multipaz/org.multipaz.crypto/X509Signed

X509Signed

sealed class X509Signed

Base class for signed X.509 sequences: certificates and CRLs.

Signed sequence is an ASN1Sequence that contains three elements: TBS sequence, signature algorithm, and signature, where the signature cryptographically signs the bytes of TBS sequence. TBS sequence syntax is determined by the format (certificate and CRL), but in both cases can contain specially-tagged extension object.

This class encapsulates the common functionality:

  • dealing with the top-level sequence

  • signature

  • extensions

Inheritors

Types

Link copied to clipboard
object Companion

Properties

Link copied to clipboard
val criticalExtensionOIDs: Set<String>

The OIDs for X.509 extensions which are marked as critical.

Link copied to clipboard
abstract val encoded: ByteString
Link copied to clipboard
val extensions: List<X509Extension>

The list of decoded extensions information.

Link copied to clipboard
val nonCriticalExtensionOIDs: Set<String>

The OIDs for X.509 extensions which are not marked as critical.

Link copied to clipboard
val signature: ByteArray

The certificate or CRL signature.

Link copied to clipboard
val signatureAlgorithm: Algorithm

The signature algorithm for the certificate or CRL as Algorithm.

Link copied to clipboard
val signatureAlgorithmOid: String

The signature algorithm for the CRL as OID string.

Link copied to clipboard
val tbsCertificate: ByteArray

The bytes of TBS sequence.

Functions

Link copied to clipboard
Link copied to clipboard
fun getExtensionValue(oid: String): ByteArray?

Gets the bytes of a X.509 extension.

Link copied to clipboard
Link copied to clipboard
fun toPem(): String

Encode this certificate or CRL in PEM format

Link copied to clipboard
fun verify(publicKey: EcPublicKey)

Checks if the certificate or CRL was signed with a given key.