diff options
author | Ade Lee <alee@redhat.com> | 2011-12-08 21:15:59 -0500 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2011-12-08 21:15:59 -0500 |
commit | 171aaece4f23709d33d180cf36eb3af5e454b0c9 (patch) | |
tree | 1485f9f0a7bd10de4ff25030db575dbb8dafae74 /pki/base/util/src/netscape/security/x509/X509CRLImpl.java | |
parent | adad2fcee8a29fdb82376fbce07dedb11fccc182 (diff) | |
download | pki-171aaece4f23709d33d180cf36eb3af5e454b0c9.tar.gz pki-171aaece4f23709d33d180cf36eb3af5e454b0c9.tar.xz pki-171aaece4f23709d33d180cf36eb3af5e454b0c9.zip |
Revert "Formatting"
This reverts commit 32150d3ee32f8ac27118af7c792794b538c78a2f.
Diffstat (limited to 'pki/base/util/src/netscape/security/x509/X509CRLImpl.java')
-rwxr-xr-x | pki/base/util/src/netscape/security/x509/X509CRLImpl.java | 591 |
1 files changed, 305 insertions, 286 deletions
diff --git a/pki/base/util/src/netscape/security/x509/X509CRLImpl.java b/pki/base/util/src/netscape/security/x509/X509CRLImpl.java index 901b1c4fc..c76e8e25b 100755 --- a/pki/base/util/src/netscape/security/x509/X509CRLImpl.java +++ b/pki/base/util/src/netscape/security/x509/X509CRLImpl.java @@ -51,19 +51,19 @@ import netscape.security.util.ObjectIdentifier; * An implmentation for X509 CRL (Certificate Revocation List). * <p> * The X.509 v2 CRL format is described below in ASN.1: - * * <pre> * </pre> * <p> - * CertificateList ::= SEQUENCE { tbsCertList TBSCertList, signatureAlgorithm - * AlgorithmIdentifier, signature BIT STRING } + * CertificateList ::= SEQUENCE { + * tbsCertList TBSCertList, + * signatureAlgorithm AlgorithmIdentifier, + * signature BIT STRING } * <p> - * A good description and profiling is provided in the IETF PKIX WG draft, Part - * I: X.509 Certificate and CRL Profile, + * A good description and profiling is provided in the IETF PKIX WG + * draft, Part I: X.509 Certificate and CRL Profile, * <draft-ietf-pkix-ipki-part1-06.txt>. * <p> * The ASN.1 definition of <code>tbsCertList</code> is: - * * <pre> * TBSCertList ::= SEQUENCE { * version Version OPTIONAL, @@ -82,7 +82,7 @@ import netscape.security.util.ObjectIdentifier; * -- if present, must be v2 * } * </pre> - * + * * @author Hemma Prafullchandra * @version 1.8 * @see X509CRL @@ -90,44 +90,45 @@ import netscape.security.util.ObjectIdentifier; public class X509CRLImpl extends X509CRL { // CRL data, and its envelope - private byte[] signedCRL = null; // DER encoded crl - private byte[] signature = null; // raw signature bits - private byte[] tbsCertList = null; // DER encoded "to-be-signed" CRL - private AlgorithmId sigAlgId; // sig alg in CRL + private byte[] signedCRL = null; // DER encoded crl + private byte[] signature = null; // raw signature bits + private byte[] tbsCertList = null; // DER encoded "to-be-signed" CRL + private AlgorithmId sigAlgId; // sig alg in CRL // crl information - private int version; - private AlgorithmId infoSigAlgId; // sig alg in "to-be-signed" crl - private X500Name issuer; - private Date thisUpdate = null; - private Date nextUpdate = null; - // private static final Hashtable revokedCerts = new Hashtable(); - private Hashtable<BigInteger, RevokedCertificate> revokedCerts = new Hashtable<BigInteger, RevokedCertificate>(); - // private static CRLExtensions extensions = null; - private CRLExtensions extensions = null; + private int version; + private AlgorithmId infoSigAlgId; // sig alg in "to-be-signed" crl + private X500Name issuer; + private Date thisUpdate = null; + private Date nextUpdate = null; +// private static final Hashtable revokedCerts = new Hashtable(); + private Hashtable<BigInteger,RevokedCertificate> revokedCerts = new Hashtable<BigInteger, RevokedCertificate>(); +// private static CRLExtensions extensions = null; + private CRLExtensions extensions = null; private boolean entriesIncluded = true; private final static boolean isExplicit = true; private boolean readOnly = false; /** - * Not to be used. As it would lead to cases of uninitialized CRL objects. + * Not to be used. As it would lead to cases of uninitialized + * CRL objects. */ - private X509CRLImpl() { - } + private X509CRLImpl() { } /** - * Unmarshals an X.509 CRL from its encoded form, parsing the encoded bytes. - * This form of constructor is used by agents which need to examine and use - * CRL contents. Note that the buffer must include only one CRL, and no - * "garbage" may be left at the end. - * + * Unmarshals an X.509 CRL from its encoded form, parsing the encoded + * bytes. This form of constructor is used by agents which + * need to examine and use CRL contents. Note that the buffer + * must include only one CRL, and no "garbage" may be left at + * the end. + * * @param crlData the encoded bytes, with no trailing padding. * @exception CRLException on parsing errors. * @exception X509ExtensionException on extension handling errors. */ - public X509CRLImpl(byte[] crlData) throws CRLException, - X509ExtensionException { + public X509CRLImpl(byte[] crlData) + throws CRLException, X509ExtensionException { try { DerValue in = new DerValue(crlData); @@ -139,7 +140,7 @@ public class X509CRLImpl extends X509CRL { } public X509CRLImpl(byte[] crlData, boolean includeEntries) - throws CRLException, X509ExtensionException { + throws CRLException, X509ExtensionException { try { entriesIncluded = includeEntries; DerValue in = new DerValue(crlData); @@ -152,15 +153,15 @@ public class X509CRLImpl extends X509CRL { } /** - * Unmarshals an X.509 CRL from an input stream. Only one CRL is expected at - * the end of the input stream. - * + * Unmarshals an X.509 CRL from an input stream. Only one CRL + * is expected at the end of the input stream. + * * @param inStrm an input stream holding at least one CRL * @exception CRLException on parsing errors. * @exception X509ExtensionException on extension handling errors. */ - public X509CRLImpl(InputStream inStrm) throws CRLException, - X509ExtensionException { + public X509CRLImpl(InputStream inStrm) + throws CRLException, X509ExtensionException { try { DerValue val = new DerValue(inStrm); @@ -173,7 +174,7 @@ public class X509CRLImpl extends X509CRL { /** * Initial CRL constructor, no revoked certs, and no extensions. - * + * * @param issuer the name of the CA issuing this CRL. * @param thisUpdate the Date of this issue. * @param nextUpdate the Date of the next CRL. @@ -186,43 +187,43 @@ public class X509CRLImpl extends X509CRL { /** * CRL constructor, revoked certs, no extensions. - * + * * @param issuer the name of the CA issuing this CRL. * @param thisUpdate the Date of this issue. * @param nextUpdate the Date of the next CRL. * @param badCerts the array of revoked certificates. - * + * * @exception CRLException on parsing/construction errors. * @exception X509ExtensionException on extension handling errors. */ public X509CRLImpl(X500Name issuer, Date thisDate, Date nextDate, - RevokedCertificate[] badCerts) throws CRLException, - X509ExtensionException { + RevokedCertificate[] badCerts) + throws CRLException, X509ExtensionException { this.issuer = issuer; this.thisUpdate = thisDate; this.nextUpdate = nextDate; if (badCerts != null) { for (int i = 0; i < badCerts.length; i++) this.revokedCerts.put(badCerts[i].getSerialNumber(), - badCerts[i]); + badCerts[i]); } } /** * CRL constructor, revoked certs and extensions. - * + * * @param issuer the name of the CA issuing this CRL. * @param thisUpdate the Date of this issue. * @param nextUpdate the Date of the next CRL. * @param badCerts the array of revoked certificates. * @param crlExts the CRL extensions. - * + * * @exception CRLException on parsing/construction errors. * @exception X509ExtensionException on extension handling errors. */ public X509CRLImpl(X500Name issuer, Date thisDate, Date nextDate, - RevokedCertificate[] badCerts, CRLExtensions crlExts) - throws CRLException, X509ExtensionException { + RevokedCertificate[] badCerts, CRLExtensions crlExts) + throws CRLException, X509ExtensionException { this.issuer = issuer; this.thisUpdate = thisDate; this.nextUpdate = nextDate; @@ -230,7 +231,7 @@ public class X509CRLImpl extends X509CRL { for (int i = 0; i < badCerts.length; i++) { if (badCerts[i] != null) { this.revokedCerts.put(badCerts[i].getSerialNumber(), - badCerts[i]); + badCerts[i]); if (badCerts[i].hasExtensions()) this.version = 1; } @@ -242,11 +243,13 @@ public class X509CRLImpl extends X509CRL { } } + /** - * CRL constructor, revoked certs and extensions. This will be used by code - * that constructs CRL and uses encodeInfo() in order to sign it using - * external means (other than sign() method) - * + * CRL constructor, revoked certs and extensions. + * This will be used by code that constructs CRL and uses + * encodeInfo() in order to sign it using external means + * (other than sign() method) + * * @param issuer the name of the CA issuing this CRL. * @param sigAlg signing algorithm id * @param thisUpdate the Date of this issue. @@ -254,29 +257,31 @@ public class X509CRLImpl extends X509CRL { * @param badCerts the array of revoked certificates. * @param crlExts the CRL extensions. */ - public X509CRLImpl(X500Name issuer, AlgorithmId algId, Date thisDate, - Date nextDate, RevokedCertificate[] badCerts, CRLExtensions crlExts) - throws CRLException, X509ExtensionException { - this(issuer, thisDate, nextDate, badCerts, crlExts); + public X509CRLImpl(X500Name issuer, AlgorithmId algId, Date thisDate, Date nextDate, + RevokedCertificate[] badCerts, CRLExtensions crlExts) + throws CRLException, X509ExtensionException { + this(issuer,thisDate,nextDate,badCerts,crlExts); infoSigAlgId = algId; } + /** * CRL constructor, revoked certs and extensions. - * + * * @param issuer the name of the CA issuing this CRL. * @param sigAlg signing algorithm id * @param thisUpdate the Date of this issue. * @param nextUpdate the Date of the next CRL. * @param badCerts the hashtable of revoked certificates. * @param crlExts the CRL extensions. - * + * * @exception CRLException on parsing/construction errors. * @exception X509ExtensionException on extension handling errors. */ - public X509CRLImpl(X500Name issuer, AlgorithmId algId, Date thisDate, - Date nextDate, Hashtable<BigInteger, RevokedCertificate> badCerts, - CRLExtensions crlExts) throws CRLException, X509ExtensionException { + public X509CRLImpl(X500Name issuer, AlgorithmId algId, + Date thisDate, Date nextDate, + Hashtable<BigInteger,RevokedCertificate> badCerts, CRLExtensions crlExts) + throws CRLException, X509ExtensionException { this.issuer = issuer; this.thisUpdate = thisDate; this.nextUpdate = nextDate; @@ -288,9 +293,10 @@ public class X509CRLImpl extends X509CRL { infoSigAlgId = algId; } + /** * Returns the ASN.1 DER encoded form of this CRL. - * + * * @exception CRLException if an encoding error occurs. */ public byte[] getEncoded() throws CRLException { @@ -303,7 +309,7 @@ public class X509CRLImpl extends X509CRL { /** * Returns true if signedCRL was set. - * + * * @param byte array of containing signed CRL. */ public boolean setSignedCRL(byte[] crl) { @@ -316,20 +322,20 @@ public class X509CRLImpl extends X509CRL { return done; } - public boolean hasUnsupportedCriticalExtension() { - // XXX NOT IMPLEMENTED - return true; - } + public boolean hasUnsupportedCriticalExtension() { + // XXX NOT IMPLEMENTED + return true; + } /** * Encodes the "to-be-signed" CRL to the OutputStream. - * + * * @param out the OutputStream to write to. * @exception CRLException on encoding errors. * @exception X509ExtensionException on extension encoding errors. */ - public void encodeInfo(OutputStream out) throws CRLException, - X509ExtensionException { + public void encodeInfo(OutputStream out) + throws CRLException, X509ExtensionException { try { DerOutputStream tmp = new DerOutputStream(); DerOutputStream rCerts = new DerOutputStream(); @@ -346,10 +352,10 @@ public class X509CRLImpl extends X509CRL { if (nextUpdate != null) tmp.putUTCTime(nextUpdate); - if (!revokedCerts.isEmpty()) { - for (Enumeration<RevokedCertificate> e = revokedCerts - .elements(); e.hasMoreElements();) - ((RevokedCertImpl) e.nextElement()).encode(rCerts); + if (! revokedCerts.isEmpty()) { + for (Enumeration<RevokedCertificate> e = revokedCerts.elements(); + e.hasMoreElements();) + ((RevokedCertImpl)e.nextElement()).encode(rCerts); tmp.write(DerValue.tag_Sequence, rCerts); } @@ -361,61 +367,64 @@ public class X509CRLImpl extends X509CRL { tbsCertList = seq.toByteArray(); out.write(tbsCertList); } catch (IOException e) { - throw new CRLException("Encoding error: " + e.getMessage()); + throw new CRLException("Encoding error: " + e.getMessage()); } } /** - * Verifies that this CRL was signed using the private key that corresponds - * to the specified public key. - * + * Verifies that this CRL was signed using the + * private key that corresponds to the specified public key. + * * @param key the PublicKey used to carry out the verification. - * - * @exception NoSuchAlgorithmException on unsupported signature algorithms. + * + * @exception NoSuchAlgorithmException on unsupported signature + * algorithms. * @exception InvalidKeyException on incorrect key. * @exception NoSuchProviderException if there's no default provider. * @exception SignatureException on signature errors. * @exception CRLException on encoding errors. */ - public void verify(PublicKey key) throws CRLException, - NoSuchAlgorithmException, InvalidKeyException, - NoSuchProviderException, SignatureException { + public void verify(PublicKey key) + throws CRLException, NoSuchAlgorithmException, InvalidKeyException, + NoSuchProviderException, SignatureException { verify(key, null); } /** - * Verifies that this CRL was signed using the private key that corresponds - * to the specified public key, and that the signature verification was - * computed by the given provider. - * + * Verifies that this CRL was signed using the + * private key that corresponds to the specified public key, + * and that the signature verification was computed by + * the given provider. + * * @param key the PublicKey used to carry out the verification. * @param sigProvider the name of the signature provider. - * - * @exception NoSuchAlgorithmException on unsupported signature algorithms. + * + * @exception NoSuchAlgorithmException on unsupported signature + * algorithms. * @exception InvalidKeyException on incorrect key. * @exception NoSuchProviderException on incorrect provider. * @exception SignatureException on signature errors. * @exception CRLException on encoding errors. */ - public void verify(PublicKey key, String sigProvider) throws CRLException, - NoSuchAlgorithmException, InvalidKeyException, - NoSuchProviderException, SignatureException { + public void verify(PublicKey key, String sigProvider) + throws CRLException, NoSuchAlgorithmException, InvalidKeyException, + NoSuchProviderException, SignatureException { if (signedCRL == null) { throw new CRLException("Uninitialized CRL"); } - Signature sigVerf = null; + Signature sigVerf = null; String sigAlg = sigAlgId.getName(); if (sigProvider.equals("Mozilla-JSS")) { - if (sigAlg.equals("MD5withRSA")) { - sigAlg = "MD5/RSA"; - } else if (sigAlg.equals("MD2withRSA")) { - sigAlg = "MD2/RSA"; - } else if (sigAlg.equals("SHA1withRSA")) { - sigAlg = "SHA1/RSA"; - } else if (sigAlg.equals("SHA1withDSA")) { - sigAlg = "SHA1/DSA"; - } + if (sigAlg.equals("MD5withRSA")) { + sigAlg = "MD5/RSA"; + } else if (sigAlg.equals("MD2withRSA")) { + sigAlg = "MD2/RSA"; + } else if (sigAlg.equals("SHA1withRSA")) { + sigAlg = "SHA1/RSA"; + } else if (sigAlg.equals("SHA1withDSA")) { + sigAlg = "SHA1/DSA"; + } } sigVerf = Signature.getInstance(sigAlg, sigProvider); sigVerf.initVerify(key); @@ -431,32 +440,36 @@ public class X509CRLImpl extends X509CRL { } /** - * Encodes an X.509 CRL, and signs it using the key passed. - * + * Encodes an X.509 CRL, and signs it using the key + * passed. + * * @param key the private key used for signing. * @param algorithm the name of the signature algorithm used. - * - * @exception NoSuchAlgorithmException on unsupported signature algorithms. + * + * @exception NoSuchAlgorithmException on unsupported signature + * algorithms. * @exception InvalidKeyException on incorrect key. * @exception NoSuchProviderException on incorrect provider. * @exception SignatureException on signature errors. * @exception CRLException if any mandatory data was omitted. * @exception X509ExtensionException on any extension errors. */ - public void sign(PrivateKey key, String algorithm) throws CRLException, - NoSuchAlgorithmException, InvalidKeyException, - NoSuchProviderException, SignatureException, X509ExtensionException { + public void sign(PrivateKey key, String algorithm) + throws CRLException, NoSuchAlgorithmException, InvalidKeyException, + NoSuchProviderException, SignatureException, X509ExtensionException { sign(key, algorithm, null); } /** - * Encodes an X.509 CRL, and signs it using the key passed. - * + * Encodes an X.509 CRL, and signs it using the key + * passed. + * * @param key the private key used for signing. * @param algorithm the name of the signature algorithm used. * @param provider the name of the provider. - * - * @exception NoSuchAlgorithmException on unsupported signature algorithms. + * + * @exception NoSuchAlgorithmException on unsupported signature + * algorithms. * @exception InvalidKeyException on incorrect key. * @exception NoSuchProviderException on incorrect provider. * @exception SignatureException on signature errors. @@ -464,8 +477,8 @@ public class X509CRLImpl extends X509CRL { * @exception X509ExtensionException on any extension errors. */ public void sign(PrivateKey key, String algorithm, String provider) - throws CRLException, NoSuchAlgorithmException, InvalidKeyException, - NoSuchProviderException, SignatureException, X509ExtensionException { + throws CRLException, NoSuchAlgorithmException, InvalidKeyException, + NoSuchProviderException, SignatureException, X509ExtensionException { try { if (readOnly) throw new CRLException("cannot over-write existing CRL"); @@ -477,7 +490,7 @@ public class X509CRLImpl extends X509CRL { sigEngine.initSign(key); - // in case the name is reset + // in case the name is reset sigAlgId = AlgorithmId.get(sigEngine.getAlgorithm()); infoSigAlgId = sigAlgId; @@ -501,21 +514,21 @@ public class X509CRLImpl extends X509CRL { readOnly = true; } catch (IOException e) { - throw new CRLException("Error while encoding data: " - + e.getMessage()); + throw new CRLException("Error while encoding data: " + + e.getMessage()); } } /** * Returns a printable string of this CRL. - * + * * @return value of this CRL in a printable form. */ public String toString() { StringBuffer sb = new StringBuffer(); - sb.append("X.509 CRL v" + (version + 1) + "\n"); - sb.append("Signature Algorithm: " + sigAlgId.toString() + ", OID=" - + (sigAlgId.getOID()).toString() + "\n"); + sb.append("X.509 CRL v" + (version+1) + "\n"); + sb.append("Signature Algorithm: " + sigAlgId.toString() + + ", OID=" + (sigAlgId.getOID()).toString() + "\n"); sb.append("Issuer: " + issuer.toString() + "\n"); sb.append("\nThis Update: " + thisUpdate.toString() + "\n"); if (nextUpdate != null) @@ -524,19 +537,19 @@ public class X509CRLImpl extends X509CRL { sb.append("\nNO certificates have been revoked\n"); else { sb.append("\nRevoked Certificates:\n"); - for (Enumeration<RevokedCertificate> e = revokedCerts.elements(); e - .hasMoreElements();) - sb.append(((RevokedCertificate) e.nextElement()).toString()); + for (Enumeration<RevokedCertificate> e = revokedCerts.elements(); + e.hasMoreElements();) + sb.append(((RevokedCertificate)e.nextElement()).toString()); } if (extensions != null) { for (int i = 0; i < extensions.size(); i++) { - sb.append("\nCRL Extension[" + i + "]: " - + ((Extension) (extensions.elementAt(i))).toString()); + sb.append("\nCRL Extension[" + i + "]: " + + ((Extension)(extensions.elementAt(i))).toString()); } } - netscape.security.util.PrettyPrintFormat pp = new netscape.security.util.PrettyPrintFormat( - " ", 20); - String signaturebits = pp.toHexString(signature); + netscape.security.util.PrettyPrintFormat pp = + new netscape.security.util.PrettyPrintFormat(" ", 20); + String signaturebits = pp.toHexString(signature); sb.append("\nSignature:\n" + signaturebits); return sb.toString(); @@ -544,9 +557,10 @@ public class X509CRLImpl extends X509CRL { /** * Checks whether the given serial number is on this CRL. - * + * * @param serialNumber the number to check for. - * @return true if the given serial number is on this CRL, false otherwise. + * @return true if the given serial number is on this CRL, + * false otherwise. */ public boolean isRevoked(BigInteger serialNumber) { if (revokedCerts == null || revokedCerts.isEmpty()) @@ -554,25 +568,24 @@ public class X509CRLImpl extends X509CRL { return revokedCerts.containsKey(serialNumber); } - public boolean isRevoked(Certificate cert) { - if (cert == null) - return false; - if (cert instanceof X509Certificate) { - return isRevoked(((X509Certificate) cert).getSerialNumber()); - } else { - return false; - } - } + public boolean isRevoked(Certificate cert) { + if (cert == null) + return false; + if (cert instanceof X509Certificate) { + return isRevoked(((X509Certificate)cert).getSerialNumber()); + } else { + return false; + } + } /** - * Gets the version number from the CRL. The ASN.1 definition for this is: - * + * Gets the version number from the CRL. + * The ASN.1 definition for this is: * <pre> * Version ::= INTEGER { v1(0), v2(1), v3(2) } * -- v3 does not apply to CRLs but appears for consistency * -- with definition of Version for certs * </pre> - * * @return the version number. */ public int getVersion() { @@ -580,41 +593,41 @@ public class X509CRLImpl extends X509CRL { } /** - * Gets the issuer distinguished name from this CRL. The issuer name - * identifies the entity who has signed (and issued the CRL). The issuer - * name field contains an X.500 distinguished name (DN). The ASN.1 - * definition for this is: - * + * Gets the issuer distinguished name from this CRL. + * The issuer name identifies the entity who has signed (and + * issued the CRL). The issuer name field contains an + * X.500 distinguished name (DN). + * The ASN.1 definition for this is: * <pre> * issuer Name - * + * * Name ::= CHOICE { RDNSequence } * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName * RelativeDistinguishedName ::= * SET OF AttributeValueAssertion - * + * * AttributeValueAssertion ::= SEQUENCE { * AttributeType, * AttributeValue } * AttributeType ::= OBJECT IDENTIFIER * AttributeValue ::= ANY * </pre> - * - * The Name describes a hierarchical name composed of attributes, such as - * country name, and corresponding values, such as US. The type of the - * component AttributeValue is determined by the AttributeType; in general - * it will be a directoryString. A directoryString is usually one of - * PrintableString, TeletexString or UniversalString. - * + * The Name describes a hierarchical name composed of attributes, + * such as country name, and corresponding values, such as US. + * The type of the component AttributeValue is determined by the + * AttributeType; in general it will be a directoryString. + * A directoryString is usually one of PrintableString, + * TeletexString or UniversalString. * @return the issuer name. */ public Principal getIssuerDN() { - return (Principal) issuer; + return (Principal)issuer; } /** - * Gets the thisUpdate date from the CRL. The ASN.1 definition for this is: - * + * Gets the thisUpdate date from the CRL. + * The ASN.1 definition for this is: + * * @return the thisUpdate date from the CRL. */ public Date getThisUpdate() { @@ -623,8 +636,9 @@ public class X509CRLImpl extends X509CRL { /** * Gets the nextUpdate date from the CRL. - * - * @return the nextUpdate date from the CRL, or null if not present. + * + * @return the nextUpdate date from the CRL, or null if + * not present. */ public Date getNextUpdate() { if (nextUpdate == null) @@ -633,44 +647,44 @@ public class X509CRLImpl extends X509CRL { } /** - * Get the revoked certificate from the CRL by the serial number provided. - * - * @return the revoked certificate or null if there is no entry in the CRL - * marked with the provided serial number. + * Get the revoked certificate from the CRL by the serial + * number provided. + * + * @return the revoked certificate or null if there is + * no entry in the CRL marked with the provided serial number. * @see RevokedCertificate */ public X509CRLEntry getRevokedCertificate(BigInteger serialNumber) { if (revokedCerts == null || revokedCerts.isEmpty()) return null; - RevokedCertificate badCert = (RevokedCertificate) revokedCerts - .get(serialNumber); + RevokedCertificate badCert = + (RevokedCertificate)revokedCerts.get(serialNumber); return badCert; } /** - * Gets all the revoked certificates from the CRL. A Set of - * RevokedCertificate. - * - * @return all the revoked certificates or null if there are none. + * Gets all the revoked certificates from the CRL. + * A Set of RevokedCertificate. + * + * @return all the revoked certificates or null if there are + * none. * @see RevokedCertificate */ public Set<RevokedCertificate> getRevokedCertificates() { if (revokedCerts == null || revokedCerts.isEmpty()) return null; else { - Set<RevokedCertificate> certSet = new TreeSet<RevokedCertificate>( - revokedCerts.values()); + Set<RevokedCertificate> certSet = new TreeSet<RevokedCertificate>(revokedCerts.values()); return certSet; } } @SuppressWarnings("unchecked") - public Hashtable<BigInteger, RevokedCertificate> getListOfRevokedCertificates() { - if (revokedCerts == null) { + public Hashtable<BigInteger,RevokedCertificate> getListOfRevokedCertificates() { + if (revokedCerts == null){ return null; - } else { - return (Hashtable<BigInteger, RevokedCertificate>) revokedCerts - .clone(); + }else{ + return (Hashtable<BigInteger,RevokedCertificate>)revokedCerts.clone(); } } @@ -682,14 +696,16 @@ public class X509CRLImpl extends X509CRL { } /** - * Gets the DER encoded CRL information, the <code>tbsCertList</code> from - * this CRL. This can be used to verify the signature independently. - * + * Gets the DER encoded CRL information, the + * <code>tbsCertList</code> from this CRL. + * This can be used to verify the signature independently. + * * @return the DER encoded CRL information. * @exception CRLException on parsing errors. * @exception X509ExtensionException on extension parsing errors. */ - public byte[] getTBSCertList() throws CRLException { + public byte[] getTBSCertList() + throws CRLException { if (tbsCertList == null) throw new CRLException("Uninitialized CRL"); byte[] dup = new byte[tbsCertList.length]; @@ -699,7 +715,7 @@ public class X509CRLImpl extends X509CRL { /** * Gets the raw Signature bits from the CRL. - * + * * @return the signature. */ public byte[] getSignature() { @@ -712,7 +728,7 @@ public class X509CRLImpl extends X509CRL { /** * Returns true if signature was set. - * + * * @param byte array of containing CRL signature. */ public boolean setSignature(byte[] crlSignature) { @@ -726,9 +742,9 @@ public class X509CRLImpl extends X509CRL { } /** - * Gets the signature algorithm name for the CRL signature algorithm. For - * example, the string "SHA1withDSA". The ASN.1 definition for this is: - * + * Gets the signature algorithm name for the CRL + * signature algorithm. For example, the string "SHA1withDSA". + * The ASN.1 definition for this is: * <pre> * AlgorithmIdentifier ::= SEQUENCE { * algorithm OBJECT IDENTIFIER, @@ -737,115 +753,118 @@ public class X509CRLImpl extends X509CRL { * -- registered for use with the * -- algorithm object identifier value * </pre> - * + * * @return the signature algorithm name. */ public String getSigAlgName() { if (sigAlgId == null) return null; - return sigAlgId.getName(); + return sigAlgId.getName(); } /** - * Gets the signature algorithm OID string from the CRL. An OID is - * represented by a set of positive whole number separated by ".", that - * means,<br> + * Gets the signature algorithm OID string from the CRL. + * An OID is represented by a set of positive whole number separated + * by ".", that means,<br> * <positive whole number>.<positive whole number>.<...> - * For example, the string "1.2.840.10040.4.3" identifies the SHA-1 with DSA - * signature algorithm, as per the PKIX part I. - * + * For example, the string "1.2.840.10040.4.3" identifies the SHA-1 + * with DSA signature algorithm, as per the PKIX part I. + * * @return the signature algorithm oid string. */ public String getSigAlgOID() { if (sigAlgId == null) return null; - ObjectIdentifier oid = sigAlgId.getOID(); - return oid.toString(); + ObjectIdentifier oid = sigAlgId.getOID(); + return oid.toString(); } /** - * Gets the DER encoded signature algorithm parameters from this CRL's - * signature algorithm. In most cases, the signature algorithm parameters - * are null, the parameters are usually supplied with the Public Key. - * - * @return the DER encoded signature algorithm parameters, or null if no - * parameters are present. + * Gets the DER encoded signature algorithm parameters from this + * CRL's signature algorithm. In most cases, the signature + * algorithm parameters are null, the parameters are usually + * supplied with the Public Key. + * + * @return the DER encoded signature algorithm parameters, or + * null if no parameters are present. */ public byte[] getSigAlgParams() { if (sigAlgId == null) return null; - try { - return sigAlgId.getEncodedParams(); - } catch (IOException e) { + try { + return sigAlgId.getEncodedParams(); + } catch (IOException e) { return null; - } + } } /** - * Gets a Set of the extension(s) marked CRITICAL in the CRL by OID strings. - * - * @return a set of the extension oid strings in the CRL that are marked - * critical. + * Gets a Set of the extension(s) marked CRITICAL in the + * CRL by OID strings. + * + * @return a set of the extension oid strings in the + * CRL that are marked critical. */ public Set<String> getCriticalExtensionOIDs() { if (extensions == null) return null; Set<String> extSet = new TreeSet<String>(); Extension ex; - for (Enumeration<Extension> e = extensions.getElements(); e - .hasMoreElements();) { - ex = e.nextElement(); - if (ex.isCritical()) { - extSet.add(((ObjectIdentifier) ex.getExtensionId()).toString()); + for (Enumeration<Extension> e = extensions.getElements(); + e.hasMoreElements();) { + ex = e.nextElement(); + if (ex.isCritical()){ + extSet.add(((ObjectIdentifier)ex.getExtensionId()).toString()); } } return extSet; } /** - * Gets a Set of the extension(s) marked NON-CRITICAL in the CRL by OID - * strings. - * - * @return a set of the extension oid strings in the CRL that are NOT marked - * critical. + * Gets a Set of the extension(s) marked NON-CRITICAL in the + * CRL by OID strings. + * + * @return a set of the extension oid strings in the + * CRL that are NOT marked critical. */ public Set<String> getNonCriticalExtensionOIDs() { if (extensions == null) return null; Set<String> extSet = new TreeSet<String>(); Extension ex; - for (Enumeration<Extension> e = extensions.getElements(); e - .hasMoreElements();) { + for (Enumeration<Extension> e = extensions.getElements(); + e.hasMoreElements();) { ex = e.nextElement(); - if (!ex.isCritical()) - extSet.add(((ObjectIdentifier) ex.getExtensionId()).toString()); - } + if ( ! ex.isCritical()) + extSet.add(((ObjectIdentifier)ex.getExtensionId()).toString()); + } return extSet; } /** - * Gets the DER encoded OCTET string for the extension value ( - * <code>extnValue</code>) identified by the passed in oid String. The - * <code>oid</code> string is represented by a set of positive whole number - * separated by ".", that means,<br> + * Gets the DER encoded OCTET string for the extension value + * (<code>extnValue</code>) identified by the passed in oid String. + * The <code>oid</code> string is + * represented by a set of positive whole number separated + * by ".", that means,<br> * <positive whole number>.<positive whole number>.<...> - * + * * @param oid the Object Identifier value for the extension. * @return the der encoded octet string of the extension value. */ public byte[] getExtensionValue(String oid) { if (extensions == null) return null; - try { - String extAlias = OIDMap.getName(new ObjectIdentifier(oid)); + try { + String extAlias = OIDMap.getName(new ObjectIdentifier(oid)); Extension crlExt = null; if (extAlias == null) { // may be unknown ObjectIdentifier findOID = new ObjectIdentifier(oid); Extension ex = null; ObjectIdentifier inCertOID; - for (Enumeration<Extension> e = extensions.getElements(); e - .hasMoreElements();) { + for (Enumeration<Extension> e=extensions.getElements(); + e.hasMoreElements();) { ex = e.nextElement(); inCertOID = ex.getExtensionId(); if (inCertOID.equals(findOID)) { @@ -855,35 +874,35 @@ public class X509CRLImpl extends X509CRL { } } else crlExt = extensions.get(extAlias); - if (crlExt == null) + if (crlExt == null) return null; - byte[] extData = crlExt.getExtensionValue(); + byte[] extData = crlExt.getExtensionValue(); if (extData == null) return null; - DerOutputStream out = new DerOutputStream(); - out.putOctetString(extData); + DerOutputStream out = new DerOutputStream(); + out.putOctetString(extData); return out.toByteArray(); } catch (Exception e) { return null; - } + } } public BigInteger getCRLNumber() { - try { - CRLExtensions exts = getExtensions(); - if (exts == null) - return null; - Enumeration<Extension> e = exts.getElements(); - while (e.hasMoreElements()) { - Extension ext = (Extension) e.nextElement(); - if (ext instanceof CRLNumberExtension) { - CRLNumberExtension numExt = (CRLNumberExtension) ext; - return (BigInteger) numExt.get(CRLNumberExtension.NUMBER); - } - } - } catch (Exception e) { + try { + CRLExtensions exts = getExtensions(); + if (exts == null) + return null; + Enumeration<Extension> e = exts.getElements(); + while (e.hasMoreElements()) { + Extension ext = (Extension)e.nextElement(); + if (ext instanceof CRLNumberExtension) { + CRLNumberExtension numExt = (CRLNumberExtension)ext; + return (BigInteger)numExt.get(CRLNumberExtension.NUMBER); + } } - return null; + } catch (Exception e) { + } + return null; } public BigInteger getDeltaBaseCRLNumber() { @@ -893,11 +912,10 @@ public class X509CRLImpl extends X509CRL { return null; Enumeration<Extension> e = exts.getElements(); while (e.hasMoreElements()) { - Extension ext = (Extension) e.nextElement(); + Extension ext = (Extension)e.nextElement(); if (ext instanceof DeltaCRLIndicatorExtension) { - DeltaCRLIndicatorExtension numExt = (DeltaCRLIndicatorExtension) ext; - return (BigInteger) numExt - .get(DeltaCRLIndicatorExtension.NUMBER); + DeltaCRLIndicatorExtension numExt = (DeltaCRLIndicatorExtension)ext; + return (BigInteger)numExt.get(DeltaCRLIndicatorExtension.NUMBER); } } } catch (Exception e) { @@ -912,7 +930,7 @@ public class X509CRLImpl extends X509CRL { return false; Enumeration<Extension> e = exts.getElements(); while (e.hasMoreElements()) { - Extension ext = (Extension) e.nextElement(); + Extension ext = (Extension)e.nextElement(); if (ext instanceof DeltaCRLIndicatorExtension) { return true; } @@ -924,7 +942,7 @@ public class X509CRLImpl extends X509CRL { /** * Returns extensions for this impl. - * + * * @param extn CRLExtensions */ public CRLExtensions getExtensions() { @@ -935,17 +953,18 @@ public class X509CRLImpl extends X509CRL { return entriesIncluded; } + /*********************************************************************/ /* * Parses an X.509 CRL, should be used only by constructors. */ - private void parse(DerValue val) throws CRLException, IOException, - X509ExtensionException { + private void parse(DerValue val) + throws CRLException, IOException, X509ExtensionException { parse(val, true); } private void parse(DerValue val, boolean includeEntries) - throws CRLException, IOException, X509ExtensionException { + throws CRLException, IOException, X509ExtensionException { // check if can over write the certificate if (readOnly) throw new CRLException("cannot over-write existing CRL"); @@ -959,7 +978,7 @@ public class X509CRLImpl extends X509CRL { if (val.data.available() != 0) throw new CRLException("signed overrun, bytes = " - + val.data.available()); + + val.data.available()); if (seq[0].tag != DerValue.tag_Sequence) throw new CRLException("signed CRL fields invalid"); @@ -978,22 +997,22 @@ public class X509CRLImpl extends X509CRL { // parse the information DerInputStream derStrm = seq[0].data; - DerValue tmp; - byte nextByte; + DerValue tmp; + byte nextByte; // version (optional if v1) - version = 0; // by default, version = v1 == 0 - nextByte = (byte) derStrm.peekByte(); + version = 0; // by default, version = v1 == 0 + nextByte = (byte)derStrm.peekByte(); if (nextByte == DerValue.tag_Integer) { version = derStrm.getInteger().toInt(); - if (version != 1) // i.e. v2 + if (version != 1) // i.e. v2 throw new CRLException("Invalid version"); } tmp = derStrm.getDerValue(); // signature { AlgorithmId tmpId = AlgorithmId.parse(tmp); - if (!tmpId.equals(sigAlgId)) + if (! tmpId.equals(sigAlgId)) throw new CRLException("Signature algorithm mismatch"); infoSigAlgId = tmpId; @@ -1004,21 +1023,21 @@ public class X509CRLImpl extends X509CRL { // thisUpdate // check if UTCTime encoded or GeneralizedTime - nextByte = (byte) derStrm.peekByte(); + nextByte = (byte)derStrm.peekByte(); if (nextByte == DerValue.tag_UtcTime) { thisUpdate = derStrm.getUTCTime(); } else if (nextByte == DerValue.tag_GeneralizedTime) { thisUpdate = derStrm.getGeneralizedTime(); } else { - throw new CRLException("Invalid encoding for thisUpdate" + " (tag=" - + nextByte + ")"); + throw new CRLException("Invalid encoding for thisUpdate" + + " (tag=" + nextByte + ")"); } if (derStrm.available() == 0) - return; // done parsing no more optional fields present + return; // done parsing no more optional fields present // nextUpdate (optional) - nextByte = (byte) derStrm.peekByte(); + nextByte = (byte)derStrm.peekByte(); if (nextByte == DerValue.tag_UtcTime) { nextUpdate = derStrm.getUTCTime(); } else if (nextByte == DerValue.tag_GeneralizedTime) { @@ -1026,22 +1045,22 @@ public class X509CRLImpl extends X509CRL { } // else it is not present if (derStrm.available() == 0) - return; // done parsing no more optional fields present + return; // done parsing no more optional fields present // revokedCertificates (optional) - nextByte = (byte) derStrm.peekByte(); + nextByte = (byte)derStrm.peekByte(); if ((nextByte == DerValue.tag_SequenceOf) - && (!((nextByte & 0x0c0) == 0x080))) { + && (! ((nextByte & 0x0c0) == 0x080))) { if (includeEntries) { DerValue[] badCerts = derStrm.getSequence(4); for (int i = 0; i < badCerts.length; i++) { RevokedCertImpl entry = new RevokedCertImpl(badCerts[i]); if (entry.hasExtensions() && (version == 0)) - throw new CRLException("Invalid encoding, extensions" - + " not supported in CRL v1 entries."); + throw new CRLException("Invalid encoding, extensions" + + " not supported in CRL v1 entries."); revokedCerts.put(entry.getSerialNumber(), - (RevokedCertificate) entry); + (RevokedCertificate)entry); } } else { derStrm.skipSequence(4); @@ -1049,14 +1068,14 @@ public class X509CRLImpl extends X509CRL { } if (derStrm.available() == 0) - return; // done parsing no extensions + return; // done parsing no extensions // crlExtensions (optional) tmp = derStrm.getDerValue(); - if (tmp.isConstructed() && tmp.isContextSpecific((byte) 0)) { + if (tmp.isConstructed() && tmp.isContextSpecific((byte)0)) { if (version == 0) - throw new CRLException("Invalid encoding, extensions not" - + " supported in CRL v1."); + throw new CRLException("Invalid encoding, extensions not" + + " supported in CRL v1."); extensions = new CRLExtensions(tmp.data); } } |