packets associated with it and
- default certification.
-
- Public/private key pair.
- Hashed packet values to be included in certification.
- Unhashed packets values to be included in certification.
-
-
-
- Return the secret key ring.
-
-
- Return the public key ring that corresponds to the secret key ring.
-
-
-
-
- BasicOcspResponse ::= SEQUENCE {
- tbsResponseData ResponseData,
- signatureAlgorithm AlgorithmIdentifier,
- signature BIT STRING,
- certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL
- }
-
-
-
-
- The DER encoding of the tbsResponseData field.
- In the event of an encoding error.
-
-
- The certificates, if any, associated with the response.
- In the event of an encoding error.
-
-
-
- Verify the signature against the tbsResponseData object we contain.
-
-
-
- The ASN.1 encoded representation of this object.
-
-
- Class implementing the NAF (Non-Adjacent Form) multiplication algorithm.
-
-
- D.3.2 pg 101
- @see org.bouncycastle.math.ec.multiplier.ECMultiplier#multiply(org.bouncycastle.math.ec.ECPoint, java.math.BigInteger)
-
-
-
- A generic TLS 1.0 block cipher. This can be used for AES or 3DES for example.
-
-
-
- update the internal digest with the byte b
-
-
- update the internal digest with the byte array in
-
-
- Generate a signature for the message we've been loaded with using
- the key we were initialised with.
-
-
- true if the internal state represents the signature described in the passed in array.
-
-
- Reset the internal state
-
-
- A padder that adds Null byte padding to a block.
-
-
- Initialise the padder.
-
-
- - a SecureRandom if available.
-
-
-
- add the pad bytes to the passed in block, returning the
- number of bytes added.
-
-
-
- return the number of pad bytes present in the block.
-
-
- Return the name of the algorithm the cipher implements.
-
-
- the name of the algorithm the cipher implements.
-
-
-
- A padder that adds Pkcs7/Pkcs5 padding to a block.
-
-
- Initialise the padder.
-
- @param random - a SecureRandom if available.
-
-
- add the pad bytes to the passed in block, returning the
- number of bytes added.
-
-
- return the number of pad bytes present in the block.
-
-
- Return the name of the algorithm the cipher implements.
-
- @return the name of the algorithm the cipher implements.
-
-
- Generate a random factor suitable for use with RSA blind signatures
- as outlined in Chaum's blinding and unblinding as outlined in
- "Handbook of Applied Cryptography", page 475.
-
-
- Initialise the factor generator
-
- @param param the necessary RSA key parameters.
-
-
- Generate a suitable blind factor for the public key the generator was initialised with.
-
- @return a random blind factor
-
-
- an implementation of the RFC 3211 Key Wrap
- Specification.
-
-
- an implementation of RC2 as described in RFC 2268
- "A Description of the RC2(r) Encryption Algorithm" R. Rivest.
-
-
- initialise a RC2 cipher.
-
- @param forEncryption whether or not we are for encryption.
- @param parameters the parameters required to set up the cipher.
- @exception ArgumentException if the parameters argument is
- inappropriate.
-
-
- return the result rotating the 16 bit number in x left by y
-
-
- A wrapper class that allows block ciphers to be used to process data in
- a piecemeal fashion. The BufferedBlockCipher outputs a block only when the
- buffer is full and more data is being added, or on a doFinal.
-
- Note: in the case where the underlying cipher is either a CFB cipher or an
- OFB one the last block may not be a multiple of the block size.
-
-
-
- constructor for subclasses
-
-
- Create a buffered block cipher without padding.
-
- @param cipher the underlying block cipher this buffering object wraps.
- false otherwise.
-
-
- initialise the cipher.
-
- @param forEncryption if true the cipher is initialised for
- encryption, if false for decryption.
- @param param the key and other data required by the cipher.
- @exception ArgumentException if the parameters argument is
- inappropriate.
-
-
- return the blocksize for the underlying cipher.
-
- @return the blocksize for the underlying cipher.
-
-
- return the size of the output buffer required for an update
- an input of len bytes.
-
- @param len the length of the input.
- @return the space required to accommodate a call to update
- with len bytes of input.
-
-
- return the size of the output buffer required for an update plus a
- doFinal with an input of len bytes.
-
- @param len the length of the input.
- @return the space required to accommodate a call to update and doFinal
- with len bytes of input.
-
-
- process a single byte, producing an output block if neccessary.
-
- @param in the input byte.
- @param out the space for any output that might be produced.
- @param outOff the offset from which the output will be copied.
- @return the number of output bytes copied to out.
- @exception DataLengthException if there isn't enough space in out.
- @exception InvalidOperationException if the cipher isn't initialised.
-
-
- process an array of bytes, producing output if necessary.
-
- @param in the input byte array.
- @param inOff the offset at which the input data starts.
- @param len the number of bytes to be copied out of the input array.
- @param out the space for any output that might be produced.
- @param outOff the offset from which the output will be copied.
- @return the number of output bytes copied to out.
- @exception DataLengthException if there isn't enough space in out.
- @exception InvalidOperationException if the cipher isn't initialised.
-
-
- Process the last block in the buffer.
-
- @param out the array the block currently being held is copied into.
- @param outOff the offset at which the copying starts.
- @return the number of output bytes copied to out.
- @exception DataLengthException if there is insufficient space in out for
- the output, or the input is not block size aligned and should be.
- @exception InvalidOperationException if the underlying cipher is not
- initialised.
- @exception InvalidCipherTextException if padding is expected and not found.
- @exception DataLengthException if the input is not block size
- aligned.
-
-
- Reset the buffer and cipher. After resetting the object is in the same
- state as it was after the last init (if there was one).
-
-
- a holding class for a file of data to be processed.
-
-
- The file handle
-
-
- containing class for an CMS Enveloped Data object
-
-
- return a store of the intended recipients for this message
-
-
- return a table of the unprotected attributes indexed by
- the OID of the attribute.
-
-
- return the ASN.1 encoded representation of this object.
-
-
- return the object identifier for the content encryption algorithm.
-
-
- return the ContentInfo
-
-
- Basic packet for a PGP public key.
-
-
- Basic packet for a modification detection code packet.
-
-
- Base class for an ElGamal secret key.
-
-
- @param in
-
-
- @param x
-
-
- Return the standard PGP encoding of the key.
-
-
- The format, as a string, always "PGP".
-
-
- Base class for a DSA public key.
-
-
- The stream to read the packet from.
-
-
- Return the standard PGP encoding of the key.
-
-
- The format, as a string, always "PGP".
-
-
- reader for Base64 armored objects - read the headers and then start returning
- bytes when the data is reached. An IOException is thrown if the CRC check
- fails.
-
-
- decode the base 64 encoded input data.
-
- @return the offset the data starts in out.
-
-
- Create a stream for reading a PGP armoured message, parsing up to a header
- and then reading the data that follows.
-
- @param input
-
-
- Create an armoured input stream which will assume the data starts
- straight away, or parse for headers first depending on the value of
- hasHeaders.
-
- @param input
- @param hasHeaders true if headers are to be looked for, false otherwise.
-
-
- @return true if we are inside the clear text section of a PGP
- signed message.
-
-
- @return true if the stream is actually at end of file.
-
-
- Return the armor header line (if there is one)
- @return the armor header line, null if none present.
-
-
- Return the armor headers (the lines after the armor header line),
- @return an array of armor headers, null if there aren't any.
-
-
- Generator for Version 1 TbsCertificateStructures.
-
- TbsCertificate ::= Sequence {
- version [ 0 ] Version DEFAULT v1(0),
- serialNumber CertificateSerialNumber,
- signature AlgorithmIdentifier,
- issuer Name,
- validity Validity,
- subject Name,
- subjectPublicKeyInfo SubjectPublicKeyInfo,
- }
-
-
-
-
- UserNotice
class, used in
- CertificatePolicies
X509 extensions (in policy
- qualifiers).
-
- UserNotice ::= Sequence {
- noticeRef NoticeReference OPTIONAL,
- explicitText DisplayText OPTIONAL}
-
-
-
- @see PolicyQualifierId
- @see PolicyInformation
-
-
- Creates a new UserNotice
instance.
-
- @param noticeRef a NoticeReference
value
- @param explicitText a DisplayText
value
-
-
- Creates a new UserNotice
instance.
-
- @param noticeRef a NoticeReference
value
- @param str the explicitText field as a string.
-
-
- Creates a new UserNotice
instance.
- Useful from reconstructing a UserNotice
instance
- from its encodable/encoded form.
-
- @param as an ASN1Sequence
value obtained from either
- calling @{link toASN1Object()} for a UserNotice
- instance or from parsing it from a DER-encoded stream.
-
-
- This outputs the key in Pkcs1v2 format.
-
- RSAPublicKey ::= Sequence {
- modulus Integer, -- n
- publicExponent Integer, -- e
- }
-
-
-
- The KeyUsage object.
-
- id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 }
-
- KeyUsage ::= BIT STRING {
- digitalSignature (0),
- nonRepudiation (1),
- keyEncipherment (2),
- dataEncipherment (3),
- keyAgreement (4),
- keyCertSign (5),
- cRLSign (6),
- encipherOnly (7),
- decipherOnly (8) }
-
-
-
- Basic constructor.
-
- @param usage - the bitwise OR of the Key Usage flags giving the
- allowed uses for the key.
- e.g. (KeyUsage.keyEncipherment | KeyUsage.dataEncipherment)
-
-
- The extendedKeyUsage object.
-
- extendedKeyUsage ::= Sequence SIZE (1..MAX) OF KeyPurposeId
-
-
-
- Returns all extended key usages.
- The returned ArrayList contains DerObjectIdentifier instances.
- @return An ArrayList with all key purposes.
-
-
- The DistributionPointName object.
-
- DistributionPointName ::= CHOICE {
- fullName [0] GeneralNames,
- nameRelativeToCRLIssuer [1] RelativeDistinguishedName
- }
-
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- AttributeCertificateInfo ::= Sequence {
- version AttCertVersion -- version is v2,
- holder Holder,
- issuer AttCertIssuer,
- signature AlgorithmIdentifier,
- serialNumber CertificateSerialNumber,
- attrCertValidityPeriod AttCertValidityPeriod,
- attributes Sequence OF Attr,
- issuerUniqueID UniqueIdentifier OPTIONAL,
- extensions Extensions OPTIONAL
- }
-
- AttCertVersion ::= Integer { v2(1) }
-
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- AttCertValidityPeriod ::= Sequence {
- notBeforeTime GeneralizedTime,
- notAfterTime GeneralizedTime
- }
-
-
-
- the infamous Pfx from Pkcs12
-
-
- Some other restriction regarding the usage of this certificate.
-
-
- RestrictionSyntax ::= DirectoryString (SIZE(1..1024))
-
-
-
- Constructor from DirectoryString.
-
- The DirectoryString is of type RestrictionSyntax:
-
-
- RestrictionSyntax ::= DirectoryString (SIZE(1..1024))
-
-
- @param restriction A IAsn1String.
-
-
- Constructor from a given details.
-
- @param restriction The description of the restriction.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- Returns:
-
-
- RestrictionSyntax ::= DirectoryString (SIZE(1..1024))
-
-
-
- @return an Asn1Object
-
-
- The LDSSecurityObject object (V1.8).
-
- LDSSecurityObject ::= SEQUENCE {
- version LDSSecurityObjectVersion,
- hashAlgorithm DigestAlgorithmIdentifier,
- dataGroupHashValues SEQUENCE SIZE (2..ub-DataGroups) OF DataHashGroup,
- ldsVersionInfo LDSVersionInfo OPTIONAL
- -- if present, version MUST be v1 }
-
- DigestAlgorithmIdentifier ::= AlgorithmIdentifier,
-
- LDSSecurityObjectVersion :: INTEGER {V0(0)}
-
-
-
- Sets the X.509 version. Note: for X509v3, use 2 here.
-
-
- Sets the issuer unique ID (deprecated in X.509v3)
-
-
- Sets the subject unique ID (deprecated in X.509v3)
-
-
-
- CertTemplate ::= SEQUENCE {
- version [0] Version OPTIONAL,
- serialNumber [1] INTEGER OPTIONAL,
- signingAlg [2] AlgorithmIdentifier OPTIONAL,
- issuer [3] Name OPTIONAL,
- validity [4] OptionalValidity OPTIONAL,
- subject [5] Name OPTIONAL,
- publicKey [6] SubjectPublicKeyInfo OPTIONAL,
- issuerUID [7] UniqueIdentifier OPTIONAL,
- subjectUID [8] UniqueIdentifier OPTIONAL,
- extensions [9] Extensions OPTIONAL }
-
- @return a basic ASN.1 object representation.
-
-
- return an OriginatorPublicKey object from a tagged object.
-
- @param obj the tagged object holding the object we want.
- @param explicitly true if the object is meant to be explicitly
- tagged false otherwise.
- @exception ArgumentException if the object held by the
- tagged object cannot be converted.
-
-
- return an OriginatorPublicKey object from the given object.
-
- @param obj the object we want converted.
- @exception ArgumentException if the object cannot be converted.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- OriginatorPublicKey ::= Sequence {
- algorithm AlgorithmIdentifier,
- publicKey BIT STRING
- }
-
-
-
- return an AuthEnvelopedData object from a tagged object.
-
- @param obj the tagged object holding the object we want.
- @param isExplicit true if the object is meant to be explicitly
- tagged false otherwise.
- @throws ArgumentException if the object held by the
- tagged object cannot be converted.
-
-
- return an AuthEnvelopedData object from the given object.
-
- @param obj the object we want converted.
- @throws ArgumentException if the object cannot be converted.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- AuthEnvelopedData ::= SEQUENCE {
- version CMSVersion,
- originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
- recipientInfos RecipientInfos,
- authEncryptedContentInfo EncryptedContentInfo,
- authAttrs [1] IMPLICIT AuthAttributes OPTIONAL,
- mac MessageAuthenticationCode,
- unauthAttrs [2] IMPLICIT UnauthAttributes OPTIONAL }
-
-
-
-
- PollReqContent ::= SEQUENCE OF SEQUENCE {
- certReqId INTEGER
- }
-
- @return a basic ASN.1 object representation.
-
-
- Creates a new PkiMessage.
-
- @param header message header
- @param body message body
- @param protection message protection (may be null)
- @param extraCerts extra certificates (may be null)
-
-
-
- PkiMessage ::= SEQUENCE {
- header PKIHeader,
- body PKIBody,
- protection [0] PKIProtection OPTIONAL,
- extraCerts [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate
- OPTIONAL
- }
-
- @return a basic ASN.1 object representation.
-
-
-
- PkiConfirmContent ::= NULL
-
- @return a basic ASN.1 object representation.
-
-
- return an Asn1Sequence from the given object.
-
- @param obj the object we want converted.
- @exception ArgumentException if the object cannot be converted.
-
-
- Return an ASN1 sequence from a tagged object. There is a special
- case here, if an object appears to have been explicitly tagged on
- reading but we were expecting it to be implicitly tagged in the
- normal course of events it indicates that we lost the surrounding
- sequence - so we need to add it back (this will happen if the tagged
- object is a sequence that contains other sequences). If you are
- dealing with implicitly tagged sequences you really should
- be using this method.
-
- @param obj the tagged object.
- @param explicitly true if the object is meant to be explicitly tagged,
- false otherwise.
- @exception ArgumentException if the tagged object cannot
- be converted.
-
-
- return the object at the sequence position indicated by index.
-
- @param index the sequence number (starting at zero) of the object
- @return the object at the sequence position indicated by index.
-
-
- create an empty sequence
-
-
- create a sequence containing one object
-
-
- create a sequence containing a vector of objects.
-
-
- create an empty sequence
-
-
- create a sequence containing one object
-
-
- create a sequence containing a vector of objects.
-
-
-
- Class to Generate X509V1 Certificates.
-
-
-
-
- Default Constructor.
-
-
-
-
- Reset the generator.
-
-
-
-
- Set the certificate's serial number.
-
- Make serial numbers long, if you have no serial number policy make sure the number is at least 16 bytes of secure random data.
- You will be surprised how ugly a serial number collision can get.
- The serial number.
-
-
-
- Set the issuer distinguished name.
- The issuer is the entity whose private key is used to sign the certificate.
-
- The issuers DN.
-
-
-
- Set the date that this certificate is to be valid from.
-
-
-
-
-
- Set the date after which this certificate will no longer be valid.
-
-
-
-
-
- Set the subject distinguished name.
- The subject describes the entity associated with the public key.
-
-
-
-
-
- Set the public key that this certificate identifies.
-
-
-
-
-
- Set the signature algorithm that will be used to sign this certificate.
- This can be either a name or an OID, names are treated as case insensitive.
-
- string representation of the algorithm name
-
-
-
- Generate a new X509Certificate.
-
- The private key of the issuer used to sign this certificate.
- An X509Certificate.
-
-
-
- Generate a new X509Certificate specifying a SecureRandom instance that you would like to use.
-
- The private key of the issuer used to sign this certificate.
- The Secure Random you want to use.
- An X509Certificate.
-
-
-
- Allows enumeration of the signature names supported by the generator.
-
-
-
- Return the digest algorithm using one of the standard JCA string
- representations rather than the algorithm identifier (if possible).
-
-
-
- An Object representing an X509 Certificate.
- Has static methods for loading Certificates encoded in many forms that return X509Certificate Objects.
-
-
-
-
- Return true if the nominated time is within the start and end times nominated on the certificate.
-
- The time to test validity against.
- True if certificate is valid for nominated time.
-
-
-
- Checks if the current date is within certificate's validity period.
-
-
-
-
- Checks if the given date is within certificate's validity period.
-
- if the certificate is expired by given date
- if the certificate is not yet valid on given date
-
-
-
- Return the Der encoded TbsCertificate data.
- This is the certificate component less the signature.
- To Get the whole certificate call the GetEncoded() member.
-
- A byte array containing the Der encoded Certificate component.
-
-
-
- The signature.
-
- A byte array containg the signature of the certificate.
-
-
-
- Get the signature algorithms parameters. (EG DSA Parameters)
-
- A byte array containing the Der encoded version of the parameters or null if there are none.
-
-
-
- Get a key usage guidlines.
-
-
-
-
- Get the public key of the subject of the certificate.
-
- The public key parameters.
-
-
-
- Return a Der encoded version of this certificate.
-
- A byte array.
-
-
-
- Verify the certificate's signature using the nominated public key.
-
- An appropriate public key parameter object, RsaPublicKeyParameters, DsaPublicKeyParameters or ECDsaPublicKeyParameters
- True if the signature is valid.
- If key submitted is not of the above nominated types.
-
-
-
- Return true if the current time is within the start and end times nominated on the certificate.
-
- true id certificate is valid for the current time.
-
-
-
- Return the certificate's version.
-
- An integer whose value Equals the version of the cerficate.
-
-
-
- Return a BigInteger containing the serial number.
-
- The Serial number.
-
-
-
- Get the Issuer Distinguished Name. (Who signed the certificate.)
-
- And X509Object containing name and value pairs.
-
-
-
- Get the subject of this certificate.
-
- An X509Name object containing name and value pairs.
-
-
-
- The time that this certificate is valid from.
-
- A DateTime object representing that time in the local time zone.
-
-
-
- The time that this certificate is valid up to.
-
- A DateTime object representing that time in the local time zone.
-
-
-
- A meaningful version of the Signature Algorithm. (EG SHA1WITHRSA)
-
- A sting representing the signature algorithm.
-
-
-
- Get the Signature Algorithms Object ID.
-
- A string containg a '.' separated object id.
-
-
-
- Get the issuers UID.
-
- A DerBitString.
-
-
-
- Get the subjects UID.
-
- A DerBitString.
-
-
-
- Utility class for creating HMac object from their names/Oids
-
-
-
- CertPathValidatorSpi implementation for X.509 Attribute Certificates la RFC 3281.
-
- @see org.bouncycastle.x509.ExtendedPkixParameters
-
-
- Validates an attribute certificate with the given certificate path.
-
-
- params
must be an instance of
- ExtendedPkixParameters
.
-
- The target constraints in the params
must be an
- X509AttrCertStoreSelector
with at least the attribute
- certificate criterion set. Obey that also target informations may be
- necessary to correctly validate this attribute certificate.
-
- The attribute certificate issuer must be added to the trusted attribute
- issuers with {@link ExtendedPkixParameters#setTrustedACIssuers(Set)}.
-
- @param certPath The certificate path which belongs to the attribute
- certificate issuer public key certificate.
- @param params The PKIX parameters.
- @return A PKIXCertPathValidatorResult
of the result of
- validating the certPath
.
- @throws InvalidAlgorithmParameterException if params
is
- inappropriate for this validator.
- @throws CertPathValidatorException if the verification fails.
-
-
- Constructor for an unencrypted private key PEM object.
-
- @param key private key to be encoded.
-
-
- Constructor for an encrypted private key PEM object.
-
- @param key private key to be encoded
- @param algorithm encryption algorithm to use
- @param provider provider to use
- @throws NoSuchAlgorithmException if algorithm/mode cannot be found
-
-
-
- A PGP marker packet - in general these should be ignored other than where
- the idea is to preserve the original input stream.
-
-
-
- Generic exception class for PGP encoding/decoding problems.
-
-
- Return the raw input stream for the data stream.
-
-
- Return true if the message is integrity protected.
- True, if there is a modification detection code namespace associated
- with this stream.
-
-
- Note: This can only be called after the message has been read.
- True, if the message verifies, false otherwise
-
-
- Class holding precomputation data for the WTNAF (Window
- τ
-adic Non-Adjacent Form) algorithm.
-
-
- Array holding the precomputed F2mPoint
s used for the
- WTNAF multiplication in
- {@link org.bouncycastle.math.ec.multiplier.WTauNafMultiplier.multiply()
- WTauNafMultiplier.multiply()}
.
-
-
- Constructor for WTauNafPreCompInfo
- @param preComp Array holding the precomputed F2mPoint
s
- used for the WTNAF multiplication in
- {@link org.bouncycastle.math.ec.multiplier.WTauNafMultiplier.multiply()
- WTauNafMultiplier.multiply()}
.
-
-
- @return the array holding the precomputed F2mPoint
s
- used for the WTNAF multiplication in
- {@link org.bouncycastle.math.ec.multiplier.WTauNafMultiplier.multiply()
- WTauNafMultiplier.multiply()}
.
-
-
- An implementation of all high level protocols in TLS 1.0.
-
-
- Both streams can be the same object
-
-
- Both streams can be the same object
-
-
- This method is called, when a change cipher spec message is received.
-
- @throws IOException If the message has an invalid content or the
- handshake is not in the correct state.
-
-
- Connects to the remote system.
- Will be used when a certificate is received to verify
- that this certificate is accepted by the client.
- If handshake was not successful
-
-
- Read data from the network. The method will return immediately, if there is
- still some data left in the buffer, or block until some application
- data has been read from the network.
-
- @param buf The buffer where the data will be copied to.
- @param offset The position where the data will be placed in the buffer.
- @param len The maximum number of bytes to read.
- @return The number of bytes read.
- @throws IOException If something goes wrong during reading data.
-
-
- Send some application data to the remote system.
-
- The method will handle fragmentation internally.
-
- @param buf The buffer with the data.
- @param offset The position in the buffer where the data is placed.
- @param len The length of the data.
- @throws IOException If something goes wrong during sending.
-
-
- Terminate this connection with an alert.
-
- Can be used for normal closure too.
-
- @param alertLevel The level of the alert, an be AlertLevel.fatal or AL_warning.
- @param alertDescription The exact alert message.
- @throws IOException If alert was fatal.
-
-
- Closes this connection
- If something goes wrong during closing.
-
-
- Make sure the Stream is now empty. Fail otherwise.
-
- @param is The Stream to check.
- @throws IOException If is is not empty.
-
-
- A Stream which can be used to send data.
-
-
- A Stream which can be used to read data.
-
-
- The secure bidirectional stream for this connection
-
-
- Given the domain parameters this routine Generates an EC key
- pair in accordance with X9.62 section 5.2.1 pages 26, 27.
-
-
- Basic KDF generator for derived keys and ivs as defined by IEEE P1363a/ISO 18033
-
- This implementation is based on ISO 18033/P1363a.
-
-
- Construct a KDF Parameters generator.
-
- @param counterStart value of counter.
- @param digest the digest to be used as the source of derived keys.
-
-
- fill len bytes of the output buffer with bytes generated from
- the derivation function.
-
- @throws ArgumentException if the size of the request will cause an overflow.
- @throws DataLengthException if the out buffer is too small.
-
-
- return the underlying digest.
-
-
- The no-op engine that just copies bytes through, irrespective of whether encrypting and decrypting.
- Provided for the sake of completeness.
-
-
- HC-256 is a software-efficient stream cipher created by Hongjun Wu. It
- generates keystream from a 256-bit secret key and a 256-bit initialization
- vector.
-
- http://www.ecrypt.eu.org/stream/p3ciphers/hc/hc256_p3.pdf
-
- Its brother, HC-128, is a third phase candidate in the eStream contest.
- The algorithm is patent-free. No attacks are known as of today (April 2007).
- See
-
- http://www.ecrypt.eu.org/stream/hcp3.html
-
-
-
- Initialise a HC-256 cipher.
-
- @param forEncryption whether or not we are for encryption. Irrelevant, as
- encryption and decryption are the same.
- @param params the parameters required to set up the cipher.
- @throws ArgumentException if the params argument is
- inappropriate (ie. the key is not 256 bit long).
-
-
- A class that provides CAST6 key encryption operations,
- such as encoding data and generating keys.
-
- All the algorithms herein are from the Internet RFC
-
- RFC2612 - CAST6 (128bit block, 128-256bit key)
-
- and implement a simplified cryptography interface.
-
-
- Encrypt the given input starting at the given offset and place
- the result in the provided buffer starting at the given offset.
-
- @param src The plaintext buffer
- @param srcIndex An offset into src
- @param dst The ciphertext buffer
- @param dstIndex An offset into dst
-
-
- Decrypt the given input starting at the given offset and place
- the result in the provided buffer starting at the given offset.
-
- @param src The plaintext buffer
- @param srcIndex An offset into src
- @param dst The ciphertext buffer
- @param dstIndex An offset into dst
-
-
- Does the 12 quad rounds rounds to encrypt the block.
-
- @param A the 00-31 bits of the plaintext block
- @param B the 32-63 bits of the plaintext block
- @param C the 64-95 bits of the plaintext block
- @param D the 96-127 bits of the plaintext block
- @param result the resulting ciphertext
-
-
- Does the 12 quad rounds rounds to decrypt the block.
-
- @param A the 00-31 bits of the ciphertext block
- @param B the 32-63 bits of the ciphertext block
- @param C the 64-95 bits of the ciphertext block
- @param D the 96-127 bits of the ciphertext block
- @param result the resulting plaintext
-
-
- an implementation of the AES (Rijndael), from FIPS-197.
-
- For further details see: http://csrc.nist.gov/encryption/aes/.
-
- This implementation is based on optimizations from Dr. Brian Gladman's paper and C code at
- http://fp.gladman.plus.com/cryptography_technology/rijndael/
-
- There are three levels of tradeoff of speed vs memory
- Because java has no preprocessor, they are written as three separate classes from which to choose
-
- The fastest uses 8Kbytes of static tables to precompute round calculations, 4 256 word tables for encryption
- and 4 for decryption.
-
- The middle performance version uses only one 256 word table for each, for a total of 2Kbytes,
- adding 12 rotate operations per round to compute the values contained in the other tables from
- the contents of the first
-
- The slowest version uses no static tables at all and computes the values
- in each round.
-
-
- This file contains the slowest performance version with no static tables
- for round precomputation, but it has the smallest foot print.
-
-
-
- Calculate the necessary round keys
- The number of calculations depends on key size and block size
- AES specified a fixed block size of 128 bits and key sizes 128/192/256 bits
- This code is written assuming those are the only possible values
-
-
- default constructor - 128 bit block size.
-
-
- initialise an AES cipher.
-
- @param forEncryption whether or not we are for encryption.
- @param parameters the parameters required to set up the cipher.
- @exception ArgumentException if the parameters argument is
- inappropriate.
-
-
- Draft FIPS 180-2 implementation of SHA-512. Note: As this is
- based on a draft this implementation is subject to change.
-
-
- block word digest
- SHA-1 512 32 160
- SHA-256 512 32 256
- SHA-384 1024 64 384
- SHA-512 1024 64 512
-
-
-
- Copy constructor. This will copy the state of the provided
- message digest.
-
-
- reset the chaining variables
-
-
- Draft FIPS 180-2 implementation of SHA-256. Note: As this is
- based on a draft this implementation is subject to change.
-
-
- block word digest
- SHA-1 512 32 160
- SHA-256 512 32 256
- SHA-384 1024 64 384
- SHA-512 1024 64 512
-
-
-
- Copy constructor. This will copy the state of the provided
- message digest.
-
-
- reset the chaining variables
-
-
- Implements the client side SRP-6a protocol. Note that this class is stateful, and therefore NOT threadsafe.
- This implementation of SRP is based on the optimized message sequence put forth by Thomas Wu in the paper
- "SRP-6: Improvements and Refinements to the Secure Remote Password Protocol, 2002"
-
-
- Initialises the client to begin new authentication attempt
- @param N The safe prime associated with the client's verifier
- @param g The group parameter associated with the client's verifier
- @param digest The digest algorithm associated with the client's verifier
- @param random For key generation
-
-
- Generates client's credentials given the client's salt, identity and password
- @param salt The salt used in the client's verifier.
- @param identity The user's identity (eg. username)
- @param password The user's password
- @return Client's public value to send to server
-
-
- Generates client's verification message given the server's credentials
- @param serverB The server's credentials
- @return Client's verification message for the server
- @throws CryptoException If server's credentials are invalid
-
-
- Basic tags for symmetric key algorithms
-
-
- Basic tags for compression algorithms.
-
-
- Targets structure used in target information extension for attribute
- certificates from RFC 3281.
-
-
- Targets ::= SEQUENCE OF Target
-
- Target ::= CHOICE {
- targetName [0] GeneralName,
- targetGroup [1] GeneralName,
- targetCert [2] TargetCert
- }
-
- TargetCert ::= SEQUENCE {
- targetCertificate IssuerSerial,
- targetName GeneralName OPTIONAL,
- certDigestInfo ObjectDigestInfo OPTIONAL
- }
-
-
- @see org.bouncycastle.asn1.x509.Target
- @see org.bouncycastle.asn1.x509.TargetInformation
-
-
- Creates an instance of a Targets from the given object.
-
- obj
can be a Targets or a {@link Asn1Sequence}
-
- @param obj The object.
- @return A Targets instance.
- @throws ArgumentException if the given object cannot be interpreted as Target.
-
-
- Constructor from Asn1Sequence.
-
- @param targets The ASN.1 SEQUENCE.
- @throws ArgumentException if the contents of the sequence are
- invalid.
-
-
- Constructor from given targets.
-
- The ArrayList is copied.
-
- @param targets An ArrayList
of {@link Target}s.
- @see Target
- @throws ArgumentException if the ArrayList contains not only Targets.
-
-
- Returns the targets in an ArrayList
.
-
- The ArrayList is cloned before it is returned.
-
- @return Returns the targets.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- Returns:
-
-
- Targets ::= SEQUENCE OF Target
-
-
- @return an Asn1Object
-
-
- Construct a GeneralNames object containing one GeneralName.
- The name to be contained.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- GeneralNames ::= Sequence SIZE {1..MAX} OF GeneralName
-
-
-
- The GeneralName object.
-
- GeneralName ::= CHOICE {
- otherName [0] OtherName,
- rfc822Name [1] IA5String,
- dNSName [2] IA5String,
- x400Address [3] ORAddress,
- directoryName [4] Name,
- ediPartyName [5] EDIPartyName,
- uniformResourceIdentifier [6] IA5String,
- iPAddress [7] OCTET STRING,
- registeredID [8] OBJECT IDENTIFIER}
-
- OtherName ::= Sequence {
- type-id OBJECT IDENTIFIER,
- value [0] EXPLICIT ANY DEFINED BY type-id }
-
- EDIPartyName ::= Sequence {
- nameAssigner [0] DirectoryString OPTIONAL,
- partyName [1] DirectoryString }
-
-
-
- When the subjectAltName extension contains an Internet mail address,
- the address MUST be included as an rfc822Name. The format of an
- rfc822Name is an "addr-spec" as defined in RFC 822 [RFC 822].
-
- When the subjectAltName extension contains a domain name service
- label, the domain name MUST be stored in the dNSName (an IA5String).
- The name MUST be in the "preferred name syntax," as specified by RFC
- 1034 [RFC 1034].
-
- When the subjectAltName extension contains a URI, the name MUST be
- stored in the uniformResourceIdentifier (an IA5String). The name MUST
- be a non-relative URL, and MUST follow the URL syntax and encoding
- rules specified in [RFC 1738]. The name must include both a scheme
- (e.g., "http" or "ftp") and a scheme-specific-part. The scheme-
- specific-part must include a fully qualified domain name or IP
- address as the host.
-
- When the subjectAltName extension contains a iPAddress, the address
- MUST be stored in the octet string in "network byte order," as
- specified in RFC 791 [RFC 791]. The least significant bit (LSB) of
- each octet is the LSB of the corresponding byte in the network
- address. For IP Version 4, as specified in RFC 791, the octet string
- MUST contain exactly four octets. For IP Version 6, as specified in
- RFC 1883, the octet string MUST contain exactly sixteen octets [RFC
- 1883].
-
-
- Create a GeneralName for the given tag from the passed in string.
-
- This constructor can handle:
-
- - rfc822Name
- - iPAddress
- - directoryName
- - dNSName
- - uniformResourceIdentifier
- - registeredID
-
- For x400Address, otherName and ediPartyName there is no common string
- format defined.
-
- Note: A directory name can be encoded in different ways into a byte
- representation. Be aware of this if the byte representation is used for
- comparing results.
-
-
- @param tag tag number
- @param name string representation of name
- @throws ArgumentException if the string encoding is not correct or
- not supported.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- AlgorithmIdentifier ::= Sequence {
- algorithm OBJECT IDENTIFIER,
- parameters ANY DEFINED BY algorithm OPTIONAL }
-
-
-
- EllipticCurve OBJECT IDENTIFIER ::= {
- iso(1) identified-organization(3) certicom(132) curve(0)
- }
-
-
- write out an RSA private key with its associated information
- as described in Pkcs8.
-
- PrivateKeyInfo ::= Sequence {
- version Version,
- privateKeyAlgorithm AlgorithmIdentifier {{PrivateKeyAlgorithms}},
- privateKey PrivateKey,
- attributes [0] IMPLICIT Attributes OPTIONAL
- }
- Version ::= Integer {v1(0)} (v1,...)
-
- PrivateKey ::= OCTET STRING
-
- Attributes ::= Set OF Attr
-
-
-
- class for breaking up an Oid into it's component tokens, ala
- java.util.StringTokenizer. We need this class as some of the
- lightweight Java environment don't support classes like
- StringTokenizer.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- TBSRequest ::= Sequence {
- version [0] EXPLICIT Version DEFAULT v1,
- requestorName [1] EXPLICIT GeneralName OPTIONAL,
- requestList Sequence OF Request,
- requestExtensions [2] EXPLICIT Extensions OPTIONAL }
-
-
-
- Professions, specializations, disciplines, fields of activity, etc.
-
-
- ProfessionInfo ::= SEQUENCE
- {
- namingAuthority [0] EXPLICIT NamingAuthority OPTIONAL,
- professionItems SEQUENCE OF DirectoryString (SIZE(1..128)),
- professionOids SEQUENCE OF OBJECT IDENTIFIER OPTIONAL,
- registrationNumber PrintableString(SIZE(1..128)) OPTIONAL,
- addProfessionInfo OCTET STRING OPTIONAL
- }
-
-
- @see Org.BouncyCastle.Asn1.IsisMtt.X509.AdmissionSyntax
-
-
- Rechtsanw�ltin
-
-
- Rechtsanwalt
-
-
- Rechtsbeistand
-
-
- Steuerberaterin
-
-
- Steuerberater
-
-
- Steuerbevollm�chtigte
-
-
- Steuerbevollm�chtigter
-
-
- Notarin
-
-
- Notar
-
-
- Notarvertreterin
-
-
- Notarvertreter
-
-
- Notariatsverwalterin
-
-
- Notariatsverwalter
-
-
- Wirtschaftspr�ferin
-
-
- Wirtschaftspr�fer
-
-
- Vereidigte Buchpr�ferin
-
-
- Vereidigter Buchpr�fer
-
-
- Patentanw�ltin
-
-
- Patentanwalt
-
-
- Constructor from Asn1Sequence.
-
-
-
- ProfessionInfo ::= SEQUENCE
- {
- namingAuthority [0] EXPLICIT NamingAuthority OPTIONAL,
- professionItems SEQUENCE OF DirectoryString (SIZE(1..128)),
- professionOids SEQUENCE OF OBJECT IDENTIFIER OPTIONAL,
- registrationNumber PrintableString(SIZE(1..128)) OPTIONAL,
- addProfessionInfo OCTET STRING OPTIONAL
- }
-
-
- @param seq The ASN.1 sequence.
-
-
- Constructor from given details.
-
- professionItems
is mandatory, all other parameters are
- optional.
-
- @param namingAuthority The naming authority.
- @param professionItems Directory strings of the profession.
- @param professionOids DERObjectIdentfier objects for the
- profession.
- @param registrationNumber Registration number.
- @param addProfessionInfo Additional infos in encoded form.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- Returns:
-
-
- ProfessionInfo ::= SEQUENCE
- {
- namingAuthority [0] EXPLICIT NamingAuthority OPTIONAL,
- professionItems SEQUENCE OF DirectoryString (SIZE(1..128)),
- professionOids SEQUENCE OF OBJECT IDENTIFIER OPTIONAL,
- registrationNumber PrintableString(SIZE(1..128)) OPTIONAL,
- addProfessionInfo OCTET STRING OPTIONAL
- }
-
-
- @return an Asn1Object
-
-
- @return Returns the professionItems.
-
-
- @return Returns the professionOids.
-
-
- @return Returns the addProfessionInfo.
-
-
- @return Returns the namingAuthority.
-
-
- @return Returns the registrationNumber.
-
-
- Attribute to indicate that the certificate holder may sign in the name of a
- third person.
-
- ISIS-MTT PROFILE: The corresponding ProcurationSyntax contains either the
- name of the person who is represented (subcomponent thirdPerson) or a
- reference to his/her base certificate (in the component signingFor,
- subcomponent certRef), furthermore the optional components country and
- typeSubstitution to indicate the country whose laws apply, and respectively
- the type of procuration (e.g. manager, procuration, custody).
-
-
- ISIS-MTT PROFILE: The GeneralName MUST be of type directoryName and MAY only
- contain: - RFC3039 attributes, except pseudonym (countryName, commonName,
- surname, givenName, serialNumber, organizationName, organizationalUnitName,
- stateOrProvincename, localityName, postalAddress) and - SubjectDirectoryName
- attributes (title, dateOfBirth, placeOfBirth, gender, countryOfCitizenship,
- countryOfResidence and NameAtBirth).
-
-
- ProcurationSyntax ::= SEQUENCE {
- country [1] EXPLICIT PrintableString(SIZE(2)) OPTIONAL,
- typeOfSubstitution [2] EXPLICIT DirectoryString (SIZE(1..128)) OPTIONAL,
- signingFor [3] EXPLICIT SigningFor
- }
-
- SigningFor ::= CHOICE
- {
- thirdPerson GeneralName,
- certRef IssuerSerial
- }
-
-
-
-
- Constructor from Asn1Sequence.
-
- The sequence is of type ProcurationSyntax:
-
-
- ProcurationSyntax ::= SEQUENCE {
- country [1] EXPLICIT PrintableString(SIZE(2)) OPTIONAL,
- typeOfSubstitution [2] EXPLICIT DirectoryString (SIZE(1..128)) OPTIONAL,
- signingFor [3] EXPLICIT SigningFor
- }
-
- SigningFor ::= CHOICE
- {
- thirdPerson GeneralName,
- certRef IssuerSerial
- }
-
-
- @param seq The ASN.1 sequence.
-
-
- Constructor from a given details.
-
-
- Either generalName
or certRef
MUST be
- null
.
-
- @param country The country code whose laws apply.
- @param typeOfSubstitution The type of procuration.
- @param certRef Reference to certificate of the person who is represented.
-
-
- Constructor from a given details.
-
-
- Either generalName
or certRef
MUST be
- null
.
-
- @param country The country code whose laws apply.
- @param typeOfSubstitution The type of procuration.
- @param thirdPerson The GeneralName of the person who is represented.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- Returns:
-
-
- ProcurationSyntax ::= SEQUENCE {
- country [1] EXPLICIT PrintableString(SIZE(2)) OPTIONAL,
- typeOfSubstitution [2] EXPLICIT DirectoryString (SIZE(1..128)) OPTIONAL,
- signingFor [3] EXPLICIT SigningFor
- }
-
- SigningFor ::= CHOICE
- {
- thirdPerson GeneralName,
- certRef IssuerSerial
- }
-
-
- @return an Asn1Object
-
-
-
- RFC 3126: 4.2.2 Complete Revocation Refs Attribute Definition
-
- OtherRevRefs ::= SEQUENCE
- {
- otherRevRefType OtherRevRefType,
- otherRevRefs ANY DEFINED BY otherRevRefType
- }
-
- OtherRevRefType ::= OBJECT IDENTIFIER
-
-
-
-
- Der NumericString object - this is an ascii string of characters {0,1,2,3,4,5,6,7,8,9, }.
-
-
- return a Numeric string from the passed in object
-
- @exception ArgumentException if the object cannot be converted.
-
-
- return an Numeric string from a tagged object.
-
- @param obj the tagged object holding the object we want
- @param explicitly true if the object is meant to be explicitly
- tagged false otherwise.
- @exception ArgumentException if the tagged object cannot
- be converted.
-
-
- basic constructor - with bytes.
-
-
- basic constructor - without validation..
-
-
- Constructor with optional validation.
-
- @param string the base string to wrap.
- @param validate whether or not to check the string.
- @throws ArgumentException if validate is true and the string
- contains characters that should not be in a NumericString.
-
-
- Return true if the string can be represented as a NumericString ('0'..'9', ' ')
-
- @param str string to validate.
- @return true if numeric, fale otherwise.
-
-
- Der BMPString object.
-
-
- return a BMP string from the given object.
-
- @param obj the object we want converted.
- @exception ArgumentException if the object cannot be converted.
-
-
- return a BMP string from a tagged object.
-
- @param obj the tagged object holding the object we want
- @param explicitly true if the object is meant to be explicitly
- tagged false otherwise.
- @exception ArgumentException if the tagged object cannot
- be converted.
-
-
- basic constructor - byte encoded string.
-
-
- basic constructor
-
-
- return an KeyAgreeRecipientIdentifier object from a tagged object.
-
- @param obj the tagged object holding the object we want.
- @param isExplicit true if the object is meant to be explicitly
- tagged false otherwise.
- @exception ArgumentException if the object held by the
- tagged object cannot be converted.
-
-
- return an KeyAgreeRecipientIdentifier object from the given object.
-
- @param obj the object we want converted.
- @exception ArgumentException if the object cannot be converted.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- KeyAgreeRecipientIdentifier ::= CHOICE {
- issuerAndSerialNumber IssuerAndSerialNumber,
- rKeyId [0] IMPLICIT RecipientKeyIdentifier
- }
-
-
-
-
- Attributes ::=
- SET SIZE(1..MAX) OF Attribute -- according to RFC 5652
-
- @return
-
-
- Value for a "null" recipient or sender.
-
-
-
- PkiHeader ::= SEQUENCE {
- pvno INTEGER { cmp1999(1), cmp2000(2) },
- sender GeneralName,
- -- identifies the sender
- recipient GeneralName,
- -- identifies the intended recipient
- messageTime [0] GeneralizedTime OPTIONAL,
- -- time of production of this message (used when sender
- -- believes that the transport will be "suitable"; i.e.,
- -- that the time will still be meaningful upon receipt)
- protectionAlg [1] AlgorithmIdentifier OPTIONAL,
- -- algorithm used for calculation of protection bits
- senderKID [2] KeyIdentifier OPTIONAL,
- recipKID [3] KeyIdentifier OPTIONAL,
- -- to identify specific keys used for protection
- transactionID [4] OCTET STRING OPTIONAL,
- -- identifies the transaction; i.e., this will be the same in
- -- corresponding request, response, certConf, and PKIConf
- -- messages
- senderNonce [5] OCTET STRING OPTIONAL,
- recipNonce [6] OCTET STRING OPTIONAL,
- -- nonces used to provide replay protection, senderNonce
- -- is inserted by the creator of this message; recipNonce
- -- is a nonce previously inserted in a related message by
- -- the intended recipient of this message
- freeText [7] PKIFreeText OPTIONAL,
- -- this may be used to indicate context-specific instructions
- -- (this field is intended for human consumption)
- generalInfo [8] SEQUENCE SIZE (1..MAX) OF
- InfoTypeAndValue OPTIONAL
- -- this may be used to convey context-specific information
- -- (this field not primarily intended for human consumption)
- }
-
- @return a basic ASN.1 object representation.
-
-
- The following extensions are listed in RFC 2459 as relevant to CRL Entries
-
- ReasonCode Hode Instruction Code Invalidity Date Certificate Issuer
- (critical)
-
-
- Constructor for CRLEntries of indirect CRLs. If isIndirect
- is false
{@link #getCertificateIssuer()} will always
- return null
, previousCertificateIssuer
is
- ignored. If this isIndirect
is specified and this CrlEntry
- has no certificate issuer CRL entry extension
- previousCertificateIssuer
is returned by
- {@link #getCertificateIssuer()}.
-
- @param c
- TbsCertificateList.CrlEntry object.
- @param isIndirect
- true
if the corresponding CRL is a indirect
- CRL.
- @param previousCertificateIssuer
- Certificate issuer of the previous CrlEntry.
-
-
-
- Signer Utility class contains methods that can not be specifically grouped into other classes.
-
-
-
-
- Returns a ObjectIdentifier for a give encoding.
-
- A string representation of the encoding.
- A DerObjectIdentifier, null if the Oid is not available.
-
-
-
- A class containing methods to interface the BouncyCastle world to the .NET Crypto world.
-
-
-
-
- Create an System.Security.Cryptography.X509Certificate from an X509Certificate Structure.
-
-
- A System.Security.Cryptography.X509Certificate.
-
-
- The Service Provider Interface (SPI)
- for the {@link CertPathValidator CertPathValidator} class. All
- CertPathValidator
implementations must include a class (the
- SPI class) that extends this class (CertPathValidatorSpi
)
- and implements all of its methods. In general, instances of this class
- should only be accessed through the CertPathValidator
class.
- For details, see the Java Cryptography Architecture.
-
- Concurrent Access
-
- Instances of this class need not be protected against concurrent
- access from multiple threads. Threads that need to access a single
- CertPathValidatorSpi
instance concurrently should synchronize
- amongst themselves and provide the necessary locking before calling the
- wrapping CertPathValidator
object.
-
- However, implementations of CertPathValidatorSpi
may still
- encounter concurrency issues, since multiple threads each
- manipulating a different CertPathValidatorSpi
instance need not
- synchronize.
-
- CertPathValidatorSpi implementation for X.509 Certificate validation a la RFC
- 3280.
-
-
-
-
- Returns the revocationDate.
-
-
-
-
- Returns the certStatus.
-
-
-
- Generator for old style PGP V3 Signatures.
-
-
- Create a generator for the passed in keyAlgorithm and hashAlgorithm codes.
-
-
- Initialise the generator for signing.
-
-
- Initialise the generator for signing.
-
-
- Return the one pass header associated with the current signature.
-
-
- Return a V3 signature object containing the current signature state.
-
-
- Container for a list of signature subpackets.
-
-
- Return true if a particular subpacket type exists.
-
- @param type type to look for.
- @return true if present, false otherwise.
-
-
- Return all signature subpackets of the passed in type.
- @param type subpacket type code
- @return an array of zero or more matching subpackets.
-
-
-
- Return the number of seconds a signature is valid for after its creation date.
- A value of zero means the signature never expires.
-
- Seconds a signature is valid for.
-
-
-
- Return the number of seconds a key is valid for after its creation date.
- A value of zero means the key never expires.
-
- Seconds a signature is valid for.
-
-
- Return the number of packets this vector contains.
-
-
-
- Thrown if the IV at the start of a data stream indicates the wrong key is being used.
-
-
-
- return the ASN.1 encoded representation of this object.
-
-
-
- A temporary class to wrap old CertificateVerifyer stuff for new TlsAuthentication.
-
-
-
- A combined hash, which implements md5(m) || sha1(m).
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- RSA-PSS as described in Pkcs# 1 v 2.1.
-
- Note: the usual value for the salt length is the number of
- bytes in the hash function.
-
-
-
- Basic constructor
- the asymmetric cipher to use.
- the digest to use.
- the length of the salt to use (in bytes).
-
-
- clear possible sensitive data
-
-
- update the internal digest with the byte b
-
-
- update the internal digest with the byte array in
-
-
- reset the internal state
-
-
- Generate a signature for the message we've been loaded with using
- the key we were initialised with.
-
-
-
- return true if the internal state represents the signature described
- in the passed in array.
-
-
-
- int to octet string.
-
-
- mask generator function, as described in Pkcs1v2.
-
-
- Cipher parameters with a fixed salt value associated with them.
-
-
- The minimum bitlength of the private value.
-
-
- The bitlength of the private value.
-
-
- Base constructor.
-
- @param key key to be used by underlying cipher
- @param macSize macSize in bits
- @param nonce nonce to be used
- @param associatedText associated text, if any
-
-
- A padder that adds the padding according to the scheme referenced in
- ISO 7814-4 - scheme 2 from ISO 9797-1. The first byte is 0x80, rest is 0x00
-
-
- Initialise the padder.
-
- @param random - a SecureRandom if available.
-
-
- add the pad bytes to the passed in block, returning the
- number of bytes added.
-
-
- return the number of pad bytes present in the block.
-
-
- Return the name of the algorithm the padder implements.
-
- @return the name of the algorithm the padder implements.
-
-
- Key generation parameters for NaccacheStern cipher. For details on this cipher, please see
-
- http://www.gemplus.com/smart/rd/publications/pdf/NS98pkcs.pdf
-
-
- Generates a permuted ArrayList from the original one. The original List
- is not modified
-
- @param arr
- the ArrayList to be permuted
- @param rand
- the source of Randomness for permutation
- @return a new ArrayList with the permuted elements.
-
-
- Finds the first 'count' primes starting with 3
-
- @param count
- the number of primes to find
- @return a vector containing the found primes as Integer
-
-
- generate suitable parameters for GOST3410.
-
-
- initialise the key generator.
-
- @param size size of the key
- @param typeProcedure type procedure A,B = 1; A',B' - else
- @param random random byte source.
-
-
- Procedure C
- procedure generates the a value from the given p,q,
- returning the a value.
-
-
- which generates the p , q and a values from the given parameters,
- returning the Gost3410Parameters object.
-
-
- An XTEA engine.
-
-
- Create an instance of the TEA encryption algorithm
- and set some defaults
-
-
- initialise
-
- @param forEncryption whether or not we are for encryption.
- @param params the parameters required to set up the cipher.
- @exception ArgumentException if the params argument is
- inappropriate.
-
-
- Re-key the cipher.
-
- @param key the key to be used
-
-
- Implementation of the SEED algorithm as described in RFC 4009
-
-
- a Diffie-Hellman key agreement class.
-
- note: This is only the basic algorithm, it doesn't take advantage of
- long term public keys if they are available. See the DHAgreement class
- for a "better" implementation.
-
-
- given a short term public key from a given party calculate the next
- message in the agreement sequence.
-
-
- a Diffie-Hellman key exchange engine.
-
- note: This uses MTI/A0 key agreement in order to make the key agreement
- secure against passive attacks. If you're doing Diffie-Hellman and both
- parties have long term public keys you should look at using this. For
- further information have a look at RFC 2631.
-
- It's possible to extend this to more than two parties as well, for the moment
- that is left as an exercise for the reader.
-
-
- calculate our initial message.
-
-
- given a message from a given party and the corresponding public key
- calculate the next message in the agreement sequence. In this case
- this will represent the shared secret.
-
-
- containing class for an CMS AuthEnveloped Data object
-
-
- reader for user attribute sub-packets
-
-
- A multiple precision integer
-
-
- Basic packet for an experimental packet.
-
-
- X9.42
-
-
- id-dsa-with-sha1 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
- us(840) x9-57 (10040) x9cm(4) 3 }
-
-
- X9.63
-
-
- ASN.1 def for Elliptic-Curve ECParameters structure. See
- X9.62, for further details.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- ECParameters ::= Sequence {
- version Integer { ecpVer1(1) } (ecpVer1),
- fieldID FieldID {{FieldTypes}},
- curve X9Curve,
- base X9ECPoint,
- order Integer,
- cofactor Integer OPTIONAL
- }
-
-
-
- ANS.1 def for Diffie-Hellman key exchange OtherInfo structure. See
- RFC 2631, or X9.42, for further details.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- OtherInfo ::= Sequence {
- keyInfo KeySpecificInfo,
- partyAInfo [0] OCTET STRING OPTIONAL,
- suppPubInfo [2] OCTET STRING
- }
-
-
-
- ASN.1 def for Diffie-Hellman key exchange KeySpecificInfo structure. See
- RFC 2631, or X9.42, for further details.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- KeySpecificInfo ::= Sequence {
- algorithm OBJECT IDENTIFIER,
- counter OCTET STRING SIZE (4..4)
- }
-
-
-
- Target information extension for attributes certificates according to RFC
- 3281.
-
-
- SEQUENCE OF Targets
-
-
-
-
- Creates an instance of a TargetInformation from the given object.
-
- obj
can be a TargetInformation or a {@link Asn1Sequence}
-
- @param obj The object.
- @return A TargetInformation instance.
- @throws ArgumentException if the given object cannot be interpreted as TargetInformation.
-
-
- Constructor from a Asn1Sequence.
-
- @param seq The Asn1Sequence.
- @throws ArgumentException if the sequence does not contain
- correctly encoded Targets elements.
-
-
- Returns the targets in this target information extension.
-
- The ArrayList is cloned before it is returned.
-
- @return Returns the targets.
-
-
- Constructs a target information from a single targets element.
- According to RFC 3281 only one targets element must be produced.
-
- @param targets A Targets instance.
-
-
- According to RFC 3281 only one targets element must be produced. If
- multiple targets are given they must be merged in
- into one targets element.
-
- @param targets An array with {@link Targets}.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- Returns:
-
-
- SEQUENCE OF Targets
-
-
-
- According to RFC 3281 only one targets element must be produced. If
- multiple targets are given in the constructor they are merged into one
- targets element. If this was produced from a
- {@link Org.BouncyCastle.Asn1.Asn1Sequence} the encoding is kept.
-
- @return an Asn1Object
-
-
- The MonetaryValue object.
-
- MonetaryValue ::= SEQUENCE {
- currency Iso4217CurrencyCode,
- amount INTEGER,
- exponent INTEGER }
- -- value = amount * 10^exponent
-
-
-
- Constructor from a given details.
-
- permitted and excluded are Vectors of GeneralSubtree objects.
-
- @param permitted Permitted subtrees
- @param excluded Excluded subtrees
-
-
-
- IssuingDistributionPoint ::= SEQUENCE {
- distributionPoint [0] DistributionPointName OPTIONAL,
- onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE,
- onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE,
- onlySomeReasons [3] ReasonFlags OPTIONAL,
- indirectCRL [4] BOOLEAN DEFAULT FALSE,
- onlyContainsAttributeCerts [5] BOOLEAN DEFAULT FALSE }
-
-
-
- Constructor from given details.
-
- @param distributionPoint
- May contain an URI as pointer to most current CRL.
- @param onlyContainsUserCerts Covers revocation information for end certificates.
- @param onlyContainsCACerts Covers revocation information for CA certificates.
-
- @param onlySomeReasons
- Which revocation reasons does this point cover.
- @param indirectCRL
- If true
then the CRL contains revocation
- information about certificates ssued by other CAs.
- @param onlyContainsAttributeCerts Covers revocation information for attribute certificates.
-
-
- Constructor from Asn1Sequence
-
-
- @return Returns the distributionPoint.
-
-
- @return Returns the onlySomeReasons.
-
-
- CertPolicyId, used in the CertificatePolicies and PolicyMappings
- X509V3 Extensions.
-
-
- CertPolicyId ::= OBJECT IDENTIFIER
-
-
-
- PKIX RFC-2459
-
- The X.509 v2 CRL syntax is as follows. For signature calculation,
- the data that is to be signed is ASN.1 Der encoded.
-
-
- CertificateList ::= Sequence {
- tbsCertList TbsCertList,
- signatureAlgorithm AlgorithmIdentifier,
- signatureValue BIT STRING }
-
-
-
- dump a Der object as a formatted string with indentation
-
- @param obj the Asn1Object to be dumped out.
-
-
- dump out a DER object as a formatted string, in non-verbose mode
-
- @param obj the Asn1Encodable to be dumped out.
- @return the resulting string.
-
-
- Dump out the object as a string
-
- @param obj the Asn1Encodable to be dumped out.
- @param verbose if true, dump out the contents of octet and bit strings.
- @return the resulting string.
-
-
- This is designed to parse
- the PublicKeyAndChallenge created by the KEYGEN tag included by
- Mozilla based browsers.
-
- PublicKeyAndChallenge ::= SEQUENCE {
- spki SubjectPublicKeyInfo,
- challenge IA5STRING
- }
-
-
-
-
- A declaration of majority.
-
-
- DeclarationOfMajoritySyntax ::= CHOICE
- {
- notYoungerThan [0] IMPLICIT INTEGER,
- fullAgeAtCountry [1] IMPLICIT SEQUENCE
- {
- fullAge BOOLEAN DEFAULT TRUE,
- country PrintableString (SIZE(2))
- }
- dateOfBirth [2] IMPLICIT GeneralizedTime
- }
-
-
- fullAgeAtCountry indicates the majority of the owner with respect to the laws
- of a specific country.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- Returns:
-
-
- DeclarationOfMajoritySyntax ::= CHOICE
- {
- notYoungerThan [0] IMPLICIT INTEGER,
- fullAgeAtCountry [1] IMPLICIT SEQUENCE
- {
- fullAge BOOLEAN DEFAULT TRUE,
- country PrintableString (SIZE(2))
- }
- dateOfBirth [2] IMPLICIT GeneralizedTime
- }
-
-
- @return an Asn1Object
-
-
- @return notYoungerThan if that's what we are, -1 otherwise
-
-
-
-
- SignerAttribute ::= SEQUENCE OF CHOICE {
- claimedAttributes [0] ClaimedAttributes,
- certifiedAttributes [1] CertifiedAttributes }
-
- ClaimedAttributes ::= SEQUENCE OF Attribute
- CertifiedAttributes ::= AttributeCertificate -- as defined in RFC 3281: see clause 4.1.
-
-
-
- A Null object.
-
-
- table of the available named parameters for GOST 3410-2001.
-
-
- return the ECDomainParameters object for the given OID, null if it
- isn't present.
-
- @param oid an object identifier representing a named parameters, if present.
-
-
- return the named curve name represented by the given object identifier.
-
-
- returns an enumeration containing the name strings for curves
- contained in this structure.
-
-
-
- RevAnnContent ::= SEQUENCE {
- status PKIStatus,
- certId CertId,
- willBeRevokedAt GeneralizedTime,
- badSinceDate GeneralizedTime,
- crlDetails Extensions OPTIONAL
- -- extra CRL details (e.g., crl number, reason, location, etc.)
- }
-
- @return a basic ASN.1 object representation.
-
-
- Example InfoTypeAndValue contents include, but are not limited
- to, the following (un-comment in this ASN.1 module and use as
- appropriate for a given environment):
-
- id-it-caProtEncCert OBJECT IDENTIFIER ::= {id-it 1}
- CAProtEncCertValue ::= CMPCertificate
- id-it-signKeyPairTypes OBJECT IDENTIFIER ::= {id-it 2}
- SignKeyPairTypesValue ::= SEQUENCE OF AlgorithmIdentifier
- id-it-encKeyPairTypes OBJECT IDENTIFIER ::= {id-it 3}
- EncKeyPairTypesValue ::= SEQUENCE OF AlgorithmIdentifier
- id-it-preferredSymmAlg OBJECT IDENTIFIER ::= {id-it 4}
- PreferredSymmAlgValue ::= AlgorithmIdentifier
- id-it-caKeyUpdateInfo OBJECT IDENTIFIER ::= {id-it 5}
- CAKeyUpdateInfoValue ::= CAKeyUpdAnnContent
- id-it-currentCRL OBJECT IDENTIFIER ::= {id-it 6}
- CurrentCRLValue ::= CertificateList
- id-it-unsupportedOIDs OBJECT IDENTIFIER ::= {id-it 7}
- UnsupportedOIDsValue ::= SEQUENCE OF OBJECT IDENTIFIER
- id-it-keyPairParamReq OBJECT IDENTIFIER ::= {id-it 10}
- KeyPairParamReqValue ::= OBJECT IDENTIFIER
- id-it-keyPairParamRep OBJECT IDENTIFIER ::= {id-it 11}
- KeyPairParamRepValue ::= AlgorithmIdentifer
- id-it-revPassphrase OBJECT IDENTIFIER ::= {id-it 12}
- RevPassphraseValue ::= EncryptedValue
- id-it-implicitConfirm OBJECT IDENTIFIER ::= {id-it 13}
- ImplicitConfirmValue ::= NULL
- id-it-confirmWaitTime OBJECT IDENTIFIER ::= {id-it 14}
- ConfirmWaitTimeValue ::= GeneralizedTime
- id-it-origPKIMessage OBJECT IDENTIFIER ::= {id-it 15}
- OrigPKIMessageValue ::= PKIMessages
- id-it-suppLangTags OBJECT IDENTIFIER ::= {id-it 16}
- SuppLangTagsValue ::= SEQUENCE OF UTF8String
-
- where
-
- id-pkix OBJECT IDENTIFIER ::= {
- iso(1) identified-organization(3)
- dod(6) internet(1) security(5) mechanisms(5) pkix(7)}
- and
- id-it OBJECT IDENTIFIER ::= {id-pkix 4}
-
-
-
-
- InfoTypeAndValue ::= SEQUENCE {
- infoType OBJECT IDENTIFIER,
- infoValue ANY DEFINED BY infoType OPTIONAL
- }
-
- @return a basic ASN.1 object representation.
-
-
-
- Challenge ::= SEQUENCE {
- owf AlgorithmIdentifier OPTIONAL,
-
- -- MUST be present in the first Challenge; MAY be omitted in
- -- any subsequent Challenge in POPODecKeyChallContent (if
- -- omitted, then the owf used in the immediately preceding
- -- Challenge is to be used).
-
- witness OCTET STRING,
- -- the result of applying the one-way function (owf) to a
- -- randomly-generated INTEGER, A. [Note that a different
- -- INTEGER MUST be used for each Challenge.]
- challenge OCTET STRING
- -- the encryption (under the public key for which the cert.
- -- request is being made) of Rand, where Rand is specified as
- -- Rand ::= SEQUENCE {
- -- int INTEGER,
- -- - the randomly-generated INTEGER A (above)
- -- sender GeneralName
- -- - the sender's name (as included in PKIHeader)
- -- }
- }
-
- @return a basic ASN.1 object representation.
-
-
-
- CertifiedKeyPair ::= SEQUENCE {
- certOrEncCert CertOrEncCert,
- privateKey [0] EncryptedValue OPTIONAL,
- -- see [CRMF] for comment on encoding
- publicationInfo [1] PKIPublicationInfo OPTIONAL
- }
-
- @return a basic ASN.1 object representation.
-
-
- An input stream that decompresses from the BZip2 format (with the file
- header chars) to be read as any other stream.
-
- @author Keiron Liddle
-
- NB: note this class has been modified to read the leading BZ from the
- start of the BZIP2 stream to make it compatible with other PGP programs.
-
-
- Class for carrying the values in an X.509 Attribute.
-
-
- @param at an object representing an attribute.
-
-
- Create an X.509 Attribute with the type given by the passed in oid and
- the value represented by an ASN.1 Set containing value.
-
- @param oid type of the attribute
- @param value value object to go into the atribute's value set.
-
-
- Create an X.59 Attribute with the type given by the passed in oid and the
- value represented by an ASN.1 Set containing the objects in value.
-
- @param oid type of the attribute
- @param value vector of values to go in the attribute's value set.
-
-
-
- This class is an IX509Selector
implementation to select
- certificate pairs, which are e.g. used for cross certificates. The set of
- criteria is given from two X509CertStoreSelector
objects,
- each of which, if present, must match the respective component of a pair.
-
-
-
-
- Decides if the given certificate pair should be selected. If
- obj is not a X509CertificatePair
, this method
- returns false
.
-
- The X509CertificatePair
to be tested.
- true
if the object matches this selector.
-
-
- The certificate pair which is used for testing on equality.
-
-
- The certificate selector for the forward part.
-
-
- The certificate selector for the reverse part.
-
-
- Validate the given IPv4 or IPv6 address.
-
- @param address the IP address as a string.
-
- @return true if a valid address, false otherwise
-
-
- Validate the given IPv4 or IPv6 address and netmask.
-
- @param address the IP address as a string.
-
- @return true if a valid address with netmask, false otherwise
-
-
- Validate the given IPv4 address.
-
- @param address the IP address as a string.
-
- @return true if a valid IPv4 address, false otherwise
-
-
- Validate the given IPv6 address.
-
- @param address the IP address as a string.
-
- @return true if a valid IPv4 address, false otherwise
-
-
- BigInteger utilities.
-
-
- Return the passed in value as an unsigned byte array.
-
- @param value value to be converted.
- @return a byte array without a leading zero byte if present in the signed encoding.
-
-
- Return a random BigInteger not less than 'min' and not greater than 'max'
-
- @param min the least value that may be generated
- @param max the greatest value that may be generated
- @param random the source of randomness
- @return a random BigInteger value in the range [min,max]
-
-
-
- Class to hold a single master secret key and its subkeys.
-
- Often PGP keyring files consist of multiple master keys, if you are trying to process
- or construct one of these you should use the PgpSecretKeyRingBundle class.
-
-
-
-
- Return the public key for the master key.
-
-
- Return the master private key.
-
-
- Allows enumeration of the secret keys.
- An IEnumerable of PgpSecretKey objects.
-
-
-
- Return an iterator of the public keys in the secret key ring that
- have no matching private key. At the moment only personal certificate data
- appears in this fashion.
-
- An IEnumerable of unattached, or extra, public keys.
-
-
-
- Replace the public key set on the secret ring with the corresponding key off the public ring.
-
- Secret ring to be changed.
- Public ring containing the new public key set.
-
-
-
- Return a copy of the passed in secret key ring, with the master key and sub keys encrypted
- using a new password and the passed in algorithm.
-
- The PgpSecretKeyRing to be copied.
- The current password for key.
- The new password for the key.
- The algorithm to be used for the encryption.
- Source of randomness.
-
-
-
- Returns a new key ring with the secret key passed in either added or
- replacing an existing one with the same key ID.
-
- The secret key ring to be modified.
- The secret key to be inserted.
- A new PgpSecretKeyRing
-
-
- Returns a new key ring with the secret key passed in removed from the key ring.
- The secret key ring to be modified.
- The secret key to be removed.
- A new PgpSecretKeyRing, or null if secKey is not found.
-
-
-
- TLS 1.1 SRP key exchange.
-
-
-
-
- A generic TLS MAC implementation, which can be used with any kind of
- IDigest to act as an HMAC.
-
-
-
- Generate a new instance of an TlsMac.
-
- @param digest The digest to use.
- @param key_block A byte-array where the key for this mac is located.
- @param offset The number of bytes to skip, before the key starts in the buffer.
- @param len The length of the key.
-
-
- Calculate the mac for some given data.
-
- TlsMac will keep track of the sequence number internally.
-
- @param type The message type of the message.
- @param message A byte-buffer containing the message.
- @param offset The number of bytes to skip, before the message starts.
- @param len The length of the message.
- @return A new byte-buffer containing the mac value.
-
-
- @return The Keysize of the mac.
-
-
-
- RFC 2246 7.4
-
-
-
-
- RFC 4366 2.3
-
-
-
-
- RFC 2246 7.4.4
-
-
-
- Gost R 34.10-94 Signature Algorithm
-
-
- generate a signature for the given message using the key we were
- initialised with. For conventional Gost3410 the message should be a Gost3411
- hash of the message of interest.
-
- @param message the message that will be verified later.
-
-
- return true if the value r and s represent a Gost3410 signature for
- the passed in message for standard Gost3410 the message should be a
- Gost3411 hash of the real message to be verified.
-
-
- EC-DSA as described in X9.62
-
-
- Generate a signature for the given message using the key we were
- initialised with. For conventional DSA the message should be a SHA-1
- hash of the message of interest.
-
- @param message the message that will be verified later.
-
-
- return true if the value r and s represent a DSA signature for
- the passed in message (for standard DSA the message should be
- a SHA-1 hash of the real message to be verified).
-
-
- Parameters for mask derivation functions.
-
-
- return true if the passed in key is a DES-EDE weak key.
-
- @param key bytes making up the key
- @param offset offset into the byte array the key starts at
- @param length number of bytes making up the key
-
-
- return true if the passed in key is a DES-EDE weak key.
-
- @param key bytes making up the key
- @param offset offset into the byte array the key starts at
-
-
-
- Implements the Galois/Counter mode (GCM) detailed in
- NIST Special Publication 800-38D.
-
-
-
- DES based CBC Block Cipher MAC according to ISO9797, algorithm 3 (ANSI X9.19 Retail MAC)
-
- This could as well be derived from CBCBlockCipherMac, but then the property mac in the base
- class must be changed to protected
-
-
- create a Retail-MAC based on a CBC block cipher. This will produce an
- authentication code of the length of the block size of the cipher.
-
- @param cipher the cipher to be used as the basis of the MAC generation. This must
- be DESEngine.
-
-
- create a Retail-MAC based on a CBC block cipher. This will produce an
- authentication code of the length of the block size of the cipher.
-
- @param cipher the cipher to be used as the basis of the MAC generation.
- @param padding the padding to be used to complete the last block.
-
-
- create a Retail-MAC based on a block cipher with the size of the
- MAC been given in bits. This class uses single DES CBC mode as the basis for the
- MAC generation.
-
- Note: the size of the MAC must be at least 24 bits (FIPS Publication 81),
- or 16 bits if being used as a data authenticator (FIPS Publication 113),
- and in general should be less than the size of the block cipher as it reduces
- the chance of an exhaustive attack (see Handbook of Applied Cryptography).
-
- @param cipher the cipher to be used as the basis of the MAC generation.
- @param macSizeInBits the size of the MAC in bits, must be a multiple of 8.
-
-
- create a standard MAC based on a block cipher with the size of the
- MAC been given in bits. This class uses single DES CBC mode as the basis for the
- MAC generation. The final block is decrypted and then encrypted using the
- middle and right part of the key.
-
- Note: the size of the MAC must be at least 24 bits (FIPS Publication 81),
- or 16 bits if being used as a data authenticator (FIPS Publication 113),
- and in general should be less than the size of the block cipher as it reduces
- the chance of an exhaustive attack (see Handbook of Applied Cryptography).
-
- @param cipher the cipher to be used as the basis of the MAC generation.
- @param macSizeInBits the size of the MAC in bits, must be a multiple of 8.
- @param padding the padding to be used to complete the last block.
-
-
- Reset the mac generator.
-
-
- an RSA key pair generator.
-
-
- Generator for Pbe derived keys and ivs as defined by Pkcs 5 V2.0 Scheme 2.
- This generator uses a SHA-1 HMac as the calculation function.
-
- The document this implementation is based on can be found at
-
- RSA's Pkcs5 Page
-
-
- construct a Pkcs5 Scheme 2 Parameters generator.
-
-
- Generate a key parameter derived from the password, salt, and iteration
- count we are currently initialised with.
-
- @param keySize the size of the key we want (in bits)
- @return a KeyParameter object.
-
-
- Generate a key with initialisation vector parameter derived from
- the password, salt, and iteration count we are currently initialised
- with.
-
- @param keySize the size of the key we want (in bits)
- @param ivSize the size of the iv we want (in bits)
- @return a ParametersWithIV object.
-
-
- Generate a key parameter for use with a MAC derived from the password,
- salt, and iteration count we are currently initialised with.
-
- @param keySize the size of the key we want (in bits)
- @return a KeyParameter object.
-
-
- KFD2 generator for derived keys and ivs as defined by IEEE P1363a/ISO 18033
-
- This implementation is based on IEEE P1363/ISO 18033.
-
-
- Construct a KDF1 byte generator.
-
- @param digest the digest to be used as the source of derived keys.
-
-
- An RC6 engine.
-
-
- Create an instance of the RC6 encryption algorithm
- and set some defaults
-
-
- initialise a RC5-32 cipher.
-
- @param forEncryption whether or not we are for encryption.
- @param parameters the parameters required to set up the cipher.
- @exception ArgumentException if the parameters argument is
- inappropriate.
-
-
- Re-key the cipher.
-
- @param inKey the key to be used
-
-
- Perform a left "spin" of the word. The rotation of the given
- word x is rotated left by y bits.
- Only the lg(wordSize) low-order bits of y
- are used to determine the rotation amount. Here it is
- assumed that the wordsize used is a power of 2.
-
- @param x word to rotate
- @param y number of bits to rotate % wordSize
-
-
- Perform a right "spin" of the word. The rotation of the given
- word x is rotated left by y bits.
- Only the lg(wordSize) low-order bits of y
- are used to determine the rotation amount. Here it is
- assumed that the wordsize used is a power of 2.
-
- @param x word to rotate
- @param y number of bits to rotate % wordSize
-
-
- A Noekeon engine, using direct-key mode.
-
-
- Create an instance of the Noekeon encryption algorithm
- and set some defaults
-
-
- initialise
-
- @param forEncryption whether or not we are for encryption.
- @param params the parameters required to set up the cipher.
- @exception ArgumentException if the params argument is
- inappropriate.
-
-
- Re-key the cipher.
-
- @param key the key to be used
-
-
- * Wrap keys according to
- *
- * draft-ietf-smime-key-wrap-01.txt.
- *
- * Note:
- *
- * - this is based on a draft, and as such is subject to change - don't use this class for anything requiring long term storage.
- * - if you are using this to wrap triple-des keys you need to set the
- * parity bits on the key and, if it's a two-key triple-des key, pad it
- * yourself.
- *
- *
-
-
- Field engine
-
-
- Field param
-
-
- Field paramPlusIV
-
-
- Field iv
-
-
- Field forWrapping
-
-
- Field IV2
-
-
- Method init
-
- @param forWrapping
- @param param
-
-
- Method wrap
-
- @param in
- @param inOff
- @param inLen
- @return
-
-
- Method unwrap
-
- @param in
- @param inOff
- @param inLen
- @return
- @throws InvalidCipherTextException
-
-
- Some key wrap algorithms make use of the Key Checksum defined
- in CMS [CMS-Algorithms]. This is used to provide an integrity
- check value for the key being wrapped. The algorithm is
-
- - Compute the 20 octet SHA-1 hash on the key being wrapped.
- - Use the first 8 octets of this hash as the checksum value.
-
- @param key
- @return
- @throws Exception
- @see http://www.w3.org/TR/xmlenc-core/#sec-CMSKeyChecksum
-
-
- @param key
- @param checksum
- @return
- @see http://www.w3.org/TR/xmlenc-core/#sec-CMSKeyChecksum
-
-
- Method GetAlgorithmName
-
- @return
-
-
- A class that provides a basic DESede (or Triple DES) engine.
-
-
- A class that provides a basic DES engine.
-
-
- initialise a DES cipher.
-
- @param forEncryption whether or not we are for encryption.
- @param parameters the parameters required to set up the cipher.
- @exception ArgumentException if the parameters argument is
- inappropriate.
-
-
- what follows is mainly taken from "Applied Cryptography", by
- Bruce Schneier, however it also bears great resemblance to Richard
- Outerbridge's D3DES...
-
-
- Generate an integer based working key based on our secret key
- and what we processing we are planning to do.
-
- Acknowledgements for this routine go to James Gillogly and Phil Karn.
- (whoever, and wherever they are!).
-
-
- the DES engine.
-
-
- initialise a DESede cipher.
-
- @param forEncryption whether or not we are for encryption.
- @param parameters the parameters required to set up the cipher.
- @exception ArgumentException if the parameters argument is
- inappropriate.
-
-
- Return the first SignerInformation object that matches the
- passed in selector. Null if there are no matches.
-
- @param selector to identify a signer
- @return a single SignerInformation object. Null if none matches.
-
-
- An ICollection of all signers in the collection
-
-
- Return possible empty collection with signers matching the passed in SignerID
-
- @param selector a signer id to select against.
- @return a collection of SignerInformation objects.
-
-
- The number of signers in the collection.
-
-
- General class for generating a CMS enveloped-data message stream.
-
- A simple example of usage.
-
- CmsEnvelopedDataStreamGenerator edGen = new CmsEnvelopedDataStreamGenerator();
-
- edGen.AddKeyTransRecipient(cert);
-
- MemoryStream bOut = new MemoryStream();
-
- Stream out = edGen.Open(
- bOut, CMSEnvelopedDataGenerator.AES128_CBC);*
- out.Write(data);
-
- out.Close();
-
-
-
-
- Constructor allowing specific source of randomness
- Instance of SecureRandom to use.
-
-
- Set the underlying string size for encapsulated data.
- Length of octet strings to buffer the data.
-
-
- Use a BER Set to store the recipient information.
-
-
-
- Generate an enveloped object that contains an CMS Enveloped Data
- object using the passed in key generator.
-
-
-
- generate an enveloped object that contains an CMS Enveloped Data object
- @throws IOException
-
-
- generate an enveloped object that contains an CMS Enveloped Data object
- @throws IOException
-
-
- Parsing class for an CMS Enveloped Data object from an input stream.
-
- Note: that because we are in a streaming mode only one recipient can be tried and it is important
- that the methods on the parser are called in the appropriate order.
-
-
- Example of use - assuming the first recipient matches the private key we have.
-
- CmsEnvelopedDataParser ep = new CmsEnvelopedDataParser(inputStream);
-
- RecipientInformationStore recipients = ep.GetRecipientInfos();
-
- Collection c = recipients.getRecipients();
- Iterator it = c.iterator();
-
- if (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- CMSTypedStream recData = recipient.getContentStream(privateKey);
-
- processDataStream(recData.getContentStream());
- }
-
- Note: this class does not introduce buffering - if you are processing large files you should create
- the parser with:
-
- CmsEnvelopedDataParser ep = new CmsEnvelopedDataParser(new BufferedInputStream(inputStream, bufSize));
-
- where bufSize is a suitably large buffer size.
-
-
-
- return a store of the intended recipients for this message
-
-
- return a table of the unprotected attributes indexed by
- the OID of the attribute.
- @throws IOException
-
-
- return the object identifier for the content encryption algorithm.
-
-
- return the ASN.1 encoded encryption algorithm parameters, or null if
- there aren't any.
-
-
- containing class for an CMS Compressed Data object
-
-
- Return the uncompressed content.
-
- @return the uncompressed content
- @throws CmsException if there is an exception uncompressing the data.
-
-
- Return the uncompressed content, throwing an exception if the data size
- is greater than the passed in limit. If the content is exceeded getCause()
- on the CMSException will contain a StreamOverflowException
-
- @param limit maximum number of bytes to read
- @return the content read
- @throws CMSException if there is an exception uncompressing the data.
-
-
- return the ASN.1 encoded representation of this object.
-
-
- return the ContentInfo
-
-
- General class for generating a CMS authenticated-data message.
-
- A simple example of usage.
-
-
- CMSAuthenticatedDataGenerator fact = new CMSAuthenticatedDataGenerator();
-
- fact.addKeyTransRecipient(cert);
-
- CMSAuthenticatedData data = fact.generate(content, algorithm, "BC");
-
-
-
- base constructor
-
-
- constructor allowing specific source of randomness
- @param rand instance of SecureRandom to use
-
-
- generate an enveloped object that contains an CMS Enveloped Data
- object using the given provider and the passed in key generator.
-
-
- generate an authenticated object that contains an CMS Authenticated Data object
-
-
-
- The 'Signature' parameter is only available when generating unsigned attributes.
-
-
-
- packet giving signature creation time.
-
-
- Packet embedded signature
-
-
- Base class for a DSA secret key.
-
-
- @param in
-
-
- Return the standard PGP encoding of the key.
-
-
- The format, as a string, always "PGP".
-
-
- @return x
-
-
- Reader for PGP objects.
-
-
- Returns the next packet tag in the stream.
-
-
-
- A stream that overlays our input stream, allowing the user to only read a segment of it.
- NB: dataLength will be negative if the segment length is in the upper range above 2**31.
-
-
-
- PKIX RFC-2459 - TbsCertList object.
-
- TbsCertList ::= Sequence {
- version Version OPTIONAL,
- -- if present, shall be v2
- signature AlgorithmIdentifier,
- issuer Name,
- thisUpdate Time,
- nextUpdate Time OPTIONAL,
- revokedCertificates Sequence OF Sequence {
- userCertificate CertificateSerialNumber,
- revocationDate Time,
- crlEntryExtensions Extensions OPTIONAL
- -- if present, shall be v2
- } OPTIONAL,
- crlExtensions [0] EXPLICIT Extensions OPTIONAL
- -- if present, shall be v2
- }
-
-
-
- This extension may contain further X.500 attributes of the subject. See also
- RFC 3039.
-
-
- SubjectDirectoryAttributes ::= Attributes
- Attributes ::= SEQUENCE SIZE (1..MAX) OF Attribute
- Attribute ::= SEQUENCE
- {
- type AttributeType
- values SET OF AttributeValue
- }
-
- AttributeType ::= OBJECT IDENTIFIER
- AttributeValue ::= ANY DEFINED BY AttributeType
-
-
- @see org.bouncycastle.asn1.x509.X509Name for AttributeType ObjectIdentifiers.
-
-
- Constructor from Asn1Sequence.
-
- The sequence is of type SubjectDirectoryAttributes:
-
-
- SubjectDirectoryAttributes ::= Attributes
- Attributes ::= SEQUENCE SIZE (1..MAX) OF Attribute
- Attribute ::= SEQUENCE
- {
- type AttributeType
- values SET OF AttributeValue
- }
-
- AttributeType ::= OBJECT IDENTIFIER
- AttributeValue ::= ANY DEFINED BY AttributeType
-
-
- @param seq
- The ASN.1 sequence.
-
-
- Constructor from an ArrayList of attributes.
-
- The ArrayList consists of attributes of type {@link Attribute Attribute}
-
- @param attributes The attributes.
-
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- Returns:
-
-
- SubjectDirectoryAttributes ::= Attributes
- Attributes ::= SEQUENCE SIZE (1..MAX) OF Attribute
- Attribute ::= SEQUENCE
- {
- type AttributeType
- values SET OF AttributeValue
- }
-
- AttributeType ::= OBJECT IDENTIFIER
- AttributeValue ::= ANY DEFINED BY AttributeType
-
-
- @return a DERObject
-
-
- @return Returns the attributes.
-
-
- Implementation of the RoleSyntax object as specified by the RFC3281.
-
-
- RoleSyntax ::= SEQUENCE {
- roleAuthority [0] GeneralNames OPTIONAL,
- roleName [1] GeneralName
- }
-
-
-
- RoleSyntax factory method.
- @param obj the object used to construct an instance of
- RoleSyntax
. It must be an instance of RoleSyntax
-
or Asn1Sequence
.
- @return the instance of RoleSyntax
built from the
- supplied object.
- @throws java.lang.ArgumentException if the object passed
- to the factory is not an instance of RoleSyntax
or
- Asn1Sequence
.
-
-
- Constructor.
- @param roleAuthority the role authority of this RoleSyntax.
- @param roleName the role name of this RoleSyntax.
-
-
- Constructor. Invoking this constructor is the same as invoking
- new RoleSyntax(null, roleName)
.
- @param roleName the role name of this RoleSyntax.
-
-
- Utility constructor. Takes a string
argument representing
- the role name, builds a GeneralName
to hold the role name
- and calls the constructor that takes a GeneralName
.
- @param roleName
-
-
- Constructor that builds an instance of RoleSyntax
by
- extracting the encoded elements from the Asn1Sequence
- object supplied.
- @param seq an instance of Asn1Sequence
that holds
- the encoded elements used to build this RoleSyntax
.
-
-
- Gets the role name as a java.lang.string
object.
- @return the role name of this RoleSyntax represented as a
- string
object.
-
-
- Gets the role authority as a string[]
object.
- @return the role authority of this RoleSyntax represented as a
- string[]
array.
-
-
- Implementation of the method ToAsn1Object
as
- required by the superclass ASN1Encodable
.
-
-
- RoleSyntax ::= SEQUENCE {
- roleAuthority [0] GeneralNames OPTIONAL,
- roleName [1] GeneralName
- }
-
-
-
- Gets the role authority of this RoleSyntax.
- @return an instance of GeneralNames
holding the
- role authority of this RoleSyntax.
-
-
- Gets the role name of this RoleSyntax.
- @return an instance of GeneralName
holding the
- role name of this RoleSyntax.
-
-
- PolicyQualifierId, used in the CertificatePolicies
- X509V3 extension.
-
-
- id-qt OBJECT IDENTIFIER ::= { id-pkix 2 }
- id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 }
- id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 }
- PolicyQualifierId ::=
- OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice )
-
-
-
- @param obj
- @return
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- AttributeCertificate ::= Sequence {
- acinfo AttributeCertificateInfo,
- signatureAlgorithm AlgorithmIdentifier,
- signatureValue BIT STRING
- }
-
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- Signature ::= Sequence {
- signatureAlgorithm AlgorithmIdentifier,
- signature BIT STRING,
- certs [0] EXPLICIT Sequence OF Certificate OPTIONAL}
-
-
-
- The OcspResponseStatus enumeration.
-
- OcspResponseStatus ::= Enumerated {
- successful (0), --Response has valid confirmations
- malformedRequest (1), --Illegal confirmation request
- internalError (2), --Internal error in issuer
- tryLater (3), --Try again later
- --(4) is not used
- sigRequired (5), --Must sign the request
- unauthorized (6) --Request unauthorized
- }
-
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- BasicOcspResponse ::= Sequence {
- tbsResponseData ResponseData,
- signatureAlgorithm AlgorithmIdentifier,
- signature BIT STRING,
- certs [0] EXPLICIT Sequence OF Certificate OPTIONAL }
-
-
-
- Utility class for fetching curves using their NIST names as published in FIPS-PUB 186-2
-
-
- return the X9ECParameters object for the named curve represented by
- the passed in object identifier. Null if the curve isn't present.
-
- @param oid an object identifier representing a named curve, if present.
-
-
- return the object identifier signified by the passed in name. Null
- if there is no object identifier associated with name.
-
- @return the object identifier associated with name, if present.
-
-
- return the named curve name represented by the given object identifier.
-
-
- returns an enumeration containing the name strings for curves
- contained in this structure.
-
-
- ISIS-MTT-Optional: The certificate requested by the client by inserting the
- RetrieveIfAllowed extension in the request, will be returned in this
- extension.
-
- ISIS-MTT-SigG: The signature act allows publishing certificates only then,
- when the certificate owner gives his isExplicit permission. Accordingly, there
- may be �nondownloadable� certificates, about which the responder must provide
- status information, but MUST NOT include them in the response. Clients may
- get therefore the following three kind of answers on a single request
- including the RetrieveIfAllowed extension:
-
- - a) the responder supports the extension and is allowed to publish the
- certificate: RequestedCertificate returned including the requested
- certificate
- - b) the responder supports the extension but is NOT allowed to publish
- the certificate: RequestedCertificate returned including an empty OCTET
- STRING
- - c) the responder does not support the extension: RequestedCertificate is
- not included in the response
-
- Clients requesting RetrieveIfAllowed MUST be able to handle these cases. If
- any of the OCTET STRING options is used, it MUST contain the DER encoding of
- the requested certificate.
-
-
- RequestedCertificate ::= CHOICE {
- Certificate Certificate,
- publicKeyCertificate [0] EXPLICIT OCTET STRING,
- attributeCertificate [1] EXPLICIT OCTET STRING
- }
-
-
-
- Constructor from a given details.
-
- Only one parameter can be given. All other must be null
.
-
- @param certificate Given as Certificate
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- Returns:
-
-
- RequestedCertificate ::= CHOICE {
- Certificate Certificate,
- publicKeyCertificate [0] EXPLICIT OCTET STRING,
- attributeCertificate [1] EXPLICIT OCTET STRING
- }
-
-
- @return an Asn1Object
-
-
- The DataGroupHash object.
-
- DataGroupHash ::= SEQUENCE {
- dataGroupNumber DataGroupNumber,
- dataGroupHashValue OCTET STRING }
-
- DataGroupNumber ::= INTEGER {
- dataGroup1 (1),
- dataGroup1 (2),
- dataGroup1 (3),
- dataGroup1 (4),
- dataGroup1 (5),
- dataGroup1 (6),
- dataGroup1 (7),
- dataGroup1 (8),
- dataGroup1 (9),
- dataGroup1 (10),
- dataGroup1 (11),
- dataGroup1 (12),
- dataGroup1 (13),
- dataGroup1 (14),
- dataGroup1 (15),
- dataGroup1 (16) }
-
-
-
-
-
- RFC 3126: 4.2.2 Complete Revocation Refs Attribute Definition
-
- CrlOcspRef ::= SEQUENCE {
- crlids [0] CRLListID OPTIONAL,
- ocspids [1] OcspListID OPTIONAL,
- otherRev [2] OtherRevRefs OPTIONAL
- }
-
-
-
-
- UTC time object.
-
-
- return an UTC Time from the passed in object.
-
- @exception ArgumentException if the object cannot be converted.
-
-
- return an UTC Time from a tagged object.
-
- @param obj the tagged object holding the object we want
- @param explicitly true if the object is meant to be explicitly
- tagged false otherwise.
- @exception ArgumentException if the tagged object cannot
- be converted.
-
-
- The correct format for this is YYMMDDHHMMSSZ (it used to be that seconds were
- never encoded. When you're creating one of these objects from scratch, that's
- what you want to use, otherwise we'll try to deal with whatever Gets read from
- the input stream... (this is why the input format is different from the GetTime()
- method output).
-
- @param time the time string.
-
-
- base constructor from a DateTime object
-
-
- return the time as a date based on whatever a 2 digit year will return. For
- standardised processing use ToAdjustedDateTime().
-
- @return the resulting date
- @exception ParseException if the date string cannot be parsed.
-
-
- return the time as an adjusted date
- in the range of 1950 - 2049.
-
- @return a date in the range of 1950 to 2049.
- @exception ParseException if the date string cannot be parsed.
-
-
- return the time - always in the form of
- YYMMDDhhmmssGMT(+hh:mm|-hh:mm).
-
- Normally in a certificate we would expect "Z" rather than "GMT",
- however adding the "GMT" means we can just use:
-
- dateF = new SimpleDateFormat("yyMMddHHmmssz");
-
- To read in the time and Get a date which is compatible with our local
- time zone.
-
- Note: In some cases, due to the local date processing, this
- may lead to unexpected results. If you want to stick the normal
- convention of 1950 to 2049 use the GetAdjustedTime() method.
-
-
-
- Return a time string as an adjusted date with a 4 digit year.
- This goes in the range of 1950 - 2049.
-
-
-
-
- AttributeTypeAndValue ::= SEQUENCE {
- type OBJECT IDENTIFIER,
- value ANY DEFINED BY type }
-
- @return a basic ASN.1 object representation.
-
-
-
- TimeStampTokenEvidence ::=
- SEQUENCE SIZE(1..MAX) OF TimeStampAndCrl
-
- @return
-
-
- return a PasswordRecipientInfo object from a tagged object.
-
- @param obj the tagged object holding the object we want.
- @param explicitly true if the object is meant to be explicitly
- tagged false otherwise.
- @exception ArgumentException if the object held by the
- tagged object cannot be converted.
-
-
- return a PasswordRecipientInfo object from the given object.
-
- @param obj the object we want converted.
- @exception ArgumentException if the object cannot be converted.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- PasswordRecipientInfo ::= Sequence {
- version CMSVersion, -- Always set to 0
- keyDerivationAlgorithm [0] KeyDerivationAlgorithmIdentifier
- OPTIONAL,
- keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
- encryptedKey EncryptedKey }
-
-
-
- return an OriginatorInfo object from a tagged object.
-
- @param obj the tagged object holding the object we want.
- @param explicitly true if the object is meant to be explicitly
- tagged false otherwise.
- @exception ArgumentException if the object held by the
- tagged object cannot be converted.
-
-
- return an OriginatorInfo object from the given object.
-
- @param obj the object we want converted.
- @exception ArgumentException if the object cannot be converted.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- OriginatorInfo ::= Sequence {
- certs [0] IMPLICIT CertificateSet OPTIONAL,
- crls [1] IMPLICIT CertificateRevocationLists OPTIONAL
- }
-
-
-
-
- PkiFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String
-
-
-
- Return the number of string elements present.
-
- @return number of elements present.
-
-
- Return the UTF8STRING at index.
-
- @param index index of the string of interest
- @return the string at index.
-
-
-
- CertOrEncCert ::= CHOICE {
- certificate [0] CMPCertificate,
- encryptedCert [1] EncryptedValue
- }
-
- @return a basic ASN.1 object representation.
-
-
- The octets making up the octet string.
-
-
- convert a vector of octet strings into a single byte string
-
-
- The octets making up the octet string.
-
-
- return the DER octets that make up this string.
-
-
- Base class for both the compress and decompress classes.
- Holds common arrays, and static data.
-
- @author Keiron Liddle
-
-
-
- Summary description for DeflaterOutputStream.
-
-
-
- Base class for an RFC 3161 Time Stamp Response object.
-
-
- Create a TimeStampResponse from a byte array containing an ASN.1 encoding.
-
- @param resp the byte array containing the encoded response.
- @throws TspException if the response is malformed.
- @throws IOException if the byte array doesn't represent an ASN.1 encoding.
-
-
- Create a TimeStampResponse from an input stream containing an ASN.1 encoding.
-
- @param input the input stream containing the encoded response.
- @throws TspException if the response is malformed.
- @throws IOException if the stream doesn't represent an ASN.1 encoding.
-
-
- Check this response against to see if it a well formed response for
- the passed in request. Validation will include checking the time stamp
- token if the response status is GRANTED or GRANTED_WITH_MODS.
-
- @param request the request to be checked against
- @throws TspException if the request can not match this response.
-
-
- return the ASN.1 encoded representation of this object.
-
-
-
-
-
-
-
-
- Returns a ObjectIdentifier for a give encoding.
-
- A string representation of the encoding.
- A DerObjectIdentifier, null if the Oid is not available.
-
-
- * Initializes the internal state of this PKIXCertPathChecker
.
- *
- * The forward
flag specifies the order that certificates
- * will be passed to the {@link #check check} method (forward or reverse). A
- * PKIXCertPathChecker
must support reverse checking
- * and may support forward checking.
- *
- *
- * @param forward
- * the order that certificates are presented to the
- * check
method. If true
,
- * certificates are presented from target to most-trusted CA
- * (forward); if false
, from most-trusted CA to
- * target (reverse).
- * @exception CertPathValidatorException
- * if this PKIXCertPathChecker
is unable to
- * check certificates in the specified order; it should never
- * be thrown if the forward flag is false since reverse
- * checking must be supported
-
-
- Indicates if forward checking is supported. Forward checking refers to
- the ability of the PKIXCertPathChecker
to perform its
- checks when certificates are presented to the check
method
- in the forward direction (from target to most-trusted CA).
-
- @return true
if forward checking is supported,
- false
otherwise
-
-
- * Returns an immutable Set
of X.509 certificate extensions
- * that this PKIXCertPathChecker
supports (i.e. recognizes,
- * is able to process), or null
if no extensions are
- * supported.
- *
- * Each element of the set is a String
representing the
- * Object Identifier (OID) of the X.509 extension that is supported. The OID
- * is represented by a set of nonnegative integers separated by periods.
- *
- * All X.509 certificate extensions that a PKIXCertPathChecker
- * might possibly be able to process should be included in the set.
- *
- *
- * @return an immutable Set
of X.509 extension OIDs (in
- * String
format) supported by this
- * PKIXCertPathChecker
, or null
if no
- * extensions are supported
-
-
- Performs the check(s) on the specified certificate using its internal
- state and removes any critical extensions that it processes from the
- specified collection of OID strings that represent the unresolved
- critical extensions. The certificates are presented in the order
- specified by the init
method.
-
- @param cert
- the Certificate
to be checked
- @param unresolvedCritExts
- a Collection
of OID strings representing the
- current set of unresolved critical extensions
- @exception CertPathValidatorException
- if the specified certificate does not pass the check
-
-
- Returns a clone of this object. Calls the Object.clone()
- method. All subclasses which maintain state must support and override
- this method, if necessary.
-
- @return a copy of this PKIXCertPathChecker
-
-
-
- Summary description for PkixBuilderParameters.
-
-
-
- Returns an instance of PkixBuilderParameters
.
-
- This method can be used to get a copy from other
- PKIXBuilderParameters
, PKIXParameters
,
- and ExtendedPKIXParameters
instances.
-
-
- @param pkixParams The PKIX parameters to create a copy of.
- @return An PkixBuilderParameters
instance.
-
-
-
- Excluded certificates are not used for building a certification path.
-
- the excluded certificates.
-
-
-
- Sets the excluded certificates which are not used for building a
- certification path. If the ISet
is null
an
- empty set is assumed.
-
-
- The given set is cloned to protect it against subsequent modifications.
-
- The excluded certificates to set.
-
-
- Can alse handle ExtendedPKIXBuilderParameters
and
- PKIXBuilderParameters
.
-
- @param params Parameters to set.
- @see org.bouncycastle.x509.ExtendedPKIXParameters#setParams(java.security.cert.PKIXParameters)
-
-
- Makes a copy of this PKIXParameters
object. Changes to the
- copy will not affect the original and vice versa.
-
- @return a copy of this PKIXParameters
object
-
-
- Generator for PGP signatures.
-
-
- Create a generator for the passed in keyAlgorithm and hashAlgorithm codes.
-
-
- Initialise the generator for signing.
-
-
- Initialise the generator for signing.
-
-
- Return the one pass header associated with the current signature.
-
-
- Return a signature object containing the current signature state.
-
-
- Generate a certification for the passed in ID and key.
- The ID we are certifying against the public key.
- The key we are certifying against the ID.
- The certification.
-
-
- Generate a certification for the passed in userAttributes.
- The ID we are certifying against the public key.
- The key we are certifying against the ID.
- The certification.
-
-
- Generate a certification for the passed in key against the passed in master key.
- The key we are certifying against.
- The key we are certifying.
- The certification.
-
-
- Generate a certification, such as a revocation, for the passed in key.
- The key we are certifying.
- The certification.
-
-
- A public key encrypted data object.
-
-
-
- Return the algorithm code for the symmetric algorithm used to encrypt the data.
-
-
-
- Return the decrypted data stream for the packet.
-
-
- The key ID for the key used to encrypt the data.
-
-
- A password based encryption object.
-
-
- Return the raw input stream for the data stream.
-
-
- Return the decrypted input stream, using the passed in passphrase.
-
-
- Generator for basic OCSP response objects.
-
-
- basic constructor
-
-
- construct with the responderID to be the SHA-1 keyHash of the passed in public key.
-
-
- Add a response for a particular Certificate ID.
-
- @param certID certificate ID details
- @param certStatus status of the certificate - null if okay
-
-
- Add a response for a particular Certificate ID.
-
- @param certID certificate ID details
- @param certStatus status of the certificate - null if okay
- @param singleExtensions optional extensions
-
-
- Add a response for a particular Certificate ID.
-
- @param certID certificate ID details
- @param nextUpdate date when next update should be requested
- @param certStatus status of the certificate - null if okay
- @param singleExtensions optional extensions
-
-
- Add a response for a particular Certificate ID.
-
- @param certID certificate ID details
- @param thisUpdate date this response was valid on
- @param nextUpdate date when next update should be requested
- @param certStatus status of the certificate - null if okay
- @param singleExtensions optional extensions
-
-
- Set the extensions for the response.
-
- @param responseExtensions the extension object to carry.
-
-
- Return an IEnumerable of the signature names supported by the generator.
-
- @return an IEnumerable containing recognised names.
-
-
- Class holding precomputation data for the WNAF (Window Non-Adjacent Form)
- algorithm.
-
-
- Array holding the precomputed ECPoint
s used for the Window
- NAF multiplication in
- {@link org.bouncycastle.math.ec.multiplier.WNafMultiplier.multiply()
- WNafMultiplier.multiply()}
.
-
-
- Holds an ECPoint
representing twice(this). Used for the
- Window NAF multiplication in
- {@link org.bouncycastle.math.ec.multiplier.WNafMultiplier.multiply()
- WNafMultiplier.multiply()}
.
-
-
-
- TLS 1.0 DH key exchange.
-
-
-
- An implementation of the TLS 1.0 record layer.
-
-
-
- RFC 2246 6.1
-
-
-
- parameters for Key derivation functions for IEEE P1363a
-
-
- Base constructor.
-
- @param key key to be used by underlying cipher
- @param macSize macSize in bits
- @param nonce nonce to be used
- @param associatedText associated text, if any
-
-
- A padder that adds X9.23 padding to a block - if a SecureRandom is
- passed in random padding is assumed, otherwise padding with zeros is used.
-
-
- Initialise the padder.
-
- @param random a SecureRandom if one is available.
-
-
- add the pad bytes to the passed in block, returning the
- number of bytes added.
-
-
- return the number of pad bytes present in the block.
-
-
- Return the name of the algorithm the cipher implements.
-
- @return the name of the algorithm the cipher implements.
-
-
- A wrapper class that allows block ciphers to be used to process data in
- a piecemeal fashion with padding. The PaddedBufferedBlockCipher
- outputs a block only when the buffer is full and more data is being added,
- or on a doFinal (unless the current block in the buffer is a pad block).
- The default padding mechanism used is the one outlined in Pkcs5/Pkcs7.
-
-
- Create a buffered block cipher with the desired padding.
-
- @param cipher the underlying block cipher this buffering object wraps.
- @param padding the padding type.
-
-
- Create a buffered block cipher Pkcs7 padding
-
- @param cipher the underlying block cipher this buffering object wraps.
-
-
- initialise the cipher.
-
- @param forEncryption if true the cipher is initialised for
- encryption, if false for decryption.
- @param param the key and other data required by the cipher.
- @exception ArgumentException if the parameters argument is
- inappropriate.
-
-
- return the minimum size of the output buffer required for an update
- plus a doFinal with an input of len bytes.
-
- @param len the length of the input.
- @return the space required to accommodate a call to update and doFinal
- with len bytes of input.
-
-
- return the size of the output buffer required for an update
- an input of len bytes.
-
- @param len the length of the input.
- @return the space required to accommodate a call to update
- with len bytes of input.
-
-
- process a single byte, producing an output block if neccessary.
-
- @param in the input byte.
- @param out the space for any output that might be produced.
- @param outOff the offset from which the output will be copied.
- @return the number of output bytes copied to out.
- @exception DataLengthException if there isn't enough space in out.
- @exception InvalidOperationException if the cipher isn't initialised.
-
-
- process an array of bytes, producing output if necessary.
-
- @param in the input byte array.
- @param inOff the offset at which the input data starts.
- @param len the number of bytes to be copied out of the input array.
- @param out the space for any output that might be produced.
- @param outOff the offset from which the output will be copied.
- @return the number of output bytes copied to out.
- @exception DataLengthException if there isn't enough space in out.
- @exception InvalidOperationException if the cipher isn't initialised.
-
-
- Process the last block in the buffer. If the buffer is currently
- full and padding needs to be added a call to doFinal will produce
- 2 * GetBlockSize() bytes.
-
- @param out the array the block currently being held is copied into.
- @param outOff the offset at which the copying starts.
- @return the number of output bytes copied to out.
- @exception DataLengthException if there is insufficient space in out for
- the output or we are decrypting and the input is not block size aligned.
- @exception InvalidOperationException if the underlying cipher is not
- initialised.
- @exception InvalidCipherTextException if padding is expected and not found.
-
-
- implements the GOST 28147 OFB counter mode (GCTR).
-
-
- Basic constructor.
-
- @param cipher the block cipher to be used as the basis of the
- counter mode (must have a 64 bit block size).
-
-
- return the underlying block cipher that we are wrapping.
-
- @return the underlying block cipher that we are wrapping.
-
-
- Initialise the cipher and, possibly, the initialisation vector (IV).
- If an IV isn't passed as part of the parameter, the IV will be all zeros.
- An IV which is too short is handled in FIPS compliant fashion.
-
- @param encrypting if true the cipher is initialised for
- encryption, if false for decryption.
- @param parameters the key and other data required by the cipher.
- @exception ArgumentException if the parameters argument is inappropriate.
-
-
- return the block size we are operating at (in bytes).
-
- @return the block size we are operating at (in bytes).
-
-
- Process one block of input from the array in and write it to
- the out array.
-
- @param in the array containing the input data.
- @param inOff offset into the in array the data starts at.
- @param out the array the output data will be copied into.
- @param outOff the offset into the out array the output will start at.
- @exception DataLengthException if there isn't enough data in in, or
- space in out.
- @exception InvalidOperationException if the cipher isn't initialised.
- @return the number of bytes processed and produced.
-
-
- reset the feedback vector back to the IV and reset the underlying
- cipher.
-
-
- return the algorithm name and mode.
-
- @return the name of the underlying algorithm followed by "/GCTR"
- and the block size in bits
-
-
- a ElGamal key pair generator.
-
- This Generates keys consistent for use with ElGamal as described in
- page 164 of "Handbook of Applied Cryptography".
-
-
- implementation of GOST 28147-89
-
-
- standard constructor.
-
-
- initialise an Gost28147 cipher.
-
- @param forEncryption whether or not we are for encryption.
- @param parameters the parameters required to set up the cipher.
- @exception ArgumentException if the parameters argument is inappropriate.
-
-
- Return the S-Box associated with SBoxName
- @param sBoxName name of the S-Box
- @return byte array representing the S-Box
-
-
-
- Implementation of RipeMD256.
- Note: this algorithm offers the same level of security as RipeMD128.
-
-
-
- Standard constructor
-
-
- Copy constructor. This will copy the state of the provided
- message digest.
-
-
-
- reset the chaining variables to the IV values.
-
-
- a buffer wrapper for an asymmetric block cipher, allowing input
- to be accumulated in a piecemeal fashion until final processing.
-
-
- base constructor.
-
- @param cipher the cipher this buffering object wraps.
-
-
- return the amount of data sitting in the buffer.
-
- @return the amount of data sitting in the buffer.
-
-
- initialise the buffer and the underlying cipher.
-
- @param forEncryption if true the cipher is initialised for
- encryption, if false for decryption.
- @param param the key and other data required by the cipher.
-
-
- process the contents of the buffer using the underlying
- cipher.
-
- @return the result of the encryption/decryption process on the
- buffer.
- @exception InvalidCipherTextException if we are given a garbage block.
-
-
- Reset the buffer
-
-
- RFC 2631 Diffie-hellman KEK derivation function.
-
-
- P1363 7.2.1 ECSVDP-DH
-
- ECSVDP-DH is Elliptic Curve Secret Value Derivation Primitive,
- Diffie-Hellman version. It is based on the work of [DH76], [Mil86],
- and [Kob87]. This primitive derives a shared secret value from one
- party's private key and another party's public key, where both have
- the same set of EC domain parameters. If two parties correctly
- execute this primitive, they will produce the same output. This
- primitive can be invoked by a scheme to derive a shared secret key;
- specifically, it may be used with the schemes ECKAS-DH1 and
- DL/ECKAS-DH2. It assumes that the input keys are valid (see also
- Section 7.2.2).
-
-
- Basic generator that just returns a preconstructed attribute table
-
-
-
- PKCS5 scheme-2 - password converted to bytes assuming ASCII.
-
-
-
- Basic type for a user attribute packet.
-
-
- packet giving trust.
-
-
- Basic PGP signature sub-packet tag types.
-
-
- Basic packet for a PGP public key.
-
-
- Construct a version 4 public key packet.
-
-
-
- RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
-
- RelativeDistinguishedName ::= SET SIZE (1..MAX) OF AttributeTypeAndValue
-
- AttributeTypeAndValue ::= SEQUENCE {
- type OBJECT IDENTIFIER,
- value ANY }
-
-
-
- country code - StringType(SIZE(2))
-
-
- organization - StringType(SIZE(1..64))
-
-
- organizational unit name - StringType(SIZE(1..64))
-
-
- Title
-
-
- common name - StringType(SIZE(1..64))
-
-
- street - StringType(SIZE(1..64))
-
-
- device serial number name - StringType(SIZE(1..64))
-
-
- locality name - StringType(SIZE(1..64))
-
-
- state, or province name - StringType(SIZE(1..64))
-
-
- Naming attributes of type X520name
-
-
- businessCategory - DirectoryString(SIZE(1..128)
-
-
- postalCode - DirectoryString(SIZE(1..40)
-
-
- dnQualifier - DirectoryString(SIZE(1..64)
-
-
- RFC 3039 Pseudonym - DirectoryString(SIZE(1..64)
-
-
- RFC 3039 DateOfBirth - GeneralizedTime - YYYYMMDD000000Z
-
-
- RFC 3039 PlaceOfBirth - DirectoryString(SIZE(1..128)
-
-
- RFC 3039 DateOfBirth - PrintableString (SIZE(1)) -- "M", "F", "m" or "f"
-
-
- RFC 3039 CountryOfCitizenship - PrintableString (SIZE (2)) -- ISO 3166
- codes only
-
-
- RFC 3039 CountryOfCitizenship - PrintableString (SIZE (2)) -- ISO 3166
- codes only
-
-
- ISIS-MTT NameAtBirth - DirectoryString(SIZE(1..64)
-
-
- RFC 3039 PostalAddress - SEQUENCE SIZE (1..6) OF
- DirectoryString(SIZE(1..30))
-
-
- RFC 2256 dmdName
-
-
- id-at-telephoneNumber
-
-
- id-at-name
-
-
- Email address (RSA PKCS#9 extension) - IA5String.
- Note: if you're trying to be ultra orthodox, don't use this! It shouldn't be in here.
-
-
- more from PKCS#9
-
-
- email address in Verisign certificates
-
-
- LDAP User id.
-
-
- default look up table translating OID values into their common symbols following
- the convention in RFC 2253 with a few extras
-
-
- look up table translating OID values into their common symbols following the convention in RFC 2253
-
-
- look up table translating OID values into their common symbols following the convention in RFC 1779
-
-
-
- look up table translating common symbols into their OIDS.
-
-
- Return a X509Name based on the passed in tagged object.
-
- @param obj tag object holding name.
- @param explicitly true if explicitly tagged false otherwise.
- @return the X509Name
-
-
- Constructor from Asn1Sequence
-
- the principal will be a list of constructed sets, each containing an (OID, string) pair.
-
-
- Constructor from a table of attributes with ordering.
-
- it's is assumed the table contains OID/string pairs, and the contents
- of the table are copied into an internal table as part of the
- construction process. The ordering ArrayList should contain the OIDs
- in the order they are meant to be encoded or printed in ToString.
-
-
- Constructor from a table of attributes with ordering.
-
- it's is assumed the table contains OID/string pairs, and the contents
- of the table are copied into an internal table as part of the
- construction process. The ordering ArrayList should contain the OIDs
- in the order they are meant to be encoded or printed in ToString.
-
- The passed in converter will be used to convert the strings into their
- ASN.1 counterparts.
-
-
- Takes two vectors one of the oids and the other of the values.
-
-
- Takes two vectors one of the oids and the other of the values.
-
- The passed in converter will be used to convert the strings into their
- ASN.1 counterparts.
-
-
- Takes an X509 dir name as a string of the format "C=AU, ST=Victoria", or
- some such, converting it into an ordered set of name attributes.
-
-
- Takes an X509 dir name as a string of the format "C=AU, ST=Victoria", or
- some such, converting it into an ordered set of name attributes with each
- string value being converted to its associated ASN.1 type using the passed
- in converter.
-
-
- Takes an X509 dir name as a string of the format "C=AU, ST=Victoria", or
- some such, converting it into an ordered set of name attributes. If reverse
- is true, create the encoded version of the sequence starting from the
- last element in the string.
-
-
- Takes an X509 dir name as a string of the format "C=AU, ST=Victoria", or
- some such, converting it into an ordered set of name attributes with each
- string value being converted to its associated ASN.1 type using the passed
- in converter. If reverse is true the ASN.1 sequence representing the DN will
- be built by starting at the end of the string, rather than the start.
-
-
- Takes an X509 dir name as a string of the format "C=AU, ST=Victoria", or
- some such, converting it into an ordered set of name attributes. lookUp
- should provide a table of lookups, indexed by lowercase only strings and
- yielding a DerObjectIdentifier, other than that OID. and numeric oids
- will be processed automatically.
-
- If reverse is true, create the encoded version of the sequence
- starting from the last element in the string.
- @param reverse true if we should start scanning from the end (RFC 2553).
- @param lookUp table of names and their oids.
- @param dirName the X.500 string to be parsed.
-
-
- Takes an X509 dir name as a string of the format "C=AU, ST=Victoria", or
- some such, converting it into an ordered set of name attributes. lookUp
- should provide a table of lookups, indexed by lowercase only strings and
- yielding a DerObjectIdentifier, other than that OID. and numeric oids
- will be processed automatically. The passed in converter is used to convert the
- string values to the right of each equals sign to their ASN.1 counterparts.
-
- @param reverse true if we should start scanning from the end, false otherwise.
- @param lookUp table of names and oids.
- @param dirName the string dirName
- @param converter the converter to convert string values into their ASN.1 equivalents
-
-
- return an ArrayList of the oids in the name, in the order they were found.
-
-
- return an IList of the oids in the name, in the order they were found.
-
-
- return an ArrayList of the values found in the name, in the order they
- were found.
-
-
- return an IList of the values found in the name, in the order they
- were found.
-
-
- return an ArrayList of the values found in the name, in the order they
- were found, with the DN label corresponding to passed in oid.
-
-
- return an IList of the values found in the name, in the order they
- were found, with the DN label corresponding to passed in oid.
-
-
- The X509Name object to test equivalency against.
- If true, the order of elements must be the same,
- as well as the values associated with each element.
-
-
- test for equivalence - note: case is ignored.
-
-
- convert the structure to a string - if reverse is true the
- oids and values are listed out starting with the last element
- in the sequence (ala RFC 2253), otherwise the string will begin
- with the first element of the structure. If no string definition
- for the oid is found in oidSymbols the string value of the oid is
- added. Two standard symbol tables are provided DefaultSymbols, and
- RFC2253Symbols as part of this class.
-
- @param reverse if true start at the end of the sequence and work back.
- @param oidSymbols look up table strings for oids.
-
-
- determines whether or not strings should be processed and printed
- from back to front.
-
-
- creates a time object from a given date - if the date is between 1950
- and 2049 a UTCTime object is Generated, otherwise a GeneralizedTime
- is used.
-
-
-
- Return our time as DateTime.
-
- A date time.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- Time ::= CHOICE {
- utcTime UTCTime,
- generalTime GeneralizedTime }
-
-
-
- Structure for a name or pseudonym.
-
-
- NameOrPseudonym ::= CHOICE {
- surAndGivenName SEQUENCE {
- surName DirectoryString,
- givenName SEQUENCE OF DirectoryString
- },
- pseudonym DirectoryString
- }
-
-
- @see org.bouncycastle.asn1.x509.sigi.PersonalData
-
-
-
- Constructor from DERString.
-
- The sequence is of type NameOrPseudonym:
-
-
- NameOrPseudonym ::= CHOICE {
- surAndGivenName SEQUENCE {
- surName DirectoryString,
- givenName SEQUENCE OF DirectoryString
- },
- pseudonym DirectoryString
- }
-
- @param pseudonym pseudonym value to use.
-
-
- Constructor from Asn1Sequence.
-
- The sequence is of type NameOrPseudonym:
-
-
- NameOrPseudonym ::= CHOICE {
- surAndGivenName SEQUENCE {
- surName DirectoryString,
- givenName SEQUENCE OF DirectoryString
- },
- pseudonym DirectoryString
- }
-
-
- @param seq The ASN.1 sequence.
-
-
- Constructor from a given details.
-
- @param pseudonym The pseudonym.
-
-
- Constructor from a given details.
-
- @param surname The surname.
- @param givenName A sequence of directory strings making up the givenName
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- Returns:
-
-
- NameOrPseudonym ::= CHOICE {
- surAndGivenName SEQUENCE {
- surName DirectoryString,
- givenName SEQUENCE OF DirectoryString
- },
- pseudonym DirectoryString
- }
-
-
- @return an Asn1Object
-
-
- The QCStatement object.
-
- QCStatement ::= SEQUENCE {
- statementId OBJECT IDENTIFIER,
- statementInfo ANY DEFINED BY statementId OPTIONAL}
-
-
-
- The Iso4217CurrencyCode object.
-
- Iso4217CurrencyCode ::= CHOICE {
- alphabetic PrintableString (SIZE 3), --Recommended
- numeric INTEGER (1..999) }
- -- Alphabetic or numeric currency code as defined in ISO 4217
- -- It is recommended that the Alphabetic form is used
-
-
-
- The AuthorityInformationAccess object.
-
- id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 }
-
- AuthorityInfoAccessSyntax ::=
- Sequence SIZE (1..MAX) OF AccessDescription
- AccessDescription ::= Sequence {
- accessMethod OBJECT IDENTIFIER,
- accessLocation GeneralName }
-
- id-ad OBJECT IDENTIFIER ::= { id-pkix 48 }
- id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 }
- id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 }
-
-
-
- create an AuthorityInformationAccess with the oid and location provided.
-
-
-
- DirectoryString ::= CHOICE {
- teletexString TeletexString (SIZE (1..MAX)),
- printableString PrintableString (SIZE (1..MAX)),
- universalString UniversalString (SIZE (1..MAX)),
- utf8String UTF8String (SIZE (1..MAX)),
- bmpString BMPString (SIZE (1..MAX)) }
-
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- CertID ::= Sequence {
- hashAlgorithm AlgorithmIdentifier,
- issuerNameHash OCTET STRING, -- Hash of Issuer's DN
- issuerKeyHash OCTET STRING, -- Hash of Issuers public key
- serialNumber CertificateSerialNumber }
-
-
-
- The NetscapeCertType object.
-
- NetscapeCertType ::= BIT STRING {
- SSLClient (0),
- SSLServer (1),
- S/MIME (2),
- Object Signing (3),
- Reserved (4),
- SSL CA (5),
- S/MIME CA (6),
- Object Signing CA (7) }
-
-
-
- Basic constructor.
-
- @param usage - the bitwise OR of the Key Usage flags giving the
- allowed uses for the key.
- e.g. (X509NetscapeCertType.sslCA | X509NetscapeCertType.smimeCA)
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- cast5CBCParameters ::= Sequence {
- iv OCTET STRING DEFAULT 0,
- -- Initialization vector
- keyLength Integer
- -- Key length, in bits
- }
-
-
-
- An Admissions structure.
-
-
- Admissions ::= SEQUENCE
- {
- admissionAuthority [0] EXPLICIT GeneralName OPTIONAL
- namingAuthority [1] EXPLICIT NamingAuthority OPTIONAL
- professionInfos SEQUENCE OF ProfessionInfo
- }
-
-
-
- @see Org.BouncyCastle.Asn1.IsisMtt.X509.AdmissionSyntax
- @see Org.BouncyCastle.Asn1.IsisMtt.X509.ProfessionInfo
- @see Org.BouncyCastle.Asn1.IsisMtt.X509.NamingAuthority
-
-
- Constructor from Asn1Sequence.
-
- The sequence is of type ProcurationSyntax:
-
-
- Admissions ::= SEQUENCE
- {
- admissionAuthority [0] EXPLICIT GeneralName OPTIONAL
- namingAuthority [1] EXPLICIT NamingAuthority OPTIONAL
- professionInfos SEQUENCE OF ProfessionInfo
- }
-
-
- @param seq The ASN.1 sequence.
-
-
- Constructor from a given details.
-
- Parameter professionInfos
is mandatory.
-
- @param admissionAuthority The admission authority.
- @param namingAuthority The naming authority.
- @param professionInfos The profession infos.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- Returns:
-
-
- Admissions ::= SEQUENCE
- {
- admissionAuthority [0] EXPLICIT GeneralName OPTIONAL
- namingAuthority [1] EXPLICIT NamingAuthority OPTIONAL
- professionInfos SEQUENCE OF ProfessionInfo
- }
-
-
-
- @return an Asn1Object
-
-
-
- LDSVersionInfo ::= SEQUENCE {
- ldsVersion PRINTABLE STRING
- unicodeVersion PRINTABLE STRING
- }
-
- @return
-
-
-
-
- SignaturePolicyIdentifier ::= CHOICE {
- SignaturePolicyId SignaturePolicyId,
- SignaturePolicyImplied SignaturePolicyImplied
- }
-
- SignaturePolicyImplied ::= NULL
-
-
-
-
-
- CommitmentTypeIndication ::= SEQUENCE {
- commitmentTypeId CommitmentTypeIdentifier,
- commitmentTypeQualifier SEQUENCE SIZE (1..MAX) OF
- CommitmentTypeQualifier OPTIONAL }
-
-
-
- Generalized time object.
-
-
- return a generalized time from the passed in object
-
- @exception ArgumentException if the object cannot be converted.
-
-
- return a Generalized Time object from a tagged object.
-
- @param obj the tagged object holding the object we want
- @param explicitly true if the object is meant to be explicitly
- tagged false otherwise.
- @exception ArgumentException if the tagged object cannot
- be converted.
-
-
- The correct format for this is YYYYMMDDHHMMSS[.f]Z, or without the Z
- for local time, or Z+-HHMM on the end, for difference between local
- time and UTC time. The fractional second amount f must consist of at
- least one number with trailing zeroes removed.
-
- @param time the time string.
- @exception ArgumentException if string is an illegal format.
-
-
- base constructor from a local time object
-
-
- return the time - always in the form of
- YYYYMMDDhhmmssGMT(+hh:mm|-hh:mm).
-
- Normally in a certificate we would expect "Z" rather than "GMT",
- however adding the "GMT" means we can just use:
-
- dateF = new SimpleDateFormat("yyyyMMddHHmmssz");
-
- To read in the time and Get a date which is compatible with our local
- time zone.
-
-
- Return the time.
- @return The time string as it appeared in the encoded object.
-
-
-
- PkiPublicationInfo ::= SEQUENCE {
- action INTEGER {
- dontPublish (0),
- pleasePublish (1) },
- pubInfos SEQUENCE SIZE (1..MAX) OF SinglePubInfo OPTIONAL }
- -- pubInfos MUST NOT be present if action is "dontPublish"
- -- (if action is "pleasePublish" and pubInfos is omitted,
- -- "dontCare" is assumed)
-
- @return a basic ASN.1 object representation.
-
-
- creates a time object from a given date - if the date is between 1950
- and 2049 a UTCTime object is Generated, otherwise a GeneralizedTime
- is used.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- Time ::= CHOICE {
- utcTime UTCTime,
- generalTime GeneralizedTime }
-
-
-
- return an OriginatorIdentifierOrKey object from a tagged object.
-
- @param o the tagged object holding the object we want.
- @param explicitly true if the object is meant to be explicitly
- tagged false otherwise.
- @exception ArgumentException if the object held by the
- tagged object cannot be converted.
-
-
- return an OriginatorIdentifierOrKey object from the given object.
-
- @param o the object we want converted.
- @exception ArgumentException if the object cannot be converted.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- OriginatorIdentifierOrKey ::= CHOICE {
- issuerAndSerialNumber IssuerAndSerialNumber,
- subjectKeyIdentifier [0] SubjectKeyIdentifier,
- originatorKey [1] OriginatorPublicKey
- }
-
- SubjectKeyIdentifier ::= OCTET STRING
-
-
-
- return an AuthEnvelopedData object from a tagged object.
-
- @param obj the tagged object holding the object we want.
- @param isExplicit true if the object is meant to be explicitly
- tagged false otherwise.
- @throws ArgumentException if the object held by the
- tagged object cannot be converted.
-
-
- return an AuthEnvelopedData object from the given object.
-
- @param obj the object we want converted.
- @throws ArgumentException if the object cannot be converted.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- MQVuserKeyingMaterial ::= SEQUENCE {
- ephemeralPublicKey OriginatorPublicKey,
- addedukm [0] EXPLICIT UserKeyingMaterial OPTIONAL }
-
-
-
-
- PopoDecKeyRespContent ::= SEQUENCE OF INTEGER
-
- @return a basic ASN.1 object representation.
-
-
-
- PKIHeader ::= SEQUENCE {
- pvno INTEGER { cmp1999(1), cmp2000(2) },
- sender GeneralName,
- -- identifies the sender
- recipient GeneralName,
- -- identifies the intended recipient
- messageTime [0] GeneralizedTime OPTIONAL,
- -- time of production of this message (used when sender
- -- believes that the transport will be "suitable"; i.e.,
- -- that the time will still be meaningful upon receipt)
- protectionAlg [1] AlgorithmIdentifier OPTIONAL,
- -- algorithm used for calculation of protection bits
- senderKID [2] KeyIdentifier OPTIONAL,
- recipKID [3] KeyIdentifier OPTIONAL,
- -- to identify specific keys used for protection
- transactionID [4] OCTET STRING OPTIONAL,
- -- identifies the transaction; i.e., this will be the same in
- -- corresponding request, response, certConf, and PKIConf
- -- messages
- senderNonce [5] OCTET STRING OPTIONAL,
- recipNonce [6] OCTET STRING OPTIONAL,
- -- nonces used to provide replay protection, senderNonce
- -- is inserted by the creator of this message; recipNonce
- -- is a nonce previously inserted in a related message by
- -- the intended recipient of this message
- freeText [7] PKIFreeText OPTIONAL,
- -- this may be used to indicate context-specific instructions
- -- (this field is intended for human consumption)
- generalInfo [8] SEQUENCE SIZE (1..MAX) OF
- InfoTypeAndValue OPTIONAL
- -- this may be used to convey context-specific information
- -- (this field not primarily intended for human consumption)
- }
-
- @return a basic ASN.1 object representation.
-
-
- Note: the addition of attribute certificates is a BC extension.
-
-
-
- CMPCertificate ::= CHOICE {
- x509v3PKCert Certificate
- x509v2AttrCert [1] AttributeCertificate
- }
-
- Note: the addition of attribute certificates is a BC extension.
-
- @return a basic ASN.1 object representation.
-
-
- create an empty sequence
-
-
- create a set containing one object
-
-
- create a set containing a vector of objects.
-
-
- encode the input data producing a base 64 encoded byte array.
-
- @return a byte array containing the base 64 encoded data.
-
-
- Encode the byte data to base 64 writing it to the given output stream.
-
- @return the number of bytes produced.
-
-
- Encode the byte data to base 64 writing it to the given output stream.
-
- @return the number of bytes produced.
-
-
- decode the base 64 encoded input data. It is assumed the input data is valid.
-
- @return a byte array representing the decoded data.
-
-
- decode the base 64 encoded string data - whitespace will be ignored.
-
- @return a byte array representing the decoded data.
-
-
- decode the base 64 encoded string data writing it to the given output stream,
- whitespace characters will be ignored.
-
- @return the number of bytes produced.
-
-
- Validate the time stamp token.
-
- To be valid the token must be signed by the passed in certificate and
- the certificate must be the one referred to by the SigningCertificate
- attribute included in the hashed attributes of the token. The
- certificate must also have the ExtendedKeyUsageExtension with only
- KeyPurposeID.IdKPTimeStamping and have been valid at the time the
- timestamp was created.
-
-
- A successful call to validate means all the above are true.
-
-
-
- Return the underlying CmsSignedData object.
-
- @return the underlying CMS structure.
-
-
- Return a ASN.1 encoded byte stream representing the encoded object.
-
- @throws IOException if encoding fails.
-
-
-
- Utility class for creating IDigest objects from their names/Oids
-
-
-
-
- Returns a ObjectIdentifier for a given digest mechanism.
-
- A string representation of the digest meanism.
- A DerObjectIdentifier, null if the Oid is not available.
-
-
-
- crl checking
- Return a Collection of all CRLs found in the X509Store's that are
- matching the crlSelect criteriums.
-
- a {@link X509CRLStoreSelector} object that will be used
- to select the CRLs
- a List containing only {@link org.bouncycastle.x509.X509Store
- X509Store} objects. These are used to search for CRLs
- a Collection of all found {@link X509CRL X509CRL} objects. May be
- empty but never null
.
-
-
-
- A list of PGP signatures - normally in the signature block after literal data.
-
-
- General class to handle a PGP secret key object.
-
-
- Extract a PgpPrivateKey from this secret key's encrypted contents.
-
-
-
- Return a copy of the passed in secret key, encrypted using a new password
- and the passed in algorithm.
-
- The PgpSecretKey to be copied.
- The current password for the key.
- The new password for the key.
- The algorithm to be used for the encryption.
- Source of randomness.
-
-
- Replace the passed the public key on the passed in secret key.
- Secret key to change.
- New public key.
- A new secret key.
- If KeyId's do not match.
-
-
-
- Check if this key has an algorithm type that makes it suitable to use for signing.
-
-
- Note: with version 4 keys KeyFlags subpackets should also be considered when present for
- determining the preferred use of the key.
-
-
- true if this key algorithm is suitable for use with signing.
-
-
-
- True, if this is a master key.
-
-
- The algorithm the key is encrypted with.
-
-
- The key ID of the public key associated with this key.
-
-
- The public key associated with this key.
-
-
- Allows enumeration of any user IDs associated with the key.
- An IEnumerable of string objects.
-
-
- Allows enumeration of any user attribute vectors associated with the key.
- An IEnumerable of string objects.
-
-
-
- Thrown if the key checksum is invalid.
-
-
-
-
- OcspRequest ::= SEQUENCE {
- tbsRequest TBSRequest,
- optionalSignature [0] EXPLICIT Signature OPTIONAL }
-
- TBSRequest ::= SEQUENCE {
- version [0] EXPLICIT Version DEFAULT v1,
- requestorName [1] EXPLICIT GeneralName OPTIONAL,
- requestList SEQUENCE OF Request,
- requestExtensions [2] EXPLICIT Extensions OPTIONAL }
-
- Signature ::= SEQUENCE {
- signatureAlgorithm AlgorithmIdentifier,
- signature BIT STRING,
- certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL}
-
- Version ::= INTEGER { v1(0) }
-
- Request ::= SEQUENCE {
- reqCert CertID,
- singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL }
-
- CertID ::= SEQUENCE {
- hashAlgorithm AlgorithmIdentifier,
- issuerNameHash OCTET STRING, -- Hash of Issuer's DN
- issuerKeyHash OCTET STRING, -- Hash of Issuers public key
- serialNumber CertificateSerialNumber }
-
-
-
- Return the DER encoding of the tbsRequest field.
- @return DER encoding of tbsRequest
- @throws OcspException in the event of an encoding error.
-
-
- If the request is signed return a possibly empty CertStore containing the certificates in the
- request. If the request is not signed the method returns null.
-
- @return null if not signed, a CertStore otherwise
- @throws OcspException
-
-
- Verify the signature against the TBSRequest object we contain.
-
-
- return the ASN.1 encoded representation of this object.
-
-
- return the object identifier representing the signature algorithm
-
-
- Return whether or not this request is signed.
-
- @return true if signed false otherwise.
-
-
- create from an issuer certificate and the serial number of the
- certificate it signed.
- @exception OcspException if any problems occur creating the id fields.
-
-
- return the serial number for the certificate associated
- with this request.
-
-
- Class representing an element of Z[τ]
. Let
- λ
be an element of Z[τ]
. Then
- λ
is given as λ = u + vτ
. The
- components u
and v
may be used directly, there
- are no accessor methods.
- Immutable class.
-
-
- The "real" part of λ
.
-
-
- The "τ
-adic" part of λ
.
-
-
- Constructor for an element λ
of
- Z[τ]
.
- @param u The "real" part of λ
.
- @param v The "τ
-adic" part of
- λ
.
-
-
-
- RFC 2246 7.2
-
-
-
- Private key parameters for NaccacheStern cipher. For details on this cipher,
- please see
-
- http://www.gemplus.com/smart/rd/publications/pdf/NS98pkcs.pdf
-
-
- Constructs a NaccacheSternPrivateKey
-
- @param g
- the public enryption parameter g
- @param n
- the public modulus n = p*q
- @param lowerSigmaBound
- the public lower sigma bound up to which data can be encrypted
- @param smallPrimes
- the small primes, of which sigma is constructed in the right
- order
- @param phi_n
- the private modulus phi(n) = (p-1)(q-1)
-
-
- * Implements OpenPGP's rather strange version of Cipher-FeedBack (CFB) mode
- * on top of a simple cipher. This class assumes the IV has been prepended
- * to the data stream already, and just accomodates the reset after
- * (blockSize + 2) bytes have been read.
- *
- * For further info see RFC 2440.
- *
-
-
- Basic constructor.
-
- @param cipher the block cipher to be used as the basis of the
- feedback mode.
-
-
- return the underlying block cipher that we are wrapping.
-
- @return the underlying block cipher that we are wrapping.
-
-
- return the block size we are operating at.
-
- @return the block size we are operating at (in bytes).
-
-
- Process one block of input from the array in and write it to
- the out array.
-
- @param in the array containing the input data.
- @param inOff offset into the in array the data starts at.
- @param out the array the output data will be copied into.
- @param outOff the offset into the out array the output will start at.
- @exception DataLengthException if there isn't enough data in in, or
- space in out.
- @exception InvalidOperationException if the cipher isn't initialised.
- @return the number of bytes processed and produced.
-
-
- reset the chaining vector back to the IV and reset the underlying
- cipher.
-
-
- Initialise the cipher and, possibly, the initialisation vector (IV).
- If an IV isn't passed as part of the parameter, the IV will be all zeros.
- An IV which is too short is handled in FIPS compliant fashion.
-
- @param forEncryption if true the cipher is initialised for
- encryption, if false for decryption.
- @param parameters the key and other data required by the cipher.
- @exception ArgumentException if the parameters argument is
- inappropriate.
-
-
- Encrypt one byte of data according to CFB mode.
- @param data the byte to encrypt
- @param blockOff offset in the current block
- @returns the encrypted byte
-
-
- Do the appropriate processing for CFB IV mode encryption.
-
- @param in the array containing the data to be encrypted.
- @param inOff offset into the in array the data starts at.
- @param out the array the encrypted data will be copied into.
- @param outOff the offset into the out array the output will start at.
- @exception DataLengthException if there isn't enough data in in, or
- space in out.
- @exception InvalidOperationException if the cipher isn't initialised.
- @return the number of bytes processed and produced.
-
-
- Do the appropriate processing for CFB IV mode decryption.
-
- @param in the array containing the data to be decrypted.
- @param inOff offset into the in array the data starts at.
- @param out the array the encrypted data will be copied into.
- @param outOff the offset into the out array the output will start at.
- @exception DataLengthException if there isn't enough data in in, or
- space in out.
- @exception InvalidOperationException if the cipher isn't initialised.
- @return the number of bytes processed and produced.
-
-
- return the algorithm name and mode.
-
- @return the name of the underlying algorithm followed by "/PGPCFB"
- and the block size in bits.
-
-
- implements Cipher-Block-Chaining (CBC) mode on top of a simple cipher.
-
-
- Basic constructor.
-
- @param cipher the block cipher to be used as the basis of chaining.
-
-
- return the underlying block cipher that we are wrapping.
-
- @return the underlying block cipher that we are wrapping.
-
-
- Initialise the cipher and, possibly, the initialisation vector (IV).
- If an IV isn't passed as part of the parameter, the IV will be all zeros.
-
- @param forEncryption if true the cipher is initialised for
- encryption, if false for decryption.
- @param param the key and other data required by the cipher.
- @exception ArgumentException if the parameters argument is
- inappropriate.
-
-
- return the block size of the underlying cipher.
-
- @return the block size of the underlying cipher.
-
-
- Process one block of input from the array in and write it to
- the out array.
-
- @param in the array containing the input data.
- @param inOff offset into the in array the data starts at.
- @param out the array the output data will be copied into.
- @param outOff the offset into the out array the output will start at.
- @exception DataLengthException if there isn't enough data in in, or
- space in out.
- @exception InvalidOperationException if the cipher isn't initialised.
- @return the number of bytes processed and produced.
-
-
- reset the chaining vector back to the IV and reset the underlying
- cipher.
-
-
- Do the appropriate chaining step for CBC mode encryption.
-
- @param in the array containing the data to be encrypted.
- @param inOff offset into the in array the data starts at.
- @param out the array the encrypted data will be copied into.
- @param outOff the offset into the out array the output will start at.
- @exception DataLengthException if there isn't enough data in in, or
- space in out.
- @exception InvalidOperationException if the cipher isn't initialised.
- @return the number of bytes processed and produced.
-
-
- Do the appropriate chaining step for CBC mode decryption.
-
- @param in the array containing the data to be decrypted.
- @param inOff offset into the in array the data starts at.
- @param out the array the decrypted data will be copied into.
- @param outOff the offset into the out array the output will start at.
- @exception DataLengthException if there isn't enough data in in, or
- space in out.
- @exception InvalidOperationException if the cipher isn't initialised.
- @return the number of bytes processed and produced.
-
-
- return the algorithm name and mode.
-
- @return the name of the underlying algorithm followed by "/CBC".
-
-
-
- This exception is thrown whenever a cipher requires a change of key, iv
- or similar after x amount of bytes enciphered
-
-
-
- implementation of GOST 28147-89 MAC
-
-
- standard CBC Block Cipher MAC - if no padding is specified the default of
- pad of zeroes is used.
-
-
- create a standard MAC based on a CBC block cipher. This will produce an
- authentication code half the length of the block size of the cipher.
-
- @param cipher the cipher to be used as the basis of the MAC generation.
-
-
- create a standard MAC based on a CBC block cipher. This will produce an
- authentication code half the length of the block size of the cipher.
-
- @param cipher the cipher to be used as the basis of the MAC generation.
- @param padding the padding to be used to complete the last block.
-
-
- create a standard MAC based on a block cipher with the size of the
- MAC been given in bits. This class uses CBC mode as the basis for the
- MAC generation.
-
- Note: the size of the MAC must be at least 24 bits (FIPS Publication 81),
- or 16 bits if being used as a data authenticator (FIPS Publication 113),
- and in general should be less than the size of the block cipher as it reduces
- the chance of an exhaustive attack (see Handbook of Applied Cryptography).
-
- @param cipher the cipher to be used as the basis of the MAC generation.
- @param macSizeInBits the size of the MAC in bits, must be a multiple of 8.
-
-
- create a standard MAC based on a block cipher with the size of the
- MAC been given in bits. This class uses CBC mode as the basis for the
- MAC generation.
-
- Note: the size of the MAC must be at least 24 bits (FIPS Publication 81),
- or 16 bits if being used as a data authenticator (FIPS Publication 113),
- and in general should be less than the size of the block cipher as it reduces
- the chance of an exhaustive attack (see Handbook of Applied Cryptography).
-
- @param cipher the cipher to be used as the basis of the MAC generation.
- @param macSizeInBits the size of the MAC in bits, must be a multiple of 8.
- @param padding the padding to be used to complete the last block.
-
-
- Reset the mac generator.
-
-
- * which Generates the p and g values from the given parameters,
- * returning the ElGamalParameters object.
- *
- * Note: can take a while...
- *
-
-
- a basic Diffie-Hellman key pair generator.
-
- This generates keys consistent for use with the basic algorithm for
- Diffie-Hellman.
-
-
- an implementation of Rijndael, based on the documentation and reference implementation
- by Paulo Barreto, Vincent Rijmen, for v2.0 August '99.
-
- Note: this implementation is based on information prior to readonly NIST publication.
-
-
-
- multiply two elements of GF(2^m)
- needed for MixColumn and InvMixColumn
-
-
- xor corresponding text input and round key input bytes
-
-
- Row 0 remains unchanged
- The other three rows are shifted a variable amount
-
-
- Replace every byte of the input by the byte at that place
- in the nonlinear S-box
-
-
- Mix the bytes of every column in a linear way
-
-
- Mix the bytes of every column in a linear way
- This is the opposite operation of Mixcolumn
-
-
- Calculate the necessary round keys
- The number of calculations depends on keyBits and blockBits
-
-
- default constructor - 128 bit block size.
-
-
- basic constructor - set the cipher up for a given blocksize
-
- @param blocksize the blocksize in bits, must be 128, 192, or 256.
-
-
- initialise a Rijndael cipher.
-
- @param forEncryption whether or not we are for encryption.
- @param parameters the parameters required to set up the cipher.
- @exception ArgumentException if the parameters argument is
- inappropriate.
-
-
- HC-128 is a software-efficient stream cipher created by Hongjun Wu. It
- generates keystream from a 128-bit secret key and a 128-bit initialization
- vector.
-
- http://www.ecrypt.eu.org/stream/p3ciphers/hc/hc128_p3.pdf
-
- It is a third phase candidate in the eStream contest, and is patent-free.
- No attacks are known as of today (April 2007). See
-
- http://www.ecrypt.eu.org/stream/hcp3.html
-
-
-
- Initialise a HC-128 cipher.
-
- @param forEncryption whether or not we are for encryption. Irrelevant, as
- encryption and decryption are the same.
- @param params the parameters required to set up the cipher.
- @throws ArgumentException if the params argument is
- inappropriate (ie. the key is not 128 bit long).
-
-
- implementation of MD4 as RFC 1320 by R. Rivest, MIT Laboratory for
- Computer Science and RSA Data Security, Inc.
-
- NOTE: This algorithm is only included for backwards compatibility
- with legacy applications, it's not secure, don't use it for anything new!
-
-
- Standard constructor
-
-
- Copy constructor. This will copy the state of the provided
- message digest.
-
-
- reset the chaining variables to the IV values.
-
-
- a holding class for public/private parameter pairs.
-
-
- basic constructor.
-
- @param publicParam a public key parameters object.
- @param privateParam the corresponding private key parameters.
-
-
- return the public key parameters.
-
- @return the public key parameters.
-
-
- return the private key parameters.
-
- @return the private key parameters.
-
-
- Implements the server side SRP-6a protocol. Note that this class is stateful, and therefore NOT threadsafe.
- This implementation of SRP is based on the optimized message sequence put forth by Thomas Wu in the paper
- "SRP-6: Improvements and Refinements to the Secure Remote Password Protocol, 2002"
-
-
- Initialises the server to accept a new client authentication attempt
- @param N The safe prime associated with the client's verifier
- @param g The group parameter associated with the client's verifier
- @param v The client's verifier
- @param digest The digest algorithm associated with the client's verifier
- @param random For key generation
-
-
- Generates the server's credentials that are to be sent to the client.
- @return The server's public value to the client
-
-
- Processes the client's credentials. If valid the shared secret is generated and returned.
- @param clientA The client's credentials
- @return A shared secret BigInteger
- @throws CryptoException If client's credentials are invalid
-
-
- the RecipientInfo class for a recipient who has been sent a message
- encrypted using key agreement.
-
-
- decrypt the content and return an input stream.
-
-
- Basic type for a symmetric key encrypted packet.
-
-
- ASN.1 def for Elliptic-Curve Field ID structure. See
- X9.62, for further details.
-
-
- Constructor for elliptic curves over prime fields
- F2
.
- @param primeP The prime p
defining the prime field.
-
-
- Constructor for elliptic curves over binary fields
- F2m
.
- @param m The exponent m
of
- F2m
.
- @param k1 The integer k1
where xm +
- xk3 + xk2 + xk1 + 1
- represents the reduction polynomial f(z)
.
- @param k2 The integer k2
where xm +
- xk3 + xk2 + xk1 + 1
- represents the reduction polynomial f(z)
.
- @param k3 The integer k3
where xm +
- xk3 + xk2 + xk1 + 1
- represents the reduction polynomial f(z)
..
-
-
- Produce a Der encoding of the following structure.
-
- FieldID ::= Sequence {
- fieldType FIELD-ID.&id({IOSet}),
- parameters FIELD-ID.&Type({IOSet}{@fieldType})
- }
-
-
-
- The object that contains the public key stored in a certficate.
-
- The GetEncoded() method in the public keys in the JCE produces a DER
- encoded one of these.
-
-
- for when the public key is an encoded object - if the bitstring
- can't be decoded this routine raises an IOException.
-
- @exception IOException - if the bit string doesn't represent a Der
- encoded object.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- SubjectPublicKeyInfo ::= Sequence {
- algorithm AlgorithmIdentifier,
- publicKey BIT STRING }
-
-
-
- for when the public key is raw bits...
-
-
- Object Identifiers of SigI specifciation (German Signature Law
- Interoperability specification).
-
-
- Key purpose IDs for German SigI (Signature Interoperability
- Specification)
-
-
- Certificate policy IDs for German SigI (Signature Interoperability
- Specification)
-
-
- Other Name IDs for German SigI (Signature Interoperability Specification)
-
-
- To be used for for the generation of directory service certificates.
-
-
- ID for PersonalData
-
-
- Certificate is conform to german signature law.
-
-
- The SemanticsInformation object.
-
- SemanticsInformation ::= SEQUENCE {
- semanticsIdentifier OBJECT IDENTIFIER OPTIONAL,
- nameRegistrationAuthorities NameRegistrationAuthorities
- OPTIONAL }
- (WITH COMPONENTS {..., semanticsIdentifier PRESENT}|
- WITH COMPONENTS {..., nameRegistrationAuthorities PRESENT})
-
- NameRegistrationAuthorities ::= SEQUENCE SIZE (1..MAX) OF
- GeneralName
-
-
-
- The BiometricData object.
-
- BiometricData ::= SEQUENCE {
- typeOfBiometricData TypeOfBiometricData,
- hashAlgorithm AlgorithmIdentifier,
- biometricDataHash OCTET STRING,
- sourceDataUri IA5String OPTIONAL }
-
-
-
- Policy qualifiers, used in the X509V3 CertificatePolicies
- extension.
-
-
- PolicyQualifierInfo ::= Sequence {
- policyQualifierId PolicyQualifierId,
- qualifier ANY DEFINED BY policyQualifierId }
-
-
-
- Creates a new PolicyQualifierInfo
instance.
-
- @param policyQualifierId a PolicyQualifierId
value
- @param qualifier the qualifier, defined by the above field.
-
-
- Creates a new PolicyQualifierInfo
containing a
- cPSuri qualifier.
-
- @param cps the CPS (certification practice statement) uri as a
- string
.
-
-
- Creates a new PolicyQualifierInfo
instance.
-
- @param as PolicyQualifierInfo
X509 structure
- encoded as an Asn1Sequence.
-
-
- Returns a Der-encodable representation of this instance.
-
- @return a Asn1Object
value
-
-
- Return the distribution points making up the sequence.
-
- @return DistributionPoint[]
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- CrlDistPoint ::= Sequence SIZE {1..MAX} OF DistributionPoint
-
-
-
- This class helps to support crossCerfificatePairs in a LDAP directory
- according RFC 2587
-
-
- crossCertificatePairATTRIBUTE::={
- WITH SYNTAX CertificatePair
- EQUALITY MATCHING RULE certificatePairExactMatch
- ID joint-iso-ccitt(2) ds(5) attributeType(4) crossCertificatePair(40)}
-
-
- The forward elements of the crossCertificatePair attribute of a
- CA's directory entry shall be used to store all, except self-issued
- certificates issued to this CA. Optionally, the reverse elements of the
- crossCertificatePair attribute, of a CA's directory entry may contain a
- subset of certificates issued by this CA to other CAs. When both the forward
- and the reverse elements are present in a single attribute value, issuer name
- in one certificate shall match the subject name in the other and vice versa,
- and the subject public key in one certificate shall be capable of verifying
- the digital signature on the other certificate and vice versa.
-
- When a reverse element is present, the forward element value and the reverse
- element value need not be stored in the same attribute value; in other words,
- they can be stored in either a single attribute value or two attribute
- values.
-
-
- CertificatePair ::= SEQUENCE {
- forward [0] Certificate OPTIONAL,
- reverse [1] Certificate OPTIONAL,
- -- at least one of the pair shall be present -- }
-
-
-
- Constructor from Asn1Sequence.
-
- The sequence is of type CertificatePair:
-
-
- CertificatePair ::= SEQUENCE {
- forward [0] Certificate OPTIONAL,
- reverse [1] Certificate OPTIONAL,
- -- at least one of the pair shall be present -- }
-
-
- @param seq The ASN.1 sequence.
-
-
- Constructor from a given details.
-
- @param forward Certificates issued to this CA.
- @param reverse Certificates issued by this CA to other CAs.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- Returns:
-
-
- CertificatePair ::= SEQUENCE {
- forward [0] Certificate OPTIONAL,
- reverse [1] Certificate OPTIONAL,
- -- at least one of the pair shall be present -- }
-
-
- @return a DERObject
-
-
- @return Returns the forward.
-
-
- @return Returns the reverse.
-
-
- The EncryptedData object.
-
- EncryptedData ::= Sequence {
- version Version,
- encryptedContentInfo EncryptedContentInfo
- }
-
-
- EncryptedContentInfo ::= Sequence {
- contentType ContentType,
- contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
- encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL
- }
-
- EncryptedContent ::= OCTET STRING
-
-
-
- Pkcs10 CertificationRequestInfo object.
-
- CertificationRequestInfo ::= Sequence {
- version Integer { v1(0) } (v1,...),
- subject Name,
- subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }},
- attributes [0] Attributes{{ CRIAttributes }}
- }
-
- Attributes { ATTRIBUTE:IOSet } ::= Set OF Attr{{ IOSet }}
-
- Attr { ATTRIBUTE:IOSet } ::= Sequence {
- type ATTRIBUTE.&id({IOSet}),
- values Set SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{\@type})
- }
-
-
-
- From RFC 3657
-
-
- The id-isismtt-cp-accredited OID indicates that the certificate is a
- qualified certificate according to Directive 1999/93/EC of the European
- Parliament and of the Council of 13 December 1999 on a Community
- Framework for Electronic Signatures, which additionally conforms the
- special requirements of the SigG and has been issued by an accredited CA.
-
-
- Certificate extensionDate of certificate generation
-
-
- DateOfCertGenSyntax ::= GeneralizedTime
-
-
-
- Attribute to indicate that the certificate holder may sign in the name of
- a third person. May also be used as extension in a certificate.
-
-
- Attribute to indicate admissions to certain professions. May be used as
- attribute in attribute certificate or as extension in a certificate
-
-
- Monetary limit for transactions. The QcEuMonetaryLimit QC statement MUST
- be used in new certificates in place of the extension/attribute
- MonetaryLimit since January 1, 2004. For the sake of backward
- compatibility with certificates already in use, SigG conforming
- components MUST support MonetaryLimit (as well as QcEuLimitValue).
-
-
- A declaration of majority. May be used as attribute in attribute
- certificate or as extension in a certificate
-
-
-
- Serial number of the smart card containing the corresponding private key
-
-
- ICCSNSyntax ::= OCTET STRING (SIZE(8..20))
-
-
-
-
- Reference for a file of a smartcard that stores the public key of this
- certificate and that is used as �security anchor�.
-
-
- PKReferenceSyntax ::= OCTET STRING (SIZE(20))
-
-
-
- Some other restriction regarding the usage of this certificate. May be
- used as attribute in attribute certificate or as extension in a
- certificate.
-
-
- RestrictionSyntax ::= DirectoryString (SIZE(1..1024))
-
-
- @see Org.BouncyCastle.Asn1.IsisMtt.X509.Restriction
-
-
-
- (Single)Request extension: Clients may include this extension in a
- (single) Request to request the responder to send the certificate in the
- response message along with the status information. Besides the LDAP
- service, this extension provides another mechanism for the distribution
- of certificates, which MAY optionally be provided by certificate
- repositories.
-
-
- RetrieveIfAllowed ::= BOOLEAN
-
-
-
- SingleOCSPResponse extension: The certificate requested by the client by
- inserting the RetrieveIfAllowed extension in the request, will be
- returned in this extension.
-
- @see Org.BouncyCastle.Asn1.IsisMtt.Ocsp.RequestedCertificate
-
-
- Base ObjectIdentifier for naming authorities
-
-
- SingleOCSPResponse extension: Date, when certificate has been published
- in the directory and status information has become available. Currently,
- accrediting authorities enforce that SigG-conforming OCSP servers include
- this extension in the responses.
-
-
- CertInDirSince ::= GeneralizedTime
-
-
-
- Hash of a certificate in OCSP.
-
- @see Org.BouncyCastle.Asn1.IsisMtt.Ocsp.CertHash
-
-
-
- NameAtBirth ::= DirectoryString(SIZE(1..64)
-
-
- Used in
- {@link Org.BouncyCastle.Asn1.X509.SubjectDirectoryAttributes SubjectDirectoryAttributes}
-
-
- Some other information of non-restrictive nature regarding the usage of
- this certificate. May be used as attribute in atribute certificate or as
- extension in a certificate.
-
-
- AdditionalInformationSyntax ::= DirectoryString (SIZE(1..2048))
-
-
- @see Org.BouncyCastle.Asn1.IsisMtt.X509.AdditionalInformationSyntax
-
-
- Indicates that an attribute certificate exists, which limits the
- usability of this public key certificate. Whenever verifying a signature
- with the help of this certificate, the content of the corresponding
- attribute certificate should be concerned. This extension MUST be
- included in a PKC, if a corresponding attribute certificate (having the
- PKC as base certificate) contains some attribute that restricts the
- usability of the PKC too. Attribute certificates with restricting content
- MUST always be included in the signed document.
-
-
- LiabilityLimitationFlagSyntax ::= BOOLEAN
-
-
-
- The CscaMasterList object. This object can be wrapped in a
- CMSSignedData to be published in LDAP.
-
-
- CscaMasterList ::= SEQUENCE {
- version CscaMasterListVersion,
- certList SET OF Certificate }
-
- CscaMasterListVersion :: INTEGER {v0(0)}
-
-
-
- Der UniversalString object.
-
-
- return a Universal string from the passed in object.
-
- @exception ArgumentException if the object cannot be converted.
-
-
- return a Universal string from a tagged object.
-
- @param obj the tagged object holding the object we want
- @param explicitly true if the object is meant to be explicitly
- tagged false otherwise.
- @exception ArgumentException if the tagged object cannot
- be converted.
-
-
- basic constructor - byte encoded string.
-
-
-
- CertId ::= SEQUENCE {
- issuer GeneralName,
- serialNumber INTEGER }
-
- @return a basic ASN.1 object representation.
-
-
- return a KeyAgreeRecipientInfo object from a tagged object.
-
- @param obj the tagged object holding the object we want.
- @param explicitly true if the object is meant to be explicitly
- tagged false otherwise.
- @exception ArgumentException if the object held by the
- tagged object cannot be converted.
-
-
- return a KeyAgreeRecipientInfo object from the given object.
-
- @param obj the object we want converted.
- @exception ArgumentException if the object cannot be converted.
-
-
- * Produce an object suitable for an Asn1OutputStream.
- *
- * KeyAgreeRecipientInfo ::= Sequence {
- * version CMSVersion, -- always set to 3
- * originator [0] EXPLICIT OriginatorIdentifierOrKey,
- * ukm [1] EXPLICIT UserKeyingMaterial OPTIONAL,
- * keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
- * recipientEncryptedKeys RecipientEncryptedKeys
- * }
- *
- * UserKeyingMaterial ::= OCTET STRING
- *
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- EnvelopedData ::= SEQUENCE {
- version CMSVersion,
- originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
- recipientInfos RecipientInfos,
- encryptedContentInfo EncryptedContentInfo,
- unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL
- }
-
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- ContentInfo ::= SEQUENCE {
- contentType ContentType,
- content
- [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL }
-
-
-
- Return all the attributes matching the OBJECT IDENTIFIER oid. The vector will be
- empty if there are no attributes of the required type present.
-
- @param oid type of attribute required.
- @return a vector of all the attributes found of type oid.
-
-
- Return a new table with the passed in attribute added.
-
- @param attrType
- @param attrValue
- @return
-
-
- Return the first attribute matching the given OBJECT IDENTIFIER
-
-
- return an Attribute object from the given object.
-
- @param o the object we want converted.
- @exception ArgumentException if the object cannot be converted.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- Attribute ::= SEQUENCE {
- attrType OBJECT IDENTIFIER,
- attrValues SET OF AttributeValue
- }
-
-
-
-
- RevReqContent ::= SEQUENCE OF RevDetails
-
- @return a basic ASN.1 object representation.
-
-
-
- PollRepContent ::= SEQUENCE OF SEQUENCE {
- certReqId INTEGER,
- checkAfter INTEGER, -- time in seconds
- reason PKIFreeText OPTIONAL
- }
-
- @return a basic ASN.1 object representation.
-
-
-
- PkiMessages ::= SEQUENCE SIZE (1..MAX) OF PkiMessage
-
- @return a basic ASN.1 object representation.
-
-
-
- An ICollection
of X509Name
objects
-
-
-
- The attribute certificate being checked. This is not a criterion.
- Rather, it is optional information that may help a {@link X509Store} find
- CRLs that would be relevant when checking revocation for the specified
- attribute certificate. If null
is specified, then no such
- optional information is provided.
-
- @param attrCert the IX509AttributeCertificate
being checked (or
- null
)
- @see #getAttrCertificateChecking()
-
-
- If true
only complete CRLs are returned. Defaults to
- false
.
-
- @return true
if only complete CRLs are returned.
-
-
- Returns if this selector must match CRLs with the delta CRL indicator
- extension set. Defaults to false
.
-
- @return Returns true
if only CRLs with the delta CRL
- indicator extension are selected.
-
-
- The issuing distribution point.
-
- The issuing distribution point extension is a CRL extension which
- identifies the scope and the distribution point of a CRL. The scope
- contains among others information about revocation reasons contained in
- the CRL. Delta CRLs and complete CRLs must have matching issuing
- distribution points.
-
- The byte array is cloned to protect against subsequent modifications.
-
- You must also enable or disable this criteria with
- {@link #setIssuingDistributionPointEnabled(bool)}.
-
- @param issuingDistributionPoint The issuing distribution point to set.
- This is the DER encoded OCTET STRING extension value.
- @see #getIssuingDistributionPoint()
-
-
- Whether the issuing distribution point criteria should be applied.
- Defaults to false
.
-
- You may also set the issuing distribution point criteria if not a missing
- issuing distribution point should be assumed.
-
- @return Returns if the issuing distribution point check is enabled.
-
-
- The maximum base CRL number. Defaults to null
.
-
- @return Returns the maximum base CRL number.
- @see #setMaxBaseCRLNumber(BigInteger)
-
-
-
- Cipher Utility class contains methods that can not be specifically grouped into other classes.
-
-
-
-
- Returns a ObjectIdentifier for a give encoding.
-
- A string representation of the encoding.
- A DerObjectIdentifier, null if the Oid is not available.
-
-
- An immutable sequence of certificates (a certification path).
-
- This is an abstract class that defines the methods common to all CertPaths.
- Subclasses can handle different kinds of certificates (X.509, PGP, etc.).
-
- All CertPath objects have a type, a list of Certificates, and one or more
- supported encodings. Because the CertPath class is immutable, a CertPath
- cannot change in any externally visible way after being constructed. This
- stipulation applies to all public fields and methods of this class and any
- added or overridden by subclasses.
-
- The type is a string that identifies the type of Certificates in the
- certification path. For each certificate cert in a certification path
- certPath, cert.getType().equals(certPath.getType()) must be true.
-
- The list of Certificates is an ordered List of zero or more Certificates.
- This List and all of the Certificates contained in it must be immutable.
-
- Each CertPath object must support one or more encodings so that the object
- can be translated into a byte array for storage or transmission to other
- parties. Preferably, these encodings should be well-documented standards
- (such as PKCS#7). One of the encodings supported by a CertPath is considered
- the default encoding. This encoding is used if no encoding is explicitly
- requested (for the {@link #getEncoded()} method, for instance).
-
- All CertPath objects are also Serializable. CertPath objects are resolved
- into an alternate {@link CertPathRep} object during serialization. This
- allows a CertPath object to be serialized into an equivalent representation
- regardless of its underlying implementation.
-
- CertPath objects can be created with a CertificateFactory or they can be
- returned by other classes, such as a CertPathBuilder.
-
- By convention, X.509 CertPaths (consisting of X509Certificates), are ordered
- starting with the target certificate and ending with a certificate issued by
- the trust anchor. That is, the issuer of one certificate is the subject of
- the following one. The certificate representing the
- {@link TrustAnchor TrustAnchor} should not be included in the certification
- path. Unvalidated X.509 CertPaths may not follow these conventions. PKIX
- CertPathValidators will detect any departure from these conventions that
- cause the certification path to be invalid and throw a
- CertPathValidatorException.
-
- Concurrent Access
-
- All CertPath objects must be thread-safe. That is, multiple threads may
- concurrently invoke the methods defined in this class on a single CertPath
- object (or more than one) with no ill effects. This is also true for the List
- returned by CertPath.getCertificates.
-
- Requiring CertPath objects to be immutable and thread-safe allows them to be
- passed around to various pieces of code without worrying about coordinating
- access. Providing this thread-safety is generally not difficult, since the
- CertPath and List objects in question are immutable.
-
- @see CertificateFactory
- @see CertPathBuilder
-
- CertPath implementation for X.509 certificates.
-
-
-
- @param certs
-
-
- Creates a CertPath of the specified type.
- This constructor is protected because most users should use
- a CertificateFactory to create CertPaths.
- @param type the standard name of the type of Certificatesin this path
-
-
-
- Creates a CertPath of the specified type.
- This constructor is protected because most users should use
- a CertificateFactory to create CertPaths.
-
- @param type the standard name of the type of Certificatesin this path
-
-
-
- Compares this certification path for equality with the specified object.
- Two CertPaths are equal if and only if their types are equal and their
- certificate Lists (and by implication the Certificates in those Lists)
- are equal. A CertPath is never equal to an object that is not a CertPath.
-
- This algorithm is implemented by this method. If it is overridden, the
- behavior specified here must be maintained.
-
- @param other
- the object to test for equality with this certification path
-
- @return true if the specified object is equal to this certification path,
- false otherwise
-
- @see Object#hashCode() Object.hashCode()
-
-
- Returns the encoded form of this certification path, using
- the default encoding.
-
- @return the encoded bytes
- @exception CertificateEncodingException if an encoding error occurs
-
-
-
- Returns the encoded form of this certification path, using
- the specified encoding.
-
- @param encoding the name of the encoding to use
- @return the encoded bytes
- @exception CertificateEncodingException if an encoding error
- occurs or the encoding requested is not supported
-
-
-
- Return a DERObject containing the encoded certificate.
-
- @param cert the X509Certificate object to be encoded
-
- @return the DERObject
-
-
-
- Returns an iteration of the encodings supported by this
- certification path, with the default encoding
- first. Attempts to modify the returned Iterator via its
- remove method result in an UnsupportedOperationException.
-
- @return an Iterator over the names of the supported encodings (as Strings)
-
-
-
-
- Returns the list of certificates in this certification
- path.
-
-
-
- Class for reading OpenSSL PEM encoded streams containing
- X509 certificates, PKCS8 encoded keys and PKCS7 objects.
-
- In the case of PKCS7 objects the reader will return a CMS ContentInfo object. Keys and
- Certificates will be returned using the appropriate java.security type.
-
-
- Create a new PemReader
-
- @param reader the Reader
-
-
- Create a new PemReader with a password finder
-
- @param reader the Reader
- @param pFinder the password finder
-
-
- Reads in a X509Certificate.
-
- @return the X509Certificate
- @throws IOException if an I/O error occured
-
-
- Reads in a X509CRL.
-
- @return the X509Certificate
- @throws IOException if an I/O error occured
-
-
- Reads in a PKCS10 certification request.
-
- @return the certificate request.
- @throws IOException if an I/O error occured
-
-
- Reads in a X509 Attribute Certificate.
-
- @return the X509 Attribute Certificate
- @throws IOException if an I/O error occured
-
-
- Reads in a PKCS7 object. This returns a ContentInfo object suitable for use with the CMS
- API.
-
- @return the X509Certificate
- @throws IOException if an I/O error occured
-
-
- Read a Key Pair
-
-
- Container for a list of user attribute subpackets.
-
-
- Class for processing literal data objects.
-
-
- The special name indicating a "for your eyes only" packet.
-
-
- Return the file name as an unintrepreted byte array.
-
-
- The raw input stream for the data stream.
-
-
- The input stream representing the data stream.
-
-
- The format of the data stream - Binary or Text
-
-
- The file name that's associated with the data stream.
-
-
- The modification time for the file.
-
-
-
- TLS 1.0 RSA key exchange.
-
-
-
-
- RFC 4492 5.4
-
-
-
- Indicates the elliptic curve domain parameters are conveyed verbosely, and the
- underlying finite field is a prime field.
-
-
- Indicates the elliptic curve domain parameters are conveyed verbosely, and the
- underlying finite field is a characteristic-2 field.
-
-
- Indicates that a named curve is used. This option SHOULD be used when applicable.
-
-
- a wrapper for block ciphers with a single byte block size, so that they
- can be treated like stream ciphers.
-
-
- basic constructor.
-
- @param cipher the block cipher to be wrapped.
- @exception ArgumentException if the cipher has a block size other than
- one.
-
-
- initialise the underlying cipher.
-
- @param forEncryption true if we are setting up for encryption, false otherwise.
- @param param the necessary parameters for the underlying cipher to be initialised.
-
-
- encrypt/decrypt a single byte returning the result.
-
- @param in the byte to be processed.
- @return the result of processing the input byte.
-
-
- process a block of bytes from in putting the result into out.
-
- @param in the input byte array.
- @param inOff the offset into the in array where the data to be processed starts.
- @param len the number of bytes to be processed.
- @param out the output buffer the processed bytes go into.
- @param outOff the offset into the output byte array the processed data stars at.
- @exception DataLengthException if the output buffer is too small.
-
-
- reset the underlying cipher. This leaves it in the same state
- it was at after the last init (if there was one).
-
-
- return the name of the algorithm we are wrapping.
-
- @return the name of the algorithm we are wrapping.
-
-
- initialise the signer for signing or verification.
-
- @param forSigning
- true if for signing, false otherwise
- @param parameters
- necessary parameters.
-
-
- update the internal digest with the byte b
-
-
- update the internal digest with the byte array in
-
-
- Generate a signature for the message we've been loaded with using the key
- we were initialised with.
-
-
- return true if the internal state represents the signature described in
- the passed in array.
-
-
- Random generation based on the digest with counter. Calling AddSeedMaterial will
- always increase the entropy of the hash.
-
- Internal access to the digest is synchronized so a single one of these can be shared.
-
-
-
- A Cipher Text Stealing (CTS) mode cipher. CTS allows block ciphers to
- be used to produce cipher text which is the same outLength as the plain text.
-
-
- Create a buffered block cipher that uses Cipher Text Stealing
-
- @param cipher the underlying block cipher this buffering object wraps.
-
-
- return the size of the output buffer required for an update of 'length' bytes.
-
- @param length the outLength of the input.
- @return the space required to accommodate a call to update
- with length bytes of input.
-
-
- return the size of the output buffer required for an update plus a
- doFinal with an input of length bytes.
-
- @param length the outLength of the input.
- @return the space required to accommodate a call to update and doFinal
- with length bytes of input.
-
-
- process a single byte, producing an output block if neccessary.
-
- @param in the input byte.
- @param out the space for any output that might be produced.
- @param outOff the offset from which the output will be copied.
- @return the number of output bytes copied to out.
- @exception DataLengthException if there isn't enough space in out.
- @exception InvalidOperationException if the cipher isn't initialised.
-
-
- process an array of bytes, producing output if necessary.
-
- @param in the input byte array.
- @param inOff the offset at which the input data starts.
- @param length the number of bytes to be copied out of the input array.
- @param out the space for any output that might be produced.
- @param outOff the offset from which the output will be copied.
- @return the number of output bytes copied to out.
- @exception DataLengthException if there isn't enough space in out.
- @exception InvalidOperationException if the cipher isn't initialised.
-
-
- Process the last block in the buffer.
-
- @param out the array the block currently being held is copied into.
- @param outOff the offset at which the copying starts.
- @return the number of output bytes copied to out.
- @exception DataLengthException if there is insufficient space in out for
- the output.
- @exception InvalidOperationException if the underlying cipher is not
- initialised.
- @exception InvalidCipherTextException if cipher text decrypts wrongly (in
- case the exception will never Get thrown).
-
-
- KFD2 generator for derived keys and ivs as defined by IEEE P1363a/ISO 18033
-
- This implementation is based on IEEE P1363/ISO 18033.
-
-
- Construct a KDF2 bytes generator. Generates key material
- according to IEEE P1363 or ISO 18033 depending on the initialisation.
-
- @param digest the digest to be used as the source of derived keys.
-
-
- A class that provides Twofish encryption operations.
-
- This Java implementation is based on the Java reference
- implementation provided by Bruce Schneier and developed
- by Raif S. Naffah.
-
-
- Define the fixed p0/p1 permutations used in keyed S-box lookup.
- By changing the following constant definitions, the S-boxes will
- automatically Get changed in the Twofish engine.
-
-
- gSubKeys[] and gSBox[] are eventually used in the
- encryption and decryption methods.
-
-
- initialise a Twofish cipher.
-
- @param forEncryption whether or not we are for encryption.
- @param parameters the parameters required to set up the cipher.
- @exception ArgumentException if the parameters argument is
- inappropriate.
-
-
- Encrypt the given input starting at the given offset and place
- the result in the provided buffer starting at the given offset.
- The input will be an exact multiple of our blocksize.
-
- encryptBlock uses the pre-calculated gSBox[] and subKey[]
- arrays.
-
-
- Decrypt the given input starting at the given offset and place
- the result in the provided buffer starting at the given offset.
- The input will be an exact multiple of our blocksize.
-
-
- Use (12, 8) Reed-Solomon code over GF(256) to produce
- a key S-box 32-bit entity from 2 key material 32-bit
- entities.
-
- @param k0 first 32-bit entity
- @param k1 second 32-bit entity
- @return Remainder polynomial Generated using RS code
-
-
- * Reed-Solomon code parameters: (12,8) reversible code:
- *
- *
- * G(x) = x^4 + (a+1/a)x^3 + ax^2 + (a+1/a)x + 1
- *
- * where a = primitive root of field generator 0x14D
- *
-
-
- A class that provides Blowfish key encryption operations,
- such as encoding data and generating keys.
- All the algorithms herein are from Applied Cryptography
- and implement a simplified cryptography interface.
-
-
- initialise a Blowfish cipher.
-
- @param forEncryption whether or not we are for encryption.
- @param parameters the parameters required to set up the cipher.
- @exception ArgumentException if the parameters argument is
- inappropriate.
-
-
- apply the encryption cycle to each value pair in the table.
-
-
- Encrypt the given input starting at the given offset and place
- the result in the provided buffer starting at the given offset.
- The input will be an exact multiple of our blocksize.
-
-
- Decrypt the given input starting at the given offset and place
- the result in the provided buffer starting at the given offset.
- The input will be an exact multiple of our blocksize.
-
-
- this does your basic Pkcs 1 v1.5 padding - whether or not you should be using this
- depends on your application - see Pkcs1 Version 2 for details.
-
-
- some providers fail to include the leading zero in PKCS1 encoded blocks. If you need to
- work with one of these set the system property Org.BouncyCastle.Pkcs1.Strict to false.
-
-
- Basic constructor.
- @param cipher
-
-
- @exception InvalidCipherTextException if the decrypted block is not in Pkcs1 format.
-
-
- The same effect can be achieved by setting the static property directly
-
- The static property is checked during construction of the encoding object, it is set to
- true by default.
-
-
-
- this exception is thrown if a buffer that is meant to have output
- copied into it turns out to be too short, or if we've been given
- insufficient input. In general this exception will Get thrown rather
- than an ArrayOutOfBounds exception.
-
-
- base constructor.
-
-
- create a DataLengthException with the given message.
-
- @param message the message to be carried with the exception.
-
-
- an expanded SignerInfo block from a CMS Signed message
-
-
- return the content digest that was calculated during verification.
-
-
- return the encoded signature
-
-
- Return a SignerInformationStore containing the counter signatures attached to this
- signer. If no counter signatures are present an empty store is returned.
-
-
- return the DER encoding of the signed attributes.
- @throws IOException if an encoding error occurs.
-
-
- verify that the given public key successfully handles and confirms the
- signature associated with this signer.
-
-
- verify that the given certificate successfully handles and confirms
- the signature associated with this signer and, if a signingTime
- attribute is available, that the certificate was valid at the time the
- signature was generated.
-
-
- Return the base ASN.1 CMS structure that this object contains.
-
- @return an object containing a CMS SignerInfo structure.
-
-
- Return a signer information object with the passed in unsigned
- attributes replacing the ones that are current associated with
- the object passed in.
-
- @param signerInformation the signerInfo to be used as the basis.
- @param unsignedAttributes the unsigned attributes to add.
- @return a copy of the original SignerInformationObject with the changed attributes.
-
-
- Return a signer information object with passed in SignerInformationStore representing counter
- signatures attached as an unsigned attribute.
-
- @param signerInformation the signerInfo to be used as the basis.
- @param counterSigners signer info objects carrying counter signature.
- @return a copy of the original SignerInformationObject with the changed attributes.
-
-
- return the version number for this objects underlying SignerInfo structure.
-
-
- return the object identifier for the signature.
-
-
- return the signature parameters, or null if there aren't any.
-
-
- return the object identifier for the signature.
-
-
- return the signature/encryption algorithm parameters, or null if
- there aren't any.
-
-
- return a table of the signed attributes - indexed by
- the OID of the attribute.
-
-
- return a table of the unsigned attributes indexed by
- the OID of the attribute.
-
-
- Default signed attributes generator.
-
-
- Initialise to use all defaults
-
-
- Initialise with some extra attributes or overrides.
-
- @param attributeTable initial attribute table to use.
-
-
- Create a standard attribute table from the passed in parameters - this will
- normally include contentType, signingTime, and messageDigest. If the constructor
- using an AttributeTable was used, entries in it for contentType, signingTime, and
- messageDigest will override the generated ones.
-
- @param parameters source parameters for table generation.
-
- @return a filled in Hashtable of attributes.
-
-
- @param parameters source parameters
- @return the populated attribute table
-
-
- General class for generating a compressed CMS message stream.
-
- A simple example of usage.
-
-
- CMSCompressedDataStreamGenerator gen = new CMSCompressedDataStreamGenerator();
-
- Stream cOut = gen.Open(outputStream, CMSCompressedDataStreamGenerator.ZLIB);
-
- cOut.Write(data);
-
- cOut.Close();
-
-
-
- base constructor
-
-
- Set the underlying string size for encapsulated data
-
- @param bufferSize length of octet strings to buffer the data.
-
-
- Basic packet for a PGP secret key.
-
-
- The string to key specifier class.
-
-
- The IV for the key generation algorithm.
-
-
- The hash algorithm.
-
-
- The iteration count
-
-
- The protection mode - only if GnuDummyS2K
-
-
- Basic packet for a PGP public subkey
-
-
- Construct a version 4 public subkey packet.
-
-
- class for describing an ECPoint as a Der object.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- ECPoint ::= OCTET STRING
-
-
- Octet string produced using ECPoint.GetEncoded().
-
-
- Contains personal data for the otherName field in the subjectAltNames
- extension.
-
-
- PersonalData ::= SEQUENCE {
- nameOrPseudonym NameOrPseudonym,
- nameDistinguisher [0] INTEGER OPTIONAL,
- dateOfBirth [1] GeneralizedTime OPTIONAL,
- placeOfBirth [2] DirectoryString OPTIONAL,
- gender [3] PrintableString OPTIONAL,
- postalAddress [4] DirectoryString OPTIONAL
- }
-
-
- @see org.bouncycastle.asn1.x509.sigi.NameOrPseudonym
- @see org.bouncycastle.asn1.x509.sigi.SigIObjectIdentifiers
-
-
- Constructor from Asn1Sequence.
-
- The sequence is of type NameOrPseudonym:
-
-
- PersonalData ::= SEQUENCE {
- nameOrPseudonym NameOrPseudonym,
- nameDistinguisher [0] INTEGER OPTIONAL,
- dateOfBirth [1] GeneralizedTime OPTIONAL,
- placeOfBirth [2] DirectoryString OPTIONAL,
- gender [3] PrintableString OPTIONAL,
- postalAddress [4] DirectoryString OPTIONAL
- }
-
-
- @param seq The ASN.1 sequence.
-
-
- Constructor from a given details.
-
- @param nameOrPseudonym Name or pseudonym.
- @param nameDistinguisher Name distinguisher.
- @param dateOfBirth Date of birth.
- @param placeOfBirth Place of birth.
- @param gender Gender.
- @param postalAddress Postal Address.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- Returns:
-
-
- PersonalData ::= SEQUENCE {
- nameOrPseudonym NameOrPseudonym,
- nameDistinguisher [0] INTEGER OPTIONAL,
- dateOfBirth [1] GeneralizedTime OPTIONAL,
- placeOfBirth [2] DirectoryString OPTIONAL,
- gender [3] PrintableString OPTIONAL,
- postalAddress [4] DirectoryString OPTIONAL
- }
-
-
- @return an Asn1Object
-
-
- The Holder object.
-
- For an v2 attribute certificate this is:
-
-
- Holder ::= SEQUENCE {
- baseCertificateID [0] IssuerSerial OPTIONAL,
- -- the issuer and serial number of
- -- the holder's Public Key Certificate
- entityName [1] GeneralNames OPTIONAL,
- -- the name of the claimant or role
- objectDigestInfo [2] ObjectDigestInfo OPTIONAL
- -- used to directly authenticate the holder,
- -- for example, an executable
- }
-
-
-
- For an v1 attribute certificate this is:
-
-
- subject CHOICE {
- baseCertificateID [0] IssuerSerial,
- -- associated with a Public Key Certificate
- subjectName [1] GeneralNames },
- -- associated with a name
-
-
-
-
- Constructor for a holder for an v1 attribute certificate.
-
- @param tagObj The ASN.1 tagged holder object.
-
-
- Constructor for a holder for an v2 attribute certificate. *
-
- @param seq The ASN.1 sequence.
-
-
- Constructs a holder from a IssuerSerial.
- @param baseCertificateID The IssuerSerial.
- @param version The version of the attribute certificate.
-
-
- Constructs a holder with an entityName for v2 attribute certificates or
- with a subjectName for v1 attribute certificates.
-
- @param entityName The entity or subject name.
-
-
- Constructs a holder with an entityName for v2 attribute certificates or
- with a subjectName for v1 attribute certificates.
-
- @param entityName The entity or subject name.
- @param version The version of the attribute certificate.
-
-
- Constructs a holder from an object digest info.
-
- @param objectDigestInfo The object digest info object.
-
-
- The Holder object.
-
- Holder ::= Sequence {
- baseCertificateID [0] IssuerSerial OPTIONAL,
- -- the issuer and serial number of
- -- the holder's Public Key Certificate
- entityName [1] GeneralNames OPTIONAL,
- -- the name of the claimant or role
- objectDigestInfo [2] ObjectDigestInfo OPTIONAL
- -- used to directly authenticate the holder,
- -- for example, an executable
- }
-
-
-
- Returns 1 for v2 attribute certificates or 0 for v1 attribute
- certificates.
- @return The version of the attribute certificate.
-
-
- Returns the entityName for an v2 attribute certificate or the subjectName
- for an v1 attribute certificate.
-
- @return The entityname or subjectname.
-
-
- The DistributionPoint object.
-
- DistributionPoint ::= Sequence {
- distributionPoint [0] DistributionPointName OPTIONAL,
- reasons [1] ReasonFlags OPTIONAL,
- cRLIssuer [2] GeneralNames OPTIONAL
- }
-
-
-
- The CRLReason enumeration.
-
- CRLReason ::= Enumerated {
- unspecified (0),
- keyCompromise (1),
- cACompromise (2),
- affiliationChanged (3),
- superseded (4),
- cessationOfOperation (5),
- certificateHold (6),
- removeFromCRL (8),
- privilegeWithdrawn (9),
- aACompromise (10)
- }
-
-
-
- @param o
- @return a MessageImprint object.
-
-
-
- MessageImprint ::= SEQUENCE {
- hashAlgorithm AlgorithmIdentifier,
- hashedMessage OCTET STRING }
-
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- RevokedInfo ::= Sequence {
- revocationTime GeneralizedTime,
- revocationReason [0] EXPLICIT CRLReason OPTIONAL }
-
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- ResponseBytes ::= Sequence {
- responseType OBJECT IDENTIFIER,
- response OCTET STRING }
-
-
-
-
- RFC 3126: 4.2.2 Complete Revocation Refs Attribute Definition
-
- OcspResponsesID ::= SEQUENCE {
- ocspIdentifier OcspIdentifier,
- ocspRepHash OtherHash OPTIONAL
- }
-
-
-
-
-
- TimeStampAndCRL ::= SEQUENCE {
- timeStamp TimeStampToken, -- according to RFC 3161
- crl CertificateList OPTIONAL -- according to RFC 5280
- }
-
- @return
-
-
- return a OtherRecipientInfo object from a tagged object.
-
- @param obj the tagged object holding the object we want.
- @param explicitly true if the object is meant to be explicitly
- tagged false otherwise.
- @exception ArgumentException if the object held by the
- tagged object cannot be converted.
-
-
- return a OtherRecipientInfo object from the given object.
-
- @param obj the object we want converted.
- @exception ArgumentException if the object cannot be converted.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- OtherRecipientInfo ::= Sequence {
- oriType OBJECT IDENTIFIER,
- oriValue ANY DEFINED BY oriType }
-
-
-
-
- EncryptedContentInfo ::= SEQUENCE {
- contentType ContentType,
- contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
- encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL
- }
-
-
-
- RFC 3274 - CMS Compressed Data.
-
- CompressedData ::= Sequence {
- version CMSVersion,
- compressionAlgorithm CompressionAlgorithmIdentifier,
- encapContentInfo EncapsulatedContentInfo
- }
-
-
-
- return a CompressedData object from a tagged object.
-
- @param ato the tagged object holding the object we want.
- @param explicitly true if the object is meant to be explicitly
- tagged false otherwise.
- @exception ArgumentException if the object held by the
- tagged object cannot be converted.
-
-
- return a CompressedData object from the given object.
-
- @param _obj the object we want converted.
- @exception ArgumentException if the object cannot be converted.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
-
- AuthEnvelopedData ::= SEQUENCE {
- version CMSVersion,
- originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
- recipientInfos RecipientInfos,
- authEncryptedContentInfo EncryptedContentInfo,
- authAttrs [1] IMPLICIT AuthAttributes OPTIONAL,
- mac MessageAuthenticationCode,
- unauthAttrs [2] IMPLICIT UnauthAttributes OPTIONAL }
-
-
-
-
- PopoDecKeyChallContent ::= SEQUENCE OF Challenge
-
- @return a basic ASN.1 object representation.
-
-
- @param status
-
-
- @param status
- @param statusString
-
-
-
- PkiStatusInfo ::= SEQUENCE {
- status PKIStatus, (INTEGER)
- statusString PkiFreeText OPTIONAL,
- failInfo PkiFailureInfo OPTIONAL (BIT STRING)
- }
-
- PKIStatus:
- granted (0), -- you got exactly what you asked for
- grantedWithMods (1), -- you got something like what you asked for
- rejection (2), -- you don't get it, more information elsewhere in the message
- waiting (3), -- the request body part has not yet been processed, expect to hear more later
- revocationWarning (4), -- this message contains a warning that a revocation is imminent
- revocationNotification (5), -- notification that a revocation has occurred
- keyUpdateWarning (6) -- update already done for the oldCertId specified in CertReqMsg
-
- PkiFailureInfo:
- badAlg (0), -- unrecognized or unsupported Algorithm Identifier
- badMessageCheck (1), -- integrity check failed (e.g., signature did not verify)
- badRequest (2), -- transaction not permitted or supported
- badTime (3), -- messageTime was not sufficiently close to the system time, as defined by local policy
- badCertId (4), -- no certificate could be found matching the provided criteria
- badDataFormat (5), -- the data submitted has the wrong format
- wrongAuthority (6), -- the authority indicated in the request is different from the one creating the response token
- incorrectData (7), -- the requester's data is incorrect (for notary services)
- missingTimeStamp (8), -- when the timestamp is missing but should be there (by policy)
- badPOP (9) -- the proof-of-possession failed
-
-
-
-
- The following extensions are listed in RFC 2459 as relevant to CRLs
-
- Authority Key Identifier
- Issuer Alternative Name
- CRL Number
- Delta CRL Indicator (critical)
- Issuing Distribution Point (critical)
-
-
- Returns a string representation of this CRL.
-
- @return a string representation of this CRL.
-
-
- Checks whether the given certificate is on this CRL.
-
- @param cert the certificate to check for.
- @return true if the given certificate is on this CRL,
- false otherwise.
-
-
-
- The Holder object.
-
- Holder ::= SEQUENCE {
- baseCertificateID [0] IssuerSerial OPTIONAL,
- -- the issuer and serial number of
- -- the holder's Public Key Certificate
- entityName [1] GeneralNames OPTIONAL,
- -- the name of the claimant or role
- objectDigestInfo [2] ObjectDigestInfo OPTIONAL
- -- used to directly authenticate the holder,
- -- for example, an executable
- }
-
-
-
-
- Constructs a holder for v2 attribute certificates with a hash value for
- some type of object.
-
- digestedObjectType
can be one of the following:
-
- - 0 - publicKey - A hash of the public key of the holder must be
- passed.
- - 1 - publicKeyCert - A hash of the public key certificate of the
- holder must be passed.
- - 2 - otherObjectDigest - A hash of some other object type must be
- passed.
otherObjectTypeID
must not be empty.
-
-
- This cannot be used if a v1 attribute certificate is used.
-
- @param digestedObjectType The digest object type.
- @param digestAlgorithm The algorithm identifier for the hash.
- @param otherObjectTypeID The object type ID if
- digestedObjectType
is
- otherObjectDigest
.
- @param objectDigest The hash value.
-
-
- Returns the hash if an object digest info is used.
-
- @return The hash or null
if no object digest info is set.
-
-
- Return any principal objects inside the attribute certificate holder entity names field.
-
- @return an array of IPrincipal objects (usually X509Name), null if no entity names field is set.
-
-
- Return the principals associated with the issuer attached to this holder
-
- @return an array of principals, null if no BaseCertificateID is set.
-
-
- Returns the digest object type if an object digest info is used.
-
-
- - 0 - publicKey - A hash of the public key of the holder must be
- passed.
- - 1 - publicKeyCert - A hash of the public key certificate of the
- holder must be passed.
- - 2 - otherObjectDigest - A hash of some other object type must be
- passed.
otherObjectTypeID
must not be empty.
-
-
-
- @return The digest object type or -1 if no object digest info is set.
-
-
- Returns the other object type ID if an object digest info is used.
-
- @return The other object type ID or null
if no object
- digest info is set.
-
-
- Returns the digest algorithm ID if an object digest info is used.
-
- @return The digest algorithm ID or null
if no object
- digest info is set.
-
-
- Return the serial number associated with the issuer attached to this holder.
-
- @return the certificate serial number, null if no BaseCertificateID is set.
-
-
- base constructor.
-
-
- create a SecurityUtilityException with the given message.
-
- @param message the message to be carried with the exception.
-
-
- General purpose writer for OpenSSL PEM objects.
-
-
- The TextWriter object to write the output to.
-
-
- wrapper for the RevokedInfo object
-
-
- return the revocation reason. Note: this field is optional, test for it
- with hasRevocationReason() first.
- @exception InvalidOperationException if a reason is asked for and none is avaliable
-
-
- Base class for an elliptic curve.
-
-
- Decode a point on this curve from its ASN.1 encoding. The different
- encodings are taken account of, including point compression for
- Fp
(X9.62 s 4.2.1 pg 17).
- @return The decoded point.
-
-
- Elliptic curve over Fp
-
-
- Elliptic curves over F2m. The Weierstrass equation is given by
- y2 + xy = x3 + ax2 + b
.
-
-
- The exponent m
of F2m
.
-
-
- TPB: The integer k
where xm +
- xk + 1
represents the reduction polynomial
- f(z)
.
- PPB: The integer k1
where xm +
- xk3 + xk2 + xk1 + 1
- represents the reduction polynomial f(z)
.
-
-
- TPB: Always set to 0
- PPB: The integer k2
where xm +
- xk3 + xk2 + xk1 + 1
- represents the reduction polynomial f(z)
.
-
-
- TPB: Always set to 0
- PPB: The integer k3
where xm +
- xk3 + xk2 + xk1 + 1
- represents the reduction polynomial f(z)
.
-
-
- The order of the base point of the curve.
-
-
- The cofactor of the curve.
-
-
- The point at infinity on this curve.
-
-
- The parameter μ
of the elliptic curve if this is
- a Koblitz curve.
-
-
- The auxiliary values s0
and
- s1
used for partial modular reduction for
- Koblitz curves.
-
-
- Constructor for Trinomial Polynomial Basis (TPB).
- @param m The exponent m
of
- F2m
.
- @param k The integer k
where xm +
- xk + 1
represents the reduction
- polynomial f(z)
.
- @param a The coefficient a
in the Weierstrass equation
- for non-supersingular elliptic curves over
- F2m
.
- @param b The coefficient b
in the Weierstrass equation
- for non-supersingular elliptic curves over
- F2m
.
-
-
- Constructor for Trinomial Polynomial Basis (TPB).
- @param m The exponent m
of
- F2m
.
- @param k The integer k
where xm +
- xk + 1
represents the reduction
- polynomial f(z)
.
- @param a The coefficient a
in the Weierstrass equation
- for non-supersingular elliptic curves over
- F2m
.
- @param b The coefficient b
in the Weierstrass equation
- for non-supersingular elliptic curves over
- F2m
.
- @param n The order of the main subgroup of the elliptic curve.
- @param h The cofactor of the elliptic curve, i.e.
- #Ea(F2m) = h * n
.
-
-
- Constructor for Pentanomial Polynomial Basis (PPB).
- @param m The exponent m
of
- F2m
.
- @param k1 The integer k1
where xm +
- xk3 + xk2 + xk1 + 1
- represents the reduction polynomial f(z)
.
- @param k2 The integer k2
where xm +
- xk3 + xk2 + xk1 + 1
- represents the reduction polynomial f(z)
.
- @param k3 The integer k3
where xm +
- xk3 + xk2 + xk1 + 1
- represents the reduction polynomial f(z)
.
- @param a The coefficient a
in the Weierstrass equation
- for non-supersingular elliptic curves over
- F2m
.
- @param b The coefficient b
in the Weierstrass equation
- for non-supersingular elliptic curves over
- F2m
.
-
-
- Constructor for Pentanomial Polynomial Basis (PPB).
- @param m The exponent m
of
- F2m
.
- @param k1 The integer k1
where xm +
- xk3 + xk2 + xk1 + 1
- represents the reduction polynomial f(z)
.
- @param k2 The integer k2
where xm +
- xk3 + xk2 + xk1 + 1
- represents the reduction polynomial f(z)
.
- @param k3 The integer k3
where xm +
- xk3 + xk2 + xk1 + 1
- represents the reduction polynomial f(z)
.
- @param a The coefficient a
in the Weierstrass equation
- for non-supersingular elliptic curves over
- F2m
.
- @param b The coefficient b
in the Weierstrass equation
- for non-supersingular elliptic curves over
- F2m
.
- @param n The order of the main subgroup of the elliptic curve.
- @param h The cofactor of the elliptic curve, i.e.
- #Ea(F2m) = h * n
.
-
-
- Returns the parameter μ
of the elliptic curve.
- @return μ
of the elliptic curve.
- @throws ArgumentException if the given ECCurve is not a
- Koblitz curve.
-
-
- @return the auxiliary values s0
and
- s1
used for partial modular reduction for
- Koblitz curves.
-
-
- Solves a quadratic equation z2 + z = beta
(X9.62
- D.1.6) The other solution is z + 1
.
-
- @param beta
- The value to solve the qradratic equation for.
- @return the solution for z2 + z = beta
or
- null
if no solution exists.
-
-
- Return true if curve uses a Trinomial basis.
-
- @return true if curve Trinomial, false otherwise.
-
-
- Returns true if this is a Koblitz curve (ABC curve).
- @return true if this is a Koblitz curve (ABC curve), false otherwise
-
-
-
- RFC 2246 A.5
-
-
-
-
- A queue for bytes.
-
- This file could be more optimized.
-
-
-
-
- The initial size for our buffer.
-
-
- The smallest number which can be written as 2^x which is bigger than i.
-
-
- The buffer where we store our data.
-
-
- How many bytes at the beginning of the buffer are skipped.
-
-
- How many bytes in the buffer are valid data.
-
-
- Read data from the buffer.
- The buffer where the read data will be copied to.
- How many bytes to skip at the beginning of buf.
- How many bytes to read at all.
- How many bytes from our data to skip.
-
-
- Add some data to our buffer.
- A byte-array to read data from.
- How many bytes to skip at the beginning of the array.
- How many bytes to read from the array.
-
-
- Remove some bytes from our data from the beginning.
- How many bytes to remove.
-
-
- The number of bytes which are available in this buffer.
-
-
- A padder that adds ISO10126-2 padding to a block.
-
-
- Initialise the padder.
-
- @param random a SecureRandom if available.
-
-
- add the pad bytes to the passed in block, returning the
- number of bytes added.
-
-
- return the number of pad bytes present in the block.
-
-
- Return the name of the algorithm the cipher implements.
-
- @return the name of the algorithm the cipher implements.
-
-
- a GOST3410 key pair generator.
- This generates GOST3410 keys in line with the method described
- in GOST R 34.10-94.
-
-
- initialise a VMPC cipher.
-
- @param forEncryption
- whether or not we are for encryption.
- @param params
- the parameters required to set up the cipher.
- @exception ArgumentException
- if the params argument is inappropriate.
-
-
- a class that provides a basic SKIPJACK engine.
-
-
- initialise a SKIPJACK cipher.
-
- @param forEncryption whether or not we are for encryption.
- @param parameters the parameters required to set up the cipher.
- @exception ArgumentException if the parameters argument is
- inappropriate.
-
-
- The G permutation
-
-
- the inverse of the G permutation.
-
-
- this does your basic RSA algorithm.
-
-
- initialise the RSA engine.
-
- @param forEncryption true if we are encrypting, false otherwise.
- @param param the necessary RSA key parameters.
-
-
- Return the maximum size for an input block to this engine.
- For RSA this is always one byte less than the key size on
- encryption, and the same length as the key size on decryption.
-
- @return maximum size for an input block.
-
-
- Return the maximum size for an output block to this engine.
- For RSA this is always one byte less than the key size on
- decryption, and the same length as the key size on encryption.
-
- @return maximum size for an output block.
-
-
- The specification for RC5 came from the RC5 Encryption Algorithm
- publication in RSA CryptoBytes, Spring of 1995.
- http://www.rsasecurity.com/rsalabs/cryptobytes.
-
- This implementation is set to work with a 64 bit word size.
-
-
- Create an instance of the RC5 encryption algorithm
- and set some defaults
-
-
- initialise a RC5-64 cipher.
-
- @param forEncryption whether or not we are for encryption.
- @param parameters the parameters required to set up the cipher.
- @exception ArgumentException if the parameters argument is
- inappropriate.
-
-
- Re-key the cipher.
-
- @param key the key to be used
-
-
- Encrypt the given block starting at the given offset and place
- the result in the provided buffer starting at the given offset.
-
- @param in in byte buffer containing data to encrypt
- @param inOff offset into src buffer
- @param out out buffer where encrypted data is written
- @param outOff offset into out buffer
-
-
- Perform a left "spin" of the word. The rotation of the given
- word x is rotated left by y bits.
- Only the lg(wordSize) low-order bits of y
- are used to determine the rotation amount. Here it is
- assumed that the wordsize used is a power of 2.
-
- @param x word to rotate
- @param y number of bits to rotate % wordSize
-
-
- Perform a right "spin" of the word. The rotation of the given
- word x is rotated left by y bits.
- Only the lg(wordSize) low-order bits of y
- are used to determine the rotation amount. Here it is
- assumed that the wordsize used is a power of 2.
-
- @param x word to rotate
- @param y number of bits to rotate % wordSize
-
-
- Camellia - based on RFC 3713, smaller implementation, about half the size of CamelliaEngine.
-
-
- implementation of Tiger based on:
-
- http://www.cs.technion.ac.il/~biham/Reports/Tiger
-
-
- Standard constructor
-
-
- Copy constructor. This will copy the state of the provided
- message digest.
-
-
- reset the chaining variables
-
-
- Wrapper class that reduces the output length of a particular digest to
- only the first n bytes of the digest function.
-
-
- Base constructor.
-
- @param baseDigest underlying digest to use.
- @param length length in bytes of the output of doFinal.
- @exception ArgumentException if baseDigest is null, or length is greater than baseDigest.GetDigestSize().
-
-
- the RecipientInfo class for a recipient who has been sent a message
- encrypted using a password.
-
-
- decrypt the content and return an input stream.
-
-
- return the object identifier for the key derivation algorithm, or null
- if there is none present.
-
- @return OID for key derivation algorithm, if present.
-
-
- packet giving the User ID of the signer.
-
-
- packet giving signature expiration time.
-
-
- return time in seconds before signature expires after creation time.
-
-
- Base class for an RSA public key.
-
-
- Construct an RSA public key from the passed in stream.
-
-
- The modulus.
- The public exponent.
-
-
- Return the standard PGP encoding of the key.
-
-
- The format, as a string, always "PGP".
-
-
- Generic signature object
-
-
- The encryption algorithm tag.
-
-
- The hash algorithm tag.
-
-
- Basic tags for hash algorithms.
-
-
- an X509Certificate structure.
-
- Certificate ::= Sequence {
- tbsCertificate TbsCertificate,
- signatureAlgorithm AlgorithmIdentifier,
- signature BIT STRING
- }
-
-
-
- Generator for Version 2 AttributeCertificateInfo
-
- AttributeCertificateInfo ::= Sequence {
- version AttCertVersion -- version is v2,
- holder Holder,
- issuer AttCertIssuer,
- signature AlgorithmIdentifier,
- serialNumber CertificateSerialNumber,
- attrCertValidityPeriod AttCertValidityPeriod,
- attributes Sequence OF Attr,
- issuerUniqueID UniqueIdentifier OPTIONAL,
- extensions Extensions OPTIONAL
- }
-
-
-
-
- @param attribute
-
-
- The ReasonFlags object.
-
- ReasonFlags ::= BIT STRING {
- unused(0),
- keyCompromise(1),
- cACompromise(2),
- affiliationChanged(3),
- superseded(4),
- cessationOfOperation(5),
- certficateHold(6)
- }
-
-
-
- @param reasons - the bitwise OR of the Key Reason flags giving the
- allowed uses for the key.
-
-
- The TypeOfBiometricData object.
-
- TypeOfBiometricData ::= CHOICE {
- predefinedBiometricType PredefinedBiometricType,
- biometricDataOid OBJECT IDENTIFIER }
-
- PredefinedBiometricType ::= INTEGER {
- picture(0),handwritten-signature(1)}
- (picture|handwritten-signature)
-
-
-
- The default version
-
-
-
- RSASSA-PSS-params ::= SEQUENCE {
- hashAlgorithm [0] OAEP-PSSDigestAlgorithms DEFAULT sha1,
- maskGenAlgorithm [1] PKCS1MGFAlgorithms DEFAULT mgf1SHA1,
- saltLength [2] INTEGER DEFAULT 20,
- trailerField [3] TrailerField DEFAULT trailerFieldBC
- }
-
- OAEP-PSSDigestAlgorithms ALGORITHM-IDENTIFIER ::= {
- { OID id-sha1 PARAMETERS NULL }|
- { OID id-sha256 PARAMETERS NULL }|
- { OID id-sha384 PARAMETERS NULL }|
- { OID id-sha512 PARAMETERS NULL },
- ... -- Allows for future expansion --
- }
-
- PKCS1MGFAlgorithms ALGORITHM-IDENTIFIER ::= {
- { OID id-mgf1 PARAMETERS OAEP-PSSDigestAlgorithms },
- ... -- Allows for future expansion --
- }
-
- TrailerField ::= INTEGER { trailerFieldBC(1) }
-
- @return the asn1 primitive representing the parameters.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- Request ::= Sequence {
- reqCert CertID,
- singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL }
-
-
-
- Monetary limit for transactions. The QcEuMonetaryLimit QC statement MUST be
- used in new certificates in place of the extension/attribute MonetaryLimit
- since January 1, 2004. For the sake of backward compatibility with
- certificates already in use, components SHOULD support MonetaryLimit (as well
- as QcEuLimitValue).
-
- Indicates a monetary limit within which the certificate holder is authorized
- to act. (This value DOES NOT express a limit on the liability of the
- certification authority).
-
-
- MonetaryLimitSyntax ::= SEQUENCE
- {
- currency PrintableString (SIZE(3)),
- amount INTEGER,
- exponent INTEGER
- }
-
-
- currency must be the ISO code.
-
- value = amount�10*exponent
-
-
- Constructor from a given details.
-
-
- value = amount�10^exponent
-
- @param currency The currency. Must be the ISO code.
- @param amount The amount
- @param exponent The exponent
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- Returns:
-
-
- MonetaryLimitSyntax ::= SEQUENCE
- {
- currency PrintableString (SIZE(3)),
- amount INTEGER,
- exponent INTEGER
- }
-
-
- @return an Asn1Object
-
-
- constructors
-
-
- The definition of OtherSigningCertificate is
-
- OtherSigningCertificate ::= SEQUENCE {
- certs SEQUENCE OF OtherCertID,
- policies SEQUENCE OF PolicyInformation OPTIONAL
- }
-
- id-aa-ets-otherSigCert OBJECT IDENTIFIER ::= { iso(1)
- member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
- smime(16) id-aa(2) 19 }
-
-
- Create from OCTET STRING whose octets represent the identifier.
-
-
- Create from byte array representing the identifier.
-
-
- The definition of ContentIdentifier is
-
- ContentIdentifier ::= OCTET STRING
-
- id-aa-contentIdentifier OBJECT IDENTIFIER ::= { iso(1)
- member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
- smime(16) id-aa(2) 7 }
-
-
-
- RFC 3126: 4.2.2 Complete Revocation Refs Attribute Definition
-
- CRLListID ::= SEQUENCE
- {
- crls SEQUENCE OF CrlValidatedID
- }
-
-
-
-
- Commitment type qualifiers, used in the Commitment-Type-Indication attribute (RFC3126).
-
-
- CommitmentTypeQualifier ::= SEQUENCE {
- commitmentTypeIdentifier CommitmentTypeIdentifier,
- qualifier ANY DEFINED BY commitmentTypeIdentifier OPTIONAL }
-
-
-
- Creates a new CommitmentTypeQualifier
instance.
-
- @param commitmentTypeIdentifier a CommitmentTypeIdentifier
value
-
-
- Creates a new CommitmentTypeQualifier
instance.
-
- @param commitmentTypeIdentifier a CommitmentTypeIdentifier
value
- @param qualifier the qualifier, defined by the above field.
-
-
- Creates a new CommitmentTypeQualifier
instance.
-
- @param as CommitmentTypeQualifier
structure
- encoded as an Asn1Sequence.
-
-
- Returns a DER-encodable representation of this instance.
-
- @return a Asn1Object
value
-
-
- Creates a new PopoSigningKeyInput with sender name as authInfo.
-
-
- Creates a new PopoSigningKeyInput using password-based MAC.
-
-
-
- PopoSigningKeyInput ::= SEQUENCE {
- authInfo CHOICE {
- sender [0] GeneralName,
- -- used only if an authenticated identity has been
- -- established for the sender (e.g., a DN from a
- -- previously-issued and currently-valid certificate
- publicKeyMac PKMacValue },
- -- used if no authenticated GeneralName currently exists for
- -- the sender; publicKeyMac contains a password-based MAC
- -- on the DER-encoded value of publicKey
- publicKey SubjectPublicKeyInfo } -- from CertTemplate
-
- @return a basic ASN.1 object representation.
-
-
- Returns the sender field, or null if authInfo is publicKeyMac
-
-
- Returns the publicKeyMac field, or null if authInfo is sender
-
-
-
- PopoPrivKey ::= CHOICE {
- thisMessage [0] BIT STRING, -- Deprecated
- -- possession is proven in this message (which contains the private
- -- key itself (encrypted for the CA))
- subsequentMessage [1] SubsequentMessage,
- -- possession will be proven in a subsequent message
- dhMAC [2] BIT STRING, -- Deprecated
- agreeMAC [3] PKMACValue,
- encryptedKey [4] EnvelopedData }
-
-
-
-
- CertReqMessages ::= SEQUENCE SIZE (1..MAX) OF CertReqMsg
-
- @return a basic ASN.1 object representation.
-
-
- return a RecipientKeyIdentifier object from a tagged object.
-
- @param _ato the tagged object holding the object we want.
- @param _explicit true if the object is meant to be explicitly
- tagged false otherwise.
- @exception ArgumentException if the object held by the
- tagged object cannot be converted.
-
-
- return a RecipientKeyIdentifier object from the given object.
-
- @param _obj the object we want converted.
- @exception ArgumentException if the object cannot be converted.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- RecipientKeyIdentifier ::= Sequence {
- subjectKeyIdentifier SubjectKeyIdentifier,
- date GeneralizedTime OPTIONAL,
- other OtherKeyAttribute OPTIONAL
- }
-
- SubjectKeyIdentifier ::= OCTET STRING
-
-
-
- return a KeyTransRecipientInfo object from the given object.
-
- @param obj the object we want converted.
- @exception ArgumentException if the object cannot be converted.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- KeyTransRecipientInfo ::= Sequence {
- version CMSVersion, -- always set to 0 or 2
- rid RecipientIdentifier,
- keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
- encryptedKey EncryptedKey
- }
-
-
-
- return an AuthenticatedData object from a tagged object.
-
- @param obj the tagged object holding the object we want.
- @param isExplicit true if the object is meant to be explicitly
- tagged false otherwise.
- @throws ArgumentException if the object held by the
- tagged object cannot be converted.
-
-
- return an AuthenticatedData object from the given object.
-
- @param obj the object we want converted.
- @throws ArgumentException if the object cannot be converted.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- AuthenticatedData ::= SEQUENCE {
- version CMSVersion,
- originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
- recipientInfos RecipientInfos,
- macAlgorithm MessageAuthenticationCodeAlgorithm,
- digestAlgorithm [1] DigestAlgorithmIdentifier OPTIONAL,
- encapContentInfo EncapsulatedContentInfo,
- authAttrs [2] IMPLICIT AuthAttributes OPTIONAL,
- mac MessageAuthenticationCode,
- unauthAttrs [3] IMPLICIT UnauthAttributes OPTIONAL }
-
- AuthAttributes ::= SET SIZE (1..MAX) OF Attribute
-
- UnauthAttributes ::= SET SIZE (1..MAX) OF Attribute
-
- MessageAuthenticationCode ::= OCTET STRING
-
-
-
- This class is an Selector
like implementation to select
- attribute certificates from a given set of criteria.
-
- @see org.bouncycastle.x509.X509AttributeCertificate
- @see org.bouncycastle.x509.X509Store
-
-
-
- Decides if the given attribute certificate should be selected.
-
- The attribute certificate to be checked.
- true
if the object matches this selector.
-
-
- Adds a target name criterion for the attribute certificate to the target
- information extension criteria. The X509AttributeCertificate
- must contain at least one of the specified target names.
-
- Each attribute certificate may contain a target information extension
- limiting the servers where this attribute certificate can be used. If
- this extension is not present, the attribute certificate is not targeted
- and may be accepted by any server.
-
-
- @param name The name as a GeneralName (not null
)
-
-
- Adds a target name criterion for the attribute certificate to the target
- information extension criteria. The X509AttributeCertificate
- must contain at least one of the specified target names.
-
- Each attribute certificate may contain a target information extension
- limiting the servers where this attribute certificate can be used. If
- this extension is not present, the attribute certificate is not targeted
- and may be accepted by any server.
-
-
- @param name a byte array containing the name in ASN.1 DER encoded form of a GeneralName
- @throws IOException if a parsing error occurs.
-
-
- Adds a collection with target names criteria. If null
is
- given any will do.
-
- The collection consists of either GeneralName objects or byte[] arrays representing
- DER encoded GeneralName structures.
-
-
- @param names A collection of target names.
- @throws IOException if a parsing error occurs.
- @see #AddTargetName(byte[])
- @see #AddTargetName(GeneralName)
-
-
- Gets the target names. The collection consists of List
s
- made up of an Integer
in the first entry and a DER encoded
- byte array or a String
in the second entry.
- The returned collection is immutable.
-
- @return The collection of target names
- @see #setTargetNames(Collection)
-
-
- Adds a target group criterion for the attribute certificate to the target
- information extension criteria. The X509AttributeCertificate
- must contain at least one of the specified target groups.
-
- Each attribute certificate may contain a target information extension
- limiting the servers where this attribute certificate can be used. If
- this extension is not present, the attribute certificate is not targeted
- and may be accepted by any server.
-
-
- @param group The group as GeneralName form (not null
)
-
-
- Adds a target group criterion for the attribute certificate to the target
- information extension criteria. The X509AttributeCertificate
- must contain at least one of the specified target groups.
-
- Each attribute certificate may contain a target information extension
- limiting the servers where this attribute certificate can be used. If
- this extension is not present, the attribute certificate is not targeted
- and may be accepted by any server.
-
-
- @param name a byte array containing the group in ASN.1 DER encoded form of a GeneralName
- @throws IOException if a parsing error occurs.
-
-
- Adds a collection with target groups criteria. If null
is
- given any will do.
-
- The collection consists of GeneralName
objects or byte[]
- representing DER encoded GeneralNames.
-
-
- @param names A collection of target groups.
- @throws IOException if a parsing error occurs.
- @see #AddTargetGroup(byte[])
- @see #AddTargetGroup(GeneralName)
-
-
- Gets the target groups. The collection consists of List
s
- made up of an Integer
in the first entry and a DER encoded
- byte array or a String
in the second entry.
- The returned collection is immutable.
-
- @return The collection of target groups.
- @see #setTargetGroups(Collection)
-
-
- The attribute certificate which must be matched.
- If null is given, any will do.
-
-
- The criteria for validity
- If null is given any will do.
-
-
- The holder.
- If null is given any will do.
-
-
- The issuer.
- If null is given any will do.
-
-
- The serial number.
- If null is given any will do.
-
-
-
- A buffering class to allow translation from one format to another to
- be done in discrete chunks.
-
-
-
-
- Create a buffered Decoder.
-
- The translater to use.
- The size of the buffer.
-
-
-
- Process one byte of data.
-
- Data in.
- Byte array for the output.
- The offset in the output byte array to start writing from.
- The amount of output bytes.
-
-
-
- Process data from a byte array.
-
- The input data.
- Start position within input data array.
- Amount of data to process from input data array.
- Array to store output.
- Position in output array to start writing from.
- The amount of output bytes.
-
-
- Generator for RFC 3161 Time Stamp Responses.
-
-
- Return an appropriate TimeStampResponse.
-
- If genTime is null a timeNotAvailable error response will be returned.
-
- @param request the request this response is for.
- @param serialNumber serial number for the response token.
- @param genTime generation time for the response token.
- @param provider provider to use for signature calculation.
- @return
- @throws NoSuchAlgorithmException
- @throws NoSuchProviderException
- @throws TSPException
-
-
-
- Generate a TimeStampResponse with chosen status and FailInfoField.
-
- @param status the PKIStatus to set.
- @param failInfoField the FailInfoField to set.
- @param statusString an optional string describing the failure.
- @return a TimeStampResponse with a failInfoField and optional statusString
- @throws TSPException in case the response could not be created
-
-
-
- A trust anchor or most-trusted Certification Authority (CA).
-
- This class represents a "most-trusted CA", which is used as a trust anchor
- for validating X.509 certification paths. A most-trusted CA includes the
- public key of the CA, the CA's name, and any constraints upon the set of
- paths which may be validated using this key. These parameters can be
- specified in the form of a trusted X509Certificate or as individual
- parameters.
-
-
-
-
- Creates an instance of TrustAnchor with the specified X509Certificate and
- optional name constraints, which are intended to be used as additional
- constraints when validating an X.509 certification path.
- The name constraints are specified as a byte array. This byte array
- should contain the DER encoded form of the name constraints, as they
- would appear in the NameConstraints structure defined in RFC 2459 and
- X.509. The ASN.1 definition of this structure appears below.
-
-
- NameConstraints ::= SEQUENCE {
- permittedSubtrees [0] GeneralSubtrees OPTIONAL,
- excludedSubtrees [1] GeneralSubtrees OPTIONAL }
-
- GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
-
- GeneralSubtree ::= SEQUENCE {
- base GeneralName,
- minimum [0] BaseDistance DEFAULT 0,
- maximum [1] BaseDistance OPTIONAL }
-
- BaseDistance ::= INTEGER (0..MAX)
-
- GeneralName ::= CHOICE {
- otherName [0] OtherName,
- rfc822Name [1] IA5String,
- dNSName [2] IA5String,
- x400Address [3] ORAddress,
- directoryName [4] Name,
- ediPartyName [5] EDIPartyName,
- uniformResourceIdentifier [6] IA5String,
- iPAddress [7] OCTET STRING,
- registeredID [8] OBJECT IDENTIFIER}
-
-
- Note that the name constraints byte array supplied is cloned to protect
- against subsequent modifications.
-
- a trusted X509Certificate
- a byte array containing the ASN.1 DER encoding of a
- NameConstraints extension to be used for checking name
- constraints. Only the value of the extension is included, not
- the OID or criticality flag. Specify null to omit the
- parameter.
- if the specified X509Certificate is null
-
-
-
- Creates an instance of TrustAnchor where the
- most-trusted CA is specified as an X500Principal and public key.
-
-
-
- Name constraints are an optional parameter, and are intended to be used
- as additional constraints when validating an X.509 certification path.
-
- The name constraints are specified as a byte array. This byte array
- contains the DER encoded form of the name constraints, as they
- would appear in the NameConstraints structure defined in RFC 2459
- and X.509. The ASN.1 notation for this structure is supplied in the
- documentation for the other constructors.
-
- Note that the name constraints byte array supplied here is cloned to
- protect against subsequent modifications.
-
-
- the name of the most-trusted CA as X509Name
- the public key of the most-trusted CA
-
- a byte array containing the ASN.1 DER encoding of a NameConstraints extension to
- be used for checking name constraints. Only the value of the extension is included,
- not the OID or criticality flag. Specify null to omit the parameter.
-
-
- if caPrincipal or pubKey is null
-
-
-
-
- Creates an instance of TrustAnchor
where the most-trusted
- CA is specified as a distinguished name and public key. Name constraints
- are an optional parameter, and are intended to be used as additional
- constraints when validating an X.509 certification path.
-
- The name constraints are specified as a byte array. This byte array
- contains the DER encoded form of the name constraints, as they would
- appear in the NameConstraints structure defined in RFC 2459 and X.509.
-
- the X.500 distinguished name of the most-trusted CA in RFC
- 2253 string format
- the public key of the most-trusted CA
- a byte array containing the ASN.1 DER encoding of a
- NameConstraints extension to be used for checking name
- constraints. Only the value of the extension is included, not
- the OID or criticality flag. Specify null to omit the
- parameter.
- throws NullPointerException, IllegalArgumentException
-
-
-
- Decode the name constraints and clone them if not null.
-
-
-
-
- Returns a formatted string describing the TrustAnchor
.
-
- a formatted string describing the TrustAnchor
-
-
-
- Returns the most-trusted CA certificate.
-
-
-
-
- Returns the name of the most-trusted CA as an X509Name.
-
-
-
-
- Returns the name of the most-trusted CA in RFC 2253 string format.
-
-
-
-
- Returns the public key of the most-trusted CA.
-
-
-
- Implements the PKIX CertPathBuilding algorithm for BouncyCastle.
-
- @see CertPathBuilderSpi
-
-
- Build and validate a CertPath using the given parameter.
-
- @param params PKIXBuilderParameters object containing all information to
- build the CertPath
-
-
- General class to contain a private key for use with other OpenPGP objects.
-
-
-
- Create a PgpPrivateKey from a regular private key and the ID of its
- associated public key.
-
- Private key to use.
- ID of the corresponding public key.
-
-
- The keyId associated with the contained private key.
-
-
- The contained private key.
-
-
- return a sqrt root - the routine verifies that the calculation
- returns the right value - if none exists it returns null.
-
-
- return the field name for this field.
-
- @return the string "Fp".
-
-
- Class representing the Elements of the finite field
- F2m
in polynomial basis (PB)
- representation. Both trinomial (Tpb) and pentanomial (Ppb) polynomial
- basis representations are supported. Gaussian normal basis (GNB)
- representation is not supported.
-
-
- Indicates gaussian normal basis representation (GNB). Number chosen
- according to X9.62. GNB is not implemented at present.
-
-
- Indicates trinomial basis representation (Tpb). Number chosen
- according to X9.62.
-
-
- Indicates pentanomial basis representation (Ppb). Number chosen
- according to X9.62.
-
-
- Tpb or Ppb.
-
-
- The exponent m
of F2m
.
-
-
- Tpb: The integer k
where xm +
- xk + 1
represents the reduction polynomial
- f(z)
.
- Ppb: The integer k1
where xm +
- xk3 + xk2 + xk1 + 1
- represents the reduction polynomial f(z)
.
-
-
- Tpb: Always set to 0
- Ppb: The integer k2
where xm +
- xk3 + xk2 + xk1 + 1
- represents the reduction polynomial f(z)
.
-
-
- Tpb: Always set to 0
- Ppb: The integer k3
where xm +
- xk3 + xk2 + xk1 + 1
- represents the reduction polynomial f(z)
.
-
-
- The IntArray
holding the bits.
-
-
- The number of int
s required to hold m
bits.
-
-
- Constructor for Ppb.
- @param m The exponent m
of
- F2m
.
- @param k1 The integer k1
where xm +
- xk3 + xk2 + xk1 + 1
- represents the reduction polynomial f(z)
.
- @param k2 The integer k2
where xm +
- xk3 + xk2 + xk1 + 1
- represents the reduction polynomial f(z)
.
- @param k3 The integer k3
where xm +
- xk3 + xk2 + xk1 + 1
- represents the reduction polynomial f(z)
.
- @param x The BigInteger representing the value of the field element.
-
-
- Constructor for Tpb.
- @param m The exponent m
of
- F2m
.
- @param k The integer k
where xm +
- xk + 1
represents the reduction
- polynomial f(z)
.
- @param x The BigInteger representing the value of the field element.
-
-
- Checks, if the ECFieldElements a
and b
- are elements of the same field F2m
- (having the same representation).
- @param a field element.
- @param b field element to be compared.
- @throws ArgumentException if a
and b
- are not elements of the same field
- F2m
(having the same
- representation).
-
-
- @return the representation of the field
- F2m
, either of
- {@link F2mFieldElement.Tpb} (trinomial
- basis representation) or
- {@link F2mFieldElement.Ppb} (pentanomial
- basis representation).
-
-
- @return the degree m
of the reduction polynomial
- f(z)
.
-
-
- @return Tpb: The integer k
where xm +
- xk + 1
represents the reduction polynomial
- f(z)
.
- Ppb: The integer k1
where xm +
- xk3 + xk2 + xk1 + 1
- represents the reduction polynomial f(z)
.
-
-
- @return Tpb: Always returns 0
- Ppb: The integer k2
where xm +
- xk3 + xk2 + xk1 + 1
- represents the reduction polynomial f(z)
.
-
-
- @return Tpb: Always set to 0
- Ppb: The integer k3
where xm +
- xk3 + xk2 + xk1 + 1
- represents the reduction polynomial f(z)
.
-
-
-
- RFC 4492 5.1.2
-
-
-
- A of X509Name
-
-
- A representation for a certificate chain.
-
-
- The certificates.
-
-
- Parse the ServerCertificate message.
-
- @param inStr The stream where to parse from.
- @return A Certificate object with the certs, the server has sended.
- @throws IOException If something goes wrong during parsing.
-
-
- Encodes version of the ClientCertificate message
-
- @param outStr stream to write the message to
- @throws IOException If something goes wrong
-
-
- Private constructor from a cert array.
-
- @param certs The certs the chain should contain.
-
-
- An array which contains the certs, this chain contains.
-
-
- GOST R 34.10-2001 Signature Algorithm
-
-
- generate a signature for the given message using the key we were
- initialised with. For conventional GOST3410 the message should be a GOST3411
- hash of the message of interest.
-
- @param message the message that will be verified later.
-
-
- return true if the value r and s represent a GOST3410 signature for
- the passed in message (for standard GOST3410 the message should be
- a GOST3411 hash of the real message to be verified).
-
-
- The Digital Signature Algorithm - as described in "Handbook of Applied
- Cryptography", pages 452 - 453.
-
-
- Generate a signature for the given message using the key we were
- initialised with. For conventional DSA the message should be a SHA-1
- hash of the message of interest.
-
- @param message the message that will be verified later.
-
-
- return true if the value r and s represent a DSA signature for
- the passed in message for standard DSA the message should be a
- SHA-1 hash of the real message to be verified.
-
-
- parameters for Key derivation functions for ISO-18033
-
-
- * Implements the Counter with Cipher Block Chaining mode (CCM) detailed in
- * NIST Special Publication 800-38C.
- *
- * Note: this mode is a packet mode - it needs all the data up front.
- *
-
-
- Basic constructor.
-
- @param cipher the block cipher to be used.
-
-
- return the underlying block cipher that we are wrapping.
-
- @return the underlying block cipher that we are wrapping.
-
-
- Returns a byte array containing the mac calculated as part of the
- last encrypt or decrypt operation.
-
- @return the last mac calculated.
-
-
- * a DSA key pair generator.
- *
- * This Generates DSA keys in line with the method described
- * in FIPS 186-3 B.1 FFC Key Pair Generation.
-
-
- ISO 9796-1 padding. Note in the light of recent results you should
- only use this with RSA (rather than the "simpler" Rabin keys) and you
- should never use it with anything other than a hash (ie. even if the
- message is small don't sign the message, sign it's hash) or some "random"
- value. See your favorite search engine for details.
-
-
- return the input block size. The largest message we can process
- is (key_size_in_bits + 3)/16, which in our world comes to
- key_size_in_bytes / 2.
-
-
- return the maximum possible size for the output.
-
-
- set the number of bits in the next message to be treated as
- pad bits.
-
-
- retrieve the number of pad bits in the last decoded message.
-
-
- @exception InvalidCipherTextException if the decrypted block is not a valid ISO 9796 bit string
-
-
- Implementation of WhirlpoolDigest, based on Java source published by Barreto
- and Rijmen.
-
-
-
- Copy constructor. This will copy the state of the provided message
- digest.
-
-
- Reset the chaining variables
-
-
- SHA-224 as described in RFC 3874
-
- block word digest
- SHA-1 512 32 160
- SHA-224 512 32 224
- SHA-256 512 32 256
- SHA-384 1024 64 384
- SHA-512 1024 64 512
-
-
-
- Standard constructor
-
-
- Copy constructor. This will copy the state of the provided
- message digest.
-
-
- reset the chaining variables
-
-
- implementation of SHA-1 as outlined in "Handbook of Applied Cryptography", pages 346 - 349.
-
- It is interesting to ponder why the, apart from the extra IV, the other difference here from MD5
- is the "endienness" of the word processing!
-
-
- Copy constructor. This will copy the state of the provided
- message digest.
-
-
- reset the chaining variables
-
-
- implementation of GOST R 34.11-94
-
-
- Standard constructor
-
-
- Constructor to allow use of a particular sbox with GOST28147
- @see GOST28147Engine#getSBox(String)
-
-
- Copy constructor. This will copy the state of the provided
- message digest.
-
-
- reset the chaining variables to the IV values.
-
-
- the RecipientInfo class for a recipient who has been sent a message
- encrypted using a secret key known to the other side.
-
-
- decrypt the content and return an input stream.
-
-
- general class for handling a pkcs7-signature message.
-
- A simple example of usage - note, in the example below the validity of
- the certificate isn't verified, just the fact that one of the certs
- matches the given signer...
-
-
- IX509Store certs = s.GetCertificates();
- SignerInformationStore signers = s.GetSignerInfos();
-
- foreach (SignerInformation signer in signers.GetSigners())
- {
- ArrayList certList = new ArrayList(certs.GetMatches(signer.SignerID));
- X509Certificate cert = (X509Certificate) certList[0];
-
- if (signer.Verify(cert.GetPublicKey()))
- {
- verified++;
- }
- }
-
-
-
- Content with detached signature, digests precomputed
-
- @param hashes a map of precomputed digests for content indexed by name of hash.
- @param sigBlock the signature object.
-
-
- base constructor - content with detached signature.
-
- @param signedContent the content that was signed.
- @param sigData the signature object.
-
-
- base constructor - with encapsulated content
-
-
- return the collection of signers that are associated with the
- signatures for the message.
-
-
- return a X509Store containing the attribute certificates, if any, contained
- in this message.
-
- @param type type of store to create
- @return a store of attribute certificates
- @exception NoSuchStoreException if the store type isn't available.
- @exception CmsException if a general exception prevents creation of the X509Store
-
-
- return a X509Store containing the public key certificates, if any, contained
- in this message.
-
- @param type type of store to create
- @return a store of public key certificates
- @exception NoSuchStoreException if the store type isn't available.
- @exception CmsException if a general exception prevents creation of the X509Store
-
-
- return a X509Store containing CRLs, if any, contained
- in this message.
-
- @param type type of store to create
- @return a store of CRLs
- @exception NoSuchStoreException if the store type isn't available.
- @exception CmsException if a general exception prevents creation of the X509Store
-
-
- return the ASN.1 encoded representation of this object.
-
-
- Replace the signerinformation store associated with this
- CmsSignedData object with the new one passed in. You would
- probably only want to do this if you wanted to change the unsigned
- attributes associated with a signer, or perhaps delete one.
-
- @param signedData the signed data object to be used as a base.
- @param signerInformationStore the new signer information store to use.
- @return a new signed data object.
-
-
- Replace the certificate and CRL information associated with this
- CmsSignedData object with the new one passed in.
-
- @param signedData the signed data object to be used as a base.
- @param x509Certs the new certificates to be used.
- @param x509Crls the new CRLs to be used.
- @return a new signed data object.
- @exception CmsException if there is an error processing the stores
-
-
- Return the version number for this object.
-
-
-
- Return the DerObjectIdentifier associated with the encapsulated
- content info structure carried in the signed data.
-
-
-
- return the ContentInfo
-
-
- Class for reading a CMS Compressed Data stream.
-
- CMSCompressedDataParser cp = new CMSCompressedDataParser(inputStream);
-
- process(cp.GetContent().GetContentStream());
-
- Note: this class does not introduce buffering - if you are processing large files you should create
- the parser with:
-
- CMSCompressedDataParser ep = new CMSCompressedDataParser(new BufferedInputStream(inputStream, bufSize));
-
- where bufSize is a suitably large buffer size.
-
-
- Packet holding the key flag values.
-
-
-
- Return the flag values contained in the first 4 octets (note: at the moment
- the standard only uses the first one).
-
-
-
- ASN.1 def for Elliptic-Curve Curve structure. See
- X9.62, for further details.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- Curve ::= Sequence {
- a FieldElement,
- b FieldElement,
- seed BIT STRING OPTIONAL
- }
-
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- ServiceLocator ::= Sequence {
- issuer Name,
- locator AuthorityInfoAccessSyntax OPTIONAL }
-
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- ResponseData ::= Sequence {
- version [0] EXPLICIT Version DEFAULT v1,
- responderID ResponderID,
- producedAt GeneralizedTime,
- responses Sequence OF SingleResponse,
- responseExtensions [1] EXPLICIT Extensions OPTIONAL }
-
-
-
- Attribute to indicate admissions to certain professions.
-
-
- AdmissionSyntax ::= SEQUENCE
- {
- admissionAuthority GeneralName OPTIONAL,
- contentsOfAdmissions SEQUENCE OF Admissions
- }
-
- Admissions ::= SEQUENCE
- {
- admissionAuthority [0] EXPLICIT GeneralName OPTIONAL
- namingAuthority [1] EXPLICIT NamingAuthority OPTIONAL
- professionInfos SEQUENCE OF ProfessionInfo
- }
-
- NamingAuthority ::= SEQUENCE
- {
- namingAuthorityId OBJECT IDENTIFIER OPTIONAL,
- namingAuthorityUrl IA5String OPTIONAL,
- namingAuthorityText DirectoryString(SIZE(1..128)) OPTIONAL
- }
-
- ProfessionInfo ::= SEQUENCE
- {
- namingAuthority [0] EXPLICIT NamingAuthority OPTIONAL,
- professionItems SEQUENCE OF DirectoryString (SIZE(1..128)),
- professionOIDs SEQUENCE OF OBJECT IDENTIFIER OPTIONAL,
- registrationNumber PrintableString(SIZE(1..128)) OPTIONAL,
- addProfessionInfo OCTET STRING OPTIONAL
- }
-
-
-
- ISIS-MTT PROFILE: The relatively complex structure of AdmissionSyntax
- supports the following concepts and requirements:
-
- - External institutions (e.g. professional associations, chambers, unions,
- administrative bodies, companies, etc.), which are responsible for granting
- and verifying professional admissions, are indicated by means of the data
- field admissionAuthority. An admission authority is indicated by a
- GeneralName object. Here an X.501 directory name (distinguished name) can be
- indicated in the field directoryName, a URL address can be indicated in the
- field uniformResourceIdentifier, and an object identifier can be indicated in
- the field registeredId.
- - The names of authorities which are responsible for the administration of
- title registers are indicated in the data field namingAuthority. The name of
- the authority can be identified by an object identifier in the field
- namingAuthorityId, by means of a text string in the field
- namingAuthorityText, by means of a URL address in the field
- namingAuthorityUrl, or by a combination of them. For example, the text string
- can contain the name of the authority, the country and the name of the title
- register. The URL-option refers to a web page which contains lists with
- �officially� registered professions (text and possibly OID) as well as
- further information on these professions. Object identifiers for the
- component namingAuthorityId are grouped under the OID-branch
- id-isis-at-namingAuthorities and must be applied for.
- - See http://www.teletrust.de/anwend.asp?Id=30200&Sprache=E_&HomePG=0
- for an application form and http://www.teletrust.de/links.asp?id=30220,11
- for an overview of registered naming authorities.
- - By means of the data type ProfessionInfo certain professions,
- specializations, disciplines, fields of activity, etc. are identified. A
- profession is represented by one or more text strings, resp. profession OIDs
- in the fields professionItems and professionOIDs and by a registration number
- in the field registrationNumber. An indication in text form must always be
- present, whereas the other indications are optional. The component
- addProfessionInfo may contain additional applicationspecific information in
- DER-encoded form.
-
-
- By means of different namingAuthority-OIDs or profession OIDs hierarchies of
- professions, specializations, disciplines, fields of activity, etc. can be
- expressed. The issuing admission authority should always be indicated (field
- admissionAuthority), whenever a registration number is presented. Still,
- information on admissions can be given without indicating an admission or a
- naming authority by the exclusive use of the component professionItems. In
- this case the certification authority is responsible for the verification of
- the admission information.
-
-
-
- This attribute is single-valued. Still, several admissions can be captured in
- the sequence structure of the component contentsOfAdmissions of
- AdmissionSyntax or in the component professionInfos of Admissions. The
- component admissionAuthority of AdmissionSyntax serves as default value for
- the component admissionAuthority of Admissions. Within the latter component
- the default value can be overwritten, in case that another authority is
- responsible. The component namingAuthority of Admissions serves as a default
- value for the component namingAuthority of ProfessionInfo. Within the latter
- component the default value can be overwritten, in case that another naming
- authority needs to be recorded.
-
- The length of the string objects is limited to 128 characters. It is
- recommended to indicate a namingAuthorityURL in all issued attribute
- certificates. If a namingAuthorityURL is indicated, the field professionItems
- of ProfessionInfo should contain only registered titles. If the field
- professionOIDs exists, it has to contain the OIDs of the professions listed
- in professionItems in the same order. In general, the field professionInfos
- should contain only one entry, unless the admissions that are to be listed
- are logically connected (e.g. they have been issued under the same admission
- number).
-
- @see Org.BouncyCastle.Asn1.IsisMtt.X509.Admissions
- @see Org.BouncyCastle.Asn1.IsisMtt.X509.ProfessionInfo
- @see Org.BouncyCastle.Asn1.IsisMtt.X509.NamingAuthority
-
-
- Constructor from Asn1Sequence.
-
- The sequence is of type ProcurationSyntax:
-
-
- AdmissionSyntax ::= SEQUENCE
- {
- admissionAuthority GeneralName OPTIONAL,
- contentsOfAdmissions SEQUENCE OF Admissions
- }
-
- Admissions ::= SEQUENCE
- {
- admissionAuthority [0] EXPLICIT GeneralName OPTIONAL
- namingAuthority [1] EXPLICIT NamingAuthority OPTIONAL
- professionInfos SEQUENCE OF ProfessionInfo
- }
-
- NamingAuthority ::= SEQUENCE
- {
- namingAuthorityId OBJECT IDENTIFIER OPTIONAL,
- namingAuthorityUrl IA5String OPTIONAL,
- namingAuthorityText DirectoryString(SIZE(1..128)) OPTIONAL
- }
-
- ProfessionInfo ::= SEQUENCE
- {
- namingAuthority [0] EXPLICIT NamingAuthority OPTIONAL,
- professionItems SEQUENCE OF DirectoryString (SIZE(1..128)),
- professionOIDs SEQUENCE OF OBJECT IDENTIFIER OPTIONAL,
- registrationNumber PrintableString(SIZE(1..128)) OPTIONAL,
- addProfessionInfo OCTET STRING OPTIONAL
- }
-
-
- @param seq The ASN.1 sequence.
-
-
- Constructor from given details.
-
- @param admissionAuthority The admission authority.
- @param contentsOfAdmissions The admissions.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- Returns:
-
-
- AdmissionSyntax ::= SEQUENCE
- {
- admissionAuthority GeneralName OPTIONAL,
- contentsOfAdmissions SEQUENCE OF Admissions
- }
-
- Admissions ::= SEQUENCE
- {
- admissionAuthority [0] EXPLICIT GeneralName OPTIONAL
- namingAuthority [1] EXPLICIT NamingAuthority OPTIONAL
- professionInfos SEQUENCE OF ProfessionInfo
- }
-
- NamingAuthority ::= SEQUENCE
- {
- namingAuthorityId OBJECT IDENTIFIER OPTIONAL,
- namingAuthorityUrl IA5String OPTIONAL,
- namingAuthorityText DirectoryString(SIZE(1..128)) OPTIONAL
- }
-
- ProfessionInfo ::= SEQUENCE
- {
- namingAuthority [0] EXPLICIT NamingAuthority OPTIONAL,
- professionItems SEQUENCE OF DirectoryString (SIZE(1..128)),
- professionOIDs SEQUENCE OF OBJECT IDENTIFIER OPTIONAL,
- registrationNumber PrintableString(SIZE(1..128)) OPTIONAL,
- addProfessionInfo OCTET STRING OPTIONAL
- }
-
-
- @return an Asn1Object
-
-
- @return Returns the contentsOfAdmissions.
-
-
- @return Returns the admissionAuthority if present, null otherwise.
-
-
-
- RFC 3126: 4.2.2 Complete Revocation Refs Attribute Definition
-
- CrlValidatedID ::= SEQUENCE {
- crlHash OtherHash,
- crlIdentifier CrlIdentifier OPTIONAL}
-
-
-
-
-
- RFC 3126: 4.2.1 Complete Certificate Refs Attribute Definition
-
- CompleteCertificateRefs ::= SEQUENCE OF OtherCertID
-
-
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- RecipientInfo ::= CHOICE {
- ktri KeyTransRecipientInfo,
- kari [1] KeyAgreeRecipientInfo,
- kekri [2] KekRecipientInfo,
- pwri [3] PasswordRecipientInfo,
- ori [4] OtherRecipientInfo }
-
-
-
- return an EncryptedContentInfo object from the given object.
-
- @param obj the object we want converted.
- @exception ArgumentException if the object cannot be converted.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- EncryptedContentInfo ::= Sequence {
- contentType ContentType,
- contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
- encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL
- }
-
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- ContentInfo ::= Sequence {
- contentType ContentType,
- content
- [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL }
-
-
-
- Creates a new PkiBody.
- @param type one of the TYPE_* constants
- @param content message content
-
-
-
- PkiBody ::= CHOICE { -- message-specific body elements
- ir [0] CertReqMessages, --Initialization Request
- ip [1] CertRepMessage, --Initialization Response
- cr [2] CertReqMessages, --Certification Request
- cp [3] CertRepMessage, --Certification Response
- p10cr [4] CertificationRequest, --imported from [PKCS10]
- popdecc [5] POPODecKeyChallContent, --pop Challenge
- popdecr [6] POPODecKeyRespContent, --pop Response
- kur [7] CertReqMessages, --Key Update Request
- kup [8] CertRepMessage, --Key Update Response
- krr [9] CertReqMessages, --Key Recovery Request
- krp [10] KeyRecRepContent, --Key Recovery Response
- rr [11] RevReqContent, --Revocation Request
- rp [12] RevRepContent, --Revocation Response
- ccr [13] CertReqMessages, --Cross-Cert. Request
- ccp [14] CertRepMessage, --Cross-Cert. Response
- ckuann [15] CAKeyUpdAnnContent, --CA Key Update Ann.
- cann [16] CertAnnContent, --Certificate Ann.
- rann [17] RevAnnContent, --Revocation Ann.
- crlann [18] CRLAnnContent, --CRL Announcement
- pkiconf [19] PKIConfirmContent, --Confirmation
- nested [20] NestedMessageContent, --Nested Message
- genm [21] GenMsgContent, --General Message
- genp [22] GenRepContent, --General Response
- error [23] ErrorMsgContent, --Error Message
- certConf [24] CertConfirmContent, --Certificate confirm
- pollReq [25] PollReqContent, --Polling request
- pollRep [26] PollRepContent --Polling response
- }
-
- @return a basic ASN.1 object representation.
-
-
-
- Create loading data from byte array.
-
-
-
-
-
- Create loading data from byte array.
-
-
-
-
-
- A factory to produce Public Key Info Objects.
-
-
-
-
- Create a Subject Public Key Info object for a given public key.
-
- One of ElGammalPublicKeyParameters, DSAPublicKeyParameter, DHPublicKeyParameters, RsaKeyParameters or ECPublicKeyParameters
- A subject public key info object.
- Throw exception if object provided is not one of the above.
-
-
- A simple collection backed store.
-
-
- Basic constructor.
-
- @param collection - initial contents for the store, this is copied.
-
-
- Return the matches in the collection for the passed in selector.
-
- @param selector the selector to match against.
- @return a possibly empty collection of matching objects.
-
-
- Convert binary data to and from UrlBase64 encoding. This is identical to
- Base64 encoding, except that the padding character is "." and the other
- non-alphanumeric characters are "-" and "_" instead of "+" and "/".
-
- The purpose of UrlBase64 encoding is to provide a compact encoding of binary
- data that is safe for use as an URL parameter. Base64 encoding does not
- produce encoded values that are safe for use in URLs, since "/" can be
- interpreted as a path delimiter; "+" is the encoded form of a space; and
- "=" is used to separate a name from the corresponding value in an URL
- parameter.
-
-
-
- Convert binary data to and from UrlBase64 encoding. This is identical to
- Base64 encoding, except that the padding character is "." and the other
- non-alphanumeric characters are "-" and "_" instead of "+" and "/".
-
- The purpose of UrlBase64 encoding is to provide a compact encoding of binary
- data that is safe for use as an URL parameter. Base64 encoding does not
- produce encoded values that are safe for use in URLs, since "/" can be
- interpreted as a path delimiter; "+" is the encoded form of a space; and
- "=" is used to separate a name from the corresponding value in an URL
- parameter.
-
-
-
- Encode the input data producing a URL safe base 64 encoded byte array.
-
- @return a byte array containing the URL safe base 64 encoded data.
-
-
- Encode the byte data writing it to the given output stream.
-
- @return the number of bytes produced.
-
-
- Decode the URL safe base 64 encoded input data - white space will be ignored.
-
- @return a byte array representing the decoded data.
-
-
- decode the URL safe base 64 encoded byte data writing it to the given output stream,
- whitespace characters will be ignored.
-
- @return the number of bytes produced.
-
-
- decode the URL safe base 64 encoded string data - whitespace will be ignored.
-
- @return a byte array representing the decoded data.
-
-
- Decode the URL safe base 64 encoded string data writing it to the given output stream,
- whitespace characters will be ignored.
-
- @return the number of bytes produced.
-
-
-
- A hex translator.
-
-
-
-
- Return encoded block size.
-
- 2
-
-
-
- Encode some data.
-
- Input data array.
- Start position within input data array.
- The amount of data to process.
- The output data array.
- The offset within the output data array to start writing from.
- Amount of data encoded.
-
-
-
- Returns the decoded block size.
-
- 1
-
-
-
- Decode data from a byte array.
-
- The input data array.
- Start position within input data array.
- The amounty of data to process.
- The output data array.
- The position within the output data array to start writing from.
- The amount of data written.
-
-
- Checks if an attribute certificate is revoked.
-
- @param attrCert Attribute certificate to check if it is revoked.
- @param paramsPKIX PKIX parameters.
- @param issuerCert The issuer certificate of the attribute certificate
- attrCert
.
- @param validDate The date when the certificate revocation status should
- be checked.
- @param certPathCerts The certificates of the certification path to be
- checked.
-
- @throws CertPathValidatorException if the certificate is revoked or the
- status cannot be checked or some error occurs.
-
-
- Searches for a holder public key certificate and verifies its
- certification path.
-
- @param attrCert the attribute certificate.
- @param pkixParams The PKIX parameters.
- @return The certificate path of the holder certificate.
- @throws Exception if
-
- - no public key certificate can be found although holder
- information is given by an entity name or a base certificate
- ID
- - support classes cannot be created
- - no certification path for the public key certificate can
- be built
-
-
-
-
- Checks a distribution point for revocation information for the
- certificate attrCert
.
-
- @param dp The distribution point to consider.
- @param attrCert The attribute certificate which should be checked.
- @param paramsPKIX PKIX parameters.
- @param validDate The date when the certificate revocation status should
- be checked.
- @param issuerCert Certificate to check if it is revoked.
- @param reasonMask The reasons mask which is already checked.
- @param certPathCerts The certificates of the certification path to be
- checked.
- @throws Exception if the certificate is revoked or the status
- cannot be checked or some error occurs.
-
-
-
- This class helps to handle CRL revocation reasons mask. Each CRL handles a
- certain set of revocation reasons.
-
-
-
-
- Constructs are reason mask with the reasons.
-
- The reasons.
-
-
-
- A reason mask with no reason.
-
-
-
-
- A mask with all revocation reasons.
-
-
-
- Adds all reasons from the reasons mask to this mask.
-
- @param mask The reasons mask to add.
-
-
-
- Intersects this mask with the given reasons mask.
-
- mask The mask to intersect with.
- The intersection of this and teh given mask.
-
-
-
- Returns true if the passed reasons mask has new reasons.
-
- The reasons mask which should be tested for new reasons.
- true if the passed reasons mask has new reasons.
-
-
-
- Returns true
if this reasons mask contains all possible
- reasons.
-
- true if this reasons mask contains all possible reasons.
-
-
-
-
- Returns the reasons in this mask.
-
-
-
-
- A temporary class to use LegacyTlsAuthentication
-
-
-
-
- Load oid table.
-
-
-
- Initialise the signer for signing or verification.
-
- @param forSigning true if for signing, false otherwise
- @param param necessary parameters.
-
-
- update the internal digest with the byte b
-
-
- update the internal digest with the byte array in
-
-
- Generate a signature for the message we've been loaded with using
- the key we were initialised with.
-
-
- return true if the internal state represents the signature described
- in the passed in array.
-
-
-
- Permutation generated by code:
-
- // First 1850 fractional digit of Pi number.
- byte[] key = new BigInteger("14159265358979323846...5068006422512520511").ToByteArray();
- s = 0;
- P = new byte[256];
- for (int i = 0; i < 256; i++)
- {
- P[i] = (byte) i;
- }
- for (int m = 0; m < 768; m++)
- {
- s = P[(s + P[m & 0xff] + key[m % key.length]) & 0xff];
- byte temp = P[m & 0xff];
- P[m & 0xff] = P[s & 0xff];
- P[s & 0xff] = temp;
- }
-
-
-
- Value generated in the same way as P.
-
-
- A thread based seed generator - one source of randomness.
-
- Based on an idea from Marcus Lippert.
-
-
-
- Generate seed bytes. Set fast to false for best quality.
-
- If fast is set to true, the code should be round about 8 times faster when
- generating a long sequence of random bytes. 20 bytes of random values using
- the fast mode take less than half a second on a Nokia e70. If fast is set to false,
- it takes round about 2500 ms.
-
- @param numBytes the number of bytes to generate
- @param fast true if fast mode should be used
-
-
- this does your basic ElGamal algorithm.
-
-
- initialise the ElGamal engine.
-
- @param forEncryption true if we are encrypting, false otherwise.
- @param param the necessary ElGamal key parameters.
-
-
- Return the maximum size for an input block to this engine.
- For ElGamal this is always one byte less than the size of P on
- encryption, and twice the length as the size of P on decryption.
-
- @return maximum size for an input block.
-
-
- Return the maximum size for an output block to this engine.
- For ElGamal this is always one byte less than the size of P on
- decryption, and twice the length as the size of P on encryption.
-
- @return maximum size for an output block.
-
-
- Process a single block using the basic ElGamal algorithm.
-
- @param in the input array.
- @param inOff the offset into the input buffer where the data starts.
- @param length the length of the data to be processed.
- @return the result of the ElGamal process.
- @exception DataLengthException the input block is too large.
-
-
- an implementation of the AES (Rijndael)), from FIPS-197.
-
- For further details see: http://csrc.nist.gov/encryption/aes/.
-
- This implementation is based on optimizations from Dr. Brian Gladman's paper and C code at
- http://fp.gladman.plus.com/cryptography_technology/rijndael/
-
- There are three levels of tradeoff of speed vs memory
- Because java has no preprocessor), they are written as three separate classes from which to choose
-
- The fastest uses 8Kbytes of static tables to precompute round calculations), 4 256 word tables for encryption
- and 4 for decryption.
-
- The middle performance version uses only one 256 word table for each), for a total of 2Kbytes),
- adding 12 rotate operations per round to compute the values contained in the other tables from
- the contents of the first
-
- The slowest version uses no static tables at all and computes the values in each round
-
-
- This file contains the fast version with 8Kbytes of static tables for round precomputation
-
-
-
- Calculate the necessary round keys
- The number of calculations depends on key size and block size
- AES specified a fixed block size of 128 bits and key sizes 128/192/256 bits
- This code is written assuming those are the only possible values
-
-
- default constructor - 128 bit block size.
-
-
- initialise an AES cipher.
-
- @param forEncryption whether or not we are for encryption.
- @param parameters the parameters required to set up the cipher.
- @exception ArgumentException if the parameters argument is
- inappropriate.
-
-
- implementation of RipeMD128
-
-
- Standard constructor
-
-
- Copy constructor. This will copy the state of the provided
- message digest.
-
-
- reset the chaining variables to the IV values.
-
-
- PKCS5 scheme-2 - password converted to bytes using UTF-8.
-
-
- the KeyTransRecipientInformation class for a recipient who has been sent a secret
- key encrypted using their public key that needs to be used to
- extract the message.
-
-
- decrypt the content and return it as a byte array.
-
-
- General class for generating a pkcs7-signature message stream.
-
- A simple example of usage.
-
-
- IX509Store certs...
- CmsSignedDataStreamGenerator gen = new CmsSignedDataStreamGenerator();
-
- gen.AddSigner(privateKey, cert, CmsSignedDataStreamGenerator.DIGEST_SHA1);
-
- gen.AddCertificates(certs);
-
- Stream sigOut = gen.Open(bOut);
-
- sigOut.Write(Encoding.UTF8.GetBytes("Hello World!"));
-
- sigOut.Close();
-
-
-
- Constructor allowing specific source of randomness
- Instance of SecureRandom to use.
-
-
- Set the underlying string size for encapsulated data
-
- @param bufferSize length of octet strings to buffer the data.
-
-
- add a signer - no attributes other than the default ones will be
- provided here.
- @throws NoSuchAlgorithmException
- @throws InvalidKeyException
-
-
- add a signer, specifying the digest encryption algorithm - no attributes other than the default ones will be
- provided here.
- @throws NoSuchProviderException
- @throws NoSuchAlgorithmException
- @throws InvalidKeyException
-
-
- add a signer with extra signed/unsigned attributes.
- @throws NoSuchAlgorithmException
- @throws InvalidKeyException
-
-
- add a signer with extra signed/unsigned attributes - specifying digest
- encryption algorithm.
- @throws NoSuchProviderException
- @throws NoSuchAlgorithmException
- @throws InvalidKeyException
-
-
- add a signer - no attributes other than the default ones will be
- provided here.
- @throws NoSuchAlgorithmException
- @throws InvalidKeyException
-
-
- add a signer - no attributes other than the default ones will be
- provided here.
- @throws NoSuchProviderException
- @throws NoSuchAlgorithmException
- @throws InvalidKeyException
-
-
- add a signer with extra signed/unsigned attributes.
- @throws NoSuchAlgorithmException
- @throws InvalidKeyException
-
-
- generate a signed object that for a CMS Signed Data object
-
-
- generate a signed object that for a CMS Signed Data
- object - if encapsulate is true a copy
- of the message will be included in the signature with the
- default content type "data".
-
-
- generate a signed object that for a CMS Signed Data
- object using the given provider - if encapsulate is true a copy
- of the message will be included in the signature with the
- default content type "data". If dataOutputStream is non null the data
- being signed will be written to the stream as it is processed.
- @param out stream the CMS object is to be written to.
- @param encapsulate true if data should be encapsulated.
- @param dataOutputStream output stream to copy the data being signed to.
-
-
- generate a signed object that for a CMS Signed Data
- object - if encapsulate is true a copy
- of the message will be included in the signature. The content type
- is set according to the OID represented by the string signedContentType.
-
-
- generate a signed object that for a CMS Signed Data
- object using the given provider - if encapsulate is true a copy
- of the message will be included in the signature. The content type
- is set according to the OID represented by the string signedContentType.
- @param out stream the CMS object is to be written to.
- @param signedContentType OID for data to be signed.
- @param encapsulate true if data should be encapsulated.
- @param dataOutputStream output stream to copy the data being signed to.
-
-
- a holding class for a byte array of data to be processed.
-
-
- A clone of the byte array
-
-
- containing class for an CMS Authenticated Data object
-
-
- return a store of the intended recipients for this message
-
-
- return a table of the digested attributes indexed by
- the OID of the attribute.
-
-
- return a table of the undigested attributes indexed by
- the OID of the attribute.
-
-
- return the ASN.1 encoded representation of this object.
-
-
- return the object identifier for the content MAC algorithm.
-
-
- return the ContentInfo
-
-
- packet giving whether or not the signature is signed using the primary user ID for the key.
-
-
- Generic compressed data object.
-
-
- The algorithm tag value.
-
-
- class for breaking up an X500 Name into it's component tokens, ala
- java.util.StringTokenizer. We need this class as some of the
- lightweight Java environment don't support classes like
- StringTokenizer.
-
-
- elliptic curves defined in "ECC Brainpool Standard Curves and Curve Generation"
- http://www.ecc-brainpool.org/download/draft_pkix_additional_ecc_dp.txt
-
-
- return the X9ECParameters object for the named curve represented by
- the passed in object identifier. Null if the curve isn't present.
-
- @param oid an object identifier representing a named curve, if present.
-
-
- return the object identifier signified by the passed in name. Null
- if there is no object identifier associated with name.
-
- @return the object identifier associated with name, if present.
-
-
- return the named curve name represented by the given object identifier.
-
-
- returns an enumeration containing the name strings for curves
- contained in this structure.
-
-
- general preferences
-
-
- encryption algorithms preferences
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- SMIMECapability ::= Sequence {
- capabilityID OBJECT IDENTIFIER,
- parameters ANY DEFINED BY capabilityID OPTIONAL
- }
-
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- EncryptedPrivateKeyInfo ::= Sequence {
- encryptionAlgorithm AlgorithmIdentifier {{KeyEncryptionAlgorithms}},
- encryptedData EncryptedData
- }
-
- EncryptedData ::= OCTET STRING
-
- KeyEncryptionAlgorithms ALGORITHM-IDENTIFIER ::= {
- ... -- For local profiles
- }
-
-
-
- return an Attribute object from the given object.
-
- @param o the object we want converted.
- @exception ArgumentException if the object cannot be converted.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- Attr ::= Sequence {
- attrType OBJECT IDENTIFIER,
- attrValues Set OF AttributeValue
- }
-
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- IDEA-CBCPar ::= Sequence {
- iv OCTET STRING OPTIONAL -- exactly 8 octets
- }
-
-
-
-
- EssCertIDv2 ::= SEQUENCE {
- hashAlgorithm AlgorithmIdentifier
- DEFAULT {algorithm id-sha256},
- certHash Hash,
- issuerSerial IssuerSerial OPTIONAL
- }
-
- Hash ::= OCTET STRING
-
- IssuerSerial ::= SEQUENCE {
- issuer GeneralNames,
- serialNumber CertificateSerialNumber
- }
-
-
-
- Signer-Location attribute (RFC3126).
-
-
- SignerLocation ::= SEQUENCE {
- countryName [0] DirectoryString OPTIONAL,
- localityName [1] DirectoryString OPTIONAL,
- postalAddress [2] PostalAddress OPTIONAL }
-
- PostalAddress ::= SEQUENCE SIZE(1..6) OF DirectoryString
-
-
-
-
- SignerLocation ::= SEQUENCE {
- countryName [0] DirectoryString OPTIONAL,
- localityName [1] DirectoryString OPTIONAL,
- postalAddress [2] PostalAddress OPTIONAL }
-
- PostalAddress ::= SEQUENCE SIZE(1..6) OF DirectoryString
-
- DirectoryString ::= CHOICE {
- teletexString TeletexString (SIZE (1..MAX)),
- printableString PrintableString (SIZE (1..MAX)),
- universalString UniversalString (SIZE (1..MAX)),
- utf8String UTF8String (SIZE (1.. MAX)),
- bmpString BMPString (SIZE (1..MAX)) }
-
-
-
-
-
- SignaturePolicyId ::= SEQUENCE {
- sigPolicyIdentifier SigPolicyId,
- sigPolicyHash SigPolicyHash,
- sigPolicyQualifiers SEQUENCE SIZE (1..MAX) OF SigPolicyQualifierInfo OPTIONAL
- }
-
- SigPolicyId ::= OBJECT IDENTIFIER
-
- SigPolicyHash ::= OtherHashAlgAndValue
-
-
-
-
-
- RFC 3126: 4.3.2 Revocation Values Attribute Definition
-
- RevocationValues ::= SEQUENCE {
- crlVals [0] SEQUENCE OF CertificateList OPTIONAL,
- ocspVals [1] SEQUENCE OF BasicOCSPResponse OPTIONAL,
- otherRevVals [2] OtherRevVals
- }
-
-
-
-
- Der T61String (also the teletex string) - 8-bit characters
-
-
- return a T61 string from the passed in object.
-
- @exception ArgumentException if the object cannot be converted.
-
-
- return an T61 string from a tagged object.
-
- @param obj the tagged object holding the object we want
- @param explicitly true if the object is meant to be explicitly
- tagged false otherwise.
- @exception ArgumentException if the tagged object cannot
- be converted.
-
-
- basic constructor - with bytes.
-
-
- basic constructor - with string.
-
-
-
- EncryptedValue ::= SEQUENCE {
- intendedAlg [0] AlgorithmIdentifier OPTIONAL,
- -- the intended algorithm for which the value will be used
- symmAlg [1] AlgorithmIdentifier OPTIONAL,
- -- the symmetric algorithm used to encrypt the value
- encSymmKey [2] BIT STRING OPTIONAL,
- -- the (encrypted) symmetric key used to encrypt the value
- keyAlg [3] AlgorithmIdentifier OPTIONAL,
- -- algorithm used to encrypt the symmetric key
- valueHint [4] OCTET STRING OPTIONAL,
- -- a brief description or identifier of the encValue content
- -- (may be meaningful only to the sending entity, and used only
- -- if EncryptedValue might be re-examined by the sending entity
- -- in the future)
- encValue BIT STRING }
- -- the encrypted value itself
-
- @return a basic ASN.1 object representation.
-
-
-
- CertTemplate ::= SEQUENCE {
- version [0] Version OPTIONAL,
- serialNumber [1] INTEGER OPTIONAL,
- signingAlg [2] AlgorithmIdentifier OPTIONAL,
- issuer [3] Name OPTIONAL,
- validity [4] OptionalValidity OPTIONAL,
- subject [5] Name OPTIONAL,
- publicKey [6] SubjectPublicKeyInfo OPTIONAL,
- issuerUID [7] UniqueIdentifier OPTIONAL,
- subjectUID [8] UniqueIdentifier OPTIONAL,
- extensions [9] Extensions OPTIONAL }
-
- @return a basic ASN.1 object representation.
-
-
- return a KekIdentifier object from a tagged object.
-
- @param obj the tagged object holding the object we want.
- @param explicitly true if the object is meant to be explicitly
- tagged false otherwise.
- @exception ArgumentException if the object held by the
- tagged object cannot be converted.
-
-
- return a KekIdentifier object from the given object.
-
- @param obj the object we want converted.
- @exception ArgumentException if the object cannot be converted.
-
-
- Produce an object suitable for an Asn1OutputStream.
-
- KekIdentifier ::= Sequence {
- keyIdentifier OCTET STRING,
- date GeneralizedTime OPTIONAL,
- other OtherKeyAttribute OPTIONAL
- }
-
-
-
-
- OobCertHash ::= SEQUENCE {
- hashAlg [0] AlgorithmIdentifier OPTIONAL,
- certId [1] CertId OPTIONAL,
- hashVal BIT STRING
- -- hashVal is calculated over the Der encoding of the
- -- self-signed certificate with the identifier certID.
- }
-
- @return a basic ASN.1 object representation.
-
-
-
- CAKeyUpdAnnContent ::= SEQUENCE {
- oldWithNew CmpCertificate, -- old pub signed with new priv
- newWithOld CmpCertificate, -- new pub signed with old priv
- newWithNew CmpCertificate -- new pub signed with new priv
- }
-
- @return a basic ASN.1 object representation.
-
-
- A BER Null object.
-
-
-