diff options
Diffstat (limited to 'pki/base/util/src/netscape/security/x509/X509CRLImpl.java')
| -rwxr-xr-x | pki/base/util/src/netscape/security/x509/X509CRLImpl.java | 395 |
1 files changed, 194 insertions, 201 deletions
diff --git a/pki/base/util/src/netscape/security/x509/X509CRLImpl.java b/pki/base/util/src/netscape/security/x509/X509CRLImpl.java index a722216a..551e2804 100755 --- a/pki/base/util/src/netscape/security/x509/X509CRLImpl.java +++ b/pki/base/util/src/netscape/security/x509/X509CRLImpl.java @@ -51,19 +51,16 @@ import netscape.security.util.ObjectIdentifier; * An implmentation for X509 CRL (Certificate Revocation List). * <p> * The X.509 v2 CRL format is described below in ASN.1: + * * <pre> * </pre> * <p> - * CertificateList ::= SEQUENCE { - * tbsCertList TBSCertList, - * signatureAlgorithm AlgorithmIdentifier, - * signature BIT STRING } + * CertificateList ::= SEQUENCE { tbsCertList TBSCertList, signatureAlgorithm AlgorithmIdentifier, signature BIT STRING } * <p> - * A good description and profiling is provided in the IETF PKIX WG - * draft, Part I: X.509 Certificate and CRL Profile, - * <draft-ietf-pkix-ipki-part1-06.txt>. + * A good description and profiling is provided in the IETF PKIX WG draft, Part I: X.509 Certificate and CRL Profile, <draft-ietf-pkix-ipki-part1-06.txt>. * <p> * The ASN.1 definition of <code>tbsCertList</code> is: + * * <pre> * TBSCertList ::= SEQUENCE { * version Version OPTIONAL, @@ -82,7 +79,7 @@ import netscape.security.util.ObjectIdentifier; * -- if present, must be v2 * } * </pre> - * + * * @author Hemma Prafullchandra * @version 1.8 * @see X509CRL @@ -90,21 +87,21 @@ import netscape.security.util.ObjectIdentifier; public class X509CRLImpl extends X509CRL { // CRL data, and its envelope - private byte[] signedCRL = null; // DER encoded crl - private byte[] signature = null; // raw signature bits - private byte[] tbsCertList = null; // DER encoded "to-be-signed" CRL - private AlgorithmId sigAlgId; // sig alg in CRL + private byte[] signedCRL = null; // DER encoded crl + private byte[] signature = null; // raw signature bits + private byte[] tbsCertList = null; // DER encoded "to-be-signed" CRL + private AlgorithmId sigAlgId; // sig alg in CRL // crl information - private int version; - private AlgorithmId infoSigAlgId; // sig alg in "to-be-signed" crl - private X500Name issuer; - private Date thisUpdate = null; - private Date nextUpdate = null; -// private static final Hashtable revokedCerts = new Hashtable(); - private Hashtable<BigInteger,RevokedCertificate> revokedCerts = new Hashtable<BigInteger, RevokedCertificate>(); -// private static CRLExtensions extensions = null; - private CRLExtensions extensions = null; + private int version; + private AlgorithmId infoSigAlgId; // sig alg in "to-be-signed" crl + private X500Name issuer; + private Date thisUpdate = null; + private Date nextUpdate = null; + // private static final Hashtable revokedCerts = new Hashtable(); + private Hashtable<BigInteger, RevokedCertificate> revokedCerts = new Hashtable<BigInteger, RevokedCertificate>(); + // private static CRLExtensions extensions = null; + private CRLExtensions extensions = null; private boolean entriesIncluded = true; private final static boolean isExplicit = true; @@ -112,17 +109,17 @@ public class X509CRLImpl extends X509CRL { /** * Unmarshals an X.509 CRL from its encoded form, parsing the encoded - * bytes. This form of constructor is used by agents which + * bytes. This form of constructor is used by agents which * need to examine and use CRL contents. Note that the buffer * must include only one CRL, and no "garbage" may be left at * the end. - * + * * @param crlData the encoded bytes, with no trailing padding. * @exception CRLException on parsing errors. * @exception X509ExtensionException on extension handling errors. */ public X509CRLImpl(byte[] crlData) - throws CRLException, X509ExtensionException { + throws CRLException, X509ExtensionException { try { DerValue in = new DerValue(crlData); @@ -134,7 +131,7 @@ public class X509CRLImpl extends X509CRL { } public X509CRLImpl(byte[] crlData, boolean includeEntries) - throws CRLException, X509ExtensionException { + throws CRLException, X509ExtensionException { try { entriesIncluded = includeEntries; DerValue in = new DerValue(crlData); @@ -149,13 +146,13 @@ public class X509CRLImpl extends X509CRL { /** * Unmarshals an X.509 CRL from an input stream. Only one CRL * is expected at the end of the input stream. - * + * * @param inStrm an input stream holding at least one CRL * @exception CRLException on parsing errors. * @exception X509ExtensionException on extension handling errors. */ public X509CRLImpl(InputStream inStrm) - throws CRLException, X509ExtensionException { + throws CRLException, X509ExtensionException { try { DerValue val = new DerValue(inStrm); @@ -168,7 +165,7 @@ public class X509CRLImpl extends X509CRL { /** * Initial CRL constructor, no revoked certs, and no extensions. - * + * * @param issuer the name of the CA issuing this CRL. * @param thisUpdate the Date of this issue. * @param nextUpdate the Date of the next CRL. @@ -181,18 +178,18 @@ public class X509CRLImpl extends X509CRL { /** * CRL constructor, revoked certs, no extensions. - * + * * @param issuer the name of the CA issuing this CRL. * @param thisUpdate the Date of this issue. * @param nextUpdate the Date of the next CRL. * @param badCerts the array of revoked certificates. - * + * * @exception CRLException on parsing/construction errors. * @exception X509ExtensionException on extension handling errors. */ public X509CRLImpl(X500Name issuer, Date thisDate, Date nextDate, RevokedCertificate[] badCerts) - throws CRLException, X509ExtensionException { + throws CRLException, X509ExtensionException { this.issuer = issuer; this.thisUpdate = thisDate; this.nextUpdate = nextDate; @@ -205,19 +202,19 @@ public class X509CRLImpl extends X509CRL { /** * CRL constructor, revoked certs and extensions. - * + * * @param issuer the name of the CA issuing this CRL. * @param thisUpdate the Date of this issue. * @param nextUpdate the Date of the next CRL. * @param badCerts the array of revoked certificates. * @param crlExts the CRL extensions. - * + * * @exception CRLException on parsing/construction errors. * @exception X509ExtensionException on extension handling errors. */ public X509CRLImpl(X500Name issuer, Date thisDate, Date nextDate, RevokedCertificate[] badCerts, CRLExtensions crlExts) - throws CRLException, X509ExtensionException { + throws CRLException, X509ExtensionException { this.issuer = issuer; this.thisUpdate = thisDate; this.nextUpdate = nextDate; @@ -237,13 +234,12 @@ public class X509CRLImpl extends X509CRL { } } - /** * CRL constructor, revoked certs and extensions. * This will be used by code that constructs CRL and uses * encodeInfo() in order to sign it using external means * (other than sign() method) - * + * * @param issuer the name of the CA issuing this CRL. * @param sigAlg signing algorithm id * @param thisUpdate the Date of this issue. @@ -253,29 +249,28 @@ public class X509CRLImpl extends X509CRL { */ public X509CRLImpl(X500Name issuer, AlgorithmId algId, Date thisDate, Date nextDate, RevokedCertificate[] badCerts, CRLExtensions crlExts) - throws CRLException, X509ExtensionException { - this(issuer,thisDate,nextDate,badCerts,crlExts); + throws CRLException, X509ExtensionException { + this(issuer, thisDate, nextDate, badCerts, crlExts); infoSigAlgId = algId; } - /** * CRL constructor, revoked certs and extensions. - * + * * @param issuer the name of the CA issuing this CRL. * @param sigAlg signing algorithm id * @param thisUpdate the Date of this issue. * @param nextUpdate the Date of the next CRL. * @param badCerts the hashtable of revoked certificates. * @param crlExts the CRL extensions. - * + * * @exception CRLException on parsing/construction errors. * @exception X509ExtensionException on extension handling errors. */ public X509CRLImpl(X500Name issuer, AlgorithmId algId, Date thisDate, Date nextDate, - Hashtable<BigInteger,RevokedCertificate> badCerts, CRLExtensions crlExts) - throws CRLException, X509ExtensionException { + Hashtable<BigInteger, RevokedCertificate> badCerts, CRLExtensions crlExts) + throws CRLException, X509ExtensionException { this.issuer = issuer; this.thisUpdate = thisDate; this.nextUpdate = nextDate; @@ -287,10 +282,9 @@ public class X509CRLImpl extends X509CRL { infoSigAlgId = algId; } - /** * Returns the ASN.1 DER encoded form of this CRL. - * + * * @exception CRLException if an encoding error occurs. */ public byte[] getEncoded() throws CRLException { @@ -303,7 +297,7 @@ public class X509CRLImpl extends X509CRL { /** * Returns true if signedCRL was set. - * + * * @param byte array of containing signed CRL. */ public boolean setSignedCRL(byte[] crl) { @@ -316,20 +310,20 @@ public class X509CRLImpl extends X509CRL { return done; } - public boolean hasUnsupportedCriticalExtension() { - // XXX NOT IMPLEMENTED - return true; - } + public boolean hasUnsupportedCriticalExtension() { + // XXX NOT IMPLEMENTED + return true; + } /** * Encodes the "to-be-signed" CRL to the OutputStream. - * + * * @param out the OutputStream to write to. * @exception CRLException on encoding errors. * @exception X509ExtensionException on extension encoding errors. */ public void encodeInfo(OutputStream out) - throws CRLException, X509ExtensionException { + throws CRLException, X509ExtensionException { try { DerOutputStream tmp = new DerOutputStream(); DerOutputStream rCerts = new DerOutputStream(); @@ -346,10 +340,9 @@ public class X509CRLImpl extends X509CRL { if (nextUpdate != null) tmp.putUTCTime(nextUpdate); - if (! revokedCerts.isEmpty()) { - for (Enumeration<RevokedCertificate> e = revokedCerts.elements(); - e.hasMoreElements();) - ((RevokedCertImpl)e.nextElement()).encode(rCerts); + if (!revokedCerts.isEmpty()) { + for (Enumeration<RevokedCertificate> e = revokedCerts.elements(); e.hasMoreElements();) + ((RevokedCertImpl) e.nextElement()).encode(rCerts); tmp.write(DerValue.tag_Sequence, rCerts); } @@ -361,26 +354,26 @@ public class X509CRLImpl extends X509CRL { tbsCertList = seq.toByteArray(); out.write(tbsCertList); } catch (IOException e) { - throw new CRLException("Encoding error: " + e.getMessage()); + throw new CRLException("Encoding error: " + e.getMessage()); } } /** * Verifies that this CRL was signed using the * private key that corresponds to the specified public key. - * + * * @param key the PublicKey used to carry out the verification. - * + * * @exception NoSuchAlgorithmException on unsupported signature - * algorithms. + * algorithms. * @exception InvalidKeyException on incorrect key. * @exception NoSuchProviderException if there's no default provider. * @exception SignatureException on signature errors. * @exception CRLException on encoding errors. */ public void verify(PublicKey key) - throws CRLException, NoSuchAlgorithmException, InvalidKeyException, - NoSuchProviderException, SignatureException { + throws CRLException, NoSuchAlgorithmException, InvalidKeyException, + NoSuchProviderException, SignatureException { verify(key, null); } @@ -389,36 +382,36 @@ public class X509CRLImpl extends X509CRL { * private key that corresponds to the specified public key, * and that the signature verification was computed by * the given provider. - * + * * @param key the PublicKey used to carry out the verification. * @param sigProvider the name of the signature provider. - * + * * @exception NoSuchAlgorithmException on unsupported signature - * algorithms. + * algorithms. * @exception InvalidKeyException on incorrect key. * @exception NoSuchProviderException on incorrect provider. * @exception SignatureException on signature errors. * @exception CRLException on encoding errors. */ public void verify(PublicKey key, String sigProvider) - throws CRLException, NoSuchAlgorithmException, InvalidKeyException, - NoSuchProviderException, SignatureException { + throws CRLException, NoSuchAlgorithmException, InvalidKeyException, + NoSuchProviderException, SignatureException { if (signedCRL == null) { throw new CRLException("Uninitialized CRL"); } - Signature sigVerf = null; + Signature sigVerf = null; String sigAlg = sigAlgId.getName(); if (sigProvider.equals("Mozilla-JSS")) { - if (sigAlg.equals("MD5withRSA")) { - sigAlg = "MD5/RSA"; - } else if (sigAlg.equals("MD2withRSA")) { - sigAlg = "MD2/RSA"; - } else if (sigAlg.equals("SHA1withRSA")) { - sigAlg = "SHA1/RSA"; - } else if (sigAlg.equals("SHA1withDSA")) { - sigAlg = "SHA1/DSA"; - } + if (sigAlg.equals("MD5withRSA")) { + sigAlg = "MD5/RSA"; + } else if (sigAlg.equals("MD2withRSA")) { + sigAlg = "MD2/RSA"; + } else if (sigAlg.equals("SHA1withRSA")) { + sigAlg = "SHA1/RSA"; + } else if (sigAlg.equals("SHA1withDSA")) { + sigAlg = "SHA1/DSA"; + } } sigVerf = Signature.getInstance(sigAlg, sigProvider); sigVerf.initVerify(key); @@ -436,12 +429,12 @@ public class X509CRLImpl extends X509CRL { /** * Encodes an X.509 CRL, and signs it using the key * passed. - * + * * @param key the private key used for signing. * @param algorithm the name of the signature algorithm used. - * + * * @exception NoSuchAlgorithmException on unsupported signature - * algorithms. + * algorithms. * @exception InvalidKeyException on incorrect key. * @exception NoSuchProviderException on incorrect provider. * @exception SignatureException on signature errors. @@ -449,21 +442,21 @@ public class X509CRLImpl extends X509CRL { * @exception X509ExtensionException on any extension errors. */ public void sign(PrivateKey key, String algorithm) - throws CRLException, NoSuchAlgorithmException, InvalidKeyException, - NoSuchProviderException, SignatureException, X509ExtensionException { + throws CRLException, NoSuchAlgorithmException, InvalidKeyException, + NoSuchProviderException, SignatureException, X509ExtensionException { sign(key, algorithm, null); } /** * Encodes an X.509 CRL, and signs it using the key * passed. - * + * * @param key the private key used for signing. * @param algorithm the name of the signature algorithm used. * @param provider the name of the provider. - * + * * @exception NoSuchAlgorithmException on unsupported signature - * algorithms. + * algorithms. * @exception InvalidKeyException on incorrect key. * @exception NoSuchProviderException on incorrect provider. * @exception SignatureException on signature errors. @@ -471,8 +464,8 @@ public class X509CRLImpl extends X509CRL { * @exception X509ExtensionException on any extension errors. */ public void sign(PrivateKey key, String algorithm, String provider) - throws CRLException, NoSuchAlgorithmException, InvalidKeyException, - NoSuchProviderException, SignatureException, X509ExtensionException { + throws CRLException, NoSuchAlgorithmException, InvalidKeyException, + NoSuchProviderException, SignatureException, X509ExtensionException { try { if (readOnly) throw new CRLException("cannot over-write existing CRL"); @@ -484,7 +477,7 @@ public class X509CRLImpl extends X509CRL { sigEngine.initSign(key); - // in case the name is reset + // in case the name is reset sigAlgId = AlgorithmId.get(sigEngine.getAlgorithm()); infoSigAlgId = sigAlgId; @@ -515,12 +508,12 @@ public class X509CRLImpl extends X509CRL { /** * Returns a printable string of this CRL. - * + * * @return value of this CRL in a printable form. */ public String toString() { StringBuffer sb = new StringBuffer(); - sb.append("X.509 CRL v" + (version+1) + "\n"); + sb.append("X.509 CRL v" + (version + 1) + "\n"); sb.append("Signature Algorithm: " + sigAlgId.toString() + ", OID=" + (sigAlgId.getOID()).toString() + "\n"); sb.append("Issuer: " + issuer.toString() + "\n"); @@ -531,19 +524,18 @@ public class X509CRLImpl extends X509CRL { sb.append("\nNO certificates have been revoked\n"); else { sb.append("\nRevoked Certificates:\n"); - for (Enumeration<RevokedCertificate> e = revokedCerts.elements(); - e.hasMoreElements();) - sb.append(((RevokedCertificate)e.nextElement()).toString()); + for (Enumeration<RevokedCertificate> e = revokedCerts.elements(); e.hasMoreElements();) + sb.append(((RevokedCertificate) e.nextElement()).toString()); } if (extensions != null) { for (int i = 0; i < extensions.size(); i++) { sb.append("\nCRL Extension[" + i + "]: " + - ((Extension)(extensions.elementAt(i))).toString()); + ((Extension) (extensions.elementAt(i))).toString()); } } - netscape.security.util.PrettyPrintFormat pp = - new netscape.security.util.PrettyPrintFormat(" ", 20); - String signaturebits = pp.toHexString(signature); + netscape.security.util.PrettyPrintFormat pp = + new netscape.security.util.PrettyPrintFormat(" ", 20); + String signaturebits = pp.toHexString(signature); sb.append("\nSignature:\n" + signaturebits); return sb.toString(); @@ -551,10 +543,10 @@ public class X509CRLImpl extends X509CRL { /** * Checks whether the given serial number is on this CRL. - * + * * @param serialNumber the number to check for. * @return true if the given serial number is on this CRL, - * false otherwise. + * false otherwise. */ public boolean isRevoked(BigInteger serialNumber) { if (revokedCerts == null || revokedCerts.isEmpty()) @@ -562,24 +554,26 @@ public class X509CRLImpl extends X509CRL { return revokedCerts.containsKey(serialNumber); } - public boolean isRevoked(Certificate cert) { - if (cert == null) - return false; - if (cert instanceof X509Certificate) { - return isRevoked(((X509Certificate)cert).getSerialNumber()); - } else { - return false; - } - } + public boolean isRevoked(Certificate cert) { + if (cert == null) + return false; + if (cert instanceof X509Certificate) { + return isRevoked(((X509Certificate) cert).getSerialNumber()); + } else { + return false; + } + } /** * Gets the version number from the CRL. * The ASN.1 definition for this is: + * * <pre> * Version ::= INTEGER { v1(0), v2(1), v3(2) } * -- v3 does not apply to CRLs but appears for consistency * -- with definition of Version for certs * </pre> + * * @return the version number. */ public int getVersion() { @@ -592,36 +586,39 @@ public class X509CRLImpl extends X509CRL { * issued the CRL). The issuer name field contains an * X.500 distinguished name (DN). * The ASN.1 definition for this is: + * * <pre> * issuer Name - * + * * Name ::= CHOICE { RDNSequence } * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName * RelativeDistinguishedName ::= * SET OF AttributeValueAssertion - * + * * AttributeValueAssertion ::= SEQUENCE { * AttributeType, * AttributeValue } * AttributeType ::= OBJECT IDENTIFIER * AttributeValue ::= ANY * </pre> + * * The Name describes a hierarchical name composed of attributes, * such as country name, and corresponding values, such as US. * The type of the component AttributeValue is determined by the * AttributeType; in general it will be a directoryString. * A directoryString is usually one of PrintableString, * TeletexString or UniversalString. + * * @return the issuer name. */ public Principal getIssuerDN() { - return (Principal)issuer; + return (Principal) issuer; } /** * Gets the thisUpdate date from the CRL. * The ASN.1 definition for this is: - * + * * @return the thisUpdate date from the CRL. */ public Date getThisUpdate() { @@ -630,9 +627,9 @@ public class X509CRLImpl extends X509CRL { /** * Gets the nextUpdate date from the CRL. - * + * * @return the nextUpdate date from the CRL, or null if - * not present. + * not present. */ public Date getNextUpdate() { if (nextUpdate == null) @@ -643,25 +640,25 @@ public class X509CRLImpl extends X509CRL { /** * Get the revoked certificate from the CRL by the serial * number provided. - * + * * @return the revoked certificate or null if there is - * no entry in the CRL marked with the provided serial number. + * no entry in the CRL marked with the provided serial number. * @see RevokedCertificate */ public X509CRLEntry getRevokedCertificate(BigInteger serialNumber) { if (revokedCerts == null || revokedCerts.isEmpty()) return null; RevokedCertificate badCert = - (RevokedCertificate)revokedCerts.get(serialNumber); + (RevokedCertificate) revokedCerts.get(serialNumber); return badCert; } /** * Gets all the revoked certificates from the CRL. * A Set of RevokedCertificate. - * + * * @return all the revoked certificates or null if there are - * none. + * none. * @see RevokedCertificate */ public Set<RevokedCertificate> getRevokedCertificates() { @@ -674,11 +671,11 @@ public class X509CRLImpl extends X509CRL { } @SuppressWarnings("unchecked") - public Hashtable<BigInteger,RevokedCertificate> getListOfRevokedCertificates() { - if (revokedCerts == null){ + public Hashtable<BigInteger, RevokedCertificate> getListOfRevokedCertificates() { + if (revokedCerts == null) { return null; - }else{ - return (Hashtable<BigInteger,RevokedCertificate>)revokedCerts.clone(); + } else { + return (Hashtable<BigInteger, RevokedCertificate>) revokedCerts.clone(); } } @@ -690,16 +687,15 @@ public class X509CRLImpl extends X509CRL { } /** - * Gets the DER encoded CRL information, the - * <code>tbsCertList</code> from this CRL. + * Gets the DER encoded CRL information, the <code>tbsCertList</code> from this CRL. * This can be used to verify the signature independently. - * + * * @return the DER encoded CRL information. * @exception CRLException on parsing errors. * @exception X509ExtensionException on extension parsing errors. */ public byte[] getTBSCertList() - throws CRLException { + throws CRLException { if (tbsCertList == null) throw new CRLException("Uninitialized CRL"); byte[] dup = new byte[tbsCertList.length]; @@ -709,7 +705,7 @@ public class X509CRLImpl extends X509CRL { /** * Gets the raw Signature bits from the CRL. - * + * * @return the signature. */ public byte[] getSignature() { @@ -722,7 +718,7 @@ public class X509CRLImpl extends X509CRL { /** * Returns true if signature was set. - * + * * @param byte array of containing CRL signature. */ public boolean setSignature(byte[] crlSignature) { @@ -739,6 +735,7 @@ public class X509CRLImpl extends X509CRL { * Gets the signature algorithm name for the CRL * signature algorithm. For example, the string "SHA1withDSA". * The ASN.1 definition for this is: + * * <pre> * AlgorithmIdentifier ::= SEQUENCE { * algorithm OBJECT IDENTIFIER, @@ -747,13 +744,13 @@ public class X509CRLImpl extends X509CRL { * -- registered for use with the * -- algorithm object identifier value * </pre> - * + * * @return the signature algorithm name. */ public String getSigAlgName() { if (sigAlgId == null) return null; - return sigAlgId.getName(); + return sigAlgId.getName(); } /** @@ -763,14 +760,14 @@ public class X509CRLImpl extends X509CRL { * <positive whole number>.<positive whole number>.<...> * For example, the string "1.2.840.10040.4.3" identifies the SHA-1 * with DSA signature algorithm, as per the PKIX part I. - * + * * @return the signature algorithm oid string. */ public String getSigAlgOID() { if (sigAlgId == null) return null; - ObjectIdentifier oid = sigAlgId.getOID(); - return oid.toString(); + ObjectIdentifier oid = sigAlgId.getOID(); + return oid.toString(); } /** @@ -778,37 +775,36 @@ public class X509CRLImpl extends X509CRL { * CRL's signature algorithm. In most cases, the signature * algorithm parameters are null, the parameters are usually * supplied with the Public Key. - * + * * @return the DER encoded signature algorithm parameters, or * null if no parameters are present. */ public byte[] getSigAlgParams() { if (sigAlgId == null) return null; - try { - return sigAlgId.getEncodedParams(); - } catch (IOException e) { + try { + return sigAlgId.getEncodedParams(); + } catch (IOException e) { return null; - } + } } /** * Gets a Set of the extension(s) marked CRITICAL in the * CRL by OID strings. - * + * * @return a set of the extension oid strings in the - * CRL that are marked critical. + * CRL that are marked critical. */ public Set<String> getCriticalExtensionOIDs() { if (extensions == null) return null; Set<String> extSet = new LinkedHashSet<String>(); Extension ex; - for (Enumeration<Extension> e = extensions.getElements(); - e.hasMoreElements();) { - ex = e.nextElement(); - if (ex.isCritical()){ - extSet.add(((ObjectIdentifier)ex.getExtensionId()).toString()); + for (Enumeration<Extension> e = extensions.getElements(); e.hasMoreElements();) { + ex = e.nextElement(); + if (ex.isCritical()) { + extSet.add(((ObjectIdentifier) ex.getExtensionId()).toString()); } } return extSet; @@ -817,21 +813,20 @@ public class X509CRLImpl extends X509CRL { /** * Gets a Set of the extension(s) marked NON-CRITICAL in the * CRL by OID strings. - * + * * @return a set of the extension oid strings in the - * CRL that are NOT marked critical. + * CRL that are NOT marked critical. */ public Set<String> getNonCriticalExtensionOIDs() { if (extensions == null) return null; Set<String> extSet = new LinkedHashSet<String>(); Extension ex; - for (Enumeration<Extension> e = extensions.getElements(); - e.hasMoreElements();) { + for (Enumeration<Extension> e = extensions.getElements(); e.hasMoreElements();) { ex = e.nextElement(); - if ( ! ex.isCritical()) - extSet.add(((ObjectIdentifier)ex.getExtensionId()).toString()); - } + if (!ex.isCritical()) + extSet.add(((ObjectIdentifier) ex.getExtensionId()).toString()); + } return extSet; } @@ -842,23 +837,22 @@ public class X509CRLImpl extends X509CRL { * represented by a set of positive whole number separated * by ".", that means,<br> * <positive whole number>.<positive whole number>.<...> - * + * * @param oid the Object Identifier value for the extension. * @return the der encoded octet string of the extension value. */ public byte[] getExtensionValue(String oid) { if (extensions == null) return null; - try { - String extAlias = OIDMap.getName(new ObjectIdentifier(oid)); + try { + String extAlias = OIDMap.getName(new ObjectIdentifier(oid)); Extension crlExt = null; if (extAlias == null) { // may be unknown ObjectIdentifier findOID = new ObjectIdentifier(oid); Extension ex = null; ObjectIdentifier inCertOID; - for (Enumeration<Extension> e=extensions.getElements(); - e.hasMoreElements();) { + for (Enumeration<Extension> e = extensions.getElements(); e.hasMoreElements();) { ex = e.nextElement(); inCertOID = ex.getExtensionId(); if (inCertOID.equals(findOID)) { @@ -868,35 +862,35 @@ public class X509CRLImpl extends X509CRL { } } else crlExt = extensions.get(extAlias); - if (crlExt == null) + if (crlExt == null) return null; - byte[] extData = crlExt.getExtensionValue(); + byte[] extData = crlExt.getExtensionValue(); if (extData == null) return null; - DerOutputStream out = new DerOutputStream(); - out.putOctetString(extData); + DerOutputStream out = new DerOutputStream(); + out.putOctetString(extData); return out.toByteArray(); } catch (Exception e) { return null; - } + } } public BigInteger getCRLNumber() { - try { - CRLExtensions exts = getExtensions(); - if (exts == null) - return null; - Enumeration<Extension> e = exts.getElements(); - while (e.hasMoreElements()) { - Extension ext = (Extension)e.nextElement(); - if (ext instanceof CRLNumberExtension) { - CRLNumberExtension numExt = (CRLNumberExtension)ext; - return (BigInteger)numExt.get(CRLNumberExtension.NUMBER); - } + try { + CRLExtensions exts = getExtensions(); + if (exts == null) + return null; + Enumeration<Extension> e = exts.getElements(); + while (e.hasMoreElements()) { + Extension ext = (Extension) e.nextElement(); + if (ext instanceof CRLNumberExtension) { + CRLNumberExtension numExt = (CRLNumberExtension) ext; + return (BigInteger) numExt.get(CRLNumberExtension.NUMBER); + } + } + } catch (Exception e) { } - } catch (Exception e) { - } - return null; + return null; } public BigInteger getDeltaBaseCRLNumber() { @@ -906,10 +900,10 @@ public class X509CRLImpl extends X509CRL { return null; Enumeration<Extension> e = exts.getElements(); while (e.hasMoreElements()) { - Extension ext = (Extension)e.nextElement(); + Extension ext = (Extension) e.nextElement(); if (ext instanceof DeltaCRLIndicatorExtension) { - DeltaCRLIndicatorExtension numExt = (DeltaCRLIndicatorExtension)ext; - return (BigInteger)numExt.get(DeltaCRLIndicatorExtension.NUMBER); + DeltaCRLIndicatorExtension numExt = (DeltaCRLIndicatorExtension) ext; + return (BigInteger) numExt.get(DeltaCRLIndicatorExtension.NUMBER); } } } catch (Exception e) { @@ -924,7 +918,7 @@ public class X509CRLImpl extends X509CRL { return false; Enumeration<Extension> e = exts.getElements(); while (e.hasMoreElements()) { - Extension ext = (Extension)e.nextElement(); + Extension ext = (Extension) e.nextElement(); if (ext instanceof DeltaCRLIndicatorExtension) { return true; } @@ -936,7 +930,7 @@ public class X509CRLImpl extends X509CRL { /** * Returns extensions for this impl. - * + * * @param extn CRLExtensions */ public CRLExtensions getExtensions() { @@ -947,18 +941,17 @@ public class X509CRLImpl extends X509CRL { return entriesIncluded; } - /*********************************************************************/ /* * Parses an X.509 CRL, should be used only by constructors. */ private void parse(DerValue val) - throws CRLException, IOException, X509ExtensionException { + throws CRLException, IOException, X509ExtensionException { parse(val, true); } private void parse(DerValue val, boolean includeEntries) - throws CRLException, IOException, X509ExtensionException { + throws CRLException, IOException, X509ExtensionException { // check if can over write the certificate if (readOnly) throw new CRLException("cannot over-write existing CRL"); @@ -991,22 +984,22 @@ public class X509CRLImpl extends X509CRL { // parse the information DerInputStream derStrm = seq[0].data; - DerValue tmp; - byte nextByte; + DerValue tmp; + byte nextByte; // version (optional if v1) - version = 0; // by default, version = v1 == 0 - nextByte = (byte)derStrm.peekByte(); + version = 0; // by default, version = v1 == 0 + nextByte = (byte) derStrm.peekByte(); if (nextByte == DerValue.tag_Integer) { version = derStrm.getInteger().toInt(); - if (version != 1) // i.e. v2 + if (version != 1) // i.e. v2 throw new CRLException("Invalid version"); } tmp = derStrm.getDerValue(); // signature { AlgorithmId tmpId = AlgorithmId.parse(tmp); - if (! tmpId.equals(sigAlgId)) + if (!tmpId.equals(sigAlgId)) throw new CRLException("Signature algorithm mismatch"); infoSigAlgId = tmpId; @@ -1017,7 +1010,7 @@ public class X509CRLImpl extends X509CRL { // thisUpdate // check if UTCTime encoded or GeneralizedTime - nextByte = (byte)derStrm.peekByte(); + nextByte = (byte) derStrm.peekByte(); if (nextByte == DerValue.tag_UtcTime) { thisUpdate = derStrm.getUTCTime(); } else if (nextByte == DerValue.tag_GeneralizedTime) { @@ -1028,10 +1021,10 @@ public class X509CRLImpl extends X509CRL { } if (derStrm.available() == 0) - return; // done parsing no more optional fields present + return; // done parsing no more optional fields present // nextUpdate (optional) - nextByte = (byte)derStrm.peekByte(); + nextByte = (byte) derStrm.peekByte(); if (nextByte == DerValue.tag_UtcTime) { nextUpdate = derStrm.getUTCTime(); } else if (nextByte == DerValue.tag_GeneralizedTime) { @@ -1039,22 +1032,22 @@ public class X509CRLImpl extends X509CRL { } // else it is not present if (derStrm.available() == 0) - return; // done parsing no more optional fields present + return; // done parsing no more optional fields present // revokedCertificates (optional) - nextByte = (byte)derStrm.peekByte(); + nextByte = (byte) derStrm.peekByte(); if ((nextByte == DerValue.tag_SequenceOf) - && (! ((nextByte & 0x0c0) == 0x080))) { + && (!((nextByte & 0x0c0) == 0x080))) { if (includeEntries) { DerValue[] badCerts = derStrm.getSequence(4); for (int i = 0; i < badCerts.length; i++) { RevokedCertImpl entry = new RevokedCertImpl(badCerts[i]); if (entry.hasExtensions() && (version == 0)) throw new CRLException("Invalid encoding, extensions" + - " not supported in CRL v1 entries."); + " not supported in CRL v1 entries."); revokedCerts.put(entry.getSerialNumber(), - (RevokedCertificate)entry); + (RevokedCertificate) entry); } } else { derStrm.skipSequence(4); @@ -1062,11 +1055,11 @@ public class X509CRLImpl extends X509CRL { } if (derStrm.available() == 0) - return; // done parsing no extensions + return; // done parsing no extensions // crlExtensions (optional) tmp = derStrm.getDerValue(); - if (tmp.isConstructed() && tmp.isContextSpecific((byte)0)) { + if (tmp.isConstructed() && tmp.isContextSpecific((byte) 0)) { if (version == 0) throw new CRLException("Invalid encoding, extensions not" + " supported in CRL v1."); |