1 files changed, 19 insertions, 1 deletions

diff --git a/java/src/com/google/polo/ssl/SslUtil.java b/java/src/com/google/polo/ssl/SslUtil.java
index e575770..899c4d9 100644
--- a/java/src/com/google/polo/ssl/SslUtil.java
+++ b/java/src/com/google/polo/ssl/SslUtil.java
@@ -40,6 +40,7 @@ import java.security.GeneralSecurityException;
 import java.security.KeyPair;
 import java.security.KeyPairGenerator;
 import java.security.KeyStore;
+import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.security.PublicKey;
 import java.security.cert.Certificate;
@@ -178,7 +179,7 @@ public class SslUtil {
     certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, true,
         authIdentifier);
     certGen.addExtension(X509Extensions.SubjectKeyIdentifier, true,
-            SubjectKeyIdentifier.getInstance(pair.getPublic().getEncoded()));
+            createSubjectKeyIdentifier(pair.getPublic()));
 
     certGen.addExtension(X509Extensions.SubjectAlternativeName, false, new GeneralNames(
         new GeneralName(GeneralName.rfc822Name, "android-tv-remote-support@google.com")));
@@ -221,6 +222,23 @@ public class SslUtil {
   }
   
   /**
+   * Creates a SubjectKeyIdentifier from a public key.
+   * <p>
+   * @param publicKey  the public key
+   * @return  a new {@link SubjectKeyIdentifier}
+   */
+  static SubjectKeyIdentifier createSubjectKeyIdentifier(PublicKey publicKey) {
+    SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded());
+    MessageDigest digester;
+    try {
+      digester = MessageDigest.getInstance("SHA-1");
+    } catch (NoSuchAlgorithmException e) {
+      throw new RuntimeException("Could not get SHA-1 digest instance");
+    }
+    return new SubjectKeyIdentifier(digester.digest(info.getPublicKeyData().getBytes()));
+  }
+
+  /**
    * Wrapper for {@link SslUtil#generateX509V3Certificate(KeyPair, String, Date, Date, BigInteger)}
    * which uses a default validity period and serial number.
    * <p>