diff options
| author | Ade Lee <alee@redhat.com> | 2011-12-07 16:58:12 -0500 |
|---|---|---|
| committer | Ade Lee <alee@redhat.com> | 2011-12-07 16:58:12 -0500 |
| commit | 32150d3ee32f8ac27118af7c792794b538c78a2f (patch) | |
| tree | 52dd96f664a6fa51be25b28b6f10adc5f2c9f660 /pki/base/util/src/netscape/security/x509/X509CRLImpl.java | |
| parent | f05d58a46795553beb8881039cc922974b40db34 (diff) | |
| download | pki-32150d3ee32f8ac27118af7c792794b538c78a2f.tar.gz pki-32150d3ee32f8ac27118af7c792794b538c78a2f.tar.xz pki-32150d3ee32f8ac27118af7c792794b538c78a2f.zip | |
Formatting
Formatted project according to eclipse project settings
Diffstat (limited to 'pki/base/util/src/netscape/security/x509/X509CRLImpl.java')
| -rwxr-xr-x | pki/base/util/src/netscape/security/x509/X509CRLImpl.java | 591 |
1 files changed, 286 insertions, 305 deletions
diff --git a/pki/base/util/src/netscape/security/x509/X509CRLImpl.java b/pki/base/util/src/netscape/security/x509/X509CRLImpl.java index c76e8e25b..901b1c4fc 100755 --- a/pki/base/util/src/netscape/security/x509/X509CRLImpl.java +++ b/pki/base/util/src/netscape/security/x509/X509CRLImpl.java @@ -51,19 +51,19 @@ import netscape.security.util.ObjectIdentifier; * An implmentation for X509 CRL (Certificate Revocation List). * <p> * The X.509 v2 CRL format is described below in ASN.1: + * * <pre> * </pre> * <p> - * CertificateList ::= SEQUENCE { - * tbsCertList TBSCertList, - * signatureAlgorithm AlgorithmIdentifier, - * signature BIT STRING } + * CertificateList ::= SEQUENCE { tbsCertList TBSCertList, signatureAlgorithm + * AlgorithmIdentifier, signature BIT STRING } * <p> - * A good description and profiling is provided in the IETF PKIX WG - * draft, Part I: X.509 Certificate and CRL Profile, + * A good description and profiling is provided in the IETF PKIX WG draft, Part + * I: X.509 Certificate and CRL Profile, * <draft-ietf-pkix-ipki-part1-06.txt>. * <p> * The ASN.1 definition of <code>tbsCertList</code> is: + * * <pre> * TBSCertList ::= SEQUENCE { * version Version OPTIONAL, @@ -82,7 +82,7 @@ import netscape.security.util.ObjectIdentifier; * -- if present, must be v2 * } * </pre> - * + * * @author Hemma Prafullchandra * @version 1.8 * @see X509CRL @@ -90,45 +90,44 @@ import netscape.security.util.ObjectIdentifier; public class X509CRLImpl extends X509CRL { // CRL data, and its envelope - private byte[] signedCRL = null; // DER encoded crl - private byte[] signature = null; // raw signature bits - private byte[] tbsCertList = null; // DER encoded "to-be-signed" CRL - private AlgorithmId sigAlgId; // sig alg in CRL + private byte[] signedCRL = null; // DER encoded crl + private byte[] signature = null; // raw signature bits + private byte[] tbsCertList = null; // DER encoded "to-be-signed" CRL + private AlgorithmId sigAlgId; // sig alg in CRL // crl information - private int version; - private AlgorithmId infoSigAlgId; // sig alg in "to-be-signed" crl - private X500Name issuer; - private Date thisUpdate = null; - private Date nextUpdate = null; -// private static final Hashtable revokedCerts = new Hashtable(); - private Hashtable<BigInteger,RevokedCertificate> revokedCerts = new Hashtable<BigInteger, RevokedCertificate>(); -// private static CRLExtensions extensions = null; - private CRLExtensions extensions = null; + private int version; + private AlgorithmId infoSigAlgId; // sig alg in "to-be-signed" crl + private X500Name issuer; + private Date thisUpdate = null; + private Date nextUpdate = null; + // private static final Hashtable revokedCerts = new Hashtable(); + private Hashtable<BigInteger, RevokedCertificate> revokedCerts = new Hashtable<BigInteger, RevokedCertificate>(); + // private static CRLExtensions extensions = null; + private CRLExtensions extensions = null; private boolean entriesIncluded = true; private final static boolean isExplicit = true; private boolean readOnly = false; /** - * Not to be used. As it would lead to cases of uninitialized - * CRL objects. + * Not to be used. As it would lead to cases of uninitialized CRL objects. */ - private X509CRLImpl() { } + private X509CRLImpl() { + } /** - * Unmarshals an X.509 CRL from its encoded form, parsing the encoded - * bytes. This form of constructor is used by agents which - * need to examine and use CRL contents. Note that the buffer - * must include only one CRL, and no "garbage" may be left at - * the end. - * + * Unmarshals an X.509 CRL from its encoded form, parsing the encoded bytes. + * This form of constructor is used by agents which need to examine and use + * CRL contents. Note that the buffer must include only one CRL, and no + * "garbage" may be left at the end. + * * @param crlData the encoded bytes, with no trailing padding. * @exception CRLException on parsing errors. * @exception X509ExtensionException on extension handling errors. */ - public X509CRLImpl(byte[] crlData) - throws CRLException, X509ExtensionException { + public X509CRLImpl(byte[] crlData) throws CRLException, + X509ExtensionException { try { DerValue in = new DerValue(crlData); @@ -140,7 +139,7 @@ public class X509CRLImpl extends X509CRL { } public X509CRLImpl(byte[] crlData, boolean includeEntries) - throws CRLException, X509ExtensionException { + throws CRLException, X509ExtensionException { try { entriesIncluded = includeEntries; DerValue in = new DerValue(crlData); @@ -153,15 +152,15 @@ public class X509CRLImpl extends X509CRL { } /** - * Unmarshals an X.509 CRL from an input stream. Only one CRL - * is expected at the end of the input stream. - * + * Unmarshals an X.509 CRL from an input stream. Only one CRL is expected at + * the end of the input stream. + * * @param inStrm an input stream holding at least one CRL * @exception CRLException on parsing errors. * @exception X509ExtensionException on extension handling errors. */ - public X509CRLImpl(InputStream inStrm) - throws CRLException, X509ExtensionException { + public X509CRLImpl(InputStream inStrm) throws CRLException, + X509ExtensionException { try { DerValue val = new DerValue(inStrm); @@ -174,7 +173,7 @@ public class X509CRLImpl extends X509CRL { /** * Initial CRL constructor, no revoked certs, and no extensions. - * + * * @param issuer the name of the CA issuing this CRL. * @param thisUpdate the Date of this issue. * @param nextUpdate the Date of the next CRL. @@ -187,43 +186,43 @@ public class X509CRLImpl extends X509CRL { /** * CRL constructor, revoked certs, no extensions. - * + * * @param issuer the name of the CA issuing this CRL. * @param thisUpdate the Date of this issue. * @param nextUpdate the Date of the next CRL. * @param badCerts the array of revoked certificates. - * + * * @exception CRLException on parsing/construction errors. * @exception X509ExtensionException on extension handling errors. */ public X509CRLImpl(X500Name issuer, Date thisDate, Date nextDate, - RevokedCertificate[] badCerts) - throws CRLException, X509ExtensionException { + RevokedCertificate[] badCerts) throws CRLException, + X509ExtensionException { this.issuer = issuer; this.thisUpdate = thisDate; this.nextUpdate = nextDate; if (badCerts != null) { for (int i = 0; i < badCerts.length; i++) this.revokedCerts.put(badCerts[i].getSerialNumber(), - badCerts[i]); + badCerts[i]); } } /** * CRL constructor, revoked certs and extensions. - * + * * @param issuer the name of the CA issuing this CRL. * @param thisUpdate the Date of this issue. * @param nextUpdate the Date of the next CRL. * @param badCerts the array of revoked certificates. * @param crlExts the CRL extensions. - * + * * @exception CRLException on parsing/construction errors. * @exception X509ExtensionException on extension handling errors. */ public X509CRLImpl(X500Name issuer, Date thisDate, Date nextDate, - RevokedCertificate[] badCerts, CRLExtensions crlExts) - throws CRLException, X509ExtensionException { + RevokedCertificate[] badCerts, CRLExtensions crlExts) + throws CRLException, X509ExtensionException { this.issuer = issuer; this.thisUpdate = thisDate; this.nextUpdate = nextDate; @@ -231,7 +230,7 @@ public class X509CRLImpl extends X509CRL { for (int i = 0; i < badCerts.length; i++) { if (badCerts[i] != null) { this.revokedCerts.put(badCerts[i].getSerialNumber(), - badCerts[i]); + badCerts[i]); if (badCerts[i].hasExtensions()) this.version = 1; } @@ -243,13 +242,11 @@ public class X509CRLImpl extends X509CRL { } } - /** - * CRL constructor, revoked certs and extensions. - * This will be used by code that constructs CRL and uses - * encodeInfo() in order to sign it using external means - * (other than sign() method) - * + * CRL constructor, revoked certs and extensions. This will be used by code + * that constructs CRL and uses encodeInfo() in order to sign it using + * external means (other than sign() method) + * * @param issuer the name of the CA issuing this CRL. * @param sigAlg signing algorithm id * @param thisUpdate the Date of this issue. @@ -257,31 +254,29 @@ public class X509CRLImpl extends X509CRL { * @param badCerts the array of revoked certificates. * @param crlExts the CRL extensions. */ - public X509CRLImpl(X500Name issuer, AlgorithmId algId, Date thisDate, Date nextDate, - RevokedCertificate[] badCerts, CRLExtensions crlExts) - throws CRLException, X509ExtensionException { - this(issuer,thisDate,nextDate,badCerts,crlExts); + public X509CRLImpl(X500Name issuer, AlgorithmId algId, Date thisDate, + Date nextDate, RevokedCertificate[] badCerts, CRLExtensions crlExts) + throws CRLException, X509ExtensionException { + this(issuer, thisDate, nextDate, badCerts, crlExts); infoSigAlgId = algId; } - /** * CRL constructor, revoked certs and extensions. - * + * * @param issuer the name of the CA issuing this CRL. * @param sigAlg signing algorithm id * @param thisUpdate the Date of this issue. * @param nextUpdate the Date of the next CRL. * @param badCerts the hashtable of revoked certificates. * @param crlExts the CRL extensions. - * + * * @exception CRLException on parsing/construction errors. * @exception X509ExtensionException on extension handling errors. */ - public X509CRLImpl(X500Name issuer, AlgorithmId algId, - Date thisDate, Date nextDate, - Hashtable<BigInteger,RevokedCertificate> badCerts, CRLExtensions crlExts) - throws CRLException, X509ExtensionException { + public X509CRLImpl(X500Name issuer, AlgorithmId algId, Date thisDate, + Date nextDate, Hashtable<BigInteger, RevokedCertificate> badCerts, + CRLExtensions crlExts) throws CRLException, X509ExtensionException { this.issuer = issuer; this.thisUpdate = thisDate; this.nextUpdate = nextDate; @@ -293,10 +288,9 @@ public class X509CRLImpl extends X509CRL { infoSigAlgId = algId; } - /** * Returns the ASN.1 DER encoded form of this CRL. - * + * * @exception CRLException if an encoding error occurs. */ public byte[] getEncoded() throws CRLException { @@ -309,7 +303,7 @@ public class X509CRLImpl extends X509CRL { /** * Returns true if signedCRL was set. - * + * * @param byte array of containing signed CRL. */ public boolean setSignedCRL(byte[] crl) { @@ -322,20 +316,20 @@ public class X509CRLImpl extends X509CRL { return done; } - public boolean hasUnsupportedCriticalExtension() { - // XXX NOT IMPLEMENTED - return true; - } + public boolean hasUnsupportedCriticalExtension() { + // XXX NOT IMPLEMENTED + return true; + } /** * Encodes the "to-be-signed" CRL to the OutputStream. - * + * * @param out the OutputStream to write to. * @exception CRLException on encoding errors. * @exception X509ExtensionException on extension encoding errors. */ - public void encodeInfo(OutputStream out) - throws CRLException, X509ExtensionException { + public void encodeInfo(OutputStream out) throws CRLException, + X509ExtensionException { try { DerOutputStream tmp = new DerOutputStream(); DerOutputStream rCerts = new DerOutputStream(); @@ -352,10 +346,10 @@ public class X509CRLImpl extends X509CRL { if (nextUpdate != null) tmp.putUTCTime(nextUpdate); - if (! revokedCerts.isEmpty()) { - for (Enumeration<RevokedCertificate> e = revokedCerts.elements(); - e.hasMoreElements();) - ((RevokedCertImpl)e.nextElement()).encode(rCerts); + if (!revokedCerts.isEmpty()) { + for (Enumeration<RevokedCertificate> e = revokedCerts + .elements(); e.hasMoreElements();) + ((RevokedCertImpl) e.nextElement()).encode(rCerts); tmp.write(DerValue.tag_Sequence, rCerts); } @@ -367,64 +361,61 @@ public class X509CRLImpl extends X509CRL { tbsCertList = seq.toByteArray(); out.write(tbsCertList); } catch (IOException e) { - throw new CRLException("Encoding error: " + e.getMessage()); + throw new CRLException("Encoding error: " + e.getMessage()); } } /** - * Verifies that this CRL was signed using the - * private key that corresponds to the specified public key. - * + * Verifies that this CRL was signed using the private key that corresponds + * to the specified public key. + * * @param key the PublicKey used to carry out the verification. - * - * @exception NoSuchAlgorithmException on unsupported signature - * algorithms. + * + * @exception NoSuchAlgorithmException on unsupported signature algorithms. * @exception InvalidKeyException on incorrect key. * @exception NoSuchProviderException if there's no default provider. * @exception SignatureException on signature errors. * @exception CRLException on encoding errors. */ - public void verify(PublicKey key) - throws CRLException, NoSuchAlgorithmException, InvalidKeyException, - NoSuchProviderException, SignatureException { + public void verify(PublicKey key) throws CRLException, + NoSuchAlgorithmException, InvalidKeyException, + NoSuchProviderException, SignatureException { verify(key, null); } /** - * Verifies that this CRL was signed using the - * private key that corresponds to the specified public key, - * and that the signature verification was computed by - * the given provider. - * + * Verifies that this CRL was signed using the private key that corresponds + * to the specified public key, and that the signature verification was + * computed by the given provider. + * * @param key the PublicKey used to carry out the verification. * @param sigProvider the name of the signature provider. - * - * @exception NoSuchAlgorithmException on unsupported signature - * algorithms. + * + * @exception NoSuchAlgorithmException on unsupported signature algorithms. * @exception InvalidKeyException on incorrect key. * @exception NoSuchProviderException on incorrect provider. * @exception SignatureException on signature errors. * @exception CRLException on encoding errors. */ - public void verify(PublicKey key, String sigProvider) - throws CRLException, NoSuchAlgorithmException, InvalidKeyException, - NoSuchProviderException, SignatureException { + public void verify(PublicKey key, String sigProvider) throws CRLException, + NoSuchAlgorithmException, InvalidKeyException, + NoSuchProviderException, SignatureException { if (signedCRL == null) { throw new CRLException("Uninitialized CRL"); } - Signature sigVerf = null; + Signature sigVerf = null; String sigAlg = sigAlgId.getName(); if (sigProvider.equals("Mozilla-JSS")) { - if (sigAlg.equals("MD5withRSA")) { - sigAlg = "MD5/RSA"; - } else if (sigAlg.equals("MD2withRSA")) { - sigAlg = "MD2/RSA"; - } else if (sigAlg.equals("SHA1withRSA")) { - sigAlg = "SHA1/RSA"; - } else if (sigAlg.equals("SHA1withDSA")) { - sigAlg = "SHA1/DSA"; - } + if (sigAlg.equals("MD5withRSA")) { + sigAlg = "MD5/RSA"; + } else if (sigAlg.equals("MD2withRSA")) { + sigAlg = "MD2/RSA"; + } else if (sigAlg.equals("SHA1withRSA")) { + sigAlg = "SHA1/RSA"; + } else if (sigAlg.equals("SHA1withDSA")) { + sigAlg = "SHA1/DSA"; + } } sigVerf = Signature.getInstance(sigAlg, sigProvider); sigVerf.initVerify(key); @@ -440,36 +431,32 @@ public class X509CRLImpl extends X509CRL { } /** - * Encodes an X.509 CRL, and signs it using the key - * passed. - * + * Encodes an X.509 CRL, and signs it using the key passed. + * * @param key the private key used for signing. * @param algorithm the name of the signature algorithm used. - * - * @exception NoSuchAlgorithmException on unsupported signature - * algorithms. + * + * @exception NoSuchAlgorithmException on unsupported signature algorithms. * @exception InvalidKeyException on incorrect key. * @exception NoSuchProviderException on incorrect provider. * @exception SignatureException on signature errors. * @exception CRLException if any mandatory data was omitted. * @exception X509ExtensionException on any extension errors. */ - public void sign(PrivateKey key, String algorithm) - throws CRLException, NoSuchAlgorithmException, InvalidKeyException, - NoSuchProviderException, SignatureException, X509ExtensionException { + public void sign(PrivateKey key, String algorithm) throws CRLException, + NoSuchAlgorithmException, InvalidKeyException, + NoSuchProviderException, SignatureException, X509ExtensionException { sign(key, algorithm, null); } /** - * Encodes an X.509 CRL, and signs it using the key - * passed. - * + * Encodes an X.509 CRL, and signs it using the key passed. + * * @param key the private key used for signing. * @param algorithm the name of the signature algorithm used. * @param provider the name of the provider. - * - * @exception NoSuchAlgorithmException on unsupported signature - * algorithms. + * + * @exception NoSuchAlgorithmException on unsupported signature algorithms. * @exception InvalidKeyException on incorrect key. * @exception NoSuchProviderException on incorrect provider. * @exception SignatureException on signature errors. @@ -477,8 +464,8 @@ public class X509CRLImpl extends X509CRL { * @exception X509ExtensionException on any extension errors. */ public void sign(PrivateKey key, String algorithm, String provider) - throws CRLException, NoSuchAlgorithmException, InvalidKeyException, - NoSuchProviderException, SignatureException, X509ExtensionException { + throws CRLException, NoSuchAlgorithmException, InvalidKeyException, + NoSuchProviderException, SignatureException, X509ExtensionException { try { if (readOnly) throw new CRLException("cannot over-write existing CRL"); @@ -490,7 +477,7 @@ public class X509CRLImpl extends X509CRL { sigEngine.initSign(key); - // in case the name is reset + // in case the name is reset sigAlgId = AlgorithmId.get(sigEngine.getAlgorithm()); infoSigAlgId = sigAlgId; @@ -514,21 +501,21 @@ public class X509CRLImpl extends X509CRL { readOnly = true; } catch (IOException e) { - throw new CRLException("Error while encoding data: " + - e.getMessage()); + throw new CRLException("Error while encoding data: " + + e.getMessage()); } } /** * Returns a printable string of this CRL. - * + * * @return value of this CRL in a printable form. */ public String toString() { StringBuffer sb = new StringBuffer(); - sb.append("X.509 CRL v" + (version+1) + "\n"); - sb.append("Signature Algorithm: " + sigAlgId.toString() + - ", OID=" + (sigAlgId.getOID()).toString() + "\n"); + sb.append("X.509 CRL v" + (version + 1) + "\n"); + sb.append("Signature Algorithm: " + sigAlgId.toString() + ", OID=" + + (sigAlgId.getOID()).toString() + "\n"); sb.append("Issuer: " + issuer.toString() + "\n"); sb.append("\nThis Update: " + thisUpdate.toString() + "\n"); if (nextUpdate != null) @@ -537,19 +524,19 @@ public class X509CRLImpl extends X509CRL { sb.append("\nNO certificates have been revoked\n"); else { sb.append("\nRevoked Certificates:\n"); - for (Enumeration<RevokedCertificate> e = revokedCerts.elements(); - e.hasMoreElements();) - sb.append(((RevokedCertificate)e.nextElement()).toString()); + for (Enumeration<RevokedCertificate> e = revokedCerts.elements(); e + .hasMoreElements();) + sb.append(((RevokedCertificate) e.nextElement()).toString()); } if (extensions != null) { for (int i = 0; i < extensions.size(); i++) { - sb.append("\nCRL Extension[" + i + "]: " + - ((Extension)(extensions.elementAt(i))).toString()); + sb.append("\nCRL Extension[" + i + "]: " + + ((Extension) (extensions.elementAt(i))).toString()); } } - netscape.security.util.PrettyPrintFormat pp = - new netscape.security.util.PrettyPrintFormat(" ", 20); - String signaturebits = pp.toHexString(signature); + netscape.security.util.PrettyPrintFormat pp = new netscape.security.util.PrettyPrintFormat( + " ", 20); + String signaturebits = pp.toHexString(signature); sb.append("\nSignature:\n" + signaturebits); return sb.toString(); @@ -557,10 +544,9 @@ public class X509CRLImpl extends X509CRL { /** * Checks whether the given serial number is on this CRL. - * + * * @param serialNumber the number to check for. - * @return true if the given serial number is on this CRL, - * false otherwise. + * @return true if the given serial number is on this CRL, false otherwise. */ public boolean isRevoked(BigInteger serialNumber) { if (revokedCerts == null || revokedCerts.isEmpty()) @@ -568,24 +554,25 @@ public class X509CRLImpl extends X509CRL { return revokedCerts.containsKey(serialNumber); } - public boolean isRevoked(Certificate cert) { - if (cert == null) - return false; - if (cert instanceof X509Certificate) { - return isRevoked(((X509Certificate)cert).getSerialNumber()); - } else { - return false; - } - } + public boolean isRevoked(Certificate cert) { + if (cert == null) + return false; + if (cert instanceof X509Certificate) { + return isRevoked(((X509Certificate) cert).getSerialNumber()); + } else { + return false; + } + } /** - * Gets the version number from the CRL. - * The ASN.1 definition for this is: + * Gets the version number from the CRL. The ASN.1 definition for this is: + * * <pre> * Version ::= INTEGER { v1(0), v2(1), v3(2) } * -- v3 does not apply to CRLs but appears for consistency * -- with definition of Version for certs * </pre> + * * @return the version number. */ public int getVersion() { @@ -593,41 +580,41 @@ public class X509CRLImpl extends X509CRL { } /** - * Gets the issuer distinguished name from this CRL. - * The issuer name identifies the entity who has signed (and - * issued the CRL). The issuer name field contains an - * X.500 distinguished name (DN). - * The ASN.1 definition for this is: + * Gets the issuer distinguished name from this CRL. The issuer name + * identifies the entity who has signed (and issued the CRL). The issuer + * name field contains an X.500 distinguished name (DN). The ASN.1 + * definition for this is: + * * <pre> * issuer Name - * + * * Name ::= CHOICE { RDNSequence } * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName * RelativeDistinguishedName ::= * SET OF AttributeValueAssertion - * + * * AttributeValueAssertion ::= SEQUENCE { * AttributeType, * AttributeValue } * AttributeType ::= OBJECT IDENTIFIER * AttributeValue ::= ANY * </pre> - * The Name describes a hierarchical name composed of attributes, - * such as country name, and corresponding values, such as US. - * The type of the component AttributeValue is determined by the - * AttributeType; in general it will be a directoryString. - * A directoryString is usually one of PrintableString, - * TeletexString or UniversalString. + * + * The Name describes a hierarchical name composed of attributes, such as + * country name, and corresponding values, such as US. The type of the + * component AttributeValue is determined by the AttributeType; in general + * it will be a directoryString. A directoryString is usually one of + * PrintableString, TeletexString or UniversalString. + * * @return the issuer name. */ public Principal getIssuerDN() { - return (Principal)issuer; + return (Principal) issuer; } /** - * Gets the thisUpdate date from the CRL. - * The ASN.1 definition for this is: - * + * Gets the thisUpdate date from the CRL. The ASN.1 definition for this is: + * * @return the thisUpdate date from the CRL. */ public Date getThisUpdate() { @@ -636,9 +623,8 @@ public class X509CRLImpl extends X509CRL { /** * Gets the nextUpdate date from the CRL. - * - * @return the nextUpdate date from the CRL, or null if - * not present. + * + * @return the nextUpdate date from the CRL, or null if not present. */ public Date getNextUpdate() { if (nextUpdate == null) @@ -647,44 +633,44 @@ public class X509CRLImpl extends X509CRL { } /** - * Get the revoked certificate from the CRL by the serial - * number provided. - * - * @return the revoked certificate or null if there is - * no entry in the CRL marked with the provided serial number. + * Get the revoked certificate from the CRL by the serial number provided. + * + * @return the revoked certificate or null if there is no entry in the CRL + * marked with the provided serial number. * @see RevokedCertificate */ public X509CRLEntry getRevokedCertificate(BigInteger serialNumber) { if (revokedCerts == null || revokedCerts.isEmpty()) return null; - RevokedCertificate badCert = - (RevokedCertificate)revokedCerts.get(serialNumber); + RevokedCertificate badCert = (RevokedCertificate) revokedCerts + .get(serialNumber); return badCert; } /** - * Gets all the revoked certificates from the CRL. - * A Set of RevokedCertificate. - * - * @return all the revoked certificates or null if there are - * none. + * Gets all the revoked certificates from the CRL. A Set of + * RevokedCertificate. + * + * @return all the revoked certificates or null if there are none. * @see RevokedCertificate */ public Set<RevokedCertificate> getRevokedCertificates() { if (revokedCerts == null || revokedCerts.isEmpty()) return null; else { - Set<RevokedCertificate> certSet = new TreeSet<RevokedCertificate>(revokedCerts.values()); + Set<RevokedCertificate> certSet = new TreeSet<RevokedCertificate>( + revokedCerts.values()); return certSet; } } @SuppressWarnings("unchecked") - public Hashtable<BigInteger,RevokedCertificate> getListOfRevokedCertificates() { - if (revokedCerts == null){ + public Hashtable<BigInteger, RevokedCertificate> getListOfRevokedCertificates() { + if (revokedCerts == null) { return null; - }else{ - return (Hashtable<BigInteger,RevokedCertificate>)revokedCerts.clone(); + } else { + return (Hashtable<BigInteger, RevokedCertificate>) revokedCerts + .clone(); } } @@ -696,16 +682,14 @@ public class X509CRLImpl extends X509CRL { } /** - * Gets the DER encoded CRL information, the - * <code>tbsCertList</code> from this CRL. - * This can be used to verify the signature independently. - * + * Gets the DER encoded CRL information, the <code>tbsCertList</code> from + * this CRL. This can be used to verify the signature independently. + * * @return the DER encoded CRL information. * @exception CRLException on parsing errors. * @exception X509ExtensionException on extension parsing errors. */ - public byte[] getTBSCertList() - throws CRLException { + public byte[] getTBSCertList() throws CRLException { if (tbsCertList == null) throw new CRLException("Uninitialized CRL"); byte[] dup = new byte[tbsCertList.length]; @@ -715,7 +699,7 @@ public class X509CRLImpl extends X509CRL { /** * Gets the raw Signature bits from the CRL. - * + * * @return the signature. */ public byte[] getSignature() { @@ -728,7 +712,7 @@ public class X509CRLImpl extends X509CRL { /** * Returns true if signature was set. - * + * * @param byte array of containing CRL signature. */ public boolean setSignature(byte[] crlSignature) { @@ -742,9 +726,9 @@ public class X509CRLImpl extends X509CRL { } /** - * Gets the signature algorithm name for the CRL - * signature algorithm. For example, the string "SHA1withDSA". - * The ASN.1 definition for this is: + * Gets the signature algorithm name for the CRL signature algorithm. For + * example, the string "SHA1withDSA". The ASN.1 definition for this is: + * * <pre> * AlgorithmIdentifier ::= SEQUENCE { * algorithm OBJECT IDENTIFIER, @@ -753,118 +737,115 @@ public class X509CRLImpl extends X509CRL { * -- registered for use with the * -- algorithm object identifier value * </pre> - * + * * @return the signature algorithm name. */ public String getSigAlgName() { if (sigAlgId == null) return null; - return sigAlgId.getName(); + return sigAlgId.getName(); } /** - * Gets the signature algorithm OID string from the CRL. - * An OID is represented by a set of positive whole number separated - * by ".", that means,<br> + * Gets the signature algorithm OID string from the CRL. An OID is + * represented by a set of positive whole number separated by ".", that + * means,<br> * <positive whole number>.<positive whole number>.<...> - * For example, the string "1.2.840.10040.4.3" identifies the SHA-1 - * with DSA signature algorithm, as per the PKIX part I. - * + * For example, the string "1.2.840.10040.4.3" identifies the SHA-1 with DSA + * signature algorithm, as per the PKIX part I. + * * @return the signature algorithm oid string. */ public String getSigAlgOID() { if (sigAlgId == null) return null; - ObjectIdentifier oid = sigAlgId.getOID(); - return oid.toString(); + ObjectIdentifier oid = sigAlgId.getOID(); + return oid.toString(); } /** - * Gets the DER encoded signature algorithm parameters from this - * CRL's signature algorithm. In most cases, the signature - * algorithm parameters are null, the parameters are usually - * supplied with the Public Key. - * - * @return the DER encoded signature algorithm parameters, or - * null if no parameters are present. + * Gets the DER encoded signature algorithm parameters from this CRL's + * signature algorithm. In most cases, the signature algorithm parameters + * are null, the parameters are usually supplied with the Public Key. + * + * @return the DER encoded signature algorithm parameters, or null if no + * parameters are present. */ public byte[] getSigAlgParams() { if (sigAlgId == null) return null; - try { - return sigAlgId.getEncodedParams(); - } catch (IOException e) { + try { + return sigAlgId.getEncodedParams(); + } catch (IOException e) { return null; - } + } } /** - * Gets a Set of the extension(s) marked CRITICAL in the - * CRL by OID strings. - * - * @return a set of the extension oid strings in the - * CRL that are marked critical. + * Gets a Set of the extension(s) marked CRITICAL in the CRL by OID strings. + * + * @return a set of the extension oid strings in the CRL that are marked + * critical. */ public Set<String> getCriticalExtensionOIDs() { if (extensions == null) return null; Set<String> extSet = new TreeSet<String>(); Extension ex; - for (Enumeration<Extension> e = extensions.getElements(); - e.hasMoreElements();) { - ex = e.nextElement(); - if (ex.isCritical()){ - extSet.add(((ObjectIdentifier)ex.getExtensionId()).toString()); + for (Enumeration<Extension> e = extensions.getElements(); e + .hasMoreElements();) { + ex = e.nextElement(); + if (ex.isCritical()) { + extSet.add(((ObjectIdentifier) ex.getExtensionId()).toString()); } } return extSet; } /** - * Gets a Set of the extension(s) marked NON-CRITICAL in the - * CRL by OID strings. - * - * @return a set of the extension oid strings in the - * CRL that are NOT marked critical. + * Gets a Set of the extension(s) marked NON-CRITICAL in the CRL by OID + * strings. + * + * @return a set of the extension oid strings in the CRL that are NOT marked + * critical. */ public Set<String> getNonCriticalExtensionOIDs() { if (extensions == null) return null; Set<String> extSet = new TreeSet<String>(); Extension ex; - for (Enumeration<Extension> e = extensions.getElements(); - e.hasMoreElements();) { + for (Enumeration<Extension> e = extensions.getElements(); e + .hasMoreElements();) { ex = e.nextElement(); - if ( ! ex.isCritical()) - extSet.add(((ObjectIdentifier)ex.getExtensionId()).toString()); - } + if (!ex.isCritical()) + extSet.add(((ObjectIdentifier) ex.getExtensionId()).toString()); + } return extSet; } /** - * Gets the DER encoded OCTET string for the extension value - * (<code>extnValue</code>) identified by the passed in oid String. - * The <code>oid</code> string is - * represented by a set of positive whole number separated - * by ".", that means,<br> + * Gets the DER encoded OCTET string for the extension value ( + * <code>extnValue</code>) identified by the passed in oid String. The + * <code>oid</code> string is represented by a set of positive whole number + * separated by ".", that means,<br> * <positive whole number>.<positive whole number>.<...> - * + * * @param oid the Object Identifier value for the extension. * @return the der encoded octet string of the extension value. */ public byte[] getExtensionValue(String oid) { if (extensions == null) return null; - try { - String extAlias = OIDMap.getName(new ObjectIdentifier(oid)); + try { + String extAlias = OIDMap.getName(new ObjectIdentifier(oid)); Extension crlExt = null; if (extAlias == null) { // may be unknown ObjectIdentifier findOID = new ObjectIdentifier(oid); Extension ex = null; ObjectIdentifier inCertOID; - for (Enumeration<Extension> e=extensions.getElements(); - e.hasMoreElements();) { + for (Enumeration<Extension> e = extensions.getElements(); e + .hasMoreElements();) { ex = e.nextElement(); inCertOID = ex.getExtensionId(); if (inCertOID.equals(findOID)) { @@ -874,35 +855,35 @@ public class X509CRLImpl extends X509CRL { } } else crlExt = extensions.get(extAlias); - if (crlExt == null) + if (crlExt == null) return null; - byte[] extData = crlExt.getExtensionValue(); + byte[] extData = crlExt.getExtensionValue(); if (extData == null) return null; - DerOutputStream out = new DerOutputStream(); - out.putOctetString(extData); + DerOutputStream out = new DerOutputStream(); + out.putOctetString(extData); return out.toByteArray(); } catch (Exception e) { return null; - } + } } public BigInteger getCRLNumber() { - try { - CRLExtensions exts = getExtensions(); - if (exts == null) - return null; - Enumeration<Extension> e = exts.getElements(); - while (e.hasMoreElements()) { - Extension ext = (Extension)e.nextElement(); - if (ext instanceof CRLNumberExtension) { - CRLNumberExtension numExt = (CRLNumberExtension)ext; - return (BigInteger)numExt.get(CRLNumberExtension.NUMBER); - } + try { + CRLExtensions exts = getExtensions(); + if (exts == null) + return null; + Enumeration<Extension> e = exts.getElements(); + while (e.hasMoreElements()) { + Extension ext = (Extension) e.nextElement(); + if (ext instanceof CRLNumberExtension) { + CRLNumberExtension numExt = (CRLNumberExtension) ext; + return (BigInteger) numExt.get(CRLNumberExtension.NUMBER); + } + } + } catch (Exception e) { } - } catch (Exception e) { - } - return null; + return null; } public BigInteger getDeltaBaseCRLNumber() { @@ -912,10 +893,11 @@ public class X509CRLImpl extends X509CRL { return null; Enumeration<Extension> e = exts.getElements(); while (e.hasMoreElements()) { - Extension ext = (Extension)e.nextElement(); + Extension ext = (Extension) e.nextElement(); if (ext instanceof DeltaCRLIndicatorExtension) { - DeltaCRLIndicatorExtension numExt = (DeltaCRLIndicatorExtension)ext; - return (BigInteger)numExt.get(DeltaCRLIndicatorExtension.NUMBER); + DeltaCRLIndicatorExtension numExt = (DeltaCRLIndicatorExtension) ext; + return (BigInteger) numExt + .get(DeltaCRLIndicatorExtension.NUMBER); } } } catch (Exception e) { @@ -930,7 +912,7 @@ public class X509CRLImpl extends X509CRL { return false; Enumeration<Extension> e = exts.getElements(); while (e.hasMoreElements()) { - Extension ext = (Extension)e.nextElement(); + Extension ext = (Extension) e.nextElement(); if (ext instanceof DeltaCRLIndicatorExtension) { return true; } @@ -942,7 +924,7 @@ public class X509CRLImpl extends X509CRL { /** * Returns extensions for this impl. - * + * * @param extn CRLExtensions */ public CRLExtensions getExtensions() { @@ -953,18 +935,17 @@ public class X509CRLImpl extends X509CRL { return entriesIncluded; } - /*********************************************************************/ /* * Parses an X.509 CRL, should be used only by constructors. */ - private void parse(DerValue val) - throws CRLException, IOException, X509ExtensionException { + private void parse(DerValue val) throws CRLException, IOException, + X509ExtensionException { parse(val, true); } private void parse(DerValue val, boolean includeEntries) - throws CRLException, IOException, X509ExtensionException { + throws CRLException, IOException, X509ExtensionException { // check if can over write the certificate if (readOnly) throw new CRLException("cannot over-write existing CRL"); @@ -978,7 +959,7 @@ public class X509CRLImpl extends X509CRL { if (val.data.available() != 0) throw new CRLException("signed overrun, bytes = " - + val.data.available()); + + val.data.available()); if (seq[0].tag != DerValue.tag_Sequence) throw new CRLException("signed CRL fields invalid"); @@ -997,22 +978,22 @@ public class X509CRLImpl extends X509CRL { // parse the information DerInputStream derStrm = seq[0].data; - DerValue tmp; - byte nextByte; + DerValue tmp; + byte nextByte; // version (optional if v1) - version = 0; // by default, version = v1 == 0 - nextByte = (byte)derStrm.peekByte(); + version = 0; // by default, version = v1 == 0 + nextByte = (byte) derStrm.peekByte(); if (nextByte == DerValue.tag_Integer) { version = derStrm.getInteger().toInt(); - if (version != 1) // i.e. v2 + if (version != 1) // i.e. v2 throw new CRLException("Invalid version"); } tmp = derStrm.getDerValue(); // signature { AlgorithmId tmpId = AlgorithmId.parse(tmp); - if (! tmpId.equals(sigAlgId)) + if (!tmpId.equals(sigAlgId)) throw new CRLException("Signature algorithm mismatch"); infoSigAlgId = tmpId; @@ -1023,21 +1004,21 @@ public class X509CRLImpl extends X509CRL { // thisUpdate // check if UTCTime encoded or GeneralizedTime - nextByte = (byte)derStrm.peekByte(); + nextByte = (byte) derStrm.peekByte(); if (nextByte == DerValue.tag_UtcTime) { thisUpdate = derStrm.getUTCTime(); } else if (nextByte == DerValue.tag_GeneralizedTime) { thisUpdate = derStrm.getGeneralizedTime(); } else { - throw new CRLException("Invalid encoding for thisUpdate" - + " (tag=" + nextByte + ")"); + throw new CRLException("Invalid encoding for thisUpdate" + " (tag=" + + nextByte + ")"); } if (derStrm.available() == 0) - return; // done parsing no more optional fields present + return; // done parsing no more optional fields present // nextUpdate (optional) - nextByte = (byte)derStrm.peekByte(); + nextByte = (byte) derStrm.peekByte(); if (nextByte == DerValue.tag_UtcTime) { nextUpdate = derStrm.getUTCTime(); } else if (nextByte == DerValue.tag_GeneralizedTime) { @@ -1045,22 +1026,22 @@ public class X509CRLImpl extends X509CRL { } // else it is not present if (derStrm.available() == 0) - return; // done parsing no more optional fields present + return; // done parsing no more optional fields present // revokedCertificates (optional) - nextByte = (byte)derStrm.peekByte(); + nextByte = (byte) derStrm.peekByte(); if ((nextByte == DerValue.tag_SequenceOf) - && (! ((nextByte & 0x0c0) == 0x080))) { + && (!((nextByte & 0x0c0) == 0x080))) { if (includeEntries) { DerValue[] badCerts = derStrm.getSequence(4); for (int i = 0; i < badCerts.length; i++) { RevokedCertImpl entry = new RevokedCertImpl(badCerts[i]); if (entry.hasExtensions() && (version == 0)) - throw new CRLException("Invalid encoding, extensions" + - " not supported in CRL v1 entries."); + throw new CRLException("Invalid encoding, extensions" + + " not supported in CRL v1 entries."); revokedCerts.put(entry.getSerialNumber(), - (RevokedCertificate)entry); + (RevokedCertificate) entry); } } else { derStrm.skipSequence(4); @@ -1068,14 +1049,14 @@ public class X509CRLImpl extends X509CRL { } if (derStrm.available() == 0) - return; // done parsing no extensions + return; // done parsing no extensions // crlExtensions (optional) tmp = derStrm.getDerValue(); - if (tmp.isConstructed() && tmp.isContextSpecific((byte)0)) { + if (tmp.isConstructed() && tmp.isContextSpecific((byte) 0)) { if (version == 0) - throw new CRLException("Invalid encoding, extensions not" + - " supported in CRL v1."); + throw new CRLException("Invalid encoding, extensions not" + + " supported in CRL v1."); extensions = new CRLExtensions(tmp.data); } } |