All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.apache.harmony.security.x509.TBSCertList Maven / Gradle / Ivy

/*
 *  Licensed to the Apache Software Foundation (ASF) under one or more
 *  contributor license agreements.  See the NOTICE file distributed with
 *  this work for additional information regarding copyright ownership.
 *  The ASF licenses this file to You under the Apache License, Version 2.0
 *  (the "License"); you may not use this file except in compliance with
 *  the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 */

/**
* @author Alexander Y. Kleymenov
* @version $Revision$
*/

package org.apache.harmony.security.x509;

import java.io.IOException;
import java.math.BigInteger;
import java.util.Arrays;
import java.util.Date;
import java.util.List;
import javax.security.auth.x500.X500Principal;
import org.apache.harmony.security.asn1.ASN1Explicit;
import org.apache.harmony.security.asn1.ASN1Integer;
import org.apache.harmony.security.asn1.ASN1Sequence;
import org.apache.harmony.security.asn1.ASN1SequenceOf;
import org.apache.harmony.security.asn1.ASN1Type;
import org.apache.harmony.security.asn1.BerInputStream;
import org.apache.harmony.security.x501.Name;


/**
 * The class encapsulates the ASN.1 DER encoding/decoding work
 * with TBSCertList structure which is the part of X.509 CRL
 * (as specified in RFC 3280 -
 *  Internet X.509 Public Key Infrastructure.
 *  Certificate and Certificate Revocation List (CRL) Profile.
 *  http://www.ietf.org/rfc/rfc3280.txt):
 *
 * 
 *   TBSCertList  ::=  SEQUENCE  {
 *        version                 Version OPTIONAL,
 *                                     -- if present, MUST be v2
 *        signature               AlgorithmIdentifier,
 *        issuer                  Name,
 *        thisUpdate              Time,
 *        nextUpdate              Time OPTIONAL,
 *        revokedCertificates     SEQUENCE OF SEQUENCE  {
 *             userCertificate         CertificateSerialNumber,
 *             revocationDate          Time,
 *             crlEntryExtensions      Extensions OPTIONAL
 *                                           -- if present, MUST be v2
 *                                  }  OPTIONAL,
 *        crlExtensions           [0]  EXPLICIT Extensions OPTIONAL
 *                                           -- if present, MUST be v2
 *   }
 * 
*/ public final class TBSCertList { /** the value of version field of the structure */ private final int version; /** the value of signature field of the structure */ private final AlgorithmIdentifier signature; /** the value of issuer field of the structure */ private final Name issuer; /** the value of thisUpdate of the structure */ private final Date thisUpdate; /** the value of nextUpdate of the structure */ private final Date nextUpdate; /** the value of revokedCertificates of the structure */ private final List revokedCertificates; /** the value of crlExtensions field of the structure */ private final Extensions crlExtensions; /** the ASN.1 encoded form of TBSCertList */ private byte[] encoding; public static class RevokedCertificate { private final BigInteger userCertificate; private final Date revocationDate; private final Extensions crlEntryExtensions; private boolean issuerRetrieved; private X500Principal issuer; private byte[] encoding; public RevokedCertificate(BigInteger userCertificate, Date revocationDate, Extensions crlEntryExtensions) { this.userCertificate = userCertificate; this.revocationDate = revocationDate; this.crlEntryExtensions = crlEntryExtensions; } public Extensions getCrlEntryExtensions() { return crlEntryExtensions; } public BigInteger getUserCertificate() { return userCertificate; } public Date getRevocationDate() { return revocationDate; } /** * Returns the value of Certificate Issuer Extension, if it is * presented. */ public X500Principal getIssuer() { if (crlEntryExtensions == null) { return null; } if (!issuerRetrieved) { try { issuer = crlEntryExtensions.valueOfCertificateIssuerExtension(); } catch (IOException e) { e.printStackTrace(); } issuerRetrieved = true; } return issuer; } public byte[] getEncoded() { if (encoding == null) { encoding = ASN1.encode(this); } return encoding; } public boolean equals(Object rc) { if (!(rc instanceof RevokedCertificate)) { return false; } RevokedCertificate rcert = (RevokedCertificate) rc; return userCertificate.equals(rcert.userCertificate) && ((revocationDate.getTime() / 1000) == (rcert.revocationDate.getTime() / 1000)) && ((crlEntryExtensions == null) ? rcert.crlEntryExtensions == null : crlEntryExtensions.equals(rcert.crlEntryExtensions)); } public int hashCode() { return userCertificate.hashCode() * 37 + (int)revocationDate.getTime() / 1000 + (crlEntryExtensions == null ? 0 : crlEntryExtensions.hashCode()); } public void dumpValue(StringBuilder sb, String prefix) { sb.append(prefix).append("Certificate Serial Number: ").append(userCertificate).append('\n'); sb.append(prefix).append("Revocation Date: ").append(revocationDate); if (crlEntryExtensions != null) { sb.append('\n').append(prefix).append("CRL Entry Extensions: ["); crlEntryExtensions.dumpValue(sb, prefix + " "); sb.append(prefix).append(']'); } } public static final ASN1Sequence ASN1 = new ASN1Sequence( new ASN1Type[] {ASN1Integer.getInstance(), Time.ASN1, Extensions.ASN1}) { { setOptional(2); } @Override protected Object getDecodedObject(BerInputStream in) { Object[] values = (Object[]) in.content; return new RevokedCertificate( new BigInteger((byte[]) values[0]), (Date) values[1], (Extensions) values[2] ); } @Override protected void getValues(Object object, Object[] values) { RevokedCertificate rcert = (RevokedCertificate) object; values[0] = rcert.userCertificate.toByteArray(); values[1] = rcert.revocationDate; values[2] = rcert.crlEntryExtensions; } }; } /** Constructs the object with associated ASN.1 encoding */ private TBSCertList(int version, AlgorithmIdentifier signature, Name issuer, Date thisUpdate, Date nextUpdate, List revokedCertificates, Extensions crlExtensions, byte[] encoding) { this.version = version; this.signature = signature; this.issuer = issuer; this.thisUpdate = thisUpdate; this.nextUpdate = nextUpdate; this.revokedCertificates = revokedCertificates; this.crlExtensions = crlExtensions; this.encoding = encoding; } /** * Returns the value of version field of the structure. */ public int getVersion() { return version; } /** * Returns the value of signature field of the structure. */ public AlgorithmIdentifier getSignature() { return signature; } /** * Returns the value of issuer field of the structure. */ public Name getIssuer() { return issuer; } /** * Returns the value of thisUpdate field of the structure. */ public Date getThisUpdate() { return thisUpdate; } /** * Returns the value of nextUpdate field of the structure. */ public Date getNextUpdate() { return nextUpdate; } /** * Returns the value of revokedCertificates field of the structure. */ public List getRevokedCertificates() { return revokedCertificates; } /** * Returns the value of crlExtensions field of the structure. */ public Extensions getCrlExtensions() { return crlExtensions; } /** * Returns ASN.1 encoded form of this X.509 TBSCertList value. */ public byte[] getEncoded() { if (encoding == null) { encoding = ASN1.encode(this); } return encoding; } @Override public boolean equals(Object other) { if (!(other instanceof TBSCertList)) { return false; } TBSCertList that = (TBSCertList) other; return version == that.version && signature.equals(that.signature) && Arrays.equals(issuer.getEncoded(), that.issuer.getEncoded()) && thisUpdate.getTime() / 1000 == that.thisUpdate.getTime() / 1000 && (nextUpdate == null ? that.nextUpdate == null : nextUpdate.getTime() / 1000 == that.nextUpdate.getTime() / 1000) && ((revokedCertificates == null || that.revokedCertificates == null) && revokedCertificates == that.revokedCertificates || revokedCertificates.equals(that.revokedCertificates)) && (crlExtensions == null ? that.crlExtensions == null : crlExtensions.equals(that.crlExtensions)); } @Override public int hashCode() { return ((version * 37 + signature.hashCode()) * 37 + Arrays.hashCode(issuer.getEncoded())) * 37 + (int)thisUpdate.getTime() / 1000; } public void dumpValue(StringBuilder sb) { sb.append("X.509 CRL v").append(version); sb.append("\nSignature Algorithm: ["); signature.dumpValue(sb); sb.append(']'); sb.append("\nIssuer: ").append(issuer.getName(X500Principal.RFC2253)); sb.append("\n\nThis Update: ").append(thisUpdate); sb.append("\nNext Update: ").append(nextUpdate).append('\n'); if (revokedCertificates != null) { sb.append("\nRevoked Certificates: ").append(revokedCertificates.size()).append(" ["); int number = 1; for (RevokedCertificate revokedCertificate : revokedCertificates) { sb.append("\n [").append(number++).append(']'); revokedCertificate.dumpValue(sb, " "); sb.append('\n'); } sb.append("]\n"); } if (crlExtensions != null) { sb.append("\nCRL Extensions: ").append(crlExtensions.size()).append(" ["); crlExtensions.dumpValue(sb, " "); sb.append("]\n"); } } /** * X.509 TBSCertList encoder/decoder. */ public static final ASN1Sequence ASN1 = new ASN1Sequence(new ASN1Type[] { ASN1Integer.getInstance(), // version AlgorithmIdentifier.ASN1, // signature Name.ASN1, // issuer Time.ASN1, // thisUpdate Time.ASN1, // nextUpdate new ASN1SequenceOf(RevokedCertificate.ASN1), // revokedCertificates new ASN1Explicit(0, Extensions.ASN1) // crlExtensions }) { { setOptional(0); setOptional(4); setOptional(5); setOptional(6); } @Override protected Object getDecodedObject(BerInputStream in) throws IOException { Object[] values = (Object[]) in.content; return new TBSCertList( (values[0] == null) ? 1 : ASN1Integer.toIntValue(values[0])+1, (AlgorithmIdentifier) values[1], (Name) values[2], (Date) values[3], (Date) values[4], (List) values[5], (Extensions) values[6], in.getEncoded() ); } @Override protected void getValues(Object object, Object[] values) { TBSCertList tbs = (TBSCertList) object; values[0] = (tbs.version > 1) ? ASN1Integer.fromIntValue(tbs.version - 1) : null; values[1] = tbs.signature; values[2] = tbs.issuer; values[3] = tbs.thisUpdate; values[4] = tbs.nextUpdate; values[5] = tbs.revokedCertificates; values[6] = tbs.crlExtensions; } }; }




© 2015 - 2025 Weber Informatics LLC | Privacy Policy