Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD

iaik.x509.extensions
Class AuthorityKeyIdentifier

java.lang.Object
  |
  +--iaik.x509.V3Extension
        |
        +--iaik.x509.extensions.AuthorityKeyIdentifier
public class AuthorityKeyIdentifier
extends V3Extension

This class implements the AuthorityKeyIdentifier Extension.

The AuthorityKeyIdentifier extension is a standard X509v3 extension, which MUST NOT be marked as being critical.

Each extension is associated with a specific certificateExtension object identifier, derived from: 

 certificateExtension  OBJECT IDENTIFIER ::=
                            {joint-iso-ccitt(2) ds(5) 29}
 id-ce                 OBJECT IDENTIFIER ::=  certificateExtension

The object identifier for the AuthorityKeyIdentifier extension is defined as:

id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 }

which corresponds to the OID string "2.5.29.35".

The X.509 Certificate and CRL profile presented in RFC 2459 specifies the authority key identifier extension for providing a means of identifying the public key corresponding to the private key used to sign a certificate. This extension would be used where an issuer has multiple signing keys (either due to multiple concurrent key pairs or due to changeover). In general, this extension should be included in certificates.

Although the identification can be based on either the key identifier (the subject key identifier in the issuer's certificate) or on the issuer name and serial number, it is recommended to use the key identifier method.

The ASN.1 definition of the AuthorityKeyIdentifier extension is specified as follows: 

 AuthorityKeyIdentifier ::= SEQUENCE {
   keyIdentifier             [0] KeyIdentifier           OPTIONAL,
   authorityCertIssuer       [1] GeneralNames            OPTIONAL,
   authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL    }

where: 

 KeyIdentifier ::= OCTET STRING
 

 GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
 

 GeneralName ::= CHOICE {
          otherName                       [0]     OtherName,
          rfc822Name                      [1]     IA5String,
          dNSName                         [2]     IA5String,
          x400Address                     [3]     ORAddress,
          directoryName                   [4]     Name,
          ediPartyName                    [5]     EDIPartyName,
          uniformResourceIdentifier       [6]     IA5String,
          iPAddress                       [7]     OCTET STRING,
          registeredID                    [8]     OBJECT IDENTIFIER}
 

 CertificateSerialNumber  ::=  INTEGER

This class provides several methods for setting respectively getting the component values of an AuthorityKeyIdentifier extension object.

For adding an AuthorityKeyIdentifier extension object to a X509Certificate, use the addExtension method of the iaik.x509.X509Certificate class: 

 AuthorityKeyIdentifier authorityKeyIdentifier = new AuthorityKeyIdentifier();
 authorityKeyIdentifier.setKeyIdentifier(new byte[] {9,8,7,6,5,4,3,2,1});
 GeneralName generalName = new GeneralName(GeneralName.uniformResourceIdentifier, "http://ca.test.com/");
 authorityKeyIdentifier.setAuthorityCertIssuer(new GeneralNames(generalName));
 authorityKeyIdentifier.setAuthorityCertSerialNumber(new BigInteger("235123512365215"));
 X509Certificate cert = new X509Certificate();
 ...
 cert.addExtension(authorityKeyIdentifier);

Version:
File Revision 26
See Also:
GeneralName, GeneralNames, IA5String, OCTET_STRING, ObjectID, Name, X509Certificate, X509Extensions, V3Extension

Field Summary
static ObjectID oid
          The object identifier of this AuthorityKeyIdentifier extension.
 
Fields inherited from class iaik.x509.V3Extension
critical
 
Constructor Summary
AuthorityKeyIdentifier()
          Default constructor.
AuthorityKeyIdentifier(byte[] keyIdentifier)
          Create a AuthorityKeyIdentifier with a key identifier.
AuthorityKeyIdentifier(GeneralNames authorityCertIssuer, BigInteger authorityCertSerialNumber)
          Create a AuthorityKeyIdentifier with issuer and serial number.
 
Method Summary
 GeneralNames getAuthorityCertIssuer()
          Returns the authority cert issuer of this AuthorityKeyIdentifier extension.
 BigInteger getAuthorityCertSerialNumber()
          Returns the serial number of this AuthorityKeyIdentifier extension.
 byte[] getKeyIdentifier()
          Returns the key identifier of this AuthorityKeyIdentifier extension.
 ObjectID getObjectID()
          Returns the object ID of this AuthorityKeyIdentifier extension.
 int hashCode()
          Returns a hashcode for this identity.
 void init(ASN1Object obj)
          Inits this AuthorityKeyIdentifier implementation with an ASN1Object representing the value of this extension.
 void setAuthorityCertIssuer(GeneralNames authorityCertIssuer)
          Sets the authority cert issuer of this AuthorityKeyIdentifier extension.
 void setAuthorityCertSerialNumber(BigInteger authorityCertSerialNumber)
          Sets the serial number of this AuthorityKeyIdentifier extension.
 void setKeyIdentifier(byte[] ki)
          Sets the key identifier of this AuthorityKeyIdentifier extension.
 ASN1Object toASN1Object()
          Returns an ASN1Object representing the value of this AuthorityKeyIdentifier extension object.
 String toString()
          Returns a string that represents the contents of this AuthorityKeyIdentifier extension.
 
Methods inherited from class iaik.x509.V3Extension
getName, isCritical, setCritical
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, notify, notifyAll, wait, wait, wait
 

Field Detail

oid

public static final ObjectID oid
The object identifier of this AuthorityKeyIdentifier extension. The corresponding OID string is "2.5.29.35".
Constructor Detail

AuthorityKeyIdentifier

public AuthorityKeyIdentifier()
Default constructor.

Creates an empty AuthorityKeyIdentifier object. Use setKeyIdentifier, setAuthorityCertIssuer and setAuthorityCertSerialNumber for explicitly setting the corresponding values.

AuthorityKeyIdentifier

public AuthorityKeyIdentifier(byte[] keyIdentifier)
Create a AuthorityKeyIdentifier with a key identifier.

AuthorityKeyIdentifier

public AuthorityKeyIdentifier(GeneralNames authorityCertIssuer,
                              BigInteger authorityCertSerialNumber)
Create a AuthorityKeyIdentifier with issuer and serial number.
Method Detail

getObjectID

public ObjectID getObjectID()
Returns the object ID of this AuthorityKeyIdentifier extension.
Overrides:
getObjectID in class V3Extension
Returns:
the object ID

init

public void init(ASN1Object obj)
          throws X509ExtensionException
Inits this AuthorityKeyIdentifier implementation with an ASN1Object representing the value of this extension.

The given ASN1Object represents the key identifier, the authority cert issuer, and the authority cert serial number, all optionally.

The given ASN1Object is the one created by toASN1Object().

This method is used by the X509Extensions class when parsing the ASN.1 representation of a certificate for properly initializing an included AuthorityKeyIdentifier extension. This method initializes the extension only with its value, but not with its critical specification. For that reason, this method shall not be explicitly called by an application.

Overrides:
init in class V3Extension
Parameters:
obj - the AuthorityKeyIdentifier as ASN1Object
Throws:
X509ExtensionException - if the extension could not be parsed

toASN1Object

public ASN1Object toASN1Object()
                        throws X509ExtensionException
Returns an ASN1Object representing the value of this AuthorityKeyIdentifier extension object.

The returned ASN1Object is an ASN.1 Sequence representing the key identifier, the authority cert issuer, and the authority cert serial number, all optionally: 

 AuthorityKeyIdentifier ::= SEQUENCE {
   keyIdentifier             [0] KeyIdentifier           OPTIONAL,
   authorityCertIssuer       [1] GeneralNames            OPTIONAL,
   authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL    }

Overrides:
toASN1Object in class V3Extension
Returns:
the value of this AuthorityKeyIdentifier as ASN1Object
Throws:
X509ExtensionException - if the ASN1Object cannot be created because of an coding error

setKeyIdentifier

public void setKeyIdentifier(byte[] ki)
Sets the key identifier of this AuthorityKeyIdentifier extension.

For instance: 

 AuthorityKeyIdentifier authorityKeyIdentifier = new AuthorityKeyIdentifier();
 authorityKeyIdentifier.setKeyIdentifier(new byte[] {9,8,7,6,5,4,3,2,1});

Parameters:
ki - the key identifier
See Also:
getKeyIdentifier()

setAuthorityCertIssuer

public void setAuthorityCertIssuer(GeneralNames authorityCertIssuer)
Sets the authority cert issuer of this AuthorityKeyIdentifier extension.

The authority cert issuer is specified by a GeneralNames structure. For instance: 

 AuthorityKeyIdentifier authorityKeyIdentifier = new AuthorityKeyIdentifier();
 GeneralName generalName = new GeneralName(GeneralName.directoryName, issuerCert.getSubjectDN());
 authorityKeyIdentifier.setAuthorityCertIssuer(new GeneralNames(generalName));

Parameters:
authorityCertIssuer - the authority cert_issuer specified by its GeneralNames
See Also:
getAuthorityCertIssuer(), GeneralNames

setAuthorityCertSerialNumber

public void setAuthorityCertSerialNumber(BigInteger authorityCertSerialNumber)
Sets the serial number of this AuthorityKeyIdentifier extension.

For instance: 

 AuthorityKeyIdentifier authorityKeyIdentifier = new AuthorityKeyIdentifier();
 authorityKeyIdentifier.setAuthorityCertSerialNumber(issuerCert.getSerialNumber());

Parameters:
sn - the serial number
See Also:
getAuthorityCertSerialNumber()

getKeyIdentifier

public byte[] getKeyIdentifier()
Returns the key identifier of this AuthorityKeyIdentifier extension.
Returns:
the key identifier
See Also:
setKeyIdentifier(byte[])

getAuthorityCertIssuer

public GeneralNames getAuthorityCertIssuer()
Returns the authority cert issuer of this AuthorityKeyIdentifier extension.
Returns:
the GeneralNames representing the authority cert issuer
See Also:
setAuthorityCertIssuer(iaik.asn1.structures.GeneralNames), GeneralNames

getAuthorityCertSerialNumber

public BigInteger getAuthorityCertSerialNumber()
Returns the serial number of this AuthorityKeyIdentifier extension.
Returns:
the serial number
See Also:
setAuthorityCertSerialNumber(java.math.BigInteger)

hashCode

public int hashCode()
Returns a hashcode for this identity.
Overrides:
hashCode in class V3Extension
Returns:
a hash code for this identity

toString

public String toString()
Returns a string that represents the contents of this AuthorityKeyIdentifier extension.
Overrides:
toString in class Object
Returns:
the string representation
Overview  Package   Class  Tree  Deprecated  Index  Help 
This Javadoc may contain text parts from Internet Standard specifications (RFC 2459, 3280, 3039, 2560, 1521, 821, 822, 2253, 1319, 1321, ,2630, 2631, 2268, 3058, 2984, 2104, 2144, 2040, 2311, 2279, see copyright note) and RSA Data Security Public-Key Cryptography Standards (PKCS#1,3,5,7,8,9,10,12, see copyright note).
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD
IAIK-JCE 3.1 with IAIK-JCE CC Core 3.1, (c) 1997-2004 IAIK