org.bouncycastle.its.ITSImplicitCertificateBuilder Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of bcpkix-jdk15to18 Show documentation
Show all versions of bcpkix-jdk15to18 Show documentation
The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for JDK 1.5 to JDK 1.8. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.
package org.bouncycastle.its;
import java.io.IOException;
import java.io.OutputStream;
import java.math.BigInteger;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.oer.its.ieee1609dot2.CertificateBase;
import org.bouncycastle.oer.its.ieee1609dot2.CertificateId;
import org.bouncycastle.oer.its.ieee1609dot2.CertificateType;
import org.bouncycastle.oer.its.ieee1609dot2.IssuerIdentifier;
import org.bouncycastle.oer.its.ieee1609dot2.ToBeSignedCertificate;
import org.bouncycastle.oer.its.ieee1609dot2.VerificationKeyIndicator;
import org.bouncycastle.oer.its.ieee1609dot2.basetypes.EccP256CurvePoint;
import org.bouncycastle.oer.its.ieee1609dot2.basetypes.HashedId8;
import org.bouncycastle.oer.its.ieee1609dot2.basetypes.PublicEncryptionKey;
import org.bouncycastle.operator.DigestCalculator;
import org.bouncycastle.operator.DigestCalculatorProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.util.Arrays;
public class ITSImplicitCertificateBuilder
extends ITSCertificateBuilder
{
private final IssuerIdentifier issuerIdentifier;
public ITSImplicitCertificateBuilder(ITSCertificate issuer, DigestCalculatorProvider digestCalculatorProvider, ToBeSignedCertificate.Builder tbsCertificate)
{
super(issuer, tbsCertificate);
// TODO is this always true?
AlgorithmIdentifier digestAlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256);
ASN1ObjectIdentifier digestAlg = digestAlgId.getAlgorithm();
DigestCalculator calculator;
try
{
calculator = digestCalculatorProvider.get(digestAlgId);
}
catch (OperatorCreationException e)
{
throw new IllegalStateException(e.getMessage(), e);
}
try
{
OutputStream os = calculator.getOutputStream();
os.write(issuer.getEncoded());
os.close();
}
catch (IOException ioex)
{
throw new IllegalStateException(ioex.getMessage(), ioex);
}
byte[] parentDigest = calculator.getDigest();
HashedId8 hashedID = new HashedId8(Arrays.copyOfRange(parentDigest, parentDigest.length - 8, parentDigest.length));
if (digestAlg.equals(NISTObjectIdentifiers.id_sha256))
{
issuerIdentifier = IssuerIdentifier.sha256AndDigest(hashedID);
}
else if (digestAlg.equals(NISTObjectIdentifiers.id_sha384))
{
issuerIdentifier = IssuerIdentifier.sha384AndDigest(hashedID);
}
else
{
throw new IllegalStateException("unknown digest");
}
}
public ITSCertificate build(CertificateId certificateId, BigInteger x, BigInteger y)
{
return build(certificateId, x, y, null);
}
public ITSCertificate build(CertificateId certificateId, BigInteger x, BigInteger y, PublicEncryptionKey publicEncryptionKey)
{
EccP256CurvePoint reconstructionValue = EccP256CurvePoint.uncompressedP256(x, y);
ToBeSignedCertificate.Builder tbsBldr = new ToBeSignedCertificate.Builder(tbsCertificateBuilder);
tbsBldr.setId(certificateId);
if (publicEncryptionKey != null)
{
tbsBldr.setEncryptionKey(publicEncryptionKey);
}
tbsBldr.setVerifyKeyIndicator(VerificationKeyIndicator.reconstructionValue(reconstructionValue));
CertificateBase.Builder baseBldr = new CertificateBase.Builder();
baseBldr.setVersion(version);
baseBldr.setType(CertificateType.implicit);
baseBldr.setIssuer(issuerIdentifier);
baseBldr.setToBeSigned(tbsBldr.createToBeSignedCertificate());
return new ITSCertificate(baseBldr.createCertificateBase());
}
}