com.ibm.security.keystoreski
Class SKIDefinitionFactory
- java.lang.Object
com.ibm.security.keystoreski.SKIDefinitionFactory
- public final class SKIDefinitionFactory
- extends java.lang.Object
SKIDefinition that provides implementations which are typically based on
definitions of Subject Key Identifier from RFC 3280 Section 4.2.1.2.
See Also:
Method Summary
| Modifier and Type | Method and Description |
|---|---|
|
newCompositeSKIDefinition(SKIDefinition... definitions)
Returns a new Subject Key Identifier definition that calculates the Subject Key Identifier by obtaining the
Subject Key Identifier from the passed
SKIDefinition implementations.
|
|
newSHA1PublicKeySKIDefinition()
Returns a new Subject Key Identifier definition that calculates the SHA-1 hash of the associate public key of the
certificate to generate the Subject Key Identifier.
|
|
newSHA1PublicKeyTruncatedSKIDefinition()
Returns a new Subject Key Identifier definition that calculates the SHA-1 hash of the associate public key of the
certificate and truncates it to generate the Subject Key Identifier.
|
|
newX509ExtensionSKIDefinition()
Returns a new Subject Key Identifier definition that inspects the extensions of the certificate for the Subject
Key Identifier (2.5.29.14).
|
| Methods inherited from class java.lang.Object |
|---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Method Detail
newSHA1PublicKeySKIDefinition
- public static SKIDefinition newSHA1PublicKeySKIDefinition( )
Returns:
A new Subject Key Identifier definition that calculates the SHA-1 hash of the associate public key of the
certificate to generate the Subject Key Identifier.
See Also:
RFC 3280 Section 4.2.1.2,
Certificate.getPublicKey()newSHA1PublicKeyTruncatedSKIDefinition
- public static SKIDefinition newSHA1PublicKeyTruncatedSKIDefinition( )
Returns a new Subject Key Identifier definition that calculates the SHA-1 hash of the associate public key of the
certificate and truncates it to generate the Subject Key Identifier. If the public key does not contain valid data
from which to extract a SHA-1 hash, the implementation returns
null from the
SKIDefinition.getSubjectKeyIdentifier(X509Certificate) method.
The method of truncation of the SHA-1 hash is specified in RFC 3280 Section 4.2.1.2:
For CA certificates, subject key identifiers SHOULD be derived from
the public key or a method that generates unique values. Two common
methods for generating key identifiers from the public key are:
(1) ...
(2) The keyIdentifier is composed of a four bit type field with
the value 0100 followed by the least significant 60 bits of the
SHA-1 hash of the value of the BIT STRING subjectPublicKey
(excluding the tag, length, and number of unused bit string bits).
Returns:
A new Subject Key Identifier definition that calculates the SHA-1 hash of the associate public key of the
certificate and truncates it to generate the Subject Key Identifier.
See Also:
newX509ExtensionSKIDefinition
- public static SKIDefinition newX509ExtensionSKIDefinition( )
Returns a new Subject Key Identifier definition that inspects the extensions of the certificate for the Subject
Key Identifier (2.5.29.14). If the extension is absent or cannot be determined, the implementation returns
null from the SKIDefinition.getSubjectKeyIdentifier(X509Certificate) method.
Returns:
A new Subject Key Identifier definition that inspects the extensions of the certificate for the Subject
Key Identifier (2.5.29.14).
See Also:
RFC 3280 Section 4.2.1.2,
X509Extension.getExtensionValue(String)newCompositeSKIDefinition
- public static SKIDefinition newCompositeSKIDefinition( SKIDefinition... definitions)
Returns a new Subject Key Identifier definition that calculates the Subject Key Identifier by obtaining the
Subject Key Identifier from the passed
SKIDefinition implementations. The implementations are called in
a linear fashion, from first to last, and the first implementation to return a non-null value from
the SKIDefinition.getSubjectKeyIdentifier(X509Certificate) method is the value returned
from the composite implementation. If any elements of the definitions parameter are null,
they are ignored. If all implementations return a null value, then the returned implementation will
return null.
Parameters:
definitions - The Subject Key Identifier implementations to search linearly for a Subject Key Identifier. Returns:
A new Subject Key Identifier definition that calculates the Subject Key Identifier by obtaining the
Subject Key Identifier from the passed
SKIDefinition implementations. Throws:
java.lang.NullPointerException - If definitions is null.
nullfrom theSKIDefinition.getSubjectKeyIdentifier(X509Certificate)method. To quote from RFC 3280 Section 4.2.1.2:For CA certificates, subject key identifiers SHOULD be derived from the public key or a method that generates unique values. Two common methods for generating key identifiers from the public key are: (1) The keyIdentifier is composed of the 160-bit SHA-1 hash of the value of the BIT STRING subjectPublicKey (excluding the tag, length, and number of unused bits).