Package org.forgerock.secrets.keys

Enum Class KeyUsage

java.lang.Object
java.lang.Enum<KeyUsage>
org.forgerock.secrets.keys.KeyUsage
All Implemented Interfaces:
Serializable, Comparable<KeyUsage>, java.lang.constant.Constable
public enum KeyUsage extends Enum<KeyUsage>
Indicates the allowed usages for a particular key. Where applicable the values are mapped to equivalent X.509 KeyUsage extension and WebCrypto KeyUsage values.
See Also:

  • Enum Constant Details

    • ENCRYPT

      public static final KeyUsage ENCRYPT
      Key is intended for encrypting data directly.

    • DECRYPT

      public static final KeyUsage DECRYPT
      Key is intended for decrypting data directly.

    • SIGN

      public static final KeyUsage SIGN
      Key is intended for signing messages with digital signatures.

    • VERIFY

      public static final KeyUsage VERIFY
      Key is intended for verifying signatures on messages.

    • AGREE_KEY

      public static final KeyUsage AGREE_KEY
      Key is intended for deriving a key via a key agreement protocol such as Diffie-Hellman. The WebCrypto spec treats this as a special-case of the "deriveKey" and/or "deriveBits" usages, but we treat it separately as there are significant differences in how key agreement is used compared to key derivation functions such as HKDF or PBKDF2.

    • WRAP_KEY

      public static final KeyUsage WRAP_KEY
      Key is intended for encrypting (wrapping) other keys. This is the typical mode when using public key cryptography where typically a temporary symmetric key will be generated and used to encrypt the message with a fast symmetric block cipher, such as AES, and then just this temporary key is encrypted using the expensive encryption such as RSA.

    • UNWRAP_KEY

      public static final KeyUsage UNWRAP_KEY
      Key is intended for decrypting (unwrapping) other keys.

    • VERIFY_CERTIFICATE

      public static final KeyUsage VERIFY_CERTIFICATE
      Key is intended for verifying certificate signatures.

  • Method Details

    • values

      public static KeyUsage[] values()
      Returns an array containing the constants of this enum class, in the order they are declared.
      Returns:
      an array containing the constants of this enum class, in the order they are declared

    • valueOf

      public static KeyUsage valueOf(String name)
      Returns the enum constant of this class with the specified name. The string must match exactly an identifier used to declare an enum constant in this class. (Extraneous whitespace characters are not permitted.)
      Parameters:
      name - the name of the enum constant to be returned.
      Returns:
      the enum constant with the specified name
      Throws:
      IllegalArgumentException - if this enum class has no constant with the specified name
      NullPointerException - if the argument is null

    • fromCertificate

      public static EnumSet<KeyUsage> fromCertificate(Certificate certificate)
      Determines what usages are allowed for a public key based on the associated certificate. For X.509 certificates, this checks the KeyUsage extension. If it is not possible to determine what constraints are applied to the key, then this returns all usages as valid. This is because in the absence of constraints it is not possible to say what should be forbidden and it makes validation checks easier to perform as the validator can just assert the presence of desired usages.
      Parameters:
      certificate - the certificate to check for usage constraints.
      Returns:
      the set of allowed key usages.

    • fromX509KeyUsageBits

      public static EnumSet<KeyUsage> fromX509KeyUsageBits(boolean[] bits)
      Converts an X.509 KeyUsage bit vector into a corresponding set of usage values.
      Parameters:
      bits - the X.509 KeyUsage bit vector.
      Returns:
      the corresponding usage values.

    • forKeyType

      public static EnumSet<KeyUsage> forKeyType(Class<? extends CryptoKey> keyType)
      Returns the set of all key usages that are applicable to the given key type.
      Parameters:
      keyType - the type of key.
      Returns:
      the set of all key usages that that key type is applicable to.

    • toX509KeyUsageBits

      public static boolean[] toX509KeyUsageBits(Set<KeyUsage> usages)
      Converts a set of key usage values to an X.509 KeyUsage constraint bit string.
      Parameters:
      usages - the allowed usages.
      Returns:
      the X.509 key usage bit string.
      See Also:

    • forWebCryptoName

      public static Optional<KeyUsage> forWebCryptoName(String keyOperation)
      Converts a Web Crypto/JWK key operation name into the equivalent key usage constant.
      Parameters:
      keyOperation - a Web Crypto/JWK key operation name.
      Returns:
      the equivalent key usage, or empty if this key operation does not correspond to any known key usage.

    • getX509StandardName

      public String getX509StandardName()
      The standard name of this key usage in the X.509 standard.
      Returns:
      the X.509 standard name for this usage, or null if no equivalent.

    • getWebCryptoName

      public String getWebCryptoName()
      The standard WebCrypto KeyUsage name for this usage.
      Returns:
      the WebCrypto KeyUsage name or null if this KeyUsage does not have a WebCrypto name.

    • getX509BitPosition

      public int getX509BitPosition()
      The bit position of this usage in the X.509 KeyUsage extension.
      Returns:
      the bit position of this usage in the X.509 KeyUsage extension.

    • getKeyType

      public Class<? extends CryptoKey> getKeyType()
      The key type corresponding to this key usage.
      Returns:
      the key type corresponding to this usage.

    • toString

      public String toString()
      Overrides:
      toString in class Enum<KeyUsage>