iaik.pkcs.pkcs11.objects

Class Certificate

java.lang.Object

iaik.pkcs.pkcs11.objects.PKCS11Object

iaik.pkcs.pkcs11.objects.Storage

iaik.pkcs.pkcs11.objects.Certificate

Direct Known Subclasses:

WTLSCertificate, X509AttributeCertificate, X509PublicKeyCertificate

public class Certificate
extends Storage

An object of this class represents a certificate as defined by PKCS#11. A certificate is of a specific type: X_509_PUBLIC_KEY, X_509_ATTRIBUTE or VENDOR_DEFINED. If an application needs to use vendor-defined certificates, it must set a VendorDefinedCertificateBuilder using the setVendorDefinedCertificateBuilder method.

Version:

1.0

Author:

Karl Scheibelhofer

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static interface	Certificate.CertificateType This interface defines the available certificate types as defined by PKCS#11: X_509_PUBLIC_KEY, X_509_ATTRIBUTE or VENDOR_DEFINED.
static interface	Certificate.VendorDefinedCertificateBuilder If an application uses vendor defined certificates, it must implement this interface and install such an object handler using setVendorDefinedCertificateBuilder.

Nested classes/interfaces inherited from class iaik.pkcs.pkcs11.objects.PKCS11Object

PKCS11Object.ObjectClass, PKCS11Object.VendorDefinedObjectBuilder

Field Summary

Fields

Modifier and Type	Field and Description
protected LongAttribute	certificateCategory Categorization of the certificate: 0 = unspecified (default), 1 = token user, 2 = authority, 3 = other entity.
protected CertificateTypeAttribute	certificateType The type of this certificate.
protected ByteArrayAttribute	checkValue Checksum of this certificate.
protected DateAttribute	endDate The end date of this certificate's validity.
protected DateAttribute	startDate The start date of this certificate's validity.
protected BooleanAttribute	trusted Indicates, if this certificate can be trusted.
protected static Certificate.VendorDefinedCertificateBuilder	vendorCertificateBuilder The currently set vendor defined certificate builder, or null.

Fields inherited from class iaik.pkcs.pkcs11.objects.Storage

label, modifiable, private_, token

Fields inherited from class iaik.pkcs.pkcs11.objects.PKCS11Object

attributeTable, objectClass, objectClassNames, objectHandle, vendorObjectBuilder

Constructor Summary

Constructors

Modifier	Constructor and Description
	Certificate() The default constructor.
protected	Certificate(Session session, long objectHandle) Constructor taking the reference to the PKCS#11 module for accessing the object's attributes, the session handle to use for reading the attribute values and the object handle.

Method Summary

Modifier and Type	Method and Description
protected void	allocateAttributes() Allocates the attribute objects for this class and adds them to the attribute table.
boolean	equals(Object otherObject) Compares all member variables of this object with the other object.
LongAttribute	getCertificateCategory() Gets the certificate category attribute of the PKCS#11 certificate.
LongAttribute	getCertificateType() Gets the certificate type attribute of the PKCS#11 certificate.
static String	getCertificateTypeName(Long certificateType) Get the given certificate type as string.
ByteArrayAttribute	getCheckValue() Gets the check value attribute of of the PKCS#11 certificate.
DateAttribute	getEndDate() Gets the end date attribute of the validity of the PKCS#11 certificate.
static PKCS11Object	getInstance(Session session, long objectHandle) The getInstance method of the PKCS11Object class uses this method to create an instance of a PKCS#11 certificate.
DateAttribute	getStartDate() Gets the start date attribute of the validity of the PKCS#11 certificate.
BooleanAttribute	getTrusted() Gets the trusted attribute of the PKCS#11 certificate.
protected static PKCS11Object	getUnknownCertificate(Session session, long objectHandle) Try to create a certificate which has no or an unknown certificate type attribute.
static Certificate.VendorDefinedCertificateBuilder	getVendorDefinedCertificateBuilder() Get the currently set vendor-defined certificate builder.
int	hashCode() The overriding of this method should ensure that the objects of this class work correctly in a hashtable.
protected static void	putAttributesInTable(Certificate object) Put all attributes of the given object into the attributes table of this object.
void	readAttributes(Session session) Read the values of the attributes of this object from the token.
static void	setVendorDefinedCertificateBuilder(Certificate.VendorDefinedCertificateBuilder builder) Set a vendor-defined certificate builder that should be called to create an instance of an vendor-defined PKCS#11 certificate; i.e.
String	toString() Returns a string representation of the current object.

Methods inherited from class iaik.pkcs.pkcs11.objects.Storage

getLabel, getModifiable, getPrivate, getToken, putAttributesInTable

Methods inherited from class iaik.pkcs.pkcs11.objects.PKCS11Object

getAttribute, getAttributeTable, getAttributeValue, getAttributeValues, getObjectClass, getObjectClassName, getObjectHandle, getSetAttributes, getSetAttributes, getUnknownObject, getVendorDefinedObjectBuilder, putAttribute, putAttributesInTable, removeAttribute, setObjectHandle, setVendorDefinedObjectBuilder, toString

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Field Detail

vendorCertificateBuilder

protected static Certificate.VendorDefinedCertificateBuilder vendorCertificateBuilder

The currently set vendor defined certificate builder, or null.

certificateType

protected CertificateTypeAttribute certificateType

The type of this certificate. One of CertificateType, or one that has a bigger value than VENDOR_DEFINED.

trusted

protected BooleanAttribute trusted

Indicates, if this certificate can be trusted.

certificateCategory

protected LongAttribute certificateCategory

Categorization of the certificate: 0 = unspecified (default), 1 = token user, 2 = authority, 3 = other entity.

checkValue

protected ByteArrayAttribute checkValue

Checksum of this certificate.

startDate

protected DateAttribute startDate

The start date of this certificate's validity.

endDate

protected DateAttribute endDate

The end date of this certificate's validity.

Constructor Detail

Certificate

public Certificate()

The default constructor. An application use this constructor to instantiate a certificate that serves as a template. It may also be useful for working with vendor-defined certificates.

Certificate

protected Certificate(Session session,
                      long objectHandle)
               throws TokenException

Constructor taking the reference to the PKCS#11 module for accessing the object's attributes, the session handle to use for reading the attribute values and the object handle. This constructor read all attributes that a storage object must contain.

Parameters:

session - The session to use for reading attributes. This session must have the appropriate rights; i.e. it must be a user-session, if it is a private object.

objectHandle - The object handle as given from the PKCS#111 module.

Throws:

TokenException - If getting the attributes failed.

Method Detail

getCertificateTypeName

public static String getCertificateTypeName(Long certificateType)

Get the given certificate type as string.

Parameters:

certificateType - The certificate type to get as string.

Returns:

A string denoting the object certificate type; e.g. "X.509 Public Key".

getInstance

public static PKCS11Object getInstance(Session session,
                                       long objectHandle)
                                throws TokenException

The getInstance method of the PKCS11Object class uses this method to create an instance of a PKCS#11 certificate. This method reads the certificate type attribute and calls the getInstance method of the according sub-class. If the certificate type is a vendor defined it uses the VendorDefinedCertificateBuilder set by the application. If no certificate could be constructed, Returns null.

Parameters:

session - The session to use for reading attributes. This session must have the appropriate rights; i.e. it must be a user-session, if it is a private object.

objectHandle - The object handle as given from the PKCS#111 module.

Returns:

The object representing the PKCS#11 object. The returned object can be casted to the according sub-class.

Throws:

TokenException - If getting the attributes failed.

getUnknownCertificate

protected static PKCS11Object getUnknownCertificate(Session session,
                                                    long objectHandle)
                                             throws TokenException

Try to create a certificate which has no or an unknown certificate type attribute. This implementation will try to use a vendor defined certificate builder, if such has been set. If this is impossible or fails, it will create just a simple Certificate .

Parameters:

session - The session to use for reading attributes. This session must have the appropriate rights; i.e. it must be a user-session, if it is a private object.

objectHandle - The object handle as given from the PKCS#111 module.

Returns:

A new PKCS11Object.

Throws:

TokenException - If no object could be created.

setVendorDefinedCertificateBuilder

public static void setVendorDefinedCertificateBuilder(Certificate.VendorDefinedCertificateBuilder builder)

Set a vendor-defined certificate builder that should be called to create an instance of an vendor-defined PKCS#11 certificate; i.e. an instance of a vendor defined sub-class of this class.

Parameters:

builder - The vendor-defined certificate builder. Null to clear any previously installed vendor-defined builder.

getVendorDefinedCertificateBuilder

public static Certificate.VendorDefinedCertificateBuilder getVendorDefinedCertificateBuilder()

Get the currently set vendor-defined certificate builder.

Returns:

The currently set vendor-defined certificate builder or null if none is set.

putAttributesInTable

protected static void putAttributesInTable(Certificate object)

Put all attributes of the given object into the attributes table of this object. This method is only static to be able to access invoke the implementation of this method for each class separately.

Parameters:

object - The object to handle.

allocateAttributes

protected void allocateAttributes()

Allocates the attribute objects for this class and adds them to the attribute table.

Overrides:

allocateAttributes in class Storage

equals

public boolean equals(Object otherObject)

Compares all member variables of this object with the other object. Returns only true, if all are equal in both objects.

Overrides:

equals in class Storage

Parameters:

otherObject - The other object to compare to.

Returns:

True, if other is an instance of this class and all member variables of both objects are equal. False, otherwise.

getCertificateType

public LongAttribute getCertificateType()

Gets the certificate type attribute of the PKCS#11 certificate. Its value must be one of those defined in the CertificateType interface or one with an value bigger than CertificateType.VENDOR_DEFINED.

Returns:

The certificate type attribute.

getTrusted

public BooleanAttribute getTrusted()

Gets the trusted attribute of the PKCS#11 certificate.

Returns:

The trusted attribute.

getCertificateCategory

public LongAttribute getCertificateCategory()

Gets the certificate category attribute of the PKCS#11 certificate.

Returns:

The certificate category attribute.

getCheckValue

public ByteArrayAttribute getCheckValue()

Gets the check value attribute of of the PKCS#11 certificate.

Returns:

The check value attribute.

getStartDate

public DateAttribute getStartDate()

Gets the start date attribute of the validity of the PKCS#11 certificate.

Returns:

The start date of validity.

getEndDate

public DateAttribute getEndDate()

Gets the end date attribute of the validity of the PKCS#11 certificate.

Returns:

The end date of validity.

hashCode

public int hashCode()

The overriding of this method should ensure that the objects of this class work correctly in a hashtable.

Overrides:

hashCode in class Storage

Returns:

The hash code of this object.

readAttributes

public void readAttributes(Session session)
                    throws TokenException

Read the values of the attributes of this object from the token.

Overrides:

readAttributes in class Storage

Parameters:

session - The session to use for reading attributes. This session must have the appropriate rights; i.e. it must be a user-session, if it is a private object.

Throws:

TokenException - If getting the attributes failed.

toString

public String toString()

Returns a string representation of the current object. The output is only for debugging purposes and should not be used for other purposes.

Overrides:

toString in class Storage

Returns:

A string presentation of this object for debugging output.