OpenCores
URL https://opencores.org/ocsvn/openrisc/openrisc/trunk

Subversion Repositories openrisc

[/] [openrisc/] [trunk/] [gnu-dev/] [or1k-gcc/] [libjava/] [classpath/] [java/] [security/] [cert/] [X509CRL.java] - Blame information for rev 771

Details | Compare with Previous | View Log

Line No. Rev Author Line
1 771 jeremybenn 
/* X509CRL.java --- X.509 Certificate Revocation List
2 
   Copyright (C) 1999, 2004  Free Software Foundation, Inc.
3 
 
4 
This file is part of GNU Classpath.
5 
 
6 
GNU Classpath is free software; you can redistribute it and/or modify
7 
it under the terms of the GNU General Public License as published by
8 
the Free Software Foundation; either version 2, or (at your option)
9 
any later version.
10 
 
11 
GNU Classpath is distributed in the hope that it will be useful, but
12 
WITHOUT ANY WARRANTY; without even the implied warranty of
13 
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14 
General Public License for more details.
15 
 
16 
You should have received a copy of the GNU General Public License
17 
along with GNU Classpath; see the file COPYING.  If not, write to the
18 
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
19 
02110-1301 USA.
20 
 
21 
Linking this library statically or dynamically with other modules is
22 
making a combined work based on this library.  Thus, the terms and
23 
conditions of the GNU General Public License cover the whole
24 
combination.
25 
 
26 
As a special exception, the copyright holders of this library give you
27 
permission to link this library with independent modules to produce an
28 
executable, regardless of the license terms of these independent
29 
modules, and to copy and distribute the resulting executable under
30 
terms of your choice, provided that you also meet, for each linked
31 
independent module, the terms and conditions of the license of that
32 
module.  An independent module is a module which is not derived from
33 
or based on this library.  If you modify this library, you may extend
34 
this exception to your version of the library, but you are not
35 
obligated to do so.  If you do not wish to do so, delete this
36 
exception statement from your version. */
37 
 
38 
 
39 
package java.security.cert;
40 
 
41 
import java.math.BigInteger;
42 
import java.security.InvalidKeyException;
43 
import java.security.NoSuchAlgorithmException;
44 
import java.security.NoSuchProviderException;
45 
import java.security.Principal;
46 
import java.security.PublicKey;
47 
import java.security.SignatureException;
48 
import java.util.Date;
49 
import java.util.Set;
50 
 
51 
import javax.security.auth.x500.X500Principal;
52 
 
53 
/**
54 
   The X509CRL class is the abstract class used to manage
55 
   X.509 Certificate Revocation Lists. The CRL is a list of
56 
   time stamped entries which indicate which lists have been
57 
   revoked. The list is signed by a Certificate Authority (CA)
58 
   and made publically available in a repository.
59 
 
60 
   Each revoked certificate in the CRL is identified by its
61 
   certificate serial number. When a piece of code uses a
62 
   certificate, the certificates validity is checked by
63 
   validating its signature and determing that it is not
64 
   only a recently acquired CRL. The recently aquired CRL
65 
   is depends on the local policy in affect. The CA issues
66 
   a new CRL periodically and entries are removed as the
67 
   certificate expiration date is reached
68 
 
69 
 
70 
   A description of the X.509 v2 CRL follows below from rfc2459.
71 
 
72 
   "The X.509 v2 CRL syntax is as follows.  For signature calculation,
73 
   the data that is to be signed is ASN.1 DER encoded.  ASN.1 DER
74 
   encoding is a tag, length, value encoding system for each element.
75 
 
76 
           CertificateList  ::=  SEQUENCE  {
77 
                tbsCertList          TBSCertList,
78 
                signatureAlgorithm   AlgorithmIdentifier,
79 
                signatureValue       BIT STRING  }
80 
 
81 
           TBSCertList  ::=  SEQUENCE  {
82 
                version                 Version OPTIONAL,
83 
                                     -- if present, shall be v2
84 
                signature               AlgorithmIdentifier,
85 
                issuer                  Name,
86 
                thisUpdate              Time,
87 
                nextUpdate              Time OPTIONAL,
88 
                revokedCertificates     SEQUENCE OF SEQUENCE  {
89 
                     userCertificate         CertificateSerialNumber,
90 
                     revocationDate          Time,
91 
                     crlEntryExtensions      Extensions OPTIONAL
92 
                                                   -- if present, shall be v2
93 
                                          }  OPTIONAL,
94 
                crlExtensions           [0]  EXPLICIT Extensions OPTIONAL
95 
                                                   -- if present, shall be v2
96 
                                          }"
97 
 
98 
        @author Mark Benvenuto
99 
 
100 
        @since 1.2
101 
*/
102 
public abstract class X509CRL extends CRL implements X509Extension
103 
{
104 
 
105 
  /**
106 
     Constructs a new X509CRL.
107 
  */
108 
  protected X509CRL()
109 
  {
110 
    super("X.509");
111 
  }
112 
 
113 
  /**
114 
     Compares this X509CRL to other. It checks if the
115 
     object if instanceOf X509CRL and then checks if
116 
     the encoded form matches.
117 
 
118 
     @param other An Object to test for equality
119 
 
120 
     @return true if equal, false otherwise
121 
  */
122 
  public boolean equals(Object other)
123 
  {
124 
    if( other instanceof X509CRL ) {
125 
      try {
126 
        X509CRL x = (X509CRL) other;
127 
        if( getEncoded().length != x.getEncoded().length )
128 
          return false;
129 
 
130 
        byte[] b1 = getEncoded();
131 
        byte[] b2 = x.getEncoded();
132 
 
133 
        for( int i = 0; i < b1.length; i++ )
134 
          if( b1[i] != b2[i] )
135 
            return false;
136 
 
137 
      } catch( CRLException crle ) {
138 
        return false;
139 
      }
140 
      return true;
141 
    }
142 
    return false;
143 
  }
144 
 
145 
  /**
146 
     Returns a hash code for this X509CRL in its encoded
147 
     form.
148 
 
149 
     @return A hash code of this class
150 
  */
151 
  public int hashCode()
152 
  {
153 
    return super.hashCode();
154 
  }
155 
 
156 
  /**
157 
     Gets the DER ASN.1 encoded format for this X.509 CRL.
158 
 
159 
     @return byte array containg encoded form
160 
 
161 
     @throws CRLException if an error occurs
162 
  */
163 
  public abstract byte[] getEncoded() throws CRLException;
164 
 
165 
  /**
166 
     Verifies that this CRL was properly signed with the
167 
     PublicKey that corresponds to its private key.
168 
 
169 
     @param key PublicKey to verify with
170 
 
171 
     @throws CRLException encoding error
172 
     @throws NoSuchAlgorithmException unsupported algorithm
173 
     @throws InvalidKeyException incorrect key
174 
     @throws NoSuchProviderException no provider
175 
     @throws SignatureException signature error
176 
  */
177 
  public abstract void verify(PublicKey key)
178 
    throws CRLException,
179 
    NoSuchAlgorithmException,
180 
    InvalidKeyException,
181 
    NoSuchProviderException,
182 
    SignatureException;
183 
 
184 
  /**
185 
     Verifies that this CRL was properly signed with the
186 
     PublicKey that corresponds to its private key and uses
187 
     the signature engine provided by the provider.
188 
 
189 
     @param key PublicKey to verify with
190 
     @param sigProvider Provider to use for signature algorithm
191 
 
192 
     @throws CRLException encoding error
193 
     @throws NoSuchAlgorithmException unsupported algorithm
194 
     @throws InvalidKeyException incorrect key
195 
     @throws NoSuchProviderException incorrect provider
196 
     @throws SignatureException signature error
197 
  */
198 
  public abstract void verify(PublicKey key,
199 
                              String sigProvider)
200 
    throws CRLException,
201 
    NoSuchAlgorithmException,
202 
    InvalidKeyException,
203 
    NoSuchProviderException,
204 
    SignatureException;
205 
 
206 
  /**
207 
     Gets the version of this CRL.
208 
 
209 
     The ASN.1 encoding is:
210 
 
211 
     version                 Version OPTIONAL,
212 
     -- if present, shall be v2
213 
 
214 
     Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
215 
 
216 
     Consult rfc2459 for more information.
217 
 
218 
     @return the version number, Ex: 1 or 2
219 
  */
220 
  public abstract int getVersion();
221 
 
222 
  /**
223 
     Returns the issuer (issuer distinguished name) of the CRL.
224 
     The issuer is the entity who signed and issued the
225 
     Certificate Revocation List.
226 
 
227 
     The ASN.1 DER encoding is:
228 
 
229 
     issuer                  Name,
230 
 
231 
     Name ::= CHOICE {
232 
     RDNSequence }
233 
 
234 
     RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
235 
 
236 
     RelativeDistinguishedName ::=
237 
     SET OF AttributeTypeAndValue
238 
 
239 
     AttributeTypeAndValue ::= SEQUENCE {
240 
     type     AttributeType,
241 
     value    AttributeValue }
242 
 
243 
     AttributeType ::= OBJECT IDENTIFIER
244 
 
245 
     AttributeValue ::= ANY DEFINED BY AttributeType
246 
 
247 
     DirectoryString ::= CHOICE {
248 
     teletexString           TeletexString (SIZE (1..MAX)),
249 
     printableString         PrintableString (SIZE (1..MAX)),
250 
     universalString         UniversalString (SIZE (1..MAX)),
251 
     utf8String              UTF8String (SIZE (1.. MAX)),
252 
     bmpString               BMPString (SIZE (1..MAX)) }
253 
 
254 
     Consult rfc2459 for more information.
255 
 
256 
     @return the issuer in the Principal class
257 
  */
258 
  public abstract Principal getIssuerDN();
259 
 
260 
  /**
261 
     Returns the thisUpdate date of the CRL.
262 
 
263 
     The ASN.1 DER encoding is:
264 
 
265 
     thisUpdate              Time,
266 
 
267 
     Time ::= CHOICE {
268 
     utcTime        UTCTime,
269 
     generalTime    GeneralizedTime }
270 
 
271 
     Consult rfc2459 for more information.
272 
 
273 
     @return the thisUpdate date
274 
  */
275 
  public abstract Date getThisUpdate();
276 
 
277 
  /*
278 
    Gets the nextUpdate field
279 
 
280 
    The ASN.1 DER encoding is:
281 
 
282 
    nextUpdate              Time OPTIONAL,
283 
 
284 
    Time ::= CHOICE {
285 
    utcTime        UTCTime,
286 
    generalTime    GeneralizedTime }
287 
 
288 
    Consult rfc2459 for more information.
289 
 
290 
    @return the nextUpdate date
291 
  */
292 
  public abstract Date getNextUpdate();
293 
 
294 
  /**
295 
     Gets the requeste dX509Entry for the specified
296 
     certificate serial number.
297 
 
298 
     @return a X509CRLEntry representing the X.509 CRL entry
299 
  */
300 
  public abstract X509CRLEntry getRevokedCertificate(BigInteger serialNumber);
301 
 
302 
  /**
303 
     Returns a Set of revoked certificates.
304 
 
305 
     @return a set of revoked certificates.
306 
  */
307 
  public abstract Set<? extends X509CRLEntry> getRevokedCertificates();
308 
 
309 
  /**
310 
     Returns the DER ASN.1 encoded tbsCertList which is
311 
     the basic information of the list and associated certificates
312 
     in the encoded state. See top for more information.
313 
 
314 
     The ASN.1 DER encoding is:
315 
 
316 
     tbsCertList          TBSCertList,
317 
 
318 
     Consult rfc2459 for more information.
319 
 
320 
     @return byte array representing tbsCertList
321 
  */
322 
  public abstract byte[] getTBSCertList() throws CRLException;
323 
 
324 
 
325 
  /**
326 
     Returns the signature for the CRL.
327 
 
328 
     The ASN.1 DER encoding is:
329 
 
330 
     signatureValue       BIT STRING
331 
 
332 
     Consult rfc2459 for more information.
333 
  */
334 
  public abstract byte[] getSignature();
335 
 
336 
  /**
337 
     Returns the signature algorithm used to sign the CRL.
338 
     An examples is "SHA-1/DSA".
339 
 
340 
     The ASN.1 DER encoding is:
341 
 
342 
     signatureAlgorithm   AlgorithmIdentifier,
343 
 
344 
     AlgorithmIdentifier  ::=  SEQUENCE  {
345 
     algorithm               OBJECT IDENTIFIER,
346 
     parameters              ANY DEFINED BY algorithm OPTIONAL  }
347 
 
348 
     Consult rfc2459 for more information.
349 
 
350 
     The algorithm name is determined from the OID.
351 
 
352 
     @return a string with the signature algorithm name
353 
  */
354 
  public abstract String getSigAlgName();
355 
 
356 
  /**
357 
     Returns the OID for the signature algorithm used.
358 
     Example "1.2.840.10040.4.3" is return for SHA-1 with DSA.\
359 
 
360 
     The ASN.1 DER encoding for the example is:
361 
 
362 
     id-dsa-with-sha1 ID  ::=  {
363 
     iso(1) member-body(2) us(840) x9-57 (10040)
364 
     x9cm(4) 3 }
365 
 
366 
     Consult rfc2459 for more information.
367 
 
368 
     @return a string containing the OID.
369 
  */
370 
  public abstract String getSigAlgOID();
371 
 
372 
  /**
373 
     Returns the AlgorithmParameters in the encoded form
374 
     for the signature algorithm used.
375 
 
376 
     If access to the parameters is need, create an
377 
     instance of AlgorithmParameters.
378 
 
379 
     @return byte array containing algorithm parameters, null
380 
     if no parameters are present in CRL
381 
  */
382 
  public abstract byte[] getSigAlgParams();
383 
 
384 
  // 1.4 instance methods.
385 
  // ------------------------------------------------------------------------
386 
 
387 
  /**
388 
   * Returns the X.500 distinguished name of this CRL's issuer.
389 
   *
390 
   * @return The issuer's X.500 distinguished name.
391 
   * @since JDK 1.4
392 
   */
393 
  public X500Principal getIssuerX500Principal()
394 
  {
395 
    throw new UnsupportedOperationException();
396 
  }
397 
}

powered by: WebSVN 2.1.0

© copyright 1999-2025 OpenCores.org, equivalent to Oliscience, all rights reserved. OpenCores®, registered trademark.