/* * Copyright (C) 2013 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.conscrypt; import java.io.ByteArrayOutputStream; import java.math.BigInteger; import java.security.cert.CRLException; import java.security.cert.X509CRLEntry; import java.util.Arrays; import java.util.Calendar; import java.util.Date; import java.util.HashSet; import java.util.Set; import java.util.TimeZone; /** * An implementation of {@link X509CRLEntry} based on BoringSSL. */ final class OpenSSLX509CRLEntry extends X509CRLEntry { private final long mContext; OpenSSLX509CRLEntry(long ctx) { mContext = ctx; } @Override public Set getCriticalExtensionOIDs() { String[] critOids = NativeCrypto.get_X509_REVOKED_ext_oids(mContext, NativeCrypto.EXTENSION_TYPE_CRITICAL); /* * This API has a special case that if there are no extensions, we * should return null. So if we have no critical extensions, we'll check * non-critical extensions. */ if ((critOids.length == 0) && (NativeCrypto.get_X509_REVOKED_ext_oids(mContext, NativeCrypto.EXTENSION_TYPE_NON_CRITICAL).length == 0)) { return null; } return new HashSet(Arrays.asList(critOids)); } @Override public byte[] getExtensionValue(String oid) { return NativeCrypto.X509_REVOKED_get_ext_oid(mContext, oid); } @Override public Set getNonCriticalExtensionOIDs() { String[] critOids = NativeCrypto.get_X509_REVOKED_ext_oids(mContext, NativeCrypto.EXTENSION_TYPE_NON_CRITICAL); /* * This API has a special case that if there are no extensions, we * should return null. So if we have no non-critical extensions, we'll * check critical extensions. */ if ((critOids.length == 0) && (NativeCrypto.get_X509_REVOKED_ext_oids(mContext, NativeCrypto.EXTENSION_TYPE_CRITICAL).length == 0)) { return null; } return new HashSet(Arrays.asList(critOids)); } @Override public boolean hasUnsupportedCriticalExtension() { final String[] criticalOids = NativeCrypto.get_X509_REVOKED_ext_oids(mContext, NativeCrypto.EXTENSION_TYPE_CRITICAL); for (String oid : criticalOids) { final long extensionRef = NativeCrypto.X509_REVOKED_get_ext(mContext, oid); if (NativeCrypto.X509_supported_extension(extensionRef) != 1) { return true; } } return false; } @Override public byte[] getEncoded() throws CRLException { return NativeCrypto.i2d_X509_REVOKED(mContext); } @Override public BigInteger getSerialNumber() { return new BigInteger(NativeCrypto.X509_REVOKED_get_serialNumber(mContext)); } @Override public Date getRevocationDate() { Calendar calendar = Calendar.getInstance(TimeZone.getTimeZone("UTC")); calendar.set(Calendar.MILLISECOND, 0); NativeCrypto.ASN1_TIME_to_Calendar(NativeCrypto.get_X509_REVOKED_revocationDate(mContext), calendar); return calendar.getTime(); } @Override public boolean hasExtensions() { return (NativeCrypto.get_X509_REVOKED_ext_oids(mContext, NativeCrypto.EXTENSION_TYPE_NON_CRITICAL).length != 0) || (NativeCrypto.get_X509_REVOKED_ext_oids(mContext, NativeCrypto.EXTENSION_TYPE_CRITICAL).length != 0); } @Override public String toString() { ByteArrayOutputStream os = new ByteArrayOutputStream(); long bioCtx = NativeCrypto.create_BIO_OutputStream(os); try { NativeCrypto.X509_REVOKED_print(bioCtx, mContext); return os.toString(); } finally { NativeCrypto.BIO_free_all(bioCtx); } } }