Initial revision
From-SVN: r102074
This commit is contained in:
@@ -0,0 +1,397 @@
|
||||
/* X509CRL.java --- X.509 Certificate Revocation List
|
||||
Copyright (C) 1999, 2004 Free Software Foundation, Inc.
|
||||
|
||||
This file is part of GNU Classpath.
|
||||
|
||||
GNU Classpath is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2, or (at your option)
|
||||
any later version.
|
||||
|
||||
GNU Classpath is distributed in the hope that it will be useful, but
|
||||
WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with GNU Classpath; see the file COPYING. If not, write to the
|
||||
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
||||
02110-1301 USA.
|
||||
|
||||
Linking this library statically or dynamically with other modules is
|
||||
making a combined work based on this library. Thus, the terms and
|
||||
conditions of the GNU General Public License cover the whole
|
||||
combination.
|
||||
|
||||
As a special exception, the copyright holders of this library give you
|
||||
permission to link this library with independent modules to produce an
|
||||
executable, regardless of the license terms of these independent
|
||||
modules, and to copy and distribute the resulting executable under
|
||||
terms of your choice, provided that you also meet, for each linked
|
||||
independent module, the terms and conditions of the license of that
|
||||
module. An independent module is a module which is not derived from
|
||||
or based on this library. If you modify this library, you may extend
|
||||
this exception to your version of the library, but you are not
|
||||
obligated to do so. If you do not wish to do so, delete this
|
||||
exception statement from your version. */
|
||||
|
||||
|
||||
package java.security.cert;
|
||||
|
||||
import java.math.BigInteger;
|
||||
import java.security.InvalidKeyException;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.NoSuchProviderException;
|
||||
import java.security.Principal;
|
||||
import java.security.PublicKey;
|
||||
import java.security.SignatureException;
|
||||
import java.util.Date;
|
||||
import java.util.Set;
|
||||
|
||||
import javax.security.auth.x500.X500Principal;
|
||||
|
||||
/**
|
||||
The X509CRL class is the abstract class used to manage
|
||||
X.509 Certificate Revocation Lists. The CRL is a list of
|
||||
time stamped entries which indicate which lists have been
|
||||
revoked. The list is signed by a Certificate Authority (CA)
|
||||
and made publically available in a repository.
|
||||
|
||||
Each revoked certificate in the CRL is identified by its
|
||||
certificate serial number. When a piece of code uses a
|
||||
certificate, the certificates validity is checked by
|
||||
validating its signature and determing that it is not
|
||||
only a recently acquired CRL. The recently aquired CRL
|
||||
is depends on the local policy in affect. The CA issues
|
||||
a new CRL periodically and entries are removed as the
|
||||
certificate expiration date is reached
|
||||
|
||||
|
||||
A description of the X.509 v2 CRL follows below from rfc2459.
|
||||
|
||||
"The X.509 v2 CRL syntax is as follows. For signature calculation,
|
||||
the data that is to be signed is ASN.1 DER encoded. ASN.1 DER
|
||||
encoding is a tag, length, value encoding system for each element.
|
||||
|
||||
CertificateList ::= SEQUENCE {
|
||||
tbsCertList TBSCertList,
|
||||
signatureAlgorithm AlgorithmIdentifier,
|
||||
signatureValue BIT STRING }
|
||||
|
||||
TBSCertList ::= SEQUENCE {
|
||||
version Version OPTIONAL,
|
||||
-- if present, shall be v2
|
||||
signature AlgorithmIdentifier,
|
||||
issuer Name,
|
||||
thisUpdate Time,
|
||||
nextUpdate Time OPTIONAL,
|
||||
revokedCertificates SEQUENCE OF SEQUENCE {
|
||||
userCertificate CertificateSerialNumber,
|
||||
revocationDate Time,
|
||||
crlEntryExtensions Extensions OPTIONAL
|
||||
-- if present, shall be v2
|
||||
} OPTIONAL,
|
||||
crlExtensions [0] EXPLICIT Extensions OPTIONAL
|
||||
-- if present, shall be v2
|
||||
}"
|
||||
|
||||
@author Mark Benvenuto
|
||||
|
||||
@since JDK 1.2
|
||||
*/
|
||||
public abstract class X509CRL extends CRL implements X509Extension
|
||||
{
|
||||
|
||||
/**
|
||||
Constructs a new X509CRL.
|
||||
*/
|
||||
protected X509CRL()
|
||||
{
|
||||
super("X.509");
|
||||
}
|
||||
|
||||
/**
|
||||
Compares this X509CRL to other. It checks if the
|
||||
object if instanceOf X509CRL and then checks if
|
||||
the encoded form matches.
|
||||
|
||||
@param other An Object to test for equality
|
||||
|
||||
@return true if equal, false otherwise
|
||||
*/
|
||||
public boolean equals(Object other)
|
||||
{
|
||||
if( other instanceof X509CRL ) {
|
||||
try {
|
||||
X509CRL x = (X509CRL) other;
|
||||
if( getEncoded().length != x.getEncoded().length )
|
||||
return false;
|
||||
|
||||
byte[] b1 = getEncoded();
|
||||
byte[] b2 = x.getEncoded();
|
||||
|
||||
for( int i = 0; i < b1.length; i++ )
|
||||
if( b1[i] != b2[i] )
|
||||
return false;
|
||||
|
||||
} catch( CRLException crle ) {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
Returns a hash code for this X509CRL in its encoded
|
||||
form.
|
||||
|
||||
@return A hash code of this class
|
||||
*/
|
||||
public int hashCode()
|
||||
{
|
||||
return super.hashCode();
|
||||
}
|
||||
|
||||
/**
|
||||
Gets the DER ASN.1 encoded format for this X.509 CRL.
|
||||
|
||||
@return byte array containg encoded form
|
||||
|
||||
@throws CRLException if an error occurs
|
||||
*/
|
||||
public abstract byte[] getEncoded() throws CRLException;
|
||||
|
||||
/**
|
||||
Verifies that this CRL was properly signed with the
|
||||
PublicKey that corresponds to its private key.
|
||||
|
||||
@param key PublicKey to verify with
|
||||
|
||||
@throws CRLException encoding error
|
||||
@throws NoSuchAlgorithmException unsupported algorithm
|
||||
@throws InvalidKeyException incorrect key
|
||||
@throws NoSuchProviderException no provider
|
||||
@throws SignatureException signature error
|
||||
*/
|
||||
public abstract void verify(PublicKey key)
|
||||
throws CRLException,
|
||||
NoSuchAlgorithmException,
|
||||
InvalidKeyException,
|
||||
NoSuchProviderException,
|
||||
SignatureException;
|
||||
|
||||
/**
|
||||
Verifies that this CRL was properly signed with the
|
||||
PublicKey that corresponds to its private key and uses
|
||||
the signature engine provided by the provider.
|
||||
|
||||
@param key PublicKey to verify with
|
||||
@param sigProvider Provider to use for signature algorithm
|
||||
|
||||
@throws CRLException encoding error
|
||||
@throws NoSuchAlgorithmException unsupported algorithm
|
||||
@throws InvalidKeyException incorrect key
|
||||
@throws NoSuchProviderException incorrect provider
|
||||
@throws SignatureException signature error
|
||||
*/
|
||||
public abstract void verify(PublicKey key,
|
||||
String sigProvider)
|
||||
throws CRLException,
|
||||
NoSuchAlgorithmException,
|
||||
InvalidKeyException,
|
||||
NoSuchProviderException,
|
||||
SignatureException;
|
||||
|
||||
/**
|
||||
Gets the version of this CRL.
|
||||
|
||||
The ASN.1 encoding is:
|
||||
|
||||
version Version OPTIONAL,
|
||||
-- if present, shall be v2
|
||||
|
||||
Version ::= INTEGER { v1(0), v2(1), v3(2) }
|
||||
|
||||
Consult rfc2459 for more information.
|
||||
|
||||
@return the version number, Ex: 1 or 2
|
||||
*/
|
||||
public abstract int getVersion();
|
||||
|
||||
/**
|
||||
Returns the issuer (issuer distinguished name) of the CRL.
|
||||
The issuer is the entity who signed and issued the
|
||||
Certificate Revocation List.
|
||||
|
||||
The ASN.1 DER encoding is:
|
||||
|
||||
issuer Name,
|
||||
|
||||
Name ::= CHOICE {
|
||||
RDNSequence }
|
||||
|
||||
RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
|
||||
|
||||
RelativeDistinguishedName ::=
|
||||
SET OF AttributeTypeAndValue
|
||||
|
||||
AttributeTypeAndValue ::= SEQUENCE {
|
||||
type AttributeType,
|
||||
value AttributeValue }
|
||||
|
||||
AttributeType ::= OBJECT IDENTIFIER
|
||||
|
||||
AttributeValue ::= ANY DEFINED BY AttributeType
|
||||
|
||||
DirectoryString ::= CHOICE {
|
||||
teletexString TeletexString (SIZE (1..MAX)),
|
||||
printableString PrintableString (SIZE (1..MAX)),
|
||||
universalString UniversalString (SIZE (1..MAX)),
|
||||
utf8String UTF8String (SIZE (1.. MAX)),
|
||||
bmpString BMPString (SIZE (1..MAX)) }
|
||||
|
||||
Consult rfc2459 for more information.
|
||||
|
||||
@return the issuer in the Principal class
|
||||
*/
|
||||
public abstract Principal getIssuerDN();
|
||||
|
||||
/**
|
||||
Returns the thisUpdate date of the CRL.
|
||||
|
||||
The ASN.1 DER encoding is:
|
||||
|
||||
thisUpdate Time,
|
||||
|
||||
Time ::= CHOICE {
|
||||
utcTime UTCTime,
|
||||
generalTime GeneralizedTime }
|
||||
|
||||
Consult rfc2459 for more information.
|
||||
|
||||
@return the thisUpdate date
|
||||
*/
|
||||
public abstract Date getThisUpdate();
|
||||
|
||||
/*
|
||||
Gets the nextUpdate field
|
||||
|
||||
The ASN.1 DER encoding is:
|
||||
|
||||
nextUpdate Time OPTIONAL,
|
||||
|
||||
Time ::= CHOICE {
|
||||
utcTime UTCTime,
|
||||
generalTime GeneralizedTime }
|
||||
|
||||
Consult rfc2459 for more information.
|
||||
|
||||
@return the nextUpdate date
|
||||
*/
|
||||
public abstract Date getNextUpdate();
|
||||
|
||||
/**
|
||||
Gets the requeste dX509Entry for the specified
|
||||
certificate serial number.
|
||||
|
||||
@return a X509CRLEntry representing the X.509 CRL entry
|
||||
*/
|
||||
public abstract X509CRLEntry getRevokedCertificate(BigInteger serialNumber);
|
||||
|
||||
/**
|
||||
Returns a Set of revoked certificates.
|
||||
|
||||
@return a set of revoked certificates.
|
||||
*/
|
||||
public abstract Set getRevokedCertificates();
|
||||
|
||||
/**
|
||||
Returns the DER ASN.1 encoded tbsCertList which is
|
||||
the basic information of the list and associated certificates
|
||||
in the encoded state. See top for more information.
|
||||
|
||||
The ASN.1 DER encoding is:
|
||||
|
||||
tbsCertList TBSCertList,
|
||||
|
||||
Consult rfc2459 for more information.
|
||||
|
||||
@return byte array representing tbsCertList
|
||||
*/
|
||||
public abstract byte[] getTBSCertList() throws CRLException;
|
||||
|
||||
|
||||
/**
|
||||
Returns the signature for the CRL.
|
||||
|
||||
The ASN.1 DER encoding is:
|
||||
|
||||
signatureValue BIT STRING
|
||||
|
||||
Consult rfc2459 for more information.
|
||||
*/
|
||||
public abstract byte[] getSignature();
|
||||
|
||||
/**
|
||||
Returns the signature algorithm used to sign the CRL.
|
||||
An examples is "SHA-1/DSA".
|
||||
|
||||
The ASN.1 DER encoding is:
|
||||
|
||||
signatureAlgorithm AlgorithmIdentifier,
|
||||
|
||||
AlgorithmIdentifier ::= SEQUENCE {
|
||||
algorithm OBJECT IDENTIFIER,
|
||||
parameters ANY DEFINED BY algorithm OPTIONAL }
|
||||
|
||||
Consult rfc2459 for more information.
|
||||
|
||||
The algorithm name is determined from the OID.
|
||||
|
||||
@return a string with the signature algorithm name
|
||||
*/
|
||||
public abstract String getSigAlgName();
|
||||
|
||||
/**
|
||||
Returns the OID for the signature algorithm used.
|
||||
Example "1.2.840.10040.4.3" is return for SHA-1 with DSA.\
|
||||
|
||||
The ASN.1 DER encoding for the example is:
|
||||
|
||||
id-dsa-with-sha1 ID ::= {
|
||||
iso(1) member-body(2) us(840) x9-57 (10040)
|
||||
x9cm(4) 3 }
|
||||
|
||||
Consult rfc2459 for more information.
|
||||
|
||||
@return a string containing the OID.
|
||||
*/
|
||||
public abstract String getSigAlgOID();
|
||||
|
||||
/**
|
||||
Returns the AlgorithmParameters in the encoded form
|
||||
for the signature algorithm used.
|
||||
|
||||
If access to the parameters is need, create an
|
||||
instance of AlgorithmParameters.
|
||||
|
||||
@return byte array containing algorithm parameters, null
|
||||
if no parameters are present in CRL
|
||||
*/
|
||||
public abstract byte[] getSigAlgParams();
|
||||
|
||||
// 1.4 instance methods.
|
||||
// ------------------------------------------------------------------------
|
||||
|
||||
/**
|
||||
* Returns the X.500 distinguished name of this CRL's issuer.
|
||||
*
|
||||
* @return The issuer's X.500 distinguished name.
|
||||
* @since JDK 1.4
|
||||
*/
|
||||
public X500Principal getIssuerX500Principal()
|
||||
{
|
||||
throw new UnsupportedOperationException();
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user