| package org.bouncycastle.asn1.x509; |
| |
| import org.bouncycastle.asn1.ASN1Object; |
| import org.bouncycastle.asn1.ASN1OctetString; |
| import org.bouncycastle.asn1.ASN1Primitive; |
| import org.bouncycastle.asn1.ASN1TaggedObject; |
| import org.bouncycastle.asn1.DEROctetString; |
| import org.bouncycastle.crypto.Digest; |
| // BEGIN android-changed |
| import org.bouncycastle.crypto.digests.OpenSSLDigest; |
| // END android-changed |
| |
| /** |
| * The SubjectKeyIdentifier object. |
| * <pre> |
| * SubjectKeyIdentifier::= OCTET STRING |
| * </pre> |
| */ |
| public class SubjectKeyIdentifier |
| extends ASN1Object |
| { |
| private byte[] keyidentifier; |
| |
| public static SubjectKeyIdentifier getInstance( |
| ASN1TaggedObject obj, |
| boolean explicit) |
| { |
| return getInstance(ASN1OctetString.getInstance(obj, explicit)); |
| } |
| |
| public static SubjectKeyIdentifier getInstance( |
| Object obj) |
| { |
| if (obj instanceof SubjectKeyIdentifier) |
| { |
| return (SubjectKeyIdentifier)obj; |
| } |
| else if (obj != null) |
| { |
| return new SubjectKeyIdentifier(ASN1OctetString.getInstance(obj)); |
| } |
| |
| return null; |
| } |
| |
| public SubjectKeyIdentifier( |
| byte[] keyid) |
| { |
| this.keyidentifier = keyid; |
| } |
| |
| protected SubjectKeyIdentifier( |
| ASN1OctetString keyid) |
| { |
| this.keyidentifier = keyid.getOctets(); |
| } |
| |
| public byte[] getKeyIdentifier() |
| { |
| return keyidentifier; |
| } |
| |
| public ASN1Primitive toASN1Primitive() |
| { |
| return new DEROctetString(keyidentifier); |
| } |
| |
| |
| /** |
| * Calculates the keyidentifier using a SHA1 hash over the BIT STRING |
| * from SubjectPublicKeyInfo as defined in RFC3280. |
| * |
| * @param spki the subject public key info. |
| * @deprecated |
| */ |
| public SubjectKeyIdentifier( |
| SubjectPublicKeyInfo spki) |
| { |
| this.keyidentifier = getDigest(spki); |
| } |
| |
| /** |
| * Return a RFC 3280 type 1 key identifier. As in: |
| * <pre> |
| * (1) The keyIdentifier is composed of the 160-bit SHA-1 hash of the |
| * value of the BIT STRING subjectPublicKey (excluding the tag, |
| * length, and number of unused bits). |
| * </pre> |
| * @param keyInfo the key info object containing the subjectPublicKey field. |
| * @return the key identifier. |
| * @deprecated use org.bouncycastle.cert.X509ExtensionUtils.createSubjectKeyIdentifier |
| */ |
| public static SubjectKeyIdentifier createSHA1KeyIdentifier(SubjectPublicKeyInfo keyInfo) |
| { |
| return new SubjectKeyIdentifier(keyInfo); |
| } |
| |
| /** |
| * Return a RFC 3280 type 2 key identifier. As in: |
| * <pre> |
| * (2) The keyIdentifier is composed of a four bit type field with |
| * the value 0100 followed by the least significant 60 bits of the |
| * SHA-1 hash of the value of the BIT STRING subjectPublicKey. |
| * </pre> |
| * @param keyInfo the key info object containing the subjectPublicKey field. |
| * @return the key identifier. |
| * @deprecated use org.bouncycastle.cert.X509ExtensionUtils.createTruncatedSubjectKeyIdentifier |
| */ |
| public static SubjectKeyIdentifier createTruncatedSHA1KeyIdentifier(SubjectPublicKeyInfo keyInfo) |
| { |
| byte[] dig = getDigest(keyInfo); |
| byte[] id = new byte[8]; |
| |
| System.arraycopy(dig, dig.length - 8, id, 0, id.length); |
| |
| id[0] &= 0x0f; |
| id[0] |= 0x40; |
| |
| return new SubjectKeyIdentifier(id); |
| } |
| |
| private static byte[] getDigest(SubjectPublicKeyInfo spki) |
| { |
| // BEGIN android-changed |
| Digest digest = new OpenSSLDigest.SHA1(); |
| // END android-changed |
| byte[] resBuf = new byte[digest.getDigestSize()]; |
| |
| byte[] bytes = spki.getPublicKeyData().getBytes(); |
| digest.update(bytes, 0, bytes.length); |
| digest.doFinal(resBuf, 0); |
| return resBuf; |
| } |
| } |
