// --- BEGIN COPYRIGHT BLOCK ---
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation; version 2 of the License.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License along
// with this program; if not, write to the Free Software Foundation, Inc.,
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
//
// (C) 2007 Red Hat, Inc.
// All rights reserved.
// --- END COPYRIGHT BLOCK ---
package netscape.security.x509;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.OutputStream;
import java.io.Serializable;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.util.Date;
import java.util.Enumeration;
import netscape.security.util.DerInputStream;
import netscape.security.util.DerOutputStream;
import netscape.security.util.DerValue;
/**
* This class defines the interval for which the certificate is valid.
*
* @author Amit Kapoor
* @author Hemma Prafullchandra
* @version 1.12
* @see CertAttrSet
*/
public class CertificateValidity implements CertAttrSet, Serializable {
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT = "x509.info.validity";
/**
* Sub attributes name for this CertAttrSet.
*/
public static final String NAME = "validity";
public static final String NOT_BEFORE = "notBefore";
public static final String NOT_AFTER = "notAfter";
private static final long YR_2050 = 2524636800000L;
// Private data members
private Date notBefore;
private Date notAfter;
// Returns the first time the certificate is valid.
private Date getNotBefore() {
return (new Date(notBefore.getTime()));
}
// Returns the last time the certificate is valid.
private Date getNotAfter() {
return (new Date(notAfter.getTime()));
}
// Construct the class from the DerValue
private void construct(DerValue derVal) throws IOException {
if (derVal.tag != DerValue.tag_Sequence) {
throw new IOException("Invalid encoded CertificateValidity, " +
"starting sequence tag missing.");
}
// check if UTCTime encoded or GeneralizedTime
if (derVal.data.available() == 0)
throw new IOException("No data encoded for CertificateValidity");
DerInputStream derIn = new DerInputStream(derVal.toByteArray());
DerValue[] seq = derIn.getSequence(2);
if (seq.length != 2)
throw new IOException("Invalid encoding for CertificateValidity");
if (seq[0].tag == DerValue.tag_UtcTime) {
notBefore = derVal.data.getUTCTime();
} else if (seq[0].tag == DerValue.tag_GeneralizedTime) {
notBefore = derVal.data.getGeneralizedTime();
} else {
throw new IOException("Invalid encoding for CertificateValidity");
}
if (seq[1].tag == DerValue.tag_UtcTime) {
notAfter = derVal.data.getUTCTime();
} else if (seq[1].tag == DerValue.tag_GeneralizedTime) {
notAfter = derVal.data.getGeneralizedTime();
} else {
throw new IOException("Invalid encoding for CertificateValidity");
}
}
/**
* Default constructor for the class.
*/
public CertificateValidity() { }
/**
* The default constructor for this class for the specified interval.
*
* @param notBefore the date and time before which the certificate
* is not valid.
* @param notAfter the date and time after which the certificate is
* not valid.
*/
public CertificateValidity(Date notBefore, Date notAfter) {
this.notBefore = notBefore;
this.notAfter = notAfter;
}
/**
* Create the object, decoding the values from the passed DER stream.
*
* @param in the DerInputStream to read the CertificateValidity from.
* @exception IOException on decoding errors.
*/
public CertificateValidity(DerInputStream in) throws IOException {
DerValue derVal = in.getDerValue();
construct(derVal);
}
/**
* Return the validity period as user readable string.
*/
public String toString() {
if (notBefore == null || notAfter == null)
return "";
return ("Validity: [From: " + notBefore.toString() +
",\n To: " + notAfter.toString() + "]");
}
/**
* Decode the CertificateValidity period from the InputStream.
*
* @param in the InputStream to unmarshal the contents from.
* @exception IOException on errors.
*/
public void decode(InputStream in) throws IOException {
DerValue derVal = new DerValue(in);
construct(derVal);
}
private synchronized void writeObject(ObjectOutputStream stream)
throws IOException {
encode(stream);
}
private synchronized void readObject(ObjectInputStream stream)
throws IOException {
decode(stream);
}
/**
* Encode the CertificateValidity period in DER form to the stream.
*
* @param out the OutputStream to marshal the contents to.
* @exception IOException on errors.
*/
public void encode(OutputStream out) throws IOException {
// in cases where default constructor is used check for
// null values
if (notBefore == null || notAfter == null) {
throw new IOException("CertAttrSet:CertificateValidity:" +
" null values to encode.\n");
}
DerOutputStream pair = new DerOutputStream();
if (notBefore.getTime() < YR_2050) {
pair.putUTCTime(notBefore);
} else
pair.putGeneralizedTime(notBefore);
if (notAfter.getTime() < YR_2050) {
pair.putUTCTime(notAfter);
} else {
pair.putGeneralizedTime(notAfter);
}
DerOutputStream seq = new DerOutputStream();
seq.write(DerValue.tag_Sequence,pair);
out.write(seq.toByteArray());
}
/**
* Set the attribute value.
*/
public void set(String name, Object obj) throws IOException {
if (!(obj instanceof Date)) {
throw new IOException("Attribute must be of type Date.");
}
if (name.equalsIgnoreCase(NOT_BEFORE)) {
notBefore = (Date)obj;
} else if (name.equalsIgnoreCase(NOT_AFTER)) {
notAfter = (Date)obj;
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet: CertificateValidity.");
}
}
/**
* Get the attribute value.
*/
public Object get(String name) throws IOException {
if (name.equalsIgnoreCase(NOT_BEFORE)) {
return (getNotBefore());
} else if (name.equalsIgnoreCase(NOT_AFTER)) {
return (getNotAfter());
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet: CertificateValidity.");
}
}
/**
* Delete the attribute value.
*/
public void delete(String name) throws IOException {
if (name.equalsIgnoreCase(NOT_BEFORE)) {
notBefore = null;
} else if (name.equalsIgnoreCase(NOT_AFTER)) {
notAfter = null;
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet: CertificateValidity.");
}
}
/**
* Return an enumeration of names of attributes existing within this
* attribute.
*/
public Enumeration getElements() {
AttributeNameEnumeration elements = new AttributeNameEnumeration();
elements.addElement(NOT_BEFORE);
elements.addElement(NOT_AFTER);
return (elements.elements());
}
/**
* Return the name of this attribute.
*/
public String getName() {
return (NAME);
}
/**
* Verify that the current time is within the validity period.
*
* @exception CertificateExpiredException if the certificate has expired.
* @exception CertificateNotYetValidException if the certificate is not
* yet valid.
*/
public void valid()
throws CertificateNotYetValidException, CertificateExpiredException {
Date now = new Date();
valid(now);
}
/**
* Verify that the passed time is within the validity period.
* @param now the Date against which to compare the validity
* period.
*
* @exception CertificateExpiredException if the certificate has expired
* with respect to the Date
supplied.
* @exception CertificateNotYetValidException if the certificate is not
* yet valid with respect to the Date
supplied.
*
*/
public void valid(Date now)
throws CertificateNotYetValidException, CertificateExpiredException {
/*
* we use the internal Dates rather than the passed in Date
* because someone could override the Date methods after()
* and before() to do something entirely different.
*/
if (notBefore.after(now)) {
throw new CertificateNotYetValidException("NotBefore: " +
notBefore.toString());
}
if (notAfter.before(now)) {
throw new CertificateExpiredException("NotAfter: " +
notAfter.toString());
}
}
}