Package org.forgerock.secrets.keys
Enum KeyUsage
- java.lang.Object
-
- java.lang.Enum<KeyUsage>
-
- org.forgerock.secrets.keys.KeyUsage
-
- All Implemented Interfaces:
Serializable
,Comparable<KeyUsage>
public enum KeyUsage extends Enum<KeyUsage>
Indicates the allowed usages for a particular key. Where applicable the values are mapped to equivalent X.509 KeyUsage extension and WebCrypto KeyUsage values.- See Also:
- RFC 5280 (section 4.2.1.3), WebCrypto KeyUsage
-
-
Enum Constant Summary
Enum Constants Enum Constant Description AGREE_KEY
Key is intended for deriving a key via a key agreement protocol such as Diffie-Hellman.DECRYPT
Key is intended for decrypting data directly.ENCRYPT
Key is intended for encrypting data directly.SIGN
Key is intended for signing messages with digital signatures.UNWRAP_KEY
Key is intended for decrypting (unwrapping) other keys.VERIFY
Key is intended for verifying signatures on messages.VERIFY_CERTIFICATE
Key is intended for verifying certificate signatures.WRAP_KEY
Key is intended for encrypting (wrapping) other keys.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static EnumSet<KeyUsage>
forKeyType(Class<? extends CryptoKey> keyType)
Returns the set of all key usages that are applicable to the given key type.static Optional<KeyUsage>
forWebCryptoName(String keyOperation)
Converts a Web Crypto/JWK key operation name into the equivalent key usage constant.static EnumSet<KeyUsage>
fromCertificate(Certificate certificate)
Determines what usages are allowed for a public key based on the associated certificate.static EnumSet<KeyUsage>
fromX509KeyUsageBits(boolean[] bits)
Converts an X.509 KeyUsage bit vector into a corresponding set of usage values.Class<? extends CryptoKey>
getKeyType()
The key type corresponding to this key usage.String
getWebCryptoName()
The standard WebCrypto KeyUsage name for this usage.int
getX509BitPosition()
The bit position of this usage in the X.509 KeyUsage extension.String
getX509StandardName()
The standard name of this key usage in the X.509 standard.String
toString()
static boolean[]
toX509KeyUsageBits(Set<KeyUsage> usages)
Converts a set of key usage values to an X.509 KeyUsage constraint bit string.static KeyUsage
valueOf(String name)
Returns the enum constant of this type with the specified name.static KeyUsage[]
values()
Returns an array containing the constants of this enum type, in the order they are declared.
-
-
-
Enum Constant Detail
-
ENCRYPT
public static final KeyUsage ENCRYPT
Key is intended for encrypting data directly.
-
DECRYPT
public static final KeyUsage DECRYPT
Key is intended for decrypting data directly.
-
SIGN
public static final KeyUsage SIGN
Key is intended for signing messages with digital signatures.
-
VERIFY
public static final KeyUsage VERIFY
Key is intended for verifying signatures on messages.
-
AGREE_KEY
public static final KeyUsage AGREE_KEY
Key is intended for deriving a key via a key agreement protocol such as Diffie-Hellman. The WebCrypto spec treats this as a special-case of the "deriveKey" and/or "deriveBits" usages, but we treat it separately as there are significant differences in how key agreement is used compared to key derivation functions such as HKDF or PBKDF2.
-
WRAP_KEY
public static final KeyUsage WRAP_KEY
Key is intended for encrypting (wrapping) other keys. This is the typical mode when using public key cryptography where typically a temporary symmetric key will be generated and used to encrypt the message with a fast symmetric block cipher, such as AES, and then just this temporary key is encrypted using the expensive encryption such as RSA.
-
UNWRAP_KEY
public static final KeyUsage UNWRAP_KEY
Key is intended for decrypting (unwrapping) other keys.
-
VERIFY_CERTIFICATE
public static final KeyUsage VERIFY_CERTIFICATE
Key is intended for verifying certificate signatures.
-
-
Method Detail
-
values
public static KeyUsage[] values()
Returns an array containing the constants of this enum type, in the order they are declared. This method may be used to iterate over the constants as follows:for (KeyUsage c : KeyUsage.values()) System.out.println(c);
- Returns:
- an array containing the constants of this enum type, in the order they are declared
-
valueOf
public static KeyUsage valueOf(String name)
Returns the enum constant of this type with the specified name. The string must match exactly an identifier used to declare an enum constant in this type. (Extraneous whitespace characters are not permitted.)- Parameters:
name
- the name of the enum constant to be returned.- Returns:
- the enum constant with the specified name
- Throws:
IllegalArgumentException
- if this enum type has no constant with the specified nameNullPointerException
- if the argument is null
-
fromCertificate
public static EnumSet<KeyUsage> fromCertificate(Certificate certificate)
Determines what usages are allowed for a public key based on the associated certificate. For X.509 certificates, this checks the KeyUsage extension. If it is not possible to determine what constraints are applied to the key, then this returns all usages as valid. This is because in the absence of constraints it is not possible to say what should be forbidden and it makes validation checks easier to perform as the validator can just assert the presence of desired usages.- Parameters:
certificate
- the certificate to check for usage constraints.- Returns:
- the set of allowed key usages.
-
fromX509KeyUsageBits
public static EnumSet<KeyUsage> fromX509KeyUsageBits(boolean[] bits)
Converts an X.509 KeyUsage bit vector into a corresponding set of usage values.- Parameters:
bits
- the X.509 KeyUsage bit vector.- Returns:
- the corresponding usage values.
-
forKeyType
public static EnumSet<KeyUsage> forKeyType(Class<? extends CryptoKey> keyType)
Returns the set of all key usages that are applicable to the given key type.- Parameters:
keyType
- the type of key.- Returns:
- the set of all key usages that that key type is applicable to.
-
toX509KeyUsageBits
public static boolean[] toX509KeyUsageBits(Set<KeyUsage> usages)
Converts a set of key usage values to an X.509 KeyUsage constraint bit string.- Parameters:
usages
- the allowed usages.- Returns:
- the X.509 key usage bit string.
- See Also:
X509Certificate.getKeyUsage()
-
forWebCryptoName
public static Optional<KeyUsage> forWebCryptoName(String keyOperation)
Converts a Web Crypto/JWK key operation name into the equivalent key usage constant.- Parameters:
keyOperation
- a Web Crypto/JWK key operation name.- Returns:
- the equivalent key usage, or empty if this key operation does not correspond to any known key usage.
-
getX509StandardName
public String getX509StandardName()
The standard name of this key usage in the X.509 standard.- Returns:
- the X.509 standard name for this usage, or
null
if no equivalent.
-
getWebCryptoName
public String getWebCryptoName()
The standard WebCrypto KeyUsage name for this usage.- Returns:
- the WebCrypto KeyUsage name or
null
if this KeyUsage does not have a WebCrypto name.
-
getX509BitPosition
public int getX509BitPosition()
The bit position of this usage in the X.509 KeyUsage extension.- Returns:
- the bit position of this usage in the X.509 KeyUsage extension.
-
getKeyType
public Class<? extends CryptoKey> getKeyType()
The key type corresponding to this key usage.- Returns:
- the key type corresponding to this usage.
-
-