1e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrompackage org.bouncycastle.cert; 2e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 3e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstromimport java.io.IOException; 4e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstromimport java.io.OutputStream; 5e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstromimport java.math.BigInteger; 6e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstromimport java.util.Date; 7e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstromimport java.util.List; 8e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstromimport java.util.Set; 9e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 10e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstromimport org.bouncycastle.asn1.ASN1ObjectIdentifier; 11e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstromimport org.bouncycastle.asn1.ASN1Primitive; 12e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstromimport org.bouncycastle.asn1.DEROutputStream; 13e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstromimport org.bouncycastle.asn1.x500.X500Name; 14e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstromimport org.bouncycastle.asn1.x509.AlgorithmIdentifier; 15e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstromimport org.bouncycastle.asn1.x509.Certificate; 16e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstromimport org.bouncycastle.asn1.x509.Extension; 17e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstromimport org.bouncycastle.asn1.x509.Extensions; 18e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstromimport org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; 19e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstromimport org.bouncycastle.asn1.x509.TBSCertificate; 20e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstromimport org.bouncycastle.operator.ContentVerifier; 21e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstromimport org.bouncycastle.operator.ContentVerifierProvider; 22028ab6e01e3b911024b9b9243e9a0f4ac377c0faSergio Giroimport org.bouncycastle.util.Encodable; 23e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 24e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom/** 25e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * Holding class for an X.509 Certificate structure. 26e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom */ 27e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrompublic class X509CertificateHolder 28028ab6e01e3b911024b9b9243e9a0f4ac377c0faSergio Giro implements Encodable 29e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom{ 30e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom private Certificate x509Certificate; 31e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom private Extensions extensions; 32e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 33e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom private static Certificate parseBytes(byte[] certEncoding) 34e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom throws IOException 35e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 36e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom try 37e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 38e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom return Certificate.getInstance(ASN1Primitive.fromByteArray(certEncoding)); 39e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 40e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom catch (ClassCastException e) 41e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 42e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom throw new CertIOException("malformed data: " + e.getMessage(), e); 43e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 44e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom catch (IllegalArgumentException e) 45e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 46e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom throw new CertIOException("malformed data: " + e.getMessage(), e); 47e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 48e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 49e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 50e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom /** 51e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * Create a X509CertificateHolder from the passed in bytes. 52e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * 53e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * @param certEncoding BER/DER encoding of the certificate. 54e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * @throws IOException in the event of corrupted data, or an incorrect structure. 55e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom */ 56e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom public X509CertificateHolder(byte[] certEncoding) 57e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom throws IOException 58e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 59e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom this(parseBytes(certEncoding)); 60e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 61e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 62e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom /** 63e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * Create a X509CertificateHolder from the passed in ASN.1 structure. 64e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * 65e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * @param x509Certificate an ASN.1 Certificate structure. 66e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom */ 67e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom public X509CertificateHolder(Certificate x509Certificate) 68e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 69e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom this.x509Certificate = x509Certificate; 70e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom this.extensions = x509Certificate.getTBSCertificate().getExtensions(); 71e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 72e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 73e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom public int getVersionNumber() 74e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 75e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom return x509Certificate.getVersionNumber(); 76e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 77e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 78e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom /** 79e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * @deprecated use getVersionNumber 80e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom */ 81e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom public int getVersion() 82e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 83e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom return x509Certificate.getVersionNumber(); 84e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 85e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 86e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom /** 87e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * Return whether or not the holder's certificate contains extensions. 88e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * 89e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * @return true if extension are present, false otherwise. 90e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom */ 91e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom public boolean hasExtensions() 92e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 93e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom return extensions != null; 94e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 95e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 96e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom /** 97e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * Look up the extension associated with the passed in OID. 98e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * 99e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * @param oid the OID of the extension of interest. 100e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * 101e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * @return the extension if present, null otherwise. 102e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom */ 103e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom public Extension getExtension(ASN1ObjectIdentifier oid) 104e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 105e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom if (extensions != null) 106e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 107e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom return extensions.getExtension(oid); 108e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 109e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 110e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom return null; 111e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 112e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 113e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom /** 11470c8287138e69a98c2f950036f9f703ee37228c8Brian Carlstrom * Return the extensions block associated with this certificate if there is one. 11570c8287138e69a98c2f950036f9f703ee37228c8Brian Carlstrom * 11670c8287138e69a98c2f950036f9f703ee37228c8Brian Carlstrom * @return the extensions block, null otherwise. 11770c8287138e69a98c2f950036f9f703ee37228c8Brian Carlstrom */ 11870c8287138e69a98c2f950036f9f703ee37228c8Brian Carlstrom public Extensions getExtensions() 11970c8287138e69a98c2f950036f9f703ee37228c8Brian Carlstrom { 12070c8287138e69a98c2f950036f9f703ee37228c8Brian Carlstrom return extensions; 12170c8287138e69a98c2f950036f9f703ee37228c8Brian Carlstrom } 12270c8287138e69a98c2f950036f9f703ee37228c8Brian Carlstrom 12370c8287138e69a98c2f950036f9f703ee37228c8Brian Carlstrom /** 124e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * Returns a list of ASN1ObjectIdentifier objects representing the OIDs of the 125e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * extensions contained in this holder's certificate. 126e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * 127e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * @return a list of extension OIDs. 128e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom */ 129e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom public List getExtensionOIDs() 130e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 131e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom return CertUtils.getExtensionOIDs(extensions); 132e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 133e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 134e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom /** 135e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * Returns a set of ASN1ObjectIdentifier objects representing the OIDs of the 136e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * critical extensions contained in this holder's certificate. 137e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * 138e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * @return a set of critical extension OIDs. 139e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom */ 140e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom public Set getCriticalExtensionOIDs() 141e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 142e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom return CertUtils.getCriticalExtensionOIDs(extensions); 143e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 144e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 145e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom /** 146e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * Returns a set of ASN1ObjectIdentifier objects representing the OIDs of the 147e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * non-critical extensions contained in this holder's certificate. 148e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * 149e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * @return a set of non-critical extension OIDs. 150e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom */ 151e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom public Set getNonCriticalExtensionOIDs() 152e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 153e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom return CertUtils.getNonCriticalExtensionOIDs(extensions); 154e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 155e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 156e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom /** 157e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * Return the serial number of this attribute certificate. 158e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * 159e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * @return the serial number. 160e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom */ 161e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom public BigInteger getSerialNumber() 162e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 163e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom return x509Certificate.getSerialNumber().getValue(); 164e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 165e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 166e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom /** 167e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * Return the issuer of this certificate. 168e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * 169e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * @return the certificate issuer. 170e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom */ 171e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom public X500Name getIssuer() 172e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 173e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom return X500Name.getInstance(x509Certificate.getIssuer()); 174e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 175e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 176e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom /** 177e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * Return the subject this certificate is for. 178e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * 179e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * @return the subject for the certificate. 180e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom */ 181e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom public X500Name getSubject() 182e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 183e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom return X500Name.getInstance(x509Certificate.getSubject()); 184e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 185e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 186e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom /** 187e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * Return the date before which this certificate is not valid. 188e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * 189e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * @return the start time for the certificate's validity period. 190e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom */ 191e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom public Date getNotBefore() 192e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 193e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom return x509Certificate.getStartDate().getDate(); 194e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 195e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 196e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom /** 197e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * Return the date after which this certificate is not valid. 198e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * 199e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * @return the final time for the certificate's validity period. 200e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom */ 201e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom public Date getNotAfter() 202e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 203e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom return x509Certificate.getEndDate().getDate(); 204e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 205e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 206e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom /** 207e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * Return the SubjectPublicKeyInfo describing the public key this certificate is carrying. 208e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * 209e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * @return the public key ASN.1 structure contained in the certificate. 210e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom */ 211e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom public SubjectPublicKeyInfo getSubjectPublicKeyInfo() 212e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 213e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom return x509Certificate.getSubjectPublicKeyInfo(); 214e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 215e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 216e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom /** 217e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * Return the underlying ASN.1 structure for the certificate in this holder. 218e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * 219028ab6e01e3b911024b9b9243e9a0f4ac377c0faSergio Giro * @return a Certificate object. 220e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom */ 221e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom public Certificate toASN1Structure() 222e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 223e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom return x509Certificate; 224e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 225e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 226e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom /** 227e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * Return the details of the signature algorithm used to create this attribute certificate. 228e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * 229e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * @return the AlgorithmIdentifier describing the signature algorithm used to create this attribute certificate. 230e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom */ 231e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom public AlgorithmIdentifier getSignatureAlgorithm() 232e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 233e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom return x509Certificate.getSignatureAlgorithm(); 234e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 235e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 236e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom /** 237e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * Return the bytes making up the signature associated with this attribute certificate. 238e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * 239e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * @return the attribute certificate signature bytes. 240e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom */ 241e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom public byte[] getSignature() 242e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 243e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom return x509Certificate.getSignature().getBytes(); 244e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 245e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 246e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom /** 247e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * Return whether or not this certificate is valid on a particular date. 248e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * 249e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * @param date the date of interest. 250e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * @return true if the certificate is valid, false otherwise. 251e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom */ 252e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom public boolean isValidOn(Date date) 253e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 254e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom return !date.before(x509Certificate.getStartDate().getDate()) && !date.after(x509Certificate.getEndDate().getDate()); 255e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 256e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 257e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom /** 258e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * Validate the signature on the certificate in this holder. 259e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * 260e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * @param verifierProvider a ContentVerifierProvider that can generate a verifier for the signature. 261e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * @return true if the signature is valid, false otherwise. 262e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * @throws CertException if the signature cannot be processed or is inappropriate. 263e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom */ 264e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom public boolean isSignatureValid(ContentVerifierProvider verifierProvider) 265e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom throws CertException 266e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 267e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom TBSCertificate tbsCert = x509Certificate.getTBSCertificate(); 268e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 26970c8287138e69a98c2f950036f9f703ee37228c8Brian Carlstrom if (!CertUtils.isAlgIdEqual(tbsCert.getSignature(), x509Certificate.getSignatureAlgorithm())) 270e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 271e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom throw new CertException("signature invalid - algorithm identifier mismatch"); 272e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 273e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 274e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom ContentVerifier verifier; 275e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 276e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom try 277e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 278e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom verifier = verifierProvider.get((tbsCert.getSignature())); 279e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 280e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom OutputStream sOut = verifier.getOutputStream(); 281e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom DEROutputStream dOut = new DEROutputStream(sOut); 282e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 283e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom dOut.writeObject(tbsCert); 284e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 285e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom sOut.close(); 286e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 287e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom catch (Exception e) 288e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 289e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom throw new CertException("unable to process signature: " + e.getMessage(), e); 290e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 291e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 292e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom return verifier.verify(x509Certificate.getSignature().getBytes()); 293e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 294e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 295e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom public boolean equals( 296e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom Object o) 297e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 298e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom if (o == this) 299e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 300e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom return true; 301e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 302e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 303e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom if (!(o instanceof X509CertificateHolder)) 304e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 305e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom return false; 306e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 307e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 308e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom X509CertificateHolder other = (X509CertificateHolder)o; 309e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 310e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom return this.x509Certificate.equals(other.x509Certificate); 311e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 312e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 313e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom public int hashCode() 314e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 315e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom return this.x509Certificate.hashCode(); 316e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 317e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 318e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom /** 319e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * Return the ASN.1 encoding of this holder's certificate. 320e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * 321e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * @return a DER encoded byte array. 322e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * @throws IOException if an encoding cannot be generated. 323e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom */ 324e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom public byte[] getEncoded() 325e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom throws IOException 326e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 327e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom return x509Certificate.getEncoded(); 328e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 329e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom} 330