V3TBSCertificateGenerator.java revision c37f4a04ef89e73a39a59f3c5a179af8c8ab5974
13ef787dbeca8a5fb1086949cda830dccee07bfbdBen Murdochpackage org.bouncycastle.asn1.x509; 2a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block 3a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Blockimport org.bouncycastle.asn1.ASN1EncodableVector; 4a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Blockimport org.bouncycastle.asn1.DERBitString; 5a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Blockimport org.bouncycastle.asn1.DERInteger; 6a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Blockimport org.bouncycastle.asn1.DERSequence; 7a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Blockimport org.bouncycastle.asn1.DERTaggedObject; 8a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Blockimport org.bouncycastle.asn1.DERUTCTime; 9a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block 10a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block/** 11a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block * Generator for Version 3 TBSCertificateStructures. 12a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block * <pre> 13a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block * TBSCertificate ::= SEQUENCE { 14a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block * version [ 0 ] Version DEFAULT v1(0), 15a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block * serialNumber CertificateSerialNumber, 16a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block * signature AlgorithmIdentifier, 17a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block * issuer Name, 18a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block * validity Validity, 19a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block * subject Name, 20a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block * subjectPublicKeyInfo SubjectPublicKeyInfo, 21a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block * issuerUniqueID [ 1 ] IMPLICIT UniqueIdentifier OPTIONAL, 22a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block * subjectUniqueID [ 2 ] IMPLICIT UniqueIdentifier OPTIONAL, 23a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block * extensions [ 3 ] Extensions OPTIONAL 24a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block * } 25a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block * </pre> 26a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block * 27a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block */ 28a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Blockpublic class V3TBSCertificateGenerator 29a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block{ 30a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block DERTaggedObject version = new DERTaggedObject(0, new DERInteger(2)); 31a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block 32257744e915dfc84d6d07a6b2accf8402d9ffc708Ben Murdoch DERInteger serialNumber; 33a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block AlgorithmIdentifier signature; 34a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block X509Name issuer; 35a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block Time startDate, endDate; 36a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block X509Name subject; 37a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block SubjectPublicKeyInfo subjectPublicKeyInfo; 38a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block X509Extensions extensions; 39a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block 40a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block private boolean altNamePresentAndCritical; 41a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block private DERBitString issuerUniqueID; 42a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block private DERBitString subjectUniqueID; 43a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block 44a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block public V3TBSCertificateGenerator() 45a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block { 46a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block } 47a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block 48a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block public void setSerialNumber( 49a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block DERInteger serialNumber) 50a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block { 51a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block this.serialNumber = serialNumber; 52a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block } 53a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block 54a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block public void setSignature( 55a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block AlgorithmIdentifier signature) 56a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block { 57a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block this.signature = signature; 58a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block } 59a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block 60a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block public void setIssuer( 61a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block X509Name issuer) 62a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block { 63a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block this.issuer = issuer; 64a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block } 6569a99ed0b2b2ef69d393c371b03db3a98aaf880eBen Murdoch 6669a99ed0b2b2ef69d393c371b03db3a98aaf880eBen Murdoch public void setStartDate( 6769a99ed0b2b2ef69d393c371b03db3a98aaf880eBen Murdoch DERUTCTime startDate) 6869a99ed0b2b2ef69d393c371b03db3a98aaf880eBen Murdoch { 6969a99ed0b2b2ef69d393c371b03db3a98aaf880eBen Murdoch this.startDate = new Time(startDate); 7069a99ed0b2b2ef69d393c371b03db3a98aaf880eBen Murdoch } 7144f0eee88ff00398ff7f715fab053374d808c90dSteve Block 7269a99ed0b2b2ef69d393c371b03db3a98aaf880eBen Murdoch public void setStartDate( 7369a99ed0b2b2ef69d393c371b03db3a98aaf880eBen Murdoch Time startDate) 74a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block { 75a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block this.startDate = startDate; 76a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block } 77a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block 7844f0eee88ff00398ff7f715fab053374d808c90dSteve Block public void setEndDate( 7944f0eee88ff00398ff7f715fab053374d808c90dSteve Block DERUTCTime endDate) 80a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block { 81a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block this.endDate = new Time(endDate); 82a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block } 8344f0eee88ff00398ff7f715fab053374d808c90dSteve Block 84a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block public void setEndDate( 85a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block Time endDate) 86a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block { 87a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block this.endDate = endDate; 8844f0eee88ff00398ff7f715fab053374d808c90dSteve Block } 89a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block 90a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block public void setSubject( 91a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block X509Name subject) 92a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block { 9344f0eee88ff00398ff7f715fab053374d808c90dSteve Block this.subject = subject; 94a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block } 95a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block 96a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block public void setIssuerUniqueID( 97a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block DERBitString uniqueID) 9844f0eee88ff00398ff7f715fab053374d808c90dSteve Block { 9944f0eee88ff00398ff7f715fab053374d808c90dSteve Block this.issuerUniqueID = uniqueID; 100a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block } 101a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block 102a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block public void setSubjectUniqueID( 103a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block DERBitString uniqueID) 104a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block { 105a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block this.subjectUniqueID = uniqueID; 106a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block } 107a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block 108a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block public void setSubjectPublicKeyInfo( 109a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block SubjectPublicKeyInfo pubKeyInfo) 110a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block { 111a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block this.subjectPublicKeyInfo = pubKeyInfo; 112a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block } 113a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block 114a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block public void setExtensions( 115d0582a6c46733687d045e4188a1bcd0123c758a1Steve Block X509Extensions extensions) 116a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block { 117a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block this.extensions = extensions; 118a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block if (extensions != null) 119a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block { 120d0582a6c46733687d045e4188a1bcd0123c758a1Steve Block X509Extension altName = extensions.getExtension(X509Extensions.SubjectAlternativeName); 121a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block 122a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block if (altName != null && altName.isCritical()) 123a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block { 124a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block altNamePresentAndCritical = true; 125a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block } 12644f0eee88ff00398ff7f715fab053374d808c90dSteve Block } 127a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block } 128a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block 129a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block public TBSCertificateStructure generateTBSCertificate() 130a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block { 131a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block if ((serialNumber == null) || (signature == null) 132a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block || (issuer == null) || (startDate == null) || (endDate == null) 133a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block || (subject == null && !altNamePresentAndCritical) || (subjectPublicKeyInfo == null)) 134a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block { 135a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block throw new IllegalStateException("not all mandatory fields set in V3 TBScertificate generator"); 136a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block } 137a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block 138a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block ASN1EncodableVector v = new ASN1EncodableVector(); 139a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block 140a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block v.add(version); 141a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block v.add(serialNumber); 142a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block v.add(signature); 143a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block v.add(issuer); 144a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block 145a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block // 146a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block // before and after dates 147e46be819fca9468a0cd4e74859ce0f778eb8ca60Leon Clarke // 148a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block ASN1EncodableVector validity = new ASN1EncodableVector(); 149a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block 150a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block validity.add(startDate); 151a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block validity.add(endDate); 152a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block 153a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block v.add(new DERSequence(validity)); 154a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block 155e46be819fca9468a0cd4e74859ce0f778eb8ca60Leon Clarke if (subject != null) 156a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block { 15744f0eee88ff00398ff7f715fab053374d808c90dSteve Block v.add(subject); 158a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block } 1591e0659c275bb392c045087af4f6b0d7565cb3d77Steve Block else 160a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block { 161a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block v.add(new DERSequence()); 162a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block } 163a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block 164a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block v.add(subjectPublicKeyInfo); 165a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block 166a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block if (issuerUniqueID != null) 167a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block { 168a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block v.add(new DERTaggedObject(false, 1, issuerUniqueID)); 169a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block } 170a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block 171a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block if (subjectUniqueID != null) 172a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block { 173a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block v.add(new DERTaggedObject(false, 2, subjectUniqueID)); 174a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block } 175a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block 176a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block if (extensions != null) 177a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block { 178a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block v.add(new DERTaggedObject(3, extensions)); 179a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block } 180a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block 181a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block return new TBSCertificateStructure(new DERSequence(v)); 182a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block } 183a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block} 184a7e24c173cf37484693b9abb38e494fa7bd7baebSteve Block