org.bouncycastle.tls.crypto.TlsCertificate Maven / Gradle / Ivy

Go to download

Show more of this group Show more artifacts with this name
Show all versions of bctls-fips Show documentation

The Bouncy Castle Java APIs for the TLS, including a JSSE provider. The APIs are designed primarily to be used in conjunction with the BC FIPS provider. The APIs may also be used with other providers although if being used in a FIPS context it is the responsibility of the user to ensure that any other providers used are FIPS certified and used appropriately.

There is a newer version: 2.0.19

Show newest version

package org.bouncycastle.tls.crypto;

import java.io.IOException;
import java.math.BigInteger;

import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.tls.SignatureAlgorithm;
import org.bouncycastle.tls.SignatureScheme;

/**
 * Interface providing the functional representation of a single X.509 certificate.
 */
public interface TlsCertificate
{
    /**
     * Return an encryptor based on the public key in this certificate.
     *
     * @param tlsCertificateRole
     *            {@link TlsCertificateRole}
     * @return a TlsEncryptor based on this certificate's public key.
     */
    TlsEncryptor createEncryptor(int tlsCertificateRole) throws IOException;

    /**
     * @param signatureAlgorithm
     *            {@link SignatureAlgorithm}
     */
    TlsVerifier createVerifier(short signatureAlgorithm) throws IOException;

    /**
     * @param signatureScheme
     *            {@link SignatureScheme}
     */
    Tls13Verifier createVerifier(int signatureScheme) throws IOException;

    byte[] getEncoded() throws IOException;

    byte[] getExtension(ASN1ObjectIdentifier extensionOID) throws IOException;

    BigInteger getSerialNumber();

    /**
     * @return the OID of this certificate's 'signatureAlgorithm', as a String.
     */
    String getSigAlgOID();

    ASN1Encodable getSigAlgParams() throws IOException;

    /**
     * @return {@link SignatureAlgorithm}
     */
    short getLegacySignatureAlgorithm() throws IOException;

    /**
     * @param signatureAlgorithm {@link SignatureAlgorithm}
     * @return true if (and only if) this certificate can be used to verify the given signature algorithm. 
     */
    boolean supportsSignatureAlgorithm(short signatureAlgorithm) throws IOException;

    boolean supportsSignatureAlgorithmCA(short signatureAlgorithm) throws IOException;

    /**
     * @param tlsCertificateRole
     *            {@link TlsCertificateRole}
     */
    TlsCertificate checkUsageInRole(int tlsCertificateRole) throws IOException;
}