|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object iaik.security.ssl.URLAndOptionalHash
public class URLAndOptionalHash
This class represents a URLAndOptionalHash
as used by the
TLS client_certificate_url
extension
(see RFC 4366).
Instead of sending its certificate(s) to the server a constrained client may send a list of URLs from where the server can get the client certificate(s) (see RFC 4366):
enum { individual_certs(0), pkipath(1), (255) } CertChainType; enum { false(0), true(1) } Boolean; struct { CertChainType type; URLAndOptionalHash url_and_hash_list<1..2^16-1>; } CertificateURL; struct { opaque url<1..2^16-1>; Boolean hash_present; select (hash_present) { case false: struct {}; case true: SHA1Hash; } hash; } URLAndOptionalHash; opaque SHA1Hash[20];The list may contain one
URLAndOptionalHash
object (type pkipath
)
to point to a location from where the server can download the client certificate(s)
as ASN.1 PkiPath (i.e. SEQUENCE OF Certificate), or may contain a separate
URLAndOptionalHash
(type individual_certs
) for each certificate
of the client (from where it can be downloaded as DER encoded X.509 certificate).
When creating
an URLAndOptionalHash
object you have to specify the url (as String) from where the client certificate
(or pki path) can be downloaded:
String clientCertUrl = ...; URLAndOptionalHash urlAndOptionalHash = new URLAndOptionalHash(clientCertUrl);You also may calculate and
set
a SHA-1 hash over the
certificate (or pki path) so that the server, when downloading the certificate
(or pki path) from the referenced url, can check if it actually has been referred
by the given url:
byte[] sha1Hash = ...; urlAndOptionalHash.setHash(sha1Hash);Subsequently create a
KeyAndCertURL
object for your
URLAndOptionalHash
list and add
it as client credentials to your SSLClientContext
(see
javadoc
of class KeyAndCertURL
for
an example).
KeyAndCertURL
,
ClientCertificateURL
Constructor Summary | |
---|---|
URLAndOptionalHash(java.lang.String clientCertificateUrl)
Creates a URLAndOptionalHash object from the given url. |
Method Summary | |
---|---|
boolean |
equals(java.lang.Object obj)
Compares this URLAndOptionalHash object with
the given object. |
byte[] |
getEncodedURL()
Gets the encoded URL of this URLAndOptionalHash . |
byte[] |
getHash()
Gets the hash (if present) of this URLAndOptionalHash . |
java.lang.String |
getURL()
Gets the URL of this URLAndOptionalHash . |
int |
hashCode()
Gets a hash code for this URLAndOptionalHash object. |
void |
setHash(byte[] hash)
Sets the SHA-1 hash value of this URLAndOptionalHash . |
java.lang.String |
toString()
Gets a String representation of this URLAndOptionalHash
object. |
Methods inherited from class java.lang.Object |
---|
clone, finalize, getClass, notify, notifyAll, wait, wait, wait |
Constructor Detail |
---|
public URLAndOptionalHash(java.lang.String clientCertificateUrl) throws java.io.UnsupportedEncodingException
clientCertificateUrl
- the client certificate url as String
java.lang.IllegalArgumentException
- if the given url is null
java.io.UnsupportedEncodingException
- if the given url cannot be encodedMethod Detail |
---|
public void setHash(byte[] hash)
URLAndOptionalHash
.
If the URL of this URLAndOptionalHash
points to
a single X.509 certificate, the SHA-1 hash must have been calculated
over the DER encoded X.509 certificate. If the URL points to
a pki path, the hash must have been calculated over the DER
encoded pki path.
hash
- the SHA-1 hash value of the certificate or pki path
(is not cloned inside this method)public java.lang.String getURL()
URLAndOptionalHash
.
public byte[] getEncodedURL()
URLAndOptionalHash
.
public byte[] getHash()
URLAndOptionalHash
.
null
if no hash is set for
this URLAndOptionalHash
(the returned byte array is not cloned or copied by this method)public java.lang.String toString()
URLAndOptionalHash
object.
toString
in class java.lang.Object
public boolean equals(java.lang.Object obj)
URLAndOptionalHash
object with
the given object.
equals
in class java.lang.Object
obj
- the other object
true
if the two objects are equal,
false
if they are not equalpublic int hashCode()
URLAndOptionalHash
object.
hashCode
in class java.lang.Object
|
This Javadoc may contain text parts from text parts from IETF Internet Standard specifications (see copyright note). | ||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |