1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
package org.spongycastle.asn1.crmf;
import org.spongycastle.asn1.ASN1EncodableVector;
import org.spongycastle.asn1.ASN1Object;
import org.spongycastle.asn1.ASN1Primitive;
import org.spongycastle.asn1.ASN1Sequence;
import org.spongycastle.asn1.ASN1TaggedObject;
import org.spongycastle.asn1.DERBitString;
import org.spongycastle.asn1.DERSequence;
import org.spongycastle.asn1.DERTaggedObject;
import org.spongycastle.asn1.x509.AlgorithmIdentifier;
public class POPOSigningKey
extends ASN1Object
{
private POPOSigningKeyInput poposkInput;
private AlgorithmIdentifier algorithmIdentifier;
private DERBitString signature;
private POPOSigningKey(ASN1Sequence seq)
{
int index = 0;
if (seq.getObjectAt(index) instanceof ASN1TaggedObject)
{
ASN1TaggedObject tagObj
= (ASN1TaggedObject)seq.getObjectAt(index++);
if (tagObj.getTagNo() != 0)
{
throw new IllegalArgumentException(
"Unknown POPOSigningKeyInput tag: " + tagObj.getTagNo());
}
poposkInput = POPOSigningKeyInput.getInstance(tagObj.getObject());
}
algorithmIdentifier = AlgorithmIdentifier.getInstance(seq.getObjectAt(index++));
signature = DERBitString.getInstance(seq.getObjectAt(index));
}
public static POPOSigningKey getInstance(Object o)
{
if (o instanceof POPOSigningKey)
{
return (POPOSigningKey)o;
}
if (o != null)
{
return new POPOSigningKey(ASN1Sequence.getInstance(o));
}
return null;
}
public static POPOSigningKey getInstance(ASN1TaggedObject obj, boolean explicit)
{
return getInstance(ASN1Sequence.getInstance(obj, explicit));
}
/**
* Creates a new Proof of Possession object for a signing key.
*
* @param poposkIn the POPOSigningKeyInput structure, or null if the
* CertTemplate includes both subject and publicKey values.
* @param aid the AlgorithmIdentifier used to sign the proof of possession.
* @param signature a signature over the DER-encoded value of poposkIn,
* or the DER-encoded value of certReq if poposkIn is null.
*/
public POPOSigningKey(
POPOSigningKeyInput poposkIn,
AlgorithmIdentifier aid,
DERBitString signature)
{
this.poposkInput = poposkIn;
this.algorithmIdentifier = aid;
this.signature = signature;
}
public POPOSigningKeyInput getPoposkInput()
{
return poposkInput;
}
public AlgorithmIdentifier getAlgorithmIdentifier()
{
return algorithmIdentifier;
}
public DERBitString getSignature()
{
return signature;
}
/**
* <pre>
* POPOSigningKey ::= SEQUENCE {
* poposkInput [0] POPOSigningKeyInput OPTIONAL,
* algorithmIdentifier AlgorithmIdentifier,
* signature BIT STRING }
* -- The signature (using "algorithmIdentifier") is on the
* -- DER-encoded value of poposkInput. NOTE: If the CertReqMsg
* -- certReq CertTemplate contains the subject and publicKey values,
* -- then poposkInput MUST be omitted and the signature MUST be
* -- computed on the DER-encoded value of CertReqMsg certReq. If
* -- the CertReqMsg certReq CertTemplate does not contain the public
* -- key and subject values, then poposkInput MUST be present and
* -- MUST be signed. This strategy ensures that the public key is
* -- not present in both the poposkInput and CertReqMsg certReq
* -- CertTemplate fields.
* </pre>
*
* @return a basic ASN.1 object representation.
*/
public ASN1Primitive toASN1Primitive()
{
ASN1EncodableVector v = new ASN1EncodableVector();
if (poposkInput != null)
{
v.add(new DERTaggedObject(false, 0, poposkInput));
}
v.add(algorithmIdentifier);
v.add(signature);
return new DERSequence(v);
}
}
|
