|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--com.rsa.certj.cert.extensions.X509V3Extension | +--com.rsa.certj.cert.extensions.AuthorityKeyID
This class holds, encodes, and decodes the
AuthorityKeyID
extension. It provides a means of
identifying the public key corresponding to the private key
used to sign a certificate or CRL. This extension is used
when an issuer has multiple signing keys (either due to
multiple concurrent key pairs or due to change over). The
identification is based on either the key identifier (the
subject key identifier in the issuer’s certificate, or the
subject key identifier in the CRL signer’s certificate) or
on the issuer name and serial number.
keyIdentifier
field
of the authorityKeyIdentifier
extension must be
included in all certificates generated by conforming CAs to
facilitate chain building. There is one exception; when a
CA distributes its public key in the form of a self-signed
certificate, the authority key identifier may be omitted.
In this case, the subject and authority key identifiers
are identical. The value of the
keyIdentifier
field should be derived from the
public key used to verify the certificate’s signature or by a
method that generates unique values.
If used in CRLs, conforming CAs that issue CRLs are required to include
and use the authority key identifier.
The ASN.1 definition is as follows:
authorityKeyIdentifier EXTENSION ::= { SYNTAX AuthorityKeyIdentifier IDENTIFIED BY id-ce-authorityKeyIdentifier } AuthorityKeyIdentifier ::= SEQUENCE { keyIdentifier [0] KeyIdentifier OPTIONAL, authorityCertIssuer [1] GeneralNames OPTIONAL, authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL } |
See Also
Constructor Summary |
|
AuthorityKeyID()
Constructs an empty |
|
AuthorityKeyID(GeneralNames authorityCertIssuer,
byte[] serialNumber,
int numberOffset,
int numberLen,
byte[] keyID,
int keyOffset,
int keyLen,
boolean criticality)
Constructs an |
Method Summary |
|
clone()
Overrides the default |
|
void |
decodeValue(byte[] valueBER,
int offset)
Decode the value. |
int |
derEncodeValue(byte[] encoding,
int offset)
Place the encoding of the value into encoding, beginning at offset. |
int |
derEncodeValueInit()
Initialize for encoding the value. |
getAuthorityCertIssuer()
Gets the authority certificate issuer from this extension. |
|
byte[] |
getKeyID()
Gets the key ID. |
byte[] |
getSerialNumber()
Gets the authority certificate serial number from this extension. |
void |
setAuthorityCertIssuer(GeneralNames issuer)
Sets the |
void |
setKeyID(byte[] keyID,
int offset,
int len)
Sets the key ID value of this object to keyID. |
void |
setSerialNumber(byte[] number,
int offset,
int len)
Sets the |
Methods inherited from class com.rsa.certj.cert.extensions.X509V3Extension |
extend, getCriticality, getDEREncoding, getDERLen, getExtensionType, getExtensionTypeString, getInstance, getNextBEROffset, isExtensionType, setCriticality, setEncoding, setSpecialOID, setStandardOID |
Methods inherited from class java.lang.Object |
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
public AuthorityKeyID()
AuthorityKeyID
object.public AuthorityKeyID(GeneralNames authorityCertIssuer, byte[] serialNumber, int numberOffset, int numberLen, byte[] keyID, int keyOffset, int keyLen, boolean criticality)
AuthorityKeyID
object containing the
values given. An authority key is identified by using both
the certificate issuer name and the certificate serial number.Parameters
authorityCertIssuer | The certificate issuer name. | ||
serialNumber | The certificate serial number,
| ||
numberOffset | The offset into serialNumber where the value begins. | ||
numberLen | The length of the serial number. | ||
keyID | The key ID value. | ||
keyOffset | The offset into keyID where the value begins. | ||
keyLen | The length of the key ID. | ||
criticality | The user-specified criticality. |
Method Detail |
public void decodeValue(byte[] valueBER, int offset) throws CertificateException
Overrides
decodeValue
in class X509V3Extension
Parameters
valueBER | The BER encoding of the extension's value. | ||
offset | The offset into valueBER where the encoding actually begins. |
Throws
CertificateException
- If the encoding is invalid for this
extension.public void setKeyID(byte[] keyID, int offset, int len)
Parameters
keyID | The key ID value. | ||
offset | The offset into keyID where the value actually begins. | ||
len | The length of the key ID. |
public void setAuthorityCertIssuer(GeneralNames issuer)
authorityCertIssuer
value of this object.
If this object already has an authorityCertIssuer
value,
this method will replace it with the given value.Parameters
issuer | A |
public void setSerialNumber(byte[] number, int offset, int len)
authorityCertSerialNumber
value of this object.
If this object already has an authorityCertSerialNumber
value, this method will replace it with the given value.Parameters
number | The authority certificate serial number. | ||
offset | The offset into number where the value begins. | ||
len | The length of the serial number in the number array. |
public byte[] getKeyID()
null
.
Returns
public GeneralNames getAuthorityCertIssuer()
Returns
public byte[] getSerialNumber()
Returns
public int derEncodeValueInit()
Overrides
derEncodeValueInit
in class X509V3Extension
Returns
public int derEncodeValue(byte[] encoding, int offset)
Overrides
derEncodeValue
in class X509V3Extension
Parameters
encoding | The byte array into which the result will be placed. | ||
offset | The offest into encoding where the writing is to begin. |
Returns
public Object clone() throws CloneNotSupportedException
clone
method to get a deeper clone.
Overrides
clone
in class X509V3Extension
Returns
AuthorityKeyID
object, a copy of this object.
Throws
CloneNotSupportedException
- If the
cloning operation is not successful.
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |