org.bouncycastle.asn1.isismtt.ocsp.RequestedCertificate Maven / Gradle / Ivy

Go to download

Show more of this group Show more artifacts with this name
Show all versions of bcutil-jdk14 Show documentation

The Bouncy Castle Java APIs for ASN.1 extension and utility APIs used to support bcpkix and bctls. This jar contains APIs for JDK 1.4.

There is a newer version: 1.78.1

Show newest version

package org.bouncycastle.asn1.isismtt.ocsp;

import java.io.IOException;

import org.bouncycastle.asn1.ASN1Choice;
import org.bouncycastle.asn1.ASN1Object;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.util.Arrays;

/**
 * ISIS-MTT-Optional: The certificate requested by the client by inserting the
 * RetrieveIfAllowed extension in the request, will be returned in this
 * extension.
 * 
 * ISIS-MTT-SigG: The signature act allows publishing certificates only then,
 * when the certificate owner gives his explicit permission. Accordingly, there
 * may be �nondownloadable� certificates, about which the responder must provide
 * status information, but MUST NOT include them in the response. Clients may
 * get therefore the following three kind of answers on a single request
 * including the RetrieveIfAllowed extension:
 *  
 *   a) the responder supports the extension and is allowed to publish the
 * certificate: RequestedCertificate returned including the requested
 * certificate
 *  b) the responder supports the extension but is NOT allowed to publish
 * the certificate: RequestedCertificate returned including an empty OCTET
 * STRING
 *  c) the responder does not support the extension: RequestedCertificate is
 * not included in the response
 * 
 * Clients requesting RetrieveIfAllowed MUST be able to handle these cases. If
 * any of the OCTET STRING options is used, it MUST contain the DER encoding of
 * the requested certificate.
 *  
 *            RequestedCertificate ::= CHOICE {
 *              Certificate Certificate,
 *              publicKeyCertificate [0] EXPLICIT OCTET STRING,
 *              attributeCertificate [1] EXPLICIT OCTET STRING
 *            }
 *


 */
public class RequestedCertificate
    extends ASN1Object
    implements ASN1Choice
{
    public static final int certificate = -1;
    public static final int publicKeyCertificate = 0;
    public static final int attributeCertificate = 1;

    private Certificate cert;
    private byte[] publicKeyCert;
    private byte[] attributeCert;

    public static RequestedCertificate getInstance(Object obj)
    {
        if (obj == null || obj instanceof RequestedCertificate)
        {
            return (RequestedCertificate)obj;
        }

        if (obj instanceof ASN1Sequence)
        {
            return new RequestedCertificate(Certificate.getInstance(obj));
        }
        if (obj instanceof ASN1TaggedObject)
        {
            return new RequestedCertificate((ASN1TaggedObject)obj);
        }

        throw new IllegalArgumentException("illegal object in getInstance: "
            + obj.getClass().getName());
    }

    public static RequestedCertificate getInstance(ASN1TaggedObject obj, boolean explicit)
    {
        if (!explicit)
        {
            throw new IllegalArgumentException("choice item must be explicitly tagged");
        }

        return getInstance(obj.getExplicitBaseObject());
    }

    private RequestedCertificate(ASN1TaggedObject tagged)
    {
        if (tagged.getTagNo() == publicKeyCertificate)
        {
            publicKeyCert = ASN1OctetString.getInstance(tagged, true).getOctets();
        }
        else if (tagged.getTagNo() == attributeCertificate)
        {
            attributeCert = ASN1OctetString.getInstance(tagged, true).getOctets();
        }
        else
        {
            throw new IllegalArgumentException("unknown tag number: " + tagged.getTagNo());
        }
    }

    /**
     * Constructor from a given details.
     *

* Only one parameter can be given. All other must be null. * * @param certificate Given as Certificate */ public RequestedCertificate(Certificate certificate) { this.cert = certificate; } public RequestedCertificate(int type, byte[] certificateOctets) { this(new DERTaggedObject(type, new DEROctetString(certificateOctets))); } public int getType() { if (cert != null) { return certificate; } if (publicKeyCert != null) { return publicKeyCertificate; } return attributeCertificate; } public byte[] getCertificateBytes() { if (cert != null) { try { return cert.getEncoded(); } catch (IOException e) { throw new IllegalStateException("can't decode certificate: " + e); } } if (publicKeyCert != null) { return Arrays.clone(publicKeyCert); } return Arrays.clone(attributeCert); } /** * Produce an object suitable for an ASN1OutputStream. *

* Returns: * * RequestedCertificate ::= CHOICE { * Certificate Certificate, * publicKeyCertificate [0] EXPLICIT OCTET STRING, * attributeCertificate [1] EXPLICIT OCTET STRING * } * * * @return a DERObject */ public ASN1Primitive toASN1Primitive() { if (publicKeyCert != null) { return new DERTaggedObject(0, new DEROctetString(publicKeyCert)); } if (attributeCert != null) { return new DERTaggedObject(1, new DEROctetString(attributeCert)); } return cert.toASN1Primitive(); } }