iaik.security.ssl
Class URLAndOptionalHash

java.lang.Object
  extended by iaik.security.ssl.URLAndOptionalHash

public class URLAndOptionalHash
extends java.lang.Object

This class represents a URLAndOptionalHash as used by the TLS client_certificate_url extension (see RFC 4366).

Instead of sending its certificate(s) to the server a constrained client may send a list of URLs from where the server can get the client certificate(s) (see RFC 4366):

 enum {
   individual_certs(0), pkipath(1), (255)
 } CertChainType;

 enum {
   false(0), true(1)
 } Boolean;

 struct {
    CertChainType type;
    URLAndOptionalHash url_and_hash_list<1..2^16-1>;
 } CertificateURL;

 struct {
    opaque url<1..2^16-1>;
    Boolean hash_present;
    select (hash_present) {
       case false: struct {};
       case true: SHA1Hash;
    } hash;
 } URLAndOptionalHash;

 opaque SHA1Hash[20];
 
The list may contain one URLAndOptionalHash object (type pkipath) to point to a location from where the server can download the client certificate(s) as ASN.1 PkiPath (i.e. SEQUENCE OF Certificate), or may contain a separate URLAndOptionalHash (type individual_certs) for each certificate of the client (from where it can be downloaded as DER encoded X.509 certificate). When creating an URLAndOptionalHash object you have to specify the url (as String) from where the client certificate (or pki path) can be downloaded:
 String clientCertUrl = ...;
 URLAndOptionalHash urlAndOptionalHash = new URLAndOptionalHash(clientCertUrl);
 
You also may calculate and set a SHA-1 hash over the certificate (or pki path) so that the server, when downloading the certificate (or pki path) from the referenced url, can check if it actually has been referred by the given url:
 byte[] sha1Hash = ...;
 urlAndOptionalHash.setHash(sha1Hash);
 
Subsequently create a KeyAndCertURL object for your URLAndOptionalHash list and add it as client credentials to your SSLClientContext (see javadoc of class KeyAndCertURL for an example).

See Also:
KeyAndCertURL, ClientCertificateURL

Constructor Summary
URLAndOptionalHash(java.lang.String clientCertificateUrl)
          Creates a URLAndOptionalHash object from the given url.
 
Method Summary
 boolean equals(java.lang.Object obj)
          Compares this URLAndOptionalHash object with the given object.
 byte[] getEncodedURL()
          Gets the encoded URL of this URLAndOptionalHash.
 byte[] getHash()
          Gets the hash (if present) of this URLAndOptionalHash.
 java.lang.String getURL()
          Gets the URL of this URLAndOptionalHash.
 int hashCode()
          Gets a hash code for this URLAndOptionalHash object.
 void setHash(byte[] hash)
          Sets the SHA-1 hash value of this URLAndOptionalHash.
 java.lang.String toString()
          Gets a String representation of this URLAndOptionalHash object.
 
Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, wait
 

Constructor Detail

URLAndOptionalHash

public URLAndOptionalHash(java.lang.String clientCertificateUrl)
                   throws java.io.UnsupportedEncodingException
Creates a URLAndOptionalHash object from the given url.

Parameters:
clientCertificateUrl - the client certificate url as String
Throws:
java.lang.IllegalArgumentException - if the given url is null
java.io.UnsupportedEncodingException - if the given url cannot be encoded
Method Detail

setHash

public void setHash(byte[] hash)
Sets the SHA-1 hash value of this URLAndOptionalHash. If the URL of this URLAndOptionalHash points to a single X.509 certificate, the SHA-1 hash must have been calculated over the DER encoded X.509 certificate. If the URL points to a pki path, the hash must have been calculated over the DER encoded pki path.

Parameters:
hash - the SHA-1 hash value of the certificate or pki path (is not cloned inside this method)

getURL

public java.lang.String getURL()
Gets the URL of this URLAndOptionalHash.

Returns:
the client certificate url

getEncodedURL

public byte[] getEncodedURL()
Gets the encoded URL of this URLAndOptionalHash.

Returns:
the encoded client certificate url (the returned array is not cloned or copied by this method)

getHash

public byte[] getHash()
Gets the hash (if present) of this URLAndOptionalHash.

Returns:
the hash value or null if no hash is set for this URLAndOptionalHash (the returned byte array is not cloned or copied by this method)

toString

public java.lang.String toString()
Gets a String representation of this URLAndOptionalHash object.

Overrides:
toString in class java.lang.Object
Returns:
a String representation of this object

equals

public boolean equals(java.lang.Object obj)
Compares this URLAndOptionalHash object with the given object.

Overrides:
equals in class java.lang.Object
Parameters:
obj - the other object
Returns:
true if the two objects are equal, false if they are not equal

hashCode

public int hashCode()
Gets a hash code for this URLAndOptionalHash object.

Overrides:
hashCode in class java.lang.Object
Returns:
a hash code

This Javadoc may contain text parts from text parts from IETF Internet Standard specifications (see copyright note).

iSaSiLk 5.104, (c) 2002 IAIK, (c) 2003 - 2015 SIC