001: package org.bouncycastle.asn1.isismtt.ocsp;
002:
003: import org.bouncycastle.asn1.ASN1Encodable;
004: import org.bouncycastle.asn1.ASN1EncodableVector;
005: import org.bouncycastle.asn1.ASN1Sequence;
006: import org.bouncycastle.asn1.DERObject;
007: import org.bouncycastle.asn1.DEROctetString;
008: import org.bouncycastle.asn1.DERSequence;
009: import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
010:
011: /**
012: * ISIS-MTT PROFILE: The responder may include this extension in a response to
013: * send the hash of the requested certificate to the responder. This hash is
014: * cryptographically bound to the certificate and serves as evidence that the
015: * certificate is known to the responder (i.e. it has been issued and is present
016: * in the directory). Hence, this extension is a means to provide a positive
017: * statement of availability as described in T8.[8]. As explained in T13.[1],
018: * clients may rely on this information to be able to validate signatures after
019: * the expiry of the corresponding certificate. Hence, clients MUST support this
020: * extension. If a positive statement of availability is to be delivered, this
021: * extension syntax and OID MUST be used.
022: * <p/>
023: * <p/>
024: * <pre>
025: * CertHash ::= SEQUENCE {
026: * hashAlgorithm AlgorithmIdentifier,
027: * certificateHash OCTET STRING
028: * }
029: * </pre>
030: */
031: public class CertHash extends ASN1Encodable {
032:
033: private AlgorithmIdentifier hashAlgorithm;
034: private byte[] certificateHash;
035:
036: public static CertHash getInstance(Object obj) {
037: if (obj == null || obj instanceof CertHash) {
038: return (CertHash) obj;
039: }
040:
041: if (obj instanceof ASN1Sequence) {
042: return new CertHash((ASN1Sequence) obj);
043: }
044:
045: throw new IllegalArgumentException(
046: "illegal object in getInstance: "
047: + obj.getClass().getName());
048: }
049:
050: /**
051: * Constructor from ASN1Sequence.
052: * <p/>
053: * The sequence is of type CertHash:
054: * <p/>
055: * <pre>
056: * CertHash ::= SEQUENCE {
057: * hashAlgorithm AlgorithmIdentifier,
058: * certificateHash OCTET STRING
059: * }
060: * </pre>
061: *
062: * @param seq The ASN.1 sequence.
063: */
064: private CertHash(ASN1Sequence seq) {
065: if (seq.size() != 2) {
066: throw new IllegalArgumentException("Bad sequence size: "
067: + seq.size());
068: }
069: hashAlgorithm = AlgorithmIdentifier.getInstance(seq
070: .getObjectAt(0));
071: certificateHash = DEROctetString
072: .getInstance(seq.getObjectAt(1)).getOctets();
073: }
074:
075: /**
076: * Constructor from a given details.
077: *
078: * @param hashAlgorithm The hash algorithm identifier.
079: * @param certificateHash The hash of the whole DER encoding of the certificate.
080: */
081: public CertHash(AlgorithmIdentifier hashAlgorithm,
082: byte[] certificateHash) {
083: this .hashAlgorithm = hashAlgorithm;
084: this .certificateHash = new byte[certificateHash.length];
085: System.arraycopy(certificateHash, 0, this .certificateHash, 0,
086: certificateHash.length);
087: }
088:
089: public AlgorithmIdentifier getHashAlgorithm() {
090: return hashAlgorithm;
091: }
092:
093: public byte[] getCertificateHash() {
094: return certificateHash;
095: }
096:
097: /**
098: * Produce an object suitable for an ASN1OutputStream.
099: * <p/>
100: * Returns:
101: * <p/>
102: * <pre>
103: * CertHash ::= SEQUENCE {
104: * hashAlgorithm AlgorithmIdentifier,
105: * certificateHash OCTET STRING
106: * }
107: * </pre>
108: *
109: * @return a DERObject
110: */
111: public DERObject toASN1Object() {
112: ASN1EncodableVector vec = new ASN1EncodableVector();
113: vec.add(hashAlgorithm);
114: vec.add(new DEROctetString(certificateHash));
115: return new DERSequence(vec);
116: }
117: }
|