KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > apache > geronimo > util > jce > provider > X509CRLObject


1 /**
2  * Licensed to the Apache Software Foundation (ASF) under one or more
3  * contributor license agreements. See the NOTICE file distributed with
4  * this work for additional information regarding copyright ownership.
5  * The ASF licenses this file to You under the Apache License, Version 2.0
6  * (the "License"); you may not use this file except in compliance with
7  * the License. You may obtain a copy of the License at
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  */

17
18 package org.apache.geronimo.util.jce.provider;
19
20 import java.io.ByteArrayOutputStream JavaDoc;
21 import java.io.IOException JavaDoc;
22 import java.math.BigInteger JavaDoc;
23 import java.security.InvalidKeyException JavaDoc;
24 import java.security.NoSuchAlgorithmException JavaDoc;
25 import java.security.NoSuchProviderException JavaDoc;
26 import java.security.Principal JavaDoc;
27 import java.security.Provider JavaDoc;
28 import java.security.PublicKey JavaDoc;
29 import java.security.Security JavaDoc;
30 import java.security.Signature JavaDoc;
31 import java.security.SignatureException JavaDoc;
32 import java.security.cert.CRLException JavaDoc;
33 import java.security.cert.Certificate JavaDoc;
34 import java.security.cert.X509CRL JavaDoc;
35 import java.security.cert.X509CRLEntry JavaDoc;
36 import java.security.cert.X509Certificate JavaDoc;
37 import java.util.Date JavaDoc;
38 import java.util.Enumeration JavaDoc;
39 import java.util.HashSet JavaDoc;
40 import java.util.Set JavaDoc;
41
42 import javax.security.auth.x500.X500Principal JavaDoc;
43
44 import org.apache.geronimo.util.asn1.ASN1OutputStream;
45 import org.apache.geronimo.util.asn1.DERObjectIdentifier;
46 import org.apache.geronimo.util.asn1.DEROutputStream;
47 import org.apache.geronimo.util.asn1.x509.CertificateList;
48 import org.apache.geronimo.util.asn1.x509.TBSCertList;
49 import org.apache.geronimo.util.asn1.x509.X509Extension;
50 import org.apache.geronimo.util.asn1.x509.X509Extensions;
51 import org.apache.geronimo.util.jce.X509Principal;
52
53 /**
54  * The following extensions are listed in RFC 2459 as relevant to CRLs
55  *
56  * Authority Key Identifier
57  * Issuer Alternative Name
58  * CRL Number
59  * Delta CRL Indicator (critical)
60  * Issuing Distribution Point (critical)
61  */

62 public class X509CRLObject
63     extends X509CRL JavaDoc
64 {
65     private CertificateList c;
66
67     public X509CRLObject(
68         CertificateList c)
69     {
70         this.c = c;
71     }
72
73     /**
74      * Will return true if any extensions are present and marked
75      * as critical as we currently dont handle any extensions!
76      */

77     public boolean hasUnsupportedCriticalExtension()
78     {
79         Set JavaDoc extns = getCriticalExtensionOIDs();
80         if ( extns != null && !extns.isEmpty() )
81         {
82             return true;
83         }
84
85         return false;
86     }
87
88     private Set JavaDoc getExtensionOIDs(boolean critical)
89     {
90         if (this.getVersion() == 2)
91         {
92             HashSet JavaDoc set = new HashSet JavaDoc();
93             X509Extensions extensions = c.getTBSCertList().getExtensions();
94             Enumeration JavaDoc e = extensions.oids();
95
96             while (e.hasMoreElements())
97             {
98                 DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement();
99                 X509Extension ext = extensions.getExtension(oid);
100
101                 if (critical == ext.isCritical())
102                 {
103                     set.add(oid.getId());
104                 }
105             }
106
107             return set;
108         }
109
110         return null;
111     }
112
113     public Set JavaDoc getCriticalExtensionOIDs()
114     {
115         return getExtensionOIDs(true);
116     }
117
118     public Set JavaDoc getNonCriticalExtensionOIDs()
119     {
120         return getExtensionOIDs(false);
121     }
122
123     public byte[] getExtensionValue(String JavaDoc oid)
124     {
125         X509Extensions exts = c.getTBSCertList().getExtensions();
126
127         if (exts != null)
128         {
129             X509Extension ext = exts.getExtension(new DERObjectIdentifier(oid));
130
131             if (ext != null)
132             {
133                 ByteArrayOutputStream JavaDoc bOut = new ByteArrayOutputStream JavaDoc();
134                 DEROutputStream dOut = new DEROutputStream(bOut);
135
136                 try
137                 {
138                     dOut.writeObject(ext.getValue());
139
140                     return bOut.toByteArray();
141                 }
142                 catch (Exception JavaDoc e)
143                 {
144                     throw new RuntimeException JavaDoc("error encoding " + e.toString());
145                 }
146             }
147         }
148
149         return null;
150     }
151
152     public byte[] getEncoded()
153         throws CRLException JavaDoc
154     {
155         ByteArrayOutputStream JavaDoc bOut = new ByteArrayOutputStream JavaDoc();
156         DEROutputStream dOut = new DEROutputStream(bOut);
157
158         try
159         {
160             dOut.writeObject(c);
161
162             return bOut.toByteArray();
163         }
164         catch (IOException JavaDoc e)
165         {
166             throw new CRLException JavaDoc(e.toString());
167         }
168     }
169
170     public void verify(PublicKey JavaDoc key)
171         throws CRLException JavaDoc, NoSuchAlgorithmException JavaDoc,
172         InvalidKeyException JavaDoc, NoSuchProviderException JavaDoc,
173         SignatureException JavaDoc
174     {
175         verify(key, "BC");
176     }
177
178     public void verify(PublicKey JavaDoc key, String JavaDoc sigProvider)
179         throws CRLException JavaDoc, NoSuchAlgorithmException JavaDoc,
180         InvalidKeyException JavaDoc, NoSuchProviderException JavaDoc,
181         SignatureException JavaDoc
182     {
183         if ( !c.getSignatureAlgorithm().equals(c.getTBSCertList().getSignature()) )
184         {
185             throw new CRLException JavaDoc("Signature algorithm on CertifcateList does not match TBSCertList.");
186         }
187
188         Signature JavaDoc sig = Signature.getInstance(getSigAlgName(), sigProvider);
189
190         sig.initVerify(key);
191         sig.update(this.getTBSCertList());
192         if ( !sig.verify(this.getSignature()) )
193         {
194             throw new SignatureException JavaDoc("CRL does not verify with supplied public key.");
195         }
196     }
197
198     public int getVersion()
199     {
200         return c.getVersion();
201     }
202
203     public Principal JavaDoc getIssuerDN()
204     {
205         return new X509Principal(c.getIssuer());
206     }
207
208     public X500Principal JavaDoc getIssuerX500Principal()
209     {
210         try
211         {
212             ByteArrayOutputStream JavaDoc bOut = new ByteArrayOutputStream JavaDoc();
213             ASN1OutputStream aOut = new ASN1OutputStream(bOut);
214
215             aOut.writeObject(c.getIssuer());
216
217             return new X500Principal JavaDoc(bOut.toByteArray());
218         }
219         catch (IOException JavaDoc e)
220         {
221             throw new IllegalStateException JavaDoc("can't encode issuer DN");
222         }
223     }
224
225     public Date JavaDoc getThisUpdate()
226     {
227         return c.getThisUpdate().getDate();
228     }
229
230     public Date JavaDoc getNextUpdate()
231     {
232         if (c.getNextUpdate() != null)
233         {
234             return c.getNextUpdate().getDate();
235         }
236
237         return null;
238     }
239
240     public X509CRLEntry JavaDoc getRevokedCertificate(BigInteger JavaDoc serialNumber)
241     {
242         TBSCertList.CRLEntry[] certs = c.getRevokedCertificates();
243
244         if ( certs != null )
245         {
246             for ( int i = 0; i < certs.length; i++ )
247             {
248                 if ( certs[i].getUserCertificate().getValue().equals(serialNumber) ) {
249                     return new X509CRLEntryObject(certs[i]);
250                 }
251             }
252         }
253
254         return null;
255     }
256
257     public Set JavaDoc getRevokedCertificates()
258     {
259         TBSCertList.CRLEntry[] certs = c.getRevokedCertificates();
260
261         if ( certs != null )
262         {
263             HashSet JavaDoc set = new HashSet JavaDoc();
264             for ( int i = 0; i < certs.length; i++ )
265             {
266                 set.add(new X509CRLEntryObject(certs[i]));
267
268             }
269
270             return set;
271         }
272
273         return null;
274     }
275
276     public byte[] getTBSCertList()
277         throws CRLException JavaDoc
278     {
279         ByteArrayOutputStream JavaDoc bOut = new ByteArrayOutputStream JavaDoc();
280         DEROutputStream dOut = new DEROutputStream(bOut);
281
282         try
283         {
284             dOut.writeObject(c.getTBSCertList());
285
286             return bOut.toByteArray();
287         }
288         catch (IOException JavaDoc e)
289         {
290             throw new CRLException JavaDoc(e.toString());
291         }
292     }
293
294     public byte[] getSignature()
295     {
296         return c.getSignature().getBytes();
297     }
298
299     public String JavaDoc getSigAlgName()
300     {
301         Provider JavaDoc[] provs = Security.getProviders();
302
303         //
304
// search every provider looking for a real algorithm
305
//
306
for (int i = 0; i != provs.length; i++)
307         {
308             String JavaDoc algName = provs[i].getProperty("Alg.Alias.Signature." + this.getSigAlgOID());
309             if ( algName != null )
310             {
311                 return algName;
312             }
313         }
314
315         return this.getSigAlgOID();
316     }
317
318     public String JavaDoc getSigAlgOID()
319     {
320         return c.getSignatureAlgorithm().getObjectId().getId();
321     }
322
323     public byte[] getSigAlgParams()
324     {
325         ByteArrayOutputStream JavaDoc bOut = new ByteArrayOutputStream JavaDoc();
326
327         if ( c.getSignatureAlgorithm().getParameters() != null )
328         {
329             try
330             {
331                 DEROutputStream dOut = new DEROutputStream(bOut);
332
333                 dOut.writeObject(c.getSignatureAlgorithm().getParameters());
334             }
335             catch (Exception JavaDoc e)
336             {
337                 throw new RuntimeException JavaDoc("exception getting sig parameters " + e);
338             }
339
340             return bOut.toByteArray();
341         }
342
343         return null;
344     }
345
346     /**
347      * Returns a string representation of this CRL.
348      *
349      * @return a string representation of this CRL.
350      */

351     public String JavaDoc toString()
352     {
353         return "X.509 CRL";
354     }
355
356     /**
357      * Checks whether the given certificate is on this CRL.
358      *
359      * @param cert the certificate to check for.
360      * @return true if the given certificate is on this CRL,
361      * false otherwise.
362      */

363     public boolean isRevoked(Certificate JavaDoc cert)
364     {
365         if ( !cert.getType().equals("X.509") )
366         {
367             throw new RuntimeException JavaDoc("X.509 CRL used with non X.509 Cert");
368         }
369
370         TBSCertList.CRLEntry[] certs = c.getRevokedCertificates();
371
372         if ( certs != null )
373         {
374             BigInteger JavaDoc serial = ((X509Certificate JavaDoc)cert).getSerialNumber();
375
376             for ( int i = 0; i < certs.length; i++ )
377             {
378                 if ( certs[i].getUserCertificate().getValue().equals(serial) )
379                 {
380                     return true;
381                 }
382             }
383         }
384
385         return false;
386     }
387 }
388
389
Popular Tags