com.fitbur.bouncycastle.cert.X509ExtensionUtils Maven / Gradle / Ivy
package com.fitbur.bouncycastle.cert;
import java.io.IOException;
import java.io.OutputStream;
import java.math.BigInteger;
import com.fitbur.bouncycastle.asn1.ASN1OctetString;
import com.fitbur.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import com.fitbur.bouncycastle.asn1.x509.Extension;
import com.fitbur.bouncycastle.asn1.x509.GeneralName;
import com.fitbur.bouncycastle.asn1.x509.GeneralNames;
import com.fitbur.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import com.fitbur.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import com.fitbur.bouncycastle.operator.DigestCalculator;
/**
* General utility class for creating calculated extensions using the standard methods.
*
* Note: This class is not thread safe!
*
*/
public class X509ExtensionUtils
{
private DigestCalculator calculator;
public X509ExtensionUtils(DigestCalculator calculator)
{
this.calculator = calculator;
}
public AuthorityKeyIdentifier createAuthorityKeyIdentifier(
X509CertificateHolder certHolder)
{
if (certHolder.getVersionNumber() != 3)
{
GeneralName genName = new GeneralName(certHolder.getIssuer());
SubjectPublicKeyInfo info = certHolder.getSubjectPublicKeyInfo();
return new AuthorityKeyIdentifier(
calculateIdentifier(info), new GeneralNames(genName), certHolder.getSerialNumber());
}
else
{
GeneralName genName = new GeneralName(certHolder.getIssuer());
Extension ext = certHolder.getExtension(Extension.subjectKeyIdentifier);
if (ext != null)
{
ASN1OctetString str = ASN1OctetString.getInstance(ext.getParsedValue());
return new AuthorityKeyIdentifier(
str.getOctets(), new GeneralNames(genName), certHolder.getSerialNumber());
}
else
{
SubjectPublicKeyInfo info = certHolder.getSubjectPublicKeyInfo();
return new AuthorityKeyIdentifier(
calculateIdentifier(info), new GeneralNames(genName), certHolder.getSerialNumber());
}
}
}
public AuthorityKeyIdentifier createAuthorityKeyIdentifier(SubjectPublicKeyInfo publicKeyInfo)
{
return new AuthorityKeyIdentifier(calculateIdentifier(publicKeyInfo));
}
public AuthorityKeyIdentifier createAuthorityKeyIdentifier(SubjectPublicKeyInfo publicKeyInfo, GeneralNames generalNames, BigInteger serial)
{
return new AuthorityKeyIdentifier(calculateIdentifier(publicKeyInfo), generalNames, serial);
}
/**
* Return a RFC 3280 type 1 key identifier. As in:
*
* (1) The keyIdentifier is com.fitburposed of the 160-bit SHA-1 hash of the
* value of the BIT STRING subjectPublicKey (excluding the tag,
* length, and number of unused bits).
*
* @param publicKeyInfo the key info object containing the subjectPublicKey field.
* @return the key identifier.
*/
public SubjectKeyIdentifier createSubjectKeyIdentifier(
SubjectPublicKeyInfo publicKeyInfo)
{
return new SubjectKeyIdentifier(calculateIdentifier(publicKeyInfo));
}
/**
* Return a RFC 3280 type 2 key identifier. As in:
*
* (2) The keyIdentifier is com.fitburposed of a four bit type field with
* the value 0100 followed by the least significant 60 bits of the
* SHA-1 hash of the value of the BIT STRING subjectPublicKey.
*
* @param publicKeyInfo the key info object containing the subjectPublicKey field.
* @return the key identifier.
*/
public SubjectKeyIdentifier createTruncatedSubjectKeyIdentifier(SubjectPublicKeyInfo publicKeyInfo)
{
byte[] digest = calculateIdentifier(publicKeyInfo);
byte[] id = new byte[8];
System.arraycopy(digest, digest.length - 8, id, 0, id.length);
id[0] &= 0x0f;
id[0] |= 0x40;
return new SubjectKeyIdentifier(id);
}
private byte[] calculateIdentifier(SubjectPublicKeyInfo publicKeyInfo)
{
byte[] bytes = publicKeyInfo.getPublicKeyData().getBytes();
OutputStream cOut = calculator.getOutputStream();
try
{
cOut.write(bytes);
cOut.close();
}
catch (IOException e)
{ // it's hard to imagine this happening, but yes it does!
throw new CertRuntimeException("unable to calculate identifier: " + e.getMessage(), e);
}
return calculator.getDigest();
}
}
© 2015 - 2024 Weber Informatics LLC | Privacy Policy