All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.bouncycastle.asn1.isismtt.ocsp.RequestedCertificate Maven / Gradle / Ivy

Go to download

The Bouncy Castle Java APIs for ASN.1 extension and utility APIs used to support bcpkix and bctls. This jar contains APIs for JDK 1.8 and up.

There is a newer version: 1.78.1
Show newest version
package org.bouncycastle.asn1.isismtt.ocsp;

import java.io.IOException;

import org.bouncycastle.asn1.ASN1Choice;
import org.bouncycastle.asn1.ASN1Object;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.util.Arrays;

/**
 * ISIS-MTT-Optional: The certificate requested by the client by inserting the
 * RetrieveIfAllowed extension in the request, will be returned in this
 * extension.
 * 

* ISIS-MTT-SigG: The signature act allows publishing certificates only then, * when the certificate owner gives his explicit permission. Accordingly, there * may be �nondownloadable� certificates, about which the responder must provide * status information, but MUST NOT include them in the response. Clients may * get therefore the following three kind of answers on a single request * including the RetrieveIfAllowed extension: *

    *
  • a) the responder supports the extension and is allowed to publish the * certificate: RequestedCertificate returned including the requested * certificate *
  • b) the responder supports the extension but is NOT allowed to publish * the certificate: RequestedCertificate returned including an empty OCTET * STRING *
  • c) the responder does not support the extension: RequestedCertificate is * not included in the response *
* Clients requesting RetrieveIfAllowed MUST be able to handle these cases. If * any of the OCTET STRING options is used, it MUST contain the DER encoding of * the requested certificate. *
 *            RequestedCertificate ::= CHOICE {
 *              Certificate Certificate,
 *              publicKeyCertificate [0] EXPLICIT OCTET STRING,
 *              attributeCertificate [1] EXPLICIT OCTET STRING
 *            }
 * 
*/ public class RequestedCertificate extends ASN1Object implements ASN1Choice { public static final int certificate = -1; public static final int publicKeyCertificate = 0; public static final int attributeCertificate = 1; private Certificate cert; private byte[] publicKeyCert; private byte[] attributeCert; public static RequestedCertificate getInstance(Object obj) { if (obj == null || obj instanceof RequestedCertificate) { return (RequestedCertificate)obj; } if (obj instanceof ASN1Sequence) { return new RequestedCertificate(Certificate.getInstance(obj)); } if (obj instanceof ASN1TaggedObject) { return new RequestedCertificate((ASN1TaggedObject)obj); } throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); } public static RequestedCertificate getInstance(ASN1TaggedObject obj, boolean explicit) { if (!explicit) { throw new IllegalArgumentException("choice item must be explicitly tagged"); } return getInstance(obj.getExplicitBaseObject()); } private RequestedCertificate(ASN1TaggedObject tagged) { if (tagged.getTagNo() == publicKeyCertificate) { publicKeyCert = ASN1OctetString.getInstance(tagged, true).getOctets(); } else if (tagged.getTagNo() == attributeCertificate) { attributeCert = ASN1OctetString.getInstance(tagged, true).getOctets(); } else { throw new IllegalArgumentException("unknown tag number: " + tagged.getTagNo()); } } /** * Constructor from a given details. *

* Only one parameter can be given. All other must be null. * * @param certificate Given as Certificate */ public RequestedCertificate(Certificate certificate) { this.cert = certificate; } public RequestedCertificate(int type, byte[] certificateOctets) { this(new DERTaggedObject(type, new DEROctetString(certificateOctets))); } public int getType() { if (cert != null) { return certificate; } if (publicKeyCert != null) { return publicKeyCertificate; } return attributeCertificate; } public byte[] getCertificateBytes() { if (cert != null) { try { return cert.getEncoded(); } catch (IOException e) { throw new IllegalStateException("can't decode certificate: " + e); } } if (publicKeyCert != null) { return Arrays.clone(publicKeyCert); } return Arrays.clone(attributeCert); } /** * Produce an object suitable for an ASN1OutputStream. *

* Returns: *

     *            RequestedCertificate ::= CHOICE {
     *              Certificate Certificate,
     *              publicKeyCertificate [0] EXPLICIT OCTET STRING,
     *              attributeCertificate [1] EXPLICIT OCTET STRING
     *            }
     * 
* * @return a DERObject */ public ASN1Primitive toASN1Primitive() { if (publicKeyCert != null) { return new DERTaggedObject(0, new DEROctetString(publicKeyCert)); } if (attributeCert != null) { return new DERTaggedObject(1, new DEROctetString(attributeCert)); } return cert.toASN1Primitive(); } }




© 2015 - 2024 Weber Informatics LLC | Privacy Policy