iaik.x509.attr
Class ObjectDigestInfo

java.lang.Object
  |
  +--iaik.x509.attr.ObjectDigestInfo

public class ObjectDigestInfo

extends Object

This class implements the AC type ObjectDigestInfo.

The Internet Attribute Certificate Profile for Authorization (RFC 3281) specifies the ObjectDigestInfo type as an option for identifying the holder or issuer of an attribute certificate by an digest calculated from an object (public key, certificate, or some other) the attribute certificate shall be linked to (see RFC 3281):

 ObjectDigestInfo ::= SEQUENCE {
   digestedObjectType  ENUMERATED {
           publicKey            (0),
           publicKeyCert        (1),
           otherObjectTypes     (2) },
                     -- otherObjectTypes MUST NOT
                     -- be used in this profile
   otherObjectTypeID   OBJECT IDENTIFIER OPTIONAL,
   digestAlgorithm     AlgorithmIdentifier,
   objectDigest        BIT STRING
 }
 

When used for representing the Holder of an attribute certificate, the object digest maybe calculated from a public key or certificate or some other object type identified by its OID (see RFC 3281 for more information:

 The idea is to link the AC to an object by placing a hash of that
 object into the holder field of the AC. For example, this allows
 production of ACs that are linked to public keys rather than names.

 Holder ::= SEQUENCE {
    baseCertificateID   [0] IssuerSerial OPTIONAL,
                        -- the issuer and serial number of
                        -- the holder's Public Key Certificate
    entityName          [1] GeneralNames OPTIONAL,
                        -- the name of the claimant or role
    objectDigestInfo    [2] ObjectDigestInfo OPTIONAL
                        -- used to directly authenticate the holder,
                        -- for example, an executable
 }
 

When creating an ObjectDigestInfo object you may specifiy object type, digest algorithm and digest value or let this class calculate the objectDigest value for a ObjectDigestInfo of type publicKey or publicKeyCert:

 // the public key to which to link the AC:
 PublicKey publicKey = ...;
 // the digest algorithm to use
 AlgorithmID digestAlgorithm = ...;
 ObjectDigestInfo odi = new ObjectDigestInfo(publicKey, digestAlgorithm);
 

respectively

 // the cert to which to link the AC:
 X509Certificate cert = ...;
 // the digest algorithm to use
 AlgorithmID digestAlgorithm = ...;
 ObjectDigestInfo odi = new ObjectDigestInfo(cert, digestAlgorithm);
 

According to RFC 3281 the ObjectDigestInfo option may be used for representing the Holder of an attribute certificate option but shall not be used for representing the issuer of an attribute certificate:

 AttCertIssuer ::= CHOICE {
    v1Form   GeneralNames,  -- MUST NOT be used in this
                            -- profile
    v2Form   [0] V2Form     -- v2 only
 }


 V2Form ::= SEQUENCE {
   issuerName            GeneralNames  OPTIONAL,
   baseCertificateID     [0] IssuerSerial  OPTIONAL,
   objectDigestInfo      [1] ObjectDigestInfo  OPTIONAL
           -- issuerName MUST be present in this profile
           -- baseCertificateID and objectDigestInfo MUST NOT
           -- be present in this profile
 }

 ACs conforming to this profile MUST use the v2Form choice, which MUST
 contain one and only one GeneralName in the issuerName, which MUST
 contain a non-empty distinguished name in the directoryName field.
 This means that all AC issuers MUST have non-empty distinguished
 names.  ACs conforming to this profile MUST omit the
 baseCertificateID and objectDigestInfo fields.
 

Version:

File Revision 15

See Also:

Holder, V2Form

Field Summary

static int	OTHER_OBJECT_TYPES ObjectDigestInfo Type otherObjectTypes (2).
static int	PUBLIC_KEY ObjectDigestInfo Type publicKey (0).
static int	PUBLIC_KEY_CERT ObjectDigestInfo Type publicKeyCert (1).

Constructor Summary

ObjectDigestInfo(ASN1Object obj)
Creates and decodes an ObjectDigestInfo from its ASN.1 representation.

ObjectDigestInfo(int objectType, AlgorithmID digestAlgorithm, byte[] digestValue, ObjectID otherObjectTypeID)
Creates an ObjectDigestInfo for the given digest value.

ObjectDigestInfo(PublicKey publicKey, AlgorithmID digestAlgorithm)
Creates an publicKey ObjectDigestInfo for the given public key.

ObjectDigestInfo(X509Certificate cert, AlgorithmID digestAlgorithm)
Creates an publicKeyCert ObjectDigestInfo for the given certificate.

Method Summary

static byte[]	calculateDigest(byte[] value, AlgorithmID digestAlgorithm) Calcualtes a digest of the given value using the given digest algorithm.
boolean	equals(Object obj) Compares this ObjectDigestInfo to the specified object.
AlgorithmID	getDigestAlgorithm() Returns the digest algorithm.
byte[]	getObjectDigest() Returns the object digest value.
int	getObjectType() Returns the object type this class represents.
String	getObjectTypeName() Returns the name of the object type this class represents.
ObjectID	getOtherObjectTypeID() Returns the otherObjectTypeID, if set.
int	hashCode() Returns a hashcode for this ObjectDigestInfo.
boolean	identifiesCert(X509Certificate cert) Checks if this ObjectDigestInfo identifies the given certificate.
boolean	identifiesKey(PublicKey publicKey) Checks if this ObjectDigestInfo identifies the given public key.
ASN1Object	toASN1Object() Returns this ObjectDigestInfo as ASN1Object.
String	toString() Returns a string giving some information about this ObjectDigestInfo object.

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Field Detail

PUBLIC_KEY

public static final int PUBLIC_KEY

ObjectDigestInfo Type publicKey (0).

PUBLIC_KEY_CERT

public static final int PUBLIC_KEY_CERT

ObjectDigestInfo Type publicKeyCert (1).

OTHER_OBJECT_TYPES

public static final int OTHER_OBJECT_TYPES

ObjectDigestInfo Type otherObjectTypes (2). This type must not be used. If used the type has to be supplied by an object identifier.

Constructor Detail

ObjectDigestInfo

public ObjectDigestInfo(int objectType,
                        AlgorithmID digestAlgorithm,
                        byte[] digestValue,
                        ObjectID otherObjectTypeID)

Creates an ObjectDigestInfo for the given digest value.

If objectType is otherObjectTypes (i.e. not publicKey or publicKeyCert), otherObjectTypeID must be supplied, otherwise it is ignored (may be null.

Parameters:

objectType - the object type identifying the object over which the digest is calculated

digestAlgorithm - the digest algorithm used for digest calculation

digestValue - the (already computed) object digest value

otherObjectType - the OID identifying the object type, if not publicKey or publicKeyCert

ObjectDigestInfo

public ObjectDigestInfo(PublicKey publicKey,
                        AlgorithmID digestAlgorithm)
                 throws NoSuchAlgorithmException

Creates an publicKey ObjectDigestInfo for the given public key.

If objectType is set to publicKey (0).
Since the digest is calculated over the DER encoding of the X.509 SubjectPublicKeyInfo representation of the key, be aware that a DSA key has to include the DSS parameters which may be inherited from the CA's certificate.

Parameters:

publicKey - the public key to be digested

digestAlgorithm - the digest algorithm to be used for digest calculation

Throws:

NoSuchAlgorithmException - if the requested digest algorithm is not supported

ObjectDigestInfo

public ObjectDigestInfo(X509Certificate cert,
                        AlgorithmID digestAlgorithm)
                 throws NoSuchAlgorithmException,
                        CertificateEncodingException

Creates an publicKeyCert ObjectDigestInfo for the given certificate.

If objectType is set to publicKeyCert (1).

Parameters:

publicKey - the public key to be digested

digestAlgorithm - the digest algorithm to be used for digest calculation

Throws:

NoSuchAlgorithmException - if the requested digest algorithm is not supported

ObjectDigestInfo

public ObjectDigestInfo(ASN1Object obj)
                 throws CodingException

Creates and decodes an ObjectDigestInfo from its ASN.1 representation.

Parameters:

obj - the ObjectDigestInfo as ASN.1 object

Throws:

CodingException - if an decoding/parsing error occurs or the the information contained is not appropriate for an ObjectDigestInfo

Method Detail

calculateDigest

public static byte[] calculateDigest(byte[] value,
                                     AlgorithmID digestAlgorithm)
                              throws NoSuchAlgorithmException

Calcualtes a digest of the given value using the given digest algorithm.

Parameters:

value - the value to be digested

digestAlgorithm - the digest algorithm to be used

Returns:

the digest value

getObjectType

public int getObjectType()

Returns the object type this class represents.

Returns:

the object type, 0 (publicKey), 1 (publicKeyCert), or 2 (otherObjectTypes)

getObjectTypeName

public String getObjectTypeName()

Returns the name of the object type this class represents.

Returns:

the object type name, "publicKey" (0), "publicKeyCert" (1), "otherObjectTypes" (2),

getOtherObjectTypeID

public ObjectID getOtherObjectTypeID()

Returns the otherObjectTypeID, if set. This method only may be called for identifying the object type by its OID if the object type is otherObjectTypes (i.e. not publicKey or publicKeyCert):

 if (objectDigestInfo.getObjectType() == ObjectDigestInfo.OTHER_OBJECT_TYPES) {
   ObjectID otherObjectTypeID = objectDigestInfo.getOtherObjectTypeID();
   ...
 }
 

Returns:

the other object type OID, if object type is otherObjectTypes (i.e. not publicKey or publicKeyCert)

getDigestAlgorithm

public AlgorithmID getDigestAlgorithm()

Returns the digest algorithm.

Returns:

the digest algorithm

getObjectDigest

public byte[] getObjectDigest()

Returns the object digest value.

Returns:

the object digest value.

equals

public boolean equals(Object obj)

Compares this ObjectDigestInfo to the specified object.

Overrides:

equals in class Object

Parameters:

obj - the object to compare this ObjectDigestInfo against.

Returns:

true, if the given object is equal to this ObjectDigestInfo, false otherwise

hashCode

public int hashCode()

Returns a hashcode for this ObjectDigestInfo.

Overrides:

hashCode in class Object

Returns:

a hashcode for this ObjectDigestInfo

toASN1Object

public ASN1Object toASN1Object()

Returns this ObjectDigestInfo as ASN1Object.

Returns:

this ObjectDigestInfo as ASN1Object

identifiesCert

public boolean identifiesCert(X509Certificate cert)
                       throws NoSuchAlgorithmException,
                              CertificateEncodingException

Checks if this ObjectDigestInfo identifies the given certificate.

This method only may be used if this ObjectDigestInfo has type PUBLIC_KEY (0).

Parameters:

cert - the certificate to be checked

Returns:

true if this ObjectDigestInfo has type PUBLIC_KEY_CERT and the digest calcualted from the certificate encoding matches to the one of this ObjectDigestInfo, false if not

Throws:

NoSuchAlgorithmException - if the digest algorithm used is not supported

CertificateEncodingException - if an error occurs while encoding the certificate required for digest calculation

identifiesKey

public boolean identifiesKey(PublicKey publicKey)
                      throws NoSuchAlgorithmException

Checks if this ObjectDigestInfo identifies the given public key.

This method only may be used if this ObjectDigestInfo has type PUBLIC_KEY (0).

Parameters:

publicKey - the public key to be checked

Returns:

true if this ObjectDigestInfo has type PUBLIC_KEY_CERT and the digest calcualted from the public key encoding matches to the one of this ObjectDigestInfo, false if not

Throws:

NoSuchAlgorithmException - if the digest algorithm used is not supported

toString

public String toString()

Returns a string giving some information about this ObjectDigestInfo object.

Overrides:

toString in class Object

Returns:

the string representation