// --- BEGIN COPYRIGHT BLOCK --- // This program is free software; you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation; version 2 of the License. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // // You should have received a copy of the GNU General Public License along // with this program; if not, write to the Free Software Foundation, Inc., // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. // // (C) 2007 Red Hat, Inc. // All rights reserved. // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.ocsp; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; import org.mozilla.jss.asn1.ASN1Template; import org.mozilla.jss.asn1.ASN1Value; import org.mozilla.jss.asn1.BIT_STRING; import org.mozilla.jss.asn1.EXPLICIT; import org.mozilla.jss.asn1.InvalidBERException; import org.mozilla.jss.asn1.OCTET_STRING; import org.mozilla.jss.asn1.SEQUENCE; import org.mozilla.jss.asn1.Tag; import org.mozilla.jss.pkix.cert.Certificate; import org.mozilla.jss.pkix.primitive.AlgorithmIdentifier; /** * RFC 2560: * *
* BasicOCSPResponse ::= SEQUENCE { * tbsResponseData ResponseData, * signatureAlgorithm AlgorithmIdentifier, * signature BIT STRING, * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } ** * @version $Revision$ $Date$ */ public class BasicOCSPResponse implements Response { private byte mData[] = null; private ResponseData _rd = null; private AlgorithmIdentifier _signAlg = null; private BIT_STRING _signature = null; private Certificate _certs[] = null; public BasicOCSPResponse(ResponseData rd, AlgorithmIdentifier signAlg, BIT_STRING signature, Certificate certs[]) { _rd = rd; _signAlg = signAlg; _signature = signature; _certs = certs; } public BasicOCSPResponse(OCTET_STRING os) { this(os.toByteArray()); } public BasicOCSPResponse(byte data[]) { mData = data; // extract _rd, _signAlg, _signature and _certs try { BasicOCSPResponse resp = (BasicOCSPResponse) getTemplate().decode(new ByteArrayInputStream(data)); _rd = resp.getResponseData(); _signAlg = resp.getSignatureAlgorithm(); _signature = resp.getSignature(); _certs = resp.getCerts(); } catch (Exception e) { // exception in decoding byte data } } private static final Tag TAG = SEQUENCE.TAG; public Tag getTag() { return TAG; } public void encode(Tag t, OutputStream os) throws IOException { if (mData != null) { os.write(mData); } else { SEQUENCE seq = new SEQUENCE(); seq.addElement(_rd); seq.addElement(_signAlg); seq.addElement(_signature); if (_certs != null) { SEQUENCE certsSeq = new SEQUENCE(); for (Certificate c : _certs) { certsSeq.addElement(c); } EXPLICIT certsExplicit = new EXPLICIT(new Tag(0), certsSeq); seq.addElement(certsExplicit); } seq.encode(t, os); } } public void encode(OutputStream os) throws IOException { encode(TAG, os); } public OCTET_STRING getBytes() { return null; } public ResponseData getResponseData() { return _rd; } public AlgorithmIdentifier getSignatureAlgorithm() { return _signAlg; } public BIT_STRING getSignature() { return _signature; } public int getCertsCount() { return (_certs != null) ? _certs.length : 0; } public Certificate[] getCerts() { return _certs; } public Certificate getCertificateAt(int pos) { return (_certs != null) ? _certs[pos] : null; } private static final Template templateInstance = new Template(); public static Template getTemplate() { return templateInstance; } /** * A Template for decoding
ResponseBytes
.
*/
public static class Template implements ASN1Template {
private SEQUENCE.Template seqt;
public Template() {
seqt = new SEQUENCE.Template();
seqt.addElement(ResponseData.getTemplate());
seqt.addElement(AlgorithmIdentifier.getTemplate());
seqt.addElement(BIT_STRING.getTemplate());
seqt.addOptionalElement(new EXPLICIT.Template(
new Tag(0), new SEQUENCE.OF_Template(
Certificate.getTemplate())));
}
public boolean tagMatch(Tag tag) {
return TAG.equals(tag);
}
public ASN1Value decode(InputStream istream)
throws InvalidBERException, IOException {
return decode(TAG, istream);
}
public ASN1Value decode(Tag implicitTag, InputStream istream)
throws InvalidBERException, IOException {
SEQUENCE seq = (SEQUENCE) seqt.decode(implicitTag, istream);
ResponseData rd = (ResponseData) seq.elementAt(0);
AlgorithmIdentifier alg = (AlgorithmIdentifier) seq.elementAt(1);
BIT_STRING bs = (BIT_STRING) seq.elementAt(2);
Certificate[] certs = null;
if (seq.size() == 4) {
// optional certificates are present
EXPLICIT certSeqExplicit = (EXPLICIT) seq.elementAt(3);
SEQUENCE certSeq = (SEQUENCE) certSeqExplicit.getContent();
if (certSeq != null) {
certs = new Certificate[certSeq.size()];
for (int x = 0; x < certSeq.size(); x++) {
certs[x] = (Certificate) certSeq.elementAt(x);
}
}
}
return new BasicOCSPResponse(rd, alg, bs, certs);
}
}
}