iaik.smime.ess
Class ESSCertID

java.lang.Object
  iaik.smime.ess.ESSCertID

All Implemented Interfaces:

ASN1Type

Direct Known Subclasses:

ESSCertIDv2

public class ESSCertID
extends java.lang.Object
implements ASN1Type

This class implements the S/MIMEv3 ESSCertID type.

The Enhanced Security Services for S/MIMEv3 (ESS) (RFC 2634) specify the ESSCertID type for identifying a certificate by cert hash and optionally issuer information and issuer-specific certificate serial number:

 ESSCertID ::=  SEQUENCE {        
   certHash     Hash,
   issuerSerial IssuerSerial OPTIONAL   }
 

 Hash ::= OCTET STRING -- SHA1 hash of entire certificate
 

 IssuerSerial ::= SEQUENCE {        
   issuer       GeneralNames,
   serialNumber CertificateSerialNumber   }
 

The ESSCertID type is used for identifying a certificate in a SigningCertificate object to be included as signed attribute into CMS SignerInfo object.

If you want to use another hash algorithm than SHA-1 for calculating the cert hash use the ESSCertIDv2 type and the SigningCertificateV2 attribute.

When creating an ESSCertID specify the cert to be identified and decide whether the IssuerSerial component shall be included in the ESSCertID:

 X509Certificate cert = ...;
 boolean includeIssuerSerial = true;
 ESSCertID certID = new ESSCertID(cert, includeIssuerSerial);
 

See Also:

ESSIssuerSerial, SigningCertificate, X509Certificate, AttributeCertificate

Constructor Summary

ESSCertID()
Default Constructor.

ESSCertID(ASN1Object obj)
Creates a new ESSCertID from an ASN1Object.

ESSCertID(java.security.cert.Certificate cert, boolean includeIssuerSerial)
Creates an ESSCertID for the given X.509 public key or X.509 attribute certificate.

ESSCertID(java.security.cert.Certificate cert, boolean includeIssuerSerial, SecurityProvider securityProvider)
Creates an ESSCertID for the given X.509 public key or X.509 attribute certificate.

Method Summary

void	calculateCertHash(byte[] encodedCert) Calculates the sets the cert hash value for the given encoded certificate.
void	decode(ASN1Object obj) Decodes the given ASN.1 ESSCertID object for parsing the internal structure.
boolean	equals(java.lang.Object obj) Compares this ESSCertID to the specified object.
byte[]	getCertHash() Returns the cert hash.
AlgorithmID	getHashAlgorithm() Gets the AlgorithmID of the hash algorithm.
ESSIssuerSerial	getIssuerSerial() Returns issuer and serial number.
SecurityProvider	getSecurityProvider() Gets the SecurityProvider installed for this ESSCertID.
int	hashCode() Returns a hashcode for this ESSCertID.
boolean	identifiesCert(java.security.cert.Certificate certificate) Checks whether the given certificate is identified by this ESSCertID.
void	setCertHash(byte[] certHash) Sets the cert hash value.
void	setIssuerSerial(ESSIssuerSerial issuerSerial) Sets the issuer and serial information.
void	setSecurityProvider(SecurityProvider securityProvider) Sets the SecurityProvider for this ESSCertID.
ASN1Object	toASN1Object() Returns this ESSCertID as ASN1Object.
java.lang.String	toString() Returns a string giving some information about this ESSCertID object.

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Constructor Detail

ESSCertID

public ESSCertID()

Default Constructor. Creates an empty ESSCertID object.

ESSCertID

public ESSCertID(java.security.cert.Certificate cert,
                 boolean includeIssuerSerial)
          throws java.security.NoSuchAlgorithmException,
                 java.security.cert.CertificateException

Creates an ESSCertID for the given X.509 public key or X.509 attribute certificate.

Attention! Only X.509 public key certificates (instances of iaik.x509.X509Certificate) or X.509 attribute certificates (instances of iaik.x409.attr.AttributeCertificate) can be handled by this constructor; PKCS#6 ExtendedCertificates are obsolete and therefore not supported.

Parameters:

cert - the certificate for which to create an ESSCertID (either an instance of iaik.x509.X509Certificate or an instance of iaik.x509.attr.AttributeCertificate

includeIssuerSerial - if the IssuerSerial component should be set

Throws:

java.lang.IllegalArgumentException - if the supplied certificate is not an iaik.x509.X509Certificate or iaik.x509.attr.AttributeCertificate

java.security.NoSuchAlgorithmException - if SHA-1, required for hash computation, is not supported by the installed providers

java.security.cert.CertificateException - if an error occurs while encoding the certificate for computing the hash, or the given certificate is an attribute certificate, but the issuer information included is not sufficient to construct an IssuerSerial (if V2Form is used for indicating the issuer, but not the issuerName option)

ESSCertID

public ESSCertID(java.security.cert.Certificate cert,
                 boolean includeIssuerSerial,
                 SecurityProvider securityProvider)
          throws java.security.NoSuchAlgorithmException,
                 java.security.cert.CertificateException

Creates an ESSCertID for the given X.509 public key or X.509 attribute certificate.

Attention! Only X.509 public key certificates (instances of iaik.x509.X509Certificate) or X.509 attribute certificates (instances of iaik.x409.attr.AttributeCertificate) can be handled by this constructor; PKCS#6 ExtendedCertificates are obsolete and therefore not supported.

Parameters:

cert - the certificate for which to create an ESSCertID (either an instance of iaik.x509.X509Certificate or an instance of iaik.x509.attr.AttributeCertificate

includeIssuerSerial - if the IssuerSerial component should be set

securityProvider - the SecurityProvider to be explicitly used for the cryptocraphic operations (cert hash calculation) required by this object, if null the default sytem-wide installed security provider will be used

Throws:

java.lang.IllegalArgumentException - if the supplied certificate is not an iaik.x509.X509Certificate or iaik.x509.attr.AttributeCertificate

java.security.NoSuchAlgorithmException - if SHA-1, required for hash computation, is not supported by the installed providers

java.security.cert.CertificateException - if an error occurs while encoding the certificate for computing the hash, or the given certificate is an attribute certificate, but the issuer information included is not sufficient to construct an IssuerSerial (if V2Form is used for indicating the issuer, but not the issuerName option)

ESSCertID

public ESSCertID(ASN1Object obj)
          throws CodingException

Creates a new ESSCertID from an ASN1Object.

The ASN1Object supplied to this constructor represents an already exisiting ESSCertID object that may have been created by calling toASN1Object.

Parameters:

obj - the ESSCertID as ASN1Object

Throws:

CodingException - if the ASN1Object could not be parsed

Method Detail

setSecurityProvider

public void setSecurityProvider(SecurityProvider securityProvider)

Sets the SecurityProvider for this ESSCertID.

This method allows to explicitly set a SecurityProvider for this ESSCertID. If no explicit SecurityProvider is set, the default system wide installed SecurityProvider will be used for the required cryptographic operations.

This class uses the following method(s) of the SecurityProvider, which may be overriden by an application, if required:

• getHash() to calculate a hash from the encoded certificate this ESSCertID shall identify

An application may prefer to immediately supply the SecurityProvider when creating a new ESSCertID for some certificate.

Parameters:

securityProvider - the SecurityProvider to be set

getSecurityProvider

public SecurityProvider getSecurityProvider()

Gets the SecurityProvider installed for this ESSCertID.

This class uses the following method(s) of the SecurityProvider, which may be overriden by an application, if required:

• getHash() to calculate an a hash from the encoded certificate this ESSCertID shall identify

If no explicit SecurityProvider has been set for this object, the default system wide installed SecurityProvider will be used for the required cryptographic operations. However, this method will return null if it does not have its own SecurityProvider.

Returns:

the SecurityProvider explicitly installed for this object, or null if this object does not have its own SecurityProvider

setIssuerSerial

public void setIssuerSerial(ESSIssuerSerial issuerSerial)

Sets the issuer and serial information.

Parameters:

issuerSerial - the IssuerSerial object to be set

setCertHash

public void setCertHash(byte[] certHash)

Sets the cert hash value.

Parameters:

certHash - the -- already calculated -- hash of the cert

calculateCertHash

public void calculateCertHash(byte[] encodedCert)
                       throws java.security.NoSuchAlgorithmException

Calculates the sets the cert hash value for the given encoded certificate.

Parameters:

encodedCert - the DER encoded cert for which the hash shall be calculated and set

Throws:

java.security.NoSuchAlgorithmException - if the hash algorithm used for calculating the cert hash is not supported by the installed cryptographic providers

identifiesCert

public boolean identifiesCert(java.security.cert.Certificate certificate)
                       throws java.security.NoSuchAlgorithmException

Checks whether the given certificate is identified by this ESSCertID.

Parameters:

certificate - the certificate to be checked (either an instance of iaik.x509.X509Certificate or an instance of iaik.x509.attr.AttributeCertificate

Returns:

true if the given certificate is identified by this ESSCertID, false if not

Throws:

java.lang.IllegalArgumentException - if the supplied certificate is not an iaik.x509.X509Certificate or iaik.x509.attr.AttributeCertificate

java.security.NoSuchAlgorithmException - if the check cannot be performed because the hash algorithm used for calculating the cert hash is not supported by the installed cryptographic providers

decode

public void decode(ASN1Object obj)
            throws CodingException

Decodes the given ASN.1 ESSCertID object for parsing the internal structure.

This method internally is called when creating a ESSCertID object from an already existing ESSCertID object, supplied as ASN1Object.

Specified by:

decode in interface ASN1Type

Parameters:

obj - the ESSCertID as ASN1Object

Throws:

CodingException - if the object can not be parsed

toASN1Object

public ASN1Object toASN1Object()

Returns this ESSCertID as ASN1Object.

The ASN1Object returned by this method may be used as parameter value when creating an ESSCertID object using the ESSCertID(ASN1Object obj) constructor.

Specified by:

toASN1Object in interface ASN1Type

Returns:

this ESSCertID as ASN1Object

equals

public boolean equals(java.lang.Object obj)

Compares this ESSCertID to the specified object.

Overrides:

equals in class java.lang.Object

Parameters:

obj - the object to compare this ESSCertID against.

Returns:

true, if the given object is equal to this ESSCertID, false otherwise

hashCode

public int hashCode()

Returns a hashcode for this ESSCertID.

Overrides:

hashCode in class java.lang.Object

Returns:

a hashcode for this ESSCertID

getIssuerSerial

public ESSIssuerSerial getIssuerSerial()

Returns issuer and serial number.

Returns:

the IssuerSerial of this ESSCertID

getHashAlgorithm

public AlgorithmID getHashAlgorithm()

Gets the AlgorithmID of the hash algorithm.

Returns:

the hash AlgorithmID

getCertHash

public byte[] getCertHash()

Returns the cert hash.

Returns:

cert hash of this ESSCertID

toString

public java.lang.String toString()

Returns a string giving some information about this ESSCertID object.

Overrides:

toString in class java.lang.Object

Returns:

the string representation