All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.bouncycastle.asn1.isismtt.ocsp.RequestedCertificate Maven / Gradle / Ivy

package org.bouncycastle.asn1.isismtt.ocsp;

import java.io.IOException;

import org.bouncycastle.asn1.ASN1Choice;
import org.bouncycastle.asn1.ASN1Object;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.util.Arrays;

/**
 * ISIS-MTT-Optional: The certificate requested by the client by inserting the
 * RetrieveIfAllowed extension in the request, will be returned in this
 * extension.
 * 

* ISIS-MTT-SigG: The signature act allows publishing certificates only then, * when the certificate owner gives his explicit permission. Accordingly, there * may be �nondownloadable� certificates, about which the responder must provide * status information, but MUST NOT include them in the response. Clients may * get therefore the following three kind of answers on a single request * including the RetrieveIfAllowed extension: *

    *
  • a) the responder supports the extension and is allowed to publish the * certificate: RequestedCertificate returned including the requested * certificate *
  • b) the responder supports the extension but is NOT allowed to publish * the certificate: RequestedCertificate returned including an empty OCTET * STRING *
  • c) the responder does not support the extension: RequestedCertificate is * not included in the response *
* Clients requesting RetrieveIfAllowed MUST be able to handle these cases. If * any of the OCTET STRING options is used, it MUST contain the DER encoding of * the requested certificate. *
 *            RequestedCertificate ::= CHOICE {
 *              Certificate Certificate,
 *              publicKeyCertificate [0] EXPLICIT OCTET STRING,
 *              attributeCertificate [1] EXPLICIT OCTET STRING
 *            }
 * 
*/ public class RequestedCertificate extends ASN1Object implements ASN1Choice { public static final int certificate = -1; public static final int publicKeyCertificate = 0; public static final int attributeCertificate = 1; private Certificate cert; private byte[] publicKeyCert; private byte[] attributeCert; public static RequestedCertificate getInstance(Object obj) { if (obj == null || obj instanceof RequestedCertificate) { return (RequestedCertificate)obj; } if (obj instanceof ASN1Sequence) { return new RequestedCertificate(Certificate.getInstance(obj)); } if (obj instanceof ASN1TaggedObject) { return new RequestedCertificate((ASN1TaggedObject)obj); } throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); } public static RequestedCertificate getInstance(ASN1TaggedObject obj, boolean explicit) { if (!explicit) { throw new IllegalArgumentException("choice item must be explicitly tagged"); } return getInstance(obj.getExplicitBaseObject()); } private RequestedCertificate(ASN1TaggedObject tagged) { if (tagged.getTagNo() == publicKeyCertificate) { publicKeyCert = ASN1OctetString.getInstance(tagged, true).getOctets(); } else if (tagged.getTagNo() == attributeCertificate) { attributeCert = ASN1OctetString.getInstance(tagged, true).getOctets(); } else { throw new IllegalArgumentException("unknown tag number: " + tagged.getTagNo()); } } /** * Constructor from a given details. *

* Only one parameter can be given. All other must be null. * * @param certificate Given as Certificate */ public RequestedCertificate(Certificate certificate) { this.cert = certificate; } public RequestedCertificate(int type, byte[] certificateOctets) { this(new DERTaggedObject(type, new DEROctetString(certificateOctets))); } public int getType() { if (cert != null) { return certificate; } if (publicKeyCert != null) { return publicKeyCertificate; } return attributeCertificate; } public byte[] getCertificateBytes() { if (cert != null) { try { return cert.getEncoded(); } catch (IOException e) { throw new IllegalStateException("can't decode certificate: " + e); } } if (publicKeyCert != null) { return Arrays.clone(publicKeyCert); } return Arrays.clone(attributeCert); } /** * Produce an object suitable for an ASN1OutputStream. *

* Returns: *

     *            RequestedCertificate ::= CHOICE {
     *              Certificate Certificate,
     *              publicKeyCertificate [0] EXPLICIT OCTET STRING,
     *              attributeCertificate [1] EXPLICIT OCTET STRING
     *            }
     * 
* * @return a DERObject */ public ASN1Primitive toASN1Primitive() { if (publicKeyCert != null) { return new DERTaggedObject(0, new DEROctetString(publicKeyCert)); } if (attributeCert != null) { return new DERTaggedObject(1, new DEROctetString(attributeCert)); } return cert.toASN1Primitive(); } }




© 2015 - 2025 Weber Informatics LLC | Privacy Policy