|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectcom.ibm.security.keystoreski.SKIDefinitionFactory
public final class SKIDefinitionFactory
Constructs and returns instances of SKIDefinition
that provides implementations which are typically based on
definitions of Subject Key Identifier from RFC 3280 Section 4.2.1.2.
SKIDefinition
,
KeyStoreSKI
,
RFC 3280 Section 4.2.1.2Method Summary | |
---|---|
static SKIDefinition |
newCompositeSKIDefinition(SKIDefinition... definitions)
Returns a new Subject Key Identifier definition that calculates the Subject Key Identifier by obtaining the Subject Key Identifier from the passed SKIDefinition implementations. |
static SKIDefinition |
newSHA1PublicKeySKIDefinition()
Returns a new Subject Key Identifier definition that calculates the SHA-1 hash of the associate public key of the certificate to generate the Subject Key Identifier. |
static SKIDefinition |
newSHA1PublicKeyTruncatedSKIDefinition()
Returns a new Subject Key Identifier definition that calculates the SHA-1 hash of the associate public key of the certificate and truncates it to generate the Subject Key Identifier. |
static SKIDefinition |
newX509ExtensionSKIDefinition()
Returns a new Subject Key Identifier definition that inspects the extensions of the certificate for the Subject Key Identifier (2.5.29.14). |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Method Detail |
---|
public static SKIDefinition newSHA1PublicKeySKIDefinition()
null
from the
SKIDefinition.getSubjectKeyIdentifier(X509Certificate)
method. To quote from RFC 3280
Section 4.2.1.2:For CA certificates, subject key identifiers SHOULD be derived from the public key or a method that generates unique values. Two common methods for generating key identifiers from the public key are: (1) The keyIdentifier is composed of the 160-bit SHA-1 hash of the value of the BIT STRING subjectPublicKey (excluding the tag, length, and number of unused bits).
Certificate.getPublicKey()
public static SKIDefinition newSHA1PublicKeyTruncatedSKIDefinition()
null
from the
SKIDefinition.getSubjectKeyIdentifier(X509Certificate)
method.
The method of truncation of the SHA-1 hash is specified in RFC 3280 Section 4.2.1.2:For CA certificates, subject key identifiers SHOULD be derived from the public key or a method that generates unique values. Two common methods for generating key identifiers from the public key are: (1) ... (2) The keyIdentifier is composed of a four bit type field with the value 0100 followed by the least significant 60 bits of the SHA-1 hash of the value of the BIT STRING subjectPublicKey (excluding the tag, length, and number of unused bit string bits).
public static SKIDefinition newX509ExtensionSKIDefinition()
null
from the SKIDefinition.getSubjectKeyIdentifier(X509Certificate)
method.
X509Extension.getExtensionValue(String)
public static SKIDefinition newCompositeSKIDefinition(SKIDefinition... definitions)
null
value from
the SKIDefinition.getSubjectKeyIdentifier(X509Certificate)
method is the value returned
from the composite implementation. If any elements of the definitions parameter are null
,
they are ignored. If all implementations return a null
value, then the returned implementation will
return null
.
definitions
- The Subject Key Identifier implementations to search linearly for a Subject Key Identifier.
NullPointerException
- If definitions
is null
.
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |