|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--iaik.x509.ocsp.CertID
This class implements OCSP type CertID
.
The X.509 Online Certificate Status Protocol (RFC 2560) specifies the CertID type for being used to indicate the certificate for which revocation status information is requested.
CertID ::= SEQUENCE { hashAlgorithm AlgorithmIdentifier, issuerNameHash OCTET STRING, -- Hash of Issuer's DN issuerKeyHash OCTET STRING, -- Hash of Issuers public key serialNumber CertificateSerialNumber }
The primary reason to use the hash of the CA's public key in addition to the hash of the CA's name, to identify the issuer, is that it is possible that two CAs may choose to use the same Name (uniqueness in the Name is a recommendation that cannot be enforced). Two CAs will never, however, have the same public key unless the CAs either explicitly decided to share their private key, or the key of one of the CAs was compromised.
When creating a CertID object you may calculate issuer name and key values
yourself
or let
class CertID calculate
it for you, e.g.:
AlgorithmID hashAlgorithm = AlgorithmID.sha1; Name issuerName = ...; PublicKey issuerKey = ...; BigInteger serialNumber = certificate.getSerialNumber(); CertID certID = new CertID(hashAlgorithm, issuerName, issuerKey, serialNumber);
Constructor Summary | |
CertID(AlgorithmID hashAlgorithm,
byte[] issuerNameHash,
byte[] issuerKeyHash,
BigInteger serialNumber)
Creates a new CertID from hashAlgorithm, issuerNameHash, issuerKeyHash and serial number. |
|
CertID(AlgorithmID hashAlgorithm,
Name issuerName,
PublicKey issuerKey,
BigInteger serialNumber)
Creates a new CertID from hashAlgorithm, issuerName, issuerKey and serial number. |
|
CertID(AlgorithmID hashAlgorithm,
X509Certificate issuerCert,
BigInteger serialNumber)
Creates a new CertID from hashAlgorithm, issuer certificate and target certificate serial number. |
|
CertID(AlgorithmID hashAlgorithm,
X509Certificate issuerCert,
X509Certificate targetCert)
Creates a new CertID from hashAlgorithm, issuer certificate and target certificate. |
|
CertID(ASN1Object obj)
Creates CertID from an ASN1Object. |
Method Summary | |
static byte[] |
calculateIssuerKeyHash(PublicKey issuerKey,
AlgorithmID hashAlgorithm)
Calculets the issuerKeyHash from the given public key. |
static byte[] |
calculateIssuerNameHash(Name issuerName,
AlgorithmID hashAlgorithm)
Calculates a SHA hash from the supplied issuer Name. |
boolean |
equals(Object obj)
Compares this CertID with the given CertID. |
AlgorithmID |
getHashAlgorithm()
Returns the hashAlgorithm. |
byte[] |
getIssuerKeyHash()
Returns the issuerKeyHash. |
byte[] |
getIssuerNameHash()
Returns the issuerNameHash. |
BigInteger |
getSerialNumber()
Returns the serialNumber. |
int |
hashCode()
Returns a hash code value for this object. |
boolean |
isCertIDFor(Name issuerName,
PublicKey issuerKey,
BigInteger serialNumber)
Checks if this is a CertID for a certificate identified by the given issuer name and key, and serialNumber. |
ASN1Object |
toASN1Object()
Returns this CertID as an ASN1Object. |
String |
toString()
Returns a String representation of this CertID. |
Methods inherited from class java.lang.Object |
clone, finalize, getClass, notify, notifyAll, wait, wait, wait |
Constructor Detail |
public CertID(AlgorithmID hashAlgorithm, byte[] issuerNameHash, byte[] issuerKeyHash, BigInteger serialNumber)
issuerNameHash
- is the hash of the Issuer's distinguished
name. The hash shall be calculated over the DER encoding of
the issuer's name field in the certificate being checked.issuerKeyHash
- is the hash of the Issuer's public key. The hash
shall be calculated over the value (excluding tag and length)
of the subject public key field in the issuer's certificate.hashAlgorithm
- The hash algorithm used for both these hashes is
identified in hashAlgorithm.serialNumber
- the serial number of the certificate for which status
is being requested.IllegalArgumentException
- if any of the supplied values is nullpublic CertID(AlgorithmID hashAlgorithm, Name issuerName, PublicKey issuerKey, BigInteger serialNumber) throws NoSuchAlgorithmException
From given issuerName and issuerKey the required hash values (issuerNameHash, issuerKeyHash) are calculated using the given hash algorithm.
hashAlgorithm
- the hash algorithm to be usedissuerName
- the name of the issuer for calculating the issuerNamehashissuerKey
- the issuer key for calculating the issuerKeyHash; the encoding
of the key must give a X.509 PublicKeyInfo
(see PublicKeyInfo
)serialNumber
- the serial number of the certificate for which status
is being requested.NoSuchAlgorithmException
- if the the requested hash algorithm is not supportedIllegalArgumentException
- if any of the supplied values is null or
or the key has a encoding format different from X.509 (PublicKeyInfo)public CertID(AlgorithmID hashAlgorithm, X509Certificate issuerCert, BigInteger serialNumber) throws NoSuchAlgorithmException
From the given issuer certificate the required hash values (issuerNameHash, issuerKeyHash) are calculated using the given hash algorithm.
hashAlgorithm
- the hash algorithm to be usedissuerCert
- the issuer certificateserialNumber
- the serial number of the certificate for which status
is being requested.NoSuchAlgorithmException
- if the the requested hash algorithm is not supportedIllegalArgumentException
- if any of the supplied values is nullpublic CertID(AlgorithmID hashAlgorithm, X509Certificate issuerCert, X509Certificate targetCert) throws NoSuchAlgorithmException
From the given issuer certificate the required hash values (issuerNameHash, issuerKeyHash) are calculated using the given hash algorithm. From the given target certificate the certificate serial number is read.
hashAlgorithm
- the hash algorithm to be usedissuerCert
- the issuer certificatetargetCert
- the certificate for which status is being requestedNoSuchAlgorithmException
- if the the requested hash algorithm is not supportedIllegalArgumentException
- if any of the supplied values is nullpublic CertID(ASN1Object obj) throws CodingException
obj
- the CertID as ASN1ObjectCodingException
- if the ASN1Object has the wrong formatMethod Detail |
public AlgorithmID getHashAlgorithm()
public byte[] getIssuerNameHash()
public byte[] getIssuerKeyHash()
public BigInteger getSerialNumber()
public ASN1Object toASN1Object()
public boolean equals(Object obj)
equals
in class Object
obj
- the other CertIDtrue
, if the two CertIDs are equal, false
otherwisepublic int hashCode()
hashCode
in class Object
public boolean isCertIDFor(Name issuerName, PublicKey issuerKey, BigInteger serialNumber) throws NoSuchAlgorithmException
issuerName
- the name of the certificate issuerissuerKey
- the public key of the certificate issuerserialNumber
- the serial number of the certificate in mindtrue
if the certificate in mind is identified by
this CertID, false
if notpublic String toString()
toString
in class Object
public static byte[] calculateIssuerNameHash(Name issuerName, AlgorithmID hashAlgorithm) throws NoSuchAlgorithmException
issuerName
- the name for which the hash shall be calculatedhashAlgorithm
- the hash algorithm to be usedNoSuchAlgorithmException
- if the requested hash algorithm is not
supportedpublic static byte[] calculateIssuerKeyHash(PublicKey issuerKey, AlgorithmID hashAlgorithm) throws NoSuchAlgorithmException, CodingException
issuerKey
- the public issuer key for which the hash shall be calculated;
the encoding of the key must give a X.509 PublicKeyInfo
(see PublicKeyInfo
)CodingException
- if the key does not give the right encodingNoSuchAlgorithmException
- if the required hash algorithm is not
supported by the installed cryptography providers
|
This Javadoc may contain text parts from Internet Standard specifications (RFC 2459, 3280, 3039, 2560, 1521, 821, 822, 2253, 1319, 1321, ,2630, 2631, 2268, 3058, 2984, 2104, 2144, 2040, 2311, 2279, see copyright note) and RSA Data Security Public-Key Cryptography Standards (PKCS#1,3,5,7,8,9,10,12, see copyright note). | ||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |