001/*
002 * Copyright 2017-2020 Ping Identity Corporation
003 * All Rights Reserved.
004 */
005/*
006 * Copyright 2017-2020 Ping Identity Corporation
007 *
008 * Licensed under the Apache License, Version 2.0 (the "License");
009 * you may not use this file except in compliance with the License.
010 * You may obtain a copy of the License at
011 *
012 *    http://www.apache.org/licenses/LICENSE-2.0
013 *
014 * Unless required by applicable law or agreed to in writing, software
015 * distributed under the License is distributed on an "AS IS" BASIS,
016 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
017 * See the License for the specific language governing permissions and
018 * limitations under the License.
019 */
020/*
021 * Copyright (C) 2017-2020 Ping Identity Corporation
022 *
023 * This program is free software; you can redistribute it and/or modify
024 * it under the terms of the GNU General Public License (GPLv2 only)
025 * or the terms of the GNU Lesser General Public License (LGPLv2.1 only)
026 * as published by the Free Software Foundation.
027 *
028 * This program is distributed in the hope that it will be useful,
029 * but WITHOUT ANY WARRANTY; without even the implied warranty of
030 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
031 * GNU General Public License for more details.
032 *
033 * You should have received a copy of the GNU General Public License
034 * along with this program; if not, see <http://www.gnu.org/licenses>.
035 */
036package com.unboundid.util.ssl.cert;
037
038
039
040import com.unboundid.asn1.ASN1OctetString;
041import com.unboundid.util.Debug;
042import com.unboundid.util.NotMutable;
043import com.unboundid.util.OID;
044import com.unboundid.util.StaticUtils;
045import com.unboundid.util.ThreadSafety;
046import com.unboundid.util.ThreadSafetyLevel;
047
048import static com.unboundid.util.ssl.cert.CertMessages.*;
049
050
051
052/**
053 * This class provides an implementation of the subject key identifier X.509
054 * certificate extension as described in
055 * <A HREF="https://www.ietf.org/rfc/rfc5280.txt">RFC 5280</A> section 4.2.1.2.
056 * The OID for this extension is 2.5.29.14.  The value is an octet string and is
057 * intended to identify the public key used by a certificate.  The actual format
058 * of the key identifier is not specified, although RFC 5280 does specify a
059 * couple of possibilities.
060 */
061@NotMutable()
062@ThreadSafety(level=ThreadSafetyLevel.COMPLETELY_THREADSAFE)
063public final class SubjectKeyIdentifierExtension
064       extends X509CertificateExtension
065{
066  /**
067   * The OID (2.5.29.14) for subject key identifier extensions.
068   */
069  public static final OID SUBJECT_KEY_IDENTIFIER_OID = new OID("2.5.29.14");
070
071
072
073  /**
074   * The name of the message digest algorithm that will be used to generate a
075   * certificate's subject key identifier from its public key.  Note that we're
076   * using SHA-1 rather than something better (like SHA-256) because it appears
077   * that the Microsoft CA cannot handle a 256-bit identifier but will accept a
078   * 160-bit identifier.
079   */
080  static final String SUBJECT_KEY_IDENTIFIER_DIGEST_ALGORITHM = "SHA-1";
081
082
083
084  /**
085   * The serial version UID for this serializable class.
086   */
087  private static final long serialVersionUID = -7175921866230880172L;
088
089
090
091  // The key identifier for this extension.
092  private final ASN1OctetString keyIdentifier;
093
094
095
096  /**
097   * Creates a new subject key identifier extension with the provided
098   * information.
099   *
100   * @param  isCritical     Indicates whether this extension should be
101   *                        considered critical.
102   * @param  keyIdentifier  The key identifier for this extension.  It must not
103   *                        be {@code null}.
104   */
105  SubjectKeyIdentifierExtension(final boolean isCritical,
106                                final ASN1OctetString keyIdentifier)
107  {
108    super(SUBJECT_KEY_IDENTIFIER_OID, isCritical,
109         keyIdentifier.encode());
110
111    this.keyIdentifier = keyIdentifier;
112  }
113
114
115
116  /**
117   * Creates a new subject key identifier extension from the provided generic
118   * extension.
119   *
120   * @param  extension  The extension to decode as a subject key identifier
121   *                    extension.
122   *
123   * @throws  CertException  If the provided extension cannot be decoded as a
124   *                         subject alternative name extension.
125   */
126  SubjectKeyIdentifierExtension(final X509CertificateExtension extension)
127       throws CertException
128  {
129    super(extension);
130
131    try
132    {
133      keyIdentifier = ASN1OctetString.decodeAsOctetString(extension.getValue());
134    }
135    catch (final Exception e)
136    {
137      Debug.debugException(e);
138      throw new CertException(
139           ERR_SUBJECT_KEY_ID_EXTENSION_CANNOT_PARSE.get(
140                String.valueOf(extension), StaticUtils.getExceptionMessage(e)),
141           e);
142    }
143  }
144
145
146
147  /**
148   * Retrieves the key identifier for this extension.
149   *
150   * @return  The key identifier for this extension.
151   */
152  public ASN1OctetString getKeyIdentifier()
153  {
154    return keyIdentifier;
155  }
156
157
158
159  /**
160   * {@inheritDoc}
161   */
162  @Override()
163  public String getExtensionName()
164  {
165    return INFO_SUBJECT_KEY_IDENTIFIER_EXTENSION_NAME.get();
166  }
167
168
169
170  /**
171   * {@inheritDoc}
172   */
173  @Override()
174  public void toString(final StringBuilder buffer)
175  {
176    buffer.append("SubjectKeyIdentifierExtension(oid='");
177    buffer.append(getOID());
178    buffer.append(", isCritical=");
179    buffer.append(isCritical());
180    buffer.append(", identifierBytes='");
181    StaticUtils.toHex(keyIdentifier.getValue(), ":", buffer);
182    buffer.append("')");
183  }
184}