iaik.smime.ess
Class ESSCertID

java.lang.Object
  extended by iaik.smime.ess.ESSCertID
All Implemented Interfaces:
ASN1Type
Direct Known Subclasses:
ESSCertIDv2

public class ESSCertID
extends java.lang.Object
implements ASN1Type

This class implements the S/MIMEv3 ESSCertID type.

The Enhanced Security Services for S/MIMEv3 (ESS) (RFC 2634) specify the ESSCertID type for identifying a certificate by cert hash and optionally issuer information and issuer-specific certificate serial number:

 ESSCertID ::=  SEQUENCE {        
   certHash     Hash,
   issuerSerial IssuerSerial OPTIONAL   }
 
Hash ::= OCTET STRING -- SHA1 hash of entire certificate
IssuerSerial ::= SEQUENCE { issuer GeneralNames, serialNumber CertificateSerialNumber }

The ESSCertID type is used for identifying a certificate in a SigningCertificate object to be included as signed attribute into CMS SignerInfo object.

If you want to use another hash algorithm than SHA-1 for calculating the cert hash use the ESSCertIDv2 type and the SigningCertificateV2 attribute.

When creating an ESSCertID specify the cert to be identified and decide whether the IssuerSerial component shall be included in the ESSCertID:

 X509Certificate cert = ...;
 boolean includeIssuerSerial = true;
 ESSCertID certID = new ESSCertID(cert, includeIssuerSerial);
 

See Also:
ESSIssuerSerial, SigningCertificate, X509Certificate, AttributeCertificate

Constructor Summary
ESSCertID()
          Default Constructor.
ESSCertID(ASN1Object obj)
          Creates a new ESSCertID from an ASN1Object.
ESSCertID(java.security.cert.Certificate cert, boolean includeIssuerSerial)
          Creates an ESSCertID for the given X.509 public key or X.509 attribute certificate.
ESSCertID(java.security.cert.Certificate cert, boolean includeIssuerSerial, SecurityProvider securityProvider)
          Creates an ESSCertID for the given X.509 public key or X.509 attribute certificate.
 
Method Summary
 void calculateCertHash(byte[] encodedCert)
          Calculates the sets the cert hash value for the given encoded certificate.
 void decode(ASN1Object obj)
          Decodes the given ASN.1 ESSCertID object for parsing the internal structure.
 boolean equals(java.lang.Object obj)
          Compares this ESSCertID to the specified object.
 byte[] getCertHash()
          Returns the cert hash.
 AlgorithmID getHashAlgorithm()
          Gets the AlgorithmID of the hash algorithm.
 ESSIssuerSerial getIssuerSerial()
          Returns issuer and serial number.
 SecurityProvider getSecurityProvider()
          Gets the SecurityProvider installed for this ESSCertID.
 int hashCode()
          Returns a hashcode for this ESSCertID.
 boolean identifiesCert(java.security.cert.Certificate certificate)
          Checks whether the given certificate is identified by this ESSCertID.
 void setCertHash(byte[] certHash)
          Sets the cert hash value.
 void setIssuerSerial(ESSIssuerSerial issuerSerial)
          Sets the issuer and serial information.
 void setSecurityProvider(SecurityProvider securityProvider)
          Sets the SecurityProvider for this ESSCertID.
 ASN1Object toASN1Object()
          Returns this ESSCertID as ASN1Object.
 java.lang.String toString()
          Returns a string giving some information about this ESSCertID object.
 
Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, wait
 

Constructor Detail

ESSCertID

public ESSCertID()
Default Constructor. Creates an empty ESSCertID object.


ESSCertID

public ESSCertID(java.security.cert.Certificate cert,
                 boolean includeIssuerSerial)
          throws java.security.NoSuchAlgorithmException,
                 java.security.cert.CertificateException
Creates an ESSCertID for the given X.509 public key or X.509 attribute certificate.

Attention! Only X.509 public key certificates (instances of iaik.x509.X509Certificate) or X.509 attribute certificates (instances of iaik.x409.attr.AttributeCertificate) can be handled by this constructor; PKCS#6 ExtendedCertificates are obsolete and therefore not supported.

Parameters:
cert - the certificate for which to create an ESSCertID (either an instance of iaik.x509.X509Certificate or an instance of iaik.x509.attr.AttributeCertificate
includeIssuerSerial - if the IssuerSerial component should be set
Throws:
java.lang.IllegalArgumentException - if the supplied certificate is not an iaik.x509.X509Certificate or iaik.x509.attr.AttributeCertificate
java.security.NoSuchAlgorithmException - if SHA-1, required for hash computation, is not supported by the installed providers
java.security.cert.CertificateException - if an error occurs while encoding the certificate for computing the hash, or the given certificate is an attribute certificate, but the issuer information included is not sufficient to construct an IssuerSerial (if V2Form is used for indicating the issuer, but not the issuerName option)

ESSCertID

public ESSCertID(java.security.cert.Certificate cert,
                 boolean includeIssuerSerial,
                 SecurityProvider securityProvider)
          throws java.security.NoSuchAlgorithmException,
                 java.security.cert.CertificateException
Creates an ESSCertID for the given X.509 public key or X.509 attribute certificate.

Attention! Only X.509 public key certificates (instances of iaik.x509.X509Certificate) or X.509 attribute certificates (instances of iaik.x409.attr.AttributeCertificate) can be handled by this constructor; PKCS#6 ExtendedCertificates are obsolete and therefore not supported.

Parameters:
cert - the certificate for which to create an ESSCertID (either an instance of iaik.x509.X509Certificate or an instance of iaik.x509.attr.AttributeCertificate
includeIssuerSerial - if the IssuerSerial component should be set
securityProvider - the SecurityProvider to be explicitly used for the cryptocraphic operations (cert hash calculation) required by this object, if null the default sytem-wide installed security provider will be used
Throws:
java.lang.IllegalArgumentException - if the supplied certificate is not an iaik.x509.X509Certificate or iaik.x509.attr.AttributeCertificate
java.security.NoSuchAlgorithmException - if SHA-1, required for hash computation, is not supported by the installed providers
java.security.cert.CertificateException - if an error occurs while encoding the certificate for computing the hash, or the given certificate is an attribute certificate, but the issuer information included is not sufficient to construct an IssuerSerial (if V2Form is used for indicating the issuer, but not the issuerName option)

ESSCertID

public ESSCertID(ASN1Object obj)
          throws CodingException
Creates a new ESSCertID from an ASN1Object.

The ASN1Object supplied to this constructor represents an already exisiting ESSCertID object that may have been created by calling toASN1Object.

Parameters:
obj - the ESSCertID as ASN1Object
Throws:
CodingException - if the ASN1Object could not be parsed
Method Detail

setSecurityProvider

public void setSecurityProvider(SecurityProvider securityProvider)
Sets the SecurityProvider for this ESSCertID.

This method allows to explicitly set a SecurityProvider for this ESSCertID. If no explicit SecurityProvider is set, the default system wide installed SecurityProvider will be used for the required cryptographic operations.

This class uses the following method(s) of the SecurityProvider, which may be overriden by an application, if required:

An application may prefer to immediately supply the SecurityProvider when creating a new ESSCertID for some certificate.

Parameters:
securityProvider - the SecurityProvider to be set

getSecurityProvider

public SecurityProvider getSecurityProvider()
Gets the SecurityProvider installed for this ESSCertID.

This class uses the following method(s) of the SecurityProvider, which may be overriden by an application, if required:

If no explicit SecurityProvider has been set for this object, the default system wide installed SecurityProvider will be used for the required cryptographic operations. However, this method will return null if it does not have its own SecurityProvider.

Returns:
the SecurityProvider explicitly installed for this object, or null if this object does not have its own SecurityProvider

setIssuerSerial

public void setIssuerSerial(ESSIssuerSerial issuerSerial)
Sets the issuer and serial information.

Parameters:
issuerSerial - the IssuerSerial object to be set

setCertHash

public void setCertHash(byte[] certHash)
Sets the cert hash value.

Parameters:
certHash - the -- already calculated -- hash of the cert

calculateCertHash

public void calculateCertHash(byte[] encodedCert)
                       throws java.security.NoSuchAlgorithmException
Calculates the sets the cert hash value for the given encoded certificate.

Parameters:
encodedCert - the DER encoded cert for which the hash shall be calculated and set
Throws:
java.security.NoSuchAlgorithmException - if the hash algorithm used for calculating the cert hash is not supported by the installed cryptographic providers

identifiesCert

public boolean identifiesCert(java.security.cert.Certificate certificate)
                       throws java.security.NoSuchAlgorithmException
Checks whether the given certificate is identified by this ESSCertID.

Parameters:
certificate - the certificate to be checked (either an instance of iaik.x509.X509Certificate or an instance of iaik.x509.attr.AttributeCertificate
Returns:
true if the given certificate is identified by this ESSCertID, false if not
Throws:
java.lang.IllegalArgumentException - if the supplied certificate is not an iaik.x509.X509Certificate or iaik.x509.attr.AttributeCertificate
java.security.NoSuchAlgorithmException - if the check cannot be performed because the hash algorithm used for calculating the cert hash is not supported by the installed cryptographic providers

decode

public void decode(ASN1Object obj)
            throws CodingException
Decodes the given ASN.1 ESSCertID object for parsing the internal structure.

This method internally is called when creating a ESSCertID object from an already existing ESSCertID object, supplied as ASN1Object.

Specified by:
decode in interface ASN1Type
Parameters:
obj - the ESSCertID as ASN1Object
Throws:
CodingException - if the object can not be parsed

toASN1Object

public ASN1Object toASN1Object()
Returns this ESSCertID as ASN1Object.

The ASN1Object returned by this method may be used as parameter value when creating an ESSCertID object using the ESSCertID(ASN1Object obj) constructor.

Specified by:
toASN1Object in interface ASN1Type
Returns:
this ESSCertID as ASN1Object

equals

public boolean equals(java.lang.Object obj)
Compares this ESSCertID to the specified object.

Overrides:
equals in class java.lang.Object
Parameters:
obj - the object to compare this ESSCertID against.
Returns:
true, if the given object is equal to this ESSCertID, false otherwise

hashCode

public int hashCode()
Returns a hashcode for this ESSCertID.

Overrides:
hashCode in class java.lang.Object
Returns:
a hashcode for this ESSCertID

getIssuerSerial

public ESSIssuerSerial getIssuerSerial()
Returns issuer and serial number.

Returns:
the IssuerSerial of this ESSCertID

getHashAlgorithm

public AlgorithmID getHashAlgorithm()
Gets the AlgorithmID of the hash algorithm.

Returns:
the hash AlgorithmID

getCertHash

public byte[] getCertHash()
Returns the cert hash.

Returns:
cert hash of this ESSCertID

toString

public java.lang.String toString()
Returns a string giving some information about this ESSCertID object.

Overrides:
toString in class java.lang.Object
Returns:
the string representation

This Javadoc may contain text parts from text parts from IETF Internet Standard specifications (see copyright note).

IAIK-CMS 6.0, (c) 2002 IAIK, (c) 2003, 2023 SIC