diff options
Diffstat (limited to 'pki/base/util/src/netscape/security/x509/CRLDistributionPointsExtension.java')
| -rw-r--r-- | pki/base/util/src/netscape/security/x509/CRLDistributionPointsExtension.java | 353 |
1 files changed, 171 insertions, 182 deletions
diff --git a/pki/base/util/src/netscape/security/x509/CRLDistributionPointsExtension.java b/pki/base/util/src/netscape/security/x509/CRLDistributionPointsExtension.java index 2ed34096..8628b1f8 100644 --- a/pki/base/util/src/netscape/security/x509/CRLDistributionPointsExtension.java +++ b/pki/base/util/src/netscape/security/x509/CRLDistributionPointsExtension.java @@ -35,21 +35,21 @@ import org.mozilla.jss.asn1.InvalidBERException; import org.mozilla.jss.asn1.SEQUENCE; /** - * An extension that tells applications where to find the CRL for - * this certificate. - * + * An extension that tells applications where to find the CRL for this + * certificate. + * * <pre> * cRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint - * + * * DistributionPoint ::= SEQUENCE { * distributionPoint [0] DistributionPointName OPTIONAL, * reasons [1] ReasonFlags OPTIONAL, * cRLIssuer [2] GeneralNames OPTIONAL } - * + * * DistributionPointName ::= CHOICE { * fullName [0] GeneralNames, * nameRelativeToCRLIssuer [1] RelativeDistinguishedName } - * + * * ReasonFlags ::= BIT STRING { * unused (0), * keyCompromise (1), @@ -60,9 +60,8 @@ import org.mozilla.jss.asn1.SEQUENCE; * certificateHold (6) } * </pre> */ -public class CRLDistributionPointsExtension extends Extension - implements CertAttrSet -{ +public class CRLDistributionPointsExtension extends Extension implements + CertAttrSet { /** * @@ -72,10 +71,11 @@ public class CRLDistributionPointsExtension extends Extension private SEQUENCE distributionPoints = new SEQUENCE(); // no default constructor - private CRLDistributionPointsExtension() { } + private CRLDistributionPointsExtension() { + } // Cached DER-encoding to improve performance. - private byte[] cachedEncoding=null; + private byte[] cachedEncoding = null; /** * This constructor is called by the CertificateExtensions class to decode @@ -83,30 +83,30 @@ public class CRLDistributionPointsExtension extends Extension * extension. */ public CRLDistributionPointsExtension(Boolean critical, Object value) - //throws IOException + // throws IOException { - try { - - this.extensionId = PKIXExtensions.CRLDistributionPoints_Id; - this.critical = critical.booleanValue(); - this.extensionValue = (byte[])((byte[])value).clone(); - - // decode the value try { - SEQUENCE.OF_Template seqOfCRLDP = - new SEQUENCE.OF_Template( CRLDistributionPoint.getTemplate() ); - distributionPoints = - (SEQUENCE) ASN1Util.decode( seqOfCRLDP, extensionValue ); - } catch(InvalidBERException e) { - throw new IOException("Invalid BER-encoding: " + e.toString()); + this.extensionId = PKIXExtensions.CRLDistributionPoints_Id; + this.critical = critical.booleanValue(); + this.extensionValue = (byte[]) ((byte[]) value).clone(); + + // decode the value + try { + SEQUENCE.OF_Template seqOfCRLDP = new SEQUENCE.OF_Template( + CRLDistributionPoint.getTemplate()); + + distributionPoints = (SEQUENCE) ASN1Util.decode(seqOfCRLDP, + extensionValue); + } catch (InvalidBERException e) { + throw new IOException("Invalid BER-encoding: " + e.toString()); + } + } catch (IOException e) { + System.out.println("Big error"); + System.out.println(e); + e.printStackTrace(); + // throw e; } - } catch(IOException e) { - System.out.println("Big error"); - System.out.println(e); - e.printStackTrace(); - //throw e; - } } /** @@ -146,20 +146,18 @@ public class CRLDistributionPointsExtension extends Extension return (CRLDistributionPoint) distributionPoints.elementAt(index); } - /** - * Sets the criticality of this extension. PKIX dictates that this - * extension SHOULD NOT be critical, so applications can make it critical - * if they have a very good reason. By default, the extension is not - * critical. + /** + * Sets the criticality of this extension. PKIX dictates that this extension + * SHOULD NOT be critical, so applications can make it critical if they have + * a very good reason. By default, the extension is not critical. */ public void setCritical(boolean critical) { this.critical = critical; } /** - * Encodes this extension to the given DerOutputStream. - * This method re-encodes each time it is called, so it is not very - * efficient. + * Encodes this extension to the given DerOutputStream. This method + * re-encodes each time it is called, so it is not very efficient. */ public void encode(DerOutputStream out) throws IOException { extensionValue = ASN1Util.encode(distributionPoints); @@ -167,26 +165,27 @@ public class CRLDistributionPointsExtension extends Extension } /** - * Should be called if any change is made to this data structure - * so that the cached DER encoding can be discarded. + * Should be called if any change is made to this data structure so that the + * cached DER encoding can be discarded. */ public void flushCachedEncoding() { cachedEncoding = null; } - ///////////////////////////////////////////////////////////// + // /////////////////////////////////////////////////////////// // CertAttrSet interface // This interface is not really appropriate for this extension // because it is so complicated. Therefore, we only provide a // minimal implementation. - ///////////////////////////////////////////////////////////// + // /////////////////////////////////////////////////////////// public static final String NAME = "CRLDistributionPoints"; - static { - try { + static { + try { OIDMap.addAttribute(CRLDistributionPointsExtension.class.getName(), - OID, NAME); - } catch (CertificateException e) {} + OID, NAME); + } catch (CertificateException e) { + } } public String toString() { @@ -196,10 +195,9 @@ public class CRLDistributionPointsExtension extends Extension /** * DER-encodes this extension to the given OutputStream. */ - public void encode(OutputStream ostream) - throws CertificateException, IOException - { - if( cachedEncoding == null ) { + public void encode(OutputStream ostream) throws CertificateException, + IOException { + if (cachedEncoding == null) { // only re-encode if necessary DerOutputStream tmp = new DerOutputStream(); encode(tmp); @@ -208,38 +206,30 @@ public class CRLDistributionPointsExtension extends Extension ostream.write(cachedEncoding); } - public void decode(InputStream in) - throws CertificateException, IOException - { + public void decode(InputStream in) throws CertificateException, IOException { throw new IOException("Not supported"); } - public void set(String name, Object obj) - throws CertificateException, IOException - { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:CRLDistributionPointsExtension"); + public void set(String name, Object obj) throws CertificateException, + IOException { + throw new IOException("Attribute name not recognized by " + + "CertAttrSet:CRLDistributionPointsExtension"); } - public Object get(String name) - throws CertificateException, IOException - { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:CRLDistributionPointsExtension"); + public Object get(String name) throws CertificateException, IOException { + throw new IOException("Attribute name not recognized by " + + "CertAttrSet:CRLDistributionPointsExtension"); } - public void delete(String name) - throws CertificateException, IOException - { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:CRLDistributionPointsExtension"); + public void delete(String name) throws CertificateException, IOException { + throw new IOException("Attribute name not recognized by " + + "CertAttrSet:CRLDistributionPointsExtension"); } public Enumeration getElements() { return (new Vector()).elements(); } - public String getName() { return NAME; } @@ -249,64 +239,62 @@ public class CRLDistributionPointsExtension extends Extension */ public static void main(String args[]) { - try { - - if( args.length != 1 ) { - System.out.println("Usage: CRLDistributionPointsExtentions "+ - "<outfile>"); - System.exit(-1); - } + try { - BufferedOutputStream bos = new BufferedOutputStream( - new FileOutputStream(args[0]) ); - - - // URI only - CRLDistributionPoint cdp = new CRLDistributionPoint(); - URIName uri = new URIName("http://www.mycrl.com/go/here"); - GeneralNames generalNames = new GeneralNames(); - generalNames.addElement(uri); - cdp.setFullName(generalNames); - CRLDistributionPointsExtension crldpExt = - new CRLDistributionPointsExtension(cdp); - - // DN only - cdp = new CRLDistributionPoint(); - X500Name dn = new X500Name("CN=Otis Smith,E=otis@fedoraproject.org"+ - ",OU=Certificate Server,O=Fedora,C=US"); - generalNames = new GeneralNames(); - generalNames.addElement(dn); - cdp.setFullName(generalNames); - crldpExt.addPoint(cdp); - - // DN + reason - BitArray ba = new BitArray(5, new byte[] {(byte)0x28} ); - cdp = new CRLDistributionPoint(); - cdp.setFullName(generalNames); - cdp.setReasons(ba); - crldpExt.addPoint(cdp); - - - // relative DN + reason + crlIssuer - cdp = new CRLDistributionPoint(); - RDN rdn = new RDN("OU=foobar dept"); - cdp.setRelativeName(rdn); - cdp.setReasons(ba); - cdp.setCRLIssuer(generalNames); - crldpExt.addPoint(cdp); - - crldpExt.setCritical(true); - crldpExt.encode(bos); - - bos.close(); - - } catch(Exception e) { + if (args.length != 1) { + System.out.println("Usage: CRLDistributionPointsExtentions " + + "<outfile>"); + System.exit(-1); + } + + BufferedOutputStream bos = new BufferedOutputStream( + new FileOutputStream(args[0])); + + // URI only + CRLDistributionPoint cdp = new CRLDistributionPoint(); + URIName uri = new URIName("http://www.mycrl.com/go/here"); + GeneralNames generalNames = new GeneralNames(); + generalNames.addElement(uri); + cdp.setFullName(generalNames); + CRLDistributionPointsExtension crldpExt = new CRLDistributionPointsExtension( + cdp); + + // DN only + cdp = new CRLDistributionPoint(); + X500Name dn = new X500Name("CN=Otis Smith,E=otis@fedoraproject.org" + + ",OU=Certificate Server,O=Fedora,C=US"); + generalNames = new GeneralNames(); + generalNames.addElement(dn); + cdp.setFullName(generalNames); + crldpExt.addPoint(cdp); + + // DN + reason + BitArray ba = new BitArray(5, new byte[] { (byte) 0x28 }); + cdp = new CRLDistributionPoint(); + cdp.setFullName(generalNames); + cdp.setReasons(ba); + crldpExt.addPoint(cdp); + + // relative DN + reason + crlIssuer + cdp = new CRLDistributionPoint(); + RDN rdn = new RDN("OU=foobar dept"); + cdp.setRelativeName(rdn); + cdp.setReasons(ba); + cdp.setCRLIssuer(generalNames); + crldpExt.addPoint(cdp); + + crldpExt.setCritical(true); + crldpExt.encode(bos); + + bos.close(); + + } catch (Exception e) { e.printStackTrace(); - } + } } - /** - * Represents a reason that a cert may be revoked. These reasons are + /** + * Represents a reason that a cert may be revoked. These reasons are * expressed in a ReasonFlags bit string. */ public static class Reason { @@ -314,16 +302,18 @@ public class CRLDistributionPointsExtension extends Extension private String name; private byte bitMask; - private Reason() { } + private Reason() { + } + private Reason(String name, byte bitMask) { this.name = name; this.bitMask = bitMask; map.put(name, this); - list.addElement(this); + list.addElement(this); } private static Hashtable map = new Hashtable(); - private static Vector list = new Vector(); + private static Vector list = new Vector(); public static Reason fromString(String name) { return (Reason) map.get(name); @@ -337,61 +327,60 @@ public class CRLDistributionPointsExtension extends Extension return bitMask; } - /** - * Given a bit array representing reason flags, extracts the reasons - * and returns them as an array. - * - * @param bitFlags A bit vector containing reason flags. - * @return An array of reasons contained in the bit vector. - * May be zero-length but will not be null. - */ - public static Reason[] bitArrayToReasonArray(byte bitFlags) { - return bitArrayToReasonArray( new byte[] { bitFlags } ); - } - - /** - * Given a bit array representing reason flags, extracts the reasons - * and returns them as an array. Currently, only the first byte - * of the bitflags are examined. - * - * @param bitFlags A bit vector containing reason flags. The format - * is big-endian (MSB first). Only the first byte is examined. - * @return An array of reasons contained in the bit vector. - * May be zero-length but will not be null. - */ - public static Reason[] bitArrayToReasonArray(byte[] bitFlags) { - byte first = bitFlags[0]; - int size = list.size(); - Vector result = new Vector(); - for(int i = 0; i < size; i++) { - Reason r = (Reason) list.elementAt(i); - byte b = r.getBitMask(); - if( (first & b) != 0 ) { - result.addElement(r); - } - } - size = result.size(); - Reason[] retval = new Reason[size]; - for(int i=0; i < size; i++) { - retval[i] = (Reason) result.elementAt(i); - } - return retval; - } - - public static final Reason UNUSED = - new Reason("unused", (byte) 0x80); - public static final Reason KEY_COMPROMISE = - new Reason("keyCompromise", (byte) 0x40); - public static final Reason CA_COMPROMISE = - new Reason("cACompromise", (byte) 0x20); - public static final Reason AFFILIATION_CHANGED = - new Reason("affiliationChanged", (byte) 0x10); - public static final Reason SUPERSEDED = - new Reason("superseded", (byte) 0x08); - public static final Reason CESSATION_OF_OPERATION = - new Reason("cessationOfOperation", (byte) 0x04); - public static final Reason CERTIFICATE_HOLD = - new Reason("certificateHold", (byte) 0x02); + /** + * Given a bit array representing reason flags, extracts the reasons and + * returns them as an array. + * + * @param bitFlags A bit vector containing reason flags. + * @return An array of reasons contained in the bit vector. May be + * zero-length but will not be null. + */ + public static Reason[] bitArrayToReasonArray(byte bitFlags) { + return bitArrayToReasonArray(new byte[] { bitFlags }); + } + + /** + * Given a bit array representing reason flags, extracts the reasons and + * returns them as an array. Currently, only the first byte of the + * bitflags are examined. + * + * @param bitFlags A bit vector containing reason flags. The format is + * big-endian (MSB first). Only the first byte is examined. + * @return An array of reasons contained in the bit vector. May be + * zero-length but will not be null. + */ + public static Reason[] bitArrayToReasonArray(byte[] bitFlags) { + byte first = bitFlags[0]; + int size = list.size(); + Vector result = new Vector(); + for (int i = 0; i < size; i++) { + Reason r = (Reason) list.elementAt(i); + byte b = r.getBitMask(); + if ((first & b) != 0) { + result.addElement(r); + } + } + size = result.size(); + Reason[] retval = new Reason[size]; + for (int i = 0; i < size; i++) { + retval[i] = (Reason) result.elementAt(i); + } + return retval; + } + + public static final Reason UNUSED = new Reason("unused", (byte) 0x80); + public static final Reason KEY_COMPROMISE = new Reason("keyCompromise", + (byte) 0x40); + public static final Reason CA_COMPROMISE = new Reason("cACompromise", + (byte) 0x20); + public static final Reason AFFILIATION_CHANGED = new Reason( + "affiliationChanged", (byte) 0x10); + public static final Reason SUPERSEDED = new Reason("superseded", + (byte) 0x08); + public static final Reason CESSATION_OF_OPERATION = new Reason( + "cessationOfOperation", (byte) 0x04); + public static final Reason CERTIFICATE_HOLD = new Reason( + "certificateHold", (byte) 0x02); } } |