Package com.unboundid.util.ssl.cert

Class KeyUsageExtension

java.lang.Object

com.unboundid.util.ssl.cert.X509CertificateExtension

com.unboundid.util.ssl.cert.KeyUsageExtension

All Implemented Interfaces:

Serializable

@NotMutable
@ThreadSafety(level=COMPLETELY_THREADSAFE)
public final class KeyUsageExtension
extends X509CertificateExtension

This class provides an implementation of the key usage X.509 certificate extension as described in RFC 5280 section 4.2.1.3. This can be used to determine how the certificate's key is intended to be used.

The OID for this extension is 2.5.29.15 and the value has the following encoding:

   KeyUsage ::= BIT STRING {
        digitalSignature        (0),
        nonRepudiation          (1), -- recent editions of X.509 have
                             -- renamed this bit to contentCommitment
        keyEncipherment         (2),
        dataEncipherment        (3),
        keyAgreement            (4),
        keyCertSign             (5),
        cRLSign                 (6),
        encipherOnly            (7),
        decipherOnly            (8) }
 

See Also:

• Serialized Form

Field Summary

Fields

Modifier and Type	Field	Description
static final OID	KEY_USAGE_OID	The OID (2.5.29.15) for key usage extensions.

Method Summary

Modifier and Type	Method	Description
String	getExtensionName()	Retrieves the name for this extension.
boolean	isCRLSignBitSet()	Indicates whether the CRL sign bit is set.
boolean	isDataEnciphermentBitSet()	Indicates whether the data encipherment bit is set.
boolean	isDecipherOnlyBitSet()	Indicates whether the decipher only bit is set.
boolean	isDigitalSignatureBitSet()	Indicates whether the digital signature bit is set.
boolean	isEncipherOnlyBitSet()	Indicates whether the encipher only bit is set.
boolean	isKeyAgreementBitSet()	Indicates whether the key agreement bit is set.
boolean	isKeyCertSignBitSet()	Indicates whether the key cert sign bit is set.
boolean	isKeyEnciphermentBitSet()	Indicates whether the key encipherment bit is set.
boolean	isNonRepudiationBitSet()	Indicates whether the non-repudiation bit is set.
void	toString(StringBuilder buffer)	Appends a string representation of this certificate extension to the provided buffer.

Methods inherited from class com.unboundid.util.ssl.cert.X509CertificateExtension

getOID, getValue, isCritical, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Details

KEY_USAGE_OID

@NotNull
public static final OID KEY_USAGE_OID

The OID (2.5.29.15) for key usage extensions.

Method Details

isDigitalSignatureBitSet

public boolean isDigitalSignatureBitSet()

Indicates whether the digital signature bit is set. If true, then the key may be used for verifying digital signatures (other than signatures on certificates or CRLs, as those usages are covered by the isKeyCertSignBitSet() and isCRLSignBitSet() methods, respectively).

Returns:

true if the digital signature bit is set, or false if not.

isNonRepudiationBitSet

public boolean isNonRepudiationBitSet()

Indicates whether the non-repudiation bit is set. If true, then the key may be used to prevent someone from denying the authenticity of a digital signature generated with the key.

Returns:

true if the non-repudiation bit is set, or false if not.

isKeyEnciphermentBitSet

public boolean isKeyEnciphermentBitSet()

Indicates whether the key encipherment bit is set. If true, then the public key may be used for encrypting other private keys or secret keys (for example, to protect the keys while they are being transported).

Returns:

true if the key encipherment bit is set, or false if not.

isDataEnciphermentBitSet

public boolean isDataEnciphermentBitSet()

Indicates whether the data encipherment bit is set. If true, then the public key may be used for encrypting arbitrary data without the need for a symmetric cipher.

Returns:

true if the data encipherment bit is set, or false if not.

isKeyAgreementBitSet

public boolean isKeyAgreementBitSet()

Indicates whether the key agreement bit is set. If true, then the public key may be used for key agreement processing.

Returns:

true if the key agreement bit is set, or false if not.

isKeyCertSignBitSet

public boolean isKeyCertSignBitSet()

Indicates whether the key cert sign bit is set. If true, then the public key may be used for verifying certificate signatures.

Returns:

true if the CRL sign bit is set, or false if not.

isCRLSignBitSet

public boolean isCRLSignBitSet()

Indicates whether the CRL sign bit is set. If true, then the public key may be used for verifying certificate revocation list (CRL) signatures.

Returns:

true if the CRL sign bit is set, or false if not.

isEncipherOnlyBitSet

public boolean isEncipherOnlyBitSet()

Indicates whether the encipher only bit is set. If true, and if the isKeyAgreementBitSet() is also true, then the public key may be used only for enciphering data when performing key agreement.

Returns:

true if the encipher only bit is set, or false if not.

isDecipherOnlyBitSet

public boolean isDecipherOnlyBitSet()

Indicates whether the decipher only bit is set. If true, and if the isKeyAgreementBitSet() is also true, then the public key may be used only for deciphering data when performing key agreement.

Returns:

true if the decipher only bit is set, or false if not.

getExtensionName

@NotNull
public String getExtensionName()

Retrieves the name for this extension.

Overrides:

getExtensionName in class X509CertificateExtension

Returns:

The name for this extension.

toString

public void toString(@NotNull
 StringBuilder buffer)

Appends a string representation of this certificate extension to the provided buffer.

Overrides:

toString in class X509CertificateExtension

Parameters:

buffer - The buffer to which the information should be appended.