001/* 002 * Copyright 2017-2020 Ping Identity Corporation 003 * All Rights Reserved. 004 */ 005/* 006 * Copyright 2017-2020 Ping Identity Corporation 007 * 008 * Licensed under the Apache License, Version 2.0 (the "License"); 009 * you may not use this file except in compliance with the License. 010 * You may obtain a copy of the License at 011 * 012 * http://www.apache.org/licenses/LICENSE-2.0 013 * 014 * Unless required by applicable law or agreed to in writing, software 015 * distributed under the License is distributed on an "AS IS" BASIS, 016 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 017 * See the License for the specific language governing permissions and 018 * limitations under the License. 019 */ 020/* 021 * Copyright (C) 2017-2020 Ping Identity Corporation 022 * 023 * This program is free software; you can redistribute it and/or modify 024 * it under the terms of the GNU General Public License (GPLv2 only) 025 * or the terms of the GNU Lesser General Public License (LGPLv2.1 only) 026 * as published by the Free Software Foundation. 027 * 028 * This program is distributed in the hope that it will be useful, 029 * but WITHOUT ANY WARRANTY; without even the implied warranty of 030 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 031 * GNU General Public License for more details. 032 * 033 * You should have received a copy of the GNU General Public License 034 * along with this program; if not, see <http://www.gnu.org/licenses>. 035 */ 036package com.unboundid.util.ssl.cert; 037 038 039 040import com.unboundid.asn1.ASN1OctetString; 041import com.unboundid.util.Debug; 042import com.unboundid.util.NotMutable; 043import com.unboundid.util.OID; 044import com.unboundid.util.StaticUtils; 045import com.unboundid.util.ThreadSafety; 046import com.unboundid.util.ThreadSafetyLevel; 047 048import static com.unboundid.util.ssl.cert.CertMessages.*; 049 050 051 052/** 053 * This class provides an implementation of the subject key identifier X.509 054 * certificate extension as described in 055 * <A HREF="https://www.ietf.org/rfc/rfc5280.txt">RFC 5280</A> section 4.2.1.2. 056 * The OID for this extension is 2.5.29.14. The value is an octet string and is 057 * intended to identify the public key used by a certificate. The actual format 058 * of the key identifier is not specified, although RFC 5280 does specify a 059 * couple of possibilities. 060 */ 061@NotMutable() 062@ThreadSafety(level=ThreadSafetyLevel.COMPLETELY_THREADSAFE) 063public final class SubjectKeyIdentifierExtension 064 extends X509CertificateExtension 065{ 066 /** 067 * The OID (2.5.29.14) for subject key identifier extensions. 068 */ 069 public static final OID SUBJECT_KEY_IDENTIFIER_OID = new OID("2.5.29.14"); 070 071 072 073 /** 074 * The name of the message digest algorithm that will be used to generate a 075 * certificate's subject key identifier from its public key. Note that we're 076 * using SHA-1 rather than something better (like SHA-256) because it appears 077 * that the Microsoft CA cannot handle a 256-bit identifier but will accept a 078 * 160-bit identifier. 079 */ 080 static final String SUBJECT_KEY_IDENTIFIER_DIGEST_ALGORITHM = "SHA-1"; 081 082 083 084 /** 085 * The serial version UID for this serializable class. 086 */ 087 private static final long serialVersionUID = -7175921866230880172L; 088 089 090 091 // The key identifier for this extension. 092 private final ASN1OctetString keyIdentifier; 093 094 095 096 /** 097 * Creates a new subject key identifier extension with the provided 098 * information. 099 * 100 * @param isCritical Indicates whether this extension should be 101 * considered critical. 102 * @param keyIdentifier The key identifier for this extension. It must not 103 * be {@code null}. 104 */ 105 SubjectKeyIdentifierExtension(final boolean isCritical, 106 final ASN1OctetString keyIdentifier) 107 { 108 super(SUBJECT_KEY_IDENTIFIER_OID, isCritical, 109 keyIdentifier.encode()); 110 111 this.keyIdentifier = keyIdentifier; 112 } 113 114 115 116 /** 117 * Creates a new subject key identifier extension from the provided generic 118 * extension. 119 * 120 * @param extension The extension to decode as a subject key identifier 121 * extension. 122 * 123 * @throws CertException If the provided extension cannot be decoded as a 124 * subject alternative name extension. 125 */ 126 SubjectKeyIdentifierExtension(final X509CertificateExtension extension) 127 throws CertException 128 { 129 super(extension); 130 131 try 132 { 133 keyIdentifier = ASN1OctetString.decodeAsOctetString(extension.getValue()); 134 } 135 catch (final Exception e) 136 { 137 Debug.debugException(e); 138 throw new CertException( 139 ERR_SUBJECT_KEY_ID_EXTENSION_CANNOT_PARSE.get( 140 String.valueOf(extension), StaticUtils.getExceptionMessage(e)), 141 e); 142 } 143 } 144 145 146 147 /** 148 * Retrieves the key identifier for this extension. 149 * 150 * @return The key identifier for this extension. 151 */ 152 public ASN1OctetString getKeyIdentifier() 153 { 154 return keyIdentifier; 155 } 156 157 158 159 /** 160 * {@inheritDoc} 161 */ 162 @Override() 163 public String getExtensionName() 164 { 165 return INFO_SUBJECT_KEY_IDENTIFIER_EXTENSION_NAME.get(); 166 } 167 168 169 170 /** 171 * {@inheritDoc} 172 */ 173 @Override() 174 public void toString(final StringBuilder buffer) 175 { 176 buffer.append("SubjectKeyIdentifierExtension(oid='"); 177 buffer.append(getOID()); 178 buffer.append(", isCritical="); 179 buffer.append(isCritical()); 180 buffer.append(", identifierBytes='"); 181 StaticUtils.toHex(keyIdentifier.getValue(), ":", buffer); 182 buffer.append("')"); 183 } 184}