iSaSiLk 6.1, (c) 2002 IAIK, (c) 2003 - 2015 SICpublic class URLAndOptionalHash
extends java.lang.Object
URLAndOptionalHash as used by the
TLS client_certificate_url extension
(see RFC 4366).
Instead of sending its certificate(s) to the server a constrained client may send a list of URLs from where the server can get the client certificate(s) (see RFC 4366):
enum {
individual_certs(0), pkipath(1), (255)
} CertChainType;
enum {
false(0), true(1)
} Boolean;
struct {
CertChainType type;
URLAndOptionalHash url_and_hash_list<1..2^16-1>;
} CertificateURL;
struct {
opaque url<1..2^16-1>;
Boolean hash_present;
select (hash_present) {
case false: struct {};
case true: SHA1Hash;
} hash;
} URLAndOptionalHash;
opaque SHA1Hash[20];
The list may contain one URLAndOptionalHash object (type pkipath)
to point to a location from where the server can download the client certificate(s)
as ASN.1 PkiPath (i.e. SEQUENCE OF Certificate), or may contain a separate
URLAndOptionalHash (type individual_certs) for each certificate
of the client (from where it can be downloaded as DER encoded X.509 certificate).
When creating an URLAndOptionalHash
object you have to specify the url (as String) from where the client certificate
(or pki path) can be downloaded:
String clientCertUrl = ...; URLAndOptionalHash urlAndOptionalHash = new URLAndOptionalHash(clientCertUrl);You also may calculate and
set a SHA-1 hash over the
certificate (or pki path) so that the server, when downloading the certificate
(or pki path) from the referenced url, can check if it actually has been referred
by the given url:
byte[] sha1Hash = ...; urlAndOptionalHash.setHash(sha1Hash);Subsequently create a
KeyAndCertURL object for your
URLAndOptionalHash list and add it as client credentials to your SSLClientContext (see
javadoc of class KeyAndCertURL for
an example).KeyAndCertURL,
ClientCertificateURL| Constructor and Description |
|---|
URLAndOptionalHash(java.lang.String clientCertificateUrl)
Creates a URLAndOptionalHash object from the given url.
|
| Modifier and Type | Method and Description |
|---|---|
boolean |
equals(java.lang.Object obj)
Compares this
URLAndOptionalHash object with
the given object. |
byte[] |
getEncodedURL()
Gets the encoded URL of this
URLAndOptionalHash. |
byte[] |
getHash()
Gets the hash (if present) of this
URLAndOptionalHash. |
java.lang.String |
getURL()
Gets the URL of this
URLAndOptionalHash. |
int |
hashCode()
Gets a hash code for this
URLAndOptionalHash object. |
void |
setHash(byte[] hash)
Sets the SHA-1 hash value of this
URLAndOptionalHash. |
java.lang.String |
toString()
Gets a String representation of this
URLAndOptionalHash
object. |
public URLAndOptionalHash(java.lang.String clientCertificateUrl)
throws java.io.UnsupportedEncodingException
clientCertificateUrl - the client certificate url as Stringjava.lang.IllegalArgumentException - if the given url is nulljava.io.UnsupportedEncodingException - if the given url cannot be encodedpublic void setHash(byte[] hash)
URLAndOptionalHash.
If the URL of this URLAndOptionalHash points to
a single X.509 certificate, the SHA-1 hash must have been calculated
over the DER encoded X.509 certificate. If the URL points to
a pki path, the hash must have been calculated over the DER
encoded pki path.hash - the SHA-1 hash value of the certificate or pki path
(is not cloned inside this method)public java.lang.String getURL()
URLAndOptionalHash.public byte[] getEncodedURL()
URLAndOptionalHash.public byte[] getHash()
URLAndOptionalHash.null if no hash is set for
this URLAndOptionalHash
(the returned byte array is not cloned or copied by this method)public java.lang.String toString()
URLAndOptionalHash
object.toString in class java.lang.Objectpublic boolean equals(java.lang.Object obj)
URLAndOptionalHash object with
the given object.equals in class java.lang.Objectobj - the other objecttrue if the two objects are equal,
false if they are not equalpublic int hashCode()
URLAndOptionalHash object.hashCode in class java.lang.Object