iaik.smime.ess
Class ESSCertIDv2

java.lang.Object
  extended by iaik.smime.ess.ESSCertID
      extended by iaik.smime.ess.ESSCertIDv2
All Implemented Interfaces:
ASN1Type

public class ESSCertIDv2
extends ESSCertID

This class implements the S/MIMEv3 ESS ESSCertIDv2 type.

The ESSCertIDv2 has been introduced by RFC 5035 to make it possible to use another hash algorithm than SHA-1 for identifying a certificate by cert hash (and optionally issuer information and issuer-specific certificate serial number) within a SigningCertificateV2 attribute (see RFC 5035):

 SigningCertificateV2 ::=  SEQUENCE {
    certs        SEQUENCE OF ESSCertIDv2,
    policies     SEQUENCE OF PolicyInformation OPTIONAL
 }
 
ESSCertIDv2 ::= SEQUENCE { hashAlgorithm AlgorithmIdentifier DEFAULT {algorithm id-sha256}, certHash Hash, issuerSerial IssuerSerial OPTIONAL } Hash ::= OCTET STRING IssuerSerial ::= SEQUENCE { issuer GeneralNames, serialNumber CertificateSerialNumber }

Similar to SigningCertificate a SigningCertificateV2 attribute may be included as signed attribute into a CMS SignerInfo object.

When creating an ESSCertIDv2 specify the cert to be identified and decide whether the IssuerSerial component shall be included in the ESSCertIDv2:

 X509Certificate cert = ...;
 boolean includeIssuerSerial = true;
 ESSCertIDv2 certID = new ESSCertIDv2(cert, includeIssuerSerial);
 

See Also:
ESSIssuerSerial, SigningCertificateV2, X509Certificate, AttributeCertificate

Constructor Summary
ESSCertIDv2()
          Default Constructor.
ESSCertIDv2(AlgorithmID hashAlgorithm, java.security.cert.Certificate cert, boolean includeIssuerSerial)
          Creates an ESSCertIDv2 for the given X.509 public key or X.509 attribute certificate.
ESSCertIDv2(AlgorithmID hashAlgorithm, java.security.cert.Certificate cert, boolean includeIssuerSerial, SecurityProvider securityProvider)
          Creates an ESSCertIDv2 for the given X.509 public key or X.509 attribute certificate.
ESSCertIDv2(ASN1Object obj)
          Creates a new ESSCertIDv2 from an ASN1Object.
ESSCertIDv2(java.security.cert.Certificate cert, boolean includeIssuerSerial)
          Creates an ESSCertIDv2 for the given X.509 public key or X.509 attribute certificate.
ESSCertIDv2(java.security.cert.Certificate cert, boolean includeIssuerSerial, SecurityProvider securityProvider)
          Creates an ESSCertIDv2 for the given X.509 public key or X.509 attribute certificate.
 
Method Summary
 boolean identifiesCert(java.security.cert.Certificate certificate)
          Checks whether the given certificate is identified by this ESSCertIDv2.
 
Methods inherited from class iaik.smime.ess.ESSCertID
calculateCertHash, decode, equals, getCertHash, getHashAlgorithm, getIssuerSerial, getSecurityProvider, hashCode, setCertHash, setIssuerSerial, setSecurityProvider, toASN1Object, toString
 
Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, wait
 

Constructor Detail

ESSCertIDv2

public ESSCertIDv2()
Default Constructor. Creates an empty ESSCertIDv2 object. The hash algorithm is set to SHA-256 by default.


ESSCertIDv2

public ESSCertIDv2(java.security.cert.Certificate cert,
                   boolean includeIssuerSerial)
            throws java.security.NoSuchAlgorithmException,
                   java.security.cert.CertificateException
Creates an ESSCertIDv2 for the given X.509 public key or X.509 attribute certificate.

Attention! Only X.509 public key certificates (instances of iaik.x509.X509Certificate) or X.509 attribute certificates (instances of iaik.x409.attr.AttributeCertificate) can be handled by this constructor; PKCS#6 ExtendedCertificates are obsolete and therefore not supported.
When using this constructor SHA-256 is used for cert hash calculation.

Parameters:
cert - the certificate for which to create an ESSCertID (either an instance of iaik.x509.X509Certificate or an instance of iaik.x509.attr.AttributeCertificate
includeIssuerSerial - if the IssuerSerial component should be set
Throws:
java.lang.IllegalArgumentException - if the supplied certificate is not an iaik.x509.X509Certificate or iaik.x509.attr.AttributeCertificate
java.security.NoSuchAlgorithmException - if SHA-256, required for hash computation, is not supported by the installed providers
java.security.cert.CertificateException - if an error occurs while encoding the certificate for computing the hash, or the given certificate is an attribute certificate, but the issuer information included is not sufficient to construct an IssuerSerial (if V2Form is used for indicating the issuer, but not the issuerName option)

ESSCertIDv2

public ESSCertIDv2(AlgorithmID hashAlgorithm,
                   java.security.cert.Certificate cert,
                   boolean includeIssuerSerial)
            throws java.security.NoSuchAlgorithmException,
                   java.security.cert.CertificateException
Creates an ESSCertIDv2 for the given X.509 public key or X.509 attribute certificate.

Attention! Only X.509 public key certificates (instances of iaik.x509.X509Certificate) or X.509 attribute certificates (instances of iaik.x409.attr.AttributeCertificate) can be handled by this constructor; PKCS#6 ExtendedCertificates are obsolete and therefore not supported.

Parameters:
hashAlgorithm - the hash algorithm to be used for calculating the cert hash
cert - the certificate for which to create an ESSCertID (either an instance of iaik.x509.X509Certificate or an instance of iaik.x509.attr.AttributeCertificate
includeIssuerSerial - if the IssuerSerial component should be set
Throws:
java.lang.IllegalArgumentException - if the supplied certificate is not an iaik.x509.X509Certificate or iaik.x509.attr.AttributeCertificate
java.security.NoSuchAlgorithmException - if the requested hash algorithm is not supported by the installed providers
java.security.cert.CertificateException - if an error occurs while encoding the certificate for computing the hash, or the given certificate is an attribute certificate, but the issuer information included is not sufficient to construct an IssuerSerial (if V2Form is used for indicating the issuer, but not the issuerName option)

ESSCertIDv2

public ESSCertIDv2(java.security.cert.Certificate cert,
                   boolean includeIssuerSerial,
                   SecurityProvider securityProvider)
            throws java.security.NoSuchAlgorithmException,
                   java.security.cert.CertificateException
Creates an ESSCertIDv2 for the given X.509 public key or X.509 attribute certificate.

Attention! Only X.509 public key certificates (instances of iaik.x509.X509Certificate) or X.509 attribute certificates (instances of iaik.x409.attr.AttributeCertificate) can be handled by this constructor; PKCS#6 ExtendedCertificates are obsolete and therefore not supported.
When using this constructor SHA-256 is used for cert hash calculation.

Parameters:
cert - the certificate for which to create an ESSCertID (either an instance of iaik.x509.X509Certificate or an instance of iaik.x509.attr.AttributeCertificate
includeIssuerSerial - if the IssuerSerial component should be set
securityProvider - the SecurityProvider to be explicitly used for the cryptocraphic operations (cert hash calculation) required by this object, if null the default sytem-wide installed security provider will be used
Throws:
java.lang.IllegalArgumentException - if the supplied certificate is not an iaik.x509.X509Certificate or iaik.x509.attr.AttributeCertificate
java.security.NoSuchAlgorithmException - if SHA-256, required for hash computation, is not supported by the installed providers
java.security.cert.CertificateException - if an error occurs while encoding the certificate for computing the hash, or the given certificate is an attribute certificate, but the issuer information included is not sufficient to construct an IssuerSerial (if V2Form is used for indicating the issuer, but not the issuerName option)

ESSCertIDv2

public ESSCertIDv2(AlgorithmID hashAlgorithm,
                   java.security.cert.Certificate cert,
                   boolean includeIssuerSerial,
                   SecurityProvider securityProvider)
            throws java.security.NoSuchAlgorithmException,
                   java.security.cert.CertificateException
Creates an ESSCertIDv2 for the given X.509 public key or X.509 attribute certificate.

Attention! Only X.509 public key certificates (instances of iaik.x509.X509Certificate) or X.509 attribute certificates (instances of iaik.x409.attr.AttributeCertificate) can be handled by this constructor; PKCS#6 ExtendedCertificates are obsolete and therefore not supported.

Parameters:
hashAlgorithm - the hash algorithm to be used for cert hash calculation
cert - the certificate for which to create an ESSCertID (either an instance of iaik.x509.X509Certificate or an instance of iaik.x509.attr.AttributeCertificate
includeIssuerSerial - if the IssuerSerial component should be set
securityProvider - the SecurityProvider to be explicitly used for the cryptocraphic operations (cert hash calculation) required by this object, if null the default sytem-wide installed security provider will be used
Throws:
java.lang.IllegalArgumentException - if the supplied certificate is not an iaik.x509.X509Certificate or iaik.x509.attr.AttributeCertificate
java.security.NoSuchAlgorithmException - if the requested hash algorithm is not supported by the installed providers
java.security.cert.CertificateException - if an error occurs while encoding the certificate for computing the hash, or the given certificate is an attribute certificate, but the issuer information included is not sufficient to construct an IssuerSerial (if V2Form is used for indicating the issuer, but not the issuerName option)

ESSCertIDv2

public ESSCertIDv2(ASN1Object obj)
            throws CodingException
Creates a new ESSCertIDv2 from an ASN1Object.

Parameters:
obj - the ESSCertIDv2 as ASN1Object
Throws:
CodingException - if the ASN1Object could not be parsed
Method Detail

identifiesCert

public boolean identifiesCert(java.security.cert.Certificate certificate)
                       throws java.security.NoSuchAlgorithmException
Checks whether the given certificate is identified by this ESSCertIDv2.

Overrides:
identifiesCert in class ESSCertID
Parameters:
certificate - the certificate to be checked (either an instance of iaik.x509.X509Certificate or an instance of iaik.x509.attr.AttributeCertificate
Returns:
true if the given certificate is identified by this ESSCertIDv2, false if not
Throws:
java.lang.IllegalArgumentException - if the supplied certificate is not an iaik.x509.X509Certificate or iaik.x509.attr.AttributeCertificate
java.security.NoSuchAlgorithmException - if the check cannot be performed because the hash algorithm used by this ESSCertIDv2 is not supported by the installed cryptographic providers

This Javadoc may contain text parts from text parts from IETF Internet Standard specifications (see copyright note).

IAIK-CMS 6.0, (c) 2002 IAIK, (c) 2003, 2023 SIC