com.ibm.security.keystoreski

Class SKIDefinitionFactory

    • Method Detail

      • newSHA1PublicKeySKIDefinition

        public static SKIDefinition newSHA1PublicKeySKIDefinition()
        Returns a new Subject Key Identifier definition that calculates the SHA-1 hash of the associate public key of the certificate to generate the Subject Key Identifier. If the public key does not contain valid data from which to extract a SHA-1 hash, the implementation returns null from the SKIDefinition.getSubjectKeyIdentifier(X509Certificate) method. To quote from RFC 3280 Section 4.2.1.2: 

                For CA certificates, subject key identifiers SHOULD be derived from
        the public key or a method that generates unique values.  Two common
        methods for generating key identifiers from the public key are:

        (1) The keyIdentifier is composed of the 160-bit SHA-1 hash of the
        value of the BIT STRING subjectPublicKey (excluding the tag,
        length, and number of unused bits).
        Returns:
        A new Subject Key Identifier definition that calculates the SHA-1 hash of the associate public key of the certificate to generate the Subject Key Identifier.
        See Also:
        RFC 3280 Section 4.2.1.2, Certificate.getPublicKey()

      • newSHA1PublicKeyTruncatedSKIDefinition

        public static SKIDefinition newSHA1PublicKeyTruncatedSKIDefinition()
        Returns a new Subject Key Identifier definition that calculates the SHA-1 hash of the associate public key of the certificate and truncates it to generate the Subject Key Identifier. If the public key does not contain valid data from which to extract a SHA-1 hash, the implementation returns null from the SKIDefinition.getSubjectKeyIdentifier(X509Certificate) method. The method of truncation of the SHA-1 hash is specified in RFC 3280 Section 4.2.1.2: 

                For CA certificates, subject key identifiers SHOULD be derived from
        the public key or a method that generates unique values.  Two common
        methods for generating key identifiers from the public key are:

        (1) ...

        (2) The keyIdentifier is composed of a four bit type field with
        the value 0100 followed by the least significant 60 bits of the
        SHA-1 hash of the value of the BIT STRING subjectPublicKey
        (excluding the tag, length, and number of unused bit string bits).
        Returns:
        A new Subject Key Identifier definition that calculates the SHA-1 hash of the associate public key of the certificate and truncates it to generate the Subject Key Identifier.
        See Also:
        RFC 3280 Section 4.2.1.2

      • newCompositeSKIDefinition

        public static SKIDefinition newCompositeSKIDefinition(SKIDefinition... definitions)
        Returns a new Subject Key Identifier definition that calculates the Subject Key Identifier by obtaining the Subject Key Identifier from the passed SKIDefinition implementations. The implementations are called in a linear fashion, from first to last, and the first implementation to return a non-null value from the SKIDefinition.getSubjectKeyIdentifier(X509Certificate) method is the value returned from the composite implementation. If any elements of the definitions parameter are null, they are ignored. If all implementations return a null value, then the returned implementation will return null.
        Parameters:
        definitions - The Subject Key Identifier implementations to search linearly for a Subject Key Identifier.
        Returns:
        A new Subject Key Identifier definition that calculates the Subject Key Identifier by obtaining the Subject Key Identifier from the passed SKIDefinition implementations.
        Throws:
        NullPointerException - If definitions is null.
Skip navigation links
  • Summary: 
  • Nested | 
  • Field | 
  • Constr | 
  • Method
  • Detail: 
  • Field | 
  • Constr | 
  • Method

© Copyright IBM Corp. 1998, 2021 All Rights Reserved.