org.bouncycastle.asn1.isismtt.ocsp.RequestedCertificate Maven / Gradle / Ivy
Show all versions of bcprov-jdk15to18 Show documentation
package org.bouncycastle.asn1.isismtt.ocsp;
import java.io.IOException;
import org.bouncycastle.asn1.ASN1Choice;
import org.bouncycastle.asn1.ASN1Object;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.util.Arrays;
/**
* ISIS-MTT-Optional: The certificate requested by the client by inserting the
* RetrieveIfAllowed extension in the request, will be returned in this
* extension.
*
* ISIS-MTT-SigG: The signature act allows publishing certificates only then,
* when the certificate owner gives his explicit permission. Accordingly, there
* may be �nondownloadable� certificates, about which the responder must provide
* status information, but MUST NOT include them in the response. Clients may
* get therefore the following three kind of answers on a single request
* including the RetrieveIfAllowed extension:
*
* - a) the responder supports the extension and is allowed to publish the
* certificate: RequestedCertificate returned including the requested
* certificate
*
- b) the responder supports the extension but is NOT allowed to publish
* the certificate: RequestedCertificate returned including an empty OCTET
* STRING
*
- c) the responder does not support the extension: RequestedCertificate is
* not included in the response
*
* Clients requesting RetrieveIfAllowed MUST be able to handle these cases. If
* any of the OCTET STRING options is used, it MUST contain the DER encoding of
* the requested certificate.
*
* RequestedCertificate ::= CHOICE {
* Certificate Certificate,
* publicKeyCertificate [0] EXPLICIT OCTET STRING,
* attributeCertificate [1] EXPLICIT OCTET STRING
* }
*
*/
public class RequestedCertificate
extends ASN1Object
implements ASN1Choice
{
public static final int certificate = -1;
public static final int publicKeyCertificate = 0;
public static final int attributeCertificate = 1;
private Certificate cert;
private byte[] publicKeyCert;
private byte[] attributeCert;
public static RequestedCertificate getInstance(Object obj)
{
if (obj == null || obj instanceof RequestedCertificate)
{
return (RequestedCertificate)obj;
}
if (obj instanceof ASN1Sequence)
{
return new RequestedCertificate(Certificate.getInstance(obj));
}
if (obj instanceof ASN1TaggedObject)
{
return new RequestedCertificate((ASN1TaggedObject)obj);
}
throw new IllegalArgumentException("illegal object in getInstance: "
+ obj.getClass().getName());
}
public static RequestedCertificate getInstance(ASN1TaggedObject obj, boolean explicit)
{
if (!explicit)
{
throw new IllegalArgumentException("choice item must be explicitly tagged");
}
return getInstance(obj.getObject());
}
private RequestedCertificate(ASN1TaggedObject tagged)
{
if (tagged.getTagNo() == publicKeyCertificate)
{
publicKeyCert = ASN1OctetString.getInstance(tagged, true).getOctets();
}
else if (tagged.getTagNo() == attributeCertificate)
{
attributeCert = ASN1OctetString.getInstance(tagged, true).getOctets();
}
else
{
throw new IllegalArgumentException("unknown tag number: " + tagged.getTagNo());
}
}
/**
* Constructor from a given details.
*
* Only one parameter can be given. All other must be null
.
*
* @param certificate Given as Certificate
*/
public RequestedCertificate(Certificate certificate)
{
this.cert = certificate;
}
public RequestedCertificate(int type, byte[] certificateOctets)
{
this(new DERTaggedObject(type, new DEROctetString(certificateOctets)));
}
public int getType()
{
if (cert != null)
{
return certificate;
}
if (publicKeyCert != null)
{
return publicKeyCertificate;
}
return attributeCertificate;
}
public byte[] getCertificateBytes()
{
if (cert != null)
{
try
{
return cert.getEncoded();
}
catch (IOException e)
{
throw new IllegalStateException("can't decode certificate: " + e);
}
}
if (publicKeyCert != null)
{
return Arrays.clone(publicKeyCert);
}
return Arrays.clone(attributeCert);
}
/**
* Produce an object suitable for an ASN1OutputStream.
*
* Returns:
*
* RequestedCertificate ::= CHOICE {
* Certificate Certificate,
* publicKeyCertificate [0] EXPLICIT OCTET STRING,
* attributeCertificate [1] EXPLICIT OCTET STRING
* }
*
*
* @return a DERObject
*/
public ASN1Primitive toASN1Primitive()
{
if (publicKeyCert != null)
{
return new DERTaggedObject(0, new DEROctetString(publicKeyCert));
}
if (attributeCert != null)
{
return new DERTaggedObject(1, new DEROctetString(attributeCert));
}
return cert.toASN1Primitive();
}
}