org.bouncycastle/bcpkix-jdk15on/1.61 : org/bouncycastle/cert/X509ExtensionUtils.java

X509ExtensionUtils

http://www.bouncycastle.org/java.html: The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for JDK 1.5 to JDK 1.8. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.

Bouncy Castle Licence

The Legion of the Bouncy Castle Inc.

package org.bouncycastle.cert;

import java.io.IOException;
import java.io.OutputStream;
import java.math.BigInteger;

import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.operator.DigestCalculator;

General utility class for creating calculated extensions using the standard methods.

Note: This class is not thread safe!

/**
 * General utility class for creating calculated extensions using the standard methods.
 * <p>
 * <b>Note:</b> This class is not thread safe!
 * </p>
 */
public class X509ExtensionUtils
{
    private DigestCalculator calculator;

    Base constructor - for conformance to RFC 5280 use a calculator based on SHA-1.
Params: calculator –  a calculator for calculating subject key ids./**
     * Base constructor - for conformance to RFC 5280 use a calculator based on SHA-1.
     *
     * @param calculator  a calculator for calculating subject key ids.
     */
    public X509ExtensionUtils(DigestCalculator calculator)
    {
        this.calculator = calculator;
    }

    Create an AuthorityKeyIdentifier from the passed in arguments.
Params: certHolder – the issuer certificate that the AuthorityKeyIdentifier should refer to.
Returns: an AuthorityKeyIdentifier./**
     * Create an AuthorityKeyIdentifier from the passed in arguments.
     *
     * @param certHolder the issuer certificate that the AuthorityKeyIdentifier should refer to.
     * @return an AuthorityKeyIdentifier.
     */
    public AuthorityKeyIdentifier createAuthorityKeyIdentifier(
        X509CertificateHolder certHolder)
    {
        GeneralName             genName = new GeneralName(certHolder.getIssuer());

        return new AuthorityKeyIdentifier(
                getSubjectKeyIdentifier(certHolder), new GeneralNames(genName), certHolder.getSerialNumber());
    }

    Create an AuthorityKeyIdentifier from the passed in SubjectPublicKeyInfo.
Params: publicKeyInfo – the SubjectPublicKeyInfo to base the key identifier on.
Returns: an AuthorityKeyIdentifier./**
     * Create an AuthorityKeyIdentifier from the passed in SubjectPublicKeyInfo.
     *
     * @param publicKeyInfo the SubjectPublicKeyInfo to base the key identifier on.
     * @return an AuthorityKeyIdentifier.
     */
    public AuthorityKeyIdentifier createAuthorityKeyIdentifier(SubjectPublicKeyInfo publicKeyInfo)
    {
        return new AuthorityKeyIdentifier(calculateIdentifier(publicKeyInfo));
    }

    Create an AuthorityKeyIdentifier from the passed in arguments.
Params: publicKeyInfo – the SubjectPublicKeyInfo to base the key identifier on.
generalNames – the general names to associate with the issuer cert's issuer.
serial – the serial number of the issuer cert.
Returns: an AuthorityKeyIdentifier./**
     * Create an AuthorityKeyIdentifier from the passed in arguments.
     *
     * @param publicKeyInfo the SubjectPublicKeyInfo to base the key identifier on.
     * @param generalNames the general names to associate with the issuer cert's issuer.
     * @param serial the serial number of the issuer cert.
     * @return an AuthorityKeyIdentifier.
     */
    public AuthorityKeyIdentifier createAuthorityKeyIdentifier(SubjectPublicKeyInfo publicKeyInfo, GeneralNames generalNames, BigInteger serial)
    {
        return new AuthorityKeyIdentifier(calculateIdentifier(publicKeyInfo), generalNames, serial);
    }

    Return a RFC 5280 type 1 key identifier. As in:
(1) The keyIdentifier is composed of the 160-bit SHA-1 hash of the
value of the BIT STRING subjectPublicKey (excluding the tag,
length, and number of unused bits).

Params: publicKeyInfo – the key info object containing the subjectPublicKey field.
Returns: the key identifier./**
     * Return a RFC 5280 type 1 key identifier. As in:
     * <pre>
     * (1) The keyIdentifier is composed of the 160-bit SHA-1 hash of the
     * value of the BIT STRING subjectPublicKey (excluding the tag,
     * length, and number of unused bits).
     * </pre>
     * @param publicKeyInfo the key info object containing the subjectPublicKey field.
     * @return the key identifier.
     */
    public SubjectKeyIdentifier createSubjectKeyIdentifier(
        SubjectPublicKeyInfo publicKeyInfo)
    {
        return new SubjectKeyIdentifier(calculateIdentifier(publicKeyInfo));
    }

    Return a RFC 5280 type 2 key identifier. As in:
(2) The keyIdentifier is composed of a four bit type field with
the value 0100 followed by the least significant 60 bits of the
SHA-1 hash of the value of the BIT STRING subjectPublicKey.

Params: publicKeyInfo – the key info object containing the subjectPublicKey field.
Returns: the key identifier./**
     * Return a RFC 5280 type 2 key identifier. As in:
     * <pre>
     * (2) The keyIdentifier is composed of a four bit type field with
     * the value 0100 followed by the least significant 60 bits of the
     * SHA-1 hash of the value of the BIT STRING subjectPublicKey.
     * </pre>
     * @param publicKeyInfo the key info object containing the subjectPublicKey field.
     * @return the key identifier.
     */
    public SubjectKeyIdentifier createTruncatedSubjectKeyIdentifier(SubjectPublicKeyInfo publicKeyInfo)
    {
        byte[] digest = calculateIdentifier(publicKeyInfo);
        byte[] id = new byte[8];

        System.arraycopy(digest, digest.length - 8, id, 0, id.length);

        id[0] &= 0x0f;
        id[0] |= 0x40;

        return new SubjectKeyIdentifier(id);
    }

    private byte[] getSubjectKeyIdentifier(X509CertificateHolder certHolder)
    {
        if (certHolder.getVersionNumber() != 3)
        {
            return calculateIdentifier(certHolder.getSubjectPublicKeyInfo());
        }
        else
        {
            Extension ext = certHolder.getExtension(Extension.subjectKeyIdentifier);

            if (ext != null)
            {
                return ASN1OctetString.getInstance(ext.getParsedValue()).getOctets();
            }
            else
            {
                return calculateIdentifier(certHolder.getSubjectPublicKeyInfo());
            }
        }
    }

    private byte[] calculateIdentifier(SubjectPublicKeyInfo publicKeyInfo)
    {
        byte[] bytes = publicKeyInfo.getPublicKeyData().getBytes();

        OutputStream cOut = calculator.getOutputStream();

        try
        {
            cOut.write(bytes);

            cOut.close();
        }
        catch (IOException e)
        {   // it's hard to imagine this happening, but yes it does!
            throw new CertRuntimeException("unable to calculate identifier: " + e.getMessage(), e);
        }

        return calculator.getDigest();
    }
}

Params:	certHolder – the issuer certificate that the AuthorityKeyIdentifier should refer to.
Returns:	an AuthorityKeyIdentifier.

Params:	publicKeyInfo – the SubjectPublicKeyInfo to base the key identifier on.
Returns:	an AuthorityKeyIdentifier.

Params:	publicKeyInfo – the key info object containing the subjectPublicKey field.
Returns:	the key identifier.

/

org.bouncycastle/ bcpkix-jdk15on/ 1.61/ org/bouncycastle/cert/X509ExtensionUtils.java