OpenSSLX509CRLEntry.java revision 19fdf1af6bada9ebf4820839780d8713ac3824fa
132850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root/* 232850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root * Copyright (C) 2013 The Android Open Source Project 332850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root * 432850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root * Licensed under the Apache License, Version 2.0 (the "License"); 532850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root * you may not use this file except in compliance with the License. 632850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root * You may obtain a copy of the License at 732850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root * 832850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root * http://www.apache.org/licenses/LICENSE-2.0 932850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root * 1032850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root * Unless required by applicable law or agreed to in writing, software 1132850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root * distributed under the License is distributed on an "AS IS" BASIS, 1232850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 1332850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root * See the License for the specific language governing permissions and 1432850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root * limitations under the License. 1532850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root */ 1632850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root 17860d2707ce126ef8f66e3eac7ceeab6d24218cd8Kenny Rootpackage org.conscrypt; 1832850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root 1932850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Rootimport java.io.ByteArrayOutputStream; 2032850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Rootimport java.math.BigInteger; 2132850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Rootimport java.security.cert.CRLException; 2232850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Rootimport java.security.cert.X509CRLEntry; 2332850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Rootimport java.util.Arrays; 2432850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Rootimport java.util.Calendar; 2532850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Rootimport java.util.Date; 2632850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Rootimport java.util.HashSet; 2732850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Rootimport java.util.Set; 2832850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Rootimport java.util.TimeZone; 2932850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root 3032850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Rootpublic class OpenSSLX509CRLEntry extends X509CRLEntry { 3132850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root private final long mContext; 3232850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root 3332850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root OpenSSLX509CRLEntry(long ctx) { 3432850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root mContext = ctx; 3532850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root } 3632850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root 3732850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root @Override 3832850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root public Set<String> getCriticalExtensionOIDs() { 3932850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root String[] critOids = 4032850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root NativeCrypto.get_X509_REVOKED_ext_oids(mContext, 4132850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root NativeCrypto.EXTENSION_TYPE_CRITICAL); 4232850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root 4332850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root /* 4432850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root * This API has a special case that if there are no extensions, we 4532850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root * should return null. So if we have no critical extensions, we'll check 4632850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root * non-critical extensions. 4732850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root */ 4832850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root if ((critOids.length == 0) 4932850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root && (NativeCrypto.get_X509_REVOKED_ext_oids(mContext, 5032850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root NativeCrypto.EXTENSION_TYPE_NON_CRITICAL).length == 0)) { 5132850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root return null; 5232850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root } 5332850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root 5432850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root return new HashSet<String>(Arrays.asList(critOids)); 5532850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root } 5632850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root 5732850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root @Override 5832850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root public byte[] getExtensionValue(String oid) { 5932850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root return NativeCrypto.X509_REVOKED_get_ext_oid(mContext, oid); 6032850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root } 6132850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root 6232850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root @Override 6332850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root public Set<String> getNonCriticalExtensionOIDs() { 6432850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root String[] critOids = 6532850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root NativeCrypto.get_X509_REVOKED_ext_oids(mContext, 6632850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root NativeCrypto.EXTENSION_TYPE_NON_CRITICAL); 6732850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root 6832850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root /* 6932850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root * This API has a special case that if there are no extensions, we 7032850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root * should return null. So if we have no non-critical extensions, we'll 7132850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root * check critical extensions. 7232850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root */ 7332850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root if ((critOids.length == 0) 7432850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root && (NativeCrypto.get_X509_REVOKED_ext_oids(mContext, 7532850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root NativeCrypto.EXTENSION_TYPE_CRITICAL).length == 0)) { 7632850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root return null; 7732850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root } 7832850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root 7932850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root return new HashSet<String>(Arrays.asList(critOids)); 8032850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root } 8132850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root 8232850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root @Override 8332850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root public boolean hasUnsupportedCriticalExtension() { 8432850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root final String[] criticalOids = 8532850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root NativeCrypto.get_X509_REVOKED_ext_oids(mContext, 8632850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root NativeCrypto.EXTENSION_TYPE_CRITICAL); 8732850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root for (String oid : criticalOids) { 8832850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root final long extensionRef = NativeCrypto.X509_REVOKED_get_ext(mContext, oid); 8932850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root if (NativeCrypto.X509_supported_extension(extensionRef) != 1) { 9032850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root return true; 9132850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root } 9232850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root } 9332850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root 9432850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root return false; 9532850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root } 9632850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root 9732850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root @Override 9832850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root public byte[] getEncoded() throws CRLException { 9932850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root return NativeCrypto.i2d_X509_REVOKED(mContext); 10032850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root } 10132850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root 10232850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root @Override 10332850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root public BigInteger getSerialNumber() { 10432850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root return new BigInteger(NativeCrypto.X509_REVOKED_get_serialNumber(mContext)); 10532850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root } 10632850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root 10732850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root @Override 10832850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root public Date getRevocationDate() { 1094c87dc62be38bf5b5378c494a225316cb3101f2cKenny Root Calendar calendar = Calendar.getInstance(TimeZone.getTimeZone("UTC")); 1104c87dc62be38bf5b5378c494a225316cb3101f2cKenny Root calendar.set(Calendar.MILLISECOND, 0); 11132850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root NativeCrypto.ASN1_TIME_to_Calendar(NativeCrypto.get_X509_REVOKED_revocationDate(mContext), 11232850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root calendar); 11332850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root return calendar.getTime(); 11432850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root } 11532850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root 11632850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root @Override 11732850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root public boolean hasExtensions() { 11832850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root return (NativeCrypto.get_X509_REVOKED_ext_oids(mContext, 11932850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root NativeCrypto.EXTENSION_TYPE_NON_CRITICAL).length != 0) 12032850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root || (NativeCrypto.get_X509_REVOKED_ext_oids(mContext, 12132850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root NativeCrypto.EXTENSION_TYPE_CRITICAL).length != 0); 12232850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root } 12332850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root 12432850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root @Override 12532850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root public String toString() { 12632850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root ByteArrayOutputStream os = new ByteArrayOutputStream(); 12732850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root long bioCtx = NativeCrypto.create_BIO_OutputStream(os); 12832850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root try { 12932850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root NativeCrypto.X509_REVOKED_print(bioCtx, mContext); 13032850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root return os.toString(); 13132850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root } finally { 13219fdf1af6bada9ebf4820839780d8713ac3824faKenny Root NativeCrypto.BIO_free_all(bioCtx); 13332850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root } 13432850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root } 13532850b6ce29c70150cfe01c4ce2a1b353d92e6feKenny Root} 136