001/* 002 * Copyright 2017-2019 Ping Identity Corporation 003 * All Rights Reserved. 004 */ 005/* 006 * Copyright (C) 2017-2019 Ping Identity Corporation 007 * 008 * This program is free software; you can redistribute it and/or modify 009 * it under the terms of the GNU General Public License (GPLv2 only) 010 * or the terms of the GNU Lesser General Public License (LGPLv2.1 only) 011 * as published by the Free Software Foundation. 012 * 013 * This program is distributed in the hope that it will be useful, 014 * but WITHOUT ANY WARRANTY; without even the implied warranty of 015 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 016 * GNU General Public License for more details. 017 * 018 * You should have received a copy of the GNU General Public License 019 * along with this program; if not, see <http://www.gnu.org/licenses>. 020 */ 021package com.unboundid.util.ssl.cert; 022 023 024 025import com.unboundid.asn1.ASN1OctetString; 026import com.unboundid.util.Debug; 027import com.unboundid.util.NotMutable; 028import com.unboundid.util.OID; 029import com.unboundid.util.StaticUtils; 030import com.unboundid.util.ThreadSafety; 031import com.unboundid.util.ThreadSafetyLevel; 032 033import static com.unboundid.util.ssl.cert.CertMessages.*; 034 035 036 037/** 038 * This class provides an implementation of the subject key identifier X.509 039 * certificate extension as described in 040 * <A HREF="https://www.ietf.org/rfc/rfc5280.txt">RFC 5280</A> section 4.2.1.2. 041 * The OID for this extension is 2.5.29.14. The value is an octet string and is 042 * intended to identify the public key used by a certificate. The actual format 043 * of the key identifier is not specified, although RFC 5280 does specify a 044 * couple of possibilities. 045 */ 046@NotMutable() 047@ThreadSafety(level=ThreadSafetyLevel.COMPLETELY_THREADSAFE) 048public final class SubjectKeyIdentifierExtension 049 extends X509CertificateExtension 050{ 051 /** 052 * The OID (2.5.29.14) for subject key identifier extensions. 053 */ 054 public static final OID SUBJECT_KEY_IDENTIFIER_OID = new OID("2.5.29.14"); 055 056 057 058 /** 059 * The name of the message digest algorithm that will be used to generate a 060 * certificate's subject key identifier from its public key. Note that we're 061 * using SHA-1 rather than something better (like SHA-256) because it appears 062 * that the Microsoft CA cannot handle a 256-bit identifier but will accept a 063 * 160-bit identifier. 064 */ 065 static final String SUBJECT_KEY_IDENTIFIER_DIGEST_ALGORITHM = "SHA-1"; 066 067 068 069 /** 070 * The serial version UID for this serializable class. 071 */ 072 private static final long serialVersionUID = -7175921866230880172L; 073 074 075 076 // The key identifier for this extension. 077 private final ASN1OctetString keyIdentifier; 078 079 080 081 /** 082 * Creates a new subject key identifier extension with the provided 083 * information. 084 * 085 * @param isCritical Indicates whether this extension should be 086 * considered critical. 087 * @param keyIdentifier The key identifier for this extension. It must not 088 * be {@code null}. 089 */ 090 SubjectKeyIdentifierExtension(final boolean isCritical, 091 final ASN1OctetString keyIdentifier) 092 { 093 super(SUBJECT_KEY_IDENTIFIER_OID, isCritical, 094 keyIdentifier.encode()); 095 096 this.keyIdentifier = keyIdentifier; 097 } 098 099 100 101 /** 102 * Creates a new subject key identifier extension from the provided generic 103 * extension. 104 * 105 * @param extension The extension to decode as a subject key identifier 106 * extension. 107 * 108 * @throws CertException If the provided extension cannot be decoded as a 109 * subject alternative name extension. 110 */ 111 SubjectKeyIdentifierExtension(final X509CertificateExtension extension) 112 throws CertException 113 { 114 super(extension); 115 116 try 117 { 118 keyIdentifier = ASN1OctetString.decodeAsOctetString(extension.getValue()); 119 } 120 catch (final Exception e) 121 { 122 Debug.debugException(e); 123 throw new CertException( 124 ERR_SUBJECT_KEY_ID_EXTENSION_CANNOT_PARSE.get( 125 String.valueOf(extension), StaticUtils.getExceptionMessage(e)), 126 e); 127 } 128 } 129 130 131 132 /** 133 * Retrieves the key identifier for this extension. 134 * 135 * @return The key identifier for this extension. 136 */ 137 public ASN1OctetString getKeyIdentifier() 138 { 139 return keyIdentifier; 140 } 141 142 143 144 /** 145 * {@inheritDoc} 146 */ 147 @Override() 148 public String getExtensionName() 149 { 150 return INFO_SUBJECT_KEY_IDENTIFIER_EXTENSION_NAME.get(); 151 } 152 153 154 155 /** 156 * {@inheritDoc} 157 */ 158 @Override() 159 public void toString(final StringBuilder buffer) 160 { 161 buffer.append("SubjectKeyIdentifierExtension(oid='"); 162 buffer.append(getOID()); 163 buffer.append(", isCritical="); 164 buffer.append(isCritical()); 165 buffer.append(", identifierBytes='"); 166 StaticUtils.toHex(keyIdentifier.getValue(), ":", buffer); 167 buffer.append("')"); 168 } 169}