X509CRLObject


1   /**
2    *  Licensed to the Apache Software Foundation (ASF) under one or more
3    *  contributor license agreements.  See the NOTICE file distributed with
4    *  this work for additional information regarding copyright ownership.
5    *  The ASF licenses this file to You under the Apache License, Version 2.0
6    *  (the "License"); you may not use this file except in compliance with
7    *  the License.  You may obtain a copy of the License at
8    *
9    *     http://www.apache.org/licenses/LICENSE-2.0
10   *
11   *  Unless required by applicable law or agreed to in writing, software
12   *  distributed under the License is distributed on an "AS IS" BASIS,
13   *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   *  See the License for the specific language governing permissions and
15   *  limitations under the License.
16   */
17  
18  package org.apache.geronimo.util.jce.provider;
19  
20  import java.io.ByteArrayOutputStream  ;
21  import java.io.IOException  ;
22  import java.math.BigInteger  ;
23  import java.security.InvalidKeyException  ;
24  import java.security.NoSuchAlgorithmException  ;
25  import java.security.NoSuchProviderException  ;
26  import java.security.Principal  ;
27  import java.security.Provider  ;
28  import java.security.PublicKey  ;
29  import java.security.Security  ;
30  import java.security.Signature  ;
31  import java.security.SignatureException  ;
32  import java.security.cert.CRLException  ;
33  import java.security.cert.Certificate  ;
34  import java.security.cert.X509CRL  ;
35  import java.security.cert.X509CRLEntry  ;
36  import java.security.cert.X509Certificate  ;
37  import java.util.Date  ;
38  import java.util.Enumeration  ;
39  import java.util.HashSet  ;
40  import java.util.Set  ;
41  
42  import javax.security.auth.x500.X500Principal  ;
43  
44  import org.apache.geronimo.util.asn1.ASN1OutputStream;
45  import org.apache.geronimo.util.asn1.DERObjectIdentifier;
46  import org.apache.geronimo.util.asn1.DEROutputStream;
47  import org.apache.geronimo.util.asn1.x509.CertificateList;
48  import org.apache.geronimo.util.asn1.x509.TBSCertList;
49  import org.apache.geronimo.util.asn1.x509.X509Extension;
50  import org.apache.geronimo.util.asn1.x509.X509Extensions;
51  import org.apache.geronimo.util.jce.X509Principal;
52  
53  /**
54   * The following extensions are listed in RFC 2459 as relevant to CRLs
55   *
56   * Authority Key Identifier
57   * Issuer Alternative Name
58   * CRL Number
59   * Delta CRL Indicator (critical)
60   * Issuing Distribution Point (critical)
61   */
62  public class X509CRLObject
63      extends X509CRL  
64  {
65      private CertificateList c;
66  
67      public X509CRLObject(
68          CertificateList c)
69      {
70          this.c = c;
71      }
72  
73      /**
74       * Will return true if any extensions are present and marked
75       * as critical as we currently dont handle any extensions!
76       */
77      public boolean hasUnsupportedCriticalExtension()
78      {
79          Set   extns = getCriticalExtensionOIDs();
80          if ( extns != null && !extns.isEmpty() )
81          {
82              return true;
83          }
84  
85          return false;
86      }
87  
88      private Set   getExtensionOIDs(boolean critical)
89      {
90          if (this.getVersion() == 2)
91          {
92              HashSet           set = new HashSet  ();
93              X509Extensions  extensions = c.getTBSCertList().getExtensions();
94              Enumeration       e = extensions.oids();
95  
96              while (e.hasMoreElements())
97              {
98                  DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement();
99                  X509Extension       ext = extensions.getExtension(oid);
100 
101                 if (critical == ext.isCritical())
102                 {
103                     set.add(oid.getId());
104                 }
105             }
106 
107             return set;
108         }
109 
110         return null;
111     }
112 
113     public Set   getCriticalExtensionOIDs()
114     {
115         return getExtensionOIDs(true);
116     }
117 
118     public Set   getNonCriticalExtensionOIDs()
119     {
120         return getExtensionOIDs(false);
121     }
122 
123     public byte[] getExtensionValue(String   oid)
124     {
125         X509Extensions exts = c.getTBSCertList().getExtensions();
126 
127         if (exts != null)
128         {
129             X509Extension   ext = exts.getExtension(new DERObjectIdentifier(oid));
130 
131             if (ext != null)
132             {
133                 ByteArrayOutputStream     bOut = new ByteArrayOutputStream  ();
134                 DEROutputStream dOut = new DEROutputStream(bOut);
135 
136                 try
137                 {
138                     dOut.writeObject(ext.getValue());
139 
140                     return bOut.toByteArray();
141                 }
142                 catch (Exception   e)
143                 {
144                     throw new RuntimeException  ("error encoding " + e.toString());
145                 }
146             }
147         }
148 
149         return null;
150     }
151 
152     public byte[] getEncoded()
153         throws CRLException  
154     {
155         ByteArrayOutputStream      bOut = new ByteArrayOutputStream  ();
156         DEROutputStream            dOut = new DEROutputStream(bOut);
157 
158         try
159         {
160             dOut.writeObject(c);
161 
162             return bOut.toByteArray();
163         }
164         catch (IOException   e)
165         {
166             throw new CRLException  (e.toString());
167         }
168     }
169 
170     public void verify(PublicKey   key)
171         throws CRLException  ,  NoSuchAlgorithmException  ,
172         InvalidKeyException  , NoSuchProviderException  ,
173         SignatureException  
174     {
175         verify(key, "BC");
176     }
177 
178     public void verify(PublicKey   key, String   sigProvider)
179         throws CRLException  , NoSuchAlgorithmException  ,
180         InvalidKeyException  , NoSuchProviderException  ,
181         SignatureException  
182     {
183         if ( !c.getSignatureAlgorithm().equals(c.getTBSCertList().getSignature()) )
184         {
185             throw new CRLException  ("Signature algorithm on CertifcateList does not match TBSCertList.");
186         }
187 
188         Signature   sig = Signature.getInstance(getSigAlgName(), sigProvider);
189 
190         sig.initVerify(key);
191         sig.update(this.getTBSCertList());
192         if ( !sig.verify(this.getSignature()) )
193         {
194             throw new SignatureException  ("CRL does not verify with supplied public key.");
195         }
196     }
197 
198     public int getVersion()
199     {
200         return c.getVersion();
201     }
202 
203     public Principal   getIssuerDN()
204     {
205         return new X509Principal(c.getIssuer());
206     }
207 
208     public X500Principal   getIssuerX500Principal()
209     {
210         try
211         {
212             ByteArrayOutputStream     bOut = new ByteArrayOutputStream  ();
213             ASN1OutputStream        aOut = new ASN1OutputStream(bOut);
214 
215             aOut.writeObject(c.getIssuer());
216 
217             return new X500Principal  (bOut.toByteArray());
218         }
219         catch (IOException   e)
220         {
221             throw new IllegalStateException  ("can't encode issuer DN");
222         }
223     }
224 
225     public Date   getThisUpdate()
226     {
227         return c.getThisUpdate().getDate();
228     }
229 
230     public Date   getNextUpdate()
231     {
232         if (c.getNextUpdate() != null)
233         {
234             return c.getNextUpdate().getDate();
235         }
236 
237         return null;
238     }
239 
240     public X509CRLEntry   getRevokedCertificate(BigInteger   serialNumber)
241     {
242         TBSCertList.CRLEntry[] certs = c.getRevokedCertificates();
243 
244         if ( certs != null )
245         {
246             for ( int i = 0; i < certs.length; i++ )
247             {
248                 if ( certs[i].getUserCertificate().getValue().equals(serialNumber) ) {
249                     return new X509CRLEntryObject(certs[i]);
250                 }
251             }
252         }
253 
254         return null;
255     }
256 
257     public Set   getRevokedCertificates()
258     {
259         TBSCertList.CRLEntry[] certs = c.getRevokedCertificates();
260 
261         if ( certs != null )
262         {
263             HashSet   set = new HashSet  ();
264             for ( int i = 0; i < certs.length; i++ )
265             {
266                 set.add(new X509CRLEntryObject(certs[i]));
267 
268             }
269 
270             return set;
271         }
272 
273         return null;
274     }
275 
276     public byte[] getTBSCertList()
277         throws CRLException  
278     {
279         ByteArrayOutputStream      bOut = new ByteArrayOutputStream  ();
280         DEROutputStream            dOut = new DEROutputStream(bOut);
281 
282         try
283         {
284             dOut.writeObject(c.getTBSCertList());
285 
286             return bOut.toByteArray();
287         }
288         catch (IOException   e)
289         {
290             throw new CRLException  (e.toString());
291         }
292     }
293 
294     public byte[] getSignature()
295     {
296         return c.getSignature().getBytes();
297     }
298 
299     public String   getSigAlgName()
300     {
301         Provider  [] provs = Security.getProviders();
302 
303         //
304         // search every provider looking for a real algorithm
305         //
306         for (int i = 0; i != provs.length; i++)
307         {
308             String   algName = provs[i].getProperty("Alg.Alias.Signature." + this.getSigAlgOID());
309             if ( algName != null )
310             {
311                 return algName;
312             }
313         }
314 
315         return this.getSigAlgOID();
316     }
317 
318     public String   getSigAlgOID()
319     {
320         return c.getSignatureAlgorithm().getObjectId().getId();
321     }
322 
323     public byte[] getSigAlgParams()
324     {
325         ByteArrayOutputStream      bOut = new ByteArrayOutputStream  ();
326 
327         if ( c.getSignatureAlgorithm().getParameters() != null )
328         {
329             try
330             {
331                 DEROutputStream    dOut = new DEROutputStream(bOut);
332 
333                 dOut.writeObject(c.getSignatureAlgorithm().getParameters());
334             }
335             catch (Exception   e)
336             {
337                 throw new RuntimeException  ("exception getting sig parameters " + e);
338             }
339 
340             return bOut.toByteArray();
341         }
342 
343         return null;
344     }
345 
346     /**
347      * Returns a string representation of this CRL.
348      *
349      * @return a string representation of this CRL.
350      */
351     public String   toString()
352     {
353         return "X.509 CRL";
354     }
355 
356     /**
357      * Checks whether the given certificate is on this CRL.
358      *
359      * @param cert the certificate to check for.
360      * @return true if the given certificate is on this CRL,
361      * false otherwise.
362      */
363     public boolean isRevoked(Certificate   cert)
364     {
365         if ( !cert.getType().equals("X.509") )
366         {
367             throw new RuntimeException  ("X.509 CRL used with non X.509 Cert");
368         }
369 
370         TBSCertList.CRLEntry[] certs = c.getRevokedCertificates();
371 
372         if ( certs != null )
373         {
374             BigInteger   serial = ((X509Certificate  )cert).getSerialNumber();
375 
376             for ( int i = 0; i < certs.length; i++ )
377             {
378                 if ( certs[i].getUserCertificate().getValue().equals(serial) )
379                 {
380                     return true;
381                 }
382             }
383         }
384 
385         return false;
386     }
387 }
388 
389
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags