OpenCores
URL https://opencores.org/ocsvn/openrisc/openrisc/trunk

Subversion Repositories openrisc

[/] [openrisc/] [trunk/] [gnu-dev/] [or1k-gcc/] [libjava/] [classpath/] [gnu/] [java/] [security/] [x509/] [X509CRL.java] - Blame information for rev 769

Details | Compare with Previous | View Log

Line No. Rev Author Line
1 769 jeremybenn 
/* X509CRL.java -- X.509 certificate revocation list.
2 
   Copyright (C) 2003, 2004  Free Software Foundation, Inc.
3 
 
4 
This file is part of GNU Classpath.
5 
 
6 
GNU Classpath is free software; you can redistribute it and/or modify
7 
it under the terms of the GNU General Public License as published by
8 
the Free Software Foundation; either version 2, or (at your option)
9 
any later version.
10 
 
11 
GNU Classpath is distributed in the hope that it will be useful, but
12 
WITHOUT ANY WARRANTY; without even the implied warranty of
13 
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14 
General Public License for more details.
15 
 
16 
You should have received a copy of the GNU General Public License
17 
along with GNU Classpath; see the file COPYING.  If not, write to the
18 
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
19 
02110-1301 USA.
20 
 
21 
Linking this library statically or dynamically with other modules is
22 
making a combined work based on this library.  Thus, the terms and
23 
conditions of the GNU General Public License cover the whole
24 
combination.
25 
 
26 
As a special exception, the copyright holders of this library give you
27 
permission to link this library with independent modules to produce an
28 
executable, regardless of the license terms of these independent
29 
modules, and to copy and distribute the resulting executable under
30 
terms of your choice, provided that you also meet, for each linked
31 
independent module, the terms and conditions of the license of that
32 
module.  An independent module is a module which is not derived from
33 
or based on this library.  If you modify this library, you may extend
34 
this exception to your version of the library, but you are not
35 
obligated to do so.  If you do not wish to do so, delete this
36 
exception statement from your version. */
37 
 
38 
 
39 
package gnu.java.security.x509;
40 
 
41 
import gnu.java.security.Configuration;
42 
import gnu.java.security.OID;
43 
import gnu.java.security.der.BitString;
44 
import gnu.java.security.der.DER;
45 
import gnu.java.security.der.DERReader;
46 
import gnu.java.security.der.DERValue;
47 
import gnu.java.security.x509.ext.Extension;
48 
 
49 
import java.io.IOException;
50 
import java.io.InputStream;
51 
import java.math.BigInteger;
52 
import java.security.InvalidKeyException;
53 
import java.security.NoSuchAlgorithmException;
54 
import java.security.NoSuchProviderException;
55 
import java.security.Principal;
56 
import java.security.PublicKey;
57 
import java.security.Signature;
58 
import java.security.SignatureException;
59 
import java.security.cert.CRLException;
60 
import java.security.cert.Certificate;
61 
import java.util.Collection;
62 
import java.util.Collections;
63 
import java.util.Date;
64 
import java.util.HashMap;
65 
import java.util.HashSet;
66 
import java.util.Iterator;
67 
import java.util.Set;
68 
import java.util.logging.Logger;
69 
 
70 
import javax.security.auth.x500.X500Principal;
71 
 
72 
/**
73 
 * X.509 certificate revocation lists.
74 
 *
75 
 * @author Casey Marshall (rsdio@metastatic.org)
76 
 */
77 
public class X509CRL extends java.security.cert.X509CRL
78 
  implements GnuPKIExtension
79 
{
80 
  private static final Logger log = Logger.getLogger(X509CRL.class.getName());
81 
  private static final OID ID_DSA = new OID("1.2.840.10040.4.1");
82 
  private static final OID ID_DSA_WITH_SHA1 = new OID("1.2.840.10040.4.3");
83 
  private static final OID ID_RSA = new OID("1.2.840.113549.1.1.1");
84 
  private static final OID ID_RSA_WITH_MD2 = new OID("1.2.840.113549.1.1.2");
85 
  private static final OID ID_RSA_WITH_MD5 = new OID("1.2.840.113549.1.1.4");
86 
  private static final OID ID_RSA_WITH_SHA1 = new OID("1.2.840.113549.1.1.5");
87 
 
88 
  private byte[] encoded;
89 
 
90 
  private byte[] tbsCRLBytes;
91 
  private int version;
92 
  private OID algId;
93 
  private byte[] algParams;
94 
  private Date thisUpdate;
95 
  private Date nextUpdate;
96 
  private X500DistinguishedName issuerDN;
97 
  private HashMap revokedCerts;
98 
  private HashMap extensions;
99 
 
100 
  private OID sigAlg;
101 
  private byte[] sigAlgParams;
102 
  private byte[] rawSig;
103 
  private byte[] signature;
104 
 
105 
  // Constructors.
106 
  // ------------------------------------------------------------------------
107 
 
108 
  /**
109 
   * Create a new X.509 CRL.
110 
   *
111 
   * @param encoded The DER encoded CRL.
112 
   * @throws CRLException If the input bytes are incorrect.
113 
   * @throws IOException  If the input bytes cannot be read.
114 
   */
115 
  public X509CRL(InputStream encoded) throws CRLException, IOException
116 
  {
117 
    super();
118 
    revokedCerts = new HashMap();
119 
    extensions = new HashMap();
120 
    try
121 
      {
122 
        parse(encoded);
123 
      }
124 
    catch (IOException ioe)
125 
      {
126 
        ioe.printStackTrace();
127 
        throw ioe;
128 
      }
129 
    catch (Exception x)
130 
      {
131 
        x.printStackTrace();
132 
        throw new CRLException(x.toString());
133 
      }
134 
  }
135 
 
136 
  // X509CRL methods.
137 
  // ------------------------------------------------------------------------
138 
 
139 
  public boolean equals(Object o)
140 
  {
141 
    if (!(o instanceof X509CRL))
142 
      return false;
143 
    return ((X509CRL) o).getRevokedCertificates().equals(revokedCerts.values());
144 
  }
145 
 
146 
  public int hashCode()
147 
  {
148 
    return revokedCerts.hashCode();
149 
  }
150 
 
151 
  public byte[] getEncoded() throws CRLException
152 
  {
153 
    return (byte[]) encoded.clone();
154 
  }
155 
 
156 
  public void verify(PublicKey key)
157 
    throws CRLException, NoSuchAlgorithmException, InvalidKeyException,
158 
           NoSuchProviderException, SignatureException
159 
  {
160 
    Signature sig = Signature.getInstance(sigAlg.toString());
161 
    doVerify(sig, key);
162 
  }
163 
 
164 
  public void verify(PublicKey key, String provider)
165 
    throws CRLException, NoSuchAlgorithmException, InvalidKeyException,
166 
           NoSuchProviderException, SignatureException
167 
  {
168 
    Signature sig = Signature.getInstance(sigAlg.toString(), provider);
169 
    doVerify(sig, key);
170 
  }
171 
 
172 
  public int getVersion()
173 
  {
174 
    return version;
175 
  }
176 
 
177 
  public Principal getIssuerDN()
178 
  {
179 
    return issuerDN;
180 
  }
181 
 
182 
  public X500Principal getIssuerX500Principal()
183 
  {
184 
    return new X500Principal(issuerDN.getDer());
185 
  }
186 
 
187 
  public Date getThisUpdate()
188 
  {
189 
    return (Date) thisUpdate.clone();
190 
  }
191 
 
192 
  public Date getNextUpdate()
193 
  {
194 
    if (nextUpdate != null)
195 
      return (Date) nextUpdate.clone();
196 
    return null;
197 
  }
198 
 
199 
  public java.security.cert.X509CRLEntry getRevokedCertificate(BigInteger serialNo)
200 
  {
201 
    return (java.security.cert.X509CRLEntry) revokedCerts.get(serialNo);
202 
  }
203 
 
204 
  public Set getRevokedCertificates()
205 
  {
206 
    return Collections.unmodifiableSet(new HashSet(revokedCerts.values()));
207 
  }
208 
 
209 
  public byte[] getTBSCertList() throws CRLException
210 
  {
211 
    return (byte[]) tbsCRLBytes.clone();
212 
  }
213 
 
214 
  public byte[] getSignature()
215 
  {
216 
    return (byte[]) rawSig.clone();
217 
  }
218 
 
219 
  public String getSigAlgName()
220 
  {
221 
    if (sigAlg.equals(ID_DSA_WITH_SHA1))
222 
      return "SHA1withDSA";
223 
    if (sigAlg.equals(ID_RSA_WITH_MD2))
224 
      return "MD2withRSA";
225 
    if (sigAlg.equals(ID_RSA_WITH_MD5))
226 
      return "MD5withRSA";
227 
    if (sigAlg.equals(ID_RSA_WITH_SHA1))
228 
      return "SHA1withRSA";
229 
    return "unknown";
230 
  }
231 
 
232 
  public String getSigAlgOID()
233 
  {
234 
    return sigAlg.toString();
235 
  }
236 
 
237 
  public byte[] getSigAlgParams()
238 
  {
239 
    if (sigAlgParams != null)
240 
      return (byte[]) sigAlgParams.clone();
241 
    return null;
242 
  }
243 
 
244 
  // X509Extension methods.
245 
  // ------------------------------------------------------------------------
246 
 
247 
  public boolean hasUnsupportedCriticalExtension()
248 
  {
249 
    for (Iterator it = extensions.values().iterator(); it.hasNext(); )
250 
      {
251 
        Extension e = (Extension) it.next();
252 
        if (e.isCritical() && !e.isSupported())
253 
          return true;
254 
      }
255 
    return false;
256 
  }
257 
 
258 
  public Set getCriticalExtensionOIDs()
259 
  {
260 
    HashSet s = new HashSet();
261 
    for (Iterator it = extensions.values().iterator(); it.hasNext(); )
262 
      {
263 
        Extension e = (Extension) it.next();
264 
        if (e.isCritical())
265 
          s.add(e.getOid().toString());
266 
      }
267 
    return Collections.unmodifiableSet(s);
268 
  }
269 
 
270 
  public Set getNonCriticalExtensionOIDs()
271 
  {
272 
    HashSet s = new HashSet();
273 
    for (Iterator it = extensions.values().iterator(); it.hasNext(); )
274 
      {
275 
        Extension e = (Extension) it.next();
276 
        if (!e.isCritical())
277 
          s.add(e.getOid().toString());
278 
      }
279 
    return Collections.unmodifiableSet(s);
280 
  }
281 
 
282 
  public byte[] getExtensionValue(String oid)
283 
  {
284 
    Extension e = getExtension(new OID(oid));
285 
    if (e != null)
286 
      {
287 
        return e.getValue().getEncoded();
288 
      }
289 
    return null;
290 
  }
291 
 
292 
  // GnuPKIExtension method.
293 
  // -------------------------------------------------------------------------
294 
 
295 
  public Extension getExtension(OID oid)
296 
  {
297 
    return (Extension) extensions.get(oid);
298 
  }
299 
 
300 
  public Collection getExtensions()
301 
  {
302 
    return extensions.values();
303 
  }
304 
 
305 
  // CRL methods.
306 
  // -------------------------------------------------------------------------
307 
 
308 
  public String toString()
309 
  {
310 
    return X509CRL.class.getName();
311 
  }
312 
 
313 
  public boolean isRevoked(Certificate cert)
314 
  {
315 
    if (!(cert instanceof java.security.cert.X509Certificate))
316 
      throw new IllegalArgumentException("not a X.509 certificate");
317 
    BigInteger certSerial =
318 
      ((java.security.cert.X509Certificate) cert).getSerialNumber();
319 
    X509CRLEntry ent = (X509CRLEntry) revokedCerts.get(certSerial);
320 
    if (ent == null)
321 
      return false;
322 
    return ent.getRevocationDate().compareTo(new Date()) < 0;
323 
  }
324 
 
325 
  // Own methods.
326 
  // ------------------------------------------------------------------------
327 
 
328 
  private void doVerify(Signature sig, PublicKey key)
329 
    throws CRLException, InvalidKeyException, SignatureException
330 
  {
331 
    sig.initVerify(key);
332 
    sig.update(tbsCRLBytes);
333 
    if (!sig.verify(signature))
334 
      throw new CRLException("signature not verified");
335 
  }
336 
 
337 
  private void parse(InputStream in) throws Exception
338 
  {
339 
    // CertificateList ::= SEQUENCE {
340 
    DERReader der = new DERReader(in);
341 
    DERValue val = der.read();
342 
    if (Configuration.DEBUG)
343 
      log.fine("start CertificateList len == " + val.getLength());
344 
    if (!val.isConstructed())
345 
      throw new IOException("malformed CertificateList");
346 
    encoded = val.getEncoded();
347 
 
348 
    //   tbsCertList ::= SEQUENCE {  -- TBSCertList
349 
    val = der.read();
350 
    if (!val.isConstructed())
351 
      throw new IOException("malformed TBSCertList");
352 
    if (Configuration.DEBUG)
353 
      log.fine("start tbsCertList  len == " + val.getLength());
354 
    tbsCRLBytes = val.getEncoded();
355 
 
356 
    //     version    Version OPTIONAL,
357 
    //                  -- If present must be v2
358 
    val = der.read();
359 
    if (val.getValue() instanceof BigInteger)
360 
      {
361 
        version = ((BigInteger) val.getValue()).intValue() + 1;
362 
        val = der.read();
363 
      }
364 
    else
365 
      version = 1;
366 
    if (Configuration.DEBUG)
367 
      log.fine("read version == " + version);
368 
 
369 
    //     signature   AlgorithmIdentifier,
370 
    if (Configuration.DEBUG)
371 
      log.fine("start AlgorithmIdentifier len == " + val.getLength());
372 
    if (!val.isConstructed())
373 
      throw new IOException("malformed AlgorithmIdentifier");
374 
    DERValue algIdVal = der.read();
375 
    algId = (OID) algIdVal.getValue();
376 
    if (Configuration.DEBUG)
377 
      log.fine("read object identifier == " + algId);
378 
    if (val.getLength() > algIdVal.getEncodedLength())
379 
      {
380 
        val = der.read();
381 
        if (Configuration.DEBUG)
382 
          log.fine("read parameters  len == " + val.getEncodedLength());
383 
        algParams = val.getEncoded();
384 
        if (val.isConstructed())
385 
          in.skip(val.getLength());
386 
      }
387 
 
388 
    //     issuer   Name,
389 
    val = der.read();
390 
    issuerDN = new X500DistinguishedName(val.getEncoded());
391 
    der.skip(val.getLength());
392 
    if (Configuration.DEBUG)
393 
      log.fine("read issuer == " + issuerDN);
394 
 
395 
    //     thisUpdate   Time,
396 
    thisUpdate = (Date) der.read().getValue();
397 
    if (Configuration.DEBUG)
398 
      log.fine("read thisUpdate == " + thisUpdate);
399 
 
400 
    //     nextUpdate   Time OPTIONAL,
401 
    val = der.read();
402 
    if (val.getValue() instanceof Date)
403 
      {
404 
        nextUpdate = (Date) val.getValue();
405 
        if (Configuration.DEBUG)
406 
          log.fine("read nextUpdate == " + nextUpdate);
407 
        val = der.read();
408 
      }
409 
 
410 
    //     revokedCertificates SEQUENCE OF SEQUENCE {
411 
    //       -- X509CRLEntry objects...
412 
    //     } OPTIONAL,
413 
    if (val.getTag() != 0)
414 
      {
415 
        int len = 0;
416 
        while (len < val.getLength())
417 
          {
418 
            X509CRLEntry entry = new X509CRLEntry(version, der);
419 
            revokedCerts.put(entry.getSerialNumber(), entry);
420 
            len += entry.getEncoded().length;
421 
          }
422 
        val = der.read();
423 
      }
424 
 
425 
    //    crlExtensions   [0] EXPLICIT Extensions OPTIONAL
426 
    //                        -- if present MUST be v2
427 
    if (val.getTagClass() != DER.UNIVERSAL && val.getTag() == 0)
428 
      {
429 
        if (version < 2)
430 
          throw new IOException("extra data in CRL");
431 
        DERValue exts = der.read();
432 
        if (!exts.isConstructed())
433 
          throw new IOException("malformed Extensions");
434 
        if (Configuration.DEBUG)
435 
          log.fine("start Extensions  len == " + exts.getLength());
436 
        int len = 0;
437 
        while (len < exts.getLength())
438 
          {
439 
            DERValue ext = der.read();
440 
            if (!ext.isConstructed())
441 
              throw new IOException("malformed Extension");
442 
            Extension e = new Extension(ext.getEncoded());
443 
            extensions.put(e.getOid(), e);
444 
            der.skip(ext.getLength());
445 
            len += ext.getEncodedLength();
446 
            if (Configuration.DEBUG)
447 
              log.fine("current count == " + len);
448 
          }
449 
        val = der.read();
450 
      }
451 
 
452 
    if (Configuration.DEBUG)
453 
      log.fine("read tag == " + val.getTag());
454 
    if (!val.isConstructed())
455 
      throw new IOException("malformed AlgorithmIdentifier");
456 
    if (Configuration.DEBUG)
457 
      log.fine("start AlgorithmIdentifier  len == " + val.getLength());
458 
    DERValue sigAlgVal = der.read();
459 
    if (Configuration.DEBUG)
460 
      log.fine("read tag == " + sigAlgVal.getTag());
461 
    if (sigAlgVal.getTag() != DER.OBJECT_IDENTIFIER)
462 
      throw new IOException("malformed AlgorithmIdentifier");
463 
    sigAlg = (OID) sigAlgVal.getValue();
464 
    if (Configuration.DEBUG)
465 
      {
466 
        log.fine("signature id == " + sigAlg);
467 
        log.fine("sigAlgVal length == " + sigAlgVal.getEncodedLength());
468 
      }
469 
    if (val.getLength() > sigAlgVal.getEncodedLength())
470 
      {
471 
        val = der.read();
472 
        if (Configuration.DEBUG)
473 
          log.fine("sig params tag = " + val.getTag() + " len == "
474 
                   + val.getEncodedLength());
475 
        sigAlgParams = (byte[]) val.getEncoded();
476 
        if (val.isConstructed())
477 
          in.skip(val.getLength());
478 
      }
479 
    val = der.read();
480 
    if (Configuration.DEBUG)
481 
      log.fine("read tag = " + val.getTag());
482 
    rawSig = val.getEncoded();
483 
    signature = ((BitString) val.getValue()).toByteArray();
484 
  }
485 
}

powered by: WebSVN 2.1.0

© copyright 1999-2025 OpenCores.org, equivalent to Oliscience, all rights reserved. OpenCores®, registered trademark.