All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.bouncycastle.asn1.isismtt.ocsp.CertHash Maven / Gradle / Ivy

Go to download

The Bouncy Castle Java APIs for ASN.1 extension and utility APIs used to support bcpkix and bctls. This jar contains APIs for JDK 1.5 and up.

There is a newer version: 1.70
Show newest version
package org.bouncycastle.asn1.isismtt.ocsp;

import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Object;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.util.Arrays;

/**
 * ISIS-MTT PROFILE: The responder may include this extension in a response to
 * send the hash of the requested certificate to the responder. This hash is
 * cryptographically bound to the certificate and serves as evidence that the
 * certificate is known to the responder (i.e. it has been issued and is present
 * in the directory). Hence, this extension is a means to provide a positive
 * statement of availability as described in T8.[8]. As explained in T13.[1],
 * clients may rely on this information to be able to validate signatures after
 * the expiry of the corresponding certificate. Hence, clients MUST support this
 * extension. If a positive statement of availability is to be delivered, this
 * extension syntax and OID MUST be used.
 * 
 *     CertHash ::= SEQUENCE {
 *       hashAlgorithm AlgorithmIdentifier,
 *       certificateHash OCTET STRING
 *     }
 * 
*/ public class CertHash extends ASN1Object { private AlgorithmIdentifier hashAlgorithm; private byte[] certificateHash; public static CertHash getInstance(Object obj) { if (obj == null || obj instanceof CertHash) { return (CertHash)obj; } if (obj instanceof ASN1Sequence) { return new CertHash((ASN1Sequence)obj); } throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); } /** * Constructor from ASN1Sequence. *

* The sequence is of type CertHash: *

     *     CertHash ::= SEQUENCE {
     *       hashAlgorithm AlgorithmIdentifier,
     *       certificateHash OCTET STRING
     *     }
     * 
*

* @param seq The ASN.1 sequence. */ private CertHash(ASN1Sequence seq) { if (seq.size() != 2) { throw new IllegalArgumentException("Bad sequence size: " + seq.size()); } hashAlgorithm = AlgorithmIdentifier.getInstance(seq.getObjectAt(0)); certificateHash = DEROctetString.getInstance(seq.getObjectAt(1)).getOctets(); } /** * Constructor from a given details. * * @param hashAlgorithm The hash algorithm identifier. * @param certificateHash The hash of the whole DER encoding of the certificate. */ public CertHash(AlgorithmIdentifier hashAlgorithm, byte[] certificateHash) { this.hashAlgorithm = hashAlgorithm; this.certificateHash = new byte[certificateHash.length]; System.arraycopy(certificateHash, 0, this.certificateHash, 0, certificateHash.length); } public AlgorithmIdentifier getHashAlgorithm() { return hashAlgorithm; } public byte[] getCertificateHash() { return Arrays.clone(certificateHash); } /** * Produce an object suitable for an ASN1OutputStream. *

* Returns: *

     *     CertHash ::= SEQUENCE {
     *       hashAlgorithm AlgorithmIdentifier,
     *       certificateHash OCTET STRING
     *     }
     * 
* * @return a DERObject */ public ASN1Primitive toASN1Primitive() { ASN1EncodableVector vec = new ASN1EncodableVector(2); vec.add(hashAlgorithm); vec.add(new DEROctetString(certificateHash)); return new DERSequence(vec); } }




© 2015 - 2024 Weber Informatics LLC | Privacy Policy