That is not really a full answer but using Guava you can make your life easier by using a Hasher
instead of MessageDigest
.
Why? Because Hasher
extends PrimitiveSink
, which means you can create a Funnel
for Certificate
; you'll only have to change the Funnel
to get that part right!
Illustration:
public enum CertificateFunnel
implements Funnel<Certificate>
{
INSTANCE
{
@Override
public void funnel(final Certificate from, final PrimitiveSink into)
{
into.putBytes(from.getEncoded());
}
}
}
You would then have a private static final HashFunction SHA256
:
private static final HashFunction SHA256 = Hashing.sha256();
And also a private static final BaseEncoding BASE32_NOPAD
since instances of BaseEncoding
are thread safe and immutable:
private static final BaseEncoding BASE32_NOPAD
= BaseEncoding.base32().omitPadding(); // No need to strip `=`!
You would then feed the certificate with:
final Hasher hasher = SHA256.newHasher();
// Funnel the certificate...
hasher.putObject(certificate, CertificateFunnel.INSTANCE);
// Then encode
return BASE32_NOPAD.encode(hasher.hashCode().asBytes());
Just my .02 bitcoins.