|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--com.rsa.certj.cert.extensions.X509V3Extension | +--com.rsa.certj.cert.extensions.SubjectKeyID
This class holds, encodes, and decodes the
SubjectKeyID
extension. It provides a
means of identifying certificates that contain a
particular public key. The PKIX standard defines the
KeyIdentifier
(which is a
SubjectKeyID
) as the SHA1 digest of the
SubjectPublicKey
.
BasicConstraints
extension, where the
value of cA
is true
. The
value of the subject-key identifier must be the value
placed in the keyIdentifier
field of the
AuthorityKeyIdentifier
extension of
certificates issued by the subject of this
certificate.
For CA certificates, subject-key identifiers should be
derived from the public key or a method that generates
unique values.
For end-entity certificates, the
SubjectKeyIdentifier
extension provides a
means for identifying certificates containing the
particular public key used in an application. If an
end entity has obtained multiple certificates,
especially from multiple CAs, the subject-key
identifier provides a means to quickly identify the
set of certificates containing a particular public
key. To assist applications in identifying the
appropriate end-entity certificate, this extension
should be included in all end-entity certificates.
The ASN.1 definition is as follows:
subjectKeyIdentifier EXTENSION ::= { SYNTAX SubjectKeyIdentifier IDENTIFIED BY id-ce-subjectKeyIdentifier } SubjectKeyIdentifier ::= KeyIdentifier |
See Also
Constructor Summary |
|
SubjectKeyID()
Constructs an empty |
|
SubjectKeyID(byte[] keyID,
int offset,
int len,
boolean criticality)
Constructs a |
Method Summary |
|
clone()
Overrides the default |
|
void |
decodeValue(byte[] valueBER,
int offset)
Decode the value. |
int |
derEncodeValue(byte[] encoding,
int offset)
Place the encoding of the value into encoding, beginning at offset. |
int |
derEncodeValueInit()
Initialize for encoding the value. |
byte[] |
getKeyID()
Gets the value of this object, the key ID. |
void |
setKeyID(byte[] keyID,
int offset,
int len)
Sets the value of this object to keyID. |
Methods inherited from class com.rsa.certj.cert.extensions.X509V3Extension |
extend, getCriticality, getDEREncoding, getDERLen, getExtensionType, getExtensionTypeString, getInstance, getNextBEROffset, isExtensionType, setCriticality, setEncoding, setSpecialOID, setStandardOID |
Methods inherited from class java.lang.Object |
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
public SubjectKeyID()
SubjectKeyID
object.public SubjectKeyID(byte[] keyID, int offset, int len, boolean criticality)
SubjectKeyID
object and
initializes it with the given values.Parameters
keyID | The key ID value. | ||
offset | The offset into keyID where the value begins. | ||
len | The length of the key ID in the keyID array. | ||
criticality | The user-specified criticality. |
Method Detail |
public void decodeValue(byte[] valueBER, int offset) throws CertificateException
Overrides
decodeValue
in class X509V3Extension
Parameters
valueBER | The BER encoding of the extension's value. | ||
offset | The offset into valueBER where the encoding begins. |
Throws
CertificateException
- If the encoding is invalid for this
extension.public void setKeyID(byte[] keyID, int offset, int len)
Parameters
keyID | The key ID value. | ||
offset | The offset into keyID where the value begins. | ||
len | The length of the key ID in the keyID array. |
public byte[] getKeyID()
null
.
Returns
byte
array that contains the key ID.public int derEncodeValueInit()
Overrides
derEncodeValueInit
in class X509V3Extension
Returns
public int derEncodeValue(byte[] encoding, int offset)
Overrides
derEncodeValue
in class X509V3Extension
Parameters
encoding | The byte array into which the result will be placed. | ||
offset | The offest into encoding where the writing is to begin. |
Returns
public Object clone() throws CloneNotSupportedException
clone
method
to get a deeper clone.
Overrides
clone
in class X509V3Extension
Returns
SubjectKeyID
object,
a copy of this object.
Throws
CloneNotSupportedException
- If the cloning operation
is not successful.
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |