All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.conscrypt.ct.SignedCertificateTimestamp Maven / Gradle / Ivy

There is a newer version: 2.0.42.rc
Show newest version
/*
 * Copyright (C) 2015 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.conscrypt.ct;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.io.OutputStream;
import org.conscrypt.Internal;

/**
 * SignedCertificateTimestamp structure, as defined by RFC6962 Section 3.2.
 *
 * @hide
 */
@Internal
public class SignedCertificateTimestamp {
    public enum Version {
        V1
    };

    public enum SignatureType {
        CERTIFICATE_TIMESTAMP,
        TREE_HASH
    };

    public enum Origin {
        EMBEDDED,
        TLS_EXTENSION,
        OCSP_RESPONSE
    };

    private final Version version;
    private final byte[] logId;
    private final long timestamp;
    private final byte[] extensions;
    private final DigitallySigned signature;

    // origin is implied from the SCT's source and is not encoded in it,
    // and affects the verification process.
    private final Origin origin;

    public SignedCertificateTimestamp(Version version, byte[] logId,
                                      long timestamp, byte[] extensions,
                                      DigitallySigned signature, Origin origin) {
        this.version = version;
        this.logId = logId;
        this.timestamp = timestamp;
        this.extensions = extensions;
        this.signature = signature;
        this.origin = origin;
    }

    public Version getVersion() {
        return version;
    }
    public byte[] getLogID() {
        return logId;
    }
    public long getTimestamp() {
        return timestamp;
    }
    public byte[] getExtensions() {
        return extensions;
    }
    public DigitallySigned getSignature() {
        return signature;
    }
    public Origin getOrigin() {
        return origin;
    }

    /**
     * Decode a TLS encoded SignedCertificateTimestamp structure.
     */
    public static SignedCertificateTimestamp decode(InputStream input, Origin origin)
            throws SerializationException {
        int version = Serialization.readNumber(input, CTConstants.VERSION_LENGTH);
        if (version != Version.V1.ordinal()) {
            throw new SerializationException("Unsupported SCT version " + version);
        }

        return new SignedCertificateTimestamp(
            Version.V1,
            Serialization.readFixedBytes(input, CTConstants.LOGID_LENGTH),
            Serialization.readLong(input, CTConstants.TIMESTAMP_LENGTH),
            Serialization.readVariableBytes(input, CTConstants.EXTENSIONS_LENGTH_BYTES),
            DigitallySigned.decode(input),
            origin
        );
    }

    /**
     * Decode a TLS encoded SignedCertificateTimestamp structure.
     */
    public static SignedCertificateTimestamp decode(byte[] input, Origin origin)
            throws SerializationException {
        return decode(new ByteArrayInputStream(input), origin);
    }

    /**
     * TLS encode the signed part of the SCT, as described by RFC6962 section 3.2.
     */
    public void encodeTBS(OutputStream output, CertificateEntry certEntry)
            throws SerializationException {
        Serialization.writeNumber(output, version.ordinal(), CTConstants.VERSION_LENGTH);
        Serialization.writeNumber(output, SignatureType.CERTIFICATE_TIMESTAMP.ordinal(),
                                          CTConstants.SIGNATURE_TYPE_LENGTH);
        Serialization.writeNumber(output, timestamp, CTConstants.TIMESTAMP_LENGTH);
        certEntry.encode(output);
        Serialization.writeVariableBytes(output, extensions, CTConstants.EXTENSIONS_LENGTH_BYTES);
    }

    /**
     * TLS encode the signed part of the SCT, as described by RFC6962 section 3.2.
     */
    public byte[] encodeTBS(CertificateEntry certEntry)
            throws SerializationException {
        ByteArrayOutputStream output = new ByteArrayOutputStream();
        encodeTBS(output, certEntry);
        return output.toByteArray();
    }
}





© 2015 - 2024 Weber Informatics LLC | Privacy Policy