iaik.x509.ocsp
Class CertID

java.lang.Object
  |
  +--iaik.x509.ocsp.CertID

public class CertID
extends Object

This class implements OCSP type CertID.

The X.509 Online Certificate Status Protocol (RFC 2560) specifies the CertID type for being used to indicate the certificate for which revocation status information is requested.

 CertID ::= SEQUENCE {
   hashAlgorithm      AlgorithmIdentifier,
   issuerNameHash     OCTET STRING, -- Hash of Issuer's DN
   issuerKeyHash      OCTET STRING, -- Hash of Issuers public key
   serialNumber       CertificateSerialNumber }                      
 

The primary reason to use the hash of the CA's public key in addition to the hash of the CA's name, to identify the issuer, is that it is possible that two CAs may choose to use the same Name (uniqueness in the Name is a recommendation that cannot be enforced). Two CAs will never, however, have the same public key unless the CAs either explicitly decided to share their private key, or the key of one of the CAs was compromised.

When creating a CertID object you may calculate issuer name and key values yourself or let class CertID calculate it for you, e.g.:

 AlgorithmID hashAlgorithm = AlgorithmID.sha1;
 Name issuerName = ...;
 PublicKey issuerKey = ...;
 BigInteger serialNumber = certificate.getSerialNumber();
 CertID certID = new CertID(hashAlgorithm, issuerName, issuerKey, serialNumber);
 

Version:
File Revision 10

Constructor Summary
CertID(AlgorithmID hashAlgorithm, byte[] issuerNameHash, byte[] issuerKeyHash, BigInteger serialNumber)
          Creates a new CertID from hashAlgorithm, issuerNameHash, issuerKeyHash and serial number.
CertID(AlgorithmID hashAlgorithm, Name issuerName, PublicKey issuerKey, BigInteger serialNumber)
          Creates a new CertID from hashAlgorithm, issuerName, issuerKey and serial number.
CertID(AlgorithmID hashAlgorithm, X509Certificate issuerCert, BigInteger serialNumber)
          Creates a new CertID from hashAlgorithm, issuer certificate and target certificate serial number.
CertID(AlgorithmID hashAlgorithm, X509Certificate issuerCert, X509Certificate targetCert)
          Creates a new CertID from hashAlgorithm, issuer certificate and target certificate.
CertID(ASN1Object obj)
          Creates CertID from an ASN1Object.
 
Method Summary
static byte[] calculateIssuerKeyHash(PublicKey issuerKey, AlgorithmID hashAlgorithm)
          Calculets the issuerKeyHash from the given public key.
static byte[] calculateIssuerNameHash(Name issuerName, AlgorithmID hashAlgorithm)
          Calculates a SHA hash from the supplied issuer Name.
 boolean equals(Object obj)
          Compares this CertID with the given CertID.
 AlgorithmID getHashAlgorithm()
          Returns the hashAlgorithm.
 byte[] getIssuerKeyHash()
          Returns the issuerKeyHash.
 byte[] getIssuerNameHash()
          Returns the issuerNameHash.
 BigInteger getSerialNumber()
          Returns the serialNumber.
 int hashCode()
          Returns a hash code value for this object.
 boolean isCertIDFor(Name issuerName, PublicKey issuerKey, BigInteger serialNumber)
          Checks if this is a CertID for a certificate identified by the given issuer name and key, and serialNumber.
 ASN1Object toASN1Object()
          Returns this CertID as an ASN1Object.
 String toString()
          Returns a String representation of this CertID.
 
Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, wait
 

Constructor Detail

CertID

public CertID(AlgorithmID hashAlgorithm,
              byte[] issuerNameHash,
              byte[] issuerKeyHash,
              BigInteger serialNumber)
Creates a new CertID from hashAlgorithm, issuerNameHash, issuerKeyHash and serial number.
Parameters:
issuerNameHash - is the hash of the Issuer's distinguished name. The hash shall be calculated over the DER encoding of the issuer's name field in the certificate being checked.
issuerKeyHash - is the hash of the Issuer's public key. The hash shall be calculated over the value (excluding tag and length) of the subject public key field in the issuer's certificate.
hashAlgorithm - The hash algorithm used for both these hashes is identified in hashAlgorithm.
serialNumber - the serial number of the certificate for which status is being requested.
Throws:
IllegalArgumentException - if any of the supplied values is null

CertID

public CertID(AlgorithmID hashAlgorithm,
              Name issuerName,
              PublicKey issuerKey,
              BigInteger serialNumber)
       throws NoSuchAlgorithmException
Creates a new CertID from hashAlgorithm, issuerName, issuerKey and serial number.

From given issuerName and issuerKey the required hash values (issuerNameHash, issuerKeyHash) are calculated using the given hash algorithm.

Parameters:
hashAlgorithm - the hash algorithm to be used
issuerName - the name of the issuer for calculating the issuerNamehash
issuerKey - the issuer key for calculating the issuerKeyHash; the encoding of the key must give a X.509 PublicKeyInfo (see PublicKeyInfo)
serialNumber - the serial number of the certificate for which status is being requested.
Throws:
NoSuchAlgorithmException - if the the requested hash algorithm is not supported
IllegalArgumentException - if any of the supplied values is null or or the key has a encoding format different from X.509 (PublicKeyInfo)

CertID

public CertID(AlgorithmID hashAlgorithm,
              X509Certificate issuerCert,
              BigInteger serialNumber)
       throws NoSuchAlgorithmException
Creates a new CertID from hashAlgorithm, issuer certificate and target certificate serial number.

From the given issuer certificate the required hash values (issuerNameHash, issuerKeyHash) are calculated using the given hash algorithm.

Parameters:
hashAlgorithm - the hash algorithm to be used
issuerCert - the issuer certificate
serialNumber - the serial number of the certificate for which status is being requested.
Throws:
NoSuchAlgorithmException - if the the requested hash algorithm is not supported
IllegalArgumentException - if any of the supplied values is null

CertID

public CertID(AlgorithmID hashAlgorithm,
              X509Certificate issuerCert,
              X509Certificate targetCert)
       throws NoSuchAlgorithmException
Creates a new CertID from hashAlgorithm, issuer certificate and target certificate.

From the given issuer certificate the required hash values (issuerNameHash, issuerKeyHash) are calculated using the given hash algorithm. From the given target certificate the certificate serial number is read.

Parameters:
hashAlgorithm - the hash algorithm to be used
issuerCert - the issuer certificate
targetCert - the certificate for which status is being requested
Throws:
NoSuchAlgorithmException - if the the requested hash algorithm is not supported
IllegalArgumentException - if any of the supplied values is null

CertID

public CertID(ASN1Object obj)
       throws CodingException
Creates CertID from an ASN1Object.
Parameters:
obj - the CertID as ASN1Object
Throws:
CodingException - if the ASN1Object has the wrong format
Method Detail

getHashAlgorithm

public AlgorithmID getHashAlgorithm()
Returns the hashAlgorithm.
Returns:
the hash algorithm

getIssuerNameHash

public byte[] getIssuerNameHash()
Returns the issuerNameHash.
Returns:
the issuerNameHash.

getIssuerKeyHash

public byte[] getIssuerKeyHash()
Returns the issuerKeyHash.
Returns:
the issuerKeyHash.

getSerialNumber

public BigInteger getSerialNumber()
Returns the serialNumber.

toASN1Object

public ASN1Object toASN1Object()
Returns this CertID as an ASN1Object.
Returns:
this CertID as ASN1Object

equals

public boolean equals(Object obj)
Compares this CertID with the given CertID.
Overrides:
equals in class Object
Parameters:
obj - the other CertID
Returns:
true, if the two CertIDs are equal, false otherwise

hashCode

public int hashCode()
Returns a hash code value for this object.
Overrides:
hashCode in class Object
Returns:
a hash code value for this object

isCertIDFor

public boolean isCertIDFor(Name issuerName,
                           PublicKey issuerKey,
                           BigInteger serialNumber)
                    throws NoSuchAlgorithmException
Checks if this is a CertID for a certificate identified by the given issuer name and key, and serialNumber.
Parameters:
issuerName - the name of the certificate issuer
issuerKey - the public key of the certificate issuer
serialNumber - the serial number of the certificate in mind
Returns:
true if the certificate in mind is identified by this CertID, false if not

toString

public String toString()
Returns a String representation of this CertID.
Overrides:
toString in class Object
Returns:
a String representation

calculateIssuerNameHash

public static byte[] calculateIssuerNameHash(Name issuerName,
                                             AlgorithmID hashAlgorithm)
                                      throws NoSuchAlgorithmException
Calculates a SHA hash from the supplied issuer Name.
Parameters:
issuerName - the name for which the hash shall be calculated
hashAlgorithm - the hash algorithm to be used
Returns:
the hash value
Throws:
NoSuchAlgorithmException - if the requested hash algorithm is not supported

calculateIssuerKeyHash

public static byte[] calculateIssuerKeyHash(PublicKey issuerKey,
                                            AlgorithmID hashAlgorithm)
                                     throws NoSuchAlgorithmException,
                                            CodingException
Calculets the issuerKeyHash from the given public key. The hash is calcualted of the value of the BIT STRING publicKeyInfo (excluding the tag, length).

Parameters:
issuerKey - the public issuer key for which the hash shall be calculated; the encoding of the key must give a X.509 PublicKeyInfo (see PublicKeyInfo)
Throws:
CodingException - if the key does not give the right encoding
NoSuchAlgorithmException - if the required hash algorithm is not supported by the installed cryptography providers

This Javadoc may contain text parts from Internet Standard specifications (RFC 2459, 3280, 3039, 2560, 1521, 821, 822, 2253, 1319, 1321, ,2630, 2631, 2268, 3058, 2984, 2104, 2144, 2040, 2311, 2279, see copyright note) and RSA Data Security Public-Key Cryptography Standards (PKCS#1,3,5,7,8,9,10,12, see copyright note).

IAIK-JCE 3.1 with IAIK-JCE CC Core 3.1, (c) 1997-2004 IAIK