package org.bouncycastle.asn1.crmf;

import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;

public class POPOSigningKey
    extends ASN1Encodable
{
    private POPOSigningKeyInput poposkInput;
    private AlgorithmIdentifier algorithmIdentifier;
    private DERBitString        signature;

    private POPOSigningKey(ASN1Sequence seq)
    {
        int index = 0;

        if (seq.getObjectAt(index) instanceof ASN1TaggedObject)
        {
            ASN1TaggedObject tagObj
                = (ASN1TaggedObject) seq.getObjectAt(index++);
            if (tagObj.getTagNo() != 0)
            {
                throw new IllegalArgumentException(
                    "Unknown POPOSigningKeyInput tag: " + tagObj.getTagNo());
            }
            poposkInput = POPOSigningKeyInput.getInstance(tagObj.getObject());
        }
        algorithmIdentifier = AlgorithmIdentifier.getInstance(seq.getObjectAt(index++));
        signature = DERBitString.getInstance(seq.getObjectAt(index));
    }

    public static POPOSigningKey getInstance(Object o)
    {
        if (o instanceof POPOSigningKey)
        {
            return (POPOSigningKey)o;
        }

        if (o instanceof ASN1Sequence)
        {
            return new POPOSigningKey((ASN1Sequence)o);
        }

        throw new IllegalArgumentException("Invalid object: " + o.getClass().getName());
    }

    public static POPOSigningKey getInstance(ASN1TaggedObject obj, boolean explicit)
    {
        return getInstance(ASN1Sequence.getInstance(obj, explicit));
    }

    
Creates a new Proof of Possession object for a signing key.
Params:
  • poposkIn – the POPOSigningKeyInput structure, or null if the CertTemplate includes both subject and publicKey values.
  • aid – the AlgorithmIdentifier used to sign the proof of possession.
  • signature – a signature over the DER-encoded value of poposkIn, or the DER-encoded value of certReq if poposkIn is null.
/** * Creates a new Proof of Possession object for a signing key. * @param poposkIn the POPOSigningKeyInput structure, or null if the * CertTemplate includes both subject and publicKey values. * @param aid the AlgorithmIdentifier used to sign the proof of possession. * @param signature a signature over the DER-encoded value of poposkIn, * or the DER-encoded value of certReq if poposkIn is null. */
public POPOSigningKey( POPOSigningKeyInput poposkIn, AlgorithmIdentifier aid, DERBitString signature) { this.poposkInput = poposkIn; this.algorithmIdentifier = aid; this.signature = signature; } public POPOSigningKeyInput getPoposkInput() { return poposkInput; } public AlgorithmIdentifier getAlgorithmIdentifier() { return algorithmIdentifier; } public DERBitString getSignature() { return signature; }
POPOSigningKey ::= SEQUENCE {
                     poposkInput           [0] POPOSigningKeyInput OPTIONAL,
                     algorithmIdentifier   AlgorithmIdentifier,
                     signature             BIT STRING }
 -- The signature (using "algorithmIdentifier") is on the
 -- DER-encoded value of poposkInput.  NOTE: If the CertReqMsg
 -- certReq CertTemplate contains the subject and publicKey values,
 -- then poposkInput MUST be omitted and the signature MUST be
 -- computed on the DER-encoded value of CertReqMsg certReq.  If
 -- the CertReqMsg certReq CertTemplate does not contain the public
 -- key and subject values, then poposkInput MUST be present and
 -- MUST be signed.  This strategy ensures that the public key is
 -- not present in both the poposkInput and CertReqMsg certReq
 -- CertTemplate fields.
Returns:a basic ASN.1 object representation.
/** * <pre> * POPOSigningKey ::= SEQUENCE { * poposkInput [0] POPOSigningKeyInput OPTIONAL, * algorithmIdentifier AlgorithmIdentifier, * signature BIT STRING } * -- The signature (using "algorithmIdentifier") is on the * -- DER-encoded value of poposkInput. NOTE: If the CertReqMsg * -- certReq CertTemplate contains the subject and publicKey values, * -- then poposkInput MUST be omitted and the signature MUST be * -- computed on the DER-encoded value of CertReqMsg certReq. If * -- the CertReqMsg certReq CertTemplate does not contain the public * -- key and subject values, then poposkInput MUST be present and * -- MUST be signed. This strategy ensures that the public key is * -- not present in both the poposkInput and CertReqMsg certReq * -- CertTemplate fields. * </pre> * @return a basic ASN.1 object representation. */
public DERObject toASN1Object() { ASN1EncodableVector v = new ASN1EncodableVector(); if (poposkInput != null) { v.add(new DERTaggedObject(false, 0, poposkInput)); } v.add(algorithmIdentifier); v.add(signature); return new DERSequence(v); } }