Package org.forgerock.secrets.keys
Enum Class KeyUsage
- All Implemented Interfaces:
- Serializable,- Comparable<KeyUsage>,- Constable
Indicates the allowed usages for a particular key. Where applicable the values are mapped to equivalent X.509
 KeyUsage extension and WebCrypto KeyUsage values.
- See Also:
- 
Nested Class SummaryNested classes/interfaces inherited from class java.lang.EnumEnum.EnumDesc<E extends Enum<E>>
- 
Enum Constant SummaryEnum ConstantsEnum ConstantDescriptionKey is intended for deriving a key via a key agreement protocol such as Diffie-Hellman.Key is intended for decrypting data directly.Key is intended for encrypting data directly.Key is intended for signing messages with digital signatures.Key is intended for decrypting (unwrapping) other keys.Key is intended for verifying signatures on messages.Key is intended for verifying certificate signatures.Key is intended for encrypting (wrapping) other keys.
- 
Method SummaryModifier and TypeMethodDescriptionforKeyType(Class<? extends CryptoKey> keyType) Returns the set of all key usages that are applicable to the given key type.forWebCryptoName(String keyOperation) Converts a Web Crypto/JWK key operation name into the equivalent key usage constant.fromCertificate(Certificate certificate) Determines what usages are allowed for a public key based on the associated certificate.fromX509KeyUsageBits(boolean[] bits) Converts an X.509 KeyUsage bit vector into a corresponding set of usage values.The key type corresponding to this key usage.The standard WebCrypto KeyUsage name for this usage.intThe bit position of this usage in the X.509 KeyUsage extension.The standard name of this key usage in the X.509 standard.toString()static boolean[]toX509KeyUsageBits(Set<KeyUsage> usages) Converts a set of key usage values to an X.509 KeyUsage constraint bit string.static KeyUsageReturns the enum constant of this class with the specified name.static KeyUsage[]values()Returns an array containing the constants of this enum class, in the order they are declared.
- 
Enum Constant Details- 
ENCRYPTKey is intended for encrypting data directly.
- 
DECRYPTKey is intended for decrypting data directly.
- 
SIGNKey is intended for signing messages with digital signatures.
- 
VERIFYKey is intended for verifying signatures on messages.
- 
AGREE_KEYKey is intended for deriving a key via a key agreement protocol such as Diffie-Hellman. The WebCrypto spec treats this as a special-case of the "deriveKey" and/or "deriveBits" usages, but we treat it separately as there are significant differences in how key agreement is used compared to key derivation functions such as HKDF or PBKDF2.
- 
WRAP_KEYKey is intended for encrypting (wrapping) other keys. This is the typical mode when using public key cryptography where typically a temporary symmetric key will be generated and used to encrypt the message with a fast symmetric block cipher, such as AES, and then just this temporary key is encrypted using the expensive encryption such as RSA.
- 
UNWRAP_KEYKey is intended for decrypting (unwrapping) other keys.
- 
VERIFY_CERTIFICATEKey is intended for verifying certificate signatures.
 
- 
- 
Method Details- 
valuesReturns an array containing the constants of this enum class, in the order they are declared.- Returns:
- an array containing the constants of this enum class, in the order they are declared
 
- 
valueOfReturns the enum constant of this class with the specified name. The string must match exactly an identifier used to declare an enum constant in this class. (Extraneous whitespace characters are not permitted.)- Parameters:
- name- the name of the enum constant to be returned.
- Returns:
- the enum constant with the specified name
- Throws:
- IllegalArgumentException- if this enum class has no constant with the specified name
- NullPointerException- if the argument is null
 
- 
fromCertificateDetermines what usages are allowed for a public key based on the associated certificate. For X.509 certificates, this checks the KeyUsage extension. If it is not possible to determine what constraints are applied to the key, then this returns all usages as valid. This is because in the absence of constraints it is not possible to say what should be forbidden and it makes validation checks easier to perform as the validator can just assert the presence of desired usages.- Parameters:
- certificate- the certificate to check for usage constraints.
- Returns:
- the set of allowed key usages.
 
- 
fromX509KeyUsageBitsConverts an X.509 KeyUsage bit vector into a corresponding set of usage values.- Parameters:
- bits- the X.509 KeyUsage bit vector.
- Returns:
- the corresponding usage values.
 
- 
forKeyTypeReturns the set of all key usages that are applicable to the given key type.- Parameters:
- keyType- the type of key.
- Returns:
- the set of all key usages that that key type is applicable to.
 
- 
toX509KeyUsageBitsConverts a set of key usage values to an X.509 KeyUsage constraint bit string.- Parameters:
- usages- the allowed usages.
- Returns:
- the X.509 key usage bit string.
- See Also:
 
- 
forWebCryptoNameConverts a Web Crypto/JWK key operation name into the equivalent key usage constant.- Parameters:
- keyOperation- a Web Crypto/JWK key operation name.
- Returns:
- the equivalent key usage, or empty if this key operation does not correspond to any known key usage.
 
- 
getX509StandardNameThe standard name of this key usage in the X.509 standard.- Returns:
- the X.509 standard name for this usage, or nullif no equivalent.
 
- 
getWebCryptoNameThe standard WebCrypto KeyUsage name for this usage.- Returns:
- the WebCrypto KeyUsage name or nullif this KeyUsage does not have a WebCrypto name.
 
- 
getX509BitPositionpublic int getX509BitPosition()The bit position of this usage in the X.509 KeyUsage extension.- Returns:
- the bit position of this usage in the X.509 KeyUsage extension.
 
- 
getKeyTypeThe key type corresponding to this key usage.- Returns:
- the key type corresponding to this usage.
 
- 
toString
 
-