132850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root/*
232850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root * Copyright (C) 2013 The Android Open Source Project
332850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root *
432850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root * Licensed under the Apache License, Version 2.0 (the "License");
532850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root * you may not use this file except in compliance with the License.
632850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root * You may obtain a copy of the License at
732850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root *
832850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root *      http://www.apache.org/licenses/LICENSE-2.0
932850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root *
1032850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root * Unless required by applicable law or agreed to in writing, software
1132850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root * distributed under the License is distributed on an "AS IS" BASIS,
1232850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1332850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root * See the License for the specific language governing permissions and
1432850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root * limitations under the License.
1532850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root */
1632850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root
17860d2707ce126ef8f66e3eac7ceeab6d24218cd8Kenny Rootpackage org.conscrypt;
1832850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root
1932850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Rootimport java.io.ByteArrayOutputStream;
2032850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Rootimport java.math.BigInteger;
2132850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Rootimport java.security.cert.CRLException;
2232850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Rootimport java.security.cert.X509CRLEntry;
2332850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Rootimport java.util.Arrays;
2432850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Rootimport java.util.Calendar;
2532850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Rootimport java.util.Date;
2632850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Rootimport java.util.HashSet;
2732850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Rootimport java.util.Set;
2832850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Rootimport java.util.TimeZone;
2932850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root
3032850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Rootpublic class OpenSSLX509CRLEntry extends X509CRLEntry {
3132850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root    private final long mContext;
3232850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root
3332850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root    OpenSSLX509CRLEntry(long ctx) {
3432850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root        mContext = ctx;
3532850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root    }
3632850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root
3732850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root    @Override
3832850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root    public Set<String> getCriticalExtensionOIDs() {
3932850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root        String[] critOids =
4032850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root                NativeCrypto.get_X509_REVOKED_ext_oids(mContext,
4132850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root                        NativeCrypto.EXTENSION_TYPE_CRITICAL);
4232850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root
4332850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root        /*
4432850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root         * This API has a special case that if there are no extensions, we
4532850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root         * should return null. So if we have no critical extensions, we'll check
4632850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root         * non-critical extensions.
4732850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root         */
4832850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root        if ((critOids.length == 0)
4932850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root                && (NativeCrypto.get_X509_REVOKED_ext_oids(mContext,
5032850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root                        NativeCrypto.EXTENSION_TYPE_NON_CRITICAL).length == 0)) {
5132850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root            return null;
5232850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root        }
5332850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root
5432850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root        return new HashSet<String>(Arrays.asList(critOids));
5532850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root    }
5632850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root
5732850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root    @Override
5832850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root    public byte[] getExtensionValue(String oid) {
5932850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root        return NativeCrypto.X509_REVOKED_get_ext_oid(mContext, oid);
6032850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root    }
6132850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root
6232850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root    @Override
6332850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root    public Set<String> getNonCriticalExtensionOIDs() {
6432850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root        String[] critOids =
6532850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root                NativeCrypto.get_X509_REVOKED_ext_oids(mContext,
6632850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root                        NativeCrypto.EXTENSION_TYPE_NON_CRITICAL);
6732850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root
6832850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root        /*
6932850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root         * This API has a special case that if there are no extensions, we
7032850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root         * should return null. So if we have no non-critical extensions, we'll
7132850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root         * check critical extensions.
7232850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root         */
7332850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root        if ((critOids.length == 0)
7432850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root                && (NativeCrypto.get_X509_REVOKED_ext_oids(mContext,
7532850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root                        NativeCrypto.EXTENSION_TYPE_CRITICAL).length == 0)) {
7632850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root            return null;
7732850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root        }
7832850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root
7932850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root        return new HashSet<String>(Arrays.asList(critOids));
8032850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root    }
8132850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root
8232850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root    @Override
8332850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root    public boolean hasUnsupportedCriticalExtension() {
8432850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root        final String[] criticalOids =
8532850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root                NativeCrypto.get_X509_REVOKED_ext_oids(mContext,
8632850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root                        NativeCrypto.EXTENSION_TYPE_CRITICAL);
8732850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root        for (String oid : criticalOids) {
8832850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root            final long extensionRef = NativeCrypto.X509_REVOKED_get_ext(mContext, oid);
8932850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root            if (NativeCrypto.X509_supported_extension(extensionRef) != 1) {
9032850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root                return true;
9132850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root            }
9232850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root        }
9332850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root
9432850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root        return false;
9532850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root    }
9632850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root
9732850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root    @Override
9832850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root    public byte[] getEncoded() throws CRLException {
9932850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root        return NativeCrypto.i2d_X509_REVOKED(mContext);
10032850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root    }
10132850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root
10232850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root    @Override
10332850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root    public BigInteger getSerialNumber() {
10432850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root        return new BigInteger(NativeCrypto.X509_REVOKED_get_serialNumber(mContext));
10532850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root    }
10632850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root
10732850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root    @Override
10832850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root    public Date getRevocationDate() {
1094c87dc62be38bf5b5378c494a225316cb3101f2cKenny Root        Calendar calendar = Calendar.getInstance(TimeZone.getTimeZone("UTC"));
1104c87dc62be38bf5b5378c494a225316cb3101f2cKenny Root        calendar.set(Calendar.MILLISECOND, 0);
11132850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root        NativeCrypto.ASN1_TIME_to_Calendar(NativeCrypto.get_X509_REVOKED_revocationDate(mContext),
11232850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root                calendar);
11332850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root        return calendar.getTime();
11432850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root    }
11532850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root
11632850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root    @Override
11732850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root    public boolean hasExtensions() {
11832850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root        return (NativeCrypto.get_X509_REVOKED_ext_oids(mContext,
11932850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root                NativeCrypto.EXTENSION_TYPE_NON_CRITICAL).length != 0)
12032850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root                || (NativeCrypto.get_X509_REVOKED_ext_oids(mContext,
12132850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root                        NativeCrypto.EXTENSION_TYPE_CRITICAL).length != 0);
12232850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root    }
12332850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root
12432850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root    @Override
12532850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root    public String toString() {
12632850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root        ByteArrayOutputStream os = new ByteArrayOutputStream();
12732850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root        long bioCtx = NativeCrypto.create_BIO_OutputStream(os);
12832850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root        try {
12932850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root            NativeCrypto.X509_REVOKED_print(bioCtx, mContext);
13032850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root            return os.toString();
13132850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root        } finally {
13219fdf1af6bada9ebf4820839780d8713ac3824faKenny Root            NativeCrypto.BIO_free_all(bioCtx);
13332850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root        }
13432850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root    }
13532850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root}
136