Class KeyUsageExtension

  • All Implemented Interfaces:
    java.io.Serializable

    @NotMutable
    @ThreadSafety(level=COMPLETELY_THREADSAFE)
    public final class KeyUsageExtension
    extends X509CertificateExtension
    This class provides an implementation of the key usage X.509 certificate extension as described in RFC 5280 section 4.2.1.3. This can be used to determine how the certificate's key is intended to be used.

    The OID for this extension is 2.5.29.15 and the value has the following encoding:
       KeyUsage ::= BIT STRING {
            digitalSignature        (0),
            nonRepudiation          (1), -- recent editions of X.509 have
                                 -- renamed this bit to contentCommitment
            keyEncipherment         (2),
            dataEncipherment        (3),
            keyAgreement            (4),
            keyCertSign             (5),
            cRLSign                 (6),
            encipherOnly            (7),
            decipherOnly            (8) }
     
    See Also:
    Serialized Form
    • Method Detail

      • isDigitalSignatureBitSet

        public boolean isDigitalSignatureBitSet()
        Indicates whether the digital signature bit is set. If true, then the key may be used for verifying digital signatures (other than signatures on certificates or CRLs, as those usages are covered by the isKeyCertSignBitSet() and isCRLSignBitSet() methods, respectively).
        Returns:
        true if the digital signature bit is set, or false if not.
      • isNonRepudiationBitSet

        public boolean isNonRepudiationBitSet()
        Indicates whether the non-repudiation bit is set. If true, then the key may be used to prevent someone from denying the authenticity of a digital signature generated with the key.
        Returns:
        true if the non-repudiation bit is set, or false if not.
      • isKeyEnciphermentBitSet

        public boolean isKeyEnciphermentBitSet()
        Indicates whether the key encipherment bit is set. If true, then the public key may be used for encrypting other private keys or secret keys (for example, to protect the keys while they are being transported).
        Returns:
        true if the key encipherment bit is set, or false if not.
      • isDataEnciphermentBitSet

        public boolean isDataEnciphermentBitSet()
        Indicates whether the data encipherment bit is set. If true, then the public key may be used for encrypting arbitrary data without the need for a symmetric cipher.
        Returns:
        true if the data encipherment bit is set, or false if not.
      • isKeyAgreementBitSet

        public boolean isKeyAgreementBitSet()
        Indicates whether the key agreement bit is set. If true, then the public key may be used for key agreement processing.
        Returns:
        true if the key agreement bit is set, or false if not.
      • isKeyCertSignBitSet

        public boolean isKeyCertSignBitSet()
        Indicates whether the key cert sign bit is set. If true, then the public key may be used for verifying certificate signatures.
        Returns:
        true if the CRL sign bit is set, or false if not.
      • isCRLSignBitSet

        public boolean isCRLSignBitSet()
        Indicates whether the CRL sign bit is set. If true, then the public key may be used for verifying certificate revocation list (CRL) signatures.
        Returns:
        true if the CRL sign bit is set, or false if not.
      • isEncipherOnlyBitSet

        public boolean isEncipherOnlyBitSet()
        Indicates whether the encipher only bit is set. If true, and if the isKeyAgreementBitSet() is also true, then the public key may be used only for enciphering data when performing key agreement.
        Returns:
        true if the encipher only bit is set, or false if not.
      • isDecipherOnlyBitSet

        public boolean isDecipherOnlyBitSet()
        Indicates whether the decipher only bit is set. If true, and if the isKeyAgreementBitSet() is also true, then the public key may be used only for deciphering data when performing key agreement.
        Returns:
        true if the decipher only bit is set, or false if not.
      • toString

        public void toString​(@NotNull
                             java.lang.StringBuilder buffer)
        Appends a string representation of this certificate extension to the provided buffer.
        Overrides:
        toString in class X509CertificateExtension
        Parameters:
        buffer - The buffer to which the information should be appended.