iaik.smime.ess

Class ESSCertID

java.lang.Object

iaik.smime.ess.ESSCertID

All Implemented Interfaces:

ASN1Type

public class ESSCertID
extends java.lang.Object
implements ASN1Type

This class implements the S/MIMEv3 ESSCertID type.

The Enhanced Security Services for S/MIMEv3 (ESS) (RFC 2634) specify the ESSCertID type for identifying a certificate by cert hash and optionally issuer information and issuer-specific certificate serial number:

 ESSCertID ::=  SEQUENCE {        
   certHash     Hash,
   issuerSerial IssuerSerial OPTIONAL   }
 

 Hash ::= OCTET STRING -- SHA1 hash of entire certificate
 

 IssuerSerial ::= SEQUENCE {        
   issuer       GeneralNames,
   serialNumber CertificateSerialNumber   }
 

The ESSCertID type is used for identifying a certificate in a SigningCertificate object to be included as signed attribute into CMS SignerInfo object.

This class only implements the ASN.1 type ESSCertID and provides no further functionality. Use the empty default constructor for creating a ESSCertID object to be subsequently supplied with cert hash and issuerSerial information by calling the corresponding setProperty method.

See Also:

ESSIssuerSerial, SigningCertificate, X509Certificate, AttributeCertificate

Constructor Summary

Constructors

Constructor and Description
ESSCertID() Default Constructor.
ESSCertID(ASN1Object obj) Creates a new ESSCertID from an ASN1Object.
ESSCertID(java.security.cert.Certificate cert, boolean includeIssuerSerial) Creates an ESSCertID for the given X.509 public key or X.509 attribute certificate.

Method Summary

Methods

Modifier and Type	Method and Description
void	calculateCertHash(byte[] encodedCert) Calculates and set cert hash value for the given encoded certificate.
void	decode(ASN1Object obj) Decodes the given ASN.1 ESSCertID object for parsing the internal structure.
boolean	equals(java.lang.Object obj) Compares this ESSCertID to the specified object.
byte[]	getCertHash() Returns the cert hash.
ESSIssuerSerial	getIssuerSerial() Returns issuer and serial number.
int	hashCode() Returns a hashcode for this ESSCertID.
boolean	identifiesCert(java.security.cert.Certificate certificate) Checks whether the given certificate is identified by this ESSCertID.
void	setCertHash(byte[] certHash) Sets the cert hash value.
void	setIssuerSerial(ESSIssuerSerial issuerSerial) Sets the issuer and serial information.
ASN1Object	toASN1Object() Returns this ESSCertID as ASN1Object.
java.lang.String	toString() Returns a string giving some information about this ESSCertID object.

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Constructor Detail

ESSCertID

public ESSCertID()

Default Constructor. Creates an empty ESSCertID object.

ESSCertID

public ESSCertID(java.security.cert.Certificate cert,
         boolean includeIssuerSerial)
          throws java.security.NoSuchAlgorithmException,
                 java.security.cert.CertificateException

Creates an ESSCertID for the given X.509 public key or X.509 attribute certificate.

Attention! Only X.509 public key certificates (instances of iaik.x509.X509Certificate) or X.509 attribute certificates (instances of iaik.x409.attr.AttributeCertificate) can be handled by this constructor; PKCS#6 ExtendedCertificates are obsolete and therefore not supported.

Parameters:

cert - the certificate for which to create an ESSCertID (either an instance of iaik.x509.X509Certificate or an instance of iaik.x509.attr.AttributeCertificate

includeIssuerSerial - if the IssuerSerial component should be set

Throws:

java.lang.IllegalArgumentException - if the supplied certificate is not an iaik.x509.X509Certificate or iaik.x509.attr.AttributeCertificate

java.security.NoSuchAlgorithmException - if SHA-1, required for hash computation, is not supported by the installed providers

java.security.cert.CertificateException - if an error occurs while encoding the certificate for computing the hash, or the given certificate is an attribute certificate, but the issuer information included is not sufficient to construct an IssuerSerial (if V2Form is used for indicating the issuer, but not the issuerName option)

ESSCertID

public ESSCertID(ASN1Object obj)
          throws CodingException

Creates a new ESSCertID from an ASN1Object.

The ASN1Object supplied to this constructor represents an already exisiting ESSCertID object that may have been created by calling toASN1Object.

Parameters:

obj - the ESSCertID as ASN1Object

Throws:

CodingException - if the ASN1Object could not be parsed

Method Detail

setIssuerSerial

public void setIssuerSerial(ESSIssuerSerial issuerSerial)

Sets the issuer and serial information.

Parameters:

issuerSerial - the IssuerSerial object to be set

setCertHash

public void setCertHash(byte[] certHash)

Sets the cert hash value.

Parameters:

certHash - the -- already calculated -- SHA-1 hash of the cert

calculateCertHash

public void calculateCertHash(byte[] encodedCert)
                       throws java.security.NoSuchAlgorithmException

Calculates and set cert hash value for the given encoded certificate.

Parameters:

encodedCert - the DER encoded cert for which the SHA-1 hash shall be calculated and set

Throws:

java.security.NoSuchAlgorithmException - if SHA-1 is not supported by the installed cryptography providers

identifiesCert

public boolean identifiesCert(java.security.cert.Certificate certificate)
                       throws java.security.NoSuchAlgorithmException

Checks whether the given certificate is identified by this ESSCertID.

Parameters:

cert - the certificate to be checked (either an instance of iaik.x509.X509Certificate or an instance of iaik.x509.attr.AttributeCertificate

Returns:

true if the given certificate is identified by this ESSCertID, false if not

Throws:

java.lang.IllegalArgumentException - if the supplied certificate is not an iaik.x509.X509Certificate or iaik.x509.attr.AttributeCertificate

java.security.NoSuchAlgorithmException - if the check cannot be performed because SHA-1 is not supported by the installed cryptographic providers

decode

public void decode(ASN1Object obj)
            throws CodingException

Decodes the given ASN.1 ESSCertID object for parsing the internal structure.

This method internally is called when creating a ESSCertID object from an already existing ESSCertID object, supplied as ASN1Object.

Specified by:

decode in interface ASN1Type

Parameters:

obj - the ESSCertID as ASN1Object

Throws:

CodingException - if the object can not be parsed

toASN1Object

public ASN1Object toASN1Object()

Returns this ESSCertID as ASN1Object.

The ASN1Object returned by this method may be used as parameter value when creating an ESSCertID object using the ESSCertID(ASN1Object obj) constructor.

Specified by:

toASN1Object in interface ASN1Type

Returns:

this ESSCertID as ASN1Object

equals

public boolean equals(java.lang.Object obj)

Compares this ESSCertID to the specified object.

Overrides:

equals in class java.lang.Object

Parameters:

obj - the object to compare this ESSCertID against.

Returns:

true, if the given object is equal to this ESSCertID, false otherwise

hashCode

public int hashCode()

Returns a hashcode for this ESSCertID.

Overrides:

hashCode in class java.lang.Object

Returns:

a hashcode for this ESSCertID

getIssuerSerial

public ESSIssuerSerial getIssuerSerial()

Returns issuer and serial number.

Returns:

the IssuerSerial of this ESSCertID

getCertHash

public byte[] getCertHash()

Returns the cert hash.

Returns:

cert hash of this ESSCertID

toString

public java.lang.String toString()

Returns a string giving some information about this ESSCertID object.

Overrides:

toString in class java.lang.Object

Returns:

the string representation