public Object getExtension(ObjectIdentifier oid) { if (extensions == null) { return null; } return extensions.get(OIDMap.getName(oid)); }
public Set<String> getNonCriticalExtensionOIDs() { if (extensions == null) { return null; } Set<String> extSet = new TreeSet<>(); for (Extension ex : extensions.getAllExtensions()) { if (!ex.isCritical()) { extSet.add(ex.getExtensionId().toString()); } } return extSet; }
public byte[] getExtensionValue(String oid) { if (extensions == null) { return null; } try { String extAlias = OIDMap.getName(new ObjectIdentifier(oid)); Extension crlExt = null; if (extAlias == null) { ObjectIdentifier findOID = new ObjectIdentifier(oid); Extension ex = null; ObjectIdentifier inCertOID; for (Enumeration<Extension> e = extensions.getElements(); e.hasMoreElements(); ) { ex = e.nextElement(); inCertOID = ex.getExtensionId(); if (inCertOID.equals((Object) findOID)) { crlExt = ex; break; } } } else { crlExt = extensions.get(extAlias); } if (crlExt == null) { return null; } byte[] extData = crlExt.getExtensionValue(); if (extData == null) { return null; } DerOutputStream out = new DerOutputStream(); out.putOctetString(extData); return out.toByteArray(); } catch (Exception e) { return null; } }
public void encodeInfo(OutputStream out) throws CRLException { try { DerOutputStream tmp = new DerOutputStream(); DerOutputStream rCerts = new DerOutputStream(); DerOutputStream seq = new DerOutputStream(); if (version != 0) { tmp.putInteger(version); } infoSigAlgId.encode(tmp); if ((version == 0) && (issuer.toString() == null)) { throw new CRLException("Null Issuer DN not allowed in v1 CRL"); } issuer.encode(tmp); if (thisUpdate.getTime() < YR_2050) { tmp.putUTCTime(thisUpdate); } else { tmp.putGeneralizedTime(thisUpdate); } if (nextUpdate != null) { if (nextUpdate.getTime() < YR_2050) { tmp.putUTCTime(nextUpdate); } else { tmp.putGeneralizedTime(nextUpdate); } } if (!revokedList.isEmpty()) { for (X509CRLEntry entry : revokedList) { ((X509CRLEntryImpl) entry).encode(rCerts); } tmp.write(DerValue.tag_Sequence, rCerts); } if (extensions != null) { extensions.encode(tmp, isExplicit); } seq.write(DerValue.tag_Sequence, tmp); tbsCertList = seq.toByteArray(); out.write(tbsCertList); } catch (IOException e) { throw new CRLException("Encoding error: " + e.getMessage()); } }
public boolean hasUnsupportedCriticalExtension() { if (extensions == null) { return false; } return extensions.hasUnsupportedCriticalExtension(); }
public String toString() { StringBuffer sb = new StringBuffer(); sb.append("X.509 CRL v" + (version + 1) + "\n"); if (sigAlgId != null) { sb.append( "Signature Algorithm: " + sigAlgId.toString() + ", OID=" + (sigAlgId.getOID()).toString() + "\n"); } if (issuer != null) { sb.append("Issuer: " + issuer.toString() + "\n"); } if (thisUpdate != null) { sb.append("\nThis Update: " + thisUpdate.toString() + "\n"); } if (nextUpdate != null) { sb.append("Next Update: " + nextUpdate.toString() + "\n"); } if (revokedList.isEmpty()) { sb.append("\nNO certificates have been revoked\n"); } else { sb.append("\nRevoked Certificates: " + revokedList.size()); int i = 1; for (X509CRLEntry entry : revokedList) { sb.append("\n[" + i++ + "] " + entry.toString()); } } if (extensions != null) { Collection<Extension> allExts = extensions.getAllExtensions(); Object[] objs = allExts.toArray(); sb.append("\nCRL Extensions: " + objs.length); for (int i = 0; i < objs.length; i++) { sb.append("\n[" + (i + 1) + "]: "); Extension ext = (Extension) objs[i]; try { if (OIDMap.getClass(ext.getExtensionId()) == null) { sb.append(ext.toString()); byte[] extValue = ext.getExtensionValue(); if (extValue != null) { DerOutputStream out = new DerOutputStream(); out.putOctetString(extValue); extValue = out.toByteArray(); HexDumpEncoder enc = new HexDumpEncoder(); sb.append( "Extension unknown: " + "DER encoded OCTET string =\n" + enc.encodeBuffer(extValue) + "\n"); } } else { sb.append(ext.toString()); } } catch (Exception e) { sb.append(", Error parsing this extension"); } } } if (signature != null) { HexDumpEncoder encoder = new HexDumpEncoder(); sb.append("\nSignature:\n" + encoder.encodeBuffer(signature) + "\n"); } else { sb.append("NOT signed yet\n"); } return sb.toString(); }