151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski/* 27b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. 351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * This code is free software; you can redistribute it and/or modify it 651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * under the terms of the GNU General Public License version 2 only, as 751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * published by the Free Software Foundation. Oracle designates this 851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * particular file as subject to the "Classpath" exception as provided 951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * by Oracle in the LICENSE file that accompanied this code. 1051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 1151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * This code is distributed in the hope that it will be useful, but WITHOUT 1251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 1351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 1451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * version 2 for more details (a copy is included in the LICENSE file that 1551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * accompanied this code). 1651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 1751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * You should have received a copy of the GNU General Public License version 1851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 2 along with this work; if not, write to the Free Software Foundation, 1951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 2051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 2151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 2251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * or visit www.oracle.com if you need additional information or have any 2351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * questions. 2451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 2551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 2651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskipackage java.security.cert; 2751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 2851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.security.NoSuchAlgorithmException; 2951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.security.NoSuchProviderException; 3051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.security.InvalidKeyException; 3151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.security.SignatureException; 3251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.security.Principal; 337b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giroimport java.security.Provider; 3451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.security.PublicKey; 3551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport javax.security.auth.x500.X500Principal; 3651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 3751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.math.BigInteger; 3851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.util.Date; 3951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.util.Set; 4051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.util.Arrays; 4151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 4251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport sun.security.x509.X509CRLImpl; 4351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 4451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski/** 4551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p> 4651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Abstract class for an X.509 Certificate Revocation List (CRL). 4751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * A CRL is a time-stamped list identifying revoked certificates. 4851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * It is signed by a Certificate Authority (CA) and made freely 4951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * available in a public repository. 5051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 5151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p>Each revoked certificate is 5251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * identified in a CRL by its certificate serial number. When a 5351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * certificate-using system uses a certificate (e.g., for verifying a 5451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * remote user's digital signature), that system not only checks the 5551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * certificate signature and validity but also acquires a suitably- 5651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * recent CRL and checks that the certificate serial number is not on 5751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * that CRL. The meaning of "suitably-recent" may vary with local 5851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * policy, but it usually means the most recently-issued CRL. A CA 5951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * issues a new CRL on a regular periodic basis (e.g., hourly, daily, or 6051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * weekly). Entries are added to CRLs as revocations occur, and an 6151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * entry may be removed when the certificate expiration date is reached. 6251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p> 6351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * The X.509 v2 CRL format is described below in ASN.1: 6451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <pre> 6551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * CertificateList ::= SEQUENCE { 6651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * tbsCertList TBSCertList, 6751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * signatureAlgorithm AlgorithmIdentifier, 6851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * signature BIT STRING } 6951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * </pre> 7051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p> 7151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * More information can be found in 7251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <a href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280: Internet X.509 7351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Public Key Infrastructure Certificate and CRL Profile</a>. 7451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p> 757b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro * The ASN.1 definition of {@code tbsCertList} is: 7651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <pre> 7751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * TBSCertList ::= SEQUENCE { 7851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * version Version OPTIONAL, 7951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * -- if present, must be v2 8051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * signature AlgorithmIdentifier, 8151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * issuer Name, 8251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * thisUpdate ChoiceOfTime, 8351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * nextUpdate ChoiceOfTime OPTIONAL, 8451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * revokedCertificates SEQUENCE OF SEQUENCE { 8551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * userCertificate CertificateSerialNumber, 8651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * revocationDate ChoiceOfTime, 8751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * crlEntryExtensions Extensions OPTIONAL 8851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * -- if present, must be v2 8951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * } OPTIONAL, 9051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * crlExtensions [0] EXPLICIT Extensions OPTIONAL 9151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * -- if present, must be v2 9251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * } 9351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * </pre> 9451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p> 9551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * CRLs are instantiated using a certificate factory. The following is an 9651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * example of how to instantiate an X.509 CRL: 977b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro * <pre>{@code 987b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro * try (InputStream inStream = new FileInputStream("fileName-of-crl")) { 9951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * CertificateFactory cf = CertificateFactory.getInstance("X.509"); 10051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * X509CRL crl = (X509CRL)cf.generateCRL(inStream); 10151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * } 1027b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro * }</pre> 10351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 10451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @author Hemma Prafullchandra 10551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 10651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 10751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see CRL 10851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see CertificateFactory 10951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see X509Extension 11051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 11151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 11251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskipublic abstract class X509CRL extends CRL implements X509Extension { 11351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 11451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski private transient X500Principal issuerPrincipal; 11551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 11651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 11751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Constructor for X.509 CRLs. 11851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 11951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski protected X509CRL() { 12051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski super("X.509"); 12151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 12251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 12351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 12451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Compares this CRL for equality with the given 1257b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro * object. If the {@code other} object is an 1267b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro * {@code instanceof} {@code X509CRL}, then 12751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * its encoded form is retrieved and compared with the 12851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * encoded form of this CRL. 12951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 13051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param other the object to test for equality with this CRL. 13151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 13251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return true iff the encoded forms of the two CRLs 13351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * match, false otherwise. 13451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 13551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public boolean equals(Object other) { 13651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (this == other) { 13751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return true; 13851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 13951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (!(other instanceof X509CRL)) { 14051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return false; 14151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 14251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski try { 14351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski byte[] thisCRL = X509CRLImpl.getEncodedInternal(this); 14451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski byte[] otherCRL = X509CRLImpl.getEncodedInternal((X509CRL)other); 14551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 14651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return Arrays.equals(thisCRL, otherCRL); 14751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } catch (CRLException e) { 14851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return false; 14951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 15051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 15151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 15251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 15351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Returns a hashcode value for this CRL from its 15451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * encoded form. 15551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 15651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return the hashcode value. 15751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 15851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public int hashCode() { 15951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski int retval = 0; 16051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski try { 16151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski byte[] crlData = X509CRLImpl.getEncodedInternal(this); 16251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski for (int i = 1; i < crlData.length; i++) { 16351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski retval += crlData[i] * i; 16451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 16551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return retval; 16651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } catch (CRLException e) { 16751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return retval; 16851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 16951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 17051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 17151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 17251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Returns the ASN.1 DER-encoded form of this CRL. 17351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 17451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return the encoded form of this certificate 17551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception CRLException if an encoding error occurs. 17651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 17751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public abstract byte[] getEncoded() 17851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throws CRLException; 17951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 18051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 18151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Verifies that this CRL was signed using the 18251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * private key that corresponds to the given public key. 18351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 18451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param key the PublicKey used to carry out the verification. 18551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 18651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception NoSuchAlgorithmException on unsupported signature 18751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * algorithms. 18851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception InvalidKeyException on incorrect key. 18951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception NoSuchProviderException if there's no default provider. 19051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception SignatureException on signature errors. 19151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception CRLException on encoding errors. 19251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 19351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public abstract void verify(PublicKey key) 19451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throws CRLException, NoSuchAlgorithmException, 19551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski InvalidKeyException, NoSuchProviderException, 19651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski SignatureException; 19751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 19851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 19951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Verifies that this CRL was signed using the 20051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * private key that corresponds to the given public key. 20151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * This method uses the signature verification engine 20251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * supplied by the given provider. 20351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 20451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param key the PublicKey used to carry out the verification. 20551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param sigProvider the name of the signature provider. 20651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 20751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception NoSuchAlgorithmException on unsupported signature 20851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * algorithms. 20951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception InvalidKeyException on incorrect key. 21051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception NoSuchProviderException on incorrect provider. 21151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception SignatureException on signature errors. 21251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception CRLException on encoding errors. 21351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 21451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public abstract void verify(PublicKey key, String sigProvider) 21551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throws CRLException, NoSuchAlgorithmException, 21651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski InvalidKeyException, NoSuchProviderException, 21751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski SignatureException; 21851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 21951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 2207b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro * Verifies that this CRL was signed using the 2217b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro * private key that corresponds to the given public key. 2227b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro * This method uses the signature verification engine 2237b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro * supplied by the given provider. Note that the specified Provider object 2247b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro * does not have to be registered in the provider list. 2257b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro * 2267b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro * This method was added to version 1.8 of the Java Platform Standard 2277b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro * Edition. In order to maintain backwards compatibility with existing 2287b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro * service providers, this method is not {@code abstract} 2297b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro * and it provides a default implementation. 2307b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro * 2317b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro * @param key the PublicKey used to carry out the verification. 2327b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro * @param sigProvider the signature provider. 2337b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro * 2347b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro * @exception NoSuchAlgorithmException on unsupported signature 2357b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro * algorithms. 2367b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro * @exception InvalidKeyException on incorrect key. 2377b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro * @exception SignatureException on signature errors. 2387b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro * @exception CRLException on encoding errors. 2397b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro * @since 1.8 2407b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro */ 2417b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro public void verify(PublicKey key, Provider sigProvider) 2427b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro throws CRLException, NoSuchAlgorithmException, 2437b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro InvalidKeyException, SignatureException { 2446975f84c2ed72e1e26d20190b6f318718c849008Tobias Thierer // BEGIN Android-changed 2457b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro // TODO(31294527): was X509CRLImpl.verify(this, key, sigProvider); 2467b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro // As the javadoc says, this "default implementation" was introduced as to avoid breaking 2477b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro // providers that generate concrete subclasses of this class. 2487b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro // The method X509Impl in the original definition calls this method, thus entering an 2497b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro // infinite loop. This strange behaviour was checked to be not specific to libcore by 2507b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro // running a test with vogar --mode=jvm . 2517b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro throw new UnsupportedOperationException( 2527b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro "X509CRL instance doesn't not support X509CRL#verify(PublicKey, Provider)"); 2536975f84c2ed72e1e26d20190b6f318718c849008Tobias Thierer // END Android-changed 2547b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro } 2557b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro 2567b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro /** 2577b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro * Gets the {@code version} (version number) value from the CRL. 25851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * The ASN.1 definition for this is: 25951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <pre> 26051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * version Version OPTIONAL, 2617b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro * -- if present, must be v2 2627b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro * 26351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Version ::= INTEGER { v1(0), v2(1), v3(2) } 26451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * -- v3 does not apply to CRLs but appears for consistency 26551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * -- with definition of Version for certs 26651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * </pre> 26751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 26851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return the version number, i.e. 1 or 2. 26951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 27051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public abstract int getVersion(); 27151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 27251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 27351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <strong>Denigrated</strong>, replaced by {@linkplain 2747b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro * #getIssuerX500Principal()}. This method returns the {@code issuer} 27551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * as an implementation specific Principal object, which should not be 27651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * relied upon by portable code. 27751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 27851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p> 2797b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro * Gets the {@code issuer} (issuer distinguished name) value from 28051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * the CRL. The issuer name identifies the entity that signed (and 28151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * issued) the CRL. 28251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 28351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p>The issuer name field contains an 28451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * X.500 distinguished name (DN). 28551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * The ASN.1 definition for this is: 28651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <pre> 28751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * issuer Name 28851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 28951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Name ::= CHOICE { RDNSequence } 29051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName 29151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * RelativeDistinguishedName ::= 29251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * SET OF AttributeValueAssertion 29351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 29451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * AttributeValueAssertion ::= SEQUENCE { 29551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * AttributeType, 29651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * AttributeValue } 29751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * AttributeType ::= OBJECT IDENTIFIER 29851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * AttributeValue ::= ANY 29951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * </pre> 3007b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro * The {@code Name} describes a hierarchical name composed of 30151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * attributes, 30251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * such as country name, and corresponding values, such as US. 3037b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro * The type of the {@code AttributeValue} component is determined by 3047b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro * the {@code AttributeType}; in general it will be a 3057b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro * {@code directoryString}. A {@code directoryString} is usually 3067b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro * one of {@code PrintableString}, 3077b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro * {@code TeletexString} or {@code UniversalString}. 30851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 30951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return a Principal whose name is the issuer distinguished name. 31051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 31151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public abstract Principal getIssuerDN(); 31251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 31351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 31451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Returns the issuer (issuer distinguished name) value from the 3157b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro * CRL as an {@code X500Principal}. 31651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p> 31751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * It is recommended that subclasses override this method. 31851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 3197b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro * @return an {@code X500Principal} representing the issuer 32051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * distinguished name 32151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @since 1.4 32251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 32351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public X500Principal getIssuerX500Principal() { 32451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (issuerPrincipal == null) { 32551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski issuerPrincipal = X509CRLImpl.getIssuerX500Principal(this); 32651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 32751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return issuerPrincipal; 32851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 32951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 33051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 3317b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro * Gets the {@code thisUpdate} date from the CRL. 33251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * The ASN.1 definition for this is: 33351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <pre> 33451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * thisUpdate ChoiceOfTime 33551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * ChoiceOfTime ::= CHOICE { 33651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * utcTime UTCTime, 33751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * generalTime GeneralizedTime } 33851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * </pre> 33951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 3407b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro * @return the {@code thisUpdate} date from the CRL. 34151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 34251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public abstract Date getThisUpdate(); 34351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 34451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 3457b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro * Gets the {@code nextUpdate} date from the CRL. 34651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 3477b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro * @return the {@code nextUpdate} date from the CRL, or null if 34851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * not present. 34951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 35051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public abstract Date getNextUpdate(); 35151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 35251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 35351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Gets the CRL entry, if any, with the given certificate serialNumber. 35451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 35551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param serialNumber the serial number of the certificate for which a CRL entry 35651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * is to be looked up 35751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return the entry with the given serial number, or null if no such entry 35851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * exists in this CRL. 35951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see X509CRLEntry 36051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 36151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public abstract X509CRLEntry 36251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski getRevokedCertificate(BigInteger serialNumber); 36351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 36451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 36551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Get the CRL entry, if any, for the given certificate. 36651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 36751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p>This method can be used to lookup CRL entries in indirect CRLs, 36851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * that means CRLs that contain entries from issuers other than the CRL 36951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * issuer. The default implementation will only return entries for 37051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * certificates issued by the CRL issuer. Subclasses that wish to 37151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * support indirect CRLs should override this method. 37251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 37351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param certificate the certificate for which a CRL entry is to be looked 37451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * up 37551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return the entry for the given certificate, or null if no such entry 37651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * exists in this CRL. 37751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception NullPointerException if certificate is null 37851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 37951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @since 1.5 38051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 38151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public X509CRLEntry getRevokedCertificate(X509Certificate certificate) { 38251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski X500Principal certIssuer = certificate.getIssuerX500Principal(); 38351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski X500Principal crlIssuer = getIssuerX500Principal(); 38451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (certIssuer.equals(crlIssuer) == false) { 38551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return null; 38651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 38751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return getRevokedCertificate(certificate.getSerialNumber()); 38851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 38951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 39051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 39151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Gets all the entries from this CRL. 39251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * This returns a Set of X509CRLEntry objects. 39351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 39451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return all the entries or null if there are none present. 39551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see X509CRLEntry 39651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 39751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public abstract Set<? extends X509CRLEntry> getRevokedCertificates(); 39851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 39951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 40051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Gets the DER-encoded CRL information, the 4017b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro * {@code tbsCertList} from this CRL. 40251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * This can be used to verify the signature independently. 40351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 40451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return the DER-encoded CRL information. 40551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception CRLException if an encoding error occurs. 40651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 40751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public abstract byte[] getTBSCertList() throws CRLException; 40851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 40951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 4107b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro * Gets the {@code signature} value (the raw signature bits) from 41151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * the CRL. 41251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * The ASN.1 definition for this is: 41351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <pre> 41451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * signature BIT STRING 41551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * </pre> 41651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 41751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return the signature. 41851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 41951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public abstract byte[] getSignature(); 42051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 42151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 42251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Gets the signature algorithm name for the CRL 42351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * signature algorithm. An example is the string "SHA256withRSA". 42451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * The ASN.1 definition for this is: 42551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <pre> 4267b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro * signatureAlgorithm AlgorithmIdentifier 4277b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro * 42851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * AlgorithmIdentifier ::= SEQUENCE { 42951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * algorithm OBJECT IDENTIFIER, 43051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * parameters ANY DEFINED BY algorithm OPTIONAL } 43151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * -- contains a value of the type 43251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * -- registered for use with the 43351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * -- algorithm object identifier value 43451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * </pre> 43551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 4367b78953d6d5688d4a3502999cc37f2aa13256e66Sergio Giro * <p>The algorithm name is determined from the {@code algorithm} 43751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * OID string. 43851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 43951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return the signature algorithm name. 44051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 44151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public abstract String getSigAlgName(); 44251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 44351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 44451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Gets the signature algorithm OID string from the CRL. 44551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * An OID is represented by a set of nonnegative whole numbers separated 44651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * by periods. 44751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * For example, the string "1.2.840.10040.4.3" identifies the SHA-1 44851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * with DSA signature algorithm defined in 44951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <a href="http://www.ietf.org/rfc/rfc3279.txt">RFC 3279: Algorithms and 45051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Identifiers for the Internet X.509 Public Key Infrastructure Certificate 45151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * and CRL Profile</a>. 45251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 45351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p>See {@link #getSigAlgName() getSigAlgName} for 45451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * relevant ASN.1 definitions. 45551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 45651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return the signature algorithm OID string. 45751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 45851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public abstract String getSigAlgOID(); 45951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 46051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 46151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Gets the DER-encoded signature algorithm parameters from this 46251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * CRL's signature algorithm. In most cases, the signature 46351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * algorithm parameters are null; the parameters are usually 46451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * supplied with the public key. 46551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * If access to individual parameter values is needed then use 46651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * {@link java.security.AlgorithmParameters AlgorithmParameters} 46751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * and instantiate with the name returned by 46851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * {@link #getSigAlgName() getSigAlgName}. 46951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 47051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p>See {@link #getSigAlgName() getSigAlgName} for 47151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * relevant ASN.1 definitions. 47251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 47351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return the DER-encoded signature algorithm parameters, or 47451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * null if no parameters are present. 47551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 47651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public abstract byte[] getSigAlgParams(); 47751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski} 478