private X500Principal getCertIssuer(X509CRLEntryImpl entry, X500Principal prevCertIssuer) throws IOException { CertificateIssuerExtension ciExt = entry.getCertificateIssuerExtension(); if (ciExt != null) { GeneralNames names = ciExt.get(CertificateIssuerExtension.ISSUER); X500Name issuerDN = (X500Name) names.get(0).getName(); return issuerDN.asX500Principal(); } else { return prevCertIssuer; } }
public void encodeInfo(OutputStream out) throws CRLException { try { DerOutputStream tmp = new DerOutputStream(); DerOutputStream rCerts = new DerOutputStream(); DerOutputStream seq = new DerOutputStream(); if (version != 0) { tmp.putInteger(version); } infoSigAlgId.encode(tmp); if ((version == 0) && (issuer.toString() == null)) { throw new CRLException("Null Issuer DN not allowed in v1 CRL"); } issuer.encode(tmp); if (thisUpdate.getTime() < YR_2050) { tmp.putUTCTime(thisUpdate); } else { tmp.putGeneralizedTime(thisUpdate); } if (nextUpdate != null) { if (nextUpdate.getTime() < YR_2050) { tmp.putUTCTime(nextUpdate); } else { tmp.putGeneralizedTime(nextUpdate); } } if (!revokedList.isEmpty()) { for (X509CRLEntry entry : revokedList) { ((X509CRLEntryImpl) entry).encode(rCerts); } tmp.write(DerValue.tag_Sequence, rCerts); } if (extensions != null) { extensions.encode(tmp, isExplicit); } seq.write(DerValue.tag_Sequence, tmp); tbsCertList = seq.toByteArray(); out.write(tbsCertList); } catch (IOException e) { throw new CRLException("Encoding error: " + e.getMessage()); } }
public String toString() { StringWriter str = new StringWriter(); PrintWriter out = new PrintWriter(str); out.println(X509CertificateImpl.class.getName() + " {"); out.println(" TBSCertificate {"); out.println(" version = " + version + ";"); out.println(" serialNo = " + serialNo + ";"); out.println(" signature = {"); out.println(" algorithm = " + getSigAlgName() + ";"); out.print(" parameters ="); if (sigAlgVal != null) { out.println(); out.print(Util.hexDump(sigAlgVal, " ")); } else { out.println(" null;"); } out.println(" }"); out.println(" issuer = " + issuer.getName() + ";"); out.println(" validity = {"); out.println(" notBefore = " + notBefore + ";"); out.println(" notAfter = " + notAfter + ";"); out.println(" }"); out.println(" subject = " + subject.getName() + ";"); out.println(" subjectPublicKeyInfo = {"); out.println(" algorithm = " + subjectKey.getAlgorithm()); out.println(" key ="); out.print(Util.hexDump(subjectKey.getEncoded(), " ")); out.println(" };"); out.println(" issuerUniqueId = " + issuerUniqueId + ";"); out.println(" subjectUniqueId = " + subjectUniqueId + ";"); out.println(" extensions = {"); for (Iterator it = extensions.values().iterator(); it.hasNext(); ) { out.println(" " + it.next()); } out.println(" }"); out.println(" }"); out.println(" signatureAlgorithm = " + getSigAlgName() + ";"); out.println(" signatureValue ="); out.print(Util.hexDump(signature, " ")); out.println("}"); return str.toString(); }
public X500Principal getSubjectX500Principal() { return new X500Principal(subject.getDer()); }
public X500Principal getIssuerX500Principal() { return new X500Principal(issuer.getDer()); }
private void parse(DerValue val) throws CRLException, IOException { if (readOnly) { throw new CRLException("cannot over-write existing CRL"); } if (val.getData() == null || val.tag != DerValue.tag_Sequence) { throw new CRLException("Invalid DER-encoded CRL data"); } signedCRL = val.toByteArray(); DerValue seq[] = new DerValue[3]; seq[0] = val.data.getDerValue(); seq[1] = val.data.getDerValue(); seq[2] = val.data.getDerValue(); if (val.data.available() != 0) { throw new CRLException("signed overrun, bytes = " + val.data.available()); } if (seq[0].tag != DerValue.tag_Sequence) { throw new CRLException("signed CRL fields invalid"); } sigAlgId = AlgorithmId.parse(seq[1]); signature = seq[2].getBitString(); if (seq[1].data.available() != 0) { throw new CRLException("AlgorithmId field overrun"); } if (seq[2].data.available() != 0) { throw new CRLException("Signature field overrun"); } tbsCertList = seq[0].toByteArray(); DerInputStream derStrm = seq[0].data; DerValue tmp; byte nextByte; version = 0; nextByte = (byte) derStrm.peekByte(); if (nextByte == DerValue.tag_Integer) { version = derStrm.getInteger(); if (version != 1) { throw new CRLException("Invalid version"); } } tmp = derStrm.getDerValue(); AlgorithmId tmpId = AlgorithmId.parse(tmp); if (!tmpId.equals(sigAlgId)) { throw new CRLException("Signature algorithm mismatch"); } infoSigAlgId = tmpId; issuer = new X500Name(derStrm); if (issuer.isEmpty()) { throw new CRLException("Empty issuer DN not allowed in X509CRLs"); } nextByte = (byte) derStrm.peekByte(); if (nextByte == DerValue.tag_UtcTime) { thisUpdate = derStrm.getUTCTime(); } else if (nextByte == DerValue.tag_GeneralizedTime) { thisUpdate = derStrm.getGeneralizedTime(); } else { throw new CRLException("Invalid encoding for thisUpdate" + " (tag=" + nextByte + ")"); } if (derStrm.available() == 0) { return; } nextByte = (byte) derStrm.peekByte(); if (nextByte == DerValue.tag_UtcTime) { nextUpdate = derStrm.getUTCTime(); } else if (nextByte == DerValue.tag_GeneralizedTime) { nextUpdate = derStrm.getGeneralizedTime(); } if (derStrm.available() == 0) { return; } nextByte = (byte) derStrm.peekByte(); if ((nextByte == DerValue.tag_SequenceOf) && (!((nextByte & 0x0c0) == 0x080))) { DerValue[] badCerts = derStrm.getSequence(4); X500Principal crlIssuer = getIssuerX500Principal(); X500Principal badCertIssuer = crlIssuer; for (int i = 0; i < badCerts.length; i++) { X509CRLEntryImpl entry = new X509CRLEntryImpl(badCerts[i]); badCertIssuer = getCertIssuer(entry, badCertIssuer); entry.setCertificateIssuer(crlIssuer, badCertIssuer); X509IssuerSerial issuerSerial = new X509IssuerSerial(badCertIssuer, entry.getSerialNumber()); revokedMap.put(issuerSerial, entry); revokedList.add(entry); } } if (derStrm.available() == 0) { return; } tmp = derStrm.getDerValue(); if (tmp.isConstructed() && tmp.isContextSpecific((byte) 0)) { extensions = new CRLExtensions(tmp.data); } readOnly = true; }
public X500Principal getIssuerX500Principal() { if (issuerPrincipal == null) { issuerPrincipal = issuer.asX500Principal(); } return issuerPrincipal; }
public String toString() { StringBuffer sb = new StringBuffer(); sb.append("X.509 CRL v" + (version + 1) + "\n"); if (sigAlgId != null) { sb.append( "Signature Algorithm: " + sigAlgId.toString() + ", OID=" + (sigAlgId.getOID()).toString() + "\n"); } if (issuer != null) { sb.append("Issuer: " + issuer.toString() + "\n"); } if (thisUpdate != null) { sb.append("\nThis Update: " + thisUpdate.toString() + "\n"); } if (nextUpdate != null) { sb.append("Next Update: " + nextUpdate.toString() + "\n"); } if (revokedList.isEmpty()) { sb.append("\nNO certificates have been revoked\n"); } else { sb.append("\nRevoked Certificates: " + revokedList.size()); int i = 1; for (X509CRLEntry entry : revokedList) { sb.append("\n[" + i++ + "] " + entry.toString()); } } if (extensions != null) { Collection<Extension> allExts = extensions.getAllExtensions(); Object[] objs = allExts.toArray(); sb.append("\nCRL Extensions: " + objs.length); for (int i = 0; i < objs.length; i++) { sb.append("\n[" + (i + 1) + "]: "); Extension ext = (Extension) objs[i]; try { if (OIDMap.getClass(ext.getExtensionId()) == null) { sb.append(ext.toString()); byte[] extValue = ext.getExtensionValue(); if (extValue != null) { DerOutputStream out = new DerOutputStream(); out.putOctetString(extValue); extValue = out.toByteArray(); HexDumpEncoder enc = new HexDumpEncoder(); sb.append( "Extension unknown: " + "DER encoded OCTET string =\n" + enc.encodeBuffer(extValue) + "\n"); } } else { sb.append(ext.toString()); } } catch (Exception e) { sb.append(", Error parsing this extension"); } } } if (signature != null) { HexDumpEncoder encoder = new HexDumpEncoder(); sb.append("\nSignature:\n" + encoder.encodeBuffer(signature) + "\n"); } else { sb.append("NOT signed yet\n"); } return sb.toString(); }