package org.bouncycastle.cert.jcajce;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Enumeration;
import java.util.List;

import javax.security.auth.x500.X500Principal;

import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1String;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509ExtensionUtils;
import org.bouncycastle.operator.DigestCalculator;
import org.bouncycastle.util.Integers;

public class JcaX509ExtensionUtils
    extends X509ExtensionUtils
{
    
Create a utility class pre-configured with a SHA-1 digest calculator based on the default implementation.
Throws:
  • NoSuchAlgorithmException –
/** * Create a utility class pre-configured with a SHA-1 digest calculator based on the * default implementation. * * @throws NoSuchAlgorithmException */
public JcaX509ExtensionUtils() throws NoSuchAlgorithmException { super(new SHA1DigestCalculator(MessageDigest.getInstance("SHA1"))); } public JcaX509ExtensionUtils(DigestCalculator calculator) { super(calculator); } public AuthorityKeyIdentifier createAuthorityKeyIdentifier( X509Certificate cert) throws CertificateEncodingException { return super.createAuthorityKeyIdentifier(new JcaX509CertificateHolder(cert)); } public AuthorityKeyIdentifier createAuthorityKeyIdentifier( PublicKey pubKey) { return super.createAuthorityKeyIdentifier(SubjectPublicKeyInfo.getInstance(pubKey.getEncoded())); } public AuthorityKeyIdentifier createAuthorityKeyIdentifier(PublicKey pubKey, X500Principal name, BigInteger serial) { return super.createAuthorityKeyIdentifier(SubjectPublicKeyInfo.getInstance(pubKey.getEncoded()), new GeneralNames(new GeneralName(X500Name.getInstance(name.getEncoded()))), serial); } public AuthorityKeyIdentifier createAuthorityKeyIdentifier(PublicKey pubKey, GeneralNames generalNames, BigInteger serial) { return super.createAuthorityKeyIdentifier(SubjectPublicKeyInfo.getInstance(pubKey.getEncoded()), generalNames, serial); }
Return a RFC 3280 type 1 key identifier. As in:
(1) The keyIdentifier is composed of the 160-bit SHA-1 hash of the
value of the BIT STRING subjectPublicKey (excluding the tag,
length, and number of unused bits).
Params:
  • publicKey – the key object containing the key identifier is to be based on.
Returns:the key identifier.
/** * Return a RFC 3280 type 1 key identifier. As in: * <pre> * (1) The keyIdentifier is composed of the 160-bit SHA-1 hash of the * value of the BIT STRING subjectPublicKey (excluding the tag, * length, and number of unused bits). * </pre> * @param publicKey the key object containing the key identifier is to be based on. * @return the key identifier. */
public SubjectKeyIdentifier createSubjectKeyIdentifier( PublicKey publicKey) { return super.createSubjectKeyIdentifier(SubjectPublicKeyInfo.getInstance(publicKey.getEncoded())); }
Return a RFC 3280 type 2 key identifier. As in:
(2) The keyIdentifier is composed of a four bit type field with
the value 0100 followed by the least significant 60 bits of the
SHA-1 hash of the value of the BIT STRING subjectPublicKey.
Params:
  • publicKey – the key object of interest.
Returns:the key identifier.
/** * Return a RFC 3280 type 2 key identifier. As in: * <pre> * (2) The keyIdentifier is composed of a four bit type field with * the value 0100 followed by the least significant 60 bits of the * SHA-1 hash of the value of the BIT STRING subjectPublicKey. * </pre> * @param publicKey the key object of interest. * @return the key identifier. */
public SubjectKeyIdentifier createTruncatedSubjectKeyIdentifier(PublicKey publicKey) { return super.createTruncatedSubjectKeyIdentifier(SubjectPublicKeyInfo.getInstance(publicKey.getEncoded())); }
Return the ASN.1 object contained in a byte[] returned by a getExtensionValue() call.
Params:
  • encExtValue – DER encoded OCTET STRING containing the DER encoded extension object.
Throws:
Returns:an ASN.1 object
/** * Return the ASN.1 object contained in a byte[] returned by a getExtensionValue() call. * * @param encExtValue DER encoded OCTET STRING containing the DER encoded extension object. * @return an ASN.1 object * @throws java.io.IOException on a parsing error. */
public static ASN1Primitive parseExtensionValue(byte[] encExtValue) throws IOException { return ASN1Primitive.fromByteArray(ASN1OctetString.getInstance(encExtValue).getOctets()); } public static Collection getIssuerAlternativeNames(X509Certificate cert) throws CertificateParsingException { byte[] extVal = cert.getExtensionValue(Extension.issuerAlternativeName.getId()); return getAlternativeNames(extVal); } public static Collection getSubjectAlternativeNames(X509Certificate cert) throws CertificateParsingException { byte[] extVal = cert.getExtensionValue(Extension.subjectAlternativeName.getId()); return getAlternativeNames(extVal); } private static Collection getAlternativeNames(byte[] extVal) throws CertificateParsingException { if (extVal == null) { return Collections.EMPTY_LIST; } try { Collection temp = new ArrayList(); Enumeration it = DERSequence.getInstance(parseExtensionValue(extVal)).getObjects(); while (it.hasMoreElements()) { GeneralName genName = GeneralName.getInstance(it.nextElement()); List list = new ArrayList(); list.add(Integers.valueOf(genName.getTagNo())); switch (genName.getTagNo()) { case GeneralName.ediPartyName: case GeneralName.x400Address: case GeneralName.otherName: list.add(genName.getName().toASN1Primitive()); break; case GeneralName.directoryName: list.add(X500Name.getInstance(genName.getName()).toString()); break; case GeneralName.dNSName: case GeneralName.rfc822Name: case GeneralName.uniformResourceIdentifier: list.add(((ASN1String)genName.getName()).getString()); break; case GeneralName.registeredID: list.add(ASN1ObjectIdentifier.getInstance(genName.getName()).getId()); break; case GeneralName.iPAddress: list.add(DEROctetString.getInstance(genName.getName()).getOctets()); break; default: throw new IOException("Bad tag number: " + genName.getTagNo()); } temp.add(list); } return Collections.unmodifiableCollection(temp); } catch (Exception e) { throw new CertificateParsingException(e.getMessage()); } } private static class SHA1DigestCalculator implements DigestCalculator { private ByteArrayOutputStream bOut = new ByteArrayOutputStream(); private MessageDigest digest; public SHA1DigestCalculator(MessageDigest digest) { this.digest = digest; } public AlgorithmIdentifier getAlgorithmIdentifier() { return new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1); } public OutputStream getOutputStream() { return bOut; } public byte[] getDigest() { byte[] bytes = digest.digest(bOut.toByteArray()); bOut.reset(); return bytes; } } }