diff options
-rw-r--r-- | java/src/com/google/polo/ssl/SslUtil.java | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/java/src/com/google/polo/ssl/SslUtil.java b/java/src/com/google/polo/ssl/SslUtil.java index e575770..899c4d9 100644 --- a/java/src/com/google/polo/ssl/SslUtil.java +++ b/java/src/com/google/polo/ssl/SslUtil.java @@ -40,6 +40,7 @@ import java.security.GeneralSecurityException; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.KeyStore; +import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.PublicKey; import java.security.cert.Certificate; @@ -178,7 +179,7 @@ public class SslUtil { certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, true, authIdentifier); certGen.addExtension(X509Extensions.SubjectKeyIdentifier, true, - SubjectKeyIdentifier.getInstance(pair.getPublic().getEncoded())); + createSubjectKeyIdentifier(pair.getPublic())); certGen.addExtension(X509Extensions.SubjectAlternativeName, false, new GeneralNames( new GeneralName(GeneralName.rfc822Name, "android-tv-remote-support@google.com"))); @@ -221,6 +222,23 @@ public class SslUtil { } /** + * Creates a SubjectKeyIdentifier from a public key. + * <p> + * @param publicKey the public key + * @return a new {@link SubjectKeyIdentifier} + */ + static SubjectKeyIdentifier createSubjectKeyIdentifier(PublicKey publicKey) { + SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()); + MessageDigest digester; + try { + digester = MessageDigest.getInstance("SHA-1"); + } catch (NoSuchAlgorithmException e) { + throw new RuntimeException("Could not get SHA-1 digest instance"); + } + return new SubjectKeyIdentifier(digester.digest(info.getPublicKeyData().getBytes())); + } + + /** * Wrapper for {@link SslUtil#generateX509V3Certificate(KeyPair, String, Date, Date, BigInteger)} * which uses a default validity period and serial number. * <p> |