org.spongycastle.cert.dane.DANEEntry Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pkix Show documentation
Show all versions of pkix Show documentation
Spongy Castle is a package-rename (org.bouncycastle.* to org.spongycastle.*) of Bouncy Castle
intended for the Android platform. Android unfortunately ships with a stripped-down version of
Bouncy Castle, which prevents easy upgrades - Spongy Castle overcomes this and provides a full,
up-to-date version of the Bouncy Castle cryptographic libs.
package org.spongycastle.cert.dane;
import java.io.IOException;
import org.spongycastle.cert.X509CertificateHolder;
import org.spongycastle.util.Arrays;
/**
* Carrier class for a DANE entry.
*/
public class DANEEntry
{
static final int CERT_USAGE = 0;
static final int SELECTOR = 1;
static final int MATCHING_TYPE = 2;
private final String domainName;
private final byte[] flags;
private final X509CertificateHolder certHolder;
DANEEntry(String domainName, byte[] flags, X509CertificateHolder certHolder)
{
this.flags = flags;
this.domainName = domainName;
this.certHolder = certHolder;
}
public DANEEntry(String domainName, byte[] data)
throws IOException
{
this(domainName, Arrays.copyOfRange(data, 0, 3), new X509CertificateHolder(Arrays.copyOfRange(data, 3, data.length)));
}
public byte[] getFlags()
{
return Arrays.clone(flags);
}
/**
* Return the certificate associated with this entry.
*
* @return the entry's certificate.
*/
public X509CertificateHolder getCertificate()
{
return certHolder;
}
public String getDomainName()
{
return domainName;
}
/**
* Return the full data string as it would appear in the DNS record - flags + encoding
*
* @return byte array representing the full data string.
* @throws IOException if there is an issue encoding the certificate inside this entry.
*/
public byte[] getRDATA()
throws IOException
{
byte[] certEnc = certHolder.getEncoded();
byte[] data = new byte[flags.length + certEnc.length];
System.arraycopy(flags, 0, data, 0, flags.length);
System.arraycopy(certEnc, 0, data, flags.length, certEnc.length);
return data;
}
/**
* Return true if the byte string has the correct flag bytes to indicate a certificate entry.
*
* @param data the byte string of interest.
* @return true if flags indicate a valid certificate, false otherwise.
*/
public static boolean isValidCertificate(byte[] data)
{
// TODO: perhaps validate ASN.1 data as well...
return (data[CERT_USAGE] == 3 && data[SELECTOR] == 0 && data[MATCHING_TYPE] == 0);
}
}