AuthorityKeyIdentifier (6.0 API Documentation)

java.lang.Object
- iaik.x509.V3Extension
- - iaik.x509.extensions.AuthorityKeyIdentifier

public class AuthorityKeyIdentifier
extends V3Extension

This class implements the AuthorityKeyIdentifier Extension.

The AuthorityKeyIdentifier extension is a standard X509v3 extension, which MUST NOT be marked as being critical.

Each extension is associated with a specific certificateExtension object identifier, derived from:

 certificateExtension  OBJECT IDENTIFIER ::=
                            {joint-iso-ccitt(2) ds(5) 29}
 id-ce                 OBJECT IDENTIFIER ::=  certificateExtension

The object identifier for the AuthorityKeyIdentifier extension is defined as:

id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 }

which corresponds to the OID string "2.5.29.35".

The X.509 Certificate and CRL profile presented in RFC 3280 specifies the authority key identifier extension for providing a means of identifying the public key corresponding to the private key used to sign a certificate. This extension would be used where an issuer has multiple signing keys (either due to multiple concurrent key pairs or due to changeover). In general, this extension should be included in certificates.

Although the identification can be based on either the key identifier (the subject key identifier in the issuer's certificate) or on the issuer name and serial number, it is recommended to use the key identifier method.

The ASN.1 definition of the AuthorityKeyIdentifier extension is specified as follows:

 AuthorityKeyIdentifier ::= SEQUENCE {
   keyIdentifier             [0] KeyIdentifier           OPTIONAL,
   authorityCertIssuer       [1] GeneralNames            OPTIONAL,
   authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL    }

where:

 KeyIdentifier ::= OCTET STRING
 

 GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
 

 GeneralName ::= CHOICE {
          otherName                       [0]     OtherName,
          rfc822Name                      [1]     IA5String,
          dNSName                         [2]     IA5String,
          x400Address                     [3]     ORAddress,
          directoryName                   [4]     Name,
          ediPartyName                    [5]     EDIPartyName,
          uniformResourceIdentifier       [6]     IA5String,
          iPAddress                       [7]     OCTET STRING,
          registeredID                    [8]     OBJECT IDENTIFIER}
 

 CertificateSerialNumber  ::=  INTEGER

This class provides several methods for setting respectively getting the component values of an AuthorityKeyIdentifier extension object.

For adding an AuthorityKeyIdentifier extension object to a X509Certificate, use the addExtension method of the iaik.x509.X509Certificate class:

 AuthorityKeyIdentifier authorityKeyIdentifier = new AuthorityKeyIdentifier();
 authorityKeyIdentifier.setKeyIdentifier(new byte[] {9,8,7,6,5,4,3,2,1});
 GeneralName generalName = new GeneralName(GeneralName.uniformResourceIdentifier, "http://ca.test.com/");
 authorityKeyIdentifier.setAuthorityCertIssuer(new GeneralNames(generalName));
 authorityKeyIdentifier.setAuthorityCertSerialNumber(new BigInteger("235123512365215"));
 X509Certificate cert = new X509Certificate();
 ...
 cert.addExtension(authorityKeyIdentifier);

Version:: File Revision 28
See Also:: GeneralName, GeneralNames, IA5String, OCTET_STRING, ObjectID, Name, X509Certificate, X509Extensions, V3Extension

Field Summary

Fields
Modifier and Type Field and Description

static ObjectID oid
The object identifier of this AuthorityKeyIdentifier extension.
- Fields inherited from class iaik.x509.V3Extension
  critical

Fields
Modifier and Type	Field and Description
`static ObjectID`	`oid` The object identifier of this AuthorityKeyIdentifier extension.

Constructor Summary

Constructors
Constructor and Description
`AuthorityKeyIdentifier()` Default constructor.
`AuthorityKeyIdentifier(byte[] keyIdentifier)` Create a AuthorityKeyIdentifier with a key identifier.
`AuthorityKeyIdentifier(GeneralNames authorityCertIssuer, java.math.BigInteger authorityCertSerialNumber)` Create a AuthorityKeyIdentifier with issuer and serial number.

Method Summary

Methods
Modifier and Type	Method and Description
`GeneralNames`	`getAuthorityCertIssuer()` Returns the authority cert issuer of this `AuthorityKeyIdentifier` extension.
`java.math.BigInteger`	`getAuthorityCertSerialNumber()` Returns the serial number of this `AuthorityKeyIdentifier` extension.
`byte[]`	`getKeyIdentifier()` Returns the key identifier of this `AuthorityKeyIdentifier` extension.
`ObjectID`	`getObjectID()` Returns the object ID of this `AuthorityKeyIdentifier` extension.
`int`	`hashCode()` Returns a hashcode for this identity.
`void`	`init(ASN1Object obj)` Inits this `AuthorityKeyIdentifier` implementation with an ASN1Object representing the value of this extension.
`void`	`setAuthorityCertIssuer(GeneralNames authorityCertIssuer)` Sets the authority cert issuer of this `AuthorityKeyIdentifier` extension.
`void`	`setAuthorityCertSerialNumber(java.math.BigInteger authorityCertSerialNumber)` Sets the serial number of this `AuthorityKeyIdentifier` extension.
`void`	`setKeyIdentifier(byte[] ki)` Sets the key identifier of this `AuthorityKeyIdentifier` extension.
`ASN1Object`	`toASN1Object()` Returns an ASN1Object representing the value of this `AuthorityKeyIdentifier` extension object.
`java.lang.String`	`toString()` Returns a string that represents the contents of this `AuthorityKeyIdentifier` extension.

Methods inherited from class iaik.x509.V3Extension
getName, isCritical, setCritical

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, notify, notifyAll, wait, wait, wait

- Field Detail
  - oid
```
public static final ObjectID oid
```
    The object identifier of this AuthorityKeyIdentifier extension. The corresponding OID string is "2.5.29.35".
- Constructor Detail
  - AuthorityKeyIdentifier
```
public AuthorityKeyIdentifier()
```
    Default constructor.
    Creates an empty AuthorityKeyIdentifier object. Use setKeyIdentifier, setAuthorityCertIssuer and setAuthorityCertSerialNumber for explicitly setting the corresponding values.
  - AuthorityKeyIdentifier
```
public AuthorityKeyIdentifier(byte[] keyIdentifier)
```
    Create a AuthorityKeyIdentifier with a key identifier.
  - AuthorityKeyIdentifier
```
public AuthorityKeyIdentifier(GeneralNames authorityCertIssuer,
                      java.math.BigInteger authorityCertSerialNumber)
```
    Create a AuthorityKeyIdentifier with issuer and serial number.
- Method Detail
  - getObjectID
```
public ObjectID getObjectID()
```
    Returns the object ID of this AuthorityKeyIdentifier extension.
    
    Specified by:
    
    getObjectID in class V3Extension
    
    Returns:
    the object ID
  - init
```
public void init(ASN1Object obj)
          throws X509ExtensionException
```
    Inits this AuthorityKeyIdentifier implementation with an ASN1Object representing the value of this extension.
    The given ASN1Object represents the key identifier, the authority cert issuer, and the authority cert serial number, all optionally.
    The given ASN1Object is the one created by toASN1Object().
    This method is used by the X509Extensions class when parsing the ASN.1 representation of a certificate for properly initializing an included AuthorityKeyIdentifier extension. This method initializes the extension only with its value, but not with its critical specification. For that reason, this method shall not be explicitly called by an application.
    
    Specified by:
    
    init in class V3Extension
    
    Parameters:
    obj - the AuthorityKeyIdentifier as ASN1Object
    
    Throws:
    
    X509ExtensionException - if the extension could not be parsed
  - toASN1Object
```
public ASN1Object toASN1Object()
                        throws X509ExtensionException
```
    Returns an ASN1Object representing the value of this AuthorityKeyIdentifier extension object.
    The returned ASN1Object is an ASN.1 Sequence representing the key identifier, the authority cert issuer, and the authority cert serial number, all optionally:
```
 AuthorityKeyIdentifier ::= SEQUENCE {
   keyIdentifier             [0] KeyIdentifier           OPTIONAL,
   authorityCertIssuer       [1] GeneralNames            OPTIONAL,
   authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL    }
 
```
    Specified by:
    
    toASN1Object in class V3Extension
    
    Returns:
    the value of this AuthorityKeyIdentifier as ASN1Object
    
    Throws:
    
    X509ExtensionException - if the ASN1Object cannot be created because of an coding error
  - setKeyIdentifier
```
public void setKeyIdentifier(byte[] ki)
```
    Sets the key identifier of this AuthorityKeyIdentifier extension.
    For instance:
```
 AuthorityKeyIdentifier authorityKeyIdentifier = new AuthorityKeyIdentifier();
 authorityKeyIdentifier.setKeyIdentifier(new byte[] {9,8,7,6,5,4,3,2,1});
 
```
    Parameters:
    ki - the key identifier
    See Also:
    getKeyIdentifier()
  - setAuthorityCertIssuer
```
public void setAuthorityCertIssuer(GeneralNames authorityCertIssuer)
```
    Sets the authority cert issuer of this AuthorityKeyIdentifier extension.
    The authority cert issuer is specified by a GeneralNames structure. For instance:
```
 AuthorityKeyIdentifier authorityKeyIdentifier = new AuthorityKeyIdentifier();
 GeneralName generalName = new GeneralName(GeneralName.directoryName, issuerCert.getSubjectDN());
 authorityKeyIdentifier.setAuthorityCertIssuer(new GeneralNames(generalName));
 
```
    Parameters:
    authorityCertIssuer - the authority cert_issuer specified by its GeneralNames
    See Also:
    getAuthorityCertIssuer(), GeneralNames
  - setAuthorityCertSerialNumber
```
public void setAuthorityCertSerialNumber(java.math.BigInteger authorityCertSerialNumber)
```
    Sets the serial number of this AuthorityKeyIdentifier extension.
    For instance:
```
 AuthorityKeyIdentifier authorityKeyIdentifier = new AuthorityKeyIdentifier();
 authorityKeyIdentifier.setAuthorityCertSerialNumber(issuerCert.getSerialNumber());
 
```
    Parameters:
    authorityCertSerialNumber - the serial number
    See Also:
    getAuthorityCertSerialNumber()
  - getKeyIdentifier
```
public byte[] getKeyIdentifier()
```
    Returns the key identifier of this AuthorityKeyIdentifier extension.
    
    Returns:
    the key identifier
    See Also:
    setKeyIdentifier(byte[])
  - getAuthorityCertIssuer
```
public GeneralNames getAuthorityCertIssuer()
```
    Returns the authority cert issuer of this AuthorityKeyIdentifier extension.
    
    Returns:
    the GeneralNames representing the authority cert issuer
    See Also:
    setAuthorityCertIssuer(iaik.asn1.structures.GeneralNames), GeneralNames
  - getAuthorityCertSerialNumber
```
public java.math.BigInteger getAuthorityCertSerialNumber()
```
    Returns the serial number of this AuthorityKeyIdentifier extension.
    
    Returns:
    the serial number
    See Also:
    setAuthorityCertSerialNumber(java.math.BigInteger)
  - hashCode
```
public int hashCode()
```
    Returns a hashcode for this identity.
    
    Specified by:
    
    hashCode in class V3Extension
    
    Returns:
    a hash code for this identity
  - toString
```
public java.lang.String toString()
```
    Returns a string that represents the contents of this AuthorityKeyIdentifier extension.
    
    Overrides:
    
    toString in class java.lang.Object
    
    Returns:
    the string representation

Class AuthorityKeyIdentifier

Field Summary

Fields inherited from class iaik.x509.V3Extension

Constructor Summary

Method Summary

Methods inherited from class iaik.x509.V3Extension

Methods inherited from class java.lang.Object

Field Detail

oid

Constructor Detail

AuthorityKeyIdentifier

AuthorityKeyIdentifier

AuthorityKeyIdentifier

Method Detail

getObjectID

init

toASN1Object

setKeyIdentifier

setAuthorityCertIssuer

setAuthorityCertSerialNumber

getKeyIdentifier

getAuthorityCertIssuer

getAuthorityCertSerialNumber

hashCode

toString