ObjectDigestInfo (6.0 API Documentation)

java.lang.Object
- iaik.x509.attr.ObjectDigestInfo

public class ObjectDigestInfo
extends java.lang.Object

This class implements the AC type ObjectDigestInfo.

The Internet Attribute Certificate Profile for Authorization (RFC 5755) specifies the ObjectDigestInfo type as an option for identifying the holder or issuer of an attribute certificate by an digest calculated from an object (public key, certificate, or some other) the attribute certificate shall be linked to (see RFC 5755):

 ObjectDigestInfo ::= SEQUENCE {
   digestedObjectType  ENUMERATED {
           publicKey            (0),
           publicKeyCert        (1),
           otherObjectTypes     (2) },
                     -- otherObjectTypes MUST NOT
                     -- be used in this profile
   otherObjectTypeID   OBJECT IDENTIFIER OPTIONAL,
   digestAlgorithm     AlgorithmIdentifier,
   objectDigest        BIT STRING
 }

When used for representing the Holder of an attribute certificate, the object digest maybe calculated from a public key or certificate or some other object type identified by its OID (see RFC 5755 for more information:

 The idea is to link the AC to an object by placing a hash of that
 object into the holder field of the AC. For example, this allows
 production of ACs that are linked to public keys rather than names.
 
 Holder ::= SEQUENCE {
    baseCertificateID   [0] IssuerSerial OPTIONAL,
                        -- the issuer and serial number of
                        -- the holder's Public Key Certificate
    entityName          [1] GeneralNames OPTIONAL,
                        -- the name of the claimant or role
    objectDigestInfo    [2] ObjectDigestInfo OPTIONAL
                        -- used to directly authenticate the holder,
                        -- for example, an executable
 }

When creating an ObjectDigestInfo object you may specify object type, digest algorithm and digest value or let this class calculate the objectDigest value for a ObjectDigestInfo of type publicKey or publicKeyCert:

 // the public key to which to link the AC:
 PublicKey publicKey = ...;
 // the digest algorithm to use
 AlgorithmID digestAlgorithm = ...;
 ObjectDigestInfo odi = new ObjectDigestInfo(publicKey, digestAlgorithm);

respectively

 // the cert to which to link the AC:
 X509Certificate cert = ...;
 // the digest algorithm to use
 AlgorithmID digestAlgorithm = ...;
 ObjectDigestInfo odi = new ObjectDigestInfo(cert, digestAlgorithm);

According to RFC 5755 the ObjectDigestInfo option may be used for representing the Holder of an attribute certificate option but shall not be used for representing the issuer of an attribute certificate:

 AttCertIssuer ::= CHOICE {
    v1Form   GeneralNames,  -- MUST NOT be used in this
                            -- profile
    v2Form   [0] V2Form     -- v2 only
 }
 
 
 V2Form ::= SEQUENCE {
   issuerName            GeneralNames  OPTIONAL,
   baseCertificateID     [0] IssuerSerial  OPTIONAL,
   objectDigestInfo      [1] ObjectDigestInfo  OPTIONAL
           -- issuerName MUST be present in this profile
           -- baseCertificateID and objectDigestInfo MUST NOT
           -- be present in this profile
 }
 
 ACs conforming to this profile MUST use the v2Form choice, which MUST
 contain one and only one GeneralName in the issuerName, which MUST
 contain a non-empty distinguished name in the directoryName field.
 This means that all AC issuers MUST have non-empty distinguished
 names.  ACs conforming to this profile MUST omit the
 baseCertificateID and objectDigestInfo fields.

Version:: File Revision 14
See Also:: Holder, V2Form

Field Summary

Fields
Modifier and Type	Field and Description
`static int`	`OTHER_OBJECT_TYPES` ObjectDigestInfo Type otherObjectTypes (2).
`static int`	`PUBLIC_KEY` ObjectDigestInfo Type publicKey (0).
`static int`	`PUBLIC_KEY_CERT` ObjectDigestInfo Type publicKeyCert (1).

Constructor Summary

Constructors
Constructor and Description
`ObjectDigestInfo(ASN1Object obj)` Creates and decodes an ObjectDigestInfo from its ASN.1 representation.
`ObjectDigestInfo(int objectType, AlgorithmID digestAlgorithm, byte[] digestValue, ObjectID otherObjectTypeID)` Creates an ObjectDigestInfo for the given digest value.
`ObjectDigestInfo(java.security.PublicKey publicKey, AlgorithmID digestAlgorithm)` Creates an `publicKey` ObjectDigestInfo for the given public key.
`ObjectDigestInfo(java.security.cert.X509Certificate cert, AlgorithmID digestAlgorithm)` Creates an `publicKeyCert` ObjectDigestInfo for the given certificate.

Method Summary

Methods
Modifier and Type	Method and Description
`static byte[]`	`calculateDigest(byte[] value, AlgorithmID digestAlgorithm)` Calcualtes a digest of the given value using the given digest algorithm.
`boolean`	`equals(java.lang.Object obj)` Compares this `ObjectDigestInfo` to the specified object.
`AlgorithmID`	`getDigestAlgorithm()` Returns the digest algorithm.
`byte[]`	`getObjectDigest()` Returns the object digest value.
`int`	`getObjectType()` Returns the object type this class represents.
`java.lang.String`	`getObjectTypeName()` Returns the name of the object type this class represents.
`ObjectID`	`getOtherObjectTypeID()` Returns the otherObjectTypeID, if set.
`int`	`hashCode()` Returns a hashcode for this ObjectDigestInfo.
`boolean`	`identifiesCert(java.security.cert.X509Certificate cert)` Checks if this ObjectDigestInfo identifies the given certificate.
`boolean`	`identifiesKey(java.security.PublicKey publicKey)` Checks if this ObjectDigestInfo identifies the given public key.
`ASN1Object`	`toASN1Object()` Returns this ObjectDigestInfo as ASN1Object.
`java.lang.String`	`toString()` Returns a string giving some information about this `ObjectDigestInfo` object.

Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, wait

- Field Detail
  - PUBLIC_KEY
```
public static final int PUBLIC_KEY
```
    ObjectDigestInfo Type publicKey (0).
    
    See Also:
    Constant Field Values
  - PUBLIC_KEY_CERT
```
public static final int PUBLIC_KEY_CERT
```
    ObjectDigestInfo Type publicKeyCert (1).
    
    See Also:
    Constant Field Values
  - OTHER_OBJECT_TYPES
```
public static final int OTHER_OBJECT_TYPES
```
    ObjectDigestInfo Type otherObjectTypes (2). This type must not be used. If used the type has to be supplied by an object identifier.
    
    See Also:
    Constant Field Values
- Constructor Detail
  - ObjectDigestInfo
```
public ObjectDigestInfo(int objectType,
                AlgorithmID digestAlgorithm,
                byte[] digestValue,
                ObjectID otherObjectTypeID)
```
    Creates an ObjectDigestInfo for the given digest value.
    If objectType is otherObjectTypes (i.e. not publicKey or publicKeyCert), otherObjectTypeID must be supplied, otherwise it is ignored (may be null.
    
    Parameters:
    objectType - the object type identifying the object over which the digest is calculated
    digestAlgorithm - the digest algorithm used for digest calculation
    digestValue - the (already computed) object digest value
    otherObjectTypeID - the OID identifying the object type, if not publicKey or publicKeyCert
  - ObjectDigestInfo
```
public ObjectDigestInfo(java.security.PublicKey publicKey,
                AlgorithmID digestAlgorithm)
                 throws java.security.NoSuchAlgorithmException
```
    Creates an publicKey ObjectDigestInfo for the given public key.
    If objectType is set to publicKey (0).
    Since the digest is calculated over the DER encoding of the X.509 SubjectPublicKeyInfo representation of the key, be aware that a DSA key has to include the DSS parameters which may be inherited from the CA's certificate.
    
    Parameters:
    publicKey - the public key to be digested
    digestAlgorithm - the digest algorithm to be used for digest calculation
    
    Throws:
    
    java.security.NoSuchAlgorithmException - if the requested digest algorithm is not supported
  - ObjectDigestInfo
```
public ObjectDigestInfo(java.security.cert.X509Certificate cert,
                AlgorithmID digestAlgorithm)
                 throws java.security.NoSuchAlgorithmException,
                        java.security.cert.CertificateEncodingException
```
    Creates an publicKeyCert ObjectDigestInfo for the given certificate.
    If objectType is set to publicKeyCert (1).
    
    Parameters:
    cert - the certificate to be digested
    digestAlgorithm - the digest algorithm to be used for digest calculation
    
    Throws:
    
    java.security.NoSuchAlgorithmException - if the requested digest algorithm is not supported
    
    java.security.cert.CertificateEncodingException
  - ObjectDigestInfo
```
public ObjectDigestInfo(ASN1Object obj)
                 throws CodingException
```
    Creates and decodes an ObjectDigestInfo from its ASN.1 representation.
    
    Parameters:
    obj - the ObjectDigestInfo as ASN.1 object
    
    Throws:
    
    CodingException - if an decoding/parsing error occurs or the the information contained is not appropriate for an ObjectDigestInfo
- Method Detail
  - calculateDigest
```
public static byte[] calculateDigest(byte[] value,
                     AlgorithmID digestAlgorithm)
                              throws java.security.NoSuchAlgorithmException
```
    Calcualtes a digest of the given value using the given digest algorithm.
    
    Parameters:
    value - the value to be digested
    digestAlgorithm - the digest algorithm to be used
    
    Returns:
    the digest value
    
    Throws:
    
    java.security.NoSuchAlgorithmException
  - getObjectType
```
public int getObjectType()
```
    Returns the object type this class represents.
    
    Returns:
    the object type, 0 (publicKey), 1 (publicKeyCert), or 2 (otherObjectTypes)
  - getObjectTypeName
```
public java.lang.String getObjectTypeName()
```
    Returns the name of the object type this class represents.
    
    Returns:
    the object type name, "publicKey" (0), "publicKeyCert" (1), "otherObjectTypes" (2),
  - getOtherObjectTypeID
```
public ObjectID getOtherObjectTypeID()
```
    Returns the otherObjectTypeID, if set. This method only may be called for identifying the object type by its OID if the object type is otherObjectTypes (i.e. not publicKey or publicKeyCert):
```
 if (objectDigestInfo.getObjectType() == ObjectDigestInfo.OTHER_OBJECT_TYPES) {
   ObjectID otherObjectTypeID = objectDigestInfo.getOtherObjectTypeID();
   ...
 }
 
```
    Returns:
    the other object type OID, if object type is otherObjectTypes (i.e. not publicKey or publicKeyCert)
  - getDigestAlgorithm
```
public AlgorithmID getDigestAlgorithm()
```
    Returns the digest algorithm.
    
    Returns:
    the digest algorithm
  - getObjectDigest
```
public byte[] getObjectDigest()
```
    Returns the object digest value.
    
    Returns:
    the object digest value.
  - equals
```
public boolean equals(java.lang.Object obj)
```
    Compares this ObjectDigestInfo to the specified object.
    
    Overrides:
    
    equals in class java.lang.Object
    
    Parameters:
    obj - the object to compare this ObjectDigestInfo against.
    
    Returns:
    true, if the given object is equal to this ObjectDigestInfo, false otherwise
  - hashCode
```
public int hashCode()
```
    Returns a hashcode for this ObjectDigestInfo.
    
    Overrides:
    
    hashCode in class java.lang.Object
    
    Returns:
    a hashcode for this ObjectDigestInfo
  - toASN1Object
```
public ASN1Object toASN1Object()
```
    Returns this ObjectDigestInfo as ASN1Object.
    
    Returns:
    this ObjectDigestInfo as ASN1Object
  - identifiesCert
```
public boolean identifiesCert(java.security.cert.X509Certificate cert)
                       throws java.security.NoSuchAlgorithmException,
                              java.security.cert.CertificateEncodingException
```
    Checks if this ObjectDigestInfo identifies the given certificate.
    This method only may be used if this ObjectDigestInfo has type PUBLIC_KEY (0).
    
    Parameters:
    cert - the certificate to be checked
    
    Returns:
    true if this ObjectDigestInfo has type PUBLIC_KEY_CERT and the digest calculated from the certificate encoding matches to the one of this ObjectDigestInfo, false if not
    
    Throws:
    
    java.security.NoSuchAlgorithmException - if the digest algorithm used is not supported
    
    java.security.cert.CertificateEncodingException - if an error occurs while encoding the certificate required for digest calculation
  - identifiesKey
```
public boolean identifiesKey(java.security.PublicKey publicKey)
                      throws java.security.NoSuchAlgorithmException
```
    Checks if this ObjectDigestInfo identifies the given public key.
    This method only may be used if this ObjectDigestInfo has type PUBLIC_KEY (0).
    
    Parameters:
    publicKey - the public key to be checked
    
    Returns:
    true if this ObjectDigestInfo has type PUBLIC_KEY_CERT and the digest calculated from the public key encoding matches to the one of this ObjectDigestInfo, false if not
    
    Throws:
    
    java.security.NoSuchAlgorithmException - if the digest algorithm used is not supported
  - toString
```
public java.lang.String toString()
```
    Returns a string giving some information about this ObjectDigestInfo object.
    
    Overrides:
    
    toString in class java.lang.Object
    
    Returns:
    the string representation

Class ObjectDigestInfo

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

PUBLIC_KEY

PUBLIC_KEY_CERT

OTHER_OBJECT_TYPES

Constructor Detail

ObjectDigestInfo

ObjectDigestInfo

ObjectDigestInfo

ObjectDigestInfo

Method Detail

calculateDigest

getObjectType

getObjectTypeName

getOtherObjectTypeID

getDigestAlgorithm

getObjectDigest

equals

hashCode

toASN1Object

identifiesCert

identifiesKey

toString