com.ibm.security.keystoreski
Class SKIDefinitionFactory
- java.lang.Object
com.ibm.security.keystoreski.SKIDefinitionFactory
- public final class SKIDefinitionFactory
- extends Object
SKIDefinition
that provides implementations which are typically based on
definitions of Subject Key Identifier from RFC 3280 Section 4.2.1.2.
See Also:
Method Summary
Modifier and Type | Method and Description |
---|---|
|
newCompositeSKIDefinition(SKIDefinition... definitions)
Returns a new Subject Key Identifier definition that calculates the Subject Key Identifier by obtaining the
Subject Key Identifier from the passed
SKIDefinition implementations.
|
|
newSHA1PublicKeySKIDefinition()
Returns a new Subject Key Identifier definition that calculates the SHA-1 hash of the associate public key of the
certificate to generate the Subject Key Identifier.
|
|
newSHA1PublicKeyTruncatedSKIDefinition()
Returns a new Subject Key Identifier definition that calculates the SHA-1 hash of the associate public key of the
certificate and truncates it to generate the Subject Key Identifier.
|
|
newX509ExtensionSKIDefinition()
Returns a new Subject Key Identifier definition that inspects the extensions of the certificate for the Subject
Key Identifier (2.5.29.14).
|
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Method Detail
newSHA1PublicKeySKIDefinition
- public static SKIDefinition newSHA1PublicKeySKIDefinition( )
Returns:
A new Subject Key Identifier definition that calculates the SHA-1 hash of the associate public key of the
certificate to generate the Subject Key Identifier.
See Also:
newSHA1PublicKeyTruncatedSKIDefinition
- public static SKIDefinition newSHA1PublicKeyTruncatedSKIDefinition( )
Returns a new Subject Key Identifier definition that calculates the SHA-1 hash of the associate public key of the
certificate and truncates it to generate the Subject Key Identifier. If the public key does not contain valid data
from which to extract a SHA-1 hash, the implementation returns
null
from the
SKIDefinition.getSubjectKeyIdentifier(X509Certificate)
method.
The method of truncation of the SHA-1 hash is specified in RFC 3280 Section 4.2.1.2:For CA certificates, subject key identifiers SHOULD be derived from the public key or a method that generates unique values. Two common methods for generating key identifiers from the public key are: (1) ... (2) The keyIdentifier is composed of a four bit type field with the value 0100 followed by the least significant 60 bits of the SHA-1 hash of the value of the BIT STRING subjectPublicKey (excluding the tag, length, and number of unused bit string bits).
Returns:
A new Subject Key Identifier definition that calculates the SHA-1 hash of the associate public key of the
certificate and truncates it to generate the Subject Key Identifier.
See Also:
newX509ExtensionSKIDefinition
- public static SKIDefinition newX509ExtensionSKIDefinition( )
Returns a new Subject Key Identifier definition that inspects the extensions of the certificate for the Subject
Key Identifier (2.5.29.14). If the extension is absent or cannot be determined, the implementation returns
null
from the SKIDefinition.getSubjectKeyIdentifier(X509Certificate)
method.
Returns:
A new Subject Key Identifier definition that inspects the extensions of the certificate for the Subject
Key Identifier (2.5.29.14).
See Also:
newCompositeSKIDefinition
- public static SKIDefinition newCompositeSKIDefinition( SKIDefinition... definitions)
Returns a new Subject Key Identifier definition that calculates the Subject Key Identifier by obtaining the
Subject Key Identifier from the passed
SKIDefinition
implementations. The implementations are called in
a linear fashion, from first to last, and the first implementation to return a non-null
value from
the SKIDefinition.getSubjectKeyIdentifier(X509Certificate)
method is the value returned
from the composite implementation. If any elements of the definitions
parameter are null
,
they are ignored. If all implementations return a null
value, then the returned implementation will
return null
.
Parameters:
definitions
- The Subject Key Identifier implementations to search linearly for a Subject Key Identifier. Returns:
A new Subject Key Identifier definition that calculates the Subject Key Identifier by obtaining the
Subject Key Identifier from the passed
SKIDefinition
implementations. Throws:
null
from theSKIDefinition.getSubjectKeyIdentifier(X509Certificate)
method. To quote from RFC 3280 Section 4.2.1.2: