RSA BSAFE ® Cert-J 2.1.1 JAVA COMPONENTS: Class SubjectKeyID

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: INNER | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.rsa.certj.cert.extensions

Class SubjectKeyID

java.lang.Object
  |
  +--com.rsa.certj.cert.extensions.X509V3Extension
        |
        +--com.rsa.certj.cert.extensions.SubjectKeyID

All Implemented Interfaces:: CertExtension, Cloneable, Serializable

public class SubjectKeyID
extends X509V3Extension
implements Cloneable, Serializable, CertExtension

This class holds, encodes, and decodes the SubjectKeyID extension. It provides a means of identifying certificates that contain a particular public key. The PKIX standard defines the KeyIdentifier (which is a SubjectKeyID) as the SHA1 digest of the SubjectPublicKey.

To facilitate chain building, this extension must appear in all conforming CA certificates; that is, all certificates including the BasicConstraints extension, where the value of cA is true. The value of the subject-key identifier must be the value placed in the keyIdentifier field of the AuthorityKeyIdentifier extension of certificates issued by the subject of this certificate.

For CA certificates, subject-key identifiers should be derived from the public key or a method that generates unique values.

For end-entity certificates, the SubjectKeyIdentifier extension provides a means for identifying certificates containing the particular public key used in an application. If an end entity has obtained multiple certificates, especially from multiple CAs, the subject-key identifier provides a means to quickly identify the set of certificates containing a particular public key. To assist applications in identifying the appropriate end-entity certificate, this extension should be included in all end-entity certificates.

The ASN.1 definition is as follows:

 subjectKeyIdentifier EXTENSION ::= {
	SYNTAX		SubjectKeyIdentifier
	IDENTIFIED BY 	id-ce-subjectKeyIdentifier }
 SubjectKeyIdentifier ::= KeyIdentifier

A key identifier must be unique with respect to all key identifiers for the subject with which it is used. This extension is always non-critical.

See Also: Serialized Form

Fields inherited from class com.rsa.certj.cert.extensions.X509V3Extension

ARCHIVE_CUTOFF, ARCHIVE_CUTOFF_OID, AUTHORITY_INFO_ACCESS, AUTHORITY_INFO_OID, AUTHORITY_KEY_ID, BASIC_CONSTRAINTS, BIO_INFO, BIO_INFO_OID, CERT_POLICIES, CERTIFICATE_ISSUER, CRL_DISTRIBUTION_POINTS, CRL_NUMBER, CRL_REFERENCE, CRL_REFERENCE_OID, DELTA_CRL_INDICATOR, EXTENDED_KEY_USAGE, HOLD_INSTRUCTION_CODE, INHIBIT_ANY_POLICY, INVALIDITY_DATE, ISSUER_ALT_NAME, ISSUING_DISTRIBUTION_POINT, KEY_USAGE, NAME_CONSTRAINTS, NETSCAPE_BASE_URL, NETSCAPE_BASE_URL_OID, NETSCAPE_CA_POLICY_URL, NETSCAPE_CA_POLICY_URL_OID, NETSCAPE_CA_REVOCATION_URL, NETSCAPE_CA_REVOCATION_URL_OID, NETSCAPE_CERT_RENEWAL_URL, NETSCAPE_CERT_RENEWAL_URL_OID, NETSCAPE_CERT_TYPE, NETSCAPE_CERT_TYPE_OID, NETSCAPE_COMMENT, NETSCAPE_COMMENT_OID, NETSCAPE_REVOCATION_URL, NETSCAPE_REVOCATION_URL_OID, NETSCAPE_SSL_SERVER_NAME, NETSCAPE_SSL_SERVER_NAME_OID, NON_STANDARD_EXTENSION, OCSP_ACCEPTABLE_RESPONSES, OCSP_ACCEPTABLE_RESPONSES_OID, OCSP_NOCHECK, OCSP_NOCHECK_OID, OCSP_NONCE, OCSP_NONCE_OID, OCSP_SERVICE_LOCATOR, OCSP_SERVICE_LOCATOR_OID, POLICY_CONSTRAINTS, POLICY_MAPPINGS, PRIVATE_KEY_USAGE_PERIOD, QC_STATEMENTS, QC_STATEMENTS_OID, REASON_CODE, SUBJECT_ALT_NAME, SUBJECT_DIRECTORY_ATTRIBUTES, SUBJECT_KEY_ID, VERISIGN_CZAG, VERISIGN_CZAG_OID, VERISIGN_FIDELITY_ID, VERISIGN_FIDELITY_ID_OID, VERISIGN_JURISDICTION_HASH, VERISIGN_JURISDICTION_HASH_OID, VERISIGN_NETSCAPE_INBOX_V1, VERISIGN_NETSCAPE_INBOX_V1_OID, VERISIGN_NETSCAPE_INBOX_V2, VERISIGN_NETSCAPE_INBOX_V2_OID, VERISIGN_NON_VERIFIED, VERISIGN_NON_VERIFIED_OID, VERISIGN_SERIAL_NUMBER, VERISIGN_SERIAL_NUMBER_OID, VERISIGN_TOKEN_TYPE, VERISIGN_TOKEN_TYPE_OID

Constructor Summary

SubjectKeyID()

Constructs an empty SubjectKeyID object.

SubjectKeyID(byte[] keyID, int offset, int len, boolean criticality)

Constructs a SubjectKeyID object and initializes it with the given values.

Method Summary

Object
clone()

Overrides the default clone method to get a deeper clone.

void
decodeValue(byte[] valueBER, int offset)

Decode the value.

int
derEncodeValue(byte[] encoding, int offset)

Place the encoding of the value into encoding, beginning at offset.

int
derEncodeValueInit()

Initialize for encoding the value.

byte[]
getKeyID()

Gets the value of this object, the key ID.

void
setKeyID(byte[] keyID, int offset, int len)

Sets the value of this object to keyID.

Methods inherited from class com.rsa.certj.cert.extensions.X509V3Extension

extend, getCriticality, getDEREncoding, getDERLen, getExtensionType, getExtensionTypeString, getInstance, getNextBEROffset, isExtensionType, setCriticality, setEncoding, setSpecialOID, setStandardOID

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SubjectKeyID

public SubjectKeyID()

Constructs an empty SubjectKeyID object.

SubjectKeyID

public SubjectKeyID(byte[] keyID,
                    int offset,
                    int len,
                    boolean criticality)

Constructs a SubjectKeyID object and initializes it with the given values.

Parameters

	`keyID`		The key ID value.
	`offset`		The offset into keyID where the value begins.
	`len`		The length of the key ID in the keyID array.
	`criticality`		The user-specified criticality.

Method Detail

decodeValue

public void decodeValue(byte[] valueBER,
                        int offset)
                 throws CertificateException

Decode the value. The input is the BER encoding that was wrapped in the OCTET STRING.

Overrides: decodeValue in class X509V3Extension

Throws: CertificateException - If the encoding is invalid for this extension.

setKeyID

public void setKeyID(byte[] keyID,
                     int offset,
                     int len)

Sets the value of this object to keyID. If this object already has a key ID, this method will replace it with the given value.

Parameters

	`keyID`		The key ID value.
	`offset`		The offset into keyID where the value begins.
	`len`		The length of the key ID in the keyID array.

getKeyID

public byte[] getKeyID()

Gets the value of this object, the key ID. If this object does not have an ID, this method returns null.

Returns: A new byte array that contains the key ID.

derEncodeValueInit

public int derEncodeValueInit()

Initialize for encoding the value.

Overrides: derEncodeValueInit in class X509V3Extension

Returns: How many bytes the encoding will be.

derEncodeValue

public int derEncodeValue(byte[] encoding,
                          int offset)

Place the encoding of the value into encoding, beginning at offset. This is the actual contents that are wrapped in the OCTET STRING (not the surrounding OCTET STRING tag and length).

Overrides: derEncodeValue in class X509V3Extension

Returns: The number of bytes actually placed into encoding.

clone

public Object clone()
             throws CloneNotSupportedException

Overrides the default clone method to get a deeper clone.

Overrides: clone in class X509V3Extension

Returns: A new SubjectKeyID object, a copy of this object.
Throws: CloneNotSupportedException - If the cloning operation is not successful.