SHOW Signed

net.rim.device.api.crypto.certificate
Class CertificateChainProperties

java.lang.Object
  |
  +--net.rim.device.api.crypto.certificate.CertificateChainProperties

public class CertificateChainProperties
extends Object

This class iterates through the certificates in a certificate chain and returns a bitfield that indicates many of the properties of the chain, such as the validity, the trust status, the revocation status, and the strength of the certificates in the chain.

Category:
Signed: This element is only accessible by signed clients. If you intend to use this element, please contact RIM to establish the necessary agreements that will allow you to have your COD files signed. Signing is only required for use on the device, development under the JDE can occur without signing the CODs.

Since:
JDE 4.0.0

Field Summary
 Category: Signed static long IMPROPER_CERTIFICATE_CHAIN
          A certificate chain property that indicates that there is a problem with the chain (eg the chain violates some path constraints).
 Category: Signed static long INCOMPLETE_CERTIFICATE_CHAIN
          A certificate chain property that indicates that the chain does not terminate with a self signed root certificate.
 Category: Signed static long INVALID_CERTIFICATE_PRESENT
          A certificate chain property that indicates that at least one certificate in the chain is either not yet valid, or has expired.
 Category: Signed static long REVOCATION_REASON_AFFILIATION_CHANGED
          A certificate chain property that indicates that at least one certificate in the chain is revoked.
 Category: Signed static long REVOCATION_REASON_CA_COMPROMISE
          A certificate chain property that indicates that at least one certificate in the chain is revoked.
 Category: Signed static long REVOCATION_REASON_CERTIFICATE_HOLD
          A certificate chain property that indicates that at least one certificate in the chain is revoked.
 Category: Signed static long REVOCATION_REASON_CESSATION_OF_OPERATION
          A certificate chain property that indicates that at least one certificate in the chain is revoked.
 Category: Signed static long REVOCATION_REASON_KEY_COMPROMISE
          A certificate chain property that indicates that at least one certificate in the chain is revoked.
 Category: Signed static long REVOCATION_REASON_REMOVE_FROM_CRL
          A certificate chain property that indicates that at least one certificate in the chain is revoked.
 Category: Signed static long REVOCATION_REASON_SUPERSEDED
          A certificate chain property that indicates that at least one certificate in the chain is revoked.
 Category: Signed static long REVOCATION_REASON_UNSPECIFIED
          A certificate chain property that indicates that at least one certificate in the chain is revoked.
 Category: Signed static long REVOKED_CERTIFICATE_STATUS_PRESENT
          A certificate chain property that indicates that at least one certificate in the chain is revoked.
 Category: Signed static long STALE_CERTIFICATE_STATUS
          A certificate chain property that indicates that at least one certificate in the chain has a stale status.
 Category: Signed static long UNKNOWN_CERTIFICATE_STATUS_PRESENT
          A certificate chain property that indicates that at least one certificate in the chain has an unknown certificate revocation status.
 Category: Signed static long UNSUPPORTED_CERTIFICATE_CHAIN
          A certificate chain property that indicates that at least one signature in the chain uses an unsupported algorithm.
 Category: Signed static long UNTRUSTED_CERTIFICATE_CHAIN
          A certificate chain property that indicates that no certificate in the chain is a member of a trusted key store.
 Category: Signed static long UNVERIFIED_CERTIFICATE_CHAIN
          A certificate chain property that indicates that at least one signature in the chain does not verify.
 Category: Signed static long WEAK_CERTIFICATE_CHAIN
          A certificate chain property that indicates that at least one signature in the chain was signed with a weak key.
 
Constructor Summary
 Category: Signed CertificateChainProperties()
           
 
Method Summary
 Category: Signed static long[] getCertificateChainProperties(Certificate[][] chains, KeyStore trustedKeyStore, long date)
          Returns the properties of the given certificate chains.
 Category: Signed static long[] getCertificateChainProperties(Certificate[][] chains, KeyStore trustedKeyStore, long date, CryptoSystemProperties cryptoSystemProperties)
          Returns the properties of the given certificate chains.
 Category: Signed static long getCertificateChainProperties(Certificate[] chain, KeyStore trustedKeyStore, long date)
          Returns the properties of the given certificate chain.
 Category: Signed static long getCertificateChainProperties(Certificate[] chain, KeyStore trustedKeyStore, long date, CryptoSystemProperties cryptoSystemProperties)
          Returns the properties of the given certificate chain.
 Category: Signed static int selectBestCertificateChain(long[] properties)
          Finds a certificate chain that has properties matching one of a default set of property masks.
 Category: Signed static long selectBestCertificateChainProperties(long[] properties)
          Returns the properties associated with the chain returned by a call to selectBestCertificateChain.
 Category: Signed static int[] selectCertificateChain(long[] properties, long[] propertyMasks)
          Finds a certificate chain that has properties matching one of a provided set of property masks.
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

INCOMPLETE_CERTIFICATE_CHAIN

public static final long INCOMPLETE_CERTIFICATE_CHAIN
A certificate chain property that indicates that the chain does not terminate with a self signed root certificate.
Since:
JDE 4.0.2
Category:
Signed: This element is only accessible by signed clients. If you intend to use this element, please contact RIM to establish the necessary agreements that will allow you to have your COD files signed. Signing is only required for use on the device, development under the JDE can occur without signing the CODs.

UNVERIFIED_CERTIFICATE_CHAIN

public static final long UNVERIFIED_CERTIFICATE_CHAIN
A certificate chain property that indicates that at least one signature in the chain does not verify.
Since:
JDE 4.0.2
Category:
Signed: This element is only accessible by signed clients. If you intend to use this element, please contact RIM to establish the necessary agreements that will allow you to have your COD files signed. Signing is only required for use on the device, development under the JDE can occur without signing the CODs.

UNSUPPORTED_CERTIFICATE_CHAIN

public static final long UNSUPPORTED_CERTIFICATE_CHAIN
A certificate chain property that indicates that at least one signature in the chain uses an unsupported algorithm.
Since:
JDE 4.0.2
Category:
Signed: This element is only accessible by signed clients. If you intend to use this element, please contact RIM to establish the necessary agreements that will allow you to have your COD files signed. Signing is only required for use on the device, development under the JDE can occur without signing the CODs.

UNTRUSTED_CERTIFICATE_CHAIN

public static final long UNTRUSTED_CERTIFICATE_CHAIN
A certificate chain property that indicates that no certificate in the chain is a member of a trusted key store.
Since:
JDE 4.0.2
Category:
Signed: This element is only accessible by signed clients. If you intend to use this element, please contact RIM to establish the necessary agreements that will allow you to have your COD files signed. Signing is only required for use on the device, development under the JDE can occur without signing the CODs.

IMPROPER_CERTIFICATE_CHAIN

public static final long IMPROPER_CERTIFICATE_CHAIN
A certificate chain property that indicates that there is a problem with the chain (eg the chain violates some path constraints).
Since:
JDE 4.0.2
Category:
Signed: This element is only accessible by signed clients. If you intend to use this element, please contact RIM to establish the necessary agreements that will allow you to have your COD files signed. Signing is only required for use on the device, development under the JDE can occur without signing the CODs.

WEAK_CERTIFICATE_CHAIN

public static final long WEAK_CERTIFICATE_CHAIN
A certificate chain property that indicates that at least one signature in the chain was signed with a weak key.
Since:
JDE 4.0.2
Category:
Signed: This element is only accessible by signed clients. If you intend to use this element, please contact RIM to establish the necessary agreements that will allow you to have your COD files signed. Signing is only required for use on the device, development under the JDE can occur without signing the CODs.

INVALID_CERTIFICATE_PRESENT

public static final long INVALID_CERTIFICATE_PRESENT
A certificate chain property that indicates that at least one certificate in the chain is either not yet valid, or has expired.
Since:
JDE 4.0.2
Category:
Signed: This element is only accessible by signed clients. If you intend to use this element, please contact RIM to establish the necessary agreements that will allow you to have your COD files signed. Signing is only required for use on the device, development under the JDE can occur without signing the CODs.

UNKNOWN_CERTIFICATE_STATUS_PRESENT

public static final long UNKNOWN_CERTIFICATE_STATUS_PRESENT
A certificate chain property that indicates that at least one certificate in the chain has an unknown certificate revocation status.
Since:
JDE 4.0.2
Category:
Signed: This element is only accessible by signed clients. If you intend to use this element, please contact RIM to establish the necessary agreements that will allow you to have your COD files signed. Signing is only required for use on the device, development under the JDE can occur without signing the CODs.

REVOKED_CERTIFICATE_STATUS_PRESENT

public static final long REVOKED_CERTIFICATE_STATUS_PRESENT
A certificate chain property that indicates that at least one certificate in the chain is revoked.
Since:
JDE 4.0.2
Category:
Signed: This element is only accessible by signed clients. If you intend to use this element, please contact RIM to establish the necessary agreements that will allow you to have your COD files signed. Signing is only required for use on the device, development under the JDE can occur without signing the CODs.

STALE_CERTIFICATE_STATUS

public static final long STALE_CERTIFICATE_STATUS
A certificate chain property that indicates that at least one certificate in the chain has a stale status.
Since:
JDE 4.0.2
Category:
Signed: This element is only accessible by signed clients. If you intend to use this element, please contact RIM to establish the necessary agreements that will allow you to have your COD files signed. Signing is only required for use on the device, development under the JDE can occur without signing the CODs.

REVOCATION_REASON_UNSPECIFIED

public static final long REVOCATION_REASON_UNSPECIFIED
A certificate chain property that indicates that at least one certificate in the chain is revoked. See also RevocationReason.
Since:
JDE 4.0.2
Category:
Signed: This element is only accessible by signed clients. If you intend to use this element, please contact RIM to establish the necessary agreements that will allow you to have your COD files signed. Signing is only required for use on the device, development under the JDE can occur without signing the CODs.

REVOCATION_REASON_KEY_COMPROMISE

public static final long REVOCATION_REASON_KEY_COMPROMISE
A certificate chain property that indicates that at least one certificate in the chain is revoked. See also RevocationReason.
Since:
JDE 4.0.2
Category:
Signed: This element is only accessible by signed clients. If you intend to use this element, please contact RIM to establish the necessary agreements that will allow you to have your COD files signed. Signing is only required for use on the device, development under the JDE can occur without signing the CODs.

REVOCATION_REASON_CA_COMPROMISE

public static final long REVOCATION_REASON_CA_COMPROMISE
A certificate chain property that indicates that at least one certificate in the chain is revoked. See also RevocationReason.
Since:
JDE 4.0.2
Category:
Signed: This element is only accessible by signed clients. If you intend to use this element, please contact RIM to establish the necessary agreements that will allow you to have your COD files signed. Signing is only required for use on the device, development under the JDE can occur without signing the CODs.

REVOCATION_REASON_AFFILIATION_CHANGED

public static final long REVOCATION_REASON_AFFILIATION_CHANGED
A certificate chain property that indicates that at least one certificate in the chain is revoked. See also RevocationReason.
Since:
JDE 4.0.2
Category:
Signed: This element is only accessible by signed clients. If you intend to use this element, please contact RIM to establish the necessary agreements that will allow you to have your COD files signed. Signing is only required for use on the device, development under the JDE can occur without signing the CODs.

REVOCATION_REASON_SUPERSEDED

public static final long REVOCATION_REASON_SUPERSEDED
A certificate chain property that indicates that at least one certificate in the chain is revoked. See also RevocationReason.
Since:
JDE 4.0.2
Category:
Signed: This element is only accessible by signed clients. If you intend to use this element, please contact RIM to establish the necessary agreements that will allow you to have your COD files signed. Signing is only required for use on the device, development under the JDE can occur without signing the CODs.

REVOCATION_REASON_CESSATION_OF_OPERATION

public static final long REVOCATION_REASON_CESSATION_OF_OPERATION
A certificate chain property that indicates that at least one certificate in the chain is revoked. See also RevocationReason.
Since:
JDE 4.0.2
Category:
Signed: This element is only accessible by signed clients. If you intend to use this element, please contact RIM to establish the necessary agreements that will allow you to have your COD files signed. Signing is only required for use on the device, development under the JDE can occur without signing the CODs.

REVOCATION_REASON_CERTIFICATE_HOLD

public static final long REVOCATION_REASON_CERTIFICATE_HOLD
A certificate chain property that indicates that at least one certificate in the chain is revoked. See also RevocationReason.
Since:
JDE 4.0.2
Category:
Signed: This element is only accessible by signed clients. If you intend to use this element, please contact RIM to establish the necessary agreements that will allow you to have your COD files signed. Signing is only required for use on the device, development under the JDE can occur without signing the CODs.

REVOCATION_REASON_REMOVE_FROM_CRL

public static final long REVOCATION_REASON_REMOVE_FROM_CRL
A certificate chain property that indicates that at least one certificate in the chain is revoked. See also RevocationReason.
Since:
JDE 4.0.2
Category:
Signed: This element is only accessible by signed clients. If you intend to use this element, please contact RIM to establish the necessary agreements that will allow you to have your COD files signed. Signing is only required for use on the device, development under the JDE can occur without signing the CODs.
Constructor Detail

CertificateChainProperties

public CertificateChainProperties()
Since:
JDE 4.0.0
Category:
Signed: This element is only accessible by signed clients. If you intend to use this element, please contact RIM to establish the necessary agreements that will allow you to have your COD files signed. Signing is only required for use on the device, development under the JDE can occur without signing the CODs.
Method Detail

selectBestCertificateChainProperties

public static long selectBestCertificateChainProperties(long[] properties)
Returns the properties associated with the chain returned by a call to selectBestCertificateChain.

NOTE: This method was added in BlackBerry version 4.0.

Since:
JDE 4.0.2
Category:
Signed: This element is only accessible by signed clients. If you intend to use this element, please contact RIM to establish the necessary agreements that will allow you to have your COD files signed. Signing is only required for use on the device, development under the JDE can occur without signing the CODs.

selectBestCertificateChain

public static int selectBestCertificateChain(long[] properties)
Finds a certificate chain that has properties matching one of a default set of property masks.
Parameters:
properties - an array of certificate chain properties
Returns:
If there is a chain with no errors, the index of that chain is returned.

Otherwise, all of the chains have at least one error. The chains are checked for each of the following sets of properties:

  1. STALE_CERTIFICATE_STATUS
  2. UNKNOWN_CERTIFICATE_STATUS_PRESENT and any previous properties
  3. INCOMPLETE_CERTIFICATE_CHAIN and any previous properties
  4. UNTRUSTED_CERTIFICATE_CHAIN and any previous properties
  5. WEAK_CERTIFICATE_CHAIN and any previous properties
  6. INVALID_CERTIFICATE_PRESENT and any previous properties
  7. REVOKED_CERTIFICATE_STATUS_PRESENT and any previous properties
  8. Any properties at all.

NOTE: This method was added in BlackBerry version 4.0.

Since:
JDE 4.0.2
Category:
Signed: This element is only accessible by signed clients. If you intend to use this element, please contact RIM to establish the necessary agreements that will allow you to have your COD files signed. Signing is only required for use on the device, development under the JDE can occur without signing the CODs.

selectCertificateChain

public static int[] selectCertificateChain(long[] properties,
                                           long[] propertyMasks)
Finds a certificate chain that has properties matching one of a provided set of property masks.
Parameters:
properties - an array of certiticate chain properties
propertyMasks - an array of certificate chain property masks
Returns:
an array of two integers (n,m) satisfying the following conditions:
  1. Chain n only has properties specified in mask m (although it may not have all of the specified properties)
  2. There is no n' and no m' < m such that chain n' only has properties specified in mask m'.
(In other words, m is the smallest index into the mask array for which there is a chain that only has properties specified in that mask, and n is the index of a chain that has those properties.)

If there is no chain matching any of the property masks, then the array (-1,-1) is returned.

NOTE: This method was added in BlackBerry version 4.0.

Since:
JDE 4.0.2
Category:
Signed: This element is only accessible by signed clients. If you intend to use this element, please contact RIM to establish the necessary agreements that will allow you to have your COD files signed. Signing is only required for use on the device, development under the JDE can occur without signing the CODs.

getCertificateChainProperties

public static long[] getCertificateChainProperties(Certificate[][] chains,
                                                   KeyStore trustedKeyStore,
                                                   long date)
Returns the properties of the given certificate chains.
Parameters:
chain - an array of certificate chains.
trustedKeyStore - if any certifcate in the chain is a member of this key store, then the chain is considered trusted.
date - the date to use for certificate validity checking.
Since:
JDE 4.0.2
Category:
Signed: This element is only accessible by signed clients. If you intend to use this element, please contact RIM to establish the necessary agreements that will allow you to have your COD files signed. Signing is only required for use on the device, development under the JDE can occur without signing the CODs.

getCertificateChainProperties

public static long[] getCertificateChainProperties(Certificate[][] chains,
                                                   KeyStore trustedKeyStore,
                                                   long date,
                                                   CryptoSystemProperties cryptoSystemProperties)
Returns the properties of the given certificate chains.
Parameters:
chain - an array of certificate chains.
trustedKeyStore - if any certifcate in the chain is a member of this key store, then the chain is considered trusted.
date - the date to use for certificate validity checking.
cryptoSystemProperties - a class to be used for certificate strength checking.
Since:
JDE 4.0.2
Category:
Signed: This element is only accessible by signed clients. If you intend to use this element, please contact RIM to establish the necessary agreements that will allow you to have your COD files signed. Signing is only required for use on the device, development under the JDE can occur without signing the CODs.

getCertificateChainProperties

public static long getCertificateChainProperties(Certificate[] chain,
                                                 KeyStore trustedKeyStore,
                                                 long date)
Returns the properties of the given certificate chain.
Parameters:
chain - an array of certificates that compromise the chain.
trustedKeyStore - if any certifcate in the chain is a member of this key store, then the chain is considered trusted.
date - the date to use for certificate validity checking.
Since:
JDE 4.0.2
Category:
Signed: This element is only accessible by signed clients. If you intend to use this element, please contact RIM to establish the necessary agreements that will allow you to have your COD files signed. Signing is only required for use on the device, development under the JDE can occur without signing the CODs.

getCertificateChainProperties

public static long getCertificateChainProperties(Certificate[] chain,
                                                 KeyStore trustedKeyStore,
                                                 long date,
                                                 CryptoSystemProperties cryptoSystemProperties)
Returns the properties of the given certificate chain.
Parameters:
chain - an array of certificates that compromise the chain.
trustedKeyStore - if any certifcate in the chain is a member of this key store, then the chain is considered trusted.
date - the date to use for certificate validity checking.
cryptoSystemProperties - a class to be used for certificate strength checking. If this is null, than the default properties are used from the cryptosystem of the public key.
Since:
JDE 4.0.2
Category:
Signed: This element is only accessible by signed clients. If you intend to use this element, please contact RIM to establish the necessary agreements that will allow you to have your COD files signed. Signing is only required for use on the device, development under the JDE can occur without signing the CODs.


Copyright 1999-2004 Research In Motion Limited. 295 Phillip Street, Waterloo, Ontario, Canada, N2L 3W8. All Rights Reserved.
Copyright 1993-2003 Sun Microsystems, Inc. 901 San Antonio Road, Palo Alto, California, 94303, U.S.A.
Copyright 2002-2003 Nokia Corporation All Rights Reserved.
Java is a trademark or registered trademark of Sun Microsystems, Inc. in the US and other countries.