iaik.x509.ocsp
Class CertID

java.lang.Object
  |
  +--iaik.x509.ocsp.CertID

public class CertID

extends Object

This class implements OCSP type CertID.

The X.509 Online Certificate Status Protocol (RFC 2560) specifies the CertID type for being used to indicate the certificate for which revocation status information is requested.

 CertID ::= SEQUENCE {
   hashAlgorithm      AlgorithmIdentifier,
   issuerNameHash     OCTET STRING, -- Hash of Issuer's DN
   issuerKeyHash      OCTET STRING, -- Hash of Issuers public key
   serialNumber       CertificateSerialNumber }                      
 

The primary reason to use the hash of the CA's public key in addition to the hash of the CA's name, to identify the issuer, is that it is possible that two CAs may choose to use the same Name (uniqueness in the Name is a recommendation that cannot be enforced). Two CAs will never, however, have the same public key unless the CAs either explicitly decided to share their private key, or the key of one of the CAs was compromised.

When creating a CertID object you may calculate issuer name and key values yourself or let class CertID calculate it for you, e.g.:

 AlgorithmID hashAlgorithm = AlgorithmID.sha1;
 Name issuerName = ...;
 PublicKey issuerKey = ...;
 BigInteger serialNumber = certificate.getSerialNumber();
 CertID certID = new CertID(hashAlgorithm, issuerName, issuerKey, serialNumber);
 

Version:

File Revision 10

Constructor Summary

CertID(AlgorithmID hashAlgorithm, byte[] issuerNameHash, byte[] issuerKeyHash, BigInteger serialNumber)
Creates a new CertID from hashAlgorithm, issuerNameHash, issuerKeyHash and serial number.

CertID(AlgorithmID hashAlgorithm, Name issuerName, PublicKey issuerKey, BigInteger serialNumber)
Creates a new CertID from hashAlgorithm, issuerName, issuerKey and serial number.

CertID(AlgorithmID hashAlgorithm, X509Certificate issuerCert, BigInteger serialNumber)
Creates a new CertID from hashAlgorithm, issuer certificate and target certificate serial number.

CertID(AlgorithmID hashAlgorithm, X509Certificate issuerCert, X509Certificate targetCert)
Creates a new CertID from hashAlgorithm, issuer certificate and target certificate.

CertID(ASN1Object obj)
Creates CertID from an ASN1Object.

Method Summary

static byte[]	calculateIssuerKeyHash(PublicKey issuerKey, AlgorithmID hashAlgorithm) Calculets the issuerKeyHash from the given public key.
static byte[]	calculateIssuerNameHash(Name issuerName, AlgorithmID hashAlgorithm) Calculates a SHA hash from the supplied issuer Name.
boolean	equals(Object obj) Compares this CertID with the given CertID.
AlgorithmID	getHashAlgorithm() Returns the hashAlgorithm.
byte[]	getIssuerKeyHash() Returns the issuerKeyHash.
byte[]	getIssuerNameHash() Returns the issuerNameHash.
BigInteger	getSerialNumber() Returns the serialNumber.
int	hashCode() Returns a hash code value for this object.
boolean	isCertIDFor(Name issuerName, PublicKey issuerKey, BigInteger serialNumber) Checks if this is a CertID for a certificate identified by the given issuer name and key, and serialNumber.
ASN1Object	toASN1Object() Returns this CertID as an ASN1Object.
String	toString() Returns a String representation of this CertID.

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Constructor Detail

CertID

public CertID(AlgorithmID hashAlgorithm,
              byte[] issuerNameHash,
              byte[] issuerKeyHash,
              BigInteger serialNumber)

Creates a new CertID from hashAlgorithm, issuerNameHash, issuerKeyHash and serial number.

Parameters:

issuerNameHash - is the hash of the Issuer's distinguished name. The hash shall be calculated over the DER encoding of the issuer's name field in the certificate being checked.

issuerKeyHash - is the hash of the Issuer's public key. The hash shall be calculated over the value (excluding tag and length) of the subject public key field in the issuer's certificate.

hashAlgorithm - The hash algorithm used for both these hashes is identified in hashAlgorithm.

serialNumber - the serial number of the certificate for which status is being requested.

Throws:

IllegalArgumentException - if any of the supplied values is null

CertID

public CertID(AlgorithmID hashAlgorithm,
              Name issuerName,
              PublicKey issuerKey,
              BigInteger serialNumber)
       throws NoSuchAlgorithmException

Creates a new CertID from hashAlgorithm, issuerName, issuerKey and serial number.

From given issuerName and issuerKey the required hash values (issuerNameHash, issuerKeyHash) are calculated using the given hash algorithm.

Parameters:

hashAlgorithm - the hash algorithm to be used

issuerName - the name of the issuer for calculating the issuerNamehash

issuerKey - the issuer key for calculating the issuerKeyHash; the encoding of the key must give a X.509 PublicKeyInfo (see PublicKeyInfo)

serialNumber - the serial number of the certificate for which status is being requested.

Throws:

NoSuchAlgorithmException - if the the requested hash algorithm is not supported

IllegalArgumentException - if any of the supplied values is null or or the key has a encoding format different from X.509 (PublicKeyInfo)

CertID

public CertID(AlgorithmID hashAlgorithm,
              X509Certificate issuerCert,
              BigInteger serialNumber)
       throws NoSuchAlgorithmException

Creates a new CertID from hashAlgorithm, issuer certificate and target certificate serial number.

From the given issuer certificate the required hash values (issuerNameHash, issuerKeyHash) are calculated using the given hash algorithm.

Parameters:

hashAlgorithm - the hash algorithm to be used

issuerCert - the issuer certificate

serialNumber - the serial number of the certificate for which status is being requested.

Throws:

NoSuchAlgorithmException - if the the requested hash algorithm is not supported

IllegalArgumentException - if any of the supplied values is null

CertID

public CertID(AlgorithmID hashAlgorithm,
              X509Certificate issuerCert,
              X509Certificate targetCert)
       throws NoSuchAlgorithmException

Creates a new CertID from hashAlgorithm, issuer certificate and target certificate.

From the given issuer certificate the required hash values (issuerNameHash, issuerKeyHash) are calculated using the given hash algorithm. From the given target certificate the certificate serial number is read.

Parameters:

hashAlgorithm - the hash algorithm to be used

issuerCert - the issuer certificate

targetCert - the certificate for which status is being requested

Throws:

NoSuchAlgorithmException - if the the requested hash algorithm is not supported

IllegalArgumentException - if any of the supplied values is null

CertID

public CertID(ASN1Object obj)
       throws CodingException

Creates CertID from an ASN1Object.

Parameters:

obj - the CertID as ASN1Object

Throws:

CodingException - if the ASN1Object has the wrong format

Method Detail

getHashAlgorithm

public AlgorithmID getHashAlgorithm()

Returns the hashAlgorithm.

Returns:

the hash algorithm

getIssuerNameHash

public byte[] getIssuerNameHash()

Returns the issuerNameHash.

Returns:

the issuerNameHash.

getIssuerKeyHash

public byte[] getIssuerKeyHash()

Returns the issuerKeyHash.

Returns:

the issuerKeyHash.

getSerialNumber

public BigInteger getSerialNumber()

Returns the serialNumber.

toASN1Object

public ASN1Object toASN1Object()

Returns this CertID as an ASN1Object.

Returns:

this CertID as ASN1Object

equals

public boolean equals(Object obj)

Compares this CertID with the given CertID.

Overrides:

equals in class Object

Parameters:

obj - the other CertID

Returns:

true, if the two CertIDs are equal, false otherwise

hashCode

public int hashCode()

Returns a hash code value for this object.

Overrides:

hashCode in class Object

Returns:

a hash code value for this object

isCertIDFor

public boolean isCertIDFor(Name issuerName,
                           PublicKey issuerKey,
                           BigInteger serialNumber)
                    throws NoSuchAlgorithmException

Checks if this is a CertID for a certificate identified by the given issuer name and key, and serialNumber.

Parameters:

issuerName - the name of the certificate issuer

issuerKey - the public key of the certificate issuer

serialNumber - the serial number of the certificate in mind

Returns:

true if the certificate in mind is identified by this CertID, false if not

toString

public String toString()

Returns a String representation of this CertID.

Overrides:

toString in class Object

Returns:

a String representation

calculateIssuerNameHash

public static byte[] calculateIssuerNameHash(Name issuerName,
                                             AlgorithmID hashAlgorithm)
                                      throws NoSuchAlgorithmException

Calculates a SHA hash from the supplied issuer Name.

Parameters:

issuerName - the name for which the hash shall be calculated

hashAlgorithm - the hash algorithm to be used

Returns:

the hash value

Throws:

NoSuchAlgorithmException - if the requested hash algorithm is not supported

calculateIssuerKeyHash

public static byte[] calculateIssuerKeyHash(PublicKey issuerKey,
                                            AlgorithmID hashAlgorithm)
                                     throws NoSuchAlgorithmException,
                                            CodingException

Calculets the issuerKeyHash from the given public key. The hash is calcualted of the value of the BIT STRING publicKeyInfo (excluding the tag, length).

Parameters:

issuerKey - the public issuer key for which the hash shall be calculated; the encoding of the key must give a X.509 PublicKeyInfo (see PublicKeyInfo)

Throws:

CodingException - if the key does not give the right encoding

NoSuchAlgorithmException - if the required hash algorithm is not supported by the installed cryptography providers