1 package org.bouncycastle.asn1.x509;
3 import java.math.BigInteger;
5 import java.util.Enumeration;
7 import org.bouncycastle.crypto.Digest;
8 import org.bouncycastle.crypto.digests.SHA1Digest;
9 import org.bouncycastle.asn1.*;
13 * id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 }
15 * AuthorityKeyIdentifier ::= SEQUENCE {
16 * keyIdentifier [0] IMPLICIT KeyIdentifier OPTIONAL,
17 * authorityCertIssuer [1] IMPLICIT GeneralNames OPTIONAL,
18 * authorityCertSerialNumber [2] IMPLICIT CertificateSerialNumber OPTIONAL }
20 * KeyIdentifier ::= OCTET STRING
24 public class AuthorityKeyIdentifier
25 implements DEREncodable
27 DEROctetString keyidentifier=null;
28 GeneralNames certissuer=null;
29 DERInteger certserno=null;
31 public AuthorityKeyIdentifier(
32 DERConstructedSequence seq)
34 Enumeration e = seq.getObjects();
36 while (e.hasMoreElements())
38 DERTaggedObject o = (DERTaggedObject)e.nextElement();
43 this.keyidentifier= (DEROctetString)o.getObject();
47 if (o.getObject() instanceof DERConstructedSequence)
49 this.certissuer = new GeneralNames((DERConstructedSequence)o.getObject());
53 // as it's implicitly tagged we can loose the"sequence"
54 // if there is only one object.
56 DERConstructedSequence s = new DERConstructedSequence();
58 s.addObject(o.getObject());
60 this.certissuer = new GeneralNames(s);
65 // implicit tagging again...
67 DEROctetString oct = (DEROctetString)o.getObject();
69 this.certserno = new DERInteger(new BigInteger(oct.getOctets()));
72 throw new IllegalArgumentException("illegal tag");
79 * Calulates the keyidentifier using a SHA1 hash over the BIT STRING
80 * from SubjectPublicKeyInfo as defined in RFC2459.
82 * Example of making a AuthorityKeyIdentifier:
84 * SubjectPublicKeyInfo apki = new SubjectPublicKeyInfo((DERConstructedSequence)new DERInputStream(
85 * new ByteArrayInputStream(publicKey.getEncoded())).readObject());
86 * AuthorityKeyIdentifier aki = new AuthorityKeyIdentifier(apki);
90 public AuthorityKeyIdentifier(
91 SubjectPublicKeyInfo spki)
93 Digest digest = new SHA1Digest();
94 byte[] resBuf = new byte[digest.getDigestSize()];
96 DERBitString derpk = new DERBitString(spki.getPublicKey());
97 byte[] bytes = derpk.getBytes();
98 digest.update(bytes, 0, bytes.length);
99 digest.doFinal(resBuf, 0);
100 this.keyidentifier=new DEROctetString(resBuf);
104 * create an AuthorityKeyIdentifier with the GeneralNames tag and
105 * the serial number provided as well.
107 public AuthorityKeyIdentifier(
108 SubjectPublicKeyInfo spki,
110 BigInteger serialNumber)
112 Digest digest = new SHA1Digest();
113 byte[] resBuf = new byte[digest.getDigestSize()];
115 DERBitString derpk = new DERBitString(spki.getPublicKey());
116 byte[] bytes = derpk.getBytes();
117 digest.update(bytes, 0, bytes.length);
118 digest.doFinal(resBuf, 0);
120 this.keyidentifier = new DEROctetString(resBuf);
121 this.certissuer = name;
122 this.certserno = new DERInteger(serialNumber);
125 public byte[] getKeyIdentifier()
127 if (keyidentifier != null)
129 return keyidentifier.getOctets();
137 * AuthorityKeyIdentifier ::= SEQUENCE {
138 * keyIdentifier [0] IMPLICIT KeyIdentifier OPTIONAL,
139 * authorityCertIssuer [1] IMPLICIT GeneralNames OPTIONAL,
140 * authorityCertSerialNumber [2] IMPLICIT CertificateSerialNumber OPTIONAL }
142 * KeyIdentifier ::= OCTET STRING
145 public DERObject getDERObject()
147 DERConstructedSequence seq = new DERConstructedSequence();
149 if (keyidentifier != null)
151 seq.addObject(new DERTaggedObject(false, 0, keyidentifier));
154 if (certissuer != null)
156 seq.addObject(new DERTaggedObject(false, 1, certissuer));
159 if (certserno != null)
161 seq.addObject(new DERTaggedObject(false, 2, certserno));
168 public String toString()
170 return ("AuthorityKeyIdentifier: KeyID(" + this.keyidentifier.getOctets() + ")");