|
6.0 (c) 2002 IAIK, (c) 2003 - 2022 SIC |
|
public class CertID
extends java.lang.Object
CertID.
The X.509 Online Certificate Status Protocol ( RFC 2560), RFC 6960) specifies the CertID type for being used to indicate the certificate for which revocation status information is requested.
CertID ::= SEQUENCE {
hashAlgorithm AlgorithmIdentifier,
issuerNameHash OCTET STRING, -- Hash of Issuer's DN
issuerKeyHash OCTET STRING, -- Hash of Issuers public key
serialNumber CertificateSerialNumber }
The primary reason to use the hash of the CA's public key in addition to the hash of the CA's name, to identify the issuer, is that it is possible that two CAs may choose to use the same Name (uniqueness in the Name is a recommendation that cannot be enforced). Two CAs will never, however, have the same public key unless the CAs either explicitly decided to share their private key, or the key of one of the CAs was compromised.
When creating a CertID object you may calculate issuer name and key values
yourself or let
class CertID calculate
it for you, e.g.:
AlgorithmID hashAlgorithm = AlgorithmID.sha1; Name issuerName = ...; PublicKey issuerKey = ...; BigInteger serialNumber = certificate.getSerialNumber(); CertID certID = new CertID(hashAlgorithm, issuerName, issuerKey, serialNumber);
| Constructor and Description |
|---|
CertID(AlgorithmID hashAlgorithm,
byte[] issuerNameHash,
byte[] issuerKeyHash,
java.math.BigInteger serialNumber)
Creates a new CertID from hashAlgorithm, issuerNameHash, issuerKeyHash and
serial number.
|
CertID(AlgorithmID hashAlgorithm,
Name issuerName,
java.security.PublicKey issuerKey,
java.math.BigInteger serialNumber)
Creates a new CertID from hashAlgorithm, issuerName, issuerKey and
serial number.
|
CertID(AlgorithmID hashAlgorithm,
X509Certificate issuerCert,
java.math.BigInteger serialNumber)
Creates a new CertID from hashAlgorithm, issuer certificate and
target certificate serial number.
|
CertID(AlgorithmID hashAlgorithm,
X509Certificate issuerCert,
X509Certificate targetCert)
Creates a new CertID from hashAlgorithm, issuer certificate and
target certificate.
|
CertID(ASN1Object obj)
Creates CertID from an ASN1Object.
|
| Modifier and Type | Method and Description |
|---|---|
static byte[] |
calculateIssuerKeyHash(java.security.PublicKey issuerKey,
AlgorithmID hashAlgorithm)
Calculets the issuerKeyHash from the given public key.
|
static byte[] |
calculateIssuerNameHash(Name issuerName,
AlgorithmID hashAlgorithm)
Calculates a SHA hash from the supplied issuer Name.
|
boolean |
equals(java.lang.Object obj)
Compares this CertID with the given CertID.
|
AlgorithmID |
getHashAlgorithm()
Returns the hashAlgorithm.
|
byte[] |
getIssuerKeyHash()
Returns the issuerKeyHash.
|
byte[] |
getIssuerNameHash()
Returns the issuerNameHash.
|
java.math.BigInteger |
getSerialNumber()
Returns the serialNumber.
|
int |
hashCode()
Returns a hash code value for this object.
|
boolean |
isCertIDFor(Name issuerName,
java.security.PublicKey issuerKey,
java.math.BigInteger serialNumber)
Checks if this is a CertID for a certificate identified by the given
issuer name and key, and serialNumber.
|
ASN1Object |
toASN1Object()
Returns this CertID as an ASN1Object.
|
java.lang.String |
toString()
Returns a String representation of this CertID.
|
public CertID(AlgorithmID hashAlgorithm, byte[] issuerNameHash, byte[] issuerKeyHash, java.math.BigInteger serialNumber)
issuerNameHash - is the hash of the Issuer's distinguished
name. The hash shall be calculated over the DER encoding of
the issuer's name field in the certificate being checked.issuerKeyHash - is the hash of the Issuer's public key. The hash
shall be calculated over the value (excluding tag and length)
of the subject public key field in the issuer's certificate.hashAlgorithm - The hash algorithm used for both these hashes is
identified in hashAlgorithm.serialNumber - the serial number of the certificate for which status
is being requested.java.lang.IllegalArgumentException - if any of the supplied values is nullpublic CertID(AlgorithmID hashAlgorithm, Name issuerName, java.security.PublicKey issuerKey, java.math.BigInteger serialNumber) throws java.security.NoSuchAlgorithmException
From given issuerName and issuerKey the required hash values (issuerNameHash, issuerKeyHash) are calculated using the given hash algorithm.
hashAlgorithm - the hash algorithm to be usedissuerName - the name of the issuer for calculating the issuerNamehashissuerKey - the issuer key for calculating the issuerKeyHash; the encoding
of the key must give a X.509 PublicKeyInfo
(see PublicKeyInfo)serialNumber - the serial number of the certificate for which status
is being requested.java.security.NoSuchAlgorithmException - if the the requested hash algorithm is not supportedjava.lang.IllegalArgumentException - if any of the supplied values is null or
or the key has a encoding format different from X.509 (PublicKeyInfo)public CertID(AlgorithmID hashAlgorithm, X509Certificate issuerCert, java.math.BigInteger serialNumber) throws java.security.NoSuchAlgorithmException
From the given issuer certificate the required hash values (issuerNameHash, issuerKeyHash) are calculated using the given hash algorithm.
hashAlgorithm - the hash algorithm to be usedissuerCert - the issuer certificateserialNumber - the serial number of the certificate for which status
is being requested.java.security.NoSuchAlgorithmException - if the the requested hash algorithm is not supportedjava.lang.IllegalArgumentException - if any of the supplied values is nullpublic CertID(AlgorithmID hashAlgorithm, X509Certificate issuerCert, X509Certificate targetCert) throws java.security.NoSuchAlgorithmException
From the given issuer certificate the required hash values (issuerNameHash, issuerKeyHash) are calculated using the given hash algorithm. From the given target certificate the certificate serial number is read.
hashAlgorithm - the hash algorithm to be usedissuerCert - the issuer certificatetargetCert - the certificate for which status is being requestedjava.security.NoSuchAlgorithmException - if the the requested hash algorithm is not supportedjava.lang.IllegalArgumentException - if any of the supplied values is nullpublic CertID(ASN1Object obj) throws CodingException
obj - the CertID as ASN1ObjectCodingException - if the ASN1Object has the wrong formatpublic AlgorithmID getHashAlgorithm()
public byte[] getIssuerNameHash()
public byte[] getIssuerKeyHash()
public java.math.BigInteger getSerialNumber()
public ASN1Object toASN1Object()
public boolean equals(java.lang.Object obj)
equals in class java.lang.Objectobj - the other CertIDtrue, if the two CertIDs are equal, false otherwisepublic int hashCode()
hashCode in class java.lang.Objectpublic boolean isCertIDFor(Name issuerName, java.security.PublicKey issuerKey, java.math.BigInteger serialNumber) throws java.security.NoSuchAlgorithmException
issuerName - the name of the certificate issuerissuerKey - the public key of the certificate issuerserialNumber - the serial number of the certificate in mindtrue if the certificate in mind is identified by
this CertID, false if notjava.security.NoSuchAlgorithmExceptionpublic java.lang.String toString()
toString in class java.lang.Objectpublic static byte[] calculateIssuerNameHash(Name issuerName, AlgorithmID hashAlgorithm) throws java.security.NoSuchAlgorithmException
issuerName - the name for which the hash shall be calculatedhashAlgorithm - the hash algorithm to be usedjava.security.NoSuchAlgorithmException - if the requested hash algorithm is not
supportedpublic static byte[] calculateIssuerKeyHash(java.security.PublicKey issuerKey,
AlgorithmID hashAlgorithm)
throws java.security.NoSuchAlgorithmException,
CodingException
issuerKey - the public issuer key for which the hash shall be calculated;
the encoding of the key must give a X.509 PublicKeyInfo
(see PublicKeyInfo)CodingException - if the key does not give the right encodingjava.security.NoSuchAlgorithmException - if the required hash algorithm is not
supported by the installed cryptography providers