151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski/* 230350d69719039aafc65e9c783f56b46d9d8725bSergio Giro * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved. 351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * This code is free software; you can redistribute it and/or modify it 651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * under the terms of the GNU General Public License version 2 only, as 751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * published by the Free Software Foundation. Oracle designates this 851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * particular file as subject to the "Classpath" exception as provided 951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * by Oracle in the LICENSE file that accompanied this code. 1051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 1151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * This code is distributed in the hope that it will be useful, but WITHOUT 1251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 1351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 1451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * version 2 for more details (a copy is included in the LICENSE file that 1551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * accompanied this code). 1651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 1751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * You should have received a copy of the GNU General Public License version 1851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 2 along with this work; if not, write to the Free Software Foundation, 1951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 2051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 2151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 2251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * or visit www.oracle.com if you need additional information or have any 2351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * questions. 2451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 2551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 2651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskipackage sun.security.x509; 2751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 2851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.io.IOException; 2951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.security.cert.CRLException; 3051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.security.cert.CRLReason; 3151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.security.cert.X509CRLEntry; 3251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.math.BigInteger; 3351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.util.*; 3451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 3551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport javax.security.auth.x500.X500Principal; 3651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 3751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport sun.security.util.*; 3851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport sun.misc.HexDumpEncoder; 3951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 4051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski/** 4151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p>Abstract class for a revoked certificate in a CRL. 4251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * This class is for each entry in the <code>revokedCertificates</code>, 4351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * so it deals with the inner <em>SEQUENCE</em>. 4451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * The ASN.1 definition for this is: 4551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <pre> 4651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * revokedCertificates SEQUENCE OF SEQUENCE { 4751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * userCertificate CertificateSerialNumber, 4851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * revocationDate ChoiceOfTime, 4951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * crlEntryExtensions Extensions OPTIONAL 5051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * -- if present, must be v2 5151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * } OPTIONAL 5251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 5351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * CertificateSerialNumber ::= INTEGER 5451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 5551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension 5651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 5751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Extension ::= SEQUENCE { 5851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * extnId OBJECT IDENTIFIER, 5951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * critical BOOLEAN DEFAULT FALSE, 6051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * extnValue OCTET STRING 6151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * -- contains a DER encoding of a value 6251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * -- of the type registered for use with 6351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * -- the extnId object identifier value 6451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * } 6551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * </pre> 6651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 6751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @author Hemma Prafullchandra 6851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 6951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 7051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskipublic class X509CRLEntryImpl extends X509CRLEntry 7151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski implements Comparable<X509CRLEntryImpl> { 7251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 7351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski private SerialNumber serialNumber = null; 7451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski private Date revocationDate = null; 7551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski private CRLExtensions extensions = null; 7651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski private byte[] revokedCert = null; 7751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski private X500Principal certIssuer; 7851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 7951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski private final static boolean isExplicit = false; 8051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski private static final long YR_2050 = 2524636800000L; 8151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 8251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 8351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Constructs a revoked certificate entry using the given 8451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * serial number and revocation date. 8551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 8651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param num the serial number of the revoked certificate. 8751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param date the Date on which revocation took place. 8851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 8951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public X509CRLEntryImpl(BigInteger num, Date date) { 9051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski this.serialNumber = new SerialNumber(num); 9151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski this.revocationDate = date; 9251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 9351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 9451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 9551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Constructs a revoked certificate entry using the given 9651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * serial number, revocation date and the entry 9751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * extensions. 9851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 9951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param num the serial number of the revoked certificate. 10051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param date the Date on which revocation took place. 10151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param crlEntryExts the extensions for this entry. 10251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 10351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public X509CRLEntryImpl(BigInteger num, Date date, 10451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski CRLExtensions crlEntryExts) { 10551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski this.serialNumber = new SerialNumber(num); 10651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski this.revocationDate = date; 10751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski this.extensions = crlEntryExts; 10851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 10951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 11051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 11151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Unmarshals a revoked certificate from its encoded form. 11251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 11351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param revokedCert the encoded bytes. 11451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception CRLException on parsing errors. 11551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 11651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public X509CRLEntryImpl(byte[] revokedCert) throws CRLException { 11751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski try { 11851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski parse(new DerValue(revokedCert)); 11951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } catch (IOException e) { 12051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski this.revokedCert = null; 12151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throw new CRLException("Parsing error: " + e.toString()); 12251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 12351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 12451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 12551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 12651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Unmarshals a revoked certificate from its encoded form. 12751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 12851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param derVal the DER value containing the revoked certificate. 12951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception CRLException on parsing errors. 13051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 13151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public X509CRLEntryImpl(DerValue derValue) throws CRLException { 13251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski try { 13351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski parse(derValue); 13451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } catch (IOException e) { 13551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski revokedCert = null; 13651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throw new CRLException("Parsing error: " + e.toString()); 13751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 13851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 13951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 14051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 14151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Returns true if this revoked certificate entry has 14251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * extensions, otherwise false. 14351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 14451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return true if this CRL entry has extensions, otherwise 14551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * false. 14651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 14751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public boolean hasExtensions() { 14851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return (extensions != null); 14951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 15051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 15151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 15251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Encodes the revoked certificate to an output stream. 15351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 15451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param outStrm an output stream to which the encoded revoked 15551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * certificate is written. 15651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception CRLException on encoding errors. 15751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 15851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public void encode(DerOutputStream outStrm) throws CRLException { 15951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski try { 16051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (revokedCert == null) { 16151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski DerOutputStream tmp = new DerOutputStream(); 16251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski // sequence { serialNumber, revocationDate, extensions } 16351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski serialNumber.encode(tmp); 16451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 16551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (revocationDate.getTime() < YR_2050) { 16651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski tmp.putUTCTime(revocationDate); 16751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } else { 16851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski tmp.putGeneralizedTime(revocationDate); 16951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 17051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 17151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (extensions != null) 17251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski extensions.encode(tmp, isExplicit); 17351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 17451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski DerOutputStream seq = new DerOutputStream(); 17551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski seq.write(DerValue.tag_Sequence, tmp); 17651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 17751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski revokedCert = seq.toByteArray(); 17851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 17951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski outStrm.write(revokedCert); 18051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } catch (IOException e) { 18151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throw new CRLException("Encoding error: " + e.toString()); 18251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 18351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 18451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 18551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 18651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Returns the ASN.1 DER-encoded form of this CRL Entry, 18751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * which corresponds to the inner SEQUENCE. 18851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 18951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception CRLException if an encoding error occurs. 19051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 19151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public byte[] getEncoded() throws CRLException { 19251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return getEncoded0().clone(); 19351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 19451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 19551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski // Called internally to avoid clone 19651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski private byte[] getEncoded0() throws CRLException { 19751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (revokedCert == null) 19851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski this.encode(new DerOutputStream()); 19951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return revokedCert; 20051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 20151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 20251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski @Override 20351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public X500Principal getCertificateIssuer() { 20451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return certIssuer; 20551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 20651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 20751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski void setCertificateIssuer(X500Principal crlIssuer, X500Principal certIssuer) { 20851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (crlIssuer.equals(certIssuer)) { 20951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski this.certIssuer = null; 21051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } else { 21151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski this.certIssuer = certIssuer; 21251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 21351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 21451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 21551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 21651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Gets the serial number from this X509CRLEntry, 21751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * i.e. the <em>userCertificate</em>. 21851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 21951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return the serial number. 22051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 22151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public BigInteger getSerialNumber() { 22251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return serialNumber.getNumber(); 22351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 22451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 22551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 22651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Gets the revocation date from this X509CRLEntry, 22751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * the <em>revocationDate</em>. 22851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 22951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return the revocation date. 23051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 23151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public Date getRevocationDate() { 23251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return new Date(revocationDate.getTime()); 23351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 23451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 23551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 23651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * This method is the overridden implementation of the getRevocationReason 23751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * method in X509CRLEntry. It is better performance-wise since it returns 23851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * cached values. 23951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 24051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski @Override 24151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public CRLReason getRevocationReason() { 24251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski Extension ext = getExtension(PKIXExtensions.ReasonCode_Id); 24351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (ext == null) { 24451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return null; 24551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 24651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski CRLReasonCodeExtension rcExt = (CRLReasonCodeExtension) ext; 24751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return rcExt.getReasonCode(); 24851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 24951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 25051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 25151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * This static method is the default implementation of the 25251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * getRevocationReason method in X509CRLEntry. 25351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 25451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public static CRLReason getRevocationReason(X509CRLEntry crlEntry) { 25551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski try { 25651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski byte[] ext = crlEntry.getExtensionValue("2.5.29.21"); 25751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (ext == null) { 25851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return null; 25951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 26051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski DerValue val = new DerValue(ext); 26151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski byte[] data = val.getOctetString(); 26251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 26351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski CRLReasonCodeExtension rcExt = 26451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski new CRLReasonCodeExtension(Boolean.FALSE, data); 26551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return rcExt.getReasonCode(); 26651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } catch (IOException ioe) { 26751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return null; 26851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 26951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 27051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 27151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 27251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * get Reason Code from CRL entry. 27351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 27451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @returns Integer or null, if no such extension 27551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @throws IOException on error 27651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 27751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public Integer getReasonCode() throws IOException { 27851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski Object obj = getExtension(PKIXExtensions.ReasonCode_Id); 27951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (obj == null) 28051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return null; 28151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski CRLReasonCodeExtension reasonCode = (CRLReasonCodeExtension)obj; 28230350d69719039aafc65e9c783f56b46d9d8725bSergio Giro return reasonCode.get(CRLReasonCodeExtension.REASON); 28351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 28451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 28551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 28651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Returns a printable string of this revoked certificate. 28751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 28851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return value of this revoked certificate in a printable form. 28951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 29051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski @Override 29151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public String toString() { 29251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski StringBuilder sb = new StringBuilder(); 29351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 29451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski sb.append(serialNumber.toString()); 29551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski sb.append(" On: " + revocationDate.toString()); 29651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (certIssuer != null) { 29751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski sb.append("\n Certificate issuer: " + certIssuer); 29851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 29951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (extensions != null) { 30030350d69719039aafc65e9c783f56b46d9d8725bSergio Giro Collection<Extension> allEntryExts = extensions.getAllExtensions(); 30130350d69719039aafc65e9c783f56b46d9d8725bSergio Giro Extension[] exts = allEntryExts.toArray(new Extension[0]); 30251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 30330350d69719039aafc65e9c783f56b46d9d8725bSergio Giro sb.append("\n CRL Entry Extensions: " + exts.length); 30430350d69719039aafc65e9c783f56b46d9d8725bSergio Giro for (int i = 0; i < exts.length; i++) { 30551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski sb.append("\n [" + (i+1) + "]: "); 30630350d69719039aafc65e9c783f56b46d9d8725bSergio Giro Extension ext = exts[i]; 30751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski try { 30851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (OIDMap.getClass(ext.getExtensionId()) == null) { 30951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski sb.append(ext.toString()); 31051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski byte[] extValue = ext.getExtensionValue(); 31151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (extValue != null) { 31251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski DerOutputStream out = new DerOutputStream(); 31351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski out.putOctetString(extValue); 31451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski extValue = out.toByteArray(); 31551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski HexDumpEncoder enc = new HexDumpEncoder(); 31651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski sb.append("Extension unknown: " 31751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski + "DER encoded OCTET string =\n" 31851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski + enc.encodeBuffer(extValue) + "\n"); 31951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 32051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } else 32151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski sb.append(ext.toString()); //sub-class exists 32251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } catch (Exception e) { 32351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski sb.append(", Error parsing this extension"); 32451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 32551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 32651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 32751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski sb.append("\n"); 32851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return sb.toString(); 32951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 33051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 33151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 33251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Return true if a critical extension is found that is 33351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * not supported, otherwise return false. 33451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 33551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public boolean hasUnsupportedCriticalExtension() { 33651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (extensions == null) 33751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return false; 33851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return extensions.hasUnsupportedCriticalExtension(); 33951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 34051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 34151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 34251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Gets a Set of the extension(s) marked CRITICAL in this 34351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * X509CRLEntry. In the returned set, each extension is 34451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * represented by its OID string. 34551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 34651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return a set of the extension oid strings in the 34751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Object that are marked critical. 34851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 34951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public Set<String> getCriticalExtensionOIDs() { 35051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (extensions == null) { 35151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return null; 35251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 35351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski Set<String> extSet = new TreeSet<>(); 35451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski for (Extension ex : extensions.getAllExtensions()) { 35551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (ex.isCritical()) { 35651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski extSet.add(ex.getExtensionId().toString()); 35751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 35851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 35951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return extSet; 36051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 36151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 36251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 36351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Gets a Set of the extension(s) marked NON-CRITICAL in this 36451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * X509CRLEntry. In the returned set, each extension is 36551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * represented by its OID string. 36651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 36751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return a set of the extension oid strings in the 36851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Object that are marked critical. 36951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 37051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public Set<String> getNonCriticalExtensionOIDs() { 37151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (extensions == null) { 37251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return null; 37351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 37451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski Set<String> extSet = new TreeSet<>(); 37551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski for (Extension ex : extensions.getAllExtensions()) { 37651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (!ex.isCritical()) { 37751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski extSet.add(ex.getExtensionId().toString()); 37851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 37951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 38051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return extSet; 38151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 38251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 38351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 38451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Gets the DER encoded OCTET string for the extension value 38551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * (<em>extnValue</em>) identified by the passed in oid String. 38651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * The <code>oid</code> string is 38751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * represented by a set of positive whole number separated 38851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * by ".", that means,<br> 38951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <positive whole number>.<positive whole number>.<positive 39051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * whole number>.<...> 39151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 39251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param oid the Object Identifier value for the extension. 39351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return the DER encoded octet string of the extension value. 39451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 39551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public byte[] getExtensionValue(String oid) { 39651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (extensions == null) 39751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return null; 39851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski try { 39951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski String extAlias = OIDMap.getName(new ObjectIdentifier(oid)); 40051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski Extension crlExt = null; 40151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 40251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (extAlias == null) { // may be unknown 40351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski ObjectIdentifier findOID = new ObjectIdentifier(oid); 40451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski Extension ex = null; 40551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski ObjectIdentifier inCertOID; 40651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski for (Enumeration<Extension> e = extensions.getElements(); 40751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski e.hasMoreElements();) { 40851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski ex = e.nextElement(); 40951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski inCertOID = ex.getExtensionId(); 41030350d69719039aafc65e9c783f56b46d9d8725bSergio Giro if (inCertOID.equals((Object)findOID)) { 41151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski crlExt = ex; 41251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski break; 41351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 41451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 41551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } else 41651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski crlExt = extensions.get(extAlias); 41751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (crlExt == null) 41851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return null; 41951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski byte[] extData = crlExt.getExtensionValue(); 42051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (extData == null) 42151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return null; 42251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 42351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski DerOutputStream out = new DerOutputStream(); 42451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski out.putOctetString(extData); 42551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return out.toByteArray(); 42651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } catch (Exception e) { 42751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return null; 42851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 42951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 43051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 43151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 43251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * get an extension 43351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 43451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param oid ObjectIdentifier of extension desired 43551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @returns Extension of type <extension> or null, if not found 43651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 43751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public Extension getExtension(ObjectIdentifier oid) { 43851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (extensions == null) 43951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return null; 44051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 44151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski // following returns null if no such OID in map 44251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski //XXX consider cloning this 44351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return extensions.get(OIDMap.getName(oid)); 44451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 44551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 44651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski private void parse(DerValue derVal) 44751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throws CRLException, IOException { 44851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 44951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (derVal.tag != DerValue.tag_Sequence) { 45051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throw new CRLException("Invalid encoded RevokedCertificate, " + 45151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski "starting sequence tag missing."); 45251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 45351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (derVal.data.available() == 0) 45451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throw new CRLException("No data encoded for RevokedCertificates"); 45551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 45651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski revokedCert = derVal.toByteArray(); 45751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski // serial number 45851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski DerInputStream in = derVal.toDerInputStream(); 45951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski DerValue val = in.getDerValue(); 46051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski this.serialNumber = new SerialNumber(val); 46151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 46251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski // revocationDate 46351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski int nextByte = derVal.data.peekByte(); 46451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if ((byte)nextByte == DerValue.tag_UtcTime) { 46551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski this.revocationDate = derVal.data.getUTCTime(); 46651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } else if ((byte)nextByte == DerValue.tag_GeneralizedTime) { 46751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski this.revocationDate = derVal.data.getGeneralizedTime(); 46851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } else 46951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throw new CRLException("Invalid encoding for revocation date"); 47051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 47151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (derVal.data.available() == 0) 47251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return; // no extensions 47351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 47451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski // crlEntryExtensions 47551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski this.extensions = new CRLExtensions(derVal.toDerInputStream()); 47651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 47751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 47851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 47951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Utility method to convert an arbitrary instance of X509CRLEntry 48051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * to a X509CRLEntryImpl. Does a cast if possible, otherwise reparses 48151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * the encoding. 48251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 48351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public static X509CRLEntryImpl toImpl(X509CRLEntry entry) 48451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throws CRLException { 48551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (entry instanceof X509CRLEntryImpl) { 48651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return (X509CRLEntryImpl)entry; 48751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } else { 48851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return new X509CRLEntryImpl(entry.getEncoded()); 48951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 49051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 49151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 49251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 49351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Returns the CertificateIssuerExtension 49451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 49551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return the CertificateIssuerExtension, or null if it does not exist 49651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 49751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski CertificateIssuerExtension getCertificateIssuerExtension() { 49851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return (CertificateIssuerExtension) 49951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski getExtension(PKIXExtensions.CertificateIssuer_Id); 50051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 50151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 50251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 50351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Returns all extensions for this entry in a map 50451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return the extension map, can be empty, but not null 50551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 50651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public Map<String, java.security.cert.Extension> getExtensions() { 50751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (extensions == null) { 50851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return Collections.emptyMap(); 50951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 51051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski Collection<Extension> exts = extensions.getAllExtensions(); 51151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski Map<String, java.security.cert.Extension> map = new TreeMap<>(); 51251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski for (Extension ext : exts) { 51351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski map.put(ext.getId(), ext); 51451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 51551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return map; 51651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 51751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 51851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski @Override 51951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public int compareTo(X509CRLEntryImpl that) { 52051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski int compSerial = getSerialNumber().compareTo(that.getSerialNumber()); 52151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (compSerial != 0) { 52251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return compSerial; 52351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 52451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski try { 52551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski byte[] thisEncoded = this.getEncoded0(); 52651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski byte[] thatEncoded = that.getEncoded0(); 52751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski for (int i=0; i<thisEncoded.length && i<thatEncoded.length; i++) { 52851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski int a = thisEncoded[i] & 0xff; 52951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski int b = thatEncoded[i] & 0xff; 53051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (a != b) return a-b; 53151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 53251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return thisEncoded.length -thatEncoded.length; 53351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } catch (CRLException ce) { 53451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return -1; 53551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 53651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 53751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski} 538