CertificateAuthorities (iSaSiLk 6.1 API Documentation)

java.lang.Object
- iaik.security.ssl.Extension
- - iaik.security.ssl.CertificateAuthorities

All Implemented Interfaces:

java.lang.Cloneable
```
public class CertificateAuthorities
extends Extension
implements java.lang.Cloneable
```
This class implements the TLS 1.3 CertificateAuthorities (certificate_authorities) TLS extension as specified by RFC 8446.
TLS 1.3 defines the CertificateAuthorities extension as list of the distinguished names of certificate authorities that may be accepted as peer certificate issuing authorities:
```
   opaque DistinguishedName<1..2^16-1>;

   struct {
       DistinguishedName authorities<3..2^16-1>;
   } CertificateAuthoritiesExtension;erverHello;
 
```
The client may send the certificate_authorities extension in the ClientHello message, the server may send it in the CertificateRequest message.
On the server side when building the CertificateRequest message iSaSiLk automatically calculates the certificate_authorities extension from the ChainVerifier- configured trusted authorities. No interaction from the application is required.
On the client side the application has to decide if it wants to send a certificate_authorities extension with the ClientHello message. For instance, the client may get the trusted authorities from the ChainVerifier and use them when creating the CertificateAuthorities extension:
```
 SSLClientContext clientContext = ...;
 ExtensionList extensions = new ExtensionList();
 ...
 ChainVerifier chainVerifier = context.getChainVerifier();
 Principal[] trustedCAs = chainVerifier.getTrustedPrincipalsArray();
 CertificateAuthorities certAuthorities = new CertificateAuthorities(trustedPrincipals);
 extensions.addExtension(certAuthorities);
 ...
 clientContext.setExtensions(extensions);
 
```
Note that an iSaSiLk server does not process a certificate_authorities extension received within the ClientHello message automatically. By default an iSaSiLk server will ignore the certificate_authorities sent by the client and not use it for server certificate selection. To tell an iSaSiLk server to process a certificate_authorities extensions received from the client and application has to set an empty CertificateAuthorities extension object for its server context:
```
 SSLServerContext serverContext = ...;
 ExtensionList extensions = new ExtensionList();
 ...
 CertificateAuthorities certAuthorities = new CertificateAuthorities();
 extensions.addExtension(certAuthorities);
 ...
 serverContext.setExtensions(extensions);
 
```
The critical flag has no meaning for the CertificateAuthorities extension.
Version:

File Revision 42

See Also:

Extension, ExtensionList

Field Summary

Fields
Modifier and Type Field and Description

static ExtensionType TYPE
The type (47) of the certificate_authorities extension.

Fields
Modifier and Type	Field and Description
`static ExtensionType`	`TYPE` The type (47) of the certificate_authorities extension.

Constructor Summary

Constructors
Constructor and Description
`CertificateAuthorities()` Default Constructor.
`CertificateAuthorities(java.security.Principal[] authorities)` Creates a CertificateAuthorities extension for the given authorities.
`CertificateAuthorities(java.security.cert.X509Certificate[] certificates)` Creates a CertificateAuthorities extension from the given ca certificates.

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`void`	`addAuthority(java.security.Principal authority)` Adds the given authority.
`void`	`addAuthority(java.security.cert.X509Certificate certificate)` Adds the given authority (subjectDN of the given ca certificate).
`java.lang.Object`	`clone()` Returns a clone of this CertificateAuthorities extension object.
`java.security.Principal[]`	`getAuthorities()` Gets the authorities included in this CertificateAuthorities extension.
`void`	`setCritical(boolean critical)` Does nothing since the critical value has no meaning for this extension.
`int`	`size()` Gets the number of authorities included in this CertificateAuthorities extension.
`java.lang.String`	`toString()` Gets a String representation of this CertificateAuthorities object.

Methods inherited from class iaik.security.ssl.Extension
getAllowedProtocolVersions, getExtensionType, getName, getType

Methods inherited from class java.lang.Object
equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

- Field Detail
  - TYPE
```
public static final ExtensionType TYPE
```
    The type (47) of the certificate_authorities extension.
- Constructor Detail
  - CertificateAuthorities
```
public CertificateAuthorities()
```
    Default Constructor.
  - CertificateAuthorities
```
public CertificateAuthorities(java.security.Principal[] authorities)
```
    Creates a CertificateAuthorities extension for the given authorities.
    
    Parameters:
    
    authorities - the list of authorities as Principal objects
  - CertificateAuthorities
```
public CertificateAuthorities(java.security.cert.X509Certificate[] certificates)
```
    Creates a CertificateAuthorities extension from the given ca certificates.
    The authorities list is build from the subjectDNs of the given certificates.
    
    Parameters:
    
    certificates - the certificates from which to create the CertificateAuthorities extension
- Method Detail
  - addAuthority
```
public void addAuthority(java.security.Principal authority)
```
    Adds the given authority.
    
    Parameters:
    
    authority - to be added as Principal object
  - addAuthority
```
public void addAuthority(java.security.cert.X509Certificate certificate)
```
    Adds the given authority (subjectDN of the given ca certificate).
    
    Parameters:
    
    certificate - the certificate from which to get the subjectDN
  - getAuthorities
```
public java.security.Principal[] getAuthorities()
```
    Gets the authorities included in this CertificateAuthorities extension.
    
    Returns:
    
    the authorities or null if no authorities are included
  - size
```
public int size()
```
    Gets the number of authorities included in this CertificateAuthorities extension.
    
    Returns:
    
    the number of authorities included in this CertificateAuthorities extension
  - setCritical
```
public void setCritical(boolean critical)
```
    Does nothing since the critical value has no meaning for this extension.
    
    Overrides:
    
    setCritical in class Extension
    
    Parameters:
    
    critical - true if the extension is critical, false if not
  - clone
```
public java.lang.Object clone()
```
    Returns a clone of this CertificateAuthorities extension object.
    
    Overrides:
    
    clone in class Extension
    
    Returns:
    
    a clone of this CertificateAuthorities extension object
  - toString
```
public java.lang.String toString()
```
    Gets a String representation of this CertificateAuthorities object.
    
    Specified by:
    
    toString in class Extension
    
    Returns:
    
    a String representation of the CertificateAuthorities object

Class CertificateAuthorities

Field Summary

Constructor Summary

Method Summary

Methods inherited from class iaik.security.ssl.Extension

Methods inherited from class java.lang.Object

Field Detail

TYPE

Constructor Detail

CertificateAuthorities

CertificateAuthorities

CertificateAuthorities

Method Detail

addAuthority

addAuthority

getAuthorities

size

setCritical

clone

toString