URL https://opencores.org/ocsvn/scarts/scarts/trunk

Subversion Repositories scarts

[/] [scarts/] [trunk/] [toolchain/] [scarts-gcc/] [gcc-4.1.1/] [libjava/] [classpath/] [gnu/] [java/] [security/] [x509/] [X509CRL.java] - Blame information for rev 14

Details | Compare with Previous | View Log


/* X509CRL.java -- X.509 certificate revocation list.
   Copyright (C) 2003, 2004  Free Software Foundation, Inc.
 
This file is part of GNU Classpath.
 
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
 
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
General Public License for more details.
 
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING.  If not, write to the
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA.
 
Linking this library statically or dynamically with other modules is
making a combined work based on this library.  Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
 
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module.  An independent module is a module which is not derived from
or based on this library.  If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so.  If you do not wish to do so, delete this
exception statement from your version. */
 
 
package gnu.java.security.x509;
 
import gnu.java.security.OID;
import gnu.java.security.der.BitString;
import gnu.java.security.der.DER;
import gnu.java.security.der.DERReader;
import gnu.java.security.der.DERValue;
import gnu.java.security.x509.ext.Extension;
 
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CRLException;
import java.security.cert.Certificate;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
 
import javax.security.auth.x500.X500Principal;
 
/**
 * X.509 certificate revocation lists.
 *
 * @author Casey Marshall (rsdio@metastatic.org)
 */
public class X509CRL extends java.security.cert.X509CRL
  implements GnuPKIExtension
{
 
  // Constants and fields.
  // ------------------------------------------------------------------------
 
  private static final boolean DEBUG = false;
  private static void debug(String msg)
  {
    if (DEBUG)
      {
        System.err.print(">> X509CRL: ");
        System.err.println(msg);
      }
  }
 
  private static final OID ID_DSA = new OID("1.2.840.10040.4.1");
  private static final OID ID_DSA_WITH_SHA1 = new OID("1.2.840.10040.4.3");
  private static final OID ID_RSA = new OID("1.2.840.113549.1.1.1");
  private static final OID ID_RSA_WITH_MD2 = new OID("1.2.840.113549.1.1.2");
  private static final OID ID_RSA_WITH_MD5 = new OID("1.2.840.113549.1.1.4");
  private static final OID ID_RSA_WITH_SHA1 = new OID("1.2.840.113549.1.1.5");
 
  private byte[] encoded;
 
  private byte[] tbsCRLBytes;
  private int version;
  private OID algId;
  private byte[] algParams;
  private Date thisUpdate;
  private Date nextUpdate;
  private X500DistinguishedName issuerDN;
  private HashMap revokedCerts;
  private HashMap extensions;
 
  private OID sigAlg;
  private byte[] sigAlgParams;
  private byte[] rawSig;
  private byte[] signature;
 
  // Constructors.
  // ------------------------------------------------------------------------
 
  /**
   * Create a new X.509 CRL.
   *
   * @param encoded The DER encoded CRL.
   * @throws CRLException If the input bytes are incorrect.
   * @throws IOException  If the input bytes cannot be read.
   */
  public X509CRL(InputStream encoded) throws CRLException, IOException
  {
    super();
    revokedCerts = new HashMap();
    extensions = new HashMap();
    try
      {
        parse(encoded);
      }
    catch (IOException ioe)
      {
        ioe.printStackTrace();
        throw ioe;
      }
    catch (Exception x)
      {
        x.printStackTrace();
        throw new CRLException(x.toString());
      }
  }
 
  // X509CRL methods.
  // ------------------------------------------------------------------------
 
  public boolean equals(Object o)
  {
    if (!(o instanceof X509CRL))
      return false;
    return ((X509CRL) o).getRevokedCertificates().equals(revokedCerts.values());
  }
 
  public int hashCode()
  {
    return revokedCerts.hashCode();
  }
 
  public byte[] getEncoded() throws CRLException
  {
    return (byte[]) encoded.clone();
  }
 
  public void verify(PublicKey key)
    throws CRLException, NoSuchAlgorithmException, InvalidKeyException,
           NoSuchProviderException, SignatureException
  {
    Signature sig = Signature.getInstance(sigAlg.toString());
    doVerify(sig, key);
  }
 
  public void verify(PublicKey key, String provider)
    throws CRLException, NoSuchAlgorithmException, InvalidKeyException,
           NoSuchProviderException, SignatureException
  {
    Signature sig = Signature.getInstance(sigAlg.toString(), provider);
    doVerify(sig, key);
  }
 
  public int getVersion()
  {
    return version;
  }
 
  public Principal getIssuerDN()
  {
    return issuerDN;
  }
 
  public X500Principal getIssuerX500Principal()
  {
    return new X500Principal(issuerDN.getDer());
  }
 
  public Date getThisUpdate()
  {
    return (Date) thisUpdate.clone();
  }
 
  public Date getNextUpdate()
  {
    if (nextUpdate != null)
      return (Date) nextUpdate.clone();
    return null;
  }
 
  public java.security.cert.X509CRLEntry getRevokedCertificate(BigInteger serialNo)
  {
    return (java.security.cert.X509CRLEntry) revokedCerts.get(serialNo);
  }
 
  public Set getRevokedCertificates()
  {
    return Collections.unmodifiableSet(new HashSet(revokedCerts.values()));
  }
 
  public byte[] getTBSCertList() throws CRLException
  {
    return (byte[]) tbsCRLBytes.clone();
  }
 
  public byte[] getSignature()
  {
    return (byte[]) rawSig.clone();
  }
 
  public String getSigAlgName()
  {
    if (sigAlg.equals(ID_DSA_WITH_SHA1))
      return "SHA1withDSA";
    if (sigAlg.equals(ID_RSA_WITH_MD2))
      return "MD2withRSA";
    if (sigAlg.equals(ID_RSA_WITH_MD5))
      return "MD5withRSA";
    if (sigAlg.equals(ID_RSA_WITH_SHA1))
      return "SHA1withRSA";
    return "unknown";
  }
 
  public String getSigAlgOID()
  {
    return sigAlg.toString();
  }
 
  public byte[] getSigAlgParams()
  {
    if (sigAlgParams != null)
      return (byte[]) sigAlgParams.clone();
    return null;
  }
 
  // X509Extension methods.
  // ------------------------------------------------------------------------
 
  public boolean hasUnsupportedCriticalExtension()
  {
    for (Iterator it = extensions.values().iterator(); it.hasNext(); )
      {
        Extension e = (Extension) it.next();
        if (e.isCritical() && !e.isSupported())
          return true;
      }
    return false;
  }
 
  public Set getCriticalExtensionOIDs()
  {
    HashSet s = new HashSet();
    for (Iterator it = extensions.values().iterator(); it.hasNext(); )
      {
        Extension e = (Extension) it.next();
        if (e.isCritical())
          s.add(e.getOid().toString());
      }
    return Collections.unmodifiableSet(s);
  }
 
  public Set getNonCriticalExtensionOIDs()
  {
    HashSet s = new HashSet();
    for (Iterator it = extensions.values().iterator(); it.hasNext(); )
      {
        Extension e = (Extension) it.next();
        if (!e.isCritical())
          s.add(e.getOid().toString());
      }
    return Collections.unmodifiableSet(s);
  }
 
  public byte[] getExtensionValue(String oid)
  {
    Extension e = getExtension(new OID(oid));
    if (e != null)
      {
        return e.getValue().getEncoded();
      }
    return null;
  }
 
  // GnuPKIExtension method.
  // -------------------------------------------------------------------------
 
  public Extension getExtension(OID oid)
  {
    return (Extension) extensions.get(oid);
  }
 
  public Collection getExtensions()
  {
    return extensions.values();
  }
 
  // CRL methods.
  // -------------------------------------------------------------------------
 
  public String toString()
  {
    return X509CRL.class.getName();
  }
 
  public boolean isRevoked(Certificate cert)
  {
    if (!(cert instanceof java.security.cert.X509Certificate))
      throw new IllegalArgumentException("not a X.509 certificate");
    BigInteger certSerial =
      ((java.security.cert.X509Certificate) cert).getSerialNumber();
    X509CRLEntry ent = (X509CRLEntry) revokedCerts.get(certSerial);
    if (ent == null)
      return false;
    return ent.getRevocationDate().compareTo(new Date()) < 0;
  }
 
  // Own methods.
  // ------------------------------------------------------------------------
 
  private void doVerify(Signature sig, PublicKey key)
    throws CRLException, InvalidKeyException, SignatureException
  {
    sig.initVerify(key);
    sig.update(tbsCRLBytes);
    if (!sig.verify(signature))
      throw new CRLException("signature not verified");
  }
 
  private void parse(InputStream in) throws Exception
  {
    // CertificateList ::= SEQUENCE {
    DERReader der = new DERReader(in);
    DERValue val = der.read();
    debug("start CertificateList len == " + val.getLength());
    if (!val.isConstructed())
      throw new IOException("malformed CertificateList");
    encoded = val.getEncoded();
 
    //   tbsCertList ::= SEQUENCE {  -- TBSCertList
    val = der.read();
    if (!val.isConstructed())
      throw new IOException("malformed TBSCertList");
    debug("start tbsCertList  len == " + val.getLength());
    tbsCRLBytes = val.getEncoded();
 
    //     version    Version OPTIONAL,
    //                  -- If present must be v2
    val = der.read();
    if (val.getValue() instanceof BigInteger)
      {
        version = ((BigInteger) val.getValue()).intValue() + 1;
        val = der.read();
      }
    else
      version = 1;
    debug("read version == " + version);
 
    //     signature   AlgorithmIdentifier,
    debug("start AlgorithmIdentifier len == " + val.getLength());
    if (!val.isConstructed())
      throw new IOException("malformed AlgorithmIdentifier");
    DERValue algIdVal = der.read();
    algId = (OID) algIdVal.getValue();
    debug("read object identifier == " + algId);
    if (val.getLength() > algIdVal.getEncodedLength())
      {
        val = der.read();
        debug("read parameters  len == " + val.getEncodedLength());
        algParams = val.getEncoded();
        if (val.isConstructed())
          in.skip(val.getLength());
      }
 
    //     issuer   Name,
    val = der.read();
    issuerDN = new X500DistinguishedName(val.getEncoded());
    der.skip(val.getLength());
    debug("read issuer == " + issuerDN);
 
    //     thisUpdate   Time,
    thisUpdate = (Date) der.read().getValue();
    debug("read thisUpdate == " + thisUpdate);
 
    //     nextUpdate   Time OPTIONAL,
    val = der.read();
    if (val.getValue() instanceof Date)
      {
        nextUpdate = (Date) val.getValue();
        debug("read nextUpdate == " + nextUpdate);
        val = der.read();
      }
 
    //     revokedCertificates SEQUENCE OF SEQUENCE {
    //       -- X509CRLEntry objects...
    //     } OPTIONAL,
    if (val.getTag() != 0)
      {
        int len = 0;
        while (len < val.getLength())
          {
            X509CRLEntry entry = new X509CRLEntry(version, der);
            revokedCerts.put(entry.getSerialNumber(), entry);
            len += entry.getEncoded().length;
          }
        val = der.read();
      }
 
    //    crlExtensions   [0] EXPLICIT Extensions OPTIONAL
    //                        -- if present MUST be v2
    if (val.getTagClass() != DER.UNIVERSAL && val.getTag() == 0)
      {
        if (version < 2)
          throw new IOException("extra data in CRL");
        DERValue exts = der.read();
        if (!exts.isConstructed())
          throw new IOException("malformed Extensions");
        debug("start Extensions  len == " + exts.getLength());
        int len = 0;
        while (len < exts.getLength())
          {
            DERValue ext = der.read();
            if (!ext.isConstructed())
              throw new IOException("malformed Extension");
            Extension e = new Extension(ext.getEncoded());
            extensions.put(e.getOid(), e);
            der.skip(ext.getLength());
            len += ext.getEncodedLength();
            debug("current count == " + len);
          }
        val = der.read();
      }
 
    debug("read tag == " + val.getTag());
    if (!val.isConstructed())
      throw new IOException("malformed AlgorithmIdentifier");
    debug("start AlgorithmIdentifier  len == " + val.getLength());
    DERValue sigAlgVal = der.read();
    debug("read tag == " + sigAlgVal.getTag());
    if (sigAlgVal.getTag() != DER.OBJECT_IDENTIFIER)
      throw new IOException("malformed AlgorithmIdentifier");
    sigAlg = (OID) sigAlgVal.getValue();
    debug("signature id == " + sigAlg);
    debug("sigAlgVal length == " + sigAlgVal.getEncodedLength());
    if (val.getLength() > sigAlgVal.getEncodedLength())
      {
        val = der.read();
        debug("sig params tag = " + val.getTag() + " len == " + val.getEncodedLength());
        sigAlgParams = (byte[]) val.getEncoded();
        if (val.isConstructed())
          in.skip(val.getLength());
      }
    val = der.read();
    debug("read tag = " + val.getTag());
    rawSig = val.getEncoded();
    signature = ((BitString) val.getValue()).toByteArray();
  }
}

Browse

Tools

Subversion Repositories scarts

[/] [scarts/] [trunk/] [toolchain/] [scarts-gcc/] [gcc-4.1.1/] [libjava/] [classpath/] [gnu/] [java/] [security/] [x509/] [X509CRL.java] - Blame information for rev 14

Line No.	Rev	Author	Line
1	14	jlechner	`/* X509CRL.java -- X.509 certificate revocation list.`
2			`Copyright (C) 2003, 2004 Free Software Foundation, Inc.`
3
4			`This file is part of GNU Classpath.`
5
6			`GNU Classpath is free software; you can redistribute it and/or modify`
7			`it under the terms of the GNU General Public License as published by`
8			`the Free Software Foundation; either version 2, or (at your option)`
9			`any later version.`
10
11			`GNU Classpath is distributed in the hope that it will be useful, but`
12			`WITHOUT ANY WARRANTY; without even the implied warranty of`
13			`MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU`
14			`General Public License for more details.`
15
16			`You should have received a copy of the GNU General Public License`
17			`along with GNU Classpath; see the file COPYING. If not, write to the`
18			`Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA`
19			`02110-1301 USA.`
20
21			`Linking this library statically or dynamically with other modules is`
22			`making a combined work based on this library. Thus, the terms and`
23			`conditions of the GNU General Public License cover the whole`
24			`combination.`
25
26			`As a special exception, the copyright holders of this library give you`
27			`permission to link this library with independent modules to produce an`
28			`executable, regardless of the license terms of these independent`
29			`modules, and to copy and distribute the resulting executable under`
30			`terms of your choice, provided that you also meet, for each linked`
31			`independent module, the terms and conditions of the license of that`
32			`module. An independent module is a module which is not derived from`
33			`or based on this library. If you modify this library, you may extend`
34			`this exception to your version of the library, but you are not`
35			`obligated to do so. If you do not wish to do so, delete this`
36			`exception statement from your version. */`
37
38
39			`package gnu.java.security.x509;`
40
41			`import gnu.java.security.OID;`
42			`import gnu.java.security.der.BitString;`
43			`import gnu.java.security.der.DER;`
44			`import gnu.java.security.der.DERReader;`
45			`import gnu.java.security.der.DERValue;`
46			`import gnu.java.security.x509.ext.Extension;`
47
48			`import java.io.IOException;`
49			`import java.io.InputStream;`
50			`import java.math.BigInteger;`
51			`import java.security.InvalidKeyException;`
52			`import java.security.NoSuchAlgorithmException;`
53			`import java.security.NoSuchProviderException;`
54			`import java.security.Principal;`
55			`import java.security.PublicKey;`
56			`import java.security.Signature;`
57			`import java.security.SignatureException;`
58			`import java.security.cert.CRLException;`
59			`import java.security.cert.Certificate;`
60			`import java.util.Collection;`
61			`import java.util.Collections;`
62			`import java.util.Date;`
63			`import java.util.HashMap;`
64			`import java.util.HashSet;`
65			`import java.util.Iterator;`
66			`import java.util.Set;`
67
68			`import javax.security.auth.x500.X500Principal;`
69
70			`/**`
71			`* X.509 certificate revocation lists.`
72			`*`
73			`* @author Casey Marshall (rsdio@metastatic.org)`
74			`*/`
75			`public class X509CRL extends java.security.cert.X509CRL`
76			`implements GnuPKIExtension`
77			`{`
78
79			`// Constants and fields.`
80			`// ------------------------------------------------------------------------`
81
82			`private static final boolean DEBUG = false;`
83			`private static void debug(String msg)`
84			`{`
85			`if (DEBUG)`
86			`{`
87			`System.err.print(">> X509CRL: ");`
88			`System.err.println(msg);`
89			`}`
90			`}`
91
92			`private static final OID ID_DSA = new OID("1.2.840.10040.4.1");`
93			`private static final OID ID_DSA_WITH_SHA1 = new OID("1.2.840.10040.4.3");`
94			`private static final OID ID_RSA = new OID("1.2.840.113549.1.1.1");`
95			`private static final OID ID_RSA_WITH_MD2 = new OID("1.2.840.113549.1.1.2");`
96			`private static final OID ID_RSA_WITH_MD5 = new OID("1.2.840.113549.1.1.4");`
97			`private static final OID ID_RSA_WITH_SHA1 = new OID("1.2.840.113549.1.1.5");`
98
99			`private byte[] encoded;`
100
101			`private byte[] tbsCRLBytes;`
102			`private int version;`
103			`private OID algId;`
104			`private byte[] algParams;`
105			`private Date thisUpdate;`
106			`private Date nextUpdate;`
107			`private X500DistinguishedName issuerDN;`
108			`private HashMap revokedCerts;`
109			`private HashMap extensions;`
110
111			`private OID sigAlg;`
112			`private byte[] sigAlgParams;`
113			`private byte[] rawSig;`
114			`private byte[] signature;`
115
116			`// Constructors.`
117			`// ------------------------------------------------------------------------`
118
119			`/**`
120			`* Create a new X.509 CRL.`
121			`*`
122			`* @param encoded The DER encoded CRL.`
123			`* @throws CRLException If the input bytes are incorrect.`
124			`* @throws IOException If the input bytes cannot be read.`
125			`*/`
126			`public X509CRL(InputStream encoded) throws CRLException, IOException`
127			`{`
128			`super();`
129			`revokedCerts = new HashMap();`
130			`extensions = new HashMap();`
131			`try`
132			`{`
133			`parse(encoded);`
134			`}`
135			`catch (IOException ioe)`
136			`{`
137			`ioe.printStackTrace();`
138			`throw ioe;`
139			`}`
140			`catch (Exception x)`
141			`{`
142			`x.printStackTrace();`
143			`throw new CRLException(x.toString());`
144			`}`
145			`}`
146
147			`// X509CRL methods.`
148			`// ------------------------------------------------------------------------`
149
150			`public boolean equals(Object o)`
151			`{`
152			`if (!(o instanceof X509CRL))`
153			`return false;`
154			`return ((X509CRL) o).getRevokedCertificates().equals(revokedCerts.values());`
155			`}`
156
157			`public int hashCode()`
158			`{`
159			`return revokedCerts.hashCode();`
160			`}`
161
162			`public byte[] getEncoded() throws CRLException`
163			`{`
164			`return (byte[]) encoded.clone();`
165			`}`
166
167			`public void verify(PublicKey key)`
168			`throws CRLException, NoSuchAlgorithmException, InvalidKeyException,`
169			`NoSuchProviderException, SignatureException`
170			`{`
171			`Signature sig = Signature.getInstance(sigAlg.toString());`
172			`doVerify(sig, key);`
173			`}`
174
175			`public void verify(PublicKey key, String provider)`
176			`throws CRLException, NoSuchAlgorithmException, InvalidKeyException,`
177			`NoSuchProviderException, SignatureException`
178			`{`
179			`Signature sig = Signature.getInstance(sigAlg.toString(), provider);`
180			`doVerify(sig, key);`
181			`}`
182
183			`public int getVersion()`
184			`{`
185			`return version;`
186			`}`
187
188			`public Principal getIssuerDN()`
189			`{`
190			`return issuerDN;`
191			`}`
192
193			`public X500Principal getIssuerX500Principal()`
194			`{`
195			`return new X500Principal(issuerDN.getDer());`
196			`}`
197
198			`public Date getThisUpdate()`
199			`{`
200			`return (Date) thisUpdate.clone();`
201			`}`
202
203			`public Date getNextUpdate()`
204			`{`
205			`if (nextUpdate != null)`
206			`return (Date) nextUpdate.clone();`
207			`return null;`
208			`}`
209
210			`public java.security.cert.X509CRLEntry getRevokedCertificate(BigInteger serialNo)`
211			`{`
212			`return (java.security.cert.X509CRLEntry) revokedCerts.get(serialNo);`
213			`}`
214
215			`public Set getRevokedCertificates()`
216			`{`
217			`return Collections.unmodifiableSet(new HashSet(revokedCerts.values()));`
218			`}`
219
220			`public byte[] getTBSCertList() throws CRLException`
221			`{`
222			`return (byte[]) tbsCRLBytes.clone();`
223			`}`
224
225			`public byte[] getSignature()`
226			`{`
227			`return (byte[]) rawSig.clone();`
228			`}`
229
230			`public String getSigAlgName()`
231			`{`
232			`if (sigAlg.equals(ID_DSA_WITH_SHA1))`
233			`return "SHA1withDSA";`
234			`if (sigAlg.equals(ID_RSA_WITH_MD2))`
235			`return "MD2withRSA";`
236			`if (sigAlg.equals(ID_RSA_WITH_MD5))`
237			`return "MD5withRSA";`
238			`if (sigAlg.equals(ID_RSA_WITH_SHA1))`
239			`return "SHA1withRSA";`
240			`return "unknown";`
241			`}`
242
243			`public String getSigAlgOID()`
244			`{`
245			`return sigAlg.toString();`
246			`}`
247
248			`public byte[] getSigAlgParams()`
249			`{`
250			`if (sigAlgParams != null)`
251			`return (byte[]) sigAlgParams.clone();`
252			`return null;`
253			`}`
254
255			`// X509Extension methods.`
256			`// ------------------------------------------------------------------------`
257
258			`public boolean hasUnsupportedCriticalExtension()`
259			`{`
260			`for (Iterator it = extensions.values().iterator(); it.hasNext(); )`
261			`{`
262			`Extension e = (Extension) it.next();`
263			`if (e.isCritical() && !e.isSupported())`
264			`return true;`
265			`}`
266			`return false;`
267			`}`
268
269			`public Set getCriticalExtensionOIDs()`
270			`{`
271			`HashSet s = new HashSet();`
272			`for (Iterator it = extensions.values().iterator(); it.hasNext(); )`
273			`{`
274			`Extension e = (Extension) it.next();`
275			`if (e.isCritical())`
276			`s.add(e.getOid().toString());`
277			`}`
278			`return Collections.unmodifiableSet(s);`
279			`}`
280
281			`public Set getNonCriticalExtensionOIDs()`
282			`{`
283			`HashSet s = new HashSet();`
284			`for (Iterator it = extensions.values().iterator(); it.hasNext(); )`
285			`{`
286			`Extension e = (Extension) it.next();`
287			`if (!e.isCritical())`
288			`s.add(e.getOid().toString());`
289			`}`
290			`return Collections.unmodifiableSet(s);`
291			`}`
292
293			`public byte[] getExtensionValue(String oid)`
294			`{`
295			`Extension e = getExtension(new OID(oid));`
296			`if (e != null)`
297			`{`
298			`return e.getValue().getEncoded();`
299			`}`
300			`return null;`
301			`}`
302
303			`// GnuPKIExtension method.`
304			`// -------------------------------------------------------------------------`
305
306			`public Extension getExtension(OID oid)`
307			`{`
308			`return (Extension) extensions.get(oid);`
309			`}`
310
311			`public Collection getExtensions()`
312			`{`
313			`return extensions.values();`
314			`}`
315
316			`// CRL methods.`
317			`// -------------------------------------------------------------------------`
318
319			`public String toString()`
320			`{`
321			`return X509CRL.class.getName();`
322			`}`
323
324			`public boolean isRevoked(Certificate cert)`
325			`{`
326			`if (!(cert instanceof java.security.cert.X509Certificate))`
327			`throw new IllegalArgumentException("not a X.509 certificate");`
328			`BigInteger certSerial =`
329			`((java.security.cert.X509Certificate) cert).getSerialNumber();`
330			`X509CRLEntry ent = (X509CRLEntry) revokedCerts.get(certSerial);`
331			`if (ent == null)`
332			`return false;`
333			`return ent.getRevocationDate().compareTo(new Date()) < 0;`
334			`}`
335
336			`// Own methods.`
337			`// ------------------------------------------------------------------------`
338
339			`private void doVerify(Signature sig, PublicKey key)`
340			`throws CRLException, InvalidKeyException, SignatureException`
341			`{`
342			`sig.initVerify(key);`
343			`sig.update(tbsCRLBytes);`
344			`if (!sig.verify(signature))`
345			`throw new CRLException("signature not verified");`
346			`}`
347
348			`private void parse(InputStream in) throws Exception`
349			`{`
350			`// CertificateList ::= SEQUENCE {`
351			`DERReader der = new DERReader(in);`
352			`DERValue val = der.read();`
353			`debug("start CertificateList len == " + val.getLength());`
354			`if (!val.isConstructed())`
355			`throw new IOException("malformed CertificateList");`
356			`encoded = val.getEncoded();`
357
358			`// tbsCertList ::= SEQUENCE { -- TBSCertList`
359			`val = der.read();`
360			`if (!val.isConstructed())`
361			`throw new IOException("malformed TBSCertList");`
362			`debug("start tbsCertList len == " + val.getLength());`
363			`tbsCRLBytes = val.getEncoded();`
364
365			`// version Version OPTIONAL,`
366			`// -- If present must be v2`
367			`val = der.read();`
368			`if (val.getValue() instanceof BigInteger)`
369			`{`
370			`version = ((BigInteger) val.getValue()).intValue() + 1;`
371			`val = der.read();`
372			`}`
373			`else`
374			`version = 1;`
375			`debug("read version == " + version);`
376
377			`// signature AlgorithmIdentifier,`
378			`debug("start AlgorithmIdentifier len == " + val.getLength());`
379			`if (!val.isConstructed())`
380			`throw new IOException("malformed AlgorithmIdentifier");`
381			`DERValue algIdVal = der.read();`
382			`algId = (OID) algIdVal.getValue();`
383			`debug("read object identifier == " + algId);`
384			`if (val.getLength() > algIdVal.getEncodedLength())`
385			`{`
386			`val = der.read();`
387			`debug("read parameters len == " + val.getEncodedLength());`
388			`algParams = val.getEncoded();`
389			`if (val.isConstructed())`
390			`in.skip(val.getLength());`
391			`}`
392
393			`// issuer Name,`
394			`val = der.read();`
395			`issuerDN = new X500DistinguishedName(val.getEncoded());`
396			`der.skip(val.getLength());`
397			`debug("read issuer == " + issuerDN);`
398
399			`// thisUpdate Time,`
400			`thisUpdate = (Date) der.read().getValue();`
401			`debug("read thisUpdate == " + thisUpdate);`
402
403			`// nextUpdate Time OPTIONAL,`
404			`val = der.read();`
405			`if (val.getValue() instanceof Date)`
406			`{`
407			`nextUpdate = (Date) val.getValue();`
408			`debug("read nextUpdate == " + nextUpdate);`
409			`val = der.read();`
410			`}`
411
412			`// revokedCertificates SEQUENCE OF SEQUENCE {`
413			`// -- X509CRLEntry objects...`
414			`// } OPTIONAL,`
415			`if (val.getTag() != 0)`
416			`{`
417			`int len = 0;`
418			`while (len < val.getLength())`
419			`{`
420			`X509CRLEntry entry = new X509CRLEntry(version, der);`
421			`revokedCerts.put(entry.getSerialNumber(), entry);`
422			`len += entry.getEncoded().length;`
423			`}`
424			`val = der.read();`
425			`}`
426
427			`// crlExtensions [0] EXPLICIT Extensions OPTIONAL`
428			`// -- if present MUST be v2`
429			`if (val.getTagClass() != DER.UNIVERSAL && val.getTag() == 0)`
430			`{`
431			`if (version < 2)`
432			`throw new IOException("extra data in CRL");`
433			`DERValue exts = der.read();`
434			`if (!exts.isConstructed())`
435			`throw new IOException("malformed Extensions");`
436			`debug("start Extensions len == " + exts.getLength());`
437			`int len = 0;`
438			`while (len < exts.getLength())`
439			`{`
440			`DERValue ext = der.read();`
441			`if (!ext.isConstructed())`
442			`throw new IOException("malformed Extension");`
443			`Extension e = new Extension(ext.getEncoded());`
444			`extensions.put(e.getOid(), e);`
445			`der.skip(ext.getLength());`
446			`len += ext.getEncodedLength();`
447			`debug("current count == " + len);`
448			`}`
449			`val = der.read();`
450			`}`
451
452			`debug("read tag == " + val.getTag());`
453			`if (!val.isConstructed())`
454			`throw new IOException("malformed AlgorithmIdentifier");`
455			`debug("start AlgorithmIdentifier len == " + val.getLength());`
456			`DERValue sigAlgVal = der.read();`
457			`debug("read tag == " + sigAlgVal.getTag());`
458			`if (sigAlgVal.getTag() != DER.OBJECT_IDENTIFIER)`
459			`throw new IOException("malformed AlgorithmIdentifier");`
460			`sigAlg = (OID) sigAlgVal.getValue();`
461			`debug("signature id == " + sigAlg);`
462			`debug("sigAlgVal length == " + sigAlgVal.getEncodedLength());`
463			`if (val.getLength() > sigAlgVal.getEncodedLength())`
464			`{`
465			`val = der.read();`
466			`debug("sig params tag = " + val.getTag() + " len == " + val.getEncodedLength());`
467			`sigAlgParams = (byte[]) val.getEncoded();`
468			`if (val.isConstructed())`
469			`in.skip(val.getLength());`
470			`}`
471			`val = der.read();`
472			`debug("read tag = " + val.getTag());`
473			`rawSig = val.getEncoded();`
474			`signature = ((BitString) val.getValue()).toByteArray();`
475			`}`
476			`}`