public void encodeInfo(OutputStream out) throws CRLException {
try {
DerOutputStream tmp = new DerOutputStream();
DerOutputStream rCerts = new DerOutputStream();
DerOutputStream seq = new DerOutputStream();
if (version != 0) {
tmp.putInteger(version);
}
infoSigAlgId.encode(tmp);
if ((version == 0) && (issuer.toString() == null)) {
throw new CRLException("Null Issuer DN not allowed in v1 CRL");
}
issuer.encode(tmp);
if (thisUpdate.getTime() < YR_2050) {
tmp.putUTCTime(thisUpdate);
} else {
tmp.putGeneralizedTime(thisUpdate);
}
if (nextUpdate != null) {
if (nextUpdate.getTime() < YR_2050) {
tmp.putUTCTime(nextUpdate);
} else {
tmp.putGeneralizedTime(nextUpdate);
}
}
if (!revokedList.isEmpty()) {
for (X509CRLEntry entry : revokedList) {
((X509CRLEntryImpl) entry).encode(rCerts);
}
tmp.write(DerValue.tag_Sequence, rCerts);
}
if (extensions != null) {
extensions.encode(tmp, isExplicit);
}
seq.write(DerValue.tag_Sequence, tmp);
tbsCertList = seq.toByteArray();
out.write(tbsCertList);
} catch (IOException e) {
throw new CRLException("Encoding error: " + e.getMessage());
}
}
public void encode(DerOutputStream out) throws IOException {
if (extensionId == null) {
throw new IOException("Null OID to encode for the extension!");
}
if (extensionValue == null) {
throw new IOException("No value to encode for the extension!");
}
DerOutputStream dos = new DerOutputStream();
dos.putOID(extensionId);
if (critical) {
dos.putBoolean(critical);
}
dos.putOctetString(extensionValue);
out.write(DerValue.tag_Sequence, dos);
}
public byte[] getExtensionValue(String oid) {
if (extensions == null) {
return null;
}
try {
String extAlias = OIDMap.getName(new ObjectIdentifier(oid));
Extension crlExt = null;
if (extAlias == null) {
ObjectIdentifier findOID = new ObjectIdentifier(oid);
Extension ex = null;
ObjectIdentifier inCertOID;
for (Enumeration<Extension> e = extensions.getElements(); e.hasMoreElements(); ) {
ex = e.nextElement();
inCertOID = ex.getExtensionId();
if (inCertOID.equals((Object) findOID)) {
crlExt = ex;
break;
}
}
} else {
crlExt = extensions.get(extAlias);
}
if (crlExt == null) {
return null;
}
byte[] extData = crlExt.getExtensionValue();
if (extData == null) {
return null;
}
DerOutputStream out = new DerOutputStream();
out.putOctetString(extData);
return out.toByteArray();
} catch (Exception e) {
return null;
}
}
public void sign(PrivateKey key, String algorithm, String provider)
throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException,
SignatureException {
try {
if (readOnly) {
throw new CRLException("cannot over-write existing CRL");
}
Signature sigEngine = null;
if ((provider == null) || (provider.length() == 0)) {
sigEngine = Signature.getInstance(algorithm);
} else {
sigEngine = Signature.getInstance(algorithm, provider);
}
sigEngine.initSign(key);
sigAlgId = AlgorithmId.get(sigEngine.getAlgorithm());
infoSigAlgId = sigAlgId;
DerOutputStream out = new DerOutputStream();
DerOutputStream tmp = new DerOutputStream();
encodeInfo(tmp);
sigAlgId.encode(tmp);
sigEngine.update(tbsCertList, 0, tbsCertList.length);
signature = sigEngine.sign();
tmp.putBitString(signature);
out.write(DerValue.tag_Sequence, tmp);
signedCRL = out.toByteArray();
readOnly = true;
} catch (IOException e) {
throw new CRLException("Error while encoding data: " + e.getMessage());
}
}
public void encode(OutputStream out) throws IOException {
if (out == null) {
throw new NullPointerException();
}
DerOutputStream dos1 = new DerOutputStream();
DerOutputStream dos2 = new DerOutputStream();
dos1.putOID(extensionId);
if (critical) {
dos1.putBoolean(critical);
}
dos1.putOctetString(extensionValue);
dos2.write(DerValue.tag_Sequence, dos1);
out.write(dos2.toByteArray());
}
public String toString() {
StringBuffer sb = new StringBuffer();
sb.append("X.509 CRL v" + (version + 1) + "\n");
if (sigAlgId != null) {
sb.append(
"Signature Algorithm: "
+ sigAlgId.toString()
+ ", OID="
+ (sigAlgId.getOID()).toString()
+ "\n");
}
if (issuer != null) {
sb.append("Issuer: " + issuer.toString() + "\n");
}
if (thisUpdate != null) {
sb.append("\nThis Update: " + thisUpdate.toString() + "\n");
}
if (nextUpdate != null) {
sb.append("Next Update: " + nextUpdate.toString() + "\n");
}
if (revokedList.isEmpty()) {
sb.append("\nNO certificates have been revoked\n");
} else {
sb.append("\nRevoked Certificates: " + revokedList.size());
int i = 1;
for (X509CRLEntry entry : revokedList) {
sb.append("\n[" + i++ + "] " + entry.toString());
}
}
if (extensions != null) {
Collection<Extension> allExts = extensions.getAllExtensions();
Object[] objs = allExts.toArray();
sb.append("\nCRL Extensions: " + objs.length);
for (int i = 0; i < objs.length; i++) {
sb.append("\n[" + (i + 1) + "]: ");
Extension ext = (Extension) objs[i];
try {
if (OIDMap.getClass(ext.getExtensionId()) == null) {
sb.append(ext.toString());
byte[] extValue = ext.getExtensionValue();
if (extValue != null) {
DerOutputStream out = new DerOutputStream();
out.putOctetString(extValue);
extValue = out.toByteArray();
HexDumpEncoder enc = new HexDumpEncoder();
sb.append(
"Extension unknown: "
+ "DER encoded OCTET string =\n"
+ enc.encodeBuffer(extValue)
+ "\n");
}
} else {
sb.append(ext.toString());
}
} catch (Exception e) {
sb.append(", Error parsing this extension");
}
}
}
if (signature != null) {
HexDumpEncoder encoder = new HexDumpEncoder();
sb.append("\nSignature:\n" + encoder.encodeBuffer(signature) + "\n");
} else {
sb.append("NOT signed yet\n");
}
return sb.toString();
}