This class iterates through the certificates in a certificate chain and returns a bitfield that indicates
many of the properties of the chain, such as the validity, the trust status, the revocation status, and the
strength of the certificates in the chain.
Category:
Signed: This element is only accessible by signed clients. If you intend to use this element, please contact RIM to establish the necessary agreements that will allow you to have your COD files signed. Signing is only required for use on the device, development under the JDE can occur without signing the CODs.
Since:
JDE 4.0.0
Field Summary
static long
IMPROPER_CERTIFICATE_CHAIN
A certificate chain property that indicates that there is a problem with the chain (eg the chain violates some path constraints).
static long
INCOMPLETE_CERTIFICATE_CHAIN
A certificate chain property that indicates that the chain does not terminate with a self signed root certificate.
static long
INVALID_CERTIFICATE_PRESENT
A certificate chain property that indicates that at least one certificate in the chain is either not yet valid, or has expired.
STALE_CERTIFICATE_STATUS
A certificate chain property that indicates that at least one certificate in the chain has a stale status.
static long
UNKNOWN_CERTIFICATE_STATUS_PRESENT
A certificate chain property that indicates that at least one certificate in the chain has an unknown certificate revocation status.
static long
UNSUPPORTED_CERTIFICATE_CHAIN
A certificate chain property that indicates that at least one signature in the chain uses an unsupported algorithm.
static long
UNTRUSTED_CERTIFICATE_CHAIN
A certificate chain property that indicates that no certificate in the chain is a member of a trusted key store.
static long
UNVERIFIED_CERTIFICATE_CHAIN
A certificate chain property that indicates that at least one signature in the chain does not verify.
static long
WEAK_CERTIFICATE_CHAIN
A certificate chain property that indicates that at least one signature in the chain was signed with a weak key.
selectBestCertificateChain(long[] properties)
Finds a certificate chain that has properties matching one of a default set of property masks.
static long
selectBestCertificateChainProperties(long[] properties)
Returns the properties associated with the chain returned by a call to selectBestCertificateChain.
static int[]
selectCertificateChain(long[] properties,
long[] propertyMasks)
Finds a certificate chain that has properties matching one of a provided set of property masks.
public static final long INCOMPLETE_CERTIFICATE_CHAIN
A certificate chain property that indicates that the chain does not terminate with a self signed root certificate.
Since:
JDE 4.0.2
Category:
Signed: This element is only accessible by signed clients. If you intend to use this element, please contact RIM to establish the necessary agreements that will allow you to have your COD files signed. Signing is only required for use on the device, development under the JDE can occur without signing the CODs.
UNVERIFIED_CERTIFICATE_CHAIN
public static final long UNVERIFIED_CERTIFICATE_CHAIN
A certificate chain property that indicates that at least one signature in the chain does not verify.
Since:
JDE 4.0.2
Category:
Signed: This element is only accessible by signed clients. If you intend to use this element, please contact RIM to establish the necessary agreements that will allow you to have your COD files signed. Signing is only required for use on the device, development under the JDE can occur without signing the CODs.
UNSUPPORTED_CERTIFICATE_CHAIN
public static final long UNSUPPORTED_CERTIFICATE_CHAIN
A certificate chain property that indicates that at least one signature in the chain uses an unsupported algorithm.
Since:
JDE 4.0.2
Category:
Signed: This element is only accessible by signed clients. If you intend to use this element, please contact RIM to establish the necessary agreements that will allow you to have your COD files signed. Signing is only required for use on the device, development under the JDE can occur without signing the CODs.
UNTRUSTED_CERTIFICATE_CHAIN
public static final long UNTRUSTED_CERTIFICATE_CHAIN
A certificate chain property that indicates that no certificate in the chain is a member of a trusted key store.
Since:
JDE 4.0.2
Category:
Signed: This element is only accessible by signed clients. If you intend to use this element, please contact RIM to establish the necessary agreements that will allow you to have your COD files signed. Signing is only required for use on the device, development under the JDE can occur without signing the CODs.
IMPROPER_CERTIFICATE_CHAIN
public static final long IMPROPER_CERTIFICATE_CHAIN
A certificate chain property that indicates that there is a problem with the chain (eg the chain violates some path constraints).
Since:
JDE 4.0.2
Category:
Signed: This element is only accessible by signed clients. If you intend to use this element, please contact RIM to establish the necessary agreements that will allow you to have your COD files signed. Signing is only required for use on the device, development under the JDE can occur without signing the CODs.
WEAK_CERTIFICATE_CHAIN
public static final long WEAK_CERTIFICATE_CHAIN
A certificate chain property that indicates that at least one signature in the chain was signed with a weak key.
Since:
JDE 4.0.2
Category:
Signed: This element is only accessible by signed clients. If you intend to use this element, please contact RIM to establish the necessary agreements that will allow you to have your COD files signed. Signing is only required for use on the device, development under the JDE can occur without signing the CODs.
INVALID_CERTIFICATE_PRESENT
public static final long INVALID_CERTIFICATE_PRESENT
A certificate chain property that indicates that at least one certificate in the chain is either not yet valid, or has expired.
Since:
JDE 4.0.2
Category:
Signed: This element is only accessible by signed clients. If you intend to use this element, please contact RIM to establish the necessary agreements that will allow you to have your COD files signed. Signing is only required for use on the device, development under the JDE can occur without signing the CODs.
UNKNOWN_CERTIFICATE_STATUS_PRESENT
public static final long UNKNOWN_CERTIFICATE_STATUS_PRESENT
A certificate chain property that indicates that at least one certificate in the chain has an unknown certificate revocation status.
Since:
JDE 4.0.2
Category:
Signed: This element is only accessible by signed clients. If you intend to use this element, please contact RIM to establish the necessary agreements that will allow you to have your COD files signed. Signing is only required for use on the device, development under the JDE can occur without signing the CODs.
REVOKED_CERTIFICATE_STATUS_PRESENT
public static final long REVOKED_CERTIFICATE_STATUS_PRESENT
A certificate chain property that indicates that at least one certificate in the chain is revoked.
Since:
JDE 4.0.2
Category:
Signed: This element is only accessible by signed clients. If you intend to use this element, please contact RIM to establish the necessary agreements that will allow you to have your COD files signed. Signing is only required for use on the device, development under the JDE can occur without signing the CODs.
STALE_CERTIFICATE_STATUS
public static final long STALE_CERTIFICATE_STATUS
A certificate chain property that indicates that at least one certificate in the chain has a stale status.
Since:
JDE 4.0.2
Category:
Signed: This element is only accessible by signed clients. If you intend to use this element, please contact RIM to establish the necessary agreements that will allow you to have your COD files signed. Signing is only required for use on the device, development under the JDE can occur without signing the CODs.
REVOCATION_REASON_UNSPECIFIED
public static final long REVOCATION_REASON_UNSPECIFIED
A certificate chain property that indicates that at least one certificate in the chain is revoked. See also RevocationReason.
Since:
JDE 4.0.2
Category:
Signed: This element is only accessible by signed clients. If you intend to use this element, please contact RIM to establish the necessary agreements that will allow you to have your COD files signed. Signing is only required for use on the device, development under the JDE can occur without signing the CODs.
REVOCATION_REASON_KEY_COMPROMISE
public static final long REVOCATION_REASON_KEY_COMPROMISE
A certificate chain property that indicates that at least one certificate in the chain is revoked. See also RevocationReason.
Since:
JDE 4.0.2
Category:
Signed: This element is only accessible by signed clients. If you intend to use this element, please contact RIM to establish the necessary agreements that will allow you to have your COD files signed. Signing is only required for use on the device, development under the JDE can occur without signing the CODs.
REVOCATION_REASON_CA_COMPROMISE
public static final long REVOCATION_REASON_CA_COMPROMISE
A certificate chain property that indicates that at least one certificate in the chain is revoked. See also RevocationReason.
Since:
JDE 4.0.2
Category:
Signed: This element is only accessible by signed clients. If you intend to use this element, please contact RIM to establish the necessary agreements that will allow you to have your COD files signed. Signing is only required for use on the device, development under the JDE can occur without signing the CODs.
REVOCATION_REASON_AFFILIATION_CHANGED
public static final long REVOCATION_REASON_AFFILIATION_CHANGED
A certificate chain property that indicates that at least one certificate in the chain is revoked. See also RevocationReason.
Since:
JDE 4.0.2
Category:
Signed: This element is only accessible by signed clients. If you intend to use this element, please contact RIM to establish the necessary agreements that will allow you to have your COD files signed. Signing is only required for use on the device, development under the JDE can occur without signing the CODs.
REVOCATION_REASON_SUPERSEDED
public static final long REVOCATION_REASON_SUPERSEDED
A certificate chain property that indicates that at least one certificate in the chain is revoked. See also RevocationReason.
Since:
JDE 4.0.2
Category:
Signed: This element is only accessible by signed clients. If you intend to use this element, please contact RIM to establish the necessary agreements that will allow you to have your COD files signed. Signing is only required for use on the device, development under the JDE can occur without signing the CODs.
REVOCATION_REASON_CESSATION_OF_OPERATION
public static final long REVOCATION_REASON_CESSATION_OF_OPERATION
A certificate chain property that indicates that at least one certificate in the chain is revoked. See also RevocationReason.
Since:
JDE 4.0.2
Category:
Signed: This element is only accessible by signed clients. If you intend to use this element, please contact RIM to establish the necessary agreements that will allow you to have your COD files signed. Signing is only required for use on the device, development under the JDE can occur without signing the CODs.
REVOCATION_REASON_CERTIFICATE_HOLD
public static final long REVOCATION_REASON_CERTIFICATE_HOLD
A certificate chain property that indicates that at least one certificate in the chain is revoked. See also RevocationReason.
Since:
JDE 4.0.2
Category:
Signed: This element is only accessible by signed clients. If you intend to use this element, please contact RIM to establish the necessary agreements that will allow you to have your COD files signed. Signing is only required for use on the device, development under the JDE can occur without signing the CODs.
REVOCATION_REASON_REMOVE_FROM_CRL
public static final long REVOCATION_REASON_REMOVE_FROM_CRL
A certificate chain property that indicates that at least one certificate in the chain is revoked. See also RevocationReason.
Since:
JDE 4.0.2
Category:
Signed: This element is only accessible by signed clients. If you intend to use this element, please contact RIM to establish the necessary agreements that will allow you to have your COD files signed. Signing is only required for use on the device, development under the JDE can occur without signing the CODs.
Constructor Detail
CertificateChainProperties
public CertificateChainProperties()
Since:
JDE 4.0.0
Category:
Signed: This element is only accessible by signed clients. If you intend to use this element, please contact RIM to establish the necessary agreements that will allow you to have your COD files signed. Signing is only required for use on the device, development under the JDE can occur without signing the CODs.
Method Detail
selectBestCertificateChainProperties
public static long selectBestCertificateChainProperties(long[] properties)
Returns the properties associated with the chain returned by a call to selectBestCertificateChain.
NOTE: This method was added in BlackBerry version 4.0.
Since:
JDE 4.0.2
Category:
Signed: This element is only accessible by signed clients. If you intend to use this element, please contact RIM to establish the necessary agreements that will allow you to have your COD files signed. Signing is only required for use on the device, development under the JDE can occur without signing the CODs.
selectBestCertificateChain
public static int selectBestCertificateChain(long[] properties)
Finds a certificate chain that has properties matching one of a default set of property masks.
Parameters:
properties - an array of certificate chain properties
Returns:
If there is a chain with no errors, the index of that chain is returned.
Otherwise, all of the chains have at least one error. The chains are checked for each of the following sets of properties:
STALE_CERTIFICATE_STATUS
UNKNOWN_CERTIFICATE_STATUS_PRESENT and any previous properties
INCOMPLETE_CERTIFICATE_CHAIN and any previous properties
UNTRUSTED_CERTIFICATE_CHAIN and any previous properties
WEAK_CERTIFICATE_CHAIN and any previous properties
INVALID_CERTIFICATE_PRESENT and any previous properties
REVOKED_CERTIFICATE_STATUS_PRESENT and any previous properties
Any properties at all.
NOTE: This method was added in BlackBerry version 4.0.
Since:
JDE 4.0.2
Category:
Signed: This element is only accessible by signed clients. If you intend to use this element, please contact RIM to establish the necessary agreements that will allow you to have your COD files signed. Signing is only required for use on the device, development under the JDE can occur without signing the CODs.
selectCertificateChain
public static int[] selectCertificateChain(long[] properties,
long[] propertyMasks)
Finds a certificate chain that has properties matching one of a provided set of property masks.
Parameters:
properties - an array of certiticate chain properties
propertyMasks - an array of certificate chain property masks
Returns:
an array of two integers (n,m) satisfying the following conditions:
Chain n only has properties specified in mask m (although it may not have all of the specified properties)
There is no n' and no m' < m such that chain n' only has properties specified in mask m'.
(In other words, m is the smallest index into the mask array for which there is a chain that only has properties specified in
that mask, and n is the index of a chain that has those properties.)
If there is no chain matching any of the property masks, then the array (-1,-1) is returned.
NOTE: This method was added in BlackBerry version 4.0.
Since:
JDE 4.0.2
Category:
Signed: This element is only accessible by signed clients. If you intend to use this element, please contact RIM to establish the necessary agreements that will allow you to have your COD files signed. Signing is only required for use on the device, development under the JDE can occur without signing the CODs.
getCertificateChainProperties
public static long[] getCertificateChainProperties(Certificate[][] chains,
KeyStore trustedKeyStore,
long date)
Returns the properties of the given certificate chains.
Parameters:
chain - an array of certificate chains.
trustedKeyStore - if any certifcate in the chain is a member of this key store, then the chain is considered trusted.
date - the date to use for certificate validity checking.
Since:
JDE 4.0.2
Category:
Signed: This element is only accessible by signed clients. If you intend to use this element, please contact RIM to establish the necessary agreements that will allow you to have your COD files signed. Signing is only required for use on the device, development under the JDE can occur without signing the CODs.
Returns the properties of the given certificate chains.
Parameters:
chain - an array of certificate chains.
trustedKeyStore - if any certifcate in the chain is a member of this key store, then the chain is considered trusted.
date - the date to use for certificate validity checking.
cryptoSystemProperties - a class to be used for certificate strength checking.
Since:
JDE 4.0.2
Category:
Signed: This element is only accessible by signed clients. If you intend to use this element, please contact RIM to establish the necessary agreements that will allow you to have your COD files signed. Signing is only required for use on the device, development under the JDE can occur without signing the CODs.
getCertificateChainProperties
public static long getCertificateChainProperties(Certificate[] chain,
KeyStore trustedKeyStore,
long date)
Returns the properties of the given certificate chain.
Parameters:
chain - an array of certificates that compromise the chain.
trustedKeyStore - if any certifcate in the chain is a member of this key store, then the chain is considered trusted.
date - the date to use for certificate validity checking.
Since:
JDE 4.0.2
Category:
Signed: This element is only accessible by signed clients. If you intend to use this element, please contact RIM to establish the necessary agreements that will allow you to have your COD files signed. Signing is only required for use on the device, development under the JDE can occur without signing the CODs.
Returns the properties of the given certificate chain.
Parameters:
chain - an array of certificates that compromise the chain.
trustedKeyStore - if any certifcate in the chain is a member of this key store, then the chain is considered trusted.
date - the date to use for certificate validity checking.
cryptoSystemProperties - a class to be used for certificate strength checking. If this is null, than the default
properties are used from the cryptosystem of the public key.
Since:
JDE 4.0.2
Category:
Signed: This element is only accessible by signed clients. If you intend to use this element, please contact RIM to establish the necessary agreements that will allow you to have your COD files signed. Signing is only required for use on the device, development under the JDE can occur without signing the CODs.
Copyright 1999-2004 Research In Motion Limited. 295 Phillip Street, Waterloo, Ontario, Canada, N2L 3W8. All Rights Reserved. Copyright 1993-2003 Sun Microsystems, Inc. 901 San Antonio Road, Palo Alto, California, 94303, U.S.A. Copyright 2002-2003 Nokia Corporation All Rights Reserved. Java is a trademark or registered trademark of Sun Microsystems, Inc. in the US and other countries.
