SignedCertificateTimestampList ("Entrust Authority Security Toolkit for the Java Platform")

java.lang.Object
- iaik.x509.V3Extension
- - com.entrust.toolkit.x509.extensions.SignedCertificateTimestampList

public class SignedCertificateTimestampList
extends V3Extension

This class implements the SignedCertificateTimestampList Extension.

The SignedCertificateTimestampList extension is used by Certificate Transparency to convey a Signed Certificate Timestamp in an X.509 Certificate.

The SignedCertificateTimestampList OID is "1.3.6.1.4.1.11129.2.4.2".

* From RFC 6962 section 3.3:

 Similarly, a certificate authority MAY submit a Pre certificate to
 more than one log, and all obtained SCTs can be directly embedded in
 the final certificate, by encoding the SignedCertificateTimestampList
 structure as an ASN.1 OCTET STRING and inserting the resulting data
 in the TBSCertificate as an X.509v3 certificate extension (OID
 1.3.6.1.4.1.11129.2.4.2).  Upon receiving the certificate, clients
 can reconstruct the original TBSCertificate to verify the SCT
 signature.
 
 The contents of the ASN.1 OCTET STRING embedded in an OCSP extension
 or X509v3 certificate extension are as follows:
 
     opaque SerializedSCT<1..2^16-1>;

       struct {
           SerializedSCT sct_list <1..2^16-1>;
       } SignedCertificateTimestampList;

See Also:: V3Extension, X509Certificate, GeneralString

Field Summary

Fields
Modifier and Type Field and Description

static ObjectID oid
The Object ID for SignedCertificateTimestampList
- Fields inherited from class iaik.x509.V3Extension
  critical

Fields
Modifier and Type	Field and Description
`static ObjectID`	`oid` The Object ID for SignedCertificateTimestampList

Constructor Summary

Constructors
Constructor and Description
`SignedCertificateTimestampList()` Default constructor used when decoding from a certificate or other ASN.1 structure.
`SignedCertificateTimestampList(byte[] signedCertificateTimestampList)` Parse a stream of bytes into a SignedCertificateTimestampList
`SignedCertificateTimestampList(java.io.InputStream signedCertificateTimestampList)` Parses an InputStream of bytes into a SignedCertificateTimestampList
`SignedCertificateTimestampList(SignedCertificateTimestamp[] arrayOfTimestamps)` The constructor which takes an array of `SignedCertificateTimestamp` objects.

Method Summary

Methods
Modifier and Type	Method and Description
`byte[]`	`getEncoded()`
`ObjectID`	`getObjectID()` Returns the object ID of this `EntrustVersInfo` extension
`SignedCertificateTimestamp[]`	`getSignedCertificateTimestampList()`
`int`	`hashCode()` Returns a hashcode for this identity.
`void`	`init(ASN1Object obj)` Initialize this `SignedCertificateTimestampList` implementation with an ASN1Object representing the value of this extension.
`ASN1Object`	`toASN1Object()` This object returns an ASN1 representation of this object.
`java.lang.String`	`toString()` Returns a string that represents the contents of this `EntrustVersInfo` extension.
`java.security.PublicKey[]`	`verify(X509Certificate PreCertOrFinal, java.security.PublicKey[] logkeys, java.security.PublicKey issuerKey)` Verify the list of Signed Certificate Timestamp.

Methods inherited from class iaik.x509.V3Extension
getName, isCritical, setCritical

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, notify, notifyAll, wait, wait, wait

- Field Detail
  - oid
```
public static final ObjectID oid
```
    The Object ID for SignedCertificateTimestampList
- Constructor Detail
  - SignedCertificateTimestampList
```
public SignedCertificateTimestampList()
```
    Default constructor used when decoding from a certificate or other ASN.1 structure.
  - SignedCertificateTimestampList
```
public SignedCertificateTimestampList(SignedCertificateTimestamp[] arrayOfTimestamps)
```
    The constructor which takes an array of SignedCertificateTimestamp objects.
    
    Parameters:
    arrayOfTimestamps - The array of SignedCertificateTimestamp objects
  - SignedCertificateTimestampList
```
public SignedCertificateTimestampList(byte[] signedCertificateTimestampList)
                               throws java.io.IOException
```
    Parse a stream of bytes into a SignedCertificateTimestampList
    
    Parameters:
    signedCertificateTimestampList -
    
    Throws:
    
    java.io.IOException
  - SignedCertificateTimestampList
```
public SignedCertificateTimestampList(java.io.InputStream signedCertificateTimestampList)
                               throws java.io.IOException
```
    Parses an InputStream of bytes into a SignedCertificateTimestampList
    
    Parameters:
    signedCertificateTimestampList -
    
    Throws:
    
    java.io.IOException - if error parsing through the SCTList
    
    java.lang.IllegalArgumentException - if null is passed in.
- Method Detail
  - getSignedCertificateTimestampList
```
public SignedCertificateTimestamp[] getSignedCertificateTimestampList()
```
    Returns:
    the list of Signed Certificate Timestamp objects
  - getEncoded
```
public byte[] getEncoded()
                  throws java.io.IOException
```
    Returns:
    The encoded byte array representation of this SignedCertificateTimestampList
    
    Throws:
    
    java.io.IOException - if an error occurs when encoding the array of signed certificate timestamps.
  - getObjectID
```
public ObjectID getObjectID()
```
    Returns the object ID of this EntrustVersInfo extension
    
    Specified by:
    
    getObjectID in class V3Extension
    
    Returns:
    the object ID
  - init
```
public void init(ASN1Object obj)
          throws X509ExtensionException
```
    Initialize this SignedCertificateTimestampList implementation with an ASN1Object representing the value of this extension.
    The ASN1Object is the extensionValue from ASN.1 type "Extension" representing the entrustVers and entrustInfo values of this extension.
    
    Specified by:
    
    init in class V3Extension
    
    Parameters:
    obj - the extensionValue as an ASN1Object
    
    Throws:
    
    X509ExtensionException - if the extension could not be parsed
  - verify
```
public java.security.PublicKey[] verify(X509Certificate PreCertOrFinal,
                               java.security.PublicKey[] logkeys,
                               java.security.PublicKey issuerKey)
                                 throws java.security.SignatureException
```
    Verify the list of Signed Certificate Timestamp. To be considered valid, at least one of the SignedCertificateTimestamp objects in the SignedCertificateTimestampList needs to be validated. If none of the SignedCertificateTimestamp objects are valid, this method with throw a SignatureException. If one or more SignedCertificateTimestamp objects are successfully validated, an array of 1 or more public keys that were able to successfully validate a SignedCertificateTimestamp will be returned. Therefore, by examining the returned array the caller will be able to determine which public keys were able to validate the SignedCertificateTimestamp. The Certificate passed in can be validated if it meets one of the following:
    - The Certificate is the X.509 pre-certificate that was sent to the Certificate Transparency Log
    - The Certificate is the X.509 final certificate issued by the CA with the embedded Signed Certificate Timestamp List
    - The Certificate is an X.509 certificate which was given to the Certificate Transparency Log and the SignedCertificateTimestamp was generated over the X.509 certificate.
    Note: When the certificate is an X.509 certificate that was given to the Certificate Transparency Log with an externally generated Signed Certificate Timestamp List this SignedCertificateTimestampList object would not be extracted from the Certificate, but could be constructed by passing in the list of SignedCertificateTimestamp objects.
    Parameters:
    PreCertOrFinal - The certificate used to calculate the Signed Certificate Timestamp (SCT) signature as mentioned above.
    logkeys - The list of Public Log keys, used to validate the SCT signature(s).
    issuerKey - The issuer key of the certificate. This is only needed if the Certificate was the X.509 pre-certificate or X.509 final certificate with embedded SignedCertificateTimestampList.
    
    Returns:
    An array of public keys indicating a validation success.
    
    Throws:
    
    java.security.SignatureException - if none of the SCT can be validation. The cause of the Inner exception will be a CertificateTransparencyException which can be checked to see why each signature failed.
  - toASN1Object
```
public ASN1Object toASN1Object()
                        throws X509ExtensionException
```
    This object returns an ASN1 representation of this object. It is just an ASN.1 OCTET_STRING of the encoded bytes.
    
    Specified by:
    
    toASN1Object in class V3Extension
    
    Returns:
    the value of the extension as ASN1Object
    
    Throws:
    
    X509ExtensionException - if the extension could not be created
  - hashCode
```
public int hashCode()
```
    Returns a hashcode for this identity.
    
    Specified by:
    
    hashCode in class V3Extension
    
    Returns:
    a hash code for this identity
  - toString
```
public java.lang.String toString()
```
    Returns a string that represents the contents of this EntrustVersInfo extension.
    
    Overrides:
    
    toString in class java.lang.Object
    
    Returns:
    the string representation

Class SignedCertificateTimestampList

Field Summary

Fields inherited from class iaik.x509.V3Extension

Constructor Summary

Method Summary

Methods inherited from class iaik.x509.V3Extension

Methods inherited from class java.lang.Object

Field Detail

oid

Constructor Detail

SignedCertificateTimestampList

SignedCertificateTimestampList

SignedCertificateTimestampList

SignedCertificateTimestampList

Method Detail

getSignedCertificateTimestampList

getEncoded

getObjectID

init

verify

toASN1Object

hashCode

toString