diff options
Diffstat (limited to 'pki/base/util/src/netscape/security/x509/X509CertImpl.java')
-rwxr-xr-x | pki/base/util/src/netscape/security/x509/X509CertImpl.java | 866 |
1 files changed, 442 insertions, 424 deletions
diff --git a/pki/base/util/src/netscape/security/x509/X509CertImpl.java b/pki/base/util/src/netscape/security/x509/X509CertImpl.java index 16048d24b..bb1b441a0 100755 --- a/pki/base/util/src/netscape/security/x509/X509CertImpl.java +++ b/pki/base/util/src/netscape/security/x509/X509CertImpl.java @@ -53,41 +53,38 @@ import netscape.security.util.ObjectIdentifier; /** * The X509CertImpl class represents an X.509 certificate. These certificates - * are widely used to support authentication and other functionality in Internet - * security systems. Common applications include Privacy Enhanced Mail (PEM), - * Transport Layer Security (SSL), code signing for trusted software - * distribution, and Secure Electronic Transactions (SET). There is a commercial - * infrastructure ready to manage large scale deployments of X.509 identity - * certificates. - * - * <P> - * These certificates are managed and vouched for by <em>Certificate - * Authorities</em> (CAs). CAs are services which create certificates by placing - * data in the X.509 standard format and then digitally signing that data. Such - * signatures are quite difficult to forge. CAs act as trusted third parties, - * making introductions between agents who have no direct knowledge of each - * other. CA certificates are either signed by themselves, or by some other CA - * such as a "root" CA. - * - * <P> - * RFC 1422 is very informative, though it does not describe much of the recent - * work being done with X.509 certificates. That includes a 1996 version - * (X.509v3) and a variety of enhancements being made to facilitate an explosion - * of personal certificates used as "Internet Drivers' Licences", or with SET - * for credit card transactions. - * - * <P> - * More recent work includes the IETF PKIX Working Group efforts, especially - * part 1. - * + * are widely used to support authentication and other functionality in + * Internet security systems. Common applications include Privacy Enhanced + * Mail (PEM), Transport Layer Security (SSL), code signing for trusted + * software distribution, and Secure Electronic Transactions (SET). There + * is a commercial infrastructure ready to manage large scale deployments + * of X.509 identity certificates. + * + * <P>These certificates are managed and vouched for by <em>Certificate + * Authorities</em> (CAs). CAs are services which create certificates by + * placing data in the X.509 standard format and then digitally signing + * that data. Such signatures are quite difficult to forge. CAs act as + * trusted third parties, making introductions between agents who have no + * direct knowledge of each other. CA certificates are either signed by + * themselves, or by some other CA such as a "root" CA. + * + * <P>RFC 1422 is very informative, though it does not describe much + * of the recent work being done with X.509 certificates. That includes + * a 1996 version (X.509v3) and a variety of enhancements being made to + * facilitate an explosion of personal certificates used as "Internet + * Drivers' Licences", or with SET for credit card transactions. + * + * <P>More recent work includes the IETF PKIX Working Group efforts, + * especially part 1. + * * @author Dave Brownell * @author Amit Kapoor * @author Hemma Prafullchandra * @version 1.94 97/12/10 * @see X509CertInfo */ -public class X509CertImpl extends X509Certificate implements Serializable, - DerEncoder { +public class X509CertImpl extends X509Certificate +implements Serializable, DerEncoder { // Serialization compatibility with the X509CertImpl in x509v1.jar // supporting the subset of X509Certificate on JDK1.1.x platforms. static final long serialVersionUID = -2048442350420423405L; @@ -103,21 +100,25 @@ public class X509CertImpl extends X509Certificate implements Serializable, public static final String SIGNED_CERT = "signed_cert"; /** - * The following are defined for ease-of-use. These are the most frequently - * retrieved attributes. + * The following are defined for ease-of-use. These + * are the most frequently retrieved attributes. */ // x509.info.subject.dname - public static final String SUBJECT_DN = NAME + DOT + INFO + DOT - + X509CertInfo.SUBJECT + DOT + CertificateSubjectName.DN_NAME; + public static final String SUBJECT_DN = NAME + DOT + INFO + DOT + + X509CertInfo.SUBJECT + DOT + + CertificateSubjectName.DN_NAME; // x509.info.issuer.dname - public static final String ISSUER_DN = NAME + DOT + INFO + DOT - + X509CertInfo.ISSUER + DOT + CertificateIssuerName.DN_NAME; + public static final String ISSUER_DN = NAME + DOT + INFO + DOT + + X509CertInfo.ISSUER + DOT + + CertificateIssuerName.DN_NAME; // x509.info.serialNumber.number - public static final String SERIAL_ID = NAME + DOT + INFO + DOT - + X509CertInfo.SERIAL_NUMBER + DOT + CertificateSerialNumber.NUMBER; + public static final String SERIAL_ID = NAME + DOT + INFO + DOT + + X509CertInfo.SERIAL_NUMBER + DOT + + CertificateSerialNumber.NUMBER; // x509.info.key.value - public static final String PUBLIC_KEY = NAME + DOT + INFO + DOT - + X509CertInfo.KEY + DOT + CertificateX509Key.KEY; + public static final String PUBLIC_KEY = NAME + DOT + INFO + DOT + + X509CertInfo.KEY + DOT + + CertificateX509Key.KEY; // x509.algorithm public static final String SIG_ALG = NAME + DOT + ALG_ID; @@ -130,10 +131,10 @@ public class X509CertImpl extends X509Certificate implements Serializable, private boolean readOnly = false; // Certificate data, and its envelope - private byte[] signedCert; - protected X509CertInfo info = null; - protected AlgorithmId algId; - protected byte[] signature; + private byte[] signedCert; + protected X509CertInfo info = null; + protected AlgorithmId algId; + protected byte[] signature; // recognized extension OIDS private static final String KEY_USAGE_OID = "2.5.29.15"; @@ -142,110 +143,115 @@ public class X509CertImpl extends X509Certificate implements Serializable, /** * Default constructor. */ - public X509CertImpl() { - } + public X509CertImpl() { } /** - * Unmarshals a certificate from its encoded form, parsing the encoded - * bytes. This form of constructor is used by agents which need to examine - * and use certificate contents. That is, this is one of the more commonly - * used constructors. Note that the buffer must include only a certificate, - * and no "garbage" may be left at the end. If you need to ignore data at - * the end of a certificate, use another constructor. - * + * Unmarshals a certificate from its encoded form, parsing the + * encoded bytes. This form of constructor is used by agents which + * need to examine and use certificate contents. That is, this is + * one of the more commonly used constructors. Note that the buffer + * must include only a certificate, and no "garbage" may be left at + * the end. If you need to ignore data at the end of a certificate, + * use another constructor. + * * @param certData the encoded bytes, with no trailing padding. * @exception CertificateException on parsing and initialization errors. */ - public X509CertImpl(byte[] certData) throws CertificateException { - this(certData, null); + public X509CertImpl(byte[] certData) + throws CertificateException { + this(certData,null); } - /** - * As a special optimization, this constructor acts as X509CertImpl(byte[]) - * except that it takes an X509CertInfo which it uses as a 'hint' for how to - * construct one field. - * - * @param certData the encode bytes, with no traiing padding - * @param certInfo the certInfo which has already been constructed from the - * certData - */ + /** + * As a special optimization, this constructor acts as X509CertImpl(byte[]) + * except that it takes an X509CertInfo which it uses as a 'hint' for + * how to construct one field. + * + * @param certData the encode bytes, with no traiing padding + * @param certInfo the certInfo which has already been constructed + * from the certData + */ public X509CertImpl(byte[] certData, X509CertInfo certInfo) - throws CertificateException { + throws CertificateException { - // setting info here causes it to skip decoding in the parse() - // method - info = certInfo; + // setting info here causes it to skip decoding in the parse() + // method + info = certInfo; try { - DerValue in = new DerValue(certData); + DerValue in = new DerValue(certData); parse(in); signedCert = certData; } catch (IOException e) { - throw new CertificateException("Unable to initialize, " + e); + throw new CertificateException("Unable to initialize, " + e); } - } + } /** * unmarshals an X.509 certificate from an input stream. - * + * * @param in an input stream holding at least one certificate * @exception CertificateException on parsing and initialization errors. */ - public X509CertImpl(InputStream in) throws CertificateException { + public X509CertImpl(InputStream in) + throws CertificateException { try { - DerValue val = new DerValue(in); + DerValue val = new DerValue(in); parse(val); signedCert = val.toByteArray(); } catch (IOException e) { - throw new CertificateException("Unable to initialize, " + e); + throw new CertificateException("Unable to initialize, " + e); } } /** - * Construct an initialized X509 Certificate. The certificate is stored in - * raw form and has to be signed to be useful. - * + * Construct an initialized X509 Certificate. The certificate is stored + * in raw form and has to be signed to be useful. + * * @param certInfo the X509CertificateInfo which the Certificate is to be - * created from. + * created from. */ public X509CertImpl(X509CertInfo certInfo) { this.info = certInfo; } /** - * Unmarshal a certificate from its encoded form, parsing a DER value. This - * form of constructor is used by agents which need to examine and use - * certificate contents. - * + * Unmarshal a certificate from its encoded form, parsing a DER value. + * This form of constructor is used by agents which need to examine + * and use certificate contents. + * * @param derVal the der value containing the encoded cert. * @exception CertificateException on parsing and initialization errors. */ - public X509CertImpl(DerValue derVal) throws CertificateException { + public X509CertImpl(DerValue derVal) + throws CertificateException { try { parse(derVal); signedCert = derVal.toByteArray(); } catch (IOException e) { - throw new CertificateException("Unable to initialize, " + e); + throw new CertificateException("Unable to initialize, " + e); } } - public boolean hasUnsupportedCriticalExtension() { - // XXX NOT IMPLEMENTED - return true; + public boolean hasUnsupportedCriticalExtension() + { + // XXX NOT IMPLEMENTED + return true; } /** * Decode an X.509 certificate from an input stream. - * + * * @param in an input stream holding at least one certificate * @exception CertificateException on parsing errors. * @exception IOException on other errors. */ - public void decode(InputStream in) throws CertificateException, IOException { - DerValue val = new DerValue(in); + public void decode(InputStream in) + throws CertificateException, IOException { + DerValue val = new DerValue(in); parse(val); signedCert = val.toByteArray(); @@ -253,13 +259,15 @@ public class X509CertImpl extends X509Certificate implements Serializable, /** * Appends the certificate to an output stream. - * + * * @param out an input stream to which the certificate is appended. * @exception CertificateEncodingException on encoding errors. */ - public void encode(OutputStream out) throws CertificateEncodingException { + public void encode(OutputStream out) + throws CertificateEncodingException { if (signedCert == null) - throw new CertificateEncodingException("Null certificate to encode"); + throw new CertificateEncodingException( + "Null certificate to encode"); try { out.write(signedCert); } catch (IOException e) { @@ -268,30 +276,33 @@ public class X509CertImpl extends X509Certificate implements Serializable, } /** - * DER encode this object onto an output stream. Implements the - * <code>DerEncoder</code> interface. - * - * @param out the output stream on which to write the DER encoding. - * + * DER encode this object onto an output stream. + * Implements the <code>DerEncoder</code> interface. + * + * @param out + * the output stream on which to write the DER encoding. + * * @exception IOException on encoding error. */ - public void derEncode(OutputStream out) throws IOException { + public void derEncode (OutputStream out) throws IOException { if (signedCert == null) throw new IOException("Null certificate to encode"); - out.write(signedCert); + out.write(signedCert); } /** - * Returns the encoded form of this certificate. It is assumed that each - * certificate type would have only a single form of encoding; for example, - * X.509 certificates would be encoded as ASN.1 DER. - * + * Returns the encoded form of this certificate. It is + * assumed that each certificate type would have only a single + * form of encoding; for example, X.509 certificates would + * be encoded as ASN.1 DER. + * * @exception CertificateEncodingException if an encoding error occurs. */ public byte[] getEncoded() throws CertificateEncodingException { if (signedCert == null) - throw new CertificateEncodingException("Null certificate to encode"); + throw new CertificateEncodingException( + "Null certificate to encode"); byte[] dup = new byte[signedCert.length]; System.arraycopy(signedCert, 0, dup, 0, dup.length); return dup; @@ -299,48 +310,50 @@ public class X509CertImpl extends X509Certificate implements Serializable, /** * Throws an exception if the certificate was not signed using the - * verification key provided. Successfully verifying a certificate does - * <em>not</em> indicate that one should trust the entity which it - * represents. - * + * verification key provided. Successfully verifying a certificate + * does <em>not</em> indicate that one should trust the entity which + * it represents. + * * @param key the public key used for verification. - * + * * @exception InvalidKeyException on incorrect key. - * @exception NoSuchAlgorithmException on unsupported signature algorithms. + * @exception NoSuchAlgorithmException on unsupported signature + * algorithms. * @exception NoSuchProviderException if there's no default provider. * @exception SignatureException on signature errors. * @exception CertificateException on encoding errors. */ - public void verify(PublicKey key) throws CertificateException, - NoSuchAlgorithmException, InvalidKeyException, - NoSuchProviderException, SignatureException { + public void verify(PublicKey key) + throws CertificateException, NoSuchAlgorithmException, + InvalidKeyException, NoSuchProviderException, SignatureException { verify(key, null); } /** * Throws an exception if the certificate was not signed using the - * verification key provided. Successfully verifying a certificate does - * <em>not</em> indicate that one should trust the entity which it - * represents. - * + * verification key provided. Successfully verifying a certificate + * does <em>not</em> indicate that one should trust the entity which + * it represents. + * * @param key the public key used for verification. * @param sigProvider the name of the provider. - * - * @exception NoSuchAlgorithmException on unsupported signature algorithms. + * + * @exception NoSuchAlgorithmException on unsupported signature + * algorithms. * @exception InvalidKeyException on incorrect key. * @exception NoSuchProviderException on incorrect provider. * @exception SignatureException on signature errors. * @exception CertificateException on encoding errors. */ public void verify(PublicKey key, String sigProvider) - throws CertificateException, NoSuchAlgorithmException, - InvalidKeyException, NoSuchProviderException, SignatureException { + throws CertificateException, NoSuchAlgorithmException, + InvalidKeyException, NoSuchProviderException, SignatureException { if (signedCert == null) { throw new CertificateEncodingException("Uninitialized certificate"); } // Verify the signature ... - Signature sigVerf = null; + Signature sigVerf = null; sigVerf = Signature.getInstance(algId.getName(), sigProvider); sigVerf.initVerify(key); @@ -354,49 +367,51 @@ public class X509CertImpl extends X509Certificate implements Serializable, } /** - * Creates an X.509 certificate, and signs it using the key passed - * (associating a signature algorithm and an X.500 name). This operation is - * used to implement the certificate generation functionality of a - * certificate authority. - * + * Creates an X.509 certificate, and signs it using the key + * passed (associating a signature algorithm and an X.500 name). + * This operation is used to implement the certificate generation + * functionality of a certificate authority. + * * @param key the private key used for signing. * @param algorithm the name of the signature algorithm used. - * + * * @exception InvalidKeyException on incorrect key. - * @exception NoSuchAlgorithmException on unsupported signature algorithms. + * @exception NoSuchAlgorithmException on unsupported signature + * algorithms. * @exception NoSuchProviderException if there's no default provider. * @exception SignatureException on signature errors. * @exception CertificateException on encoding errors. */ public void sign(PrivateKey key, String algorithm) - throws CertificateException, NoSuchAlgorithmException, - InvalidKeyException, NoSuchProviderException, SignatureException { + throws CertificateException, NoSuchAlgorithmException, + InvalidKeyException, NoSuchProviderException, SignatureException { sign(key, algorithm, null); } /** - * Creates an X.509 certificate, and signs it using the key passed - * (associating a signature algorithm and an X.500 name). This operation is - * used to implement the certificate generation functionality of a - * certificate authority. - * + * Creates an X.509 certificate, and signs it using the key + * passed (associating a signature algorithm and an X.500 name). + * This operation is used to implement the certificate generation + * functionality of a certificate authority. + * * @param key the private key used for signing. * @param algorithm the name of the signature algorithm used. * @param provider the name of the provider. - * - * @exception NoSuchAlgorithmException on unsupported signature algorithms. + * + * @exception NoSuchAlgorithmException on unsupported signature + * algorithms. * @exception InvalidKeyException on incorrect key. * @exception NoSuchProviderException on incorrect provider. * @exception SignatureException on signature errors. * @exception CertificateException on encoding errors. */ public void sign(PrivateKey key, String algorithm, String provider) - throws CertificateException, NoSuchAlgorithmException, - InvalidKeyException, NoSuchProviderException, SignatureException { + throws CertificateException, NoSuchAlgorithmException, + InvalidKeyException, NoSuchProviderException, SignatureException { try { if (readOnly) throw new CertificateEncodingException( - "cannot over-write existing certificate"); + "cannot over-write existing certificate"); Signature sigEngine = null; if (provider == null) sigEngine = Signature.getInstance(algorithm); @@ -405,7 +420,7 @@ public class X509CertImpl extends X509Certificate implements Serializable, sigEngine.initSign(key); - // in case the name is reset + // in case the name is reset algId = AlgorithmId.get(sigEngine.getAlgorithm()); DerOutputStream out = new DerOutputStream(); @@ -430,45 +445,44 @@ public class X509CertImpl extends X509Certificate implements Serializable, } catch (IOException e) { throw new CertificateEncodingException(e.toString()); - } + } } /** - * Checks that the certificate is currently valid, i.e. the current time is - * within the specified validity period. - * + * Checks that the certificate is currently valid, i.e. the current + * time is within the specified validity period. + * * @exception CertificateExpiredException if the certificate has expired. - * @exception CertificateNotYetValidException if the certificate is not yet - * valid. + * @exception CertificateNotYetValidException if the certificate is not + * yet valid. */ - public void checkValidity() throws CertificateExpiredException, - CertificateNotYetValidException { + public void checkValidity() + throws CertificateExpiredException, CertificateNotYetValidException { Date date = new Date(); checkValidity(date); } /** - * Checks that the specified date is within the certificate's validity - * period, or basically if the certificate would be valid at the specified - * date/time. - * - * @param date the Date to check against to see if this certificate is valid - * at that date/time. - * + * Checks that the specified date is within the certificate's + * validity period, or basically if the certificate would be + * valid at the specified date/time. + * + * @param date the Date to check against to see if this certificate + * is valid at that date/time. + * * @exception CertificateExpiredException if the certificate has expired - * with respect to the <code>date</code> supplied. - * @exception CertificateNotYetValidException if the certificate is not yet - * valid with respect to the <code>date</code> supplied. + * with respect to the <code>date</code> supplied. + * @exception CertificateNotYetValidException if the certificate is not + * yet valid with respect to the <code>date</code> supplied. */ - public void checkValidity(Date date) throws CertificateExpiredException, - CertificateNotYetValidException { + public void checkValidity(Date date) + throws CertificateExpiredException, CertificateNotYetValidException { CertificateValidity interval = null; try { - interval = (CertificateValidity) info.get(CertificateValidity.NAME); + interval = (CertificateValidity)info.get(CertificateValidity.NAME); } catch (Exception e) { - throw new CertificateNotYetValidException( - "Incorrect validity period"); + throw new CertificateNotYetValidException("Incorrect validity period"); } if (interval == null) throw new CertificateNotYetValidException("Null validity period"); @@ -477,17 +491,18 @@ public class X509CertImpl extends X509Certificate implements Serializable, /** * Return the requested attribute from the certificate. - * + * * @param name the name of the attribute. * @exception CertificateParsingException on invalid attribute identifier. */ - public Object get(String name) throws CertificateParsingException { + public Object get(String name) + throws CertificateParsingException { X509AttributeName attr = new X509AttributeName(name); String id = attr.getPrefix(); if (!(id.equalsIgnoreCase(NAME))) { throw new CertificateParsingException("Invalid root of " - + "attribute name, expected [" + NAME + "], received " - + "[" + id + "]"); + + "attribute name, expected [" + NAME + + "], received " + "[" + id + "]"); } attr = new X509AttributeName(attr.getSuffix()); id = attr.getPrefix(); @@ -495,96 +510,98 @@ public class X509CertImpl extends X509Certificate implements Serializable, if (id.equalsIgnoreCase(INFO)) { if (attr.getSuffix() != null) { try { - return info.get(attr.getSuffix()); + return info.get(attr.getSuffix()); } catch (IOException e) { throw new CertificateParsingException(e.toString()); } catch (CertificateException e) { throw new CertificateParsingException(e.toString()); } } else { - return (info); + return(info); } } else if (id.equalsIgnoreCase(ALG_ID)) { - return (algId); + return(algId); } else if (id.equalsIgnoreCase(SIGNATURE)) { - return (signature); + return(signature); } else if (id.equalsIgnoreCase(SIGNED_CERT)) { - return (signedCert); + return(signedCert); } else { throw new CertificateParsingException("Attribute name not " - + "recognized or get() not allowed for the same: " + id); + + "recognized or get() not allowed for the same: " + id); } } /** * Set the requested attribute in the certificate. - * + * * @param name the name of the attribute. * @param obj the value of the attribute. * @exception CertificateException on invalid attribute identifier. * @exception IOException on encoding error of attribute. */ - public void set(String name, Object obj) throws CertificateException, - IOException { + public void set(String name, Object obj) + throws CertificateException, IOException { // check if immutable if (readOnly) throw new CertificateException("cannot over-write existing" - + " certificate"); + + " certificate"); X509AttributeName attr = new X509AttributeName(name); String id = attr.getPrefix(); if (!(id.equalsIgnoreCase(NAME))) { throw new CertificateException("Invalid root of attribute name," - + " expected [" + NAME + "], received " + id); + + " expected [" + NAME + "], received " + id); } attr = new X509AttributeName(attr.getSuffix()); id = attr.getPrefix(); if (id.equalsIgnoreCase(INFO)) { if (attr.getSuffix() == null) { - if (!(obj instanceof X509CertInfo)) { - throw new CertificateException("Attribute value should" - + " be of type X509CertInfo."); - } - info = (X509CertInfo) obj; - signedCert = null; // reset this as certificate data has changed + if (!(obj instanceof X509CertInfo)) { + throw new CertificateException("Attribute value should" + + " be of type X509CertInfo."); + } + info = (X509CertInfo)obj; + signedCert = null; //reset this as certificate data has changed } else { - info.set(attr.getSuffix(), obj); - signedCert = null; // reset this as certificate data has changed + info.set(attr.getSuffix(), obj); + signedCert = null; //reset this as certificate data has changed } } else { - throw new CertificateException("Attribute name not recognized or " - + "set() not allowed for the same: " + id); + throw new CertificateException("Attribute name not recognized or " + + "set() not allowed for the same: " + id); } } /** * Delete the requested attribute from the certificate. - * + * * @param name the name of the attribute. * @exception CertificateException on invalid attribute identifier. * @exception IOException on other errors. */ - public void delete(String name) throws CertificateException, IOException { + public void delete(String name) + throws CertificateException, IOException { // check if immutable if (readOnly) throw new CertificateException("cannot over-write existing" - + " certificate"); + + " certificate"); X509AttributeName attr = new X509AttributeName(name); String id = attr.getPrefix(); if (!(id.equalsIgnoreCase(NAME))) { throw new CertificateException("Invalid root of attribute name," - + " expected [" + NAME + "], received " + id); + + " expected [" + + NAME + "], received " + id); } attr = new X509AttributeName(attr.getSuffix()); id = attr.getPrefix(); if (id.equalsIgnoreCase(INFO)) { if (attr.getSuffix() != null) { - info = null; + info = null; } else { - info.delete(attr.getSuffix()); + info.delete(attr.getSuffix()); } } else if (id.equalsIgnoreCase(ALG_ID)) { algId = null; @@ -593,8 +610,8 @@ public class X509CertImpl extends X509Certificate implements Serializable, } else if (id.equalsIgnoreCase(SIGNED_CERT)) { signedCert = null; } else { - throw new CertificateException("Attribute name not recognized or " - + "delete() not allowed for the same: " + id); + throw new CertificateException("Attribute name not recognized or " + + "delete() not allowed for the same: " + id); } } @@ -609,21 +626,21 @@ public class X509CertImpl extends X509Certificate implements Serializable, elements.addElement(NAME + DOT + SIGNATURE); elements.addElement(NAME + DOT + SIGNED_CERT); - return (elements.elements()); + return(elements.elements()); } /** * Return the name of this attribute. */ public String getName() { - return (NAME); + return(NAME); } /** - * Returns a printable representation of the certificate. This does not - * contain all the information available to distinguish this from any other - * certificate. The certificate must be fully constructed before this - * function may be called. + * Returns a printable representation of the certificate. This does not + * contain all the information available to distinguish this from any + * other certificate. The certificate must be fully constructed + * before this function may be called. */ public String toString() { if (info == null || algId == null || signature == null) @@ -635,9 +652,9 @@ public class X509CertImpl extends X509Certificate implements Serializable, sb.append(info.toString() + "\n"); sb.append(" Algorithm: [" + algId.toString() + "]\n"); - netscape.security.util.PrettyPrintFormat pp = new netscape.security.util.PrettyPrintFormat( - " ", 20); - String signaturebits = pp.toHexString(signature); + netscape.security.util.PrettyPrintFormat pp = + new netscape.security.util.PrettyPrintFormat(" ", 20); + String signaturebits = pp.toHexString(signature); sb.append(" Signature:\n" + signaturebits); sb.append("]"); @@ -648,143 +665,144 @@ public class X509CertImpl extends X509Certificate implements Serializable, /** * Gets the publickey from this certificate. - * + * * @return the publickey. */ public PublicKey getPublicKey() { if (info == null) return null; - try { - PublicKey key = (PublicKey) info.get(CertificateX509Key.NAME + DOT - + CertificateX509Key.KEY); - return key; + try { + PublicKey key = (PublicKey)info.get(CertificateX509Key.NAME + + DOT + CertificateX509Key.KEY); + return key; } catch (Exception e) { - return null; - } + return null; + } } /** * Gets the version number from the certificate. - * + * * @return the version number. */ public int getVersion() { if (info == null) return -1; - try { - int vers = ((Integer) info.get(CertificateVersion.NAME + DOT - + CertificateVersion.VERSION)).intValue(); - return vers; + try { + int vers = ((Integer)info.get(CertificateVersion.NAME + + DOT + CertificateVersion.VERSION)).intValue(); + return vers; } catch (Exception e) { return -1; - } + } } /** * Gets the serial number from the certificate. - * + * * @return the serial number. */ public BigInteger getSerialNumber() { if (info == null) return null; - try { - SerialNumber ser = (SerialNumber) info - .get(CertificateSerialNumber.NAME + DOT - + CertificateSerialNumber.NUMBER); - return ((BigInt) ser.getNumber()).toBigInteger(); + try { + SerialNumber ser = (SerialNumber)info.get( + CertificateSerialNumber.NAME + DOT + + CertificateSerialNumber.NUMBER); + return ((BigInt)ser.getNumber()).toBigInteger(); } catch (Exception e) { return null; - } + } } /** * Gets the subject distinguished name from the certificate. - * + * * @return the subject name. */ public Principal getSubjectDN() { if (info == null) return null; - try { - Principal subject = (Principal) info - .get(CertificateSubjectName.NAME + DOT - + CertificateSubjectName.DN_NAME); - return subject; + try { + Principal subject = (Principal)info.get( + CertificateSubjectName.NAME + DOT + + CertificateSubjectName.DN_NAME); + return subject; } catch (Exception e) { return null; - } + } } /** * Gets the issuer distinguished name from the certificate. - * + * * @return the issuer name. */ public Principal getIssuerDN() { if (info == null) return null; - try { - Principal issuer = (Principal) info.get(CertificateIssuerName.NAME - + DOT + CertificateIssuerName.DN_NAME); - return issuer; + try { + Principal issuer = (Principal)info.get( + CertificateIssuerName.NAME + DOT + + CertificateIssuerName.DN_NAME); + return issuer; } catch (Exception e) { return null; - } + } } /** * Gets the notBefore date from the validity period of the certificate. - * + * * @return the start date of the validity period. */ public Date getNotBefore() { if (info == null) return null; - try { - Date d = (Date) info.get(CertificateValidity.NAME + DOT - + CertificateValidity.NOT_BEFORE); - return d; + try { + Date d = (Date) info.get(CertificateValidity.NAME + DOT + + CertificateValidity.NOT_BEFORE); + return d; } catch (Exception e) { return null; - } + } } /** * Gets the notAfter date from the validity period of the certificate. - * + * * @return the end date of the validity period. */ public Date getNotAfter() { if (info == null) return null; - try { - Date d = (Date) info.get(CertificateValidity.NAME + DOT - + CertificateValidity.NOT_AFTER); - return d; + try { + Date d = (Date) info.get(CertificateValidity.NAME + DOT + + CertificateValidity.NOT_AFTER); + return d; } catch (Exception e) { return null; - } + } } /** * Gets the DER encoded certificate informations, the - * <code>tbsCertificate</code> from this certificate. This can be used to - * verify the signature independently. - * + * <code>tbsCertificate</code> from this certificate. + * This can be used to verify the signature independently. + * * @return the DER encoded certificate information. * @exception CertificateEncodingException if an encoding error occurs. */ public byte[] getTBSCertificate() throws CertificateEncodingException { if (info != null) { - return info.getEncodedInfo(); + return info.getEncodedInfo(); } else throw new CertificateEncodingException("Uninitialized certificate"); } /** * Gets the raw Signature bits from the certificate. - * + * * @return the signature. */ public byte[] getSignature() { @@ -796,173 +814,172 @@ public class X509CertImpl extends X509Certificate implements Serializable, } /** - * Gets the signature algorithm name for the certificate signature - * algorithm. For example, the string "SHA-1/DSA" or "DSS". - * + * Gets the signature algorithm name for the certificate + * signature algorithm. + * For example, the string "SHA-1/DSA" or "DSS". + * * @return the signature algorithm name. */ public String getSigAlgName() { if (algId == null) return null; - return (algId.getName()); + return (algId.getName()); } /** - * Gets the signature algorithm OID string from the certificate. For - * example, the string "1.2.840.10040.4.3" - * + * Gets the signature algorithm OID string from the certificate. + * For example, the string "1.2.840.10040.4.3" + * * @return the signature algorithm oid string. */ public String getSigAlgOID() { if (algId == null) return null; - ObjectIdentifier oid = algId.getOID(); - return (oid.toString()); + ObjectIdentifier oid = algId.getOID(); + return (oid.toString()); } /** * Gets the DER encoded signature algorithm parameters from this * certificate's signature algorithm. - * - * @return the DER encoded signature algorithm parameters, or null if no - * parameters are present. + * + * @return the DER encoded signature algorithm parameters, or + * null if no parameters are present. */ public byte[] getSigAlgParams() { if (algId == null) return null; - try { - return algId.getEncodedParams(); - } catch (IOException e) { + try { + return algId.getEncodedParams(); + } catch (IOException e) { return null; - } + } } /** * Gets the Issuer Unique Identity from the certificate. - * + * * @return the Issuer Unique Identity. */ public boolean[] getIssuerUniqueID() { if (info == null) return null; - try { - UniqueIdentity id = (UniqueIdentity) info - .get(CertificateIssuerUniqueIdentity.NAME + DOT - + CertificateIssuerUniqueIdentity.ID); + try { + UniqueIdentity id = (UniqueIdentity)info.get( + CertificateIssuerUniqueIdentity.NAME + + DOT + CertificateIssuerUniqueIdentity.ID); if (id == null) return null; else return (id.getId()); } catch (Exception e) { return null; - } + } } /** * Gets the Subject Unique Identity from the certificate. - * + * * @return the Subject Unique Identity. */ public boolean[] getSubjectUniqueID() { if (info == null) return null; - try { - UniqueIdentity id = (UniqueIdentity) info - .get(CertificateSubjectUniqueIdentity.NAME + DOT - + CertificateSubjectUniqueIdentity.ID); + try { + UniqueIdentity id = (UniqueIdentity)info.get( + CertificateSubjectUniqueIdentity.NAME + + DOT + CertificateSubjectUniqueIdentity.ID); if (id == null) return null; else return (id.getId()); } catch (Exception e) { return null; - } + } } /** - * Gets a Set of the extension(s) marked CRITICAL in the certificate by OID - * strings. - * - * @return a set of the extension oid strings in the certificate that are - * marked critical. + * Gets a Set of the extension(s) marked CRITICAL in the + * certificate by OID strings. + * + * @return a set of the extension oid strings in the + * certificate that are marked critical. */ public Set getCriticalExtensionOIDs() { if (info == null) return null; - try { - CertificateExtensions exts = (CertificateExtensions) info - .get(CertificateExtensions.NAME); - if (exts == null) + try { + CertificateExtensions exts = (CertificateExtensions)info.get( + CertificateExtensions.NAME); + if (exts == null) return null; Set<String> extSet = new TreeSet(); Extension ex; - for (Enumeration e = exts.getElements(); e.hasMoreElements();) { - ex = (Extension) e.nextElement(); - if (ex.isCritical()) - extSet.add(((ObjectIdentifier) ex.getExtensionId()) - .toString()); - } + for (Enumeration e = exts.getElements(); e.hasMoreElements(); ) { + ex = (Extension)e.nextElement(); + if (ex.isCritical()) + extSet.add(((ObjectIdentifier)ex.getExtensionId()).toString()); + } return extSet; } catch (Exception e) { return null; - } + } } /** - * Gets a Set of the extension(s) marked NON-CRITICAL in the certificate by - * OID strings. - * - * @return a set of the extension oid strings in the certificate that are - * NOT marked critical. + * Gets a Set of the extension(s) marked NON-CRITICAL in the + * certificate by OID strings. + * + * @return a set of the extension oid strings in the + * certificate that are NOT marked critical. */ public Set getNonCriticalExtensionOIDs() { if (info == null) return null; - try { - CertificateExtensions exts = (CertificateExtensions) info - .get(CertificateExtensions.NAME); - if (exts == null) + try { + CertificateExtensions exts = (CertificateExtensions)info.get( + CertificateExtensions.NAME); + if (exts == null) return null; Set extSet = new TreeSet(); Extension ex; - for (Enumeration e = exts.getElements(); e.hasMoreElements();) { - ex = (Extension) e.nextElement(); - if (!ex.isCritical()) - extSet.add(((ObjectIdentifier) ex.getExtensionId()) - .toString()); - } + for (Enumeration e = exts.getElements(); e.hasMoreElements(); ) { + ex = (Extension)e.nextElement(); + if ( ! ex.isCritical()) + extSet.add(((ObjectIdentifier)ex.getExtensionId()).toString()); + } return extSet; } catch (Exception e) { return null; - } + } } public Extension getExtension(String oid) { try { - CertificateExtensions exts = (CertificateExtensions) info - .get(CertificateExtensions.NAME); - if (exts == null) - return null; - ObjectIdentifier findOID = new ObjectIdentifier(oid); - Extension ex = null; - ; - ObjectIdentifier inCertOID; - for (Enumeration e = exts.getElements(); e.hasMoreElements();) { - ex = (Extension) e.nextElement(); - inCertOID = ex.getExtensionId(); - if (inCertOID.equals(findOID)) { - return ex; - } - } + CertificateExtensions exts = (CertificateExtensions)info.get( + CertificateExtensions.NAME); + if (exts == null) + return null; + ObjectIdentifier findOID = new ObjectIdentifier(oid); + Extension ex = null;; + ObjectIdentifier inCertOID; + for (Enumeration e=exts.getElements(); e.hasMoreElements();) { + ex = (Extension)e.nextElement(); + inCertOID = ex.getExtensionId(); + if (inCertOID.equals(findOID)) { + return ex; + } + } } catch (Exception e) { - } + } return null; } /** - * Gets the DER encoded extension identified by the passed in oid String. - * + * Gets the DER encoded extension identified by the passed + * in oid String. + * * @param oid the Object Identifier value for the extension. */ public byte[] getExtensionValue(String oid) { @@ -972,34 +989,33 @@ public class X509CertImpl extends X509Certificate implements Serializable, if (extAlias == null) { // may be unknown // get the extensions, search thru' for this oid - CertificateExtensions exts = (CertificateExtensions) info - .get(CertificateExtensions.NAME); - if (exts == null) - return null; - - ObjectIdentifier findOID = new ObjectIdentifier(oid); - Extension ex = null; - ; - ObjectIdentifier inCertOID; - for (Enumeration e = exts.getElements(); e.hasMoreElements();) { - ex = (Extension) e.nextElement(); - inCertOID = ex.getExtensionId(); - if (inCertOID.equals(findOID)) { - certExt = ex; - break; - } - } + CertificateExtensions exts = (CertificateExtensions)info.get( + CertificateExtensions.NAME); + if (exts == null) + return null; + + ObjectIdentifier findOID = new ObjectIdentifier(oid); + Extension ex = null;; + ObjectIdentifier inCertOID; + for (Enumeration e=exts.getElements(); e.hasMoreElements();) { + ex = (Extension)e.nextElement(); + inCertOID = ex.getExtensionId(); + if (inCertOID.equals(findOID)) { + certExt = ex; + break; + } + } } else { // there's sub-class that can handle this extension - certExt = (Extension) this.get(extAlias); + certExt = (Extension)this.get(extAlias); } if (certExt == null) - return null; + return null; byte[] extData = certExt.getExtensionValue(); if (extData == null) return null; - DerOutputStream out = new DerOutputStream(); - out.putOctetString(extData); + DerOutputStream out = new DerOutputStream(); + out.putOctetString(extData); return out.toByteArray(); } catch (Exception e) { return null; @@ -1007,20 +1023,19 @@ public class X509CertImpl extends X509Certificate implements Serializable, } /** - * Get a boolean array representing the bits of the KeyUsage extension, (oid - * = 2.5.29.15). - * + * Get a boolean array representing the bits of the KeyUsage extension, + * (oid = 2.5.29.15). * @return the bit values of this extension as an array of booleans. */ public boolean[] getKeyUsage() { try { - String extAlias = OIDMap - .getName(new ObjectIdentifier(KEY_USAGE_OID)); - if (extAlias == null) + String extAlias = OIDMap.getName(new ObjectIdentifier( + KEY_USAGE_OID)); + if (extAlias == null) return null; - KeyUsageExtension certExt = (KeyUsageExtension) this.get(extAlias); - if (certExt == null) + KeyUsageExtension certExt = (KeyUsageExtension)this.get(extAlias); + if (certExt == null) return null; return certExt.getBits(); @@ -1030,26 +1045,25 @@ public class X509CertImpl extends X509Certificate implements Serializable, } /** - * Get the certificate constraints path length from the the critical - * BasicConstraints extension, (oid = 2.5.29.19). - * + * Get the certificate constraints path length from the + * the critical BasicConstraints extension, (oid = 2.5.29.19). * @return the length of the constraint. */ public int getBasicConstraints() { try { - String extAlias = OIDMap.getName(new ObjectIdentifier( - BASIC_CONSTRAINT_OID)); - if (extAlias == null) + String extAlias = OIDMap.getName(new ObjectIdentifier( + BASIC_CONSTRAINT_OID)); + if (extAlias == null) return -1; - BasicConstraintsExtension certExt = (BasicConstraintsExtension) this - .get(extAlias); - if (certExt == null) + BasicConstraintsExtension certExt = + (BasicConstraintsExtension)this.get(extAlias); + if (certExt == null) return -1; - if (((Boolean) certExt.get(BasicConstraintsExtension.IS_CA)) - .booleanValue() == true) - return ((Integer) certExt - .get(BasicConstraintsExtension.PATH_LEN)).intValue(); + if (((Boolean)certExt.get(BasicConstraintsExtension.IS_CA) + ).booleanValue() == true) + return ((Integer)certExt.get( + BasicConstraintsExtension.PATH_LEN)).intValue(); else return -1; } catch (Exception e) { @@ -1061,17 +1075,16 @@ public class X509CertImpl extends X509Certificate implements Serializable, boolean isCA = false; try { String extAlias = OIDMap.getName(new ObjectIdentifier( - BASIC_CONSTRAINT_OID)); + BASIC_CONSTRAINT_OID)); if (extAlias == null) return false; - BasicConstraintsExtension certExt = (BasicConstraintsExtension) this - .get(extAlias); + BasicConstraintsExtension certExt = + (BasicConstraintsExtension)this.get(extAlias); if (certExt == null) return false; - isCA = ((Boolean) certExt.get(BasicConstraintsExtension.IS_CA)) - .booleanValue(); + isCA = ((Boolean)certExt.get(BasicConstraintsExtension.IS_CA)).booleanValue(); } catch (Exception e) { return false; } @@ -1082,21 +1095,22 @@ public class X509CertImpl extends X509Certificate implements Serializable, /* * Cert is a SIGNED ASN.1 macro, a three elment sequence: - * - * - Data to be signed (ToBeSigned) -- the "raw" cert - Signature algorithm - * (SigAlgId) - The signature bits - * - * This routine unmarshals the certificate, saving the signature parts away - * for later verification. + * + * - Data to be signed (ToBeSigned) -- the "raw" cert + * - Signature algorithm (SigAlgId) + * - The signature bits + * + * This routine unmarshals the certificate, saving the signature + * parts away for later verification. */ private void parse(DerValue val) throws CertificateException, IOException { // check if can over write the certificate if (readOnly) throw new CertificateParsingException( - "cannot over-write existing certificate"); + "cannot over-write existing certificate"); readOnly = true; - DerValue seq[] = new DerValue[3]; + DerValue seq[] = new DerValue[3]; seq[0] = val.data.getDerValue(); seq[1] = val.data.getDerValue(); @@ -1104,7 +1118,7 @@ public class X509CertImpl extends X509Certificate implements Serializable, if (val.data.available() != 0) { throw new CertificateParsingException("signed overrun, bytes = " - + val.data.available()); + + val.data.available()); } if (seq[0].tag != DerValue.tag_Sequence) { throw new CertificateParsingException("signed fields invalid"); @@ -1120,27 +1134,28 @@ public class X509CertImpl extends X509Certificate implements Serializable, throw new CertificateParsingException("signed fields overrun"); // The CertificateInfo - if (info == null) { - info = new X509CertInfo(seq[0]); - } + if (info == null) { + info = new X509CertInfo(seq[0]); + } } /** - * Serialization write ... X.509 certificates serialize as themselves, and - * they're parsed when they get read back. (Actually they serialize as some - * type data from the serialization subsystem, then the cert data.) + * Serialization write ... X.509 certificates serialize as + * themselves, and they're parsed when they get read back. + * (Actually they serialize as some type data from the + * serialization subsystem, then the cert data.) */ private synchronized void writeObject(ObjectOutputStream stream) - throws CertificateException, IOException { + throws CertificateException, IOException { encode(stream); } /** - * Serialization read ... X.509 certificates serialize as themselves, and - * they're parsed when they get read back. + * Serialization read ... X.509 certificates serialize as + * themselves, and they're parsed when they get read back. */ private synchronized void readObject(ObjectInputStream stream) - throws CertificateException, IOException { + throws CertificateException, IOException { decode(stream); } @@ -1153,14 +1168,13 @@ public class X509CertImpl extends X509Certificate implements Serializable, private byte[] data1; /** - * Construct the alternate Certificate class with the Certificate type - * and Certificate encoding bytes. - * + * Construct the alternate Certificate class with the Certificate + * type and Certificate encoding bytes. + * * <p> - * - * @param type the standard name of the Certificate type. - * <p> - * + * + * @param type the standard name of the Certificate type. <p> + * * @param data the Certificate data. */ protected CertificateRep1(String type, byte[] data) { @@ -1170,27 +1184,29 @@ public class X509CertImpl extends X509Certificate implements Serializable, /** * Resolve the Certificate Object. - * + * * <p> - * + * * @return the resolved Certificate Object. - * - * @throws java.io.ObjectStreamException if the Certificate could not be - * resolved. + * + * @throws java.io.ObjectStreamException if the Certificate could not + * be resolved. */ protected Object readResolve() throws java.io.ObjectStreamException { try { CertificateFactory cf = CertificateFactory.getInstance(type1); return new X509CertImpl(data1); - /* - * return cf.generateCertificate (new - * java.io.ByteArrayInputStream(data1)); - */ +/* + return cf.generateCertificate + (new java.io.ByteArrayInputStream(data1)); +*/ } catch (CertificateException e) { - throw new java.io.NotSerializableException( - "java.security.cert.Certificate: " + type1 + ": " - + e.getMessage()); + throw new java.io.NotSerializableException + ("java.security.cert.Certificate: " + + type1 + + ": " + + e.getMessage()); } } @@ -1200,9 +1216,11 @@ public class X509CertImpl extends X509Certificate implements Serializable, try { return new CertificateRep1("X.509", getEncoded()); } catch (CertificateException e) { - throw new java.io.NotSerializableException( - "java.security.cert.Certificate: " + "X.509" + ": " - + e.getMessage()); + throw new java.io.NotSerializableException + ("java.security.cert.Certificate: " + + "X.509" + + ": " + + e.getMessage()); } } } |