org.bouncycastle.asn1.isismtt.ocsp.CertHash Maven / Gradle / Ivy

Go to download

Show more of this group Show more artifacts with this name
Show all versions of bcutil-jdk14 Show documentation

The Bouncy Castle Java APIs for ASN.1 extension and utility APIs used to support bcpkix and bctls. This jar contains APIs for JDK 1.4.

There is a newer version: 1.78.1

Show newest version

package org.bouncycastle.asn1.isismtt.ocsp;

import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Object;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.util.Arrays;

/**
 * ISIS-MTT PROFILE: The responder may include this extension in a response to
 * send the hash of the requested certificate to the responder. This hash is
 * cryptographically bound to the certificate and serves as evidence that the
 * certificate is known to the responder (i.e. it has been issued and is present
 * in the directory). Hence, this extension is a means to provide a positive
 * statement of availability as described in T8.[8]. As explained in T13.[1],
 * clients may rely on this information to be able to validate signatures after
 * the expiry of the corresponding certificate. Hence, clients MUST support this
 * extension. If a positive statement of availability is to be delivered, this
 * extension syntax and OID MUST be used.
 *  
 *     CertHash ::= SEQUENCE {
 *       hashAlgorithm AlgorithmIdentifier,
 *       certificateHash OCTET STRING
 *     }
 *


 */
public class CertHash
    extends ASN1Object
{

    private AlgorithmIdentifier hashAlgorithm;
    private byte[] certificateHash;

    public static CertHash getInstance(Object obj)
    {
        if (obj == null || obj instanceof CertHash)
        {
            return (CertHash)obj;
        }

        if (obj instanceof ASN1Sequence)
        {
            return new CertHash((ASN1Sequence)obj);
        }

        throw new IllegalArgumentException("illegal object in getInstance: "
            + obj.getClass().getName());
    }

    /**
     * Constructor from ASN1Sequence.
     * 
     * The sequence is of type CertHash:
     *  
     *     CertHash ::= SEQUENCE {
     *       hashAlgorithm AlgorithmIdentifier,
     *       certificateHash OCTET STRING
     *     }
     * 
     * 
     * @param seq The ASN.1 sequence.
     */
    private CertHash(ASN1Sequence seq)
    {
        if (seq.size() != 2)
        {
            throw new IllegalArgumentException("Bad sequence size: "
                + seq.size());
        }
        hashAlgorithm = AlgorithmIdentifier.getInstance(seq.getObjectAt(0));
        certificateHash = DEROctetString.getInstance(seq.getObjectAt(1)).getOctets();
    }

    /**
     * Constructor from a given details.
     *
     * @param hashAlgorithm   The hash algorithm identifier.
     * @param certificateHash The hash of the whole DER encoding of the certificate.
     */
    public CertHash(AlgorithmIdentifier hashAlgorithm, byte[] certificateHash)
    {
        this.hashAlgorithm = hashAlgorithm;
        this.certificateHash = new byte[certificateHash.length];
        System.arraycopy(certificateHash, 0, this.certificateHash, 0,
            certificateHash.length);
    }

    public AlgorithmIdentifier getHashAlgorithm()
    {
        return hashAlgorithm;
    }

    public byte[] getCertificateHash()
    {
        return Arrays.clone(certificateHash);
    }

    /**
     * Produce an object suitable for an ASN1OutputStream.
     *

* Returns: * * CertHash ::= SEQUENCE { * hashAlgorithm AlgorithmIdentifier, * certificateHash OCTET STRING * } * * * @return a DERObject */ public ASN1Primitive toASN1Primitive() { ASN1EncodableVector vec = new ASN1EncodableVector(2); vec.add(hashAlgorithm); vec.add(new DEROctetString(certificateHash)); return new DERSequence(vec); } }