diff options
Diffstat (limited to 'pki/base/util/src/netscape/security/x509/FreshestCRLExtension.java')
| -rw-r--r-- | pki/base/util/src/netscape/security/x509/FreshestCRLExtension.java | 352 |
1 files changed, 184 insertions, 168 deletions
diff --git a/pki/base/util/src/netscape/security/x509/FreshestCRLExtension.java b/pki/base/util/src/netscape/security/x509/FreshestCRLExtension.java index 409a5fe9..ac8e2504 100644 --- a/pki/base/util/src/netscape/security/x509/FreshestCRLExtension.java +++ b/pki/base/util/src/netscape/security/x509/FreshestCRLExtension.java @@ -35,21 +35,22 @@ import org.mozilla.jss.asn1.InvalidBERException; import org.mozilla.jss.asn1.SEQUENCE; /** - * An extension that tells applications where to find the latest (freshest) - * delta CRL for this certificate or full CRL. - * + * An extension that tells applications where to find + * the latest (freshest) delta CRL for this certificate + * or full CRL. + * * <pre> * cRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint - * + * * DistributionPoint ::= SEQUENCE { * distributionPoint [0] DistributionPointName OPTIONAL, * reasons [1] ReasonFlags OPTIONAL, * cRLIssuer [2] GeneralNames OPTIONAL } - * + * * DistributionPointName ::= CHOICE { * fullName [0] GeneralNames, * nameRelativeToCRLIssuer [1] RelativeDistinguishedName } - * + * * ReasonFlags ::= BIT STRING { * unused (0), * keyCompromise (1), @@ -60,7 +61,9 @@ import org.mozilla.jss.asn1.SEQUENCE; * certificateHold (6) } * </pre> */ -public class FreshestCRLExtension extends Extension implements CertAttrSet { +public class FreshestCRLExtension extends Extension + implements CertAttrSet +{ /** * @@ -70,13 +73,13 @@ public class FreshestCRLExtension extends Extension implements CertAttrSet { // vector of CRLDistributionPoint private SEQUENCE distributionPoints = new SEQUENCE(); - public FreshestCRLExtension() { + public FreshestCRLExtension() { this.extensionId = PKIXExtensions.FreshestCRL_Id; this.critical = false; } // Cached DER-encoding to improve performance. - private byte[] cachedEncoding = null; + private byte[] cachedEncoding=null; // Attribute name public static final String NAME = "FreshestCRL"; @@ -86,9 +89,9 @@ public class FreshestCRLExtension extends Extension implements CertAttrSet { static { try { - OIDMap.addAttribute(FreshestCRLExtension.class.getName(), OID, NAME); - } catch (CertificateException e) { - } + OIDMap.addAttribute(FreshestCRLExtension.class.getName(), + OID, NAME); + } catch (CertificateException e) {} } /** @@ -97,34 +100,34 @@ public class FreshestCRLExtension extends Extension implements CertAttrSet { * extension. */ public FreshestCRLExtension(Boolean critical, Object value) - // throws IOException + //throws IOException { + try { + this.extensionId = PKIXExtensions.FreshestCRL_Id; + this.critical = critical.booleanValue(); + this.extensionValue = (byte[])((byte[])value).clone(); + + // decode the value try { - this.extensionId = PKIXExtensions.FreshestCRL_Id; - this.critical = critical.booleanValue(); - this.extensionValue = (byte[]) ((byte[]) value).clone(); - - // decode the value - try { - SEQUENCE.OF_Template seqOfCRLDP = new SEQUENCE.OF_Template( - CRLDistributionPoint.getTemplate()); - - distributionPoints = (SEQUENCE) ASN1Util.decode(seqOfCRLDP, - extensionValue); - } catch (InvalidBERException e) { - throw new IOException("Invalid BER-encoding: " + e.toString()); - } - } catch (IOException e) { - System.out.println("Big error"); - System.out.println(e); - e.printStackTrace(); - // throw e; + SEQUENCE.OF_Template seqOfCRLDP = + new SEQUENCE.OF_Template( CRLDistributionPoint.getTemplate() ); + + distributionPoints = + (SEQUENCE) ASN1Util.decode( seqOfCRLDP, extensionValue ); + } catch(InvalidBERException e) { + throw new IOException("Invalid BER-encoding: " + e.toString()); } + } catch(IOException e) { + System.out.println("Big error"); + System.out.println(e); + e.printStackTrace(); + //throw e; + } } /** - * Creates a new FreshestCRL extension, with the given distribution point as - * the first element. + * Creates a new FreshestCRL extension, with the given + * distribution point as the first element. */ public FreshestCRLExtension(CRLDistributionPoint dp) { this.extensionId = PKIXExtensions.FreshestCRL_Id; @@ -154,18 +157,20 @@ public class FreshestCRLExtension extends Extension implements CertAttrSet { return (CRLDistributionPoint) distributionPoints.elementAt(index); } - /** - * Sets the criticality of this extension. PKIX dictates that this extension - * SHOULD NOT be critical, so applications can make it critical if they have - * a very good reason. By default, the extension is not critical. + /** + * Sets the criticality of this extension. PKIX dictates that this + * extension SHOULD NOT be critical, so applications can make it critical + * if they have a very good reason. By default, the extension is not + * critical. */ public void setCritical(boolean critical) { this.critical = critical; } /** - * Encodes this extension to the given DerOutputStream. This method - * re-encodes each time it is called, so it is not very efficient. + * Encodes this extension to the given DerOutputStream. + * This method re-encodes each time it is called, so it is not very + * efficient. */ public void encode(DerOutputStream out) throws IOException { extensionValue = ASN1Util.encode(distributionPoints); @@ -173,19 +178,19 @@ public class FreshestCRLExtension extends Extension implements CertAttrSet { } /** - * Should be called if any change is made to this data structure so that the - * cached DER encoding can be discarded. + * Should be called if any change is made to this data structure + * so that the cached DER encoding can be discarded. */ public void flushCachedEncoding() { cachedEncoding = null; } - // /////////////////////////////////////////////////////////// + ///////////////////////////////////////////////////////////// // CertAttrSet interface // This interface is not really appropriate for this extension // because it is so complicated. Therefore, we only provide a // minimal implementation. - // /////////////////////////////////////////////////////////// + ///////////////////////////////////////////////////////////// public String toString() { return NAME; } @@ -193,9 +198,10 @@ public class FreshestCRLExtension extends Extension implements CertAttrSet { /** * DER-encodes this extension to the given OutputStream. */ - public void encode(OutputStream ostream) throws CertificateException, - IOException { - if (cachedEncoding == null) { + public void encode(OutputStream ostream) + throws CertificateException, IOException + { + if( cachedEncoding == null ) { // only re-encode if necessary DerOutputStream tmp = new DerOutputStream(); encode(tmp); @@ -204,30 +210,38 @@ public class FreshestCRLExtension extends Extension implements CertAttrSet { ostream.write(cachedEncoding); } - public void decode(InputStream in) throws CertificateException, IOException { + public void decode(InputStream in) + throws CertificateException, IOException + { throw new IOException("Not supported"); } - public void set(String name, Object obj) throws CertificateException, - IOException { - throw new IOException("Attribute name not recognized by " - + "CertAttrSet:FreshestCRLExtension"); + public void set(String name, Object obj) + throws CertificateException, IOException + { + throw new IOException("Attribute name not recognized by " + + "CertAttrSet:FreshestCRLExtension"); } - public Object get(String name) throws CertificateException, IOException { - throw new IOException("Attribute name not recognized by " - + "CertAttrSet:FreshestCRLExtension"); + public Object get(String name) + throws CertificateException, IOException + { + throw new IOException("Attribute name not recognized by " + + "CertAttrSet:FreshestCRLExtension"); } - public void delete(String name) throws CertificateException, IOException { - throw new IOException("Attribute name not recognized by " - + "CertAttrSet:FreshestCRLExtension"); + public void delete(String name) + throws CertificateException, IOException + { + throw new IOException("Attribute name not recognized by " + + "CertAttrSet:FreshestCRLExtension"); } public Enumeration getElements() { return (new Vector()).elements(); } + public String getName() { return NAME; } @@ -237,61 +251,64 @@ public class FreshestCRLExtension extends Extension implements CertAttrSet { */ public static void main(String args[]) { - try { + try { - if (args.length != 1) { - System.out.println("Usage: FreshestCRLExtentions " - + "<outfile>"); - System.exit(-1); - } - - BufferedOutputStream bos = new BufferedOutputStream( - new FileOutputStream(args[0])); - - // URI only - CRLDistributionPoint cdp = new CRLDistributionPoint(); - URIName uri = new URIName("http://www.mycrl.com/go/here"); - GeneralNames generalNames = new GeneralNames(); - generalNames.addElement(uri); - cdp.setFullName(generalNames); - FreshestCRLExtension crldpExt = new FreshestCRLExtension(cdp); - - // DN only - cdp = new CRLDistributionPoint(); - X500Name dn = new X500Name("CN=Otis Smith,E=otis@fedoraproject.org" - + ",OU=Certificate Server,O=Fedora,C=US"); - generalNames = new GeneralNames(); - generalNames.addElement(dn); - cdp.setFullName(generalNames); - crldpExt.addPoint(cdp); - - // DN + reason - BitArray ba = new BitArray(5, new byte[] { (byte) 0x28 }); - cdp = new CRLDistributionPoint(); - cdp.setFullName(generalNames); - cdp.setReasons(ba); - crldpExt.addPoint(cdp); - - // relative DN + reason + crlIssuer - cdp = new CRLDistributionPoint(); - RDN rdn = new RDN("OU=foobar dept"); - cdp.setRelativeName(rdn); - cdp.setReasons(ba); - cdp.setCRLIssuer(generalNames); - crldpExt.addPoint(cdp); - - crldpExt.setCritical(true); - crldpExt.encode(bos); - - bos.close(); - - } catch (Exception e) { - e.printStackTrace(); + if( args.length != 1 ) { + System.out.println("Usage: FreshestCRLExtentions "+ + "<outfile>"); + System.exit(-1); } + + BufferedOutputStream bos = new BufferedOutputStream( + new FileOutputStream(args[0]) ); + + + // URI only + CRLDistributionPoint cdp = new CRLDistributionPoint(); + URIName uri = new URIName("http://www.mycrl.com/go/here"); + GeneralNames generalNames = new GeneralNames(); + generalNames.addElement(uri); + cdp.setFullName(generalNames); + FreshestCRLExtension crldpExt = + new FreshestCRLExtension(cdp); + + // DN only + cdp = new CRLDistributionPoint(); + X500Name dn = new X500Name("CN=Otis Smith,E=otis@fedoraproject.org"+ + ",OU=Certificate Server,O=Fedora,C=US"); + generalNames = new GeneralNames(); + generalNames.addElement(dn); + cdp.setFullName(generalNames); + crldpExt.addPoint(cdp); + + // DN + reason + BitArray ba = new BitArray(5, new byte[] {(byte)0x28} ); + cdp = new CRLDistributionPoint(); + cdp.setFullName(generalNames); + cdp.setReasons(ba); + crldpExt.addPoint(cdp); + + + // relative DN + reason + crlIssuer + cdp = new CRLDistributionPoint(); + RDN rdn = new RDN("OU=foobar dept"); + cdp.setRelativeName(rdn); + cdp.setReasons(ba); + cdp.setCRLIssuer(generalNames); + crldpExt.addPoint(cdp); + + crldpExt.setCritical(true); + crldpExt.encode(bos); + + bos.close(); + + } catch(Exception e) { + e.printStackTrace(); + } } - /** - * Represents a reason that a cert may be revoked. These reasons are + /** + * Represents a reason that a cert may be revoked. These reasons are * expressed in a ReasonFlags bit string. */ public static class Reason { @@ -299,18 +316,16 @@ public class FreshestCRLExtension extends Extension implements CertAttrSet { private String name; private byte bitMask; - private Reason() { - } - + private Reason() { } private Reason(String name, byte bitMask) { this.name = name; this.bitMask = bitMask; map.put(name, this); - list.addElement(this); + list.addElement(this); } private static Hashtable map = new Hashtable(); - private static Vector list = new Vector(); + private static Vector list = new Vector(); public static Reason fromString(String name) { return (Reason) map.get(name); @@ -324,60 +339,61 @@ public class FreshestCRLExtension extends Extension implements CertAttrSet { return bitMask; } - /** - * Given a bit array representing reason flags, extracts the reasons and - * returns them as an array. - * - * @param bitFlags A bit vector containing reason flags. - * @return An array of reasons contained in the bit vector. May be - * zero-length but will not be null. - */ - public static Reason[] bitArrayToReasonArray(byte bitFlags) { - return bitArrayToReasonArray(new byte[] { bitFlags }); - } - - /** - * Given a bit array representing reason flags, extracts the reasons and - * returns them as an array. Currently, only the first byte of the - * bitflags are examined. - * - * @param bitFlags A bit vector containing reason flags. The format is - * big-endian (MSB first). Only the first byte is examined. - * @return An array of reasons contained in the bit vector. May be - * zero-length but will not be null. - */ - public static Reason[] bitArrayToReasonArray(byte[] bitFlags) { - byte first = bitFlags[0]; - int size = list.size(); - Vector result = new Vector(); - for (int i = 0; i < size; i++) { - Reason r = (Reason) list.elementAt(i); - byte b = r.getBitMask(); - if ((first & b) != 0) { - result.addElement(r); - } - } - size = result.size(); - Reason[] retval = new Reason[size]; - for (int i = 0; i < size; i++) { - retval[i] = (Reason) result.elementAt(i); - } - return retval; - } - - public static final Reason UNUSED = new Reason("unused", (byte) 0x80); - public static final Reason KEY_COMPROMISE = new Reason("keyCompromise", - (byte) 0x40); - public static final Reason CA_COMPROMISE = new Reason("cACompromise", - (byte) 0x20); - public static final Reason AFFILIATION_CHANGED = new Reason( - "affiliationChanged", (byte) 0x10); - public static final Reason SUPERSEDED = new Reason("superseded", - (byte) 0x08); - public static final Reason CESSATION_OF_OPERATION = new Reason( - "cessationOfOperation", (byte) 0x04); - public static final Reason CERTIFICATE_HOLD = new Reason( - "certificateHold", (byte) 0x02); + /** + * Given a bit array representing reason flags, extracts the reasons + * and returns them as an array. + * + * @param bitFlags A bit vector containing reason flags. + * @return An array of reasons contained in the bit vector. + * May be zero-length but will not be null. + */ + public static Reason[] bitArrayToReasonArray(byte bitFlags) { + return bitArrayToReasonArray( new byte[] { bitFlags } ); + } + + /** + * Given a bit array representing reason flags, extracts the reasons + * and returns them as an array. Currently, only the first byte + * of the bitflags are examined. + * + * @param bitFlags A bit vector containing reason flags. The format + * is big-endian (MSB first). Only the first byte is examined. + * @return An array of reasons contained in the bit vector. + * May be zero-length but will not be null. + */ + public static Reason[] bitArrayToReasonArray(byte[] bitFlags) { + byte first = bitFlags[0]; + int size = list.size(); + Vector result = new Vector(); + for(int i = 0; i < size; i++) { + Reason r = (Reason) list.elementAt(i); + byte b = r.getBitMask(); + if( (first & b) != 0 ) { + result.addElement(r); + } + } + size = result.size(); + Reason[] retval = new Reason[size]; + for(int i=0; i < size; i++) { + retval[i] = (Reason) result.elementAt(i); + } + return retval; + } + + public static final Reason UNUSED = + new Reason("unused", (byte) 0x80); + public static final Reason KEY_COMPROMISE = + new Reason("keyCompromise", (byte) 0x40); + public static final Reason CA_COMPROMISE = + new Reason("cACompromise", (byte) 0x20); + public static final Reason AFFILIATION_CHANGED = + new Reason("affiliationChanged", (byte) 0x10); + public static final Reason SUPERSEDED = + new Reason("superseded", (byte) 0x08); + public static final Reason CESSATION_OF_OPERATION = + new Reason("cessationOfOperation", (byte) 0x04); + public static final Reason CERTIFICATE_HOLD = + new Reason("certificateHold", (byte) 0x02); } } |