Package com.unboundid.util.ssl.cert
Class KeyUsageExtension
- java.lang.Object
-
- com.unboundid.util.ssl.cert.X509CertificateExtension
-
- com.unboundid.util.ssl.cert.KeyUsageExtension
-
- All Implemented Interfaces:
java.io.Serializable
@NotMutable @ThreadSafety(level=COMPLETELY_THREADSAFE) public final class KeyUsageExtension extends X509CertificateExtension
This class provides an implementation of the key usage X.509 certificate extension as described in RFC 5280 section 4.2.1.3. This can be used to determine how the certificate's key is intended to be used.
The OID for this extension is 2.5.29.15 and the value has the following encoding:KeyUsage ::= BIT STRING { digitalSignature (0), nonRepudiation (1), -- recent editions of X.509 have -- renamed this bit to contentCommitment keyEncipherment (2), dataEncipherment (3), keyAgreement (4), keyCertSign (5), cRLSign (6), encipherOnly (7), decipherOnly (8) }
- See Also:
- Serialized Form
-
-
Field Summary
Fields Modifier and Type Field Description static OID
KEY_USAGE_OID
The OID (2.5.29.15) for key usage extensions.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description java.lang.String
getExtensionName()
Retrieves the name for this extension.boolean
isCRLSignBitSet()
Indicates whether the CRL sign bit is set.boolean
isDataEnciphermentBitSet()
Indicates whether the data encipherment bit is set.boolean
isDecipherOnlyBitSet()
Indicates whether the decipher only bit is set.boolean
isDigitalSignatureBitSet()
Indicates whether the digital signature bit is set.boolean
isEncipherOnlyBitSet()
Indicates whether the encipher only bit is set.boolean
isKeyAgreementBitSet()
Indicates whether the key agreement bit is set.boolean
isKeyCertSignBitSet()
Indicates whether the key cert sign bit is set.boolean
isKeyEnciphermentBitSet()
Indicates whether the key encipherment bit is set.boolean
isNonRepudiationBitSet()
Indicates whether the non-repudiation bit is set.void
toString(java.lang.StringBuilder buffer)
Appends a string representation of this certificate extension to the provided buffer.-
Methods inherited from class com.unboundid.util.ssl.cert.X509CertificateExtension
getOID, getValue, isCritical, toString
-
-
-
-
Field Detail
-
KEY_USAGE_OID
@NotNull public static final OID KEY_USAGE_OID
The OID (2.5.29.15) for key usage extensions.
-
-
Method Detail
-
isDigitalSignatureBitSet
public boolean isDigitalSignatureBitSet()
Indicates whether the digital signature bit is set. Iftrue
, then the key may be used for verifying digital signatures (other than signatures on certificates or CRLs, as those usages are covered by theisKeyCertSignBitSet()
andisCRLSignBitSet()
methods, respectively).- Returns:
true
if the digital signature bit is set, orfalse
if not.
-
isNonRepudiationBitSet
public boolean isNonRepudiationBitSet()
Indicates whether the non-repudiation bit is set. Iftrue
, then the key may be used to prevent someone from denying the authenticity of a digital signature generated with the key.- Returns:
true
if the non-repudiation bit is set, orfalse
if not.
-
isKeyEnciphermentBitSet
public boolean isKeyEnciphermentBitSet()
Indicates whether the key encipherment bit is set. Iftrue
, then the public key may be used for encrypting other private keys or secret keys (for example, to protect the keys while they are being transported).- Returns:
true
if the key encipherment bit is set, orfalse
if not.
-
isDataEnciphermentBitSet
public boolean isDataEnciphermentBitSet()
Indicates whether the data encipherment bit is set. Iftrue
, then the public key may be used for encrypting arbitrary data without the need for a symmetric cipher.- Returns:
true
if the data encipherment bit is set, orfalse
if not.
-
isKeyAgreementBitSet
public boolean isKeyAgreementBitSet()
Indicates whether the key agreement bit is set. Iftrue
, then the public key may be used for key agreement processing.- Returns:
true
if the key agreement bit is set, orfalse
if not.
-
isKeyCertSignBitSet
public boolean isKeyCertSignBitSet()
Indicates whether the key cert sign bit is set. Iftrue
, then the public key may be used for verifying certificate signatures.- Returns:
true
if the CRL sign bit is set, orfalse
if not.
-
isCRLSignBitSet
public boolean isCRLSignBitSet()
Indicates whether the CRL sign bit is set. Iftrue
, then the public key may be used for verifying certificate revocation list (CRL) signatures.- Returns:
true
if the CRL sign bit is set, orfalse
if not.
-
isEncipherOnlyBitSet
public boolean isEncipherOnlyBitSet()
Indicates whether the encipher only bit is set. Iftrue
, and if theisKeyAgreementBitSet()
is alsotrue
, then the public key may be used only for enciphering data when performing key agreement.- Returns:
true
if the encipher only bit is set, orfalse
if not.
-
isDecipherOnlyBitSet
public boolean isDecipherOnlyBitSet()
Indicates whether the decipher only bit is set. Iftrue
, and if theisKeyAgreementBitSet()
is alsotrue
, then the public key may be used only for deciphering data when performing key agreement.- Returns:
true
if the decipher only bit is set, orfalse
if not.
-
getExtensionName
@NotNull public java.lang.String getExtensionName()
Retrieves the name for this extension.- Overrides:
getExtensionName
in classX509CertificateExtension
- Returns:
- The name for this extension.
-
toString
public void toString(@NotNull java.lang.StringBuilder buffer)
Appends a string representation of this certificate extension to the provided buffer.- Overrides:
toString
in classX509CertificateExtension
- Parameters:
buffer
- The buffer to which the information should be appended.
-
-