001/*
002 * Copyright 2017-2019 Ping Identity Corporation
003 * All Rights Reserved.
004 */
005/*
006 * Copyright (C) 2017-2019 Ping Identity Corporation
007 *
008 * This program is free software; you can redistribute it and/or modify
009 * it under the terms of the GNU General Public License (GPLv2 only)
010 * or the terms of the GNU Lesser General Public License (LGPLv2.1 only)
011 * as published by the Free Software Foundation.
012 *
013 * This program is distributed in the hope that it will be useful,
014 * but WITHOUT ANY WARRANTY; without even the implied warranty of
015 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
016 * GNU General Public License for more details.
017 *
018 * You should have received a copy of the GNU General Public License
019 * along with this program; if not, see <http://www.gnu.org/licenses>.
020 */
021package com.unboundid.util.ssl.cert;
022
023
024
025import com.unboundid.asn1.ASN1OctetString;
026import com.unboundid.util.Debug;
027import com.unboundid.util.NotMutable;
028import com.unboundid.util.OID;
029import com.unboundid.util.StaticUtils;
030import com.unboundid.util.ThreadSafety;
031import com.unboundid.util.ThreadSafetyLevel;
032
033import static com.unboundid.util.ssl.cert.CertMessages.*;
034
035
036
037/**
038 * This class provides an implementation of the subject key identifier X.509
039 * certificate extension as described in
040 * <A HREF="https://www.ietf.org/rfc/rfc5280.txt">RFC 5280</A> section 4.2.1.2.
041 * The OID for this extension is 2.5.29.14.  The value is an octet string and is
042 * intended to identify the public key used by a certificate.  The actual format
043 * of the key identifier is not specified, although RFC 5280 does specify a
044 * couple of possibilities.
045 */
046@NotMutable()
047@ThreadSafety(level=ThreadSafetyLevel.COMPLETELY_THREADSAFE)
048public final class SubjectKeyIdentifierExtension
049       extends X509CertificateExtension
050{
051  /**
052   * The OID (2.5.29.14) for subject key identifier extensions.
053   */
054  public static final OID SUBJECT_KEY_IDENTIFIER_OID = new OID("2.5.29.14");
055
056
057
058  /**
059   * The serial version UID for this serializable class.
060   */
061  private static final long serialVersionUID = -7175921866230880172L;
062
063
064
065  // The key identifier for this extension.
066  private final ASN1OctetString keyIdentifier;
067
068
069
070  /**
071   * Creates a new subject key identifier extension with the provided
072   * information.
073   *
074   * @param  isCritical     Indicates whether this extension should be
075   *                        considered critical.
076   * @param  keyIdentifier  The key identifier for this extension.  It must not
077   *                        be {@code null}.
078   */
079  SubjectKeyIdentifierExtension(final boolean isCritical,
080                                final ASN1OctetString keyIdentifier)
081  {
082    super(SUBJECT_KEY_IDENTIFIER_OID, isCritical,
083         keyIdentifier.encode());
084
085    this.keyIdentifier = keyIdentifier;
086  }
087
088
089
090  /**
091   * Creates a new subject key identifier extension from the provided generic
092   * extension.
093   *
094   * @param  extension  The extension to decode as a subject key identifier
095   *                    extension.
096   *
097   * @throws  CertException  If the provided extension cannot be decoded as a
098   *                         subject alternative name extension.
099   */
100  SubjectKeyIdentifierExtension(final X509CertificateExtension extension)
101       throws CertException
102  {
103    super(extension);
104
105    try
106    {
107      keyIdentifier = ASN1OctetString.decodeAsOctetString(extension.getValue());
108    }
109    catch (final Exception e)
110    {
111      Debug.debugException(e);
112      throw new CertException(
113           ERR_SUBJECT_KEY_ID_EXTENSION_CANNOT_PARSE.get(
114                String.valueOf(extension), StaticUtils.getExceptionMessage(e)),
115           e);
116    }
117  }
118
119
120
121  /**
122   * Retrieves the key identifier for this extension.
123   *
124   * @return  The key identifier for this extension.
125   */
126  public ASN1OctetString getKeyIdentifier()
127  {
128    return keyIdentifier;
129  }
130
131
132
133  /**
134   * {@inheritDoc}
135   */
136  @Override()
137  public String getExtensionName()
138  {
139    return INFO_SUBJECT_KEY_IDENTIFIER_EXTENSION_NAME.get();
140  }
141
142
143
144  /**
145   * {@inheritDoc}
146   */
147  @Override()
148  public void toString(final StringBuilder buffer)
149  {
150    buffer.append("SubjectKeyIdentifierExtension(oid='");
151    buffer.append(getOID());
152    buffer.append(", isCritical=");
153    buffer.append(isCritical());
154    buffer.append(", identifierBytes='");
155    StaticUtils.toHex(keyIdentifier.getValue(), ":", buffer);
156    buffer.append("')");
157  }
158}