diff options
Diffstat (limited to 'pki/base/util/src/netscape/security/x509/X509CertImpl.java')
| -rwxr-xr-x | pki/base/util/src/netscape/security/x509/X509CertImpl.java | 580 |
1 files changed, 287 insertions, 293 deletions
diff --git a/pki/base/util/src/netscape/security/x509/X509CertImpl.java b/pki/base/util/src/netscape/security/x509/X509CertImpl.java index 10aab98ec..4d78db067 100755 --- a/pki/base/util/src/netscape/security/x509/X509CertImpl.java +++ b/pki/base/util/src/netscape/security/x509/X509CertImpl.java @@ -54,29 +54,22 @@ import netscape.security.util.ObjectIdentifier; /** * The X509CertImpl class represents an X.509 certificate. These certificates * are widely used to support authentication and other functionality in - * Internet security systems. Common applications include Privacy Enhanced + * Internet security systems. Common applications include Privacy Enhanced * Mail (PEM), Transport Layer Security (SSL), code signing for trusted - * software distribution, and Secure Electronic Transactions (SET). There + * software distribution, and Secure Electronic Transactions (SET). There * is a commercial infrastructure ready to manage large scale deployments * of X.509 identity certificates. - * - * <P>These certificates are managed and vouched for by <em>Certificate - * Authorities</em> (CAs). CAs are services which create certificates by - * placing data in the X.509 standard format and then digitally signing - * that data. Such signatures are quite difficult to forge. CAs act as - * trusted third parties, making introductions between agents who have no - * direct knowledge of each other. CA certificates are either signed by - * themselves, or by some other CA such as a "root" CA. - * - * <P>RFC 1422 is very informative, though it does not describe much - * of the recent work being done with X.509 certificates. That includes - * a 1996 version (X.509v3) and a variety of enhancements being made to - * facilitate an explosion of personal certificates used as "Internet - * Drivers' Licences", or with SET for credit card transactions. - * - * <P>More recent work includes the IETF PKIX Working Group efforts, - * especially part 1. - * + * + * <P> + * These certificates are managed and vouched for by <em>Certificate + * Authorities</em> (CAs). CAs are services which create certificates by placing data in the X.509 standard format and then digitally signing that data. Such signatures are quite difficult to forge. CAs act as trusted third parties, making introductions between agents who have no direct knowledge of each other. CA certificates are either signed by themselves, or by some other CA such as a "root" CA. + * + * <P> + * RFC 1422 is very informative, though it does not describe much of the recent work being done with X.509 certificates. That includes a 1996 version (X.509v3) and a variety of enhancements being made to facilitate an explosion of personal certificates used as "Internet Drivers' Licences", or with SET for credit card transactions. + * + * <P> + * More recent work includes the IETF PKIX Working Group efforts, especially part 1. + * * @author Dave Brownell * @author Amit Kapoor * @author Hemma Prafullchandra @@ -84,7 +77,7 @@ import netscape.security.util.ObjectIdentifier; * @see X509CertInfo */ public class X509CertImpl extends X509Certificate -implements Serializable, DerEncoder { + implements Serializable, DerEncoder { // Serialization compatibility with the X509CertImpl in x509v1.jar // supporting the subset of X509Certificate on JDK1.1.x platforms. static final long serialVersionUID = -2048442350420423405L; @@ -131,10 +124,10 @@ implements Serializable, DerEncoder { private boolean readOnly = false; // Certificate data, and its envelope - private byte[] signedCert; - protected X509CertInfo info = null; - protected AlgorithmId algId; - protected byte[] signature; + private byte[] signedCert; + protected X509CertInfo info = null; + protected AlgorithmId algId; + protected byte[] signature; // recognized extension OIDS private static final String KEY_USAGE_OID = "2.5.29.15"; @@ -143,76 +136,77 @@ implements Serializable, DerEncoder { /** * Default constructor. */ - public X509CertImpl() { } + public X509CertImpl() { + } /** * Unmarshals a certificate from its encoded form, parsing the - * encoded bytes. This form of constructor is used by agents which - * need to examine and use certificate contents. That is, this is - * one of the more commonly used constructors. Note that the buffer + * encoded bytes. This form of constructor is used by agents which + * need to examine and use certificate contents. That is, this is + * one of the more commonly used constructors. Note that the buffer * must include only a certificate, and no "garbage" may be left at - * the end. If you need to ignore data at the end of a certificate, + * the end. If you need to ignore data at the end of a certificate, * use another constructor. - * + * * @param certData the encoded bytes, with no trailing padding. * @exception CertificateException on parsing and initialization errors. */ public X509CertImpl(byte[] certData) - throws CertificateException { - this(certData,null); + throws CertificateException { + this(certData, null); } - /** - * As a special optimization, this constructor acts as X509CertImpl(byte[]) - * except that it takes an X509CertInfo which it uses as a 'hint' for - * how to construct one field. - * - * @param certData the encode bytes, with no traiing padding - * @param certInfo the certInfo which has already been constructed - * from the certData - */ + /** + * As a special optimization, this constructor acts as X509CertImpl(byte[]) + * except that it takes an X509CertInfo which it uses as a 'hint' for + * how to construct one field. + * + * @param certData the encode bytes, with no traiing padding + * @param certInfo the certInfo which has already been constructed + * from the certData + */ public X509CertImpl(byte[] certData, X509CertInfo certInfo) - throws CertificateException { + throws CertificateException { - // setting info here causes it to skip decoding in the parse() - // method - info = certInfo; + // setting info here causes it to skip decoding in the parse() + // method + info = certInfo; try { - DerValue in = new DerValue(certData); + DerValue in = new DerValue(certData); parse(in); signedCert = certData; } catch (IOException e) { - throw new CertificateException("Unable to initialize, " + e); + throw new CertificateException("Unable to initialize, " + e); } - } + } /** * unmarshals an X.509 certificate from an input stream. - * + * * @param in an input stream holding at least one certificate * @exception CertificateException on parsing and initialization errors. */ public X509CertImpl(InputStream in) - throws CertificateException { + throws CertificateException { try { - DerValue val = new DerValue(in); + DerValue val = new DerValue(in); parse(val); signedCert = val.toByteArray(); } catch (IOException e) { - throw new CertificateException("Unable to initialize, " + e); + throw new CertificateException("Unable to initialize, " + e); } } /** * Construct an initialized X509 Certificate. The certificate is stored * in raw form and has to be signed to be useful. - * + * * @param certInfo the X509CertificateInfo which the Certificate is to be - * created from. + * created from. */ public X509CertImpl(X509CertInfo certInfo) { this.info = certInfo; @@ -222,36 +216,35 @@ implements Serializable, DerEncoder { * Unmarshal a certificate from its encoded form, parsing a DER value. * This form of constructor is used by agents which need to examine * and use certificate contents. - * + * * @param derVal the der value containing the encoded cert. * @exception CertificateException on parsing and initialization errors. */ public X509CertImpl(DerValue derVal) - throws CertificateException { + throws CertificateException { try { parse(derVal); signedCert = derVal.toByteArray(); } catch (IOException e) { - throw new CertificateException("Unable to initialize, " + e); + throw new CertificateException("Unable to initialize, " + e); } } - public boolean hasUnsupportedCriticalExtension() - { - // XXX NOT IMPLEMENTED - return true; + public boolean hasUnsupportedCriticalExtension() { + // XXX NOT IMPLEMENTED + return true; } /** * Decode an X.509 certificate from an input stream. - * + * * @param in an input stream holding at least one certificate * @exception CertificateException on parsing errors. * @exception IOException on other errors. */ public void decode(InputStream in) - throws CertificateException, IOException { - DerValue val = new DerValue(in); + throws CertificateException, IOException { + DerValue val = new DerValue(in); parse(val); signedCert = val.toByteArray(); @@ -259,12 +252,12 @@ implements Serializable, DerEncoder { /** * Appends the certificate to an output stream. - * + * * @param out an input stream to which the certificate is appended. * @exception CertificateEncodingException on encoding errors. */ public void encode(OutputStream out) - throws CertificateEncodingException { + throws CertificateEncodingException { if (signedCert == null) throw new CertificateEncodingException( "Null certificate to encode"); @@ -278,17 +271,17 @@ implements Serializable, DerEncoder { /** * DER encode this object onto an output stream. * Implements the <code>DerEncoder</code> interface. - * - * @param out - * the output stream on which to write the DER encoding. - * + * + * @param out + * the output stream on which to write the DER encoding. + * * @exception IOException on encoding error. */ - public void derEncode (OutputStream out) throws IOException { + public void derEncode(OutputStream out) throws IOException { if (signedCert == null) throw new IOException("Null certificate to encode"); - out.write(signedCert); + out.write(signedCert); } /** @@ -296,7 +289,7 @@ implements Serializable, DerEncoder { * assumed that each certificate type would have only a single * form of encoding; for example, X.509 certificates would * be encoded as ASN.1 DER. - * + * * @exception CertificateEncodingException if an encoding error occurs. */ public byte[] getEncoded() throws CertificateEncodingException { @@ -310,50 +303,50 @@ implements Serializable, DerEncoder { /** * Throws an exception if the certificate was not signed using the - * verification key provided. Successfully verifying a certificate + * verification key provided. Successfully verifying a certificate * does <em>not</em> indicate that one should trust the entity which * it represents. - * + * * @param key the public key used for verification. - * + * * @exception InvalidKeyException on incorrect key. * @exception NoSuchAlgorithmException on unsupported signature - * algorithms. + * algorithms. * @exception NoSuchProviderException if there's no default provider. * @exception SignatureException on signature errors. * @exception CertificateException on encoding errors. */ public void verify(PublicKey key) - throws CertificateException, NoSuchAlgorithmException, - InvalidKeyException, NoSuchProviderException, SignatureException { + throws CertificateException, NoSuchAlgorithmException, + InvalidKeyException, NoSuchProviderException, SignatureException { verify(key, null); } /** * Throws an exception if the certificate was not signed using the - * verification key provided. Successfully verifying a certificate + * verification key provided. Successfully verifying a certificate * does <em>not</em> indicate that one should trust the entity which * it represents. - * + * * @param key the public key used for verification. * @param sigProvider the name of the provider. - * + * * @exception NoSuchAlgorithmException on unsupported signature - * algorithms. + * algorithms. * @exception InvalidKeyException on incorrect key. * @exception NoSuchProviderException on incorrect provider. * @exception SignatureException on signature errors. * @exception CertificateException on encoding errors. */ public void verify(PublicKey key, String sigProvider) - throws CertificateException, NoSuchAlgorithmException, - InvalidKeyException, NoSuchProviderException, SignatureException { + throws CertificateException, NoSuchAlgorithmException, + InvalidKeyException, NoSuchProviderException, SignatureException { if (signedCert == null) { throw new CertificateEncodingException("Uninitialized certificate"); } // Verify the signature ... - Signature sigVerf = null; + Signature sigVerf = null; sigVerf = Signature.getInstance(algId.getName(), sigProvider); sigVerf.initVerify(key); @@ -371,20 +364,20 @@ implements Serializable, DerEncoder { * passed (associating a signature algorithm and an X.500 name). * This operation is used to implement the certificate generation * functionality of a certificate authority. - * + * * @param key the private key used for signing. * @param algorithm the name of the signature algorithm used. - * + * * @exception InvalidKeyException on incorrect key. * @exception NoSuchAlgorithmException on unsupported signature - * algorithms. + * algorithms. * @exception NoSuchProviderException if there's no default provider. * @exception SignatureException on signature errors. * @exception CertificateException on encoding errors. */ public void sign(PrivateKey key, String algorithm) - throws CertificateException, NoSuchAlgorithmException, - InvalidKeyException, NoSuchProviderException, SignatureException { + throws CertificateException, NoSuchAlgorithmException, + InvalidKeyException, NoSuchProviderException, SignatureException { sign(key, algorithm, null); } @@ -393,21 +386,21 @@ implements Serializable, DerEncoder { * passed (associating a signature algorithm and an X.500 name). * This operation is used to implement the certificate generation * functionality of a certificate authority. - * + * * @param key the private key used for signing. * @param algorithm the name of the signature algorithm used. * @param provider the name of the provider. - * + * * @exception NoSuchAlgorithmException on unsupported signature - * algorithms. + * algorithms. * @exception InvalidKeyException on incorrect key. * @exception NoSuchProviderException on incorrect provider. * @exception SignatureException on signature errors. * @exception CertificateException on encoding errors. */ public void sign(PrivateKey key, String algorithm, String provider) - throws CertificateException, NoSuchAlgorithmException, - InvalidKeyException, NoSuchProviderException, SignatureException { + throws CertificateException, NoSuchAlgorithmException, + InvalidKeyException, NoSuchProviderException, SignatureException { try { if (readOnly) throw new CertificateEncodingException( @@ -420,7 +413,7 @@ implements Serializable, DerEncoder { sigEngine.initSign(key); - // in case the name is reset + // in case the name is reset algId = AlgorithmId.get(sigEngine.getAlgorithm()); DerOutputStream out = new DerOutputStream(); @@ -445,19 +438,19 @@ implements Serializable, DerEncoder { } catch (IOException e) { throw new CertificateEncodingException(e.toString()); - } + } } /** * Checks that the certificate is currently valid, i.e. the current * time is within the specified validity period. - * + * * @exception CertificateExpiredException if the certificate has expired. * @exception CertificateNotYetValidException if the certificate is not - * yet valid. + * yet valid. */ public void checkValidity() - throws CertificateExpiredException, CertificateNotYetValidException { + throws CertificateExpiredException, CertificateNotYetValidException { Date date = new Date(); checkValidity(date); } @@ -466,21 +459,21 @@ implements Serializable, DerEncoder { * Checks that the specified date is within the certificate's * validity period, or basically if the certificate would be * valid at the specified date/time. - * + * * @param date the Date to check against to see if this certificate - * is valid at that date/time. - * + * is valid at that date/time. + * * @exception CertificateExpiredException if the certificate has expired - * with respect to the <code>date</code> supplied. + * with respect to the <code>date</code> supplied. * @exception CertificateNotYetValidException if the certificate is not - * yet valid with respect to the <code>date</code> supplied. + * yet valid with respect to the <code>date</code> supplied. */ public void checkValidity(Date date) - throws CertificateExpiredException, CertificateNotYetValidException { + throws CertificateExpiredException, CertificateNotYetValidException { CertificateValidity interval = null; try { - interval = (CertificateValidity)info.get(CertificateValidity.NAME); + interval = (CertificateValidity) info.get(CertificateValidity.NAME); } catch (Exception e) { throw new CertificateNotYetValidException("Incorrect validity period"); } @@ -491,12 +484,12 @@ implements Serializable, DerEncoder { /** * Return the requested attribute from the certificate. - * + * * @param name the name of the attribute. * @exception CertificateParsingException on invalid attribute identifier. */ public Object get(String name) - throws CertificateParsingException { + throws CertificateParsingException { X509AttributeName attr = new X509AttributeName(name); String id = attr.getPrefix(); if (!(id.equalsIgnoreCase(NAME))) { @@ -510,37 +503,37 @@ implements Serializable, DerEncoder { if (id.equalsIgnoreCase(INFO)) { if (attr.getSuffix() != null) { try { - return info.get(attr.getSuffix()); + return info.get(attr.getSuffix()); } catch (IOException e) { throw new CertificateParsingException(e.toString()); } catch (CertificateException e) { throw new CertificateParsingException(e.toString()); } } else { - return(info); + return (info); } } else if (id.equalsIgnoreCase(ALG_ID)) { - return(algId); + return (algId); } else if (id.equalsIgnoreCase(SIGNATURE)) { - return(signature); + return (signature); } else if (id.equalsIgnoreCase(SIGNED_CERT)) { - return(signedCert); + return (signedCert); } else { throw new CertificateParsingException("Attribute name not " - + "recognized or get() not allowed for the same: " + id); + + "recognized or get() not allowed for the same: " + id); } } /** * Set the requested attribute in the certificate. - * + * * @param name the name of the attribute. * @param obj the value of the attribute. * @exception CertificateException on invalid attribute identifier. * @exception IOException on encoding error of attribute. */ public void set(String name, Object obj) - throws CertificateException, IOException { + throws CertificateException, IOException { // check if immutable if (readOnly) throw new CertificateException("cannot over-write existing" @@ -557,15 +550,15 @@ implements Serializable, DerEncoder { if (id.equalsIgnoreCase(INFO)) { if (attr.getSuffix() == null) { - if (!(obj instanceof X509CertInfo)) { - throw new CertificateException("Attribute value should" + if (!(obj instanceof X509CertInfo)) { + throw new CertificateException("Attribute value should" + " be of type X509CertInfo."); - } - info = (X509CertInfo)obj; - signedCert = null; //reset this as certificate data has changed + } + info = (X509CertInfo) obj; + signedCert = null; //reset this as certificate data has changed } else { - info.set(attr.getSuffix(), obj); - signedCert = null; //reset this as certificate data has changed + info.set(attr.getSuffix(), obj); + signedCert = null; //reset this as certificate data has changed } } else { throw new CertificateException("Attribute name not recognized or " + @@ -575,13 +568,13 @@ implements Serializable, DerEncoder { /** * Delete the requested attribute from the certificate. - * + * * @param name the name of the attribute. * @exception CertificateException on invalid attribute identifier. * @exception IOException on other errors. */ public void delete(String name) - throws CertificateException, IOException { + throws CertificateException, IOException { // check if immutable if (readOnly) throw new CertificateException("cannot over-write existing" @@ -599,9 +592,9 @@ implements Serializable, DerEncoder { if (id.equalsIgnoreCase(INFO)) { if (attr.getSuffix() != null) { - info = null; + info = null; } else { - info.delete(attr.getSuffix()); + info.delete(attr.getSuffix()); } } else if (id.equalsIgnoreCase(ALG_ID)) { algId = null; @@ -626,20 +619,20 @@ implements Serializable, DerEncoder { elements.addElement(NAME + DOT + SIGNATURE); elements.addElement(NAME + DOT + SIGNED_CERT); - return(elements.elements()); + return (elements.elements()); } /** * Return the name of this attribute. */ public String getName() { - return(NAME); + return (NAME); } /** - * Returns a printable representation of the certificate. This does not + * Returns a printable representation of the certificate. This does not * contain all the information available to distinguish this from any - * other certificate. The certificate must be fully constructed + * other certificate. The certificate must be fully constructed * before this function may be called. */ public String toString() { @@ -652,9 +645,9 @@ implements Serializable, DerEncoder { sb.append(info.toString() + "\n"); sb.append(" Algorithm: [" + algId.toString() + "]\n"); - netscape.security.util.PrettyPrintFormat pp = - new netscape.security.util.PrettyPrintFormat(" ", 20); - String signaturebits = pp.toHexString(signature); + netscape.security.util.PrettyPrintFormat pp = + new netscape.security.util.PrettyPrintFormat(" ", 20); + String signaturebits = pp.toHexString(signature); sb.append(" Signature:\n" + signaturebits); sb.append("]"); @@ -665,144 +658,143 @@ implements Serializable, DerEncoder { /** * Gets the publickey from this certificate. - * + * * @return the publickey. */ public PublicKey getPublicKey() { if (info == null) return null; - try { - PublicKey key = (PublicKey)info.get(CertificateX509Key.NAME + try { + PublicKey key = (PublicKey) info.get(CertificateX509Key.NAME + DOT + CertificateX509Key.KEY); - return key; + return key; } catch (Exception e) { - return null; - } + return null; + } } /** * Gets the version number from the certificate. - * + * * @return the version number. */ public int getVersion() { if (info == null) return -1; - try { - int vers = ((Integer)info.get(CertificateVersion.NAME + try { + int vers = ((Integer) info.get(CertificateVersion.NAME + DOT + CertificateVersion.VERSION)).intValue(); - return vers; + return vers; } catch (Exception e) { return -1; - } + } } /** * Gets the serial number from the certificate. - * + * * @return the serial number. */ public BigInteger getSerialNumber() { if (info == null) return null; - try { - SerialNumber ser = (SerialNumber)info.get( + try { + SerialNumber ser = (SerialNumber) info.get( CertificateSerialNumber.NAME + DOT + - CertificateSerialNumber.NUMBER); - return ((BigInt)ser.getNumber()).toBigInteger(); + CertificateSerialNumber.NUMBER); + return ((BigInt) ser.getNumber()).toBigInteger(); } catch (Exception e) { return null; - } + } } /** * Gets the subject distinguished name from the certificate. - * + * * @return the subject name. */ public Principal getSubjectDN() { if (info == null) return null; - try { - Principal subject = (Principal)info.get( + try { + Principal subject = (Principal) info.get( CertificateSubjectName.NAME + DOT + - CertificateSubjectName.DN_NAME); - return subject; + CertificateSubjectName.DN_NAME); + return subject; } catch (Exception e) { return null; - } + } } /** * Gets the issuer distinguished name from the certificate. - * + * * @return the issuer name. */ public Principal getIssuerDN() { if (info == null) return null; - try { - Principal issuer = (Principal)info.get( + try { + Principal issuer = (Principal) info.get( CertificateIssuerName.NAME + DOT + - CertificateIssuerName.DN_NAME); - return issuer; + CertificateIssuerName.DN_NAME); + return issuer; } catch (Exception e) { return null; - } + } } /** * Gets the notBefore date from the validity period of the certificate. - * + * * @return the start date of the validity period. */ public Date getNotBefore() { if (info == null) return null; - try { - Date d = (Date) info.get(CertificateValidity.NAME + DOT + + try { + Date d = (Date) info.get(CertificateValidity.NAME + DOT + CertificateValidity.NOT_BEFORE); - return d; + return d; } catch (Exception e) { return null; - } + } } /** * Gets the notAfter date from the validity period of the certificate. - * + * * @return the end date of the validity period. */ public Date getNotAfter() { if (info == null) return null; - try { - Date d = (Date) info.get(CertificateValidity.NAME + DOT + + try { + Date d = (Date) info.get(CertificateValidity.NAME + DOT + CertificateValidity.NOT_AFTER); - return d; + return d; } catch (Exception e) { return null; - } + } } /** - * Gets the DER encoded certificate informations, the - * <code>tbsCertificate</code> from this certificate. + * Gets the DER encoded certificate informations, the <code>tbsCertificate</code> from this certificate. * This can be used to verify the signature independently. - * + * * @return the DER encoded certificate information. * @exception CertificateEncodingException if an encoding error occurs. */ public byte[] getTBSCertificate() throws CertificateEncodingException { if (info != null) { - return info.getEncodedInfo(); + return info.getEncodedInfo(); } else throw new CertificateEncodingException("Uninitialized certificate"); } /** * Gets the raw Signature bits from the certificate. - * + * * @return the signature. */ public byte[] getSignature() { @@ -817,169 +809,170 @@ implements Serializable, DerEncoder { * Gets the signature algorithm name for the certificate * signature algorithm. * For example, the string "SHA-1/DSA" or "DSS". - * + * * @return the signature algorithm name. */ public String getSigAlgName() { if (algId == null) return null; - return (algId.getName()); + return (algId.getName()); } /** * Gets the signature algorithm OID string from the certificate. * For example, the string "1.2.840.10040.4.3" - * + * * @return the signature algorithm oid string. */ public String getSigAlgOID() { if (algId == null) return null; - ObjectIdentifier oid = algId.getOID(); - return (oid.toString()); + ObjectIdentifier oid = algId.getOID(); + return (oid.toString()); } /** * Gets the DER encoded signature algorithm parameters from this * certificate's signature algorithm. - * + * * @return the DER encoded signature algorithm parameters, or * null if no parameters are present. */ public byte[] getSigAlgParams() { if (algId == null) return null; - try { - return algId.getEncodedParams(); - } catch (IOException e) { + try { + return algId.getEncodedParams(); + } catch (IOException e) { return null; - } + } } /** * Gets the Issuer Unique Identity from the certificate. - * + * * @return the Issuer Unique Identity. */ public boolean[] getIssuerUniqueID() { if (info == null) return null; - try { - UniqueIdentity id = (UniqueIdentity)info.get( + try { + UniqueIdentity id = (UniqueIdentity) info.get( CertificateIssuerUniqueIdentity.NAME - + DOT + CertificateIssuerUniqueIdentity.ID); + + DOT + CertificateIssuerUniqueIdentity.ID); if (id == null) return null; else return (id.getId()); } catch (Exception e) { return null; - } + } } /** * Gets the Subject Unique Identity from the certificate. - * + * * @return the Subject Unique Identity. */ public boolean[] getSubjectUniqueID() { if (info == null) return null; - try { - UniqueIdentity id = (UniqueIdentity)info.get( + try { + UniqueIdentity id = (UniqueIdentity) info.get( CertificateSubjectUniqueIdentity.NAME - + DOT + CertificateSubjectUniqueIdentity.ID); + + DOT + CertificateSubjectUniqueIdentity.ID); if (id == null) return null; else return (id.getId()); } catch (Exception e) { return null; - } + } } /** * Gets a Set of the extension(s) marked CRITICAL in the * certificate by OID strings. - * + * * @return a set of the extension oid strings in the - * certificate that are marked critical. + * certificate that are marked critical. */ public Set<String> getCriticalExtensionOIDs() { if (info == null) return null; - try { - CertificateExtensions exts = (CertificateExtensions)info.get( + try { + CertificateExtensions exts = (CertificateExtensions) info.get( CertificateExtensions.NAME); - if (exts == null) + if (exts == null) return null; Set<String> extSet = new LinkedHashSet<String>(); Extension ex; - for (Enumeration e = exts.getElements(); e.hasMoreElements(); ) { - ex = (Extension)e.nextElement(); - if (ex.isCritical()) - extSet.add(((ObjectIdentifier)ex.getExtensionId()).toString()); - } + for (Enumeration e = exts.getElements(); e.hasMoreElements();) { + ex = (Extension) e.nextElement(); + if (ex.isCritical()) + extSet.add(((ObjectIdentifier) ex.getExtensionId()).toString()); + } return extSet; } catch (Exception e) { return null; - } + } } /** * Gets a Set of the extension(s) marked NON-CRITICAL in the * certificate by OID strings. - * + * * @return a set of the extension oid strings in the - * certificate that are NOT marked critical. + * certificate that are NOT marked critical. */ public Set<String> getNonCriticalExtensionOIDs() { if (info == null) return null; - try { - CertificateExtensions exts = (CertificateExtensions)info.get( + try { + CertificateExtensions exts = (CertificateExtensions) info.get( CertificateExtensions.NAME); - if (exts == null) + if (exts == null) return null; Set<String> extSet = new LinkedHashSet<String>(); Extension ex; - for (Enumeration e = exts.getElements(); e.hasMoreElements(); ) { - ex = (Extension)e.nextElement(); - if ( ! ex.isCritical()) - extSet.add(((ObjectIdentifier)ex.getExtensionId()).toString()); - } + for (Enumeration e = exts.getElements(); e.hasMoreElements();) { + ex = (Extension) e.nextElement(); + if (!ex.isCritical()) + extSet.add(((ObjectIdentifier) ex.getExtensionId()).toString()); + } return extSet; } catch (Exception e) { return null; - } + } } public Extension getExtension(String oid) { try { - CertificateExtensions exts = (CertificateExtensions)info.get( + CertificateExtensions exts = (CertificateExtensions) info.get( CertificateExtensions.NAME); - if (exts == null) - return null; - ObjectIdentifier findOID = new ObjectIdentifier(oid); - Extension ex = null;; - ObjectIdentifier inCertOID; - for (Enumeration e=exts.getElements(); e.hasMoreElements();) { - ex = (Extension)e.nextElement(); - inCertOID = ex.getExtensionId(); - if (inCertOID.equals(findOID)) { - return ex; - } - } + if (exts == null) + return null; + ObjectIdentifier findOID = new ObjectIdentifier(oid); + Extension ex = null; + ; + ObjectIdentifier inCertOID; + for (Enumeration e = exts.getElements(); e.hasMoreElements();) { + ex = (Extension) e.nextElement(); + inCertOID = ex.getExtensionId(); + if (inCertOID.equals(findOID)) { + return ex; + } + } } catch (Exception e) { - } + } return null; } /** * Gets the DER encoded extension identified by the passed * in oid String. - * + * * @param oid the Object Identifier value for the extension. */ public byte[] getExtensionValue(String oid) { @@ -989,33 +982,34 @@ implements Serializable, DerEncoder { if (extAlias == null) { // may be unknown // get the extensions, search thru' for this oid - CertificateExtensions exts = (CertificateExtensions)info.get( + CertificateExtensions exts = (CertificateExtensions) info.get( CertificateExtensions.NAME); - if (exts == null) - return null; - - ObjectIdentifier findOID = new ObjectIdentifier(oid); - Extension ex = null;; - ObjectIdentifier inCertOID; - for (Enumeration e=exts.getElements(); e.hasMoreElements();) { - ex = (Extension)e.nextElement(); - inCertOID = ex.getExtensionId(); - if (inCertOID.equals(findOID)) { - certExt = ex; - break; - } - } + if (exts == null) + return null; + + ObjectIdentifier findOID = new ObjectIdentifier(oid); + Extension ex = null; + ; + ObjectIdentifier inCertOID; + for (Enumeration e = exts.getElements(); e.hasMoreElements();) { + ex = (Extension) e.nextElement(); + inCertOID = ex.getExtensionId(); + if (inCertOID.equals(findOID)) { + certExt = ex; + break; + } + } } else { // there's sub-class that can handle this extension - certExt = (Extension)this.get(extAlias); + certExt = (Extension) this.get(extAlias); } if (certExt == null) - return null; + return null; byte[] extData = certExt.getExtensionValue(); if (extData == null) return null; - DerOutputStream out = new DerOutputStream(); - out.putOctetString(extData); + DerOutputStream out = new DerOutputStream(); + out.putOctetString(extData); return out.toByteArray(); } catch (Exception e) { return null; @@ -1025,17 +1019,18 @@ implements Serializable, DerEncoder { /** * Get a boolean array representing the bits of the KeyUsage extension, * (oid = 2.5.29.15). + * * @return the bit values of this extension as an array of booleans. */ public boolean[] getKeyUsage() { try { - String extAlias = OIDMap.getName(new ObjectIdentifier( + String extAlias = OIDMap.getName(new ObjectIdentifier( KEY_USAGE_OID)); - if (extAlias == null) + if (extAlias == null) return null; - KeyUsageExtension certExt = (KeyUsageExtension)this.get(extAlias); - if (certExt == null) + KeyUsageExtension certExt = (KeyUsageExtension) this.get(extAlias); + if (certExt == null) return null; return certExt.getBits(); @@ -1047,22 +1042,22 @@ implements Serializable, DerEncoder { /** * Get the certificate constraints path length from the * the critical BasicConstraints extension, (oid = 2.5.29.19). + * * @return the length of the constraint. */ public int getBasicConstraints() { try { - String extAlias = OIDMap.getName(new ObjectIdentifier( + String extAlias = OIDMap.getName(new ObjectIdentifier( BASIC_CONSTRAINT_OID)); - if (extAlias == null) + if (extAlias == null) return -1; - BasicConstraintsExtension certExt = - (BasicConstraintsExtension)this.get(extAlias); - if (certExt == null) + BasicConstraintsExtension certExt = + (BasicConstraintsExtension) this.get(extAlias); + if (certExt == null) return -1; - if (((Boolean)certExt.get(BasicConstraintsExtension.IS_CA) - ).booleanValue() == true) - return ((Integer)certExt.get( + if (((Boolean) certExt.get(BasicConstraintsExtension.IS_CA)).booleanValue() == true) + return ((Integer) certExt.get( BasicConstraintsExtension.PATH_LEN)).intValue(); else return -1; @@ -1080,11 +1075,11 @@ implements Serializable, DerEncoder { return false; BasicConstraintsExtension certExt = - (BasicConstraintsExtension)this.get(extAlias); + (BasicConstraintsExtension) this.get(extAlias); if (certExt == null) return false; - isCA = ((Boolean)certExt.get(BasicConstraintsExtension.IS_CA)).booleanValue(); + isCA = ((Boolean) certExt.get(BasicConstraintsExtension.IS_CA)).booleanValue(); } catch (Exception e) { return false; } @@ -1110,7 +1105,7 @@ implements Serializable, DerEncoder { "cannot over-write existing certificate"); readOnly = true; - DerValue seq[] = new DerValue[3]; + DerValue seq[] = new DerValue[3]; seq[0] = val.data.getDerValue(); seq[1] = val.data.getDerValue(); @@ -1134,9 +1129,9 @@ implements Serializable, DerEncoder { throw new CertificateParsingException("signed fields overrun"); // The CertificateInfo - if (info == null) { - info = new X509CertInfo(seq[0]); - } + if (info == null) { + info = new X509CertInfo(seq[0]); + } } /** @@ -1146,7 +1141,7 @@ implements Serializable, DerEncoder { * serialization subsystem, then the cert data.) */ private synchronized void writeObject(ObjectOutputStream stream) - throws CertificateException, IOException { + throws CertificateException, IOException { encode(stream); } @@ -1155,7 +1150,7 @@ implements Serializable, DerEncoder { * themselves, and they're parsed when they get read back. */ private synchronized void readObject(ObjectInputStream stream) - throws CertificateException, IOException { + throws CertificateException, IOException { decode(stream); } @@ -1170,11 +1165,12 @@ implements Serializable, DerEncoder { /** * Construct the alternate Certificate class with the Certificate * type and Certificate encoding bytes. - * + * * <p> - * - * @param type the standard name of the Certificate type. <p> - * + * + * @param type the standard name of the Certificate type. + * <p> + * * @param data the Certificate data. */ protected CertificateRep1(String type, byte[] data) { @@ -1184,26 +1180,25 @@ implements Serializable, DerEncoder { /** * Resolve the Certificate Object. - * + * * <p> - * + * * @return the resolved Certificate Object. - * + * * @throws java.io.ObjectStreamException if the Certificate could not - * be resolved. + * be resolved. */ protected Object readResolve() throws java.io.ObjectStreamException { try { CertificateFactory cf = CertificateFactory.getInstance(type1); return new X509CertImpl(data1); -/* - return cf.generateCertificate - (new java.io.ByteArrayInputStream(data1)); -*/ + /* + return cf.generateCertificate + (new java.io.ByteArrayInputStream(data1)); + */ } catch (CertificateException e) { - throw new java.io.NotSerializableException - ("java.security.cert.Certificate: " + + throw new java.io.NotSerializableException("java.security.cert.Certificate: " + type1 + ": " + e.getMessage()); @@ -1216,8 +1211,7 @@ implements Serializable, DerEncoder { try { return new CertificateRep1("X.509", getEncoded()); } catch (CertificateException e) { - throw new java.io.NotSerializableException - ("java.security.cert.Certificate: " + + throw new java.io.NotSerializableException("java.security.cert.Certificate: " + "X.509" + ": " + e.getMessage()); |