CertHash (6.0 API Documentation)

java.lang.Object
- iaik.x509.V3Extension
- - iaik.x509.ocsp.extensions.commonpki.CertHash

```
public class CertHash
extends V3Extension
```
This class implements the OCSP CertHash extension as defined by the German Common PKI Profile.
Support of the CertHash extension is optional. The critical flag should not be set.
Each OCSP extension is associated with a specific ocsp extension object identifier. The object identifier for the CertHash extension is derived from the Common PKI object identifier:
```
 id-commonpki OBJECT IDENTIFIER ::= {1 3 36 8 }
 
 id-commonpki-at OBJECT IDENTIFIER ::= {id-commonpki 3}

 
```
The object identifier for the CertHash extension is defined as:
```
 id-commonpki-at-certHash OBJECT IDENTIFIER ::= {id-commonpki-at 13}
 
```
which corresponds to the OID string "1.3.36.8.3.13".
The Common PKI Profile (formally ISIS-MTT) specifies the CertHash extension as SingleResponse extension for allowing a responder to provide evidence that the certificate in mind is known to the responder. Generally an "good" OCSP ( RFC 2560, RFC 6960) status response only means that the certificate has not been revoked, but it does not necessarily mean that the certificate has been ever issued. The CertHash extension may be used to indicate such an positive statement on certificate issuance.
For adding a CertHash extension object to a SingleResponse use method addExtension, e.g.:
```
 X509Certificate cert = ...;
 AlgorithmID hashAlgorithm = ...;
 CertHash certHash = new CertHash(hashAlgorithm, cert);
 singleResponse.addExtension(nonce);
 
```
The OCSP client, when evaluating the CertHash extension, may use method identifiesCert to check if the certificateHash value actually identifies the target certificate for which status information has been requested:
```
 X509Certificate targetCert = ...;
 ...
 CertHash certHash = (CertHash)singleResponse.getExtension(CertHash.oid);
 if (certHash != null) {
   if (certHash.identifiesCert(targetCert) == false) {
     throw new Exception("OCSP response does not match to target certificate!");
   }
 }
```
Version:

File Revision 5

See Also:
SingleResponse

Field Summary

Fields
Modifier and Type Field and Description

static ObjectID oid
The object identifier of this CertHash extension.
- Fields inherited from class iaik.x509.V3Extension
  critical

Fields
Modifier and Type	Field and Description
`static ObjectID`	`oid` The object identifier of this CertHash extension.

Constructor Summary

Constructors
Constructor and Description
`CertHash()` Default constructor.
`CertHash(AlgorithmID hashAlgorithm, byte[] certificateHash)` Creates a `CertHash` extension with given hash algorithm identifier and hash value.
`CertHash(AlgorithmID hashAlgorithm, java.security.cert.Certificate certificate)` Creates a `CertHash` extension by calculating the certificate hash value from the given certificate using the given hash algorithm.

Method Summary

Methods
Modifier and Type	Method and Description
`boolean`	`equals(java.lang.Object obj)` Compares this `CertHash` to the specified object.
`byte[]`	`getCertificateHash()` Returns the certificate hash value.
`AlgorithmID`	`getHashAlgorithm()` Returns the hash algorithm id.
`ObjectID`	`getObjectID()` Returns the object ID of this `CertHash` extension
`int`	`hashCode()` Returns a hashcode for this identity.
`boolean`	`identifiesCert(java.security.cert.Certificate certificate)` Checks whether the given certificate is identified by this CertHash.
`void`	`init(ASN1Object obj)` Inits this `CertHash` implementation with an ASN1object representing the value of this extension.
`ASN1Object`	`toASN1Object()` Returns an ASN1Object representing the value of this `CertHash` extension.
`java.lang.String`	`toString()` Returns a string that represents the contents of this `CertHash` extension.

Methods inherited from class iaik.x509.V3Extension
getName, isCritical, setCritical

Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, wait

- Field Detail
  - oid
```
public static final ObjectID oid
```
    The object identifier of this CertHash extension. The corresponding OID string is "1.3.36.8.3.13".
- Constructor Detail
  - CertHash
```
public CertHash()
```
    Default constructor. Required for dynamic object creation. Shall NOT be used by an application.
  - CertHash
```
public CertHash(AlgorithmID hashAlgorithm,
        byte[] certificateHash)
```
    Creates a CertHash extension with given hash algorithm identifier and hash value.
    
    Parameters:
    hashAlgorithm - the hash algorithm id
    certificateHash - the certificate hash value
    
    Throws:
    
    java.lang.NullPointerException - if hashAlgorithm or certificateHash is null
  - CertHash
```
public CertHash(AlgorithmID hashAlgorithm,
        java.security.cert.Certificate certificate)
         throws java.security.NoSuchAlgorithmException,
                java.security.cert.CertificateException
```
    Creates a CertHash extension by calculating the certificate hash value from the given certificate using the given hash algorithm.
    
    Parameters:
    hashAlgorithm - the hash algorithm id for the hash algorithm to be used
    certificate - the certificate to be hashed
    
    Throws:
    
    java.security.NoSuchAlgorithmException - if the requested hash algorithm is not supported
    
    java.security.cert.CertificateException - if the certifcate cannot be encoded (required for hash calculation)
    
    java.lang.NullPointerException - if hashAlgorithm or certificate is null
- Method Detail
  - getObjectID
```
public ObjectID getObjectID()
```
    Returns the object ID of this CertHash extension
    
    Specified by:
    
    getObjectID in class V3Extension
    
    Returns:
    the object ID (1.3.36.8.3.13)
  - init
```
public void init(ASN1Object obj)
          throws X509ExtensionException
```
    Inits this CertHash implementation with an ASN1object representing the value of this extension.
    This method initializes the extension only with its value, but not with its critical specification. For that reason, this method shall not be explicitly called by an application.
    The ASN1Object supplied to this method must represent a SEQUENCE containing the hash algorithm id an certificate hash octet string components:
```
 CertHash ::= SEQUENCE {
   hashAlgorithm AlgorithmIdentifier,
   certificateHash OCTET STRING }
 
```
    Specified by:
    
    init in class V3Extension
    
    Parameters:
    obj - the CertHash as ASN1Object
    
    Throws:
    
    X509ExtensionException - if the extension could not parse the ASN1Object
  - toASN1Object
```
public ASN1Object toASN1Object()
```
    Returns an ASN1Object representing the value of this CertHash extension.
    The ASN1Object returned by this method must represent a SEQUENCE containing the hash algorithm id an certificate hash octet string components:
```
 CertHash ::= SEQUENCE {
   hashAlgorithm AlgorithmIdentifier,
   certificateHash OCTET STRING }
 
```
    Specified by:
    
    toASN1Object in class V3Extension
    
    Returns:
    the extension value of this CertHash as ASN1Object (SEQUENCE)
  - getHashAlgorithm
```
public AlgorithmID getHashAlgorithm()
```
    Returns the hash algorithm id.
    
    Returns:
    the hash algorithm id
  - getCertificateHash
```
public byte[] getCertificateHash()
```
    Returns the certificate hash value.
    
    Returns:
    the certificate hash value, as byte array
  - hashCode
```
public int hashCode()
```
    Returns a hashcode for this identity.
    
    Specified by:
    
    hashCode in class V3Extension
    
    Returns:
    a hash code for this identity
  - equals
```
public boolean equals(java.lang.Object obj)
```
    Compares this CertHash to the specified object.
    Two CertHash objects are only equal if they have same hash algorithm id and same certificate hash values.
    
    Overrides:
    
    equals in class java.lang.Object
    
    Parameters:
    obj - the object to compare this CertHash against.
    
    Returns:
    true, if the given object is equal to this CertHash, false otherwise
  - identifiesCert
```
public boolean identifiesCert(java.security.cert.Certificate certificate)
                       throws java.security.NoSuchAlgorithmException,
                              java.security.cert.CertificateException
```
    Checks whether the given certificate is identified by this CertHash.
    
    Parameters:
    certificate - the certificate to be checked
    
    Returns:
    true if the given certificate is identified by this CertHash, false if not
    
    Throws:
    
    java.security.NoSuchAlgorithmException - if the check cannot be performed because the hash algorithm used for calculating the cert hash is not supported by the installed cryptographic providers
    
    java.security.cert.CertificateException - if the certifcate cannot be encoded (required for hash calculation)
  - toString
```
public java.lang.String toString()
```
    Returns a string that represents the contents of this CertHash extension.
    
    Overrides:
    
    toString in class java.lang.Object
    
    Returns:
    the string representation

Class CertHash

Field Summary

Fields inherited from class iaik.x509.V3Extension

Constructor Summary

Method Summary

Methods inherited from class iaik.x509.V3Extension

Methods inherited from class java.lang.Object

Field Detail

oid

Constructor Detail

CertHash

CertHash

CertHash

Method Detail

getObjectID

init

toASN1Object

getHashAlgorithm

getCertificateHash

hashCode

equals

identifiesCert

toString