iaik.x509.extensions
Class SubjectKeyIdentifier

java.lang.Object
  |
  +--iaik.x509.V3Extension
        |
        +--iaik.x509.extensions.SubjectKeyIdentifier

public class SubjectKeyIdentifier
extends V3Extension

This class implements the SubjectKeyIdentifier extension.

The SubjectKeyIdentifier extension is a standard X509v3 extension which MUST NOT be marked as being critical. .

Each extension is associated with a specific certificateExtension object identifier, derived from:

 certificateExtension  OBJECT IDENTIFIER ::=
                            {joint-iso-ccitt(2) ds(5) 29}
 id-ce                 OBJECT IDENTIFIER ::=  certificateExtension
 

The object identifier for the SubjectKeyIdentifier extension is defined as:

id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 }

which corresponds to the OID string "2.5.29.14".

The X.509 Certificate and CRL profile presented in RFC 2459 specifies the subject key identifier extension for providing a means of identifying the particular public key used in an application.

RFC 2459 recommends to include the SubjectKeyIdentifier extension in all (especially CA) certieficates and suggests two ways for calculating the key identifier from the public key:

  1. The keyIdentifier is composed of the 160-bit SHA-1 hash of the value of the BIT STRING subjectPublicKey (excluding the tag, length, and number of unused bits).
  2. The keyIdentifier is composed of a four bit type field with the value 0100 followed by the least significant 60 bits of the SHA-1 hash of the value of the BIT STRING subjectPublicKey.

ASN.1 definition of the SubjectKeyIdentifier extension:

 SubjectKeyIdentifier ::= KeyIdentifier
 
KeyIdentifier ::= OCTET STRING

For adding a SubjectKeyIdentifier extension object to a X509Certificate, use the a addExtension method of the iaik.x509.X509Certificate class, e.g.:

 PublicKey publicKey = ...;
 SubjectKeyIdentifier subjectKeyIdentifier = new SubjectKeyIdentifier(publicKey);
 X505Certificate cert = new X509Certificate();
   ...
 cert.addExtension(subjectKeyIdentifier);
 

When creating a SubjectKeyIdentifier extension in this way by immediately supplying the public key, the key identifier is calculated according to rule 1 as described above.

Version:
File Revision 21
See Also:
OCTET_STRING, AuthorityKeyIdentifier, V3Extension, X509Extensions, X509Certificate

Field Summary
static ObjectID oid
          The object identifier of this SubjectKeyIdentifier extension.
 
Fields inherited from class iaik.x509.V3Extension
critical
 
Constructor Summary
SubjectKeyIdentifier()
          Default constructor.
SubjectKeyIdentifier(byte[] identifier)
          Creates a SubjectKeyIdentifier extension with a defined identifier.
SubjectKeyIdentifier(PublicKey publicKey)
          Creates a SubjectKeyIdentifier extension from the given public key.
 
Method Summary
 byte[] get()
          Returns the identifier of this extension.
 ObjectID getObjectID()
          Returns the object ID of this SubjectKeyIdentifier extension
 int hashCode()
          Returns a hashcode for this identity.
 void init(ASN1Object obj)
          Inits this SubjectKeyIdentifier implementation with an ASN1object representing the value of this extension.
 void set(byte[] identifier)
          Sets the identifier of this SubjectKeyIdentifier extension.
 ASN1Object toASN1Object()
          Returns an ASN1Object representing the value of this SubjectKeyIdentifier extension object.
 String toString()
          Returns a string that represents the contents of this SubjectKeyIdentifier extension.
 
Methods inherited from class iaik.x509.V3Extension
getName, isCritical, setCritical
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, notify, notifyAll, wait, wait, wait
 

Field Detail

oid

public static final ObjectID oid
The object identifier of this SubjectKeyIdentifier extension. The corresponding OID string is "2.5.29.14".
Constructor Detail

SubjectKeyIdentifier

public SubjectKeyIdentifier()
Default constructor. Creates an empty SubjectKeyIdentifier object.

Use the set method for setting the key identifier value, e.g.:

 SubjectKeyIdentifier subjectKeyIdentifier = new SubjectKeyIdentifier();
 subjectKeyIdentifier.set(new byte[] {1,2,3,4,5,6,7,8,9});
 


SubjectKeyIdentifier

public SubjectKeyIdentifier(byte[] identifier)
Creates a SubjectKeyIdentifier extension with a defined identifier.

For instance:

 SubjectKeyIdentifier subjectKeyIdentifier = new SubjectKeyIdentifier(new byte[] {1,2,3,4,5,6,7,8,9});
 

Parameters:
identifier - the subject key identifier as byte array

SubjectKeyIdentifier

public SubjectKeyIdentifier(PublicKey publicKey)
                     throws CodingException,
                            NoSuchAlgorithmException
Creates a SubjectKeyIdentifier extension from the given public key. This constructor creates a key identifier according the follwoing method (described in RFC 2459):

The keyIdentifier is composed of the 160-bit SHA-1 hash of the value of the BIT STRING subjectPublicKey (excluding the tag, length, and number of unused bits).

Parameters:
publicKey - the public key for which an identifier shall be created; the encoding of the key must give a X.509 PublicKeyInfo (see PublicKeyInfo)
Throws:
CodingException - if the keyIdentifier cannot be created
NoSuchAlgorithmException - if SHA is not supported by the installed cryptography providers
Method Detail

getObjectID

public ObjectID getObjectID()
Returns the object ID of this SubjectKeyIdentifier extension
Overrides:
getObjectID in class V3Extension
Returns:
the object ID

init

public void init(ASN1Object obj)
Inits this SubjectKeyIdentifier implementation with an ASN1object representing the value of this extension.

The given ASN1Object represents the key identifier value.

The given ASN1Object is the one created by toASN1Object().

This method is used by the X509Extensions class when parsing the ASN.1 representation of a certificate for properly initializing an included SubjectKeyIdentifier extension. This method initializes the extension only with its value, but not with its critical specification. For that reason, this method shall not be explicitly called by an application.

Overrides:
init in class V3Extension
Parameters:
obj - the SubjectKeyIdentifier as ASN1Object

toASN1Object

public ASN1Object toASN1Object()
Returns an ASN1Object representing the value of this SubjectKeyIdentifier extension object.

The returned ASN1Object is an ASN.1 OCTET_STRING representing the key identifier value:

 SubjectKeyIdentifier ::= KeyIdentifier

 KeyIdentifier ::= OCTET STRING
 

Overrides:
toASN1Object in class V3Extension
Returns:
the value of this SubjectKeyIdentifier as ASN1Object

set

public void set(byte[] identifier)
Sets the identifier of this SubjectKeyIdentifier extension.

For instance:

 SubjectKeyIdentifier subjectKeyIdentifier = new SubjectKeyIdentifier();
 subjectKeyIdentifier.set(new byte[] {1,2,3,4,5,6,7,8,9});
 

Parameters:
identifier - a identifier as byte array

get

public byte[] get()
Returns the identifier of this extension.
Returns:
the identifier, as byte array
See Also:
set(byte[])

hashCode

public int hashCode()
Returns a hashcode for this identity.
Overrides:
hashCode in class V3Extension
Returns:
a hash code for this identity

toString

public String toString()
Returns a string that represents the contents of this SubjectKeyIdentifier extension.
Overrides:
toString in class Object
Returns:
the string representation

This Javadoc may contain text parts from Internet Standard specifications (RFC 2459, 3280, 3039, 2560, 1521, 821, 822, 2253, 1319, 1321, ,2630, 2631, 2268, 3058, 2984, 2104, 2144, 2040, 2311, 2279, see copyright note) and RSA Data Security Public-Key Cryptography Standards (PKCS#1,3,5,7,8,9,10,12, see copyright note).

IAIK-JCE 3.1 with IAIK-JCE CC Core 3.1, (c) 1997-2004 IAIK