All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.bouncycastle.asn1.isismtt.ocsp.CertHash Maven / Gradle / Ivy

There is a newer version: 1.2.2.1-jre17
Show newest version
package org.bouncycastle.asn1.isismtt.ocsp;

import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Object;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.util.Arrays;

/**
 * ISIS-MTT PROFILE: The responder may include this extension in a response to
 * send the hash of the requested certificate to the responder. This hash is
 * cryptographically bound to the certificate and serves as evidence that the
 * certificate is known to the responder (i.e. it has been issued and is present
 * in the directory). Hence, this extension is a means to provide a positive
 * statement of availability as described in T8.[8]. As explained in T13.[1],
 * clients may rely on this information to be able to validate signatures after
 * the expiry of the corresponding certificate. Hence, clients MUST support this
 * extension. If a positive statement of availability is to be delivered, this
 * extension syntax and OID MUST be used.
 * 
 *     CertHash ::= SEQUENCE {
 *       hashAlgorithm AlgorithmIdentifier,
 *       certificateHash OCTET STRING
 *     }
 * 
*/ public class CertHash extends ASN1Object { private AlgorithmIdentifier hashAlgorithm; private byte[] certificateHash; public static CertHash getInstance(Object obj) { if (obj == null || obj instanceof CertHash) { return (CertHash)obj; } if (obj instanceof ASN1Sequence) { return new CertHash((ASN1Sequence)obj); } throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); } /** * Constructor from ASN1Sequence. *

* The sequence is of type CertHash: *

     *     CertHash ::= SEQUENCE {
     *       hashAlgorithm AlgorithmIdentifier,
     *       certificateHash OCTET STRING
     *     }
     * 
*

* @param seq The ASN.1 sequence. */ private CertHash(ASN1Sequence seq) { if (seq.size() != 2) { throw new IllegalArgumentException("Bad sequence size: " + seq.size()); } hashAlgorithm = AlgorithmIdentifier.getInstance(seq.getObjectAt(0)); certificateHash = DEROctetString.getInstance(seq.getObjectAt(1)).getOctets(); } /** * Constructor from a given details. * * @param hashAlgorithm The hash algorithm identifier. * @param certificateHash The hash of the whole DER encoding of the certificate. */ public CertHash(AlgorithmIdentifier hashAlgorithm, byte[] certificateHash) { this.hashAlgorithm = hashAlgorithm; this.certificateHash = new byte[certificateHash.length]; System.arraycopy(certificateHash, 0, this.certificateHash, 0, certificateHash.length); } public AlgorithmIdentifier getHashAlgorithm() { return hashAlgorithm; } public byte[] getCertificateHash() { return Arrays.clone(certificateHash); } /** * Produce an object suitable for an ASN1OutputStream. *

* Returns: *

     *     CertHash ::= SEQUENCE {
     *       hashAlgorithm AlgorithmIdentifier,
     *       certificateHash OCTET STRING
     *     }
     * 
* * @return a DERObject */ public ASN1Primitive toASN1Primitive() { ASN1EncodableVector vec = new ASN1EncodableVector(2); vec.add(hashAlgorithm); vec.add(new DEROctetString(certificateHash)); return new DERSequence(vec); } }




© 2015 - 2024 Weber Informatics LLC | Privacy Policy