iaik.x509.attr

Class ObjectDigestInfo

java.lang.Object

iaik.x509.attr.ObjectDigestInfo

public class ObjectDigestInfo
extends java.lang.Object

This class implements the AC type ObjectDigestInfo.

The Internet Attribute Certificate Profile for Authorization specifies the ObjectDigestInfo type as an option for identifying the holder or issuer of an attribute certificate by an digest calculated from an object (public key, certificate, or some other) the attribute certificate shall be linked to (see draft-ietf-pkix-ac509prof-06.txt):

 ObjectDigestInfo ::= SEQUENCE {
   digestedObjectType  ENUMERATED {
           publicKey            (0),
           publicKeyCert        (1),
           otherObjectTypes     (2) },
                     -- otherObjectTypes MUST NOT
                     -- be used in this profile
   otherObjectTypeID   OBJECT IDENTIFIER OPTIONAL,
   digestAlgorithm     AlgorithmIdentifier,
   objectDigest        BIT STRING
 }
 

When used for representing the Holder of an attribute certificate, the object digest maybe calcualted from a public key or certificate or some other object type identified by its OID. The idea is to link the AC to an object by placing a hash of that object into the holder field of the AC. For example, this allows production of ACs that are linked to public keys rather than names (see draft-ietf-pkix-ac509prof-06.txt for more information):

 Holder ::= SEQUENCE {
    baseCertificateID   [0] IssuerSerial OPTIONAL,
                        -- the issuer and serial number of
                        -- the holder's Public Key Certificate
    entityName          [1] GeneralNames OPTIONAL,
                        -- the name of the claimant or role
    objectDigestInfo    [2] ObjectDigestInfo OPTIONAL
                        -- if present, version must be v2
 }
 

When creating an ObjectDigestInfo object you may specifiy object type, digest algorithm and digest value or let this class calculate the objectDigest value for a ObjectDigestInfo of type publicKey or publicKeyCert:

 // the public key to which to link the AC:
 PublicKey publicKey = ...;
 // the digest algorithm to use
 AlgorithmID digestAlgorithm = ...;
 ObjectDigestInfo odi = new ObjectDigestInfo(publicKey, digestAlgorithm);
 

respectively

 // the cert to which to link the AC:
 X509Certificate cert = ...;
 // the digest algorithm to use
 AlgorithmID digestAlgorithm = ...;
 ObjectDigestInfo odi = new ObjectDigestInfo(cert, digestAlgorithm);
 

The ObjectDigestInfo option may not be used for representing the Holder of an attribute certificate option and shall not be used for representing the issuer of an attribute certificate conforming to see draft-ietf-pkix-ac509prof-06.txt:

 AttCertIssuer ::= CHOICE {
   v1Form   GeneralNames,  -- v1 or v2
   v2Form   [0] V2Form     -- v2 only
 }

 V2Form ::= SEQUENCE {
  issuerName            GeneralNames  OPTIONAL,
  baseCertificateID     [0] IssuerSerial  OPTIONAL,
  objectDigestInfo      [1] ObjectDigestInfo  OPTIONAL
        -- at least one of issuerName, baseCertificateID
        -- or objectDigestInfo MUST be present
 }
 

For representing the issuer the v1Form must be used.

Field Summary

Fields

Modifier and Type	Field and Description
static int	OTHER_OBJECT_TYPES ObjectDigestInfo Type otherObjectTypes (2).
static int	PUBLIC_KEY ObjectDigestInfo Type publicKey (0).
static int	PUBLIC_KEY_CERT ObjectDigestInfo Type publicKeyCert (1).

Constructor Summary

Constructors

Constructor and Description
ObjectDigestInfo(ASN1Object obj) Creates and decodes an ObjectDigestInfo from its ASN.1 representation.
ObjectDigestInfo(int objectType, AlgorithmID digestAlgorithm, byte[] digestValue, ObjectID otherObjectTypeID) Creates an ObjectDigestInfo for the given digest value.
ObjectDigestInfo(java.security.PublicKey publicKey, AlgorithmID digestAlgorithm) Creates an publicKey ObjectDigestInfo for the given public key.
ObjectDigestInfo(java.security.cert.X509Certificate cert, AlgorithmID digestAlgorithm) Creates an publicKeyCert ObjectDigestInfo for the given certificate.

Method Summary

Modifier and Type	Method and Description
static byte[]	calculateDigest(byte[] value, AlgorithmID digestAlgorithm) Calcualtes a digest of the given value using the given digest algorithm.
boolean	equals(java.lang.Object obj) Compares this ObjectDigestInfo to the specified object.
AlgorithmID	getDigestAlgorithm() Returns the digest algorithm.
byte[]	getObjectDigest() Returns the object digest value.
int	getObjectType() Returns the object type this class represents.
java.lang.String	getObjectTypeName() Returns the name of the object type this class represents.
ObjectID	getOtherObjectTypeID() Returns the otherObjectTypeID, if set.
int	hashCode() Returns a hashcode for this ObjectDigestInfo.
boolean	identifiesCert(java.security.cert.X509Certificate cert) Checks if this ObjectDigestInfo identifies the given certificate.
boolean	identifiesKey(java.security.PublicKey publicKey) Checks if this ObjectDigestInfo identifies the given public key.
ASN1Object	toASN1Object() Returns this ObjectDigestInfo as ASN1Object.
java.lang.String	toString() Returns a string giving some information about this ObjectDigestInfo object.

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Field Detail

PUBLIC_KEY

public static final int PUBLIC_KEY

ObjectDigestInfo Type publicKey (0).

See Also:

Constant Field Values

PUBLIC_KEY_CERT

public static final int PUBLIC_KEY_CERT

ObjectDigestInfo Type publicKeyCert (1).

See Also:

Constant Field Values

OTHER_OBJECT_TYPES

public static final int OTHER_OBJECT_TYPES

ObjectDigestInfo Type otherObjectTypes (2). This type must not be used. If used the type has to be supplied by an object identifier.

See Also:

Constant Field Values

Constructor Detail

ObjectDigestInfo

public ObjectDigestInfo(int objectType,
                        AlgorithmID digestAlgorithm,
                        byte[] digestValue,
                        ObjectID otherObjectTypeID)

Creates an ObjectDigestInfo for the given digest value.

If objectType is otherObjectTypes (i.e. not publicKey or publicKeyCert), otherObjectTypeID must be supplied, otherwise it is ignored (may be null.

Parameters:

objectType - the object type identifying the object over which the digest is calculated

digestAlgorithm - the digest algorithm used for digest calculation

digestValue - the (already computed) object digest value

otherObjectTypeID - the OID identifying the object type, if not publicKey or publicKeyCert

ObjectDigestInfo

public ObjectDigestInfo(java.security.PublicKey publicKey,
                        AlgorithmID digestAlgorithm)
                 throws java.security.NoSuchAlgorithmException

Creates an publicKey ObjectDigestInfo for the given public key.

If objectType is set to publicKey (0).
Since the digest is calculated over the DER encoding of the X.509 SubjectPublicKeyInfo representation of the key, be aware that a DSA key has to include the DSS parameters which may be inherited from the CA's certificate.

Parameters:

publicKey - the public key to be digested

digestAlgorithm - the digest algorithm to be used for digest calculation

Throws:

java.security.NoSuchAlgorithmException - if the requested digest algorithm is not supported

ObjectDigestInfo

public ObjectDigestInfo(java.security.cert.X509Certificate cert,
                        AlgorithmID digestAlgorithm)
                 throws java.security.NoSuchAlgorithmException,
                        java.security.cert.CertificateEncodingException

Creates an publicKeyCert ObjectDigestInfo for the given certificate.

If objectType is set to publicKeyCert (1).

Parameters:

cert - the X509Certificate to be digested

digestAlgorithm - the digest algorithm to be used for digest calculation

Throws:

java.security.NoSuchAlgorithmException - if the requested digest algorithm is not supported

java.security.cert.CertificateEncodingException

ObjectDigestInfo

public ObjectDigestInfo(ASN1Object obj)
                 throws CodingException

Creates and decodes an ObjectDigestInfo from its ASN.1 representation.

Parameters:

obj - the ObjectDigestInfo as ASN.1 object

Throws:

CodingException - if an decoding/parsing error occurs or the the information contained is not appropriate for an ObjectDigestInfo

Method Detail

calculateDigest

public static byte[] calculateDigest(byte[] value,
                                     AlgorithmID digestAlgorithm)
                              throws java.security.NoSuchAlgorithmException

Calcualtes a digest of the given value using the given digest algorithm.

Parameters:

value - the value to be digested

digestAlgorithm - the digest algorithm to be used

Returns:

the digest value

Throws:

java.security.NoSuchAlgorithmException

getObjectType

public int getObjectType()

Returns the object type this class represents.

Returns:

the object type, 0 (publicKey), 1 (publicKeyCert), or 2 (otherObjectTypes)

getObjectTypeName

public java.lang.String getObjectTypeName()

Returns the name of the object type this class represents.

Returns:

the object type name, "publicKey" (0), "publicKeyCert" (1), "otherObjectTypes" (2),

getOtherObjectTypeID

public ObjectID getOtherObjectTypeID()

Returns the otherObjectTypeID, if set. This method only may be called for identifying the object type by its OID if the object type is otherObjectTypes (i.e. not publicKey or publicKeyCert):

 if (objectDigestInfo.getObjectType() == ObjectDigestInfo.OTHER_OBJECT_TYPES) {
   ObjectID otherObjectTypeID = objectDigestInfo.getOtherObjectTypeID();
   ...
 }
 

Returns:

the other object type OID, if object type is otherObjectTypes (i.e. not publicKey or publicKeyCert)

getDigestAlgorithm

public AlgorithmID getDigestAlgorithm()

Returns the digest algorithm.

Returns:

the digest algorithm

getObjectDigest

public byte[] getObjectDigest()

Returns the object digest value.

Returns:

the object digest value.

equals

public boolean equals(java.lang.Object obj)

Compares this ObjectDigestInfo to the specified object.

Overrides:

equals in class java.lang.Object

Parameters:

obj - the object to compare this ObjectDigestInfo against.

Returns:

true, if the given object is equal to this ObjectDigestInfo, false otherwise

hashCode

public int hashCode()

Returns a hashcode for this ObjectDigestInfo.

Overrides:

hashCode in class java.lang.Object

Returns:

a hashcode for this ObjectDigestInfo

toASN1Object

public ASN1Object toASN1Object()

Returns this ObjectDigestInfo as ASN1Object.

Returns:

this ObjectDigestInfo as ASN1Object

identifiesCert

public boolean identifiesCert(java.security.cert.X509Certificate cert)
                       throws java.security.NoSuchAlgorithmException,
                              java.security.cert.CertificateEncodingException

Checks if this ObjectDigestInfo identifies the given certificate.

This method only may be used if this ObjectDigestInfo has type PUBLIC_KEY (0).

Parameters:

cert - the certificate to be checked

Returns:

true if this ObjectDigestInfo has type PUBLIC_KEY_CERT and the digest calcualted from the certificate encoding matches to the one of this ObjectDigestInfo, false if not

Throws:

java.security.NoSuchAlgorithmException - if the digest algorithm used is not supported

java.security.cert.CertificateEncodingException - if an error occurs while encoding the certificate required for digest calculation

identifiesKey

public boolean identifiesKey(java.security.PublicKey publicKey)
                      throws java.security.NoSuchAlgorithmException

Checks if this ObjectDigestInfo identifies the given public key.

This method only may be used if this ObjectDigestInfo has type PUBLIC_KEY (0).

Parameters:

publicKey - the public key to be checked

Returns:

true if this ObjectDigestInfo has type PUBLIC_KEY_CERT and the digest calcualted from the public key encoding matches to the one of this ObjectDigestInfo, false if not

Throws:

java.security.NoSuchAlgorithmException - if the digest algorithm used is not supported

java.security.cert.CertificateEncodingException - if an error occurs while encoding the certificate required for digest calculation

toString

public java.lang.String toString()

Returns a string giving some information about this ObjectDigestInfo object.

Overrides:

toString in class java.lang.Object

Returns:

the string representation