|
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||
java.lang.Objectcom.ibm.security.keystoreski.SKIDefinitionFactory
public final class SKIDefinitionFactory
Constructs and returns instances of SKIDefinition that provides implementations which are typically based on
definitions of Subject Key Identifier from RFC 3280 Section 4.2.1.2.
SKIDefinition,
KeyStoreSKI,
RFC 3280 Section 4.2.1.2| Method Summary | |
|---|---|
static SKIDefinition |
newCompositeSKIDefinition(SKIDefinition... definitions)
Returns a new Subject Key Identifier definition that calculates the Subject Key Identifier by obtaining the Subject Key Identifier from the passed SKIDefinition implementations. |
static SKIDefinition |
newSHA1PublicKeySKIDefinition()
Returns a new Subject Key Identifier definition that calculates the SHA-1 hash of the associate public key of the certificate to generate the Subject Key Identifier. |
static SKIDefinition |
newSHA1PublicKeyTruncatedSKIDefinition()
Returns a new Subject Key Identifier definition that calculates the SHA-1 hash of the associate public key of the certificate and truncates it to generate the Subject Key Identifier. |
static SKIDefinition |
newX509ExtensionSKIDefinition()
Returns a new Subject Key Identifier definition that inspects the extensions of the certificate for the Subject Key Identifier (2.5.29.14). |
| Methods inherited from class java.lang.Object |
|---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Method Detail |
|---|
public static SKIDefinition newSHA1PublicKeySKIDefinition()
null from the
SKIDefinition.getSubjectKeyIdentifier(X509Certificate) method. To quote from RFC 3280
Section 4.2.1.2:
For CA certificates, subject key identifiers SHOULD be derived from
the public key or a method that generates unique values. Two common
methods for generating key identifiers from the public key are:
(1) The keyIdentifier is composed of the 160-bit SHA-1 hash of the
value of the BIT STRING subjectPublicKey (excluding the tag,
length, and number of unused bits).
Certificate.getPublicKey()public static SKIDefinition newSHA1PublicKeyTruncatedSKIDefinition()
null from the
SKIDefinition.getSubjectKeyIdentifier(X509Certificate) method.
The method of truncation of the SHA-1 hash is specified in RFC 3280 Section 4.2.1.2:
For CA certificates, subject key identifiers SHOULD be derived from
the public key or a method that generates unique values. Two common
methods for generating key identifiers from the public key are:
(1) ...
(2) The keyIdentifier is composed of a four bit type field with
the value 0100 followed by the least significant 60 bits of the
SHA-1 hash of the value of the BIT STRING subjectPublicKey
(excluding the tag, length, and number of unused bit string bits).
public static SKIDefinition newX509ExtensionSKIDefinition()
null from the SKIDefinition.getSubjectKeyIdentifier(X509Certificate) method.
X509Extension.getExtensionValue(String)public static SKIDefinition newCompositeSKIDefinition(SKIDefinition... definitions)
null value from
the SKIDefinition.getSubjectKeyIdentifier(X509Certificate) method is the value returned
from the composite implementation. If any elements of the definitions parameter are null,
they are ignored. If all implementations return a null value, then the returned implementation will
return null.
definitions - The Subject Key Identifier implementations to search linearly for a Subject Key Identifier.
NullPointerException - If definitions is null.
|
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||