diff options
Diffstat (limited to 'pki/base/util/src/com/netscape/cmsutil/ocsp')
19 files changed, 2431 insertions, 0 deletions
diff --git a/pki/base/util/src/com/netscape/cmsutil/ocsp/BasicOCSPResponse.java b/pki/base/util/src/com/netscape/cmsutil/ocsp/BasicOCSPResponse.java new file mode 100644 index 000000000..3da34d203 --- /dev/null +++ b/pki/base/util/src/com/netscape/cmsutil/ocsp/BasicOCSPResponse.java @@ -0,0 +1,162 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cmsutil.ocsp; + +import java.io.*; +import org.mozilla.jss.asn1.*; +import java.security.Signer; +import org.mozilla.jss.asn1.OCTET_STRING; +import org.mozilla.jss.asn1.BIT_STRING; +import org.mozilla.jss.pkix.primitive.AlgorithmIdentifier; +import org.mozilla.jss.pkix.cert.Certificate; + +/** + * RFC 2560: + * + * BasicOCSPResponse ::= SEQUENCE { + * tbsResponseData ResponseData, + * signatureAlgorithm AlgorithmIdentifier, + * signature BIT STRING, + * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } + * + * $Revision: 14564 $ $Date: 2007-05-01 10:40:13 -0700 (Tue, 01 May 2007) $ + */ +public class BasicOCSPResponse implements Response +{ + private byte mData[] = null; + private ResponseData _rd = null; + private AlgorithmIdentifier _signAlg = null; + private BIT_STRING _signature = null; + private Certificate _certs[] = null; + + public BasicOCSPResponse(ResponseData rd, AlgorithmIdentifier signAlg, + BIT_STRING signature, Certificate certs[]) + { + _rd = rd; + _signAlg = signAlg; + _signature = signature; + _certs = certs; + } + + public BasicOCSPResponse(OCTET_STRING os) + { + mData = os.toByteArray(); + } + + public BasicOCSPResponse(byte data[]) + { + mData = data; + } + + private static final Tag TAG = SEQUENCE.TAG; + + public Tag getTag() + { + return TAG; + } + + public void encode(Tag t, OutputStream os) throws IOException + { + os.write(mData); + } + + public void encode(OutputStream os) throws IOException + { + os.write(mData); + } + + public OCTET_STRING getBytes() + { + return null; + } + + public ResponseData getResponseData() + { + return _rd; + } + + public AlgorithmIdentifier getSignatureAlgorithm() + { + return _signAlg; + } + + public BIT_STRING getSignature() + { + return _signature; + } + + public int getCertsCount() + { + return _certs.length; + } + + public Certificate getCertificateAt(int pos) + { + return _certs[pos]; + } + + private static final Template templateInstance = new Template(); + + public static Template getTemplate() { + return templateInstance; + } + + /** + * A Template for decoding <code>ResponseBytes</code>. + */ + public static class Template implements ASN1Template + { + + private SEQUENCE.Template seqt; + + public Template() + { + seqt = new SEQUENCE.Template(); + seqt.addElement( ResponseData.getTemplate() ); + seqt.addElement( AlgorithmIdentifier.getTemplate() ); + seqt.addElement( BIT_STRING.getTemplate() ); + seqt.addOptionalElement( new EXPLICIT.Template( + new Tag(0), new SEQUENCE.OF_Template( + Certificate.getTemplate())) ); + } + + public boolean tagMatch(Tag tag) + { + return TAG.equals(tag); + } + + public ASN1Value decode(InputStream istream) + throws InvalidBERException, IOException + { + return decode(TAG, istream); + } + + public ASN1Value decode(Tag implicitTag, InputStream istream) + throws InvalidBERException, IOException + { + SEQUENCE seq = (SEQUENCE) seqt.decode(implicitTag, istream); + + ResponseData rd = (ResponseData)seq.elementAt(0); + AlgorithmIdentifier alg = + (AlgorithmIdentifier)seq.elementAt(1); + BIT_STRING bs = + (BIT_STRING)seq.elementAt(2); + return new BasicOCSPResponse(rd, alg, bs, null); + } + } +} diff --git a/pki/base/util/src/com/netscape/cmsutil/ocsp/CertID.java b/pki/base/util/src/com/netscape/cmsutil/ocsp/CertID.java new file mode 100644 index 000000000..469102adc --- /dev/null +++ b/pki/base/util/src/com/netscape/cmsutil/ocsp/CertID.java @@ -0,0 +1,159 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cmsutil.ocsp; + +import org.mozilla.jss.pkix.primitive.AlgorithmIdentifier; +import org.mozilla.jss.asn1.*; +import java.io.*; + +/** + * RFC 2560: + * + * CertID ::= SEQUENCE { + * hashAlgorithm AlgorithmIdentifier, + * issuerNameHash OCTET STRING, -- Hash of Issuer's DN + * issuerKeyHash OCTET STRING, -- Hash of Issuers public key + * serialNumber CertificateSerialNumber } + * + * $Revision: 14564 $ $Date: 2007-05-01 10:40:13 -0700 (Tue, 01 May 2007) $ + */ + +public class CertID implements ASN1Value +{ + /////////////////////////////////////////////////////////////////////// + // Members and member access + /////////////////////////////////////////////////////////////////////// + private AlgorithmIdentifier hashAlgorithm; + private OCTET_STRING issuerNameHash; + private OCTET_STRING issuerKeyHash; + private INTEGER serialNumber; + private SEQUENCE sequence; + + public AlgorithmIdentifier getHashAlgorithm() + { + return hashAlgorithm; + } + + public OCTET_STRING getIssuerNameHash() + { + return issuerNameHash; + } + + public OCTET_STRING getIssuerKeyHash() + { + return issuerKeyHash; + } + + public INTEGER getSerialNumber() + { + return serialNumber; + } + + /////////////////////////////////////////////////////////////////////// + // Constructors + /////////////////////////////////////////////////////////////////////// + private CertID() { } + + public CertID(AlgorithmIdentifier hashAlgorithm, + OCTET_STRING issuerNameHash, OCTET_STRING issuerKeyHash, + INTEGER serialNumber) + { + sequence = new SEQUENCE(); + + this.hashAlgorithm = hashAlgorithm; + sequence.addElement(hashAlgorithm); + + this.issuerNameHash = issuerNameHash; + sequence.addElement(issuerNameHash); + + this.issuerKeyHash = issuerKeyHash; + sequence.addElement(issuerKeyHash); + + this.serialNumber = serialNumber; + sequence.addElement(serialNumber); + } + + /////////////////////////////////////////////////////////////////////// + // encoding/decoding + /////////////////////////////////////////////////////////////////////// + + private static final Tag TAG = SEQUENCE.TAG; + + public Tag getTag() + { + return TAG; + } + + public void encode(OutputStream ostream) throws IOException + { + encode(TAG, ostream); + } + + public void encode(Tag implicitTag, OutputStream ostream) + throws IOException + { + sequence.encode(implicitTag, ostream); + } + + private static final Template templateInstance = new Template(); + + public static Template getTemplate() { + return templateInstance; + } + + /** + * A Template for decoding a <code>CertID</code>. + */ + public static class Template implements ASN1Template + { + + private SEQUENCE.Template seqt; + + public Template() + { + seqt = new SEQUENCE.Template(); + seqt.addElement( AlgorithmIdentifier.getTemplate() ); + seqt.addElement( OCTET_STRING.getTemplate() ); + seqt.addElement( OCTET_STRING.getTemplate() ); + seqt.addElement( INTEGER.getTemplate() ); + } + + public boolean tagMatch(Tag tag) + { + return TAG.equals(tag); + } + + public ASN1Value decode(InputStream istream) + throws InvalidBERException, IOException + { + return decode(TAG, istream); + } + + public ASN1Value decode(Tag implicitTag, InputStream istream) + throws InvalidBERException, IOException + { + SEQUENCE seq = (SEQUENCE) seqt.decode(implicitTag, istream); + + return new CertID( + (AlgorithmIdentifier) seq.elementAt(0), + (OCTET_STRING) seq.elementAt(1), + (OCTET_STRING) seq.elementAt(2), + (INTEGER) seq.elementAt(3)); + } + } +} diff --git a/pki/base/util/src/com/netscape/cmsutil/ocsp/CertStatus.java b/pki/base/util/src/com/netscape/cmsutil/ocsp/CertStatus.java new file mode 100644 index 000000000..46ba17522 --- /dev/null +++ b/pki/base/util/src/com/netscape/cmsutil/ocsp/CertStatus.java @@ -0,0 +1,37 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cmsutil.ocsp; + +import java.io.*; +import org.mozilla.jss.pkix.primitive.Name; +import org.mozilla.jss.asn1.*; +import org.mozilla.jss.pkix.cert.Extension; + +/** + * RFC 2560: + * + * CertStatus ::= CHOICE { + * good [0] IMPLICIT NULL, + * revoked [1] IMPLICIT RevokedInfo, + * unknown [2] IMPLICIT UnknownInfo } + * + * $Revision: 14564 $ $Date: 2007-05-01 10:40:13 -0700 (Tue, 01 May 2007) $ + */ +public interface CertStatus extends ASN1Value +{ +} diff --git a/pki/base/util/src/com/netscape/cmsutil/ocsp/GoodInfo.java b/pki/base/util/src/com/netscape/cmsutil/ocsp/GoodInfo.java new file mode 100644 index 000000000..c0d99065a --- /dev/null +++ b/pki/base/util/src/com/netscape/cmsutil/ocsp/GoodInfo.java @@ -0,0 +1,100 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cmsutil.ocsp; + +import java.io.*; +import org.mozilla.jss.asn1.*; +import org.mozilla.jss.pkix.primitive.Name; +import org.mozilla.jss.pkix.cert.Extension; + +/** + * RFC 2560: + * + * CertStatus ::= CHOICE { + * good [0] IMPLICIT NULL, + * revoked [1] IMPLICIT RevokedInfo, + * unknown [2] IMPLICIT UnknownInfo } + * + * $Revision: 14564 $ $Date: 2007-05-01 10:40:13 -0700 (Tue, 01 May 2007) $ + */ +public class GoodInfo implements CertStatus +{ + private static final Tag TAG = SEQUENCE.TAG; + + public GoodInfo() + { + } + + public Tag getTag() + { + return Tag.get(0); + } + + public void encode(Tag t, OutputStream os) throws IOException + { + NULL.getInstance().encode(getTag(), os); + } + + public void encode(OutputStream os) throws IOException + { + encode(getTag(), os); + } + + private static final Template templateInstance = new Template(); + + public static Template getTemplate() { + return templateInstance; + } + + /** + * A Template for decoding <code>ResponseBytes</code>. + */ + public static class Template implements ASN1Template + { + + private SEQUENCE.Template seqt; + + public Template() + { + seqt = new SEQUENCE.Template(); + seqt.addElement(new NULL.Template() ); + + } + + public boolean tagMatch(Tag tag) + { + return TAG.equals(tag); + } + + public ASN1Value decode(InputStream istream) + throws InvalidBERException, IOException + { + return decode(TAG, istream); + } + + public ASN1Value decode(Tag implicitTag, InputStream istream) + throws InvalidBERException, IOException + { + // SEQUENCE seq = (SEQUENCE) seqt.decode(implicitTag, + // istream); + + return new GoodInfo(); + + } + } +} diff --git a/pki/base/util/src/com/netscape/cmsutil/ocsp/KeyHashID.java b/pki/base/util/src/com/netscape/cmsutil/ocsp/KeyHashID.java new file mode 100644 index 000000000..77bf18c61 --- /dev/null +++ b/pki/base/util/src/com/netscape/cmsutil/ocsp/KeyHashID.java @@ -0,0 +1,107 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cmsutil.ocsp; + +import java.io.*; +import org.mozilla.jss.pkix.primitive.Name; +import org.mozilla.jss.asn1.*; + +/** + * RFC 2560: + * + * ResponderID ::= CHOICE { + * byName [1] EXPLICIT Name, + * byKey [2] EXPLICIT KeyHash } + * + * $Revision: 14564 $ $Date: 2007-05-01 10:40:13 -0700 (Tue, 01 May 2007) $ + */ +public class KeyHashID implements ResponderID +{ + private OCTET_STRING _hash = null; + private static final Tag TAG = SEQUENCE.TAG; + + public KeyHashID(OCTET_STRING hash) + { + _hash = hash; + } + + public Tag getTag() + { + return Tag.get(2); + } + + public void encode(Tag tag, OutputStream os) throws IOException + { + _hash.encode(os); + } + + public void encode(OutputStream os) throws IOException + { + _hash.encode(os); + } + + public OCTET_STRING getHash() + { + return _hash; + } + + private static final Template templateInstance = new Template(); + + public static Template getTemplate() { + return templateInstance; + } + + /** + * A Template for decoding <code>ResponseBytes</code>. + */ + public static class Template implements ASN1Template + { + + private SEQUENCE.Template seqt; + + public Template() + { + seqt = new SEQUENCE.Template(); +// seqt.addElement(new EXPLICIT.Template( + // new Tag (2), new OCTET_STRING.Template()) ); + seqt.addElement(new OCTET_STRING.Template() ); + + } + + public boolean tagMatch(Tag tag) + { + return TAG.equals(tag); + } + + public ASN1Value decode(InputStream istream) + throws InvalidBERException, IOException + { + return decode(TAG, istream); + } + + public ASN1Value decode(Tag implicitTag, InputStream istream) + throws InvalidBERException, IOException + { + SEQUENCE seq = (SEQUENCE) seqt.decode(implicitTag, + istream); + + OCTET_STRING o = (OCTET_STRING)seq.elementAt(0); + return new KeyHashID(o); + } + } +} diff --git a/pki/base/util/src/com/netscape/cmsutil/ocsp/NameID.java b/pki/base/util/src/com/netscape/cmsutil/ocsp/NameID.java new file mode 100644 index 000000000..2645c64f2 --- /dev/null +++ b/pki/base/util/src/com/netscape/cmsutil/ocsp/NameID.java @@ -0,0 +1,108 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cmsutil.ocsp; + +import java.io.*; +import org.mozilla.jss.asn1.*; +import org.mozilla.jss.pkix.primitive.Name; + +/** + * RFC 2560: + * + * ResponderID ::= CHOICE { + * byName [1] EXPLICIT Name, + * byKey [2] EXPLICIT KeyHash } + * + * $Revision: 14564 $ $Date: 2007-05-01 10:40:13 -0700 (Tue, 01 May 2007) $ + */ +public class NameID implements ResponderID +{ + private Name _name = null; + private static final Tag TAG = SEQUENCE.TAG; + + public NameID(Name n) + { + _name = n; + } + + public Tag getTag() + { + return Tag.get(1); + } + + public void encode(Tag tag, OutputStream os) throws IOException + { + _name.encode(os); + } + + public void encode(OutputStream os) throws IOException + { + _name.encode(os); + } + + public Name getName() + { + return _name; + } + + private static final Template templateInstance = new Template(); + + public static Template getTemplate() { + return templateInstance; + } + + /** + * A Template for decoding <code>ResponseBytes</code>. + */ + public static class Template implements ASN1Template + { + + private SEQUENCE.Template seqt; + + public Template() + { + seqt = new SEQUENCE.Template(); + // seqt.addElement(new EXPLICIT.Template( + // new Tag (1), new Name.Template()) ); + seqt.addElement(new Name.Template()); + + } + + public boolean tagMatch(Tag tag) + { + return TAG.equals(tag); + } + + public ASN1Value decode(InputStream istream) + throws InvalidBERException, IOException + { + return decode(TAG, istream); + } + + public ASN1Value decode(Tag implicitTag, InputStream istream) + throws InvalidBERException, IOException + { + SEQUENCE seq = (SEQUENCE) seqt.decode(implicitTag, + istream); + + // EXPLICIT e_name = (EXPLICIT) seq.elementAt(0); + Name name = (Name)seq.elementAt(0); + return new NameID(name); + } + } +} diff --git a/pki/base/util/src/com/netscape/cmsutil/ocsp/OCSPRequest.java b/pki/base/util/src/com/netscape/cmsutil/ocsp/OCSPRequest.java new file mode 100644 index 000000000..5181f488b --- /dev/null +++ b/pki/base/util/src/com/netscape/cmsutil/ocsp/OCSPRequest.java @@ -0,0 +1,148 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cmsutil.ocsp; + +import org.mozilla.jss.asn1.*; +import java.io.*; + +/** + * RFC 2560: + * + * OCSPRequest ::= SEQUENCE { + * tbsRequest TBSRequest, + * optionalSignature [0] EXPLICIT Signature OPTIONAL } + * + * $Revision: 14564 $ $Date: 2007-05-01 10:40:13 -0700 (Tue, 01 May 2007) $ + */ + +public class OCSPRequest implements ASN1Value +{ + + /////////////////////////////////////////////////////////////////////// + // Members and member access + /////////////////////////////////////////////////////////////////////// + private TBSRequest tbsRequest; + private Signature optionalSignature; + private SEQUENCE sequence; + + /** + * Returns the <code>TBSRequest</code> field. + */ + public TBSRequest getTBSRequest() + { + return tbsRequest; + } + + /** + * Returns the <code>Signature</code> field. + */ + public Signature getSignature() + { + return optionalSignature; + } + + /////////////////////////////////////////////////////////////////////// + // Constructors + /////////////////////////////////////////////////////////////////////// + private OCSPRequest() { } + + /* THIS code is probably broken. It does not properly encode the explicit element */ + + public OCSPRequest(TBSRequest tbsRequest, Signature optionalSignature) + { + sequence = new SEQUENCE(); + + this.tbsRequest = tbsRequest; + sequence.addElement(tbsRequest); + + this.optionalSignature = optionalSignature; + if (optionalSignature != null) { + sequence.addElement(optionalSignature); + } + } + + /////////////////////////////////////////////////////////////////////// + // encoding/decoding + /////////////////////////////////////////////////////////////////////// + private static final Tag TAG = SEQUENCE.TAG; + + public Tag getTag() + { + return TAG; + } + + public void encode(OutputStream ostream) throws IOException + { + encode(TAG, ostream); + } + + public void encode(Tag implicitTag, OutputStream ostream) + throws IOException + { + sequence.encode(implicitTag, ostream); + } + + private static final Template templateInstance = new Template(); + + public static Template getTemplate() + { + return templateInstance; + } + + /** + * A Template for decoding OCSPRequest. + */ + public static class Template implements ASN1Template + { + + private SEQUENCE.Template seqt; + + public Template() + { + seqt = new SEQUENCE.Template(); + seqt.addElement(TBSRequest.getTemplate()); + seqt.addOptionalElement( new EXPLICIT.Template( new Tag(0), + new Signature.Template()) ); + } + + public boolean tagMatch(Tag tag) + { + return TAG.equals(tag); + } + + public ASN1Value decode(InputStream istream) + throws InvalidBERException, IOException + { + return decode(TAG, istream); + } + + public ASN1Value decode(Tag implicitTag, InputStream istream) + throws InvalidBERException, IOException + { + SEQUENCE seq = (SEQUENCE) seqt.decode(istream); + Signature signature = null; + if (seq.elementAt(1) != null) { + signature = (Signature)((EXPLICIT)seq.elementAt(1)).getContent(); + } + + return new OCSPRequest( + (TBSRequest) seq.elementAt(0), + signature); + } + } +} diff --git a/pki/base/util/src/com/netscape/cmsutil/ocsp/OCSPResponse.java b/pki/base/util/src/com/netscape/cmsutil/ocsp/OCSPResponse.java new file mode 100644 index 000000000..48d5a632f --- /dev/null +++ b/pki/base/util/src/com/netscape/cmsutil/ocsp/OCSPResponse.java @@ -0,0 +1,142 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cmsutil.ocsp; + +import org.mozilla.jss.asn1.*; +import java.io.*; + +/** + * RFC 2560: + * + * OCSPResponse ::= SEQUENCE { + * responseStatus OCSPResponseStatus, + * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL } + * + * $Revision: 14564 $ $Date: 2007-05-01 10:40:13 -0700 (Tue, 01 May 2007) $ + */ +public class OCSPResponse implements ASN1Value +{ + /////////////////////////////////////////////////////////////////////// + // Members and member access + /////////////////////////////////////////////////////////////////////// + private OCSPResponseStatus responseStatus = null; + private ResponseBytes responseBytes = null; + private SEQUENCE sequence; + + public OCSPResponseStatus getResponseStatus() + { + return responseStatus; + } + + public ResponseBytes getResponseBytes() + { + return responseBytes; + } + + /////////////////////////////////////////////////////////////////////// + // Constructors + /////////////////////////////////////////////////////////////////////// + private OCSPResponse() { } + + public OCSPResponse(OCSPResponseStatus responseStatus, + ResponseBytes responseBytes) + { + sequence = new SEQUENCE(); + + this.responseStatus = responseStatus; + sequence.addElement(responseStatus); + + this.responseBytes = responseBytes; + sequence.addElement(new EXPLICIT(Tag.get(0), responseBytes)); + } + + /////////////////////////////////////////////////////////////////////// + // encoding/decoding + /////////////////////////////////////////////////////////////////////// + + private static final Tag TAG = SEQUENCE.TAG; + + public Tag getTag() + { + return TAG; + } + + public void encode(OutputStream ostream) throws IOException + { + encode(TAG, ostream); + } + + public void encode(Tag implicitTag, OutputStream ostream) + throws IOException + { + sequence.encode(implicitTag, ostream); + } + + private static final Template templateInstance = new Template(); + + public static Template getTemplate() { + return templateInstance; + } + + /** + * A Template for decoding an <code>OCSPResponse</code>. + */ + public static class Template implements ASN1Template + { + + private SEQUENCE.Template seqt; + + public Template() + { + seqt = new SEQUENCE.Template(); + seqt.addElement( OCSPResponseStatus.getTemplate() ); + seqt.addOptionalElement( + new EXPLICIT.Template( + new Tag (0), new ResponseBytes.Template()) ); + + } + + public boolean tagMatch(Tag tag) + { + return TAG.equals(tag); + } + + public ASN1Value decode(InputStream istream) + throws InvalidBERException, IOException + { + return decode(TAG, istream); + } + + public ASN1Value decode(Tag implicitTag, InputStream istream) + throws InvalidBERException, IOException + { + SEQUENCE seq = (SEQUENCE) seqt.decode(implicitTag, istream); + + OCSPResponseStatus rs = (OCSPResponseStatus) seq.elementAt(0); + ResponseBytes rb = null; + ASN1Value val = seq.elementAt(1); + if (val instanceof EXPLICIT) { + EXPLICIT exp = (EXPLICIT)val; + rb = (ResponseBytes)exp.getContent(); + } else { + rb = (ResponseBytes)val; + } + return new OCSPResponse(rs, rb); + } + } +} diff --git a/pki/base/util/src/com/netscape/cmsutil/ocsp/OCSPResponseStatus.java b/pki/base/util/src/com/netscape/cmsutil/ocsp/OCSPResponseStatus.java new file mode 100644 index 000000000..34f179f7d --- /dev/null +++ b/pki/base/util/src/com/netscape/cmsutil/ocsp/OCSPResponseStatus.java @@ -0,0 +1,126 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cmsutil.ocsp; + +import org.mozilla.jss.asn1.*; +import java.io.*; + +/** + * RFC 2560: + * + * OCSPResponseStatus ::= ENUMERATED { + * successful (0), --Response has valid confirmations + * malformedRequest (1), --Illegal confirmation request + * internalError (2), --Internal error in issuer + * tryLater (3), --Try again later + * --(4) is not used + * sigRequired (5), --Must sign the request + * unauthorized (6) --Request unauthorized + * } + * + * $Revision: 14564 $ $Date: 2007-05-01 10:40:13 -0700 (Tue, 01 May 2007) $ + */ +public class OCSPResponseStatus implements ASN1Value +{ + /////////////////////////////////////////////////////////////////////// + // Members and member access + /////////////////////////////////////////////////////////////////////// + public final static OCSPResponseStatus SUCCESSFUL = + new OCSPResponseStatus(0); + public final static OCSPResponseStatus MALFORMED_REQUEST = + new OCSPResponseStatus(1); + public final static OCSPResponseStatus INTERNAL_ERROR = + new OCSPResponseStatus(2); + public final static OCSPResponseStatus TRY_LATER = + new OCSPResponseStatus(3); + public final static OCSPResponseStatus SIG_REQUIRED = + new OCSPResponseStatus(5); + public final static OCSPResponseStatus UNAUTHORIZED = + new OCSPResponseStatus(6); + + private ENUMERATED responseStatus; + + public long getValue() + { + return responseStatus.getValue(); + } + + /////////////////////////////////////////////////////////////////////// + // Constructors + /////////////////////////////////////////////////////////////////////// + private OCSPResponseStatus() { } + + public OCSPResponseStatus(long val) + { + responseStatus = new ENUMERATED(val); + } + + /////////////////////////////////////////////////////////////////////// + // encoding/decoding + /////////////////////////////////////////////////////////////////////// + + private static final Tag TAG = ENUMERATED.TAG; + + public Tag getTag() + { + return TAG; + } + + public void encode(OutputStream ostream) throws IOException + { + encode(TAG, ostream); + } + + public void encode(Tag implicitTag, OutputStream ostream) + throws IOException + { + responseStatus.encode(implicitTag, ostream); + } + + private static final Template templateInstance = new Template(); + + public static Template getTemplate() { + return templateInstance; + } + + /** + * A Template for decoding an <code>OCSPResponseStatus</code>. + */ + public static class Template implements ASN1Template + { + public boolean tagMatch(Tag tag) + { + return TAG.equals(tag); + } + + public ASN1Value decode(InputStream istream) + throws InvalidBERException, IOException + { + return decode(TAG, istream); + } + + public ASN1Value decode(Tag implicitTag, InputStream istream) + throws InvalidBERException, IOException + { + ENUMERATED.Template enumt = new ENUMERATED.Template(); + ENUMERATED enum1 = (ENUMERATED) enumt.decode(implicitTag, istream); + + return new OCSPResponseStatus(enum1.getValue()); + } + } +} diff --git a/pki/base/util/src/com/netscape/cmsutil/ocsp/Request.java b/pki/base/util/src/com/netscape/cmsutil/ocsp/Request.java new file mode 100644 index 000000000..55a5cbfde --- /dev/null +++ b/pki/base/util/src/com/netscape/cmsutil/ocsp/Request.java @@ -0,0 +1,157 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cmsutil.ocsp; + +import org.mozilla.jss.pkix.cert.Extension; +import org.mozilla.jss.asn1.*; +import java.io.*; + +/** + * RFC 2560: + * + * Request ::= SEQUENCE { + * reqCert CertID, + * singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL } + * + * $Revision: 14564 $ $Date: 2007-05-01 10:40:13 -0700 (Tue, 01 May 2007) $ + */ + +public class Request implements ASN1Value +{ + /////////////////////////////////////////////////////////////////////// + // members and member access + /////////////////////////////////////////////////////////////////////// + private CertID reqCert = null; + private SEQUENCE singleRequestExtensions = null; + private SEQUENCE sequence = null; + + public CertID getCertID() + { + return reqCert; + } + + public int getExtensionsCount() + { + if(singleRequestExtensions == null) { + return 0; + } else { + return singleRequestExtensions.size(); + } + } + + public Extension getRequestExtensionAt(int index) + { + if(singleRequestExtensions == null) { + throw new ArrayIndexOutOfBoundsException(); + } + return (Extension) singleRequestExtensions.elementAt(index); + } + + /////////////////////////////////////////////////////////////////////// + // constructors + /////////////////////////////////////////////////////////////////////// + private Request() { } + + public Request(CertID reqCert, SEQUENCE singleRequestExtensions) + { + sequence = new SEQUENCE(); + + this.reqCert = reqCert; + sequence.addElement(reqCert); + + if (singleRequestExtensions != null) { + this.singleRequestExtensions = singleRequestExtensions; + sequence.addElement(singleRequestExtensions); + } + } + + /////////////////////////////////////////////////////////////////////// + // encode / decode + /////////////////////////////////////////////////////////////////////// + private static final Tag TAG = SEQUENCE.TAG; + + public Tag getTag() + { + return TAG; + } + + public void encode(OutputStream ostream) throws IOException + { + encode(TAG, ostream); + } + + public void encode(Tag implicitTag, OutputStream ostream) + throws IOException + { + sequence.encode(implicitTag, ostream); + } + + private static final Template templateInstance = new Template(); + + public static Template getTemplate() + { + return templateInstance; + } + + /** + * A Template for decoding Request. + */ + public static class Template implements ASN1Template + { + + private SEQUENCE.Template seqt; + + public Template() + { + seqt = new SEQUENCE.Template(); + seqt.addElement( CertID.getTemplate() ); + seqt.addOptionalElement(new EXPLICIT.Template(new Tag(0), + new SEQUENCE.OF_Template(new Extension.Template()) )); + } + + public boolean tagMatch(Tag tag) + { + return TAG.equals(tag); + } + + public ASN1Value decode(InputStream istream) + throws InvalidBERException, IOException + { + return decode(TAG, istream); + } + + public ASN1Value decode(Tag implicitTag, InputStream istream) + throws InvalidBERException, IOException + { + SEQUENCE seq = (SEQUENCE) seqt.decode(implicitTag, istream); + + EXPLICIT tag = (EXPLICIT) seq.elementAt(1); + + if (tag == null) { + return new Request( + (CertID) seq.elementAt(0), + (SEQUENCE) null); + } + else { + return new Request( + (CertID) seq.elementAt(0), + (SEQUENCE) tag.getContent()); + } + } + } +} diff --git a/pki/base/util/src/com/netscape/cmsutil/ocsp/ResponderID.java b/pki/base/util/src/com/netscape/cmsutil/ocsp/ResponderID.java new file mode 100644 index 000000000..f770b6200 --- /dev/null +++ b/pki/base/util/src/com/netscape/cmsutil/ocsp/ResponderID.java @@ -0,0 +1,36 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cmsutil.ocsp; + +import java.io.OutputStream; +import org.mozilla.jss.pkix.primitive.*; +import org.mozilla.jss.asn1.*; + + +/** + * RFC 2560: + * + * ResponderID ::= CHOICE { + * byName [1] EXPLICIT Name, + * byKey [2] EXPLICIT KeyHash } + * + * $Revision: 14564 $ $Date: 2007-05-01 10:40:13 -0700 (Tue, 01 May 2007) $ + */ +public interface ResponderID extends ASN1Value +{ +} diff --git a/pki/base/util/src/com/netscape/cmsutil/ocsp/Response.java b/pki/base/util/src/com/netscape/cmsutil/ocsp/Response.java new file mode 100644 index 000000000..2a3f15bb4 --- /dev/null +++ b/pki/base/util/src/com/netscape/cmsutil/ocsp/Response.java @@ -0,0 +1,33 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cmsutil.ocsp; + +import java.io.*; +import org.mozilla.jss.asn1.*; + +/** + * RFC 2560: + * + * response OCTET STRING + * + * $Revision: 14564 $ $Date: 2007-05-01 10:40:13 -0700 (Tue, 01 May 2007) $ + */ +public interface Response extends ASN1Value +{ + public OCTET_STRING getBytes(); +} diff --git a/pki/base/util/src/com/netscape/cmsutil/ocsp/ResponseBytes.java b/pki/base/util/src/com/netscape/cmsutil/ocsp/ResponseBytes.java new file mode 100644 index 000000000..51077b00f --- /dev/null +++ b/pki/base/util/src/com/netscape/cmsutil/ocsp/ResponseBytes.java @@ -0,0 +1,136 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cmsutil.ocsp; + +import org.mozilla.jss.asn1.*; +import java.io.*; + +/** + * RFC 2560: + * + * ResponseBytes ::= SEQUENCE { + * responseType OBJECT IDENTIFIER, + * response OCTET STRING } + * + * $Revision: 14564 $ $Date: 2007-05-01 10:40:13 -0700 (Tue, 01 May 2007) $ + */ +public class ResponseBytes implements ASN1Value +{ + /////////////////////////////////////////////////////////////////////// + // Members and member access + /////////////////////////////////////////////////////////////////////// + public final static OBJECT_IDENTIFIER OCSP = + new OBJECT_IDENTIFIER("1.3.6.1.5.5.7.48.1"); + public final static OBJECT_IDENTIFIER OCSP_BASIC = + new OBJECT_IDENTIFIER("1.3.6.1.5.5.7.48.1.1"); + + private OBJECT_IDENTIFIER responseType = null; + private OCTET_STRING response = null; + private SEQUENCE sequence; + + public OBJECT_IDENTIFIER getObjectIdentifier() + { + return responseType; + } + + public OCTET_STRING getResponse() + { + return response; + } + + /////////////////////////////////////////////////////////////////////// + // Constructors + /////////////////////////////////////////////////////////////////////// + private ResponseBytes() { } + + public ResponseBytes(OBJECT_IDENTIFIER responseType, OCTET_STRING response) + { + sequence = new SEQUENCE(); + + this.responseType = responseType; + sequence.addElement(responseType); + + this.response = response; + sequence.addElement(response); + } + + /////////////////////////////////////////////////////////////////////// + // encoding/decoding + /////////////////////////////////////////////////////////////////////// + + private static final Tag TAG = SEQUENCE.TAG; + + public Tag getTag() + { + return TAG; + } + + public void encode(OutputStream ostream) throws IOException + { + encode(TAG, ostream); + } + + public void encode(Tag implicitTag, OutputStream ostream) + throws IOException + { + sequence.encode(implicitTag, ostream); + } + + private static final Template templateInstance = new Template(); + + public static Template getTemplate() { + return templateInstance; + } + + /** + * A Template for decoding <code>ResponseBytes</code>. + */ + public static class Template implements ASN1Template + { + + private SEQUENCE.Template seqt; + + public Template() + { + seqt = new SEQUENCE.Template(); + seqt.addElement( OBJECT_IDENTIFIER.getTemplate() ); + seqt.addElement( OCTET_STRING.getTemplate() ); + } + + public boolean tagMatch(Tag tag) + { + return TAG.equals(tag); + } + + public ASN1Value decode(InputStream istream) + throws InvalidBERException, IOException + { + return decode(TAG, istream); + } + + public ASN1Value decode(Tag implicitTag, InputStream istream) + throws InvalidBERException, IOException + { + SEQUENCE seq = (SEQUENCE) seqt.decode(implicitTag, istream); + + return new ResponseBytes( + (OBJECT_IDENTIFIER) seq.elementAt(0), + (OCTET_STRING) seq.elementAt(1)); + } + } +} diff --git a/pki/base/util/src/com/netscape/cmsutil/ocsp/ResponseData.java b/pki/base/util/src/com/netscape/cmsutil/ocsp/ResponseData.java new file mode 100644 index 000000000..3625ace85 --- /dev/null +++ b/pki/base/util/src/com/netscape/cmsutil/ocsp/ResponseData.java @@ -0,0 +1,213 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cmsutil.ocsp; + +import java.io.*; +import java.io.OutputStream; +import org.mozilla.jss.asn1.*; +import org.mozilla.jss.asn1.BIT_STRING; +import org.mozilla.jss.pkix.primitive.AlgorithmIdentifier; +import org.mozilla.jss.pkix.cert.Certificate; +import org.mozilla.jss.asn1.GeneralizedTime; +import org.mozilla.jss.pkix.cert.Extension; + +/** + * RFC 2560: + * + * ResponseData ::= SEQUENCE { + * version [0] EXPLICIT Version DEFAULT v1, + * responderID ResponderID, + * producedAt GeneralizedTime, + * responses SEQUENCE OF SingleResponse, + * responseExtensions [1] EXPLICIT Extensions OPTIONAL } + * + * $Revision: 14564 $ $Date: 2007-05-01 10:40:13 -0700 (Tue, 01 May 2007) $ + */ +public class ResponseData implements ASN1Value +{ + private ResponderID mRID = null; + private GeneralizedTime mProduced = null; + private SingleResponse mSR[] = null; + private Extension mExts[] = null; + + private static final Tag TAG = SEQUENCE.TAG; + + public ResponseData(ResponderID rid, GeneralizedTime produced, + SingleResponse sr[]) + { + this(rid, produced, sr, null); + } + + public ResponseData(ResponderID rid, GeneralizedTime produced, + SingleResponse sr[], Extension exts[]) + { + mRID = rid; + mProduced = produced; + mSR = sr; + mExts = exts; + } + + public Tag getTag() + { + return TAG; + } + + public void encode(OutputStream os) throws IOException + { + encode(null, os); + } + + public void encode(Tag t, OutputStream os) throws IOException + { + SEQUENCE seq = new SEQUENCE(); + seq.addElement(new EXPLICIT(Tag.get(0), new INTEGER(0))); + seq.addElement(new EXPLICIT(mRID.getTag(), mRID)); + seq.addElement(mProduced); + SEQUENCE responses = new SEQUENCE(); + for (int i = 0; i < mSR.length; i++) { + responses.addElement(mSR[i]); + } + seq.addElement(responses); + if (mExts != null) { + SEQUENCE exts = new SEQUENCE(); + for (int i = 0; i < mExts.length; i++) { + exts.addElement(mExts[i]); + } + seq.addElement(new EXPLICIT(Tag.get(1), exts)); + } + if (t == null) { + seq.encode(os); + } else { + seq.encode(t, os); + } + } + + public ResponderID getResponderID() + { + return mRID; + } + + public GeneralizedTime getProducedAt() + { + return mProduced; + } + + public int getResponseCount() + { + if (mSR == null) + return 0; + else + return mSR.length; + } + + public SingleResponse getResponseAt(int pos) + { + if (mSR == null) + return null; + else + return mSR[pos]; + } + + public int getResponseExtensionCount() + { + return 0; + } + + public Extension getResponseExtensionAt(int pos) + { + return null; + } + + private static final Template templateInstance = new Template(); + + public static Template getTemplate() { + return templateInstance; + } + + /** + * A Template for decoding <code>ResponseBytes</code>. + */ + public static class Template implements ASN1Template + { + + private SEQUENCE.Template seqt; + + public Template() + { + seqt = new SEQUENCE.Template(); + seqt.addOptionalElement(new EXPLICIT.Template( + new Tag (0), new INTEGER.Template()) ); + seqt.addElement(new ANY.Template() ); + seqt.addElement(new GeneralizedTime.Template() ); + seqt.addElement(new SEQUENCE.OF_Template( + SingleResponse.getTemplate())); + seqt.addOptionalElement(new EXPLICIT.Template( + new Tag(1), new SEQUENCE.OF_Template( + Extension.getTemplate()))); + + } + + public boolean tagMatch(Tag tag) + { + return TAG.equals(tag); + } + + public ASN1Value decode(InputStream istream) + throws InvalidBERException, IOException + { + return decode(TAG, istream); + } + + public ASN1Value decode(Tag implicitTag, InputStream istream) + throws InvalidBERException, IOException + { + SEQUENCE seq = (SEQUENCE) seqt.decode(implicitTag, + istream); + + INTEGER ver = null; + EXPLICIT e_ver = (EXPLICIT)seq.elementAt(0); + if (e_ver != null && e_ver.getTag().getNum() == 0) { + ver = (INTEGER)e_ver.getContent(); + } + ResponderID rid = null; + ANY e_rid = (ANY)seq.elementAt(1); + if (e_rid.getTag().getNum() == 1) { + // name id + rid = (NameID) + NameID.getTemplate().decode(e_rid.getTag(), + new ByteArrayInputStream(e_rid.getEncoded())); + } else if (e_rid.getTag().getNum() == 2) { + // key hash id + rid = (KeyHashID) + KeyHashID.getTemplate().decode(e_rid.getTag(), + new ByteArrayInputStream(e_rid.getEncoded())); + } + GeneralizedTime producedAt = (GeneralizedTime) + seq.elementAt(2); + SEQUENCE responses = (SEQUENCE)seq.elementAt(3); + SingleResponse sr[] = null; + if (responses.size() > 0) { + sr = new SingleResponse[responses.size()]; + for (int i = 0; i < responses.size(); i++) { + sr[i] = (SingleResponse)responses.elementAt(i); + } + } + return new ResponseData(rid, producedAt, sr); + } + } +} diff --git a/pki/base/util/src/com/netscape/cmsutil/ocsp/RevokedInfo.java b/pki/base/util/src/com/netscape/cmsutil/ocsp/RevokedInfo.java new file mode 100644 index 000000000..2576d1de0 --- /dev/null +++ b/pki/base/util/src/com/netscape/cmsutil/ocsp/RevokedInfo.java @@ -0,0 +1,113 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cmsutil.ocsp; + +import java.io.*; +import org.mozilla.jss.asn1.*; + +/** + * RFC 2560: + * + * RevokedInfo ::= SEQUENCE { + * revocationTime GeneralizedTime, + * revocationReason [0] EXPLICIT CRLReason OPTIONAL } + * + * $Revision: 14564 $ $Date: 2007-05-01 10:40:13 -0700 (Tue, 01 May 2007) $ + */ +public class RevokedInfo implements CertStatus +{ + private static final Tag TAG = SEQUENCE.TAG; + + private GeneralizedTime mRevokedAt; + + public RevokedInfo(GeneralizedTime revokedAt) + { + mRevokedAt = revokedAt; + } + + public Tag getTag() + { + return Tag.get(1); + } + + public void encode(Tag t, OutputStream os) throws IOException + { + SEQUENCE seq = new SEQUENCE(); + seq.addElement(mRevokedAt); + seq.encode(t, os); + } + + public void encode(OutputStream os) throws IOException + { + encode(getTag(), os); + } + + public GeneralizedTime getRevocationTime() + { + return mRevokedAt; + } + + + private static final Template templateInstance = new Template(); + + public static Template getTemplate() { + return templateInstance; + } + + /** + * A Template for decoding <code>ResponseBytes</code>. + */ + public static class Template implements ASN1Template + { + + private SEQUENCE.Template seqt; + + public Template() + { + seqt = new SEQUENCE.Template(); + seqt.addElement(new GeneralizedTime.Template() ); + seqt.addOptionalElement( + new EXPLICIT.Template( new Tag(0), + new INTEGER.Template()) ); + + } + + public boolean tagMatch(Tag tag) + { + return TAG.equals(tag); + } + + public ASN1Value decode(InputStream istream) + throws InvalidBERException, IOException + { + return decode(TAG, istream); + } + + public ASN1Value decode(Tag implicitTag, InputStream istream) + throws InvalidBERException, IOException + { + SEQUENCE seq = (SEQUENCE) seqt.decode(implicitTag, + istream); + + GeneralizedTime revokedAt = (GeneralizedTime) + seq.elementAt(0); + return new RevokedInfo(revokedAt); + + } + } +} diff --git a/pki/base/util/src/com/netscape/cmsutil/ocsp/Signature.java b/pki/base/util/src/com/netscape/cmsutil/ocsp/Signature.java new file mode 100644 index 000000000..bfd60d079 --- /dev/null +++ b/pki/base/util/src/com/netscape/cmsutil/ocsp/Signature.java @@ -0,0 +1,168 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cmsutil.ocsp; + +import org.mozilla.jss.pkix.primitive.AlgorithmIdentifier; +import org.mozilla.jss.pkix.cert.Certificate; +import org.mozilla.jss.asn1.*; +import java.io.*; + +/** + * RFC 2560: + * + * Signature ::= SEQUENCE { + * signatureAlgorithm AlgorithmIdentifier, + * signature BIT STRING, + * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } + * + * $Revision: 14564 $ $Date: 2007-05-01 10:40:13 -0700 (Tue, 01 May 2007) $ + */ + +public class Signature implements ASN1Value +{ + /////////////////////////////////////////////////////////////////////// + // Members and member access + /////////////////////////////////////////////////////////////////////// + private AlgorithmIdentifier signatureAlgorithm; + private BIT_STRING signature; + private SEQUENCE certs; + private SEQUENCE sequence; + + public AlgorithmIdentifier getSignatureAlgorithm() + { + return signatureAlgorithm; + } + + public BIT_STRING getSignature() + { + return signature; + } + + public int getCertificateCount() + { + if(certs == null) { + return 0; + } else { + return certs.size(); + } + } + + public Certificate getCertificateAt(int index) + { + if(certs == null) { + throw new ArrayIndexOutOfBoundsException(); + } + return (Certificate) certs.elementAt(index); + } + + /////////////////////////////////////////////////////////////////////// + // constructors + /////////////////////////////////////////////////////////////////////// + private Signature() { } + + public Signature(AlgorithmIdentifier signatureAlgorithm, + BIT_STRING signature, SEQUENCE certs) + { + sequence = new SEQUENCE(); + + this.signatureAlgorithm = signatureAlgorithm; + sequence.addElement(signatureAlgorithm); + + this.signature = signature; + sequence.addElement(signature); + + this.certs = certs; + sequence.addElement(certs); + } + + /////////////////////////////////////////////////////////////////////// + // encode / decode + /////////////////////////////////////////////////////////////////////// + private static final Tag TAG = SEQUENCE.TAG; + + public Tag getTag() + { + return TAG; + } + + public void encode(OutputStream ostream) throws IOException + { + encode(TAG, ostream); + } + + public void encode(Tag implicitTag, OutputStream ostream) + throws IOException + { + sequence.encode(implicitTag, ostream); + } + + private static final Template templateInstance = new Template(); + + public static Template getTemplate() + { + return templateInstance; + } + + /** + * A Template for decoding Request. + */ + public static class Template implements ASN1Template + { + + private SEQUENCE.Template seqt; + + public Template() + { + seqt = new SEQUENCE.Template(); + seqt.addElement( AlgorithmIdentifier.getTemplate() ); + seqt.addElement( BIT_STRING.getTemplate() ); + seqt.addOptionalElement( + new EXPLICIT.Template( + new Tag(0), + new SEQUENCE.OF_Template( new Certificate.Template()) + ) + ); + } + + public boolean tagMatch(Tag tag) + { + return TAG.equals(tag); + } + + public ASN1Value decode(InputStream istream) + throws InvalidBERException, IOException + { + return decode(TAG, istream); + } + + public ASN1Value decode(Tag implicitTag, InputStream istream) + throws InvalidBERException, IOException + { + SEQUENCE seq = (SEQUENCE) seqt.decode(implicitTag, istream); + SEQUENCE certs=null; + if( seq.elementAt(2) != null ) { + certs = (SEQUENCE) ((EXPLICIT)seq.elementAt(2)).getContent(); + } + + return new Signature( + (AlgorithmIdentifier) seq.elementAt(0), + (BIT_STRING) seq.elementAt(1), + certs); + } + } +} diff --git a/pki/base/util/src/com/netscape/cmsutil/ocsp/SingleResponse.java b/pki/base/util/src/com/netscape/cmsutil/ocsp/SingleResponse.java new file mode 100644 index 000000000..6129836e3 --- /dev/null +++ b/pki/base/util/src/com/netscape/cmsutil/ocsp/SingleResponse.java @@ -0,0 +1,187 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cmsutil.ocsp; + +import java.io.*; +import org.mozilla.jss.asn1.*; +import org.mozilla.jss.pkix.primitive.Name; +import org.mozilla.jss.pkix.cert.Extension; + +/** + * RFC 2560: + * + * SingleResponse ::= SEQUENCE { + * certID CertID, + * certStatus CertStatus, + * thisUpdate GeneralizedTime, + * nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, + * singleExtensions [1] EXPLICIT Extensions OPTIONAL } + * + * $Revision: 14564 $ $Date: 2007-05-01 10:40:13 -0700 (Tue, 01 May 2007) $ + */ +public class SingleResponse implements ASN1Value +{ + private CertID mCID = null; + private CertStatus mStatus = null; + private GeneralizedTime mThisUpdate = null; + private GeneralizedTime mNextUpdate = null; + + private static final Tag TAG = SEQUENCE.TAG; + + public SingleResponse(CertID cid, CertStatus s, + GeneralizedTime thisUpdate, GeneralizedTime nextUpdate) + { + mCID = cid; + mStatus = s; + mThisUpdate = thisUpdate; + mNextUpdate = nextUpdate; + } + + public CertID getCertID() + { + return mCID; + } + + public Tag getTag() + { + return null; + } + + public void encode(Tag t, OutputStream os) throws IOException + { + SEQUENCE seq = new SEQUENCE(); + seq.addElement(mCID); + seq.addElement(mStatus); + seq.addElement(mThisUpdate); + if (mNextUpdate != null) + { + seq.addElement(new EXPLICIT(Tag.get(0), mNextUpdate)); + } + if (t == null) { + seq.encode(os); + } else { + seq.encode(t, os); + } + } + + public void encode(OutputStream os) throws IOException + { + encode(null, os); + } + + public CertStatus getCertStatus() + { + return mStatus; + } + + public GeneralizedTime getThisUpdate() + { + return mThisUpdate; + } + + public GeneralizedTime getNextUpdate() + { + return mNextUpdate; + } + + public int getExtensionCount() + { + return 0; + } + + public Extension getExtensionAt(int pos) + { + return null; + } + + private static final Template templateInstance = new Template(); + + public static Template getTemplate() { + return templateInstance; + } + + /** + * A Template for decoding <code>ResponseBytes</code>. + */ + public static class Template implements ASN1Template + { + + private SEQUENCE.Template seqt; + + public Template() + { + seqt = new SEQUENCE.Template(); + seqt.addElement(new CertID.Template() ); + seqt.addElement(new ANY.Template() ); + seqt.addElement(new GeneralizedTime.Template() ); + seqt.addOptionalElement(new EXPLICIT.Template( + new Tag(0), new GeneralizedTime.Template())); + seqt.addOptionalElement(new EXPLICIT.Template(new Tag(1), + new SEQUENCE.OF_Template(new Extension.Template()))); + + } + + public boolean tagMatch(Tag tag) + { + return TAG.equals(tag); + } + + public ASN1Value decode(InputStream istream) + throws InvalidBERException, IOException + { + return decode(TAG, istream); + } + + public ASN1Value decode(Tag implicitTag, InputStream istream) + throws InvalidBERException, IOException + { + SEQUENCE seq = (SEQUENCE) seqt.decode(implicitTag, + istream); + + CertID cid = (CertID)seq.elementAt(0); + CertStatus status = null; + ANY e_status = (ANY)seq.elementAt(1); + if (e_status.getTag().getNum() == 0) { + status = (GoodInfo) + GoodInfo.getTemplate().decode( + e_status.getTag(), + new ByteArrayInputStream(e_status.getEncoded())); + // good + } else if (e_status.getTag().getNum() == 1) { + // revoked + status = (RevokedInfo) + RevokedInfo.getTemplate().decode( + e_status.getTag(), + new ByteArrayInputStream(e_status.getEncoded())); + } else if (e_status.getTag().getNum() == 2) { + // unknown + status = (UnknownInfo) + UnknownInfo.getTemplate().decode( + e_status.getTag(), + new ByteArrayInputStream(e_status.getEncoded())); + } + GeneralizedTime thisUpdate = (GeneralizedTime) + seq.elementAt(2); + GeneralizedTime nextUpdate = null; + + return new SingleResponse(cid, status, thisUpdate, + nextUpdate); + + } + } +} diff --git a/pki/base/util/src/com/netscape/cmsutil/ocsp/TBSRequest.java b/pki/base/util/src/com/netscape/cmsutil/ocsp/TBSRequest.java new file mode 100644 index 000000000..5387adbbe --- /dev/null +++ b/pki/base/util/src/com/netscape/cmsutil/ocsp/TBSRequest.java @@ -0,0 +1,204 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cmsutil.ocsp; + +import org.mozilla.jss.pkix.cert.Extension; +import org.mozilla.jss.asn1.*; +import java.io.*; + +/** + * RFC 2560: + * + * TBSRequest ::= SEQUENCE { + * version [0] EXPLICIT Version DEFAULT v1, + * requestorName [1] EXPLICIT GeneralName OPTIONAL, + * requestList SEQUENCE OF Request, + * requestExtensions [2] EXPLICIT Extensions OPTIONAL } + * + * $Revision: 14564 $ $Date: 2007-05-01 10:40:13 -0700 (Tue, 01 May 2007) $ + */ + +public class TBSRequest implements ASN1Value +{ + /////////////////////////////////////////////////////////////////////// + // members and member access + /////////////////////////////////////////////////////////////////////// + private static final INTEGER version = new INTEGER (1); + private ANY requestorName; + private SEQUENCE requestList; + private SEQUENCE requestExtensions; + private SEQUENCE sequence; + + public INTEGER getVersion() + { + return version; + } + + public ANY getRequestorName() + { + return requestorName; + } + + public int getRequestCount() + { + if( requestList == null ) { + return 0; + } else { + return requestList.size(); + } + } + + public Request getRequestAt(int index) + { + return (Request) requestList.elementAt(index); + } + + public int getExtensionsCount() + { + if( requestExtensions == null ) { + return 0; + } else { + return requestExtensions.size(); + } + } + + public Extension getRequestExtensionAt(int index) + { + return (Extension) requestExtensions.elementAt(index); + } + + /////////////////////////////////////////////////////////////////////// + // constructors + /////////////////////////////////////////////////////////////////////// + /* this code is probably broken - it doesn't do appropriate tagging */ + private TBSRequest() {} + + public TBSRequest(INTEGER version, ANY requestorName, + SEQUENCE requestList, SEQUENCE requestExtensions) + { + sequence = new SEQUENCE(); + + if (version != null) { + sequence.addElement (version); + } + + this.requestorName = requestorName; + if (requestorName != null) { + sequence.addElement (requestorName); + } + + this.requestList = requestList; + sequence.addElement (requestList); + + this.requestExtensions = requestExtensions; + if (requestExtensions != null) { + sequence.addElement (requestExtensions); + } + } + + /////////////////////////////////////////////////////////////////////// + // encode / decode + /////////////////////////////////////////////////////////////////////// + public static final Tag TAG = SEQUENCE.TAG; + + public Tag getTag() + { + return TAG; + } + + public void encode(OutputStream ostream) + throws IOException + { + encode(TAG, ostream); + } + + public void encode(Tag implicitTag, OutputStream ostream) + throws IOException + { + sequence.encode(implicitTag, ostream); + } + + private static final Template templateInstance = new Template(); + + public static Template getTemplate() + { + return templateInstance; + } + + /** + * A Template for decoding POPOSigningKey. + */ + public static class Template implements ASN1Template + { + + private SEQUENCE.Template seqt; + + public Template() + { + seqt = new SEQUENCE.Template(); + seqt.addElement( + new EXPLICIT.Template( + new Tag(0), new INTEGER.Template()), + new EXPLICIT( new Tag(0), new INTEGER(0)) + ); + seqt.addOptionalElement( + new EXPLICIT.Template( + new Tag (1), new ANY.Template()) ); + seqt.addElement( new SEQUENCE.OF_Template(new Request.Template()) ); + seqt.addOptionalElement(new EXPLICIT.Template(new Tag(2), + new SEQUENCE.OF_Template(new Extension.Template())) ); + } + + public boolean tagMatch(Tag tag) + { + return TAG.equals(tag); + } + + public ASN1Value decode(InputStream istream) + throws InvalidBERException, IOException + { + return decode(TAG, istream); + } + + public ASN1Value decode(Tag implicitTag, InputStream istream) + throws InvalidBERException, IOException + { + SEQUENCE seq = (SEQUENCE) seqt.decode(implicitTag, istream); + + EXPLICIT exts = (EXPLICIT) seq.elementAt(3); + SEQUENCE exts_seq; + if (exts != null) { + exts_seq = (SEQUENCE)exts.getContent(); + } else { + exts_seq = null; + } + + INTEGER v = (INTEGER) ((EXPLICIT)seq.elementAt(0)).getContent(); + ANY requestorname = null; + if (seq.elementAt(1) != null) { + requestorname = (ANY) ((EXPLICIT)seq.elementAt(1)).getContent(); + } + + return new TBSRequest( + v, + requestorname, + (SEQUENCE) seq.elementAt(2), + exts_seq); + } + } +} diff --git a/pki/base/util/src/com/netscape/cmsutil/ocsp/UnknownInfo.java b/pki/base/util/src/com/netscape/cmsutil/ocsp/UnknownInfo.java new file mode 100644 index 000000000..8e98e93ab --- /dev/null +++ b/pki/base/util/src/com/netscape/cmsutil/ocsp/UnknownInfo.java @@ -0,0 +1,95 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cmsutil.ocsp; + +import java.io.*; +import org.mozilla.jss.asn1.*; + +/** + * RFC 2560: + * + * UnknownInfo ::= NULL -- this can be replaced with an enumeration + * + * $Revision: 14564 $ $Date: 2007-05-01 10:40:13 -0700 (Tue, 01 May 2007) $ + */ +public class UnknownInfo implements CertStatus +{ + private static final Tag TAG = SEQUENCE.TAG; + + public UnknownInfo() + { + } + + public Tag getTag() + { + return Tag.get(2); + } + + public void encode(Tag t, OutputStream os) throws IOException + { + NULL.getInstance().encode(getTag(), os); + } + + public void encode(OutputStream os) throws IOException + { + encode(getTag(), os); + } + + private static final Template templateInstance = new Template(); + + public static Template getTemplate() { + return templateInstance; + } + + /** + * A Template for decoding <code>ResponseBytes</code>. + */ + public static class Template implements ASN1Template + { + + private SEQUENCE.Template seqt; + + public Template() + { +// seqt = new SEQUENCE.Template(); + // seqt.addElement(new NULL.Template() ); + + } + + public boolean tagMatch(Tag tag) + { + return TAG.equals(tag); + } + + public ASN1Value decode(InputStream istream) + throws InvalidBERException, IOException + { + return decode(TAG, istream); + } + + public ASN1Value decode(Tag implicitTag, InputStream istream) + throws InvalidBERException, IOException + { + // SEQUENCE seq = (SEQUENCE) seqt.decode(implicitTag, + // istream); + + return new UnknownInfo(); + + } + } +} |