org.bouncycastle.cert.ocsp.CertificateID Maven / Gradle / Ivy
package org.bouncycastle.cert.ocsp;
import java.io.OutputStream;
import java.math.BigInteger;
import org.bouncycastle.asn1.ASN1Encoding;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.ocsp.CertID;
import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.operator.DigestCalculator;
import org.bouncycastle.operator.DigestCalculatorProvider;
import org.bouncycastle.operator.OperatorCreationException;
public class CertificateID
{
public static final AlgorithmIdentifier HASH_SHA1 = new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, DERNull.INSTANCE);
private final CertID id;
public CertificateID(
CertID id)
{
if (id == null)
{
throw new IllegalArgumentException("'id' cannot be null");
}
this.id = id;
}
/**
* create from an issuer certificate and the serial number of the
* certificate it signed.
*
* @param issuerCert issuing certificate
* @param number serial number
*
* @exception OCSPException if any problems occur creating the id fields.
*/
public CertificateID(
DigestCalculator digestCalculator, X509CertificateHolder issuerCert,
BigInteger number)
throws OCSPException
{
this.id = createCertID(digestCalculator, issuerCert, new ASN1Integer(number));
}
public ASN1ObjectIdentifier getHashAlgOID()
{
return id.getHashAlgorithm().getAlgorithm();
}
public byte[] getIssuerNameHash()
{
return id.getIssuerNameHash().getOctets();
}
public byte[] getIssuerKeyHash()
{
return id.getIssuerKeyHash().getOctets();
}
/**
* return the serial number for the certificate associated
* with this request.
*/
public BigInteger getSerialNumber()
{
return id.getSerialNumber().getValue();
}
public boolean matchesIssuer(X509CertificateHolder issuerCert, DigestCalculatorProvider digCalcProvider)
throws OCSPException
{
try
{
return createCertID(digCalcProvider.get(id.getHashAlgorithm()), issuerCert, id.getSerialNumber()).equals(id);
}
catch (OperatorCreationException e)
{
throw new OCSPException("unable to create digest calculator: " + e.getMessage(), e);
}
}
public CertID toASN1Primitive()
{
return id;
}
public boolean equals(
Object o)
{
if (!(o instanceof CertificateID))
{
return false;
}
CertificateID obj = (CertificateID)o;
return id.toASN1Primitive().equals(obj.id.toASN1Primitive());
}
public int hashCode()
{
return id.toASN1Primitive().hashCode();
}
/**
* Create a new CertificateID for a new serial number derived from a previous one
* calculated for the same CA certificate.
*
* @param original the previously calculated CertificateID for the CA.
* @param newSerialNumber the serial number for the new certificate of interest.
*
* @return a new CertificateID for newSerialNumber
*/
public static CertificateID deriveCertificateID(CertificateID original, BigInteger newSerialNumber)
{
return new CertificateID(new CertID(original.id.getHashAlgorithm(), original.id.getIssuerNameHash(), original.id.getIssuerKeyHash(), new ASN1Integer(newSerialNumber)));
}
private static CertID createCertID(DigestCalculator digCalc, X509CertificateHolder issuerCert, ASN1Integer serialNumber)
throws OCSPException
{
try
{
OutputStream dgOut = digCalc.getOutputStream();
dgOut.write(issuerCert.toASN1Structure().getSubject().getEncoded(ASN1Encoding.DER));
dgOut.close();
ASN1OctetString issuerNameHash = new DEROctetString(digCalc.getDigest());
SubjectPublicKeyInfo info = issuerCert.getSubjectPublicKeyInfo();
dgOut = digCalc.getOutputStream();
dgOut.write(info.getPublicKeyData().getBytes());
dgOut.close();
ASN1OctetString issuerKeyHash = new DEROctetString(digCalc.getDigest());
return new CertID(digCalc.getAlgorithmIdentifier(), issuerNameHash, issuerKeyHash, serialNumber);
}
catch (Exception e)
{
throw new OCSPException("problem creating ID: " + e, e);
}
}
}