@@ -404,7 +404,7 @@ private ASN1Sequence parseAuthorityKeyIdentifier(final ThreadContext context, fi
404404
405405 for ( String value : valuex .split ("," ) ) { // e.g. "keyid:always,issuer:always"
406406 if ( value .startsWith ("keyid:" ) ) { // keyid:always
407- ASN1Encodable publicKeyIdentifier = new DEROctetString (publicKeyIdentifier (context ));
407+ ASN1Encodable publicKeyIdentifier = new DEROctetString (issuerPublicKeyIdentifier (context ));
408408 vec .add (new DERTaggedObject (false , 0 , publicKeyIdentifier ));
409409 }
410410 else if ( value .startsWith ("issuer:" ) ) { // issuer:always
@@ -421,9 +421,16 @@ else if ( value.startsWith("issuer:") ) { // issuer:always
421421 return new DERSequence (vec );
422422 }
423423
424- private byte [] publicKeyIdentifier (final ThreadContext context ) {
424+ private byte [] subjectPublicKeyIdentifier (final ThreadContext context ) {
425+ return publicKeyIdentifier (context , getSubjectPublicKey (context ));
426+ }
427+
428+ private byte [] issuerPublicKeyIdentifier (final ThreadContext context ) {
429+ return publicKeyIdentifier (context , getIssuerPublicKey (context ));
430+ }
431+
432+ private byte [] publicKeyIdentifier (final ThreadContext context , final IRubyObject pkey ) {
425433 final Ruby runtime = context .runtime ;
426- IRubyObject pkey = getPublicKey (context );
427434 IRubyObject der ;
428435 if (pkey instanceof PKeyRSA ) {
429436 der = pkey .callMethod (context , "to_der" );
@@ -434,32 +441,39 @@ private byte[] publicKeyIdentifier(final ThreadContext context) {
434441 return getSHA1Digest (runtime , der .asString ().getByteList ());
435442 }
436443
437- private IRubyObject getPublicKey (final ThreadContext context ) {
438- IRubyObject issuer_cert = getInstanceVariable ("@issuer_certificate" );
439- if ( issuer_cert instanceof X509Cert ) {
440- return ((X509Cert ) issuer_cert ).public_key (context );
444+ private IRubyObject getSubjectPublicKey (final ThreadContext context ) {
445+ return certPublicKey (context , subject_cert ());
446+ }
447+
448+ private IRubyObject getIssuerPublicKey (final ThreadContext context ) {
449+ return certPublicKey (context , issuer_cert ());
450+ }
451+
452+ private IRubyObject certPublicKey (final ThreadContext context , final IRubyObject cert ) {
453+ if ( cert instanceof X509Cert ) {
454+ return ((X509Cert ) cert ).public_key (context );
441455 }
442- return issuer_cert .callMethod (context , "public_key" );
456+ return cert .callMethod (context , "public_key" );
443457 }
444458
445459 private X500Name authorityCertIssuer (final ThreadContext context ) {
446460 IRubyObject issuer = getIssuer (context );
447461 if ( issuer instanceof X509Name ) {
448462 return ((X509Name ) issuer ).getX500Name ();
449463 }
450- throw new UnsupportedOperationException ();
464+ throw new UnsupportedOperationException ("authorityCertIssuer" );
451465 }
452466
453467 private IRubyObject getIssuer (final ThreadContext context ) {
454- IRubyObject issuer_cert = getInstanceVariable ( "@issuer_certificate" );
468+ IRubyObject issuer_cert = issuer_cert ( );
455469 if ( issuer_cert instanceof X509Cert ) {
456470 return ((X509Cert ) issuer_cert ).getIssuer ();
457471 }
458472 return issuer_cert .callMethod (context , "issuer" );
459473 }
460474
461475 private BigInteger getIssuerSerialNumber (final ThreadContext context ) {
462- IRubyObject issuer_cert = getInstanceVariable ( "@issuer_certificate" );
476+ IRubyObject issuer_cert = issuer_cert ( );
463477 if ( issuer_cert instanceof X509Cert ) {
464478 return ((X509Cert ) issuer_cert ).getSerial ();
465479 }
@@ -553,7 +567,7 @@ private static GeneralName parseGeneralName(final String valuex) throws IOExcept
553567
554568 private DEROctetString parseSubjectKeyIdentifier (final ThreadContext context , final String oid , final String valuex ) {
555569 if ( "hash" .equalsIgnoreCase (valuex ) ) {
556- return new DEROctetString (publicKeyIdentifier (context ));
570+ return new DEROctetString (subjectPublicKeyIdentifier (context ));
557571 }
558572 if ( valuex .length () == 20 || ! isHex (valuex ) ) {
559573 return new DEROctetString (ByteList .plain (valuex ));
0 commit comments