pki/base/common/src/com/netscape/cmscore/authentication/VerifiedCerts.java


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161

// --- BEGIN COPYRIGHT BLOCK ---
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation; version 2 of the License.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License along
// with this program; if not, write to the Free Software Foundation, Inc.,
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
//
// (C) 2007 Red Hat, Inc.
// All rights reserved.
// --- END COPYRIGHT BLOCK ---
package com.netscape.cmscore.authentication;


import java.util.*;
import java.math.BigInteger;
import netscape.security.x509.*;


/** 
 * class storing verified certificates.
 *
 * @version $Revision$, $Date$
 */

public class VerifiedCerts {

    /* the value type of the dn component */
    private int mFirst = 0;
    private int mLast = 0;
    private int mNext = 0;
    private VerifiedCert[] mVCerts = null;
    private long mInterval = 0;
    private long mUnknownStateInterval = 0;
 
    /**
     * Constructs verified certiificates list
     */
 
    public VerifiedCerts(int size, long interval) {
        mVCerts = new VerifiedCert[size];
        mInterval = interval;
        mUnknownStateInterval = interval;
    }

    public VerifiedCerts(int size, long interval, long unknownStateInterval) {
        mVCerts = new VerifiedCert[size];
        mInterval = interval;
        mUnknownStateInterval = unknownStateInterval;
    }

    public void update(X509CertImpl cert, int status) {
        if (cert != null) {
            byte[] certEncoded = null;

            try {
                certEncoded = cert.getEncoded();
            } catch (Exception e) {
            }
            if ((certEncoded != null ||
                    (status == VerifiedCert.CHECKED && mUnknownStateInterval > 0)) 
                && mInterval > 0) {
                update(cert.getSerialNumber(), certEncoded, status);
            }
        }
    }

    public synchronized void update(BigInteger serialNumber, byte[] certEncoded, int status) {
        if ((status == VerifiedCert.NOT_REVOKED ||
                status == VerifiedCert.REVOKED ||
                (status == VerifiedCert.CHECKED && mUnknownStateInterval > 0))
            && mInterval > 0) {
            if (mLast == mNext && mFirst == mNext) { // empty
                mVCerts[mNext] = new VerifiedCert(serialNumber, certEncoded, status);
                mNext = next(mNext);
            } else if (mFirst == mNext) { // full
                mFirst = next(mFirst);
                mVCerts[mNext] = new VerifiedCert(serialNumber, certEncoded, status);
                mLast = mNext;
                mNext = next(mNext);
            } else {
                mVCerts[mNext] = new VerifiedCert(serialNumber, certEncoded, status);
                mLast = mNext;
                mNext = next(mNext);
            }
        }
    }

    public int check(X509CertImpl cert) {
        int status = VerifiedCert.UNKNOWN;
        
        if (mLast != mNext && mInterval > 0) {  // if not empty and
            if (cert != null) {
                byte[] certEncoded = null;

                try {
                    certEncoded = cert.getEncoded();
                } catch (Exception e) {
                }
                if (certEncoded != null) {
                    status = check(cert.getSerialNumber(), certEncoded);
                }
            }
        }

        return status;
    }

    public synchronized int check(BigInteger serialNumber, byte[] certEncoded) {
        int status = VerifiedCert.UNKNOWN;
        int i = mLast;

        if (mVCerts != null && mLast != mNext && mInterval > 0) {  // if not empty and
            while (status == VerifiedCert.UNKNOWN) { 
                if (mVCerts[i] == null) 
                   return status;
                status = mVCerts[i].check(serialNumber, certEncoded,
                            mInterval, mUnknownStateInterval);
                if (status == VerifiedCert.EXPIRED) {
                    if (mFirst == mLast)
                        mNext = mLast;
                    else
                        mFirst = next(i);
                    break;
                } else if (mFirst == i) {
                    break;
                } else {
                    i = previous(i);
                }
            }
            if (status == VerifiedCert.UNKNOWN)
                status = mVCerts[i].check(serialNumber, certEncoded,
                            mInterval, mUnknownStateInterval);
        }

        return status;
    }

    private int next(int i) {
        i++;
        if (i >= mVCerts.length)
            i = 0;

        return i;
    }

    private int previous(int i) {
        if (i <= 0)
            i = mVCerts.length;
        i--;

        return i;
    }
}