org.bouncycastle.asn1.isismtt.ocsp.RequestedCertificate Maven / Gradle / Ivy
Show all versions of bcutil-jdk14 Show documentation
package org.bouncycastle.asn1.isismtt.ocsp;
import java.io.IOException;
import org.bouncycastle.asn1.ASN1Choice;
import org.bouncycastle.asn1.ASN1Object;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.util.Arrays;
/**
* ISIS-MTT-Optional: The certificate requested by the client by inserting the
* RetrieveIfAllowed extension in the request, will be returned in this
* extension.
*
* ISIS-MTT-SigG: The signature act allows publishing certificates only then,
* when the certificate owner gives his explicit permission. Accordingly, there
* may be �nondownloadable� certificates, about which the responder must provide
* status information, but MUST NOT include them in the response. Clients may
* get therefore the following three kind of answers on a single request
* including the RetrieveIfAllowed extension:
*
* a) the responder supports the extension and is allowed to publish the
* certificate: RequestedCertificate returned including the requested
* certificate
* b) the responder supports the extension but is NOT allowed to publish
* the certificate: RequestedCertificate returned including an empty OCTET
* STRING
* c) the responder does not support the extension: RequestedCertificate is
* not included in the response
*
* Clients requesting RetrieveIfAllowed MUST be able to handle these cases. If
* any of the OCTET STRING options is used, it MUST contain the DER encoding of
* the requested certificate.
*
* RequestedCertificate ::= CHOICE {
* Certificate Certificate,
* publicKeyCertificate [0] EXPLICIT OCTET STRING,
* attributeCertificate [1] EXPLICIT OCTET STRING
* }
*
*/
public class RequestedCertificate
extends ASN1Object
implements ASN1Choice
{
public static final int certificate = -1;
public static final int publicKeyCertificate = 0;
public static final int attributeCertificate = 1;
private Certificate cert;
private byte[] publicKeyCert;
private byte[] attributeCert;
public static RequestedCertificate getInstance(Object obj)
{
if (obj == null || obj instanceof RequestedCertificate)
{
return (RequestedCertificate)obj;
}
if (obj instanceof ASN1Sequence)
{
return new RequestedCertificate(Certificate.getInstance(obj));
}
if (obj instanceof ASN1TaggedObject)
{
return new RequestedCertificate((ASN1TaggedObject)obj);
}
throw new IllegalArgumentException("illegal object in getInstance: "
+ obj.getClass().getName());
}
public static RequestedCertificate getInstance(ASN1TaggedObject obj, boolean explicit)
{
if (!explicit)
{
throw new IllegalArgumentException("choice item must be explicitly tagged");
}
return getInstance(obj.getObject());
}
private RequestedCertificate(ASN1TaggedObject tagged)
{
if (tagged.getTagNo() == publicKeyCertificate)
{
publicKeyCert = ASN1OctetString.getInstance(tagged, true).getOctets();
}
else if (tagged.getTagNo() == attributeCertificate)
{
attributeCert = ASN1OctetString.getInstance(tagged, true).getOctets();
}
else
{
throw new IllegalArgumentException("unknown tag number: " + tagged.getTagNo());
}
}
/**
* Constructor from a given details.
* * Only one parameter can be given. All other must be null. * * @param certificate Given as Certificate */ public RequestedCertificate(Certificate certificate) { this.cert = certificate; } public RequestedCertificate(int type, byte[] certificateOctets) { this(new DERTaggedObject(type, new DEROctetString(certificateOctets))); } public int getType() { if (cert != null) { return certificate; } if (publicKeyCert != null) { return publicKeyCertificate; } return attributeCertificate; } public byte[] getCertificateBytes() { if (cert != null) { try { return cert.getEncoded(); } catch (IOException e) { throw new IllegalStateException("can't decode certificate: " + e); } } if (publicKeyCert != null) { return Arrays.clone(publicKeyCert); } return Arrays.clone(attributeCert); } /** * Produce an object suitable for an ASN1OutputStream. *
* Returns:
*
* RequestedCertificate ::= CHOICE {
* Certificate Certificate,
* publicKeyCertificate [0] EXPLICIT OCTET STRING,
* attributeCertificate [1] EXPLICIT OCTET STRING
* }
*
*
* @return a DERObject
*/
public ASN1Primitive toASN1Primitive()
{
if (publicKeyCert != null)
{
return new DERTaggedObject(0, new DEROctetString(publicKeyCert));
}
if (attributeCert != null)
{
return new DERTaggedObject(1, new DEROctetString(attributeCert));
}
return cert.toASN1Primitive();
}
}