|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--iaik.x509.V3Extension | +--iaik.x509.extensions.SubjectKeyIdentifier
This class implements the SubjectKeyIdentifier
extension.
The SubjectKeyIdentifier
extension is a standard X509v3 extension
which MUST NOT be marked as being critical.
.
Each extension is associated with a specific certificateExtension
object identifier, derived from:
certificateExtension OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29} id-ce OBJECT IDENTIFIER ::= certificateExtension
The object identifier for the SubjectKeyIdentifier
extension
is defined as:
id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 }
which corresponds to the OID string "2.5.29.14".
The X.509 Certificate and CRL profile presented in RFC 2459 specifies the subject key identifier extension for providing a means of identifying the particular public key used in an application.
RFC 2459 recommends to include the SubjectKeyIdentifier extension in all (especially CA) certieficates and suggests two ways for calculating the key identifier from the public key:
ASN.1 definition of the SubjectKeyIdentifier extension:
SubjectKeyIdentifier ::= KeyIdentifier
KeyIdentifier ::= OCTET STRING
For adding a SubjectKeyIdentifier
extension object to a X509Certificate, use
the a addExtension
method of the iaik.x509.X509Certificate
class, e.g.:
PublicKey publicKey = ...; SubjectKeyIdentifier subjectKeyIdentifier = new SubjectKeyIdentifier(publicKey); X505Certificate cert = new X509Certificate(); ... cert.addExtension(subjectKeyIdentifier);
When creating a SubjectKeyIdentifier extension in this way by immediately supplying the public key, the key identifier is calculated according to rule 1 as described above.
OCTET_STRING
,
AuthorityKeyIdentifier
,
V3Extension
,
X509Extensions
,
X509Certificate
Field Summary | |
static ObjectID |
oid
The object identifier of this SubjectKeyIdentifier extension. |
Fields inherited from class iaik.x509.V3Extension |
critical |
Constructor Summary | |
SubjectKeyIdentifier()
Default constructor. |
|
SubjectKeyIdentifier(byte[] identifier)
Creates a SubjectKeyIdentifier extension with a defined identifier.
|
|
SubjectKeyIdentifier(PublicKey publicKey)
Creates a SubjectKeyIdentifier extension from the given public key.
|
Method Summary | |
byte[] |
get()
Returns the identifier of this extension. |
ObjectID |
getObjectID()
Returns the object ID of this SubjectKeyIdentifier extension |
int |
hashCode()
Returns a hashcode for this identity. |
void |
init(ASN1Object obj)
Inits this SubjectKeyIdentifier implementation with an ASN1object
representing the value of this extension.
|
void |
set(byte[] identifier)
Sets the identifier of this SubjectKeyIdentifier extension.
|
ASN1Object |
toASN1Object()
Returns an ASN1Object representing the value of this SubjectKeyIdentifier
extension object.
|
String |
toString()
Returns a string that represents the contents of this SubjectKeyIdentifier extension. |
Methods inherited from class iaik.x509.V3Extension |
getName, isCritical, setCritical |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, notify, notifyAll, wait, wait, wait |
Field Detail |
public static final ObjectID oid
Constructor Detail |
public SubjectKeyIdentifier()
SubjectKeyIdentifier
object.
Use the set
method for setting the key identifier
value, e.g.:
SubjectKeyIdentifier subjectKeyIdentifier = new SubjectKeyIdentifier(); subjectKeyIdentifier.set(new byte[] {1,2,3,4,5,6,7,8,9});
public SubjectKeyIdentifier(byte[] identifier)
SubjectKeyIdentifier
extension with a defined identifier.
For instance:
SubjectKeyIdentifier subjectKeyIdentifier = new SubjectKeyIdentifier(new byte[] {1,2,3,4,5,6,7,8,9});
identifier
- the subject key identifier as byte arraypublic SubjectKeyIdentifier(PublicKey publicKey) throws CodingException, NoSuchAlgorithmException
SubjectKeyIdentifier
extension from the given public key.
This constructor creates a key identifier according the follwoing method
(described in RFC 2459):
The keyIdentifier is composed of the 160-bit SHA-1 hash of the value of the BIT STRING subjectPublicKey (excluding the tag, length, and number of unused bits).
publicKey
- the public key for which an identifier shall be created;
the encoding of the key must give a X.509 PublicKeyInfo
(see PublicKeyInfo
)CodingException
- if the keyIdentifier cannot be createdNoSuchAlgorithmException
- if SHA is not supported by the
installed cryptography providersMethod Detail |
public ObjectID getObjectID()
SubjectKeyIdentifier
extensiongetObjectID
in class V3Extension
public void init(ASN1Object obj)
SubjectKeyIdentifier
implementation with an ASN1object
representing the value of this extension.
The given ASN1Object represents the key identifier value.
The given ASN1Object is the one created by toASN1Object()
.
This method is used by the X509Extensions
class when parsing the ASN.1 representation
of a certificate for properly initializing an included
SubjectKeyIdentifier extension. This method initializes the
extension only with its value, but not with its critical
specification. For that reason, this method shall not be
explicitly called by an application.
init
in class V3Extension
obj
- the SubjectKeyIdentifier as ASN1Objectpublic ASN1Object toASN1Object()
SubjectKeyIdentifier
extension object.
The returned ASN1Object is an ASN.1 OCTET_STRING representing the key identifier value:
SubjectKeyIdentifier ::= KeyIdentifier KeyIdentifier ::= OCTET STRING
toASN1Object
in class V3Extension
SubjectKeyIdentifier
as ASN1Objectpublic void set(byte[] identifier)
SubjectKeyIdentifier
extension.
For instance:
SubjectKeyIdentifier subjectKeyIdentifier = new SubjectKeyIdentifier(); subjectKeyIdentifier.set(new byte[] {1,2,3,4,5,6,7,8,9});
identifier
- a identifier as byte arraypublic byte[] get()
set(byte[])
public int hashCode()
hashCode
in class V3Extension
public String toString()
SubjectKeyIdentifier
extension.toString
in class Object
|
This Javadoc may contain text parts from Internet Standard specifications (RFC 2459, 3280, 3039, 2560, 1521, 821, 822, 2253, 1319, 1321, ,2630, 2631, 2268, 3058, 2984, 2104, 2144, 2040, 2311, 2279, see copyright note) and RSA Data Security Public-Key Cryptography Standards (PKCS#1,3,5,7,8,9,10,12, see copyright note). | ||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |