Merge "Merge remote-tracking branch 'aosp/upstream-master' into merge-152-from-upstream"

author: Sergio Giro <sgiro@google.com> 2016-02-01 18:52:42 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> 2016-02-01 18:52:42 +0000
commit: 9218edabd1ef9852bc2f13115dcadc81b442dd6c (patch)
tree: 8229ff72c8cbb06f49dce3a8382930919fa6fc2b /bcprov/src/main/java/org/bouncycastle/asn1/isismtt/ocsp/CertHash.java
parent: 9b30eb05e5be69d51881a0d1b31e503e97acd784 (diff)
parent: 397d32894b89b506dc318e0f83446187c9b76ebe (diff)
download: android_external_bouncycastle-9218edabd1ef9852bc2f13115dcadc81b442dd6c.tar.gz
android_external_bouncycastle-9218edabd1ef9852bc2f13115dcadc81b442dd6c.tar.bz2
android_external_bouncycastle-9218edabd1ef9852bc2f13115dcadc81b442dd6c.zip
1 files changed, 120 insertions, 0 deletions
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/ocsp/CertHash.java b/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/ocsp/CertHash.java
new file mode 100644
index 0000000..dff3d84
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/ocsp/CertHash.java
@@ -0,0 +1,120 @@
+package org.bouncycastle.asn1.isismtt.ocsp;
+
+import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1Object;
+import org.bouncycastle.asn1.ASN1Primitive;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DEROctetString;
+import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+
+/**
+ * ISIS-MTT PROFILE: The responder may include this extension in a response to
+ * send the hash of the requested certificate to the responder. This hash is
+ * cryptographically bound to the certificate and serves as evidence that the
+ * certificate is known to the responder (i.e. it has been issued and is present
+ * in the directory). Hence, this extension is a means to provide a positive
+ * statement of availability as described in T8.[8]. As explained in T13.[1],
+ * clients may rely on this information to be able to validate signatures after
+ * the expiry of the corresponding certificate. Hence, clients MUST support this
+ * extension. If a positive statement of availability is to be delivered, this
+ * extension syntax and OID MUST be used.
+ * <pre>
+ *     CertHash ::= SEQUENCE {
+ *       hashAlgorithm AlgorithmIdentifier,
+ *       certificateHash OCTET STRING
+ *     }
+ * </pre>
+ */
+public class CertHash
+    extends ASN1Object
+{
+
+    private AlgorithmIdentifier hashAlgorithm;
+    private byte[] certificateHash;
+
+    public static CertHash getInstance(Object obj)
+    {
+        if (obj == null || obj instanceof CertHash)
+        {
+            return (CertHash)obj;
+        }
+
+        if (obj instanceof ASN1Sequence)
+        {
+            return new CertHash((ASN1Sequence)obj);
+        }
+
+        throw new IllegalArgumentException("illegal object in getInstance: "
+            + obj.getClass().getName());
+    }
+
+    /**
+     * Constructor from ASN1Sequence.
+     * <p>
+     * The sequence is of type CertHash:
+     * <pre>
+     *     CertHash ::= SEQUENCE {
+     *       hashAlgorithm AlgorithmIdentifier,
+     *       certificateHash OCTET STRING
+     *     }
+     * </pre>
+     * </p>
+     * @param seq The ASN.1 sequence.
+     */
+    private CertHash(ASN1Sequence seq)
+    {
+        if (seq.size() != 2)
+        {
+            throw new IllegalArgumentException("Bad sequence size: "
+                + seq.size());
+        }
+        hashAlgorithm = AlgorithmIdentifier.getInstance(seq.getObjectAt(0));
+        certificateHash = DEROctetString.getInstance(seq.getObjectAt(1)).getOctets();
+    }
+
+    /**
+     * Constructor from a given details.
+     *
+     * @param hashAlgorithm   The hash algorithm identifier.
+     * @param certificateHash The hash of the whole DER encoding of the certificate.
+     */
+    public CertHash(AlgorithmIdentifier hashAlgorithm, byte[] certificateHash)
+    {
+        this.hashAlgorithm = hashAlgorithm;
+        this.certificateHash = new byte[certificateHash.length];
+        System.arraycopy(certificateHash, 0, this.certificateHash, 0,
+            certificateHash.length);
+    }
+
+    public AlgorithmIdentifier getHashAlgorithm()
+    {
+        return hashAlgorithm;
+    }
+
+    public byte[] getCertificateHash()
+    {
+        return certificateHash;
+    }
+
+    /**
+     * Produce an object suitable for an ASN1OutputStream.
+     * <p>
+     * Returns:
+     * <pre>
+     *     CertHash ::= SEQUENCE {
+     *       hashAlgorithm AlgorithmIdentifier,
+     *       certificateHash OCTET STRING
+     *     }
+     * </pre>
+     *
+     * @return a DERObject
+     */
+    public ASN1Primitive toASN1Primitive()
+    {
+        ASN1EncodableVector vec = new ASN1EncodableVector();
+        vec.add(hashAlgorithm);
+        vec.add(new DEROctetString(certificateHash));
+        return new DERSequence(vec);
+    }
+}
author	Sergio Giro <sgiro@google.com>	2016-02-01 18:52:42 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	2016-02-01 18:52:42 +0000
commit	9218edabd1ef9852bc2f13115dcadc81b442dd6c (patch)
tree	8229ff72c8cbb06f49dce3a8382930919fa6fc2b /bcprov/src/main/java/org/bouncycastle/asn1/isismtt/ocsp/CertHash.java
parent	9b30eb05e5be69d51881a0d1b31e503e97acd784 (diff)
parent	397d32894b89b506dc318e0f83446187c9b76ebe (diff)
download	android_external_bouncycastle-9218edabd1ef9852bc2f13115dcadc81b442dd6c.tar.gz android_external_bouncycastle-9218edabd1ef9852bc2f13115dcadc81b442dd6c.tar.bz2 android_external_bouncycastle-9218edabd1ef9852bc2f13115dcadc81b442dd6c.zip