public class CertID
extends java.lang.Object
CertID.
 The X.509 Online Certificate Status Protocol ( RFC 2560), RFC 6960) specifies the CertID type for being used to indicate the certificate for which revocation status information is requested.
 CertID ::= SEQUENCE {
   hashAlgorithm      AlgorithmIdentifier,
   issuerNameHash     OCTET STRING, -- Hash of Issuer's DN
   issuerKeyHash      OCTET STRING, -- Hash of Issuers public key
   serialNumber       CertificateSerialNumber }                      
 
 The primary reason to use the hash of the CA's public key in addition to the hash of the CA's name, to identify the issuer, is that it is possible that two CAs may choose to use the same Name (uniqueness in the Name is a recommendation that cannot be enforced). Two CAs will never, however, have the same public key unless the CAs either explicitly decided to share their private key, or the key of one of the CAs was compromised.
 When creating a CertID object you may calculate issuer name and key values
 yourself or let
 class CertID calculate
 it for you, e.g.:
 
AlgorithmID hashAlgorithm = AlgorithmID.sha1; Name issuerName = ...; PublicKey issuerKey = ...; BigInteger serialNumber = certificate.getSerialNumber(); CertID certID = new CertID(hashAlgorithm, issuerName, issuerKey, serialNumber);
| Constructor and Description | 
|---|
| CertID(AlgorithmID hashAlgorithm,
      byte[] issuerNameHash,
      byte[] issuerKeyHash,
      java.math.BigInteger serialNumber)Creates a new CertID from hashAlgorithm, issuerNameHash, issuerKeyHash and 
 serial number. | 
| CertID(AlgorithmID hashAlgorithm,
      Name issuerName,
      java.security.PublicKey issuerKey,
      java.math.BigInteger serialNumber)Creates a new CertID from hashAlgorithm, issuerName, issuerKey and 
 serial number. | 
| CertID(AlgorithmID hashAlgorithm,
      X509Certificate issuerCert,
      java.math.BigInteger serialNumber)Creates a new CertID from hashAlgorithm, issuer certificate and 
 target certificate serial number. | 
| CertID(AlgorithmID hashAlgorithm,
      X509Certificate issuerCert,
      X509Certificate targetCert)Creates a new CertID from hashAlgorithm, issuer certificate and 
 target certificate. | 
| CertID(ASN1Object obj)Creates CertID from an ASN1Object. | 
| Modifier and Type | Method and Description | 
|---|---|
| static byte[] | calculateIssuerKeyHash(java.security.PublicKey issuerKey,
                      AlgorithmID hashAlgorithm)Calculets the issuerKeyHash from the given public key. | 
| static byte[] | calculateIssuerNameHash(Name issuerName,
                       AlgorithmID hashAlgorithm)Calculates a SHA hash from the supplied issuer Name. | 
| boolean | equals(java.lang.Object obj)Compares this CertID with the given CertID. | 
| AlgorithmID | getHashAlgorithm()Returns the hashAlgorithm. | 
| byte[] | getIssuerKeyHash()Returns the issuerKeyHash. | 
| byte[] | getIssuerNameHash()Returns the issuerNameHash. | 
| java.math.BigInteger | getSerialNumber()Returns the serialNumber. | 
| int | hashCode()Returns a hash code value for this object. | 
| boolean | isCertIDFor(Name issuerName,
           java.security.PublicKey issuerKey,
           java.math.BigInteger serialNumber)Checks if this is a CertID for a certificate identified by the given
 issuer name and key, and serialNumber. | 
| ASN1Object | toASN1Object()Returns this CertID as an ASN1Object. | 
| java.lang.String | toString()Returns a String representation of this CertID. | 
public CertID(AlgorithmID hashAlgorithm, byte[] issuerNameHash, byte[] issuerKeyHash, java.math.BigInteger serialNumber)
issuerNameHash - is the hash of the Issuer's distinguished
        name. The hash shall be calculated over the DER encoding of
        the issuer's name field in the certificate being checked.issuerKeyHash - is the hash of the Issuer's public key. The hash
        shall be calculated over the value (excluding tag and length)
        of the subject public key field in the issuer's certificate.hashAlgorithm - The hash algorithm used for both these hashes is 
                  identified in hashAlgorithm.serialNumber - the serial number of the certificate for which status
        is being requested.java.lang.IllegalArgumentException - if any of the supplied values is nullpublic CertID(AlgorithmID hashAlgorithm, Name issuerName, java.security.PublicKey issuerKey, java.math.BigInteger serialNumber) throws java.security.NoSuchAlgorithmException
From given issuerName and issuerKey the required hash values (issuerNameHash, issuerKeyHash) are calculated using the given hash algorithm.
hashAlgorithm - the hash algorithm to be usedissuerName - the name of the issuer for calculating the issuerNamehashissuerKey - the issuer key for calculating the issuerKeyHash; the encoding
                  of the key must give a X.509 PublicKeyInfo 
                  (see PublicKeyInfo)serialNumber - the serial number of the certificate for which status
        is being requested.java.security.NoSuchAlgorithmException - if the the requested hash algorithm is not supportedjava.lang.IllegalArgumentException - if any of the supplied values is null or
             or the key has a encoding format different from X.509 (PublicKeyInfo)public CertID(AlgorithmID hashAlgorithm, X509Certificate issuerCert, java.math.BigInteger serialNumber) throws java.security.NoSuchAlgorithmException
From the given issuer certificate the required hash values (issuerNameHash, issuerKeyHash) are calculated using the given hash algorithm.
hashAlgorithm - the hash algorithm to be usedissuerCert - the issuer certificateserialNumber - the serial number of the certificate for which status
        is being requested.java.security.NoSuchAlgorithmException - if the the requested hash algorithm is not supportedjava.lang.IllegalArgumentException - if any of the supplied values is nullpublic CertID(AlgorithmID hashAlgorithm, X509Certificate issuerCert, X509Certificate targetCert) throws java.security.NoSuchAlgorithmException
From the given issuer certificate the required hash values (issuerNameHash, issuerKeyHash) are calculated using the given hash algorithm. From the given target certificate the certificate serial number is read.
hashAlgorithm - the hash algorithm to be usedissuerCert - the issuer certificatetargetCert - the certificate for which status is being requestedjava.security.NoSuchAlgorithmException - if the the requested hash algorithm is not supportedjava.lang.IllegalArgumentException - if any of the supplied values is nullpublic CertID(ASN1Object obj) throws CodingException
obj - the CertID as ASN1ObjectCodingException - if the ASN1Object has the wrong formatpublic AlgorithmID getHashAlgorithm()
public byte[] getIssuerNameHash()
public byte[] getIssuerKeyHash()
public java.math.BigInteger getSerialNumber()
public ASN1Object toASN1Object()
public boolean equals(java.lang.Object obj)
equals in class java.lang.Objectobj - the other CertIDtrue, if the two CertIDs are equal, false otherwisepublic int hashCode()
hashCode in class java.lang.Objectpublic boolean isCertIDFor(Name issuerName, java.security.PublicKey issuerKey, java.math.BigInteger serialNumber) throws java.security.NoSuchAlgorithmException
issuerName - the name of the certificate issuerissuerKey - the public key of the certificate issuerserialNumber - the serial number of the certificate in mindtrue if the certificate in mind is identified by
         this CertID, false if notjava.security.NoSuchAlgorithmExceptionpublic java.lang.String toString()
toString in class java.lang.Objectpublic static byte[] calculateIssuerNameHash(Name issuerName, AlgorithmID hashAlgorithm) throws java.security.NoSuchAlgorithmException
issuerName - the name for which the hash shall be calculatedhashAlgorithm - the hash algorithm to be usedjava.security.NoSuchAlgorithmException - if the requested hash algorithm is not
            supportedpublic static byte[] calculateIssuerKeyHash(java.security.PublicKey issuerKey,
                            AlgorithmID hashAlgorithm)
                                     throws java.security.NoSuchAlgorithmException,
                                            CodingException
issuerKey - the public issuer key for which the hash shall be calculated;
                  the encoding of the key must give a X.509 PublicKeyInfo 
                  (see PublicKeyInfo)CodingException - if the key does not give the right encodingjava.security.NoSuchAlgorithmException - if the required hash algorithm is not 
            supported by the installed cryptography providers