sun.security.x509.KeyIdentifier Java Examples

/**
 * Constructs a {@code ResponderId} object from its DER-encoding.
 *
 * @param encodedData the DER-encoded bytes
 *
 * @throws IOException if the encodedData is not properly DER encoded
 */
public ResponderId(byte[] encodedData) throws IOException {
    DerValue outer = new DerValue(encodedData);

    if (outer.isContextSpecific((byte)Type.BY_NAME.value())
            && outer.isConstructed()) {
        // Use the X500Principal constructor as a way to sanity
        // check the incoming data.
        responderName = new X500Principal(outer.getDataBytes());
        encodedRid = principalToBytes();
        type = Type.BY_NAME;
    } else if (outer.isContextSpecific((byte)Type.BY_KEY.value())
            && outer.isConstructed()) {
        // Use the KeyIdentifier constructor as a way to sanity
        // check the incoming data.
        responderKeyId =
            new KeyIdentifier(new DerValue(outer.getDataBytes()));
        encodedRid = keyIdToBytes();
        type = Type.BY_KEY;
    } else {
        throw new IOException("Invalid ResponderId content");
    }
}
 

/**
 * Sets the subjectKeyIdentifier and serialNumber criteria from the
 * authority key identifier extension.
 *
 * The subjectKeyIdentifier criterion is set to the keyIdentifier field
 * of the extension, or null if it is empty. The serialNumber criterion
 * is set to the authorityCertSerialNumber field, or null if it is empty.
 *
 * Note that we do not set the subject criterion to the
 * authorityCertIssuer field of the extension. The caller MUST set
 * the subject criterion before calling match().
 *
 * @param ext the authorityKeyIdentifier extension
 * @throws IOException if there is an error parsing the extension
 */
void setSkiAndSerialNumber(AuthorityKeyIdentifierExtension ext)
    throws IOException {

    ski = null;
    serial = null;

    if (ext != null) {
        KeyIdentifier akid = (KeyIdentifier)ext.get(
            AuthorityKeyIdentifierExtension.KEY_ID);
        if (akid != null) {
            DerOutputStream derout = new DerOutputStream();
            derout.putOctetString(akid.getIdentifier());
            ski = derout.toByteArray();
        }
        SerialNumber asn = (SerialNumber)ext.get(
            AuthorityKeyIdentifierExtension.SERIAL_NUMBER);
        if (asn != null) {
            serial = asn.getNumber();
        }
        // the subject criterion should be set by the caller
    }
}
 

/**
 * Sets the subjectKeyIdentifier and serialNumber criteria from the
 * authority key identifier extension.
 *
 * The subjectKeyIdentifier criterion is set to the keyIdentifier field
 * of the extension, or null if it is empty. The serialNumber criterion
 * is set to the authorityCertSerialNumber field, or null if it is empty.
 *
 * Note that we do not set the subject criterion to the
 * authorityCertIssuer field of the extension. The caller MUST set
 * the subject criterion before calling match().
 *
 * @param ext the authorityKeyIdentifier extension
 * @throws IOException if there is an error parsing the extension
 */
void setSkiAndSerialNumber(AuthorityKeyIdentifierExtension ext)
    throws IOException {

    ski = null;
    serial = null;

    if (ext != null) {
        KeyIdentifier akid = (KeyIdentifier)ext.get(
            AuthorityKeyIdentifierExtension.KEY_ID);
        if (akid != null) {
            DerOutputStream derout = new DerOutputStream();
            derout.putOctetString(akid.getIdentifier());
            ski = derout.toByteArray();
        }
        SerialNumber asn = (SerialNumber)ext.get(
            AuthorityKeyIdentifierExtension.SERIAL_NUMBER);
        if (asn != null) {
            serial = asn.getNumber();
        }
        // the subject criterion should be set by the caller
    }
}
 

/**
 * Constructs a {@code ResponderId} object from its DER-encoding.
 *
 * @param encodedData the DER-encoded bytes
 *
 * @throws IOException if the encodedData is not properly DER encoded
 */
public ResponderId(byte[] encodedData) throws IOException {
    DerValue outer = new DerValue(encodedData);

    if (outer.isContextSpecific((byte)Type.BY_NAME.value())
            && outer.isConstructed()) {
        // Use the X500Principal constructor as a way to sanity
        // check the incoming data.
        responderName = new X500Principal(outer.getDataBytes());
        encodedRid = principalToBytes();
        type = Type.BY_NAME;
    } else if (outer.isContextSpecific((byte)Type.BY_KEY.value())
            && outer.isConstructed()) {
        // Use the KeyIdentifier constructor as a way to sanity
        // check the incoming data.
        responderKeyId =
            new KeyIdentifier(new DerValue(outer.getDataBytes()));
        encodedRid = keyIdToBytes();
        type = Type.BY_KEY;
    } else {
        throw new IOException("Invalid ResponderId content");
    }
}
 

/**
 * Constructs a {@code ResponderId} object from its DER-encoding.
 *
 * @param encodedData the DER-encoded bytes
 *
 * @throws IOException if the encodedData is not properly DER encoded
 */
public ResponderId(byte[] encodedData) throws IOException {
    DerValue outer = new DerValue(encodedData);

    if (outer.isContextSpecific((byte)Type.BY_NAME.value())
            && outer.isConstructed()) {
        // Use the X500Principal constructor as a way to sanity
        // check the incoming data.
        responderName = new X500Principal(outer.getDataBytes());
        encodedRid = principalToBytes();
        type = Type.BY_NAME;
    } else if (outer.isContextSpecific((byte)Type.BY_KEY.value())
            && outer.isConstructed()) {
        // Use the KeyIdentifier constructor as a way to sanity
        // check the incoming data.
        responderKeyId =
            new KeyIdentifier(new DerValue(outer.getDataBytes()));
        encodedRid = keyIdToBytes();
        type = Type.BY_KEY;
    } else {
        throw new IOException("Invalid ResponderId content");
    }
}
 

/**
 * Constructs a {@code ResponderId} object from its DER-encoding.
 *
 * @param encodedData the DER-encoded bytes
 *
 * @throws IOException if the encodedData is not properly DER encoded
 */
public ResponderId(byte[] encodedData) throws IOException {
    DerValue outer = new DerValue(encodedData);

    if (outer.isContextSpecific((byte)Type.BY_NAME.value())
            && outer.isConstructed()) {
        // Use the X500Principal constructor as a way to sanity
        // check the incoming data.
        responderName = new X500Principal(outer.getDataBytes());
        encodedRid = principalToBytes();
        type = Type.BY_NAME;
    } else if (outer.isContextSpecific((byte)Type.BY_KEY.value())
            && outer.isConstructed()) {
        // Use the KeyIdentifier constructor as a way to sanity
        // check the incoming data.
        responderKeyId =
            new KeyIdentifier(new DerValue(outer.getDataBytes()));
        encodedRid = keyIdToBytes();
        type = Type.BY_KEY;
    } else {
        throw new IOException("Invalid ResponderId content");
    }
}
 

/**
 * Constructs a {@code ResponderId} object from its DER-encoding.
 *
 * @param encodedData the DER-encoded bytes
 *
 * @throws IOException if the encodedData is not properly DER encoded
 */
public ResponderId(byte[] encodedData) throws IOException {
    DerValue outer = new DerValue(encodedData);

    if (outer.isContextSpecific((byte)Type.BY_NAME.value())
            && outer.isConstructed()) {
        // Use the X500Principal constructor as a way to sanity
        // check the incoming data.
        responderName = new X500Principal(outer.getDataBytes());
        encodedRid = principalToBytes();
        type = Type.BY_NAME;
    } else if (outer.isContextSpecific((byte)Type.BY_KEY.value())
            && outer.isConstructed()) {
        // Use the KeyIdentifier constructor as a way to sanity
        // check the incoming data.
        responderKeyId =
            new KeyIdentifier(new DerValue(outer.getDataBytes()));
        encodedRid = keyIdToBytes();
        type = Type.BY_KEY;
    } else {
        throw new IOException("Invalid ResponderId content");
    }
}
 

/**
 * Constructs a {@code ResponderId} object from its DER-encoding.
 *
 * @param encodedData the DER-encoded bytes
 *
 * @throws IOException if the encodedData is not properly DER encoded
 */
public ResponderId(byte[] encodedData) throws IOException {
    DerValue outer = new DerValue(encodedData);

    if (outer.isContextSpecific((byte)Type.BY_NAME.value())
            && outer.isConstructed()) {
        // Use the X500Principal constructor as a way to sanity
        // check the incoming data.
        responderName = new X500Principal(outer.getDataBytes());
        encodedRid = principalToBytes();
        type = Type.BY_NAME;
    } else if (outer.isContextSpecific((byte)Type.BY_KEY.value())
            && outer.isConstructed()) {
        // Use the KeyIdentifier constructor as a way to sanity
        // check the incoming data.
        responderKeyId =
            new KeyIdentifier(new DerValue(outer.getDataBytes()));
        encodedRid = keyIdToBytes();
        type = Type.BY_KEY;
    } else {
        throw new IOException("Invalid ResponderId content");
    }
}
 

/**
 * Sets the subjectKeyIdentifier and serialNumber criteria from the
 * authority key identifier extension.
 *
 * The subjectKeyIdentifier criterion is set to the keyIdentifier field
 * of the extension, or null if it is empty. The serialNumber criterion
 * is set to the authorityCertSerialNumber field, or null if it is empty.
 *
 * Note that we do not set the subject criterion to the
 * authorityCertIssuer field of the extension. The caller MUST set
 * the subject criterion before calling match().
 *
 * @param ext the authorityKeyIdentifier extension
 * @throws IOException if there is an error parsing the extension
 */
void setSkiAndSerialNumber(AuthorityKeyIdentifierExtension ext)
    throws IOException {

    ski = null;
    serial = null;

    if (ext != null) {
        KeyIdentifier akid = (KeyIdentifier)ext.get(
            AuthorityKeyIdentifierExtension.KEY_ID);
        if (akid != null) {
            DerOutputStream derout = new DerOutputStream();
            derout.putOctetString(akid.getIdentifier());
            ski = derout.toByteArray();
        }
        SerialNumber asn = (SerialNumber)ext.get(
            AuthorityKeyIdentifierExtension.SERIAL_NUMBER);
        if (asn != null) {
            serial = asn.getNumber();
        }
        // the subject criterion should be set by the caller
    }
}
 

/**
 * Constructs a {@code ResponderId} object from its DER-encoding.
 *
 * @param encodedData the DER-encoded bytes
 *
 * @throws IOException if the encodedData is not properly DER encoded
 */
public ResponderId(byte[] encodedData) throws IOException {
    DerValue outer = new DerValue(encodedData);

    if (outer.isContextSpecific((byte)Type.BY_NAME.value())
            && outer.isConstructed()) {
        // Use the X500Principal constructor as a way to sanity
        // check the incoming data.
        responderName = new X500Principal(outer.getDataBytes());
        encodedRid = principalToBytes();
        type = Type.BY_NAME;
    } else if (outer.isContextSpecific((byte)Type.BY_KEY.value())
            && outer.isConstructed()) {
        // Use the KeyIdentifier constructor as a way to sanity
        // check the incoming data.
        responderKeyId =
            new KeyIdentifier(new DerValue(outer.getDataBytes()));
        encodedRid = keyIdToBytes();
        type = Type.BY_KEY;
    } else {
        throw new IOException("Invalid ResponderId content");
    }
}
 

private void testAuthorityKeyIdentifier() throws IOException {
    System.out.println("X.509 Certificate Match on authorityKeyIdentifier");
    // bad match
    X509CertSelector selector = new X509CertSelector();
    byte[] b = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 };
    AuthorityKeyIdentifierExtension a = new AuthorityKeyIdentifierExtension(new KeyIdentifier(b), null, null);
    selector.setAuthorityKeyIdentifier(a.getExtensionValue());
    checkMatch(selector, cert, false);

    // good match
    DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.35"));
    byte[] encoded = in.getOctetString();
    selector.setAuthorityKeyIdentifier(encoded);
    checkMatch(selector, cert, true);
}
 

/**
 * Parse the authority key identifier extension.
 *
 * If the keyIdentifier field of the extension is non-null, set the
 * subjectKeyIdentifier criterion. If the authorityCertSerialNumber
 * field is non-null, set the serialNumber criterion.
 *
 * Note that we will not set the subject criterion according to the
 * authorityCertIssuer field of the extension. The caller MUST set
 * the subject criterion before call match().
 *
 * @param akidext the authorityKeyIdentifier extension
 */
void parseAuthorityKeyIdentifierExtension(
        AuthorityKeyIdentifierExtension akidext) throws IOException {
    if (akidext != null) {
        KeyIdentifier akid = (KeyIdentifier)akidext.get(
                AuthorityKeyIdentifierExtension.KEY_ID);
        if (akid != null) {
            // Do not override the previous setting for initial selection.
            if (isSKIDSensitive || getSubjectKeyIdentifier() == null) {
                DerOutputStream derout = new DerOutputStream();
                derout.putOctetString(akid.getIdentifier());
                super.setSubjectKeyIdentifier(derout.toByteArray());

                isSKIDSensitive = true;
            }
        }

        SerialNumber asn = (SerialNumber)akidext.get(
                AuthorityKeyIdentifierExtension.SERIAL_NUMBER);
        if (asn != null) {
            // Do not override the previous setting for initial selection.
            if (isSNSensitive || getSerialNumber() == null) {
                super.setSerialNumber(asn.getNumber());
                isSNSensitive = true;
            }
        }

        // the subject criterion should be set by the caller.
    }
}
 

private void testAuthorityKeyIdentifier() throws IOException {
    System.out.println("X.509 Certificate Match on authorityKeyIdentifier");
    // bad match
    X509CertSelector selector = new X509CertSelector();
    byte[] b = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 };
    AuthorityKeyIdentifierExtension a = new AuthorityKeyIdentifierExtension(new KeyIdentifier(b), null, null);
    selector.setAuthorityKeyIdentifier(a.getExtensionValue());
    checkMatch(selector, cert, false);

    // good match
    DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.35"));
    byte[] encoded = in.getOctetString();
    selector.setAuthorityKeyIdentifier(encoded);
    checkMatch(selector, cert, true);
}
 

private void testAuthorityKeyIdentifier() throws IOException {
    System.out.println("X.509 Certificate Match on authorityKeyIdentifier");
    // bad match
    X509CertSelector selector = new X509CertSelector();
    byte[] b = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 };
    AuthorityKeyIdentifierExtension a = new AuthorityKeyIdentifierExtension(new KeyIdentifier(b), null, null);
    selector.setAuthorityKeyIdentifier(a.getExtensionValue());
    checkMatch(selector, cert, false);

    // good match
    DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.35"));
    byte[] encoded = in.getOctetString();
    selector.setAuthorityKeyIdentifier(encoded);
    checkMatch(selector, cert, true);
}
 

private void testAuthorityKeyIdentifier() throws IOException {
    System.out.println("X.509 Certificate Match on authorityKeyIdentifier");
    // bad match
    X509CertSelector selector = new X509CertSelector();
    byte[] b = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 };
    AuthorityKeyIdentifierExtension a = new AuthorityKeyIdentifierExtension(new KeyIdentifier(b), null, null);
    selector.setAuthorityKeyIdentifier(a.getExtensionValue());
    checkMatch(selector, cert, false);

    // good match
    DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.35"));
    byte[] encoded = in.getOctetString();
    selector.setAuthorityKeyIdentifier(encoded);
    checkMatch(selector, cert, true);
}
 

private void testAuthorityKeyIdentifier() throws IOException {
    System.out.println("X.509 Certificate Match on authorityKeyIdentifier");
    // bad match
    X509CertSelector selector = new X509CertSelector();
    byte[] b = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 };
    AuthorityKeyIdentifierExtension a = new AuthorityKeyIdentifierExtension(new KeyIdentifier(b), null, null);
    selector.setAuthorityKeyIdentifier(a.getExtensionValue());
    checkMatch(selector, cert, false);

    // good match
    DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.35"));
    byte[] encoded = in.getOctetString();
    selector.setAuthorityKeyIdentifier(encoded);
    checkMatch(selector, cert, true);
}
 

/**
 * Parse the authority key identifier extension.
 *
 * If the keyIdentifier field of the extension is non-null, set the
 * subjectKeyIdentifier criterion. If the authorityCertSerialNumber
 * field is non-null, set the serialNumber criterion.
 *
 * Note that we will not set the subject criterion according to the
 * authorityCertIssuer field of the extension. The caller MUST set
 * the subject criterion before call match().
 *
 * @param akidext the authorityKeyIdentifier extension
 */
void parseAuthorityKeyIdentifierExtension(
        AuthorityKeyIdentifierExtension akidext) throws IOException {
    if (akidext != null) {
        KeyIdentifier akid = (KeyIdentifier)akidext.get(
                AuthorityKeyIdentifierExtension.KEY_ID);
        if (akid != null) {
            // Do not override the previous setting for initial selection.
            if (isSKIDSensitive || getSubjectKeyIdentifier() == null) {
                DerOutputStream derout = new DerOutputStream();
                derout.putOctetString(akid.getIdentifier());
                super.setSubjectKeyIdentifier(derout.toByteArray());

                isSKIDSensitive = true;
            }
        }

        SerialNumber asn = (SerialNumber)akidext.get(
                AuthorityKeyIdentifierExtension.SERIAL_NUMBER);
        if (asn != null) {
            // Do not override the previous setting for initial selection.
            if (isSNSensitive || getSerialNumber() == null) {
                super.setSerialNumber(asn.getNumber());
                isSNSensitive = true;
            }
        }

        // the subject criterion should be set by the caller.
    }
}
 

/**
 * Parse the authority key identifier extension.
 *
 * If the keyIdentifier field of the extension is non-null, set the
 * subjectKeyIdentifier criterion. If the authorityCertSerialNumber
 * field is non-null, set the serialNumber criterion.
 *
 * Note that we will not set the subject criterion according to the
 * authorityCertIssuer field of the extension. The caller MUST set
 * the subject criterion before call match().
 *
 * @param akidext the authorityKeyIdentifier extension
 */
void parseAuthorityKeyIdentifierExtension(
        AuthorityKeyIdentifierExtension akidext) throws IOException {
    if (akidext != null) {
        KeyIdentifier akid = (KeyIdentifier)akidext.get(
                AuthorityKeyIdentifierExtension.KEY_ID);
        if (akid != null) {
            // Do not override the previous setting for initial selection.
            if (isSKIDSensitive || getSubjectKeyIdentifier() == null) {
                DerOutputStream derout = new DerOutputStream();
                derout.putOctetString(akid.getIdentifier());
                super.setSubjectKeyIdentifier(derout.toByteArray());

                isSKIDSensitive = true;
            }
        }

        SerialNumber asn = (SerialNumber)akidext.get(
                AuthorityKeyIdentifierExtension.SERIAL_NUMBER);
        if (asn != null) {
            // Do not override the previous setting for initial selection.
            if (isSNSensitive || getSerialNumber() == null) {
                super.setSerialNumber(asn.getNumber());
                isSNSensitive = true;
            }
        }

        // the subject criterion should be set by the caller.
    }
}
 

private void testAuthorityKeyIdentifier() throws IOException {
    System.out.println("X.509 Certificate Match on authorityKeyIdentifier");
    // bad match
    X509CertSelector selector = new X509CertSelector();
    byte[] b = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 };
    AuthorityKeyIdentifierExtension a = new AuthorityKeyIdentifierExtension(new KeyIdentifier(b), null, null);
    selector.setAuthorityKeyIdentifier(a.getExtensionValue());
    checkMatch(selector, cert, false);

    // good match
    DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.35"));
    byte[] encoded = in.getOctetString();
    selector.setAuthorityKeyIdentifier(encoded);
    checkMatch(selector, cert, true);
}
 

@Override
public Map.Entry<Boolean, String> runTest() {
    Boolean pass = Boolean.FALSE;
    String message = null;

    try {
        // Test methods for pulling out the underlying
        // KeyIdentifier object.  Note: There is a minute chance that
        // an RSA public key, once hashed into a key ID might collide
        // with the one extracted from the certificate used to create
        // respByKeyId.  This is so unlikely to happen it is considered
        // virtually impossible.
        KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
        kpg.initialize(2048);
        KeyPair rsaKey = kpg.generateKeyPair();
        KeyIdentifier testKeyId = new KeyIdentifier(rsaKey.getPublic());

        if (respByKeyId.getKeyIdentifier().equals(testKeyId)) {
            message = "Unexpected match in ResponderId Key ID";
        } else if (respByName.getKeyIdentifier() != null) {
            message = "Non-null key ID returned from " +
                    "ResponderId constructed byName";
        } else {
            pass = Boolean.TRUE;
        }
    } catch (Exception e) {
        e.printStackTrace(System.out);
        message = e.getClass().getName();
    }

    return new AbstractMap.SimpleEntry<>(pass, message);
}
 

private void testAuthorityKeyIdentifier() throws IOException {
    System.out.println("X.509 Certificate Match on authorityKeyIdentifier");
    // bad match
    X509CertSelector selector = new X509CertSelector();
    byte[] b = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 };
    AuthorityKeyIdentifierExtension a = new AuthorityKeyIdentifierExtension(new KeyIdentifier(b), null, null);
    selector.setAuthorityKeyIdentifier(a.getExtensionValue());
    checkMatch(selector, cert, false);

    // good match
    DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.35"));
    byte[] encoded = in.getOctetString();
    selector.setAuthorityKeyIdentifier(encoded);
    checkMatch(selector, cert, true);
}
 

/**
 * Constructs a {@code ResponderId} object using a {@code PublicKey}.
 * When encoded in DER this object will use the byKey option, a
 * SHA-1 hash of the responder's public key.
 *
 * @param pubKey the the OCSP responder's public key
 *
 * @throws IOException if the internal DER-encoding of the
 *      {@code KeyIdentifier} fails.
 */
public ResponderId(PublicKey pubKey) throws IOException {
    responderKeyId = new KeyIdentifier(pubKey);
    responderName = null;
    encodedRid = keyIdToBytes();
    type = Type.BY_KEY;
}
 

/**
 * Constructs a {@code ResponderId} object using a {@code PublicKey}.
 * When encoded in DER this object will use the byKey option, a
 * SHA-1 hash of the responder's public key.
 *
 * @param pubKey the the OCSP responder's public key
 *
 * @throws IOException if the internal DER-encoding of the
 *      {@code KeyIdentifier} fails.
 */
public ResponderId(PublicKey pubKey) throws IOException {
    responderKeyId = new KeyIdentifier(pubKey);
    responderName = null;
    encodedRid = keyIdToBytes();
    type = Type.BY_KEY;
}
 

/**
 * Constructs a {@code ResponderId} object using a {@code PublicKey}.
 * When encoded in DER this object will use the byKey option, a
 * SHA-1 hash of the responder's public key.
 *
 * @param pubKey the the OCSP responder's public key
 *
 * @throws IOException if the internal DER-encoding of the
 *      {@code KeyIdentifier} fails.
 */
public ResponderId(PublicKey pubKey) throws IOException {
    responderKeyId = new KeyIdentifier(pubKey);
    responderName = null;
    encodedRid = keyIdToBytes();
    type = Type.BY_KEY;
}
 

/**
 * Constructs a {@code ResponderId} object using a {@code PublicKey}.
 * When encoded in DER this object will use the byKey option, a
 * SHA-1 hash of the responder's public key.
 *
 * @param pubKey the the OCSP responder's public key
 *
 * @throws IOException if the internal DER-encoding of the
 *      {@code KeyIdentifier} fails.
 */
public ResponderId(PublicKey pubKey) throws IOException {
    responderKeyId = new KeyIdentifier(pubKey);
    responderName = null;
    encodedRid = keyIdToBytes();
    type = Type.BY_KEY;
}
 

/**
 * Constructs a {@code ResponderId} object using a {@code PublicKey}.
 * When encoded in DER this object will use the byKey option, a
 * SHA-1 hash of the responder's public key.
 *
 * @param pubKey the the OCSP responder's public key
 *
 * @throws IOException if the internal DER-encoding of the
 *      {@code KeyIdentifier} fails.
 */
public ResponderId(PublicKey pubKey) throws IOException {
    responderKeyId = new KeyIdentifier(pubKey);
    responderName = null;
    encodedRid = keyIdToBytes();
    type = Type.BY_KEY;
}
 

/**
 * Constructs a {@code ResponderId} object using a {@code PublicKey}.
 * When encoded in DER this object will use the byKey option, a
 * SHA-1 hash of the responder's public key.
 *
 * @param pubKey the OCSP responder's public key
 *
 * @throws IOException if the internal DER-encoding of the
 *      {@code KeyIdentifier} fails.
 */
public ResponderId(PublicKey pubKey) throws IOException {
    responderKeyId = new KeyIdentifier(pubKey);
    responderName = null;
    encodedRid = keyIdToBytes();
    type = Type.BY_KEY;
}
 

/**
 * Constructs a {@code ResponderId} object using a {@code PublicKey}.
 * When encoded in DER this object will use the byKey option, a
 * SHA-1 hash of the responder's public key.
 *
 * @param pubKey the the OCSP responder's public key
 *
 * @throws IOException if the internal DER-encoding of the
 *      {@code KeyIdentifier} fails.
 */
public ResponderId(PublicKey pubKey) throws IOException {
    responderKeyId = new KeyIdentifier(pubKey);
    responderName = null;
    encodedRid = keyIdToBytes();
    type = Type.BY_KEY;
}
 

/**
 * Add the Authority Key Identifier extension.
 *
 * @param authorityKey The public key of the issuing authority.
 *
 * @throws IOException if an encoding error occurs.
 */
public void addAuthorityKeyIdExt(PublicKey authorityKey) throws IOException {
    KeyIdentifier kid = new KeyIdentifier(authorityKey);
    addExtension(new AuthorityKeyIdentifierExtension(kid, null, null));
}
 

/**
 * Add the Subject Key Identifier extension.
 *
 * @param subjectKey The public key to be used in the resulting certificate
 *
 * @throws IOException if an encoding error occurs.
 */
public void addSubjectKeyIdExt(PublicKey subjectKey) throws IOException {
    byte[] keyIdBytes = new KeyIdentifier(subjectKey).getIdentifier();
    addExtension(new SubjectKeyIdentifierExtension(keyIdBytes));
}