Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD

iaik.x509.ocsp.extensions
Class Nonce

java.lang.Object
  |
  +--iaik.x509.V3Extension
        |
        +--iaik.x509.ocsp.extensions.Nonce
public class Nonce
extends V3Extension

This class implements the OCSP Nonce extension.

As with all OCSP extensions, support of the Nonce extension is optional for client and servers. The critical flag should not be set.

Each OCSP extension is associated with a specific ocsp extension object identifier, derived from RFC 2560: 

 id-pkix  OBJECT IDENTIFIER  ::=
        { iso(1) identified-organization(3) dod(6) internet(1)
          security(5) mechanisms(5) pkix(7) }

 id-ad OBJECT IDENTIFIER ::= { id-pkix 48 }       
        -- arc for access descriptors

 id-ad-ocsp      OBJECT IDENTIFIER ::= { id-ad 1 }
 
 id-pkix-ocsp    OBJECT IDENTIFIER ::= { id-ad-ocsp }
The object identifier for the Nonce extension is defined as: 
 id-pkix-ocsp-nonce           OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 }
which corresponds to the OID string "1.3.6.1.5.5.7.48.1.2".

The Online Certificate Status Protocol (RFC 2560) specifies the Nonce extension for cryptographically binding a request and a response to prevent replay attacks. The nonce is included as one of the requestExtensions in an OCSPRequest, while in responses it would be included as one of the responseExtensions. The extnValue is the value of the nonce.

For adding a Nonce extension object to a request or reponse, use the addExtension, e.g.: 

 byte[] value = ...;
 Nonce nonce = new Nonce(value);
 ocspRequest.addExtension(nonce);
respectively: 
 Nonce nonce = (Nonce)ocspRequest.getExtension(Nonce.oid);
 basicOCSPResponse.addExtension(nonce);

Version:
File Revision 8
See Also:
OCSPRequest, BasicOCSPResponse, V3Extension, X509Extensions

Field Summary
static ObjectID oid
          The object identifier of this Nonce extension.
 
Fields inherited from class iaik.x509.V3Extension
critical
 
Constructor Summary
Nonce()
          Default constructor.
Nonce(byte[] value)
          Creates a Nonce extension for the given value.
 
Method Summary
 ObjectID getObjectID()
          Returns the object ID of this Nonce extension
 byte[] getValue()
          Returns the nonce value.
 int hashCode()
          Returns a hashcode for this identity.
 void init(ASN1Object obj)
          Inits this Nonce implementation with an ASN1object representing the value of this extension.
 void setValue(byte[] value)
          Sets the nonce value.
 ASN1Object toASN1Object()
          Returns an ASN1Object representing the value of this Nonce extension.
 String toString()
          Returns a string that represents the contents of this Nonce extension.
 
Methods inherited from class iaik.x509.V3Extension
getName, isCritical, setCritical
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, notify, notifyAll, wait, wait, wait
 

Field Detail

oid

public static final ObjectID oid
The object identifier of this Nonce extension. The corresponding OID string is "1.3.6.1.5.5.7.48.1.2".
Constructor Detail

Nonce

public Nonce()
Default constructor. Creates an empty Nonce object. Use method setValue for setting the nonce value.

Nonce

public Nonce(byte[] value)
Creates a Nonce extension for the given value.
Parameters:
value - the nonce value
Method Detail

getObjectID

public ObjectID getObjectID()
Returns the object ID of this Nonce extension
Overrides:
getObjectID in class V3Extension
Returns:
the object ID

init

public void init(ASN1Object obj)
Inits this Nonce implementation with an ASN1object representing the value of this extension.

The given ASN1Object is the one created by toASN1Object().

This method is used by the X509Extensions class when parsing the ASN.1 representation of a OCSP object for properly initializing an included Nonce extension. This method initializes the extension only with its value, but not with its critical specification. For that reason, this method shall not be explicitly called by an application.

Overrides:
init in class V3Extension
Parameters:
obj - the Nonce as ASN1Object (OCTET STRING)

toASN1Object

public ASN1Object toASN1Object()
Returns an ASN1Object representing the value of this Nonce extension.

Overrides:
toASN1Object in class V3Extension
Returns:
the value of this Nonce as ASN1Object (OCTET STRING)

setValue

public void setValue(byte[] value)
Sets the nonce value.

getValue

public byte[] getValue()
Returns the nonce value.
Returns:
the nonce value, as byte array

hashCode

public int hashCode()
Returns a hashcode for this identity.
Overrides:
hashCode in class V3Extension
Returns:
a hash code for this identity

toString

public String toString()
Returns a string that represents the contents of this Nonce extension.
Overrides:
toString in class Object
Returns:
the string representation
Overview  Package   Class  Tree  Deprecated  Index  Help 
This Javadoc may contain text parts from Internet Standard specifications (RFC 2459, 3280, 3039, 2560, 1521, 821, 822, 2253, 1319, 1321, ,2630, 2631, 2268, 3058, 2984, 2104, 2144, 2040, 2311, 2279, see copyright note) and RSA Data Security Public-Key Cryptography Standards (PKCS#1,3,5,7,8,9,10,12, see copyright note).
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD
IAIK-JCE 3.1 with IAIK-JCE CC Core 3.1, (c) 1997-2004 IAIK