1 package org.bouncycastle.asn1.x509;
3 import java.math.BigInteger;
5 import java.util.Enumeration;
7 import org.bouncycastle.crypto.Digest;
8 import org.bouncycastle.crypto.digests.SHA1Digest;
9 import org.bouncycastle.asn1.*;
13 * id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 }
15 * AuthorityKeyIdentifier ::= SEQUENCE {
16 * keyIdentifier [0] IMPLICIT KeyIdentifier OPTIONAL,
17 * authorityCertIssuer [1] IMPLICIT GeneralNames OPTIONAL,
18 * authorityCertSerialNumber [2] IMPLICIT CertificateSerialNumber OPTIONAL }
20 * KeyIdentifier ::= OCTET STRING
24 public class AuthorityKeyIdentifier
25 implements DEREncodable, DERTags
27 ASN1OctetString keyidentifier=null;
28 GeneralNames certissuer=null;
29 DERInteger certserno=null;
31 public static AuthorityKeyIdentifier getInstance(
35 return getInstance(ASN1Sequence.getInstance(obj, explicit));
38 public static AuthorityKeyIdentifier getInstance(
41 if (obj instanceof AuthorityKeyIdentifier)
43 return (AuthorityKeyIdentifier)obj;
45 else if (obj instanceof ASN1Sequence)
47 return new AuthorityKeyIdentifier((ASN1Sequence)obj);
50 throw new IllegalArgumentException("unknown object in factory");
53 public AuthorityKeyIdentifier(
56 Enumeration e = seq.getObjects();
58 while (e.hasMoreElements())
60 DERTaggedObject o = (DERTaggedObject)e.nextElement();
65 this.keyidentifier = ASN1OctetString.getInstance(o, false);
68 this.certissuer = GeneralNames.getInstance(o, false);
71 this.certserno = DERInteger.getInstance(o, false);
74 throw new IllegalArgumentException("illegal tag");
81 * Calulates the keyidentifier using a SHA1 hash over the BIT STRING
82 * from SubjectPublicKeyInfo as defined in RFC2459.
84 * Example of making a AuthorityKeyIdentifier:
86 * SubjectPublicKeyInfo apki = new SubjectPublicKeyInfo((DERConstructedSequence)new DERInputStream(
87 * new ByteArrayInputStream(publicKey.getEncoded())).readObject());
88 * AuthorityKeyIdentifier aki = new AuthorityKeyIdentifier(apki);
92 public AuthorityKeyIdentifier(
93 SubjectPublicKeyInfo spki)
95 Digest digest = new SHA1Digest();
96 byte[] resBuf = new byte[digest.getDigestSize()];
98 byte[] bytes = spki.getPublicKeyData().getBytes();
99 digest.update(bytes, 0, bytes.length);
100 digest.doFinal(resBuf, 0);
101 this.keyidentifier = new DEROctetString(resBuf);
105 * create an AuthorityKeyIdentifier with the GeneralNames tag and
106 * the serial number provided as well.
108 public AuthorityKeyIdentifier(
109 SubjectPublicKeyInfo spki,
111 BigInteger serialNumber)
113 Digest digest = new SHA1Digest();
114 byte[] resBuf = new byte[digest.getDigestSize()];
116 byte[] bytes = spki.getPublicKeyData().getBytes();
117 digest.update(bytes, 0, bytes.length);
118 digest.doFinal(resBuf, 0);
120 this.keyidentifier = new DEROctetString(resBuf);
121 this.certissuer = name;
122 this.certserno = new DERInteger(serialNumber);
125 public byte[] getKeyIdentifier()
127 if (keyidentifier != null)
129 return keyidentifier.getOctets();
137 * AuthorityKeyIdentifier ::= SEQUENCE {
138 * keyIdentifier [0] IMPLICIT KeyIdentifier OPTIONAL,
139 * authorityCertIssuer [1] IMPLICIT GeneralNames OPTIONAL,
140 * authorityCertSerialNumber [2] IMPLICIT CertificateSerialNumber OPTIONAL }
142 * KeyIdentifier ::= OCTET STRING
145 public DERObject getDERObject()
147 DERConstructedSequence seq = new DERConstructedSequence();
149 if (keyidentifier != null)
151 seq.addObject(new DERTaggedObject(false, 0, keyidentifier));
154 if (certissuer != null)
156 seq.addObject(new DERTaggedObject(false, 1, certissuer));
159 if (certserno != null)
161 seq.addObject(new DERTaggedObject(false, 2, certserno));
168 public String toString()
170 return ("AuthorityKeyIdentifier: KeyID(" + this.keyidentifier.getOctets() + ")");