151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski/* 251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Copyright (c) 2003, 2004, Oracle and/or its affiliates. All rights reserved. 351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * This code is free software; you can redistribute it and/or modify it 651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * under the terms of the GNU General Public License version 2 only, as 751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * published by the Free Software Foundation. Oracle designates this 851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * particular file as subject to the "Classpath" exception as provided 951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * by Oracle in the LICENSE file that accompanied this code. 1051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 1151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * This code is distributed in the hope that it will be useful, but WITHOUT 1251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 1351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 1451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * version 2 for more details (a copy is included in the LICENSE file that 1551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * accompanied this code). 1651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 1751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * You should have received a copy of the GNU General Public License version 1851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 2 along with this work; if not, write to the Free Software Foundation, 1951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 2051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 2151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 2251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * or visit www.oracle.com if you need additional information or have any 2351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * questions. 2451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 2551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 2651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskipackage sun.security.pkcs; 2751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 2851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.io.IOException; 2951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.util.ArrayList; 3051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 3151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport sun.misc.HexDumpEncoder; 3251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport sun.security.util.DerInputStream; 3351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport sun.security.util.DerValue; 3451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport sun.security.x509.GeneralNames; 3551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport sun.security.x509.SerialNumber; 3651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 3751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski/** 3851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * This class represents a signing certificate attribute. 3951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Its attribute value is defined by the following ASN.1 definition. 4051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <pre> 4151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 4251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * id-aa-signingCertificate OBJECT IDENTIFIER ::= { iso(1) 4351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) 4451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * smime(16) id-aa(2) 12 } 4551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 4651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * SigningCertificate ::= SEQUENCE { 4751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * certs SEQUENCE OF ESSCertID, 4851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * policies SEQUENCE OF PolicyInformation OPTIONAL 4951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * } 5051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 5151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * ESSCertID ::= SEQUENCE { 5251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * certHash Hash, 5351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * issuerSerial IssuerSerial OPTIONAL 5451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * } 5551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 5651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Hash ::= OCTET STRING -- SHA1 hash of entire certificate 5751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 5851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * IssuerSerial ::= SEQUENCE { 5951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * issuer GeneralNames, 6051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * serialNumber CertificateSerialNumber 6151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * } 6251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 6351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * PolicyInformation ::= SEQUENCE { 6451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * policyIdentifier CertPolicyId, 6551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * policyQualifiers SEQUENCE SIZE (1..MAX) OF 6651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * PolicyQualifierInfo OPTIONAL } 6751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 6851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * CertPolicyId ::= OBJECT IDENTIFIER 6951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 7051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * PolicyQualifierInfo ::= SEQUENCE { 7151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * policyQualifierId PolicyQualifierId, 7251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * qualifier ANY DEFINED BY policyQualifierId } 7351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 7451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * -- Implementations that recognize additional policy qualifiers MUST 7551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * -- augment the following definition for PolicyQualifierId 7651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 7751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * PolicyQualifierId ::= OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice ) 7851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 7951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * </pre> 8051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 8151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @since 1.5 8251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @author Vincent Ryan 8351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 8451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskipublic class SigningCertificateInfo { 8551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 8651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski private byte[] ber = null; 8751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 8851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski private ESSCertId[] certId = null; 8951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 9051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public SigningCertificateInfo(byte[] ber) throws IOException { 9151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski parse(ber); 9251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 9351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 9451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public String toString() { 9551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski StringBuffer buffer = new StringBuffer(); 9651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski buffer.append("[\n"); 9751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski for (int i = 0; i < certId.length; i++) { 9851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski buffer.append(certId[i].toString()); 9951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 10051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski // format policies as a string 10151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski buffer.append("\n]"); 10251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 10351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return buffer.toString(); 10451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 10551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 10651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public void parse(byte[] bytes) throws IOException { 10751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 10851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski // Parse signingCertificate 10951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski DerValue derValue = new DerValue(bytes); 11051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (derValue.tag != DerValue.tag_Sequence) { 11151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throw new IOException("Bad encoding for signingCertificate"); 11251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 11351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 11451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski // Parse certs 11551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski DerValue[] certs = derValue.data.getSequence(1); 11651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski certId = new ESSCertId[certs.length]; 11751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski for (int i = 0; i < certs.length; i++) { 11851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski certId[i] = new ESSCertId(certs[i]); 11951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 12051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 12151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski // Parse policies, if present 12251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (derValue.data.available() > 0) { 12351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski DerValue[] policies = derValue.data.getSequence(1); 12451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski for (int i = 0; i < policies.length; i++) { 12551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski // parse PolicyInformation 12651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 12751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 12851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 12951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski} 13051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 13151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiclass ESSCertId { 13251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 13351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski private static volatile HexDumpEncoder hexDumper; 13451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 13551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski private byte[] certHash; 13651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski private GeneralNames issuer; 13751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski private SerialNumber serialNumber; 13851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 13951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski ESSCertId(DerValue certId) throws IOException { 14051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski // Parse certHash 14151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski certHash = certId.data.getDerValue().toByteArray(); 14251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 14351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski // Parse issuerSerial, if present 14451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (certId.data.available() > 0) { 14551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski DerValue issuerSerial = certId.data.getDerValue(); 14651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski // Parse issuer 14751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski issuer = new GeneralNames(issuerSerial.data.getDerValue()); 14851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski // Parse serialNumber 14951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski serialNumber = new SerialNumber(issuerSerial.data.getDerValue()); 15051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 15151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 15251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 15351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public String toString() { 15451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski StringBuffer buffer = new StringBuffer(); 15551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski buffer.append("[\n\tCertificate hash (SHA-1):\n"); 15651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (hexDumper == null) { 15751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski hexDumper = new HexDumpEncoder(); 15851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 15951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski buffer.append(hexDumper.encode(certHash)); 16051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (issuer != null && serialNumber != null) { 16151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski buffer.append("\n\tIssuer: " + issuer + "\n"); 16251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski buffer.append("\t" + serialNumber); 16351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 16451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski buffer.append("\n]"); 16551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return buffer.toString(); 16651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 16751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski} 168