public class Nonce extends V3Extension
Nonce extension.
As with all OCSP extensions, support of the Nonce extension
is optional for client and servers. The critical flag should not be set.
Each OCSP extension is associated with a specific ocsp extension
object identifier, derived from RFC 2560:
id-pkix OBJECT IDENTIFIER ::=
{ iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) }
id-ad OBJECT IDENTIFIER ::= { id-pkix 48 }
-- arc for access descriptors
id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 }
id-pkix-ocsp OBJECT IDENTIFIER ::= { id-ad-ocsp }
The object identifier for the Nonce extension
is defined as:
id-pkix-ocsp-nonce OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 }
which corresponds to the OID string "1.3.6.1.5.5.7.48.1.2".
The
Online Certificate Status Protocol (RFC 2560) specifies the Nonce
extension for cryptographically binding a request and a response to prevent
replay attacks. The nonce is included as one of the requestExtensions
in an OCSPRequest, while in responses it would be included as
one of the responseExtensions. The extnValue is the value of the nonce.
For adding a Nonce extension object to a request or reponse,
use the addExtension, e.g.:
byte[] value = ...; Nonce nonce = new Nonce(value); ocspRequest.addExtension(nonce);respectively:
Nonce nonce = (Nonce)ocspRequest.getExtension(Nonce.oid); basicOCSPResponse.addExtension(nonce);
OCSPRequest,
BasicOCSPResponse,
V3Extension,
X509Extensions| Modifier and Type | Field and Description |
|---|---|
static ObjectID |
oid
The object identifier of this Nonce extension.
|
critical| Constructor and Description |
|---|
Nonce()
Default constructor.
|
Nonce(byte[] value)
Creates a
Nonce extension for the given value. |
| Modifier and Type | Method and Description |
|---|---|
ObjectID |
getObjectID()
Returns the object ID of this
Nonce extension |
byte[] |
getValue()
Returns the nonce value.
|
int |
hashCode()
Returns a hashcode for this identity.
|
void |
init(ASN1Object obj)
Inits this
Nonce implementation with an ASN1object
representing the value of this extension. |
void |
setValue(byte[] value)
Sets the nonce value.
|
ASN1Object |
toASN1Object()
Returns an ASN1Object representing the value of this
Nonce extension. |
java.lang.String |
toString()
Returns a string that represents the contents of this
Nonce extension. |
getName, isCritical, setCriticalpublic static final ObjectID oid
public Nonce()
Nonce object.
Use method setValue for setting the
nonce value.public Nonce(byte[] value)
Nonce extension for the given value.value - the nonce valuepublic ObjectID getObjectID()
Nonce extensiongetObjectID in class V3Extensionpublic void init(ASN1Object obj)
Nonce implementation with an ASN1object
representing the value of this extension.
The given ASN1Object is the one created by toASN1Object().
This method is used by the X509Extensions class when parsing the ASN.1 representation
of a OCSP object for properly initializing an included
Nonce extension. This method initializes the
extension only with its value, but not with its critical
specification. For that reason, this method shall not be
explicitly called by an application.
init in class V3Extensionobj - the Nonce as ASN1Object (OCTET STRING)public ASN1Object toASN1Object()
Nonce extension.
toASN1Object in class V3ExtensionNonce as ASN1Object (OCTET STRING)public void setValue(byte[] value)
value - the nonce value, as byte arraypublic byte[] getValue()
public int hashCode()
hashCode in class V3Extensionpublic java.lang.String toString()
Nonce extension.toString in class java.lang.Object