|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.bouncycastle.asn1.ASN1Encodable
be.cardon.asn1.x509.extensions.AuthorityKeyIdentifier
public class AuthorityKeyIdentifier
Extension AuthorityKeyIdentifier
.
Documentation from RFC 3280:
The authority key identifier extension provides a means of identifying the public key corresponding to the private key used to sign a certificate. This extension is used where an issuer has multiple signing keys (either due to multiple concurrent key pairs or due to changeover). The identification MAY be based on either the key identifier (the subject key identifier in the issuer's certificate) or on the issuer name and serial number.
The keyIdentifier
field of the authorityKeyIdentifier
extension MUST be included in all certificates generated by conforming CAs to
facilitate certification path construction. There is one exception;
where a CA distributes its public key in the form of a "self-signed"
certificate, the authority key identifier MAY be omitted. The
signature on a self-signed certificate is generated with the private
key associated with the certificate's subject public key. (This
proves that the issuer possesses both the public and private keys.)
In this case, the subject and authority key identifiers would be
identical, but only the subject key identifier is needed for
certification path building.
The value of the keyIdentifier
field SHOULD be derived from the
public key used to verify the certificate's signature or a method
that generates unique values. Two common methods for generating key
identifiers from the public key, and one common method for generating
unique values, are described in section 4.2.1.2 in RFC 3280. Where a key
identifier has not been previously established, this specification
RECOMMENDS use of one of these methods for generating keyIdentifiers.
Where a key identifier has been previously established, the CA SHOULD
use the previously established identifier.
This profile RECOMMENDS support for the key identifier method by all certificate users.
This extension MUST NOT be marked critical.
The ASN.1 definitions are :
id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 } AuthorityKeyIdentifier ::= SEQUENCE { keyIdentifier [0] KeyIdentifier OPTIONAL, authorityCertIssuer [1] GeneralNames OPTIONAL, authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL } KeyIdentifier ::= OCTET STRING
Field Summary |
---|
Fields inherited from class org.bouncycastle.asn1.ASN1Encodable |
---|
BER, DER |
Constructor Summary | |
---|---|
AuthorityKeyIdentifier(org.bouncycastle.asn1.ASN1Sequence seq)
Decodes an existing AuthorityKeyIdentifier ASN.1 object. |
|
AuthorityKeyIdentifier(byte[] keyIdentifier,
GeneralNames authorityCertIssuer,
java.math.BigInteger authorityCertSerialNumber)
Creates an AuthorityKeyIdentifier with a precomputed key identifier,
the authorityCertIssuer and the serial number provided as well. |
|
AuthorityKeyIdentifier(GeneralNames authorityCertIssuer,
java.math.BigInteger authorityCertSerialNumber)
Creates an AuthorityKeyIdentifier with
the authorityCertIssuer and the authorityCertSerialNumber provided. |
|
AuthorityKeyIdentifier(SubjectPublicKeyInfo spki)
Calulates the {code keyIdentifier} field using a SHA1 hash over the BIT STRING from SubjectPublicKeyInfo as defined in RFC 3280. |
|
AuthorityKeyIdentifier(SubjectPublicKeyInfo subjectPublicKeyInfo,
GeneralNames authorityCertIssuer,
java.math.BigInteger authorityCertSerialNumber)
Creates an AuthorityKeyIdentifier with
the subjectPublicKeyInfo ,
the authorityCertIssuer and
the authorityCertSerialNumber provided as well. |
Method Summary | |
---|---|
GeneralNames |
getAuthorityCertIssuer()
Returns the authorityCertIssuer element
or null if absent. |
java.math.BigInteger |
getAuthorityCertSerialNumber()
Returns the AuthorityCertSerialNumber element
or null if absent. |
static AuthorityKeyIdentifier |
getInstance(org.bouncycastle.asn1.ASN1TaggedObject obj,
boolean explicit)
Creates an new object from an existing ASN.1 tagged object. |
static AuthorityKeyIdentifier |
getInstance(java.lang.Object obj)
Creates an new object from an existing ASN1Sequence
or AuthorityKeyIdentifier object. |
byte[] |
getKeyIdentifier()
Returns the keyIdentifier element
or null it absent. |
org.bouncycastle.asn1.DERObject |
toASN1Object()
|
Methods inherited from class org.bouncycastle.asn1.ASN1Encodable |
---|
equals, getDEREncoded, getDERObject, getEncoded, getEncoded, hashCode |
Methods inherited from class java.lang.Object |
---|
clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public AuthorityKeyIdentifier(org.bouncycastle.asn1.ASN1Sequence seq)
AuthorityKeyIdentifier
ASN.1 object.
seq
- ASN.1 Sequence being the {code AuthorityKeyIdentifier}.public AuthorityKeyIdentifier(SubjectPublicKeyInfo spki) throws java.security.NoSuchAlgorithmException
BIT STRING
from SubjectPublicKeyInfo
as defined in RFC 3280.
Example of making a AuthorityKeyIdentifier
:
SubjectPublicKeyInfo apki = new SubjectPublicKeyInfo((ASN1Sequence)new ASN1InputStream( publicKey.getEncoded()).readObject()); AuthorityKeyIdentifier aki = new AuthorityKeyIdentifier(apki);
spki
- The SubjectPublicKeyInfo
used to calculates the hash.
java.security.NoSuchAlgorithmException
- if no SHA-1 MessageDigest
service found.public AuthorityKeyIdentifier(SubjectPublicKeyInfo subjectPublicKeyInfo, GeneralNames authorityCertIssuer, java.math.BigInteger authorityCertSerialNumber) throws java.security.NoSuchAlgorithmException
AuthorityKeyIdentifier
with
the subjectPublicKeyInfo
,
the authorityCertIssuer
and
the authorityCertSerialNumber
provided as well.
java.security.NoSuchAlgorithmException
- if no SHA-1 MessageDigest
service found.public AuthorityKeyIdentifier(GeneralNames authorityCertIssuer, java.math.BigInteger authorityCertSerialNumber)
AuthorityKeyIdentifier
with
the authorityCertIssuer
and the authorityCertSerialNumber
provided.
public AuthorityKeyIdentifier(byte[] keyIdentifier, GeneralNames authorityCertIssuer, java.math.BigInteger authorityCertSerialNumber)
AuthorityKeyIdentifier
with a precomputed key identifier,
the authorityCertIssuer
and the serial number provided as well.
Method Detail |
---|
public static AuthorityKeyIdentifier getInstance(org.bouncycastle.asn1.ASN1TaggedObject obj, boolean explicit)
public static AuthorityKeyIdentifier getInstance(java.lang.Object obj)
ASN1Sequence
or AuthorityKeyIdentifier
object.
java.lang.IllegalArgumentException
- if the object is invalid.public byte[] getKeyIdentifier()
keyIdentifier
element
or null
it absent.
public GeneralNames getAuthorityCertIssuer()
authorityCertIssuer
element
or null
if absent.
public java.math.BigInteger getAuthorityCertSerialNumber()
AuthorityCertSerialNumber
element
or null
if absent.
public org.bouncycastle.asn1.DERObject toASN1Object()
toASN1Object
in class org.bouncycastle.asn1.ASN1Encodable
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |