com.ibm.security.keystoreski
Class SKIDefinitionFactory

java.lang.Object
  extended by com.ibm.security.keystoreski.SKIDefinitionFactory

public final class SKIDefinitionFactory
extends Object

Constructs and returns instances of SKIDefinition that provides implementations which are typically based on definitions of Subject Key Identifier from RFC 3280 Section 4.2.1.2.

See Also:
SKIDefinition, KeyStoreSKI, RFC 3280 Section 4.2.1.2

Method Summary
static SKIDefinition newCompositeSKIDefinition(SKIDefinition... definitions)
          Returns a new Subject Key Identifier definition that calculates the Subject Key Identifier by obtaining the Subject Key Identifier from the passed SKIDefinition implementations.
static SKIDefinition newSHA1PublicKeySKIDefinition()
          Returns a new Subject Key Identifier definition that calculates the SHA-1 hash of the associate public key of the certificate to generate the Subject Key Identifier.
static SKIDefinition newSHA1PublicKeyTruncatedSKIDefinition()
          Returns a new Subject Key Identifier definition that calculates the SHA-1 hash of the associate public key of the certificate and truncates it to generate the Subject Key Identifier.
static SKIDefinition newX509ExtensionSKIDefinition()
          Returns a new Subject Key Identifier definition that inspects the extensions of the certificate for the Subject Key Identifier (2.5.29.14).
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Method Detail

newSHA1PublicKeySKIDefinition

public static SKIDefinition newSHA1PublicKeySKIDefinition()
Returns a new Subject Key Identifier definition that calculates the SHA-1 hash of the associate public key of the certificate to generate the Subject Key Identifier. If the public key does not contain valid data from which to extract a SHA-1 hash, the implementation returns null from the SKIDefinition.getSubjectKeyIdentifier(X509Certificate) method. To quote from RFC 3280 Section 4.2.1.2:
        For CA certificates, subject key identifiers SHOULD be derived from
        the public key or a method that generates unique values.  Two common
        methods for generating key identifiers from the public key are:

        (1) The keyIdentifier is composed of the 160-bit SHA-1 hash of the
        value of the BIT STRING subjectPublicKey (excluding the tag,
        length, and number of unused bits).
     

Returns:
A new Subject Key Identifier definition that calculates the SHA-1 hash of the associate public key of the certificate to generate the Subject Key Identifier.
See Also:
RFC 3280 Section 4.2.1.2, Certificate.getPublicKey()

newSHA1PublicKeyTruncatedSKIDefinition

public static SKIDefinition newSHA1PublicKeyTruncatedSKIDefinition()
Returns a new Subject Key Identifier definition that calculates the SHA-1 hash of the associate public key of the certificate and truncates it to generate the Subject Key Identifier. If the public key does not contain valid data from which to extract a SHA-1 hash, the implementation returns null from the SKIDefinition.getSubjectKeyIdentifier(X509Certificate) method. The method of truncation of the SHA-1 hash is specified in RFC 3280 Section 4.2.1.2:
        For CA certificates, subject key identifiers SHOULD be derived from
        the public key or a method that generates unique values.  Two common
        methods for generating key identifiers from the public key are:

        (1) ...

        (2) The keyIdentifier is composed of a four bit type field with
        the value 0100 followed by the least significant 60 bits of the
        SHA-1 hash of the value of the BIT STRING subjectPublicKey
        (excluding the tag, length, and number of unused bit string bits).
     

Returns:
A new Subject Key Identifier definition that calculates the SHA-1 hash of the associate public key of the certificate and truncates it to generate the Subject Key Identifier.
See Also:
RFC 3280 Section 4.2.1.2

newX509ExtensionSKIDefinition

public static SKIDefinition newX509ExtensionSKIDefinition()
Returns a new Subject Key Identifier definition that inspects the extensions of the certificate for the Subject Key Identifier (2.5.29.14). If the extension is absent or cannot be determined, the implementation returns null from the SKIDefinition.getSubjectKeyIdentifier(X509Certificate) method.

Returns:
A new Subject Key Identifier definition that inspects the extensions of the certificate for the Subject Key Identifier (2.5.29.14).
See Also:
RFC 3280 Section 4.2.1.2, X509Extension.getExtensionValue(String)

newCompositeSKIDefinition

public static SKIDefinition newCompositeSKIDefinition(SKIDefinition... definitions)
Returns a new Subject Key Identifier definition that calculates the Subject Key Identifier by obtaining the Subject Key Identifier from the passed SKIDefinition implementations. The implementations are called in a linear fashion, from first to last, and the first implementation to return a non-null value from the SKIDefinition.getSubjectKeyIdentifier(X509Certificate) method is the value returned from the composite implementation. If any elements of the definitions parameter are null, they are ignored. If all implementations return a null value, then the returned implementation will return null.

Parameters:
definitions - The Subject Key Identifier implementations to search linearly for a Subject Key Identifier.
Returns:
A new Subject Key Identifier definition that calculates the Subject Key Identifier by obtaining the Subject Key Identifier from the passed SKIDefinition implementations.
Throws:
NullPointerException - If definitions is null.