package org.bouncycastle.asn1.x509;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.digests.SHA1Digest;
The SubjectKeyIdentifier object.
SubjectKeyIdentifier::= OCTET STRING
/**
* The SubjectKeyIdentifier object.
* <pre>
* SubjectKeyIdentifier::= OCTET STRING
* </pre>
*/
public class SubjectKeyIdentifier
extends ASN1Encodable
{
private byte[] keyidentifier;
public static SubjectKeyIdentifier getInstance(
ASN1TaggedObject obj,
boolean explicit)
{
return getInstance(ASN1OctetString.getInstance(obj, explicit));
}
public static SubjectKeyIdentifier getInstance(
Object obj)
{
if (obj instanceof SubjectKeyIdentifier)
{
return (SubjectKeyIdentifier)obj;
}
if (obj instanceof SubjectPublicKeyInfo)
{
return new SubjectKeyIdentifier((SubjectPublicKeyInfo)obj);
}
if (obj instanceof ASN1OctetString)
{
return new SubjectKeyIdentifier((ASN1OctetString)obj);
}
if (obj instanceof X509Extension)
{
return getInstance(X509Extension.convertValueToObject((X509Extension)obj));
}
throw new IllegalArgumentException("Invalid SubjectKeyIdentifier: " + obj.getClass().getName());
}
public SubjectKeyIdentifier(
byte[] keyid)
{
this.keyidentifier=keyid;
}
public SubjectKeyIdentifier(
ASN1OctetString keyid)
{
this.keyidentifier=keyid.getOctets();
}
Calculates the keyidentifier using a SHA1 hash over the BIT STRING
from SubjectPublicKeyInfo as defined in RFC3280.
Params: - spki – the subject public key info.
/**
* Calculates the keyidentifier using a SHA1 hash over the BIT STRING
* from SubjectPublicKeyInfo as defined in RFC3280.
*
* @param spki the subject public key info.
*/
public SubjectKeyIdentifier(
SubjectPublicKeyInfo spki)
{
this.keyidentifier = getDigest(spki);
}
public byte[] getKeyIdentifier()
{
return keyidentifier;
}
public DERObject toASN1Object()
{
return new DEROctetString(keyidentifier);
}
Return a RFC 3280 type 1 key identifier. As in:
(1) The keyIdentifier is composed of the 160-bit SHA-1 hash of the
value of the BIT STRING subjectPublicKey (excluding the tag,
length, and number of unused bits).
Params: - keyInfo – the key info object containing the subjectPublicKey field.
Returns: the key identifier.
/**
* Return a RFC 3280 type 1 key identifier. As in:
* <pre>
* (1) The keyIdentifier is composed of the 160-bit SHA-1 hash of the
* value of the BIT STRING subjectPublicKey (excluding the tag,
* length, and number of unused bits).
* </pre>
* @param keyInfo the key info object containing the subjectPublicKey field.
* @return the key identifier.
*/
public static SubjectKeyIdentifier createSHA1KeyIdentifier(SubjectPublicKeyInfo keyInfo)
{
return new SubjectKeyIdentifier(keyInfo);
}
Return a RFC 3280 type 2 key identifier. As in:
(2) The keyIdentifier is composed of a four bit type field with
the value 0100 followed by the least significant 60 bits of the
SHA-1 hash of the value of the BIT STRING subjectPublicKey.
Params: - keyInfo – the key info object containing the subjectPublicKey field.
Returns: the key identifier.
/**
* Return a RFC 3280 type 2 key identifier. As in:
* <pre>
* (2) The keyIdentifier is composed of a four bit type field with
* the value 0100 followed by the least significant 60 bits of the
* SHA-1 hash of the value of the BIT STRING subjectPublicKey.
* </pre>
* @param keyInfo the key info object containing the subjectPublicKey field.
* @return the key identifier.
*/
public static SubjectKeyIdentifier createTruncatedSHA1KeyIdentifier(SubjectPublicKeyInfo keyInfo)
{
byte[] dig = getDigest(keyInfo);
byte[] id = new byte[8];
System.arraycopy(dig, dig.length - 8, id, 0, id.length);
id[0] &= 0x0f;
id[0] |= 0x40;
return new SubjectKeyIdentifier(id);
}
private static byte[] getDigest(SubjectPublicKeyInfo spki)
{
Digest digest = new SHA1Digest();
byte[] resBuf = new byte[digest.getDigestSize()];
byte[] bytes = spki.getPublicKeyData().getBytes();
digest.update(bytes, 0, bytes.length);
digest.doFinal(resBuf, 0);
return resBuf;
}
}