private X500Principal getCertIssuer(X509CRLEntryImpl entry, X500Principal prevCertIssuer)
throws IOException {
CertificateIssuerExtension ciExt = entry.getCertificateIssuerExtension();
if (ciExt != null) {
GeneralNames names = ciExt.get(CertificateIssuerExtension.ISSUER);
X500Name issuerDN = (X500Name) names.get(0).getName();
return issuerDN.asX500Principal();
} else {
return prevCertIssuer;
}
}
public void encodeInfo(OutputStream out) throws CRLException {
try {
DerOutputStream tmp = new DerOutputStream();
DerOutputStream rCerts = new DerOutputStream();
DerOutputStream seq = new DerOutputStream();
if (version != 0) {
tmp.putInteger(version);
}
infoSigAlgId.encode(tmp);
if ((version == 0) && (issuer.toString() == null)) {
throw new CRLException("Null Issuer DN not allowed in v1 CRL");
}
issuer.encode(tmp);
if (thisUpdate.getTime() < YR_2050) {
tmp.putUTCTime(thisUpdate);
} else {
tmp.putGeneralizedTime(thisUpdate);
}
if (nextUpdate != null) {
if (nextUpdate.getTime() < YR_2050) {
tmp.putUTCTime(nextUpdate);
} else {
tmp.putGeneralizedTime(nextUpdate);
}
}
if (!revokedList.isEmpty()) {
for (X509CRLEntry entry : revokedList) {
((X509CRLEntryImpl) entry).encode(rCerts);
}
tmp.write(DerValue.tag_Sequence, rCerts);
}
if (extensions != null) {
extensions.encode(tmp, isExplicit);
}
seq.write(DerValue.tag_Sequence, tmp);
tbsCertList = seq.toByteArray();
out.write(tbsCertList);
} catch (IOException e) {
throw new CRLException("Encoding error: " + e.getMessage());
}
}
public String toString() {
StringWriter str = new StringWriter();
PrintWriter out = new PrintWriter(str);
out.println(X509CertificateImpl.class.getName() + " {");
out.println(" TBSCertificate {");
out.println(" version = " + version + ";");
out.println(" serialNo = " + serialNo + ";");
out.println(" signature = {");
out.println(" algorithm = " + getSigAlgName() + ";");
out.print(" parameters =");
if (sigAlgVal != null) {
out.println();
out.print(Util.hexDump(sigAlgVal, " "));
} else {
out.println(" null;");
}
out.println(" }");
out.println(" issuer = " + issuer.getName() + ";");
out.println(" validity = {");
out.println(" notBefore = " + notBefore + ";");
out.println(" notAfter = " + notAfter + ";");
out.println(" }");
out.println(" subject = " + subject.getName() + ";");
out.println(" subjectPublicKeyInfo = {");
out.println(" algorithm = " + subjectKey.getAlgorithm());
out.println(" key =");
out.print(Util.hexDump(subjectKey.getEncoded(), " "));
out.println(" };");
out.println(" issuerUniqueId = " + issuerUniqueId + ";");
out.println(" subjectUniqueId = " + subjectUniqueId + ";");
out.println(" extensions = {");
for (Iterator it = extensions.values().iterator(); it.hasNext(); ) {
out.println(" " + it.next());
}
out.println(" }");
out.println(" }");
out.println(" signatureAlgorithm = " + getSigAlgName() + ";");
out.println(" signatureValue =");
out.print(Util.hexDump(signature, " "));
out.println("}");
return str.toString();
}
public X500Principal getSubjectX500Principal() {
return new X500Principal(subject.getDer());
}
public X500Principal getIssuerX500Principal() {
return new X500Principal(issuer.getDer());
}
private void parse(DerValue val) throws CRLException, IOException {
if (readOnly) {
throw new CRLException("cannot over-write existing CRL");
}
if (val.getData() == null || val.tag != DerValue.tag_Sequence) {
throw new CRLException("Invalid DER-encoded CRL data");
}
signedCRL = val.toByteArray();
DerValue seq[] = new DerValue[3];
seq[0] = val.data.getDerValue();
seq[1] = val.data.getDerValue();
seq[2] = val.data.getDerValue();
if (val.data.available() != 0) {
throw new CRLException("signed overrun, bytes = " + val.data.available());
}
if (seq[0].tag != DerValue.tag_Sequence) {
throw new CRLException("signed CRL fields invalid");
}
sigAlgId = AlgorithmId.parse(seq[1]);
signature = seq[2].getBitString();
if (seq[1].data.available() != 0) {
throw new CRLException("AlgorithmId field overrun");
}
if (seq[2].data.available() != 0) {
throw new CRLException("Signature field overrun");
}
tbsCertList = seq[0].toByteArray();
DerInputStream derStrm = seq[0].data;
DerValue tmp;
byte nextByte;
version = 0;
nextByte = (byte) derStrm.peekByte();
if (nextByte == DerValue.tag_Integer) {
version = derStrm.getInteger();
if (version != 1) {
throw new CRLException("Invalid version");
}
}
tmp = derStrm.getDerValue();
AlgorithmId tmpId = AlgorithmId.parse(tmp);
if (!tmpId.equals(sigAlgId)) {
throw new CRLException("Signature algorithm mismatch");
}
infoSigAlgId = tmpId;
issuer = new X500Name(derStrm);
if (issuer.isEmpty()) {
throw new CRLException("Empty issuer DN not allowed in X509CRLs");
}
nextByte = (byte) derStrm.peekByte();
if (nextByte == DerValue.tag_UtcTime) {
thisUpdate = derStrm.getUTCTime();
} else if (nextByte == DerValue.tag_GeneralizedTime) {
thisUpdate = derStrm.getGeneralizedTime();
} else {
throw new CRLException("Invalid encoding for thisUpdate" + " (tag=" + nextByte + ")");
}
if (derStrm.available() == 0) {
return;
}
nextByte = (byte) derStrm.peekByte();
if (nextByte == DerValue.tag_UtcTime) {
nextUpdate = derStrm.getUTCTime();
} else if (nextByte == DerValue.tag_GeneralizedTime) {
nextUpdate = derStrm.getGeneralizedTime();
}
if (derStrm.available() == 0) {
return;
}
nextByte = (byte) derStrm.peekByte();
if ((nextByte == DerValue.tag_SequenceOf) && (!((nextByte & 0x0c0) == 0x080))) {
DerValue[] badCerts = derStrm.getSequence(4);
X500Principal crlIssuer = getIssuerX500Principal();
X500Principal badCertIssuer = crlIssuer;
for (int i = 0; i < badCerts.length; i++) {
X509CRLEntryImpl entry = new X509CRLEntryImpl(badCerts[i]);
badCertIssuer = getCertIssuer(entry, badCertIssuer);
entry.setCertificateIssuer(crlIssuer, badCertIssuer);
X509IssuerSerial issuerSerial =
new X509IssuerSerial(badCertIssuer, entry.getSerialNumber());
revokedMap.put(issuerSerial, entry);
revokedList.add(entry);
}
}
if (derStrm.available() == 0) {
return;
}
tmp = derStrm.getDerValue();
if (tmp.isConstructed() && tmp.isContextSpecific((byte) 0)) {
extensions = new CRLExtensions(tmp.data);
}
readOnly = true;
}
public X500Principal getIssuerX500Principal() {
if (issuerPrincipal == null) {
issuerPrincipal = issuer.asX500Principal();
}
return issuerPrincipal;
}
public String toString() {
StringBuffer sb = new StringBuffer();
sb.append("X.509 CRL v" + (version + 1) + "\n");
if (sigAlgId != null) {
sb.append(
"Signature Algorithm: "
+ sigAlgId.toString()
+ ", OID="
+ (sigAlgId.getOID()).toString()
+ "\n");
}
if (issuer != null) {
sb.append("Issuer: " + issuer.toString() + "\n");
}
if (thisUpdate != null) {
sb.append("\nThis Update: " + thisUpdate.toString() + "\n");
}
if (nextUpdate != null) {
sb.append("Next Update: " + nextUpdate.toString() + "\n");
}
if (revokedList.isEmpty()) {
sb.append("\nNO certificates have been revoked\n");
} else {
sb.append("\nRevoked Certificates: " + revokedList.size());
int i = 1;
for (X509CRLEntry entry : revokedList) {
sb.append("\n[" + i++ + "] " + entry.toString());
}
}
if (extensions != null) {
Collection<Extension> allExts = extensions.getAllExtensions();
Object[] objs = allExts.toArray();
sb.append("\nCRL Extensions: " + objs.length);
for (int i = 0; i < objs.length; i++) {
sb.append("\n[" + (i + 1) + "]: ");
Extension ext = (Extension) objs[i];
try {
if (OIDMap.getClass(ext.getExtensionId()) == null) {
sb.append(ext.toString());
byte[] extValue = ext.getExtensionValue();
if (extValue != null) {
DerOutputStream out = new DerOutputStream();
out.putOctetString(extValue);
extValue = out.toByteArray();
HexDumpEncoder enc = new HexDumpEncoder();
sb.append(
"Extension unknown: "
+ "DER encoded OCTET string =\n"
+ enc.encodeBuffer(extValue)
+ "\n");
}
} else {
sb.append(ext.toString());
}
} catch (Exception e) {
sb.append(", Error parsing this extension");
}
}
}
if (signature != null) {
HexDumpEncoder encoder = new HexDumpEncoder();
sb.append("\nSignature:\n" + encoder.encodeBuffer(signature) + "\n");
} else {
sb.append("NOT signed yet\n");
}
return sb.toString();
}
