001    /**
002     *  Licensed to the Apache Software Foundation (ASF) under one or more
003     *  contributor license agreements.  See the NOTICE file distributed with
004     *  this work for additional information regarding copyright ownership.
005     *  The ASF licenses this file to You under the Apache License, Version 2.0
006     *  (the "License"); you may not use this file except in compliance with
007     *  the License.  You may obtain a copy of the License at
008     *
009     *     http://www.apache.org/licenses/LICENSE-2.0
010     *
011     *  Unless required by applicable law or agreed to in writing, software
012     *  distributed under the License is distributed on an "AS IS" BASIS,
013     *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014     *  See the License for the specific language governing permissions and
015     *  limitations under the License.
016     */
017    
018    package org.apache.geronimo.util.asn1.x509;
019    
020    import org.apache.geronimo.util.asn1.ASN1Encodable;
021    import org.apache.geronimo.util.asn1.ASN1Sequence;
022    import org.apache.geronimo.util.asn1.ASN1TaggedObject;
023    import org.apache.geronimo.util.asn1.DERGeneralizedTime;
024    import org.apache.geronimo.util.asn1.DERInteger;
025    import org.apache.geronimo.util.asn1.DERObject;
026    import org.apache.geronimo.util.asn1.DERTaggedObject;
027    import org.apache.geronimo.util.asn1.DERUTCTime;
028    
029    /**
030     * PKIX RFC-2459 - TBSCertList object.
031     * <pre>
032     * TBSCertList  ::=  SEQUENCE  {
033     *      version                 Version OPTIONAL,
034     *                                   -- if present, shall be v2
035     *      signature               AlgorithmIdentifier,
036     *      issuer                  Name,
037     *      thisUpdate              Time,
038     *      nextUpdate              Time OPTIONAL,
039     *      revokedCertificates     SEQUENCE OF SEQUENCE  {
040     *           userCertificate         CertificateSerialNumber,
041     *           revocationDate          Time,
042     *           crlEntryExtensions      Extensions OPTIONAL
043     *                                         -- if present, shall be v2
044     *                                }  OPTIONAL,
045     *      crlExtensions           [0]  EXPLICIT Extensions OPTIONAL
046     *                                         -- if present, shall be v2
047     *                                }
048     * </pre>
049     */
050    public class TBSCertList
051        extends ASN1Encodable
052    {
053        public class CRLEntry
054            extends ASN1Encodable
055        {
056            ASN1Sequence  seq;
057    
058            DERInteger          userCertificate;
059            Time                revocationDate;
060            X509Extensions      crlEntryExtensions;
061    
062            public CRLEntry(
063                ASN1Sequence  seq)
064            {
065                this.seq = seq;
066    
067                userCertificate = (DERInteger)seq.getObjectAt(0);
068                revocationDate = Time.getInstance(seq.getObjectAt(1));
069                if (seq.size() == 3)
070                {
071                    crlEntryExtensions = X509Extensions.getInstance(seq.getObjectAt(2));
072                }
073            }
074    
075            public DERInteger getUserCertificate()
076            {
077                return userCertificate;
078            }
079    
080            public Time getRevocationDate()
081            {
082                return revocationDate;
083            }
084    
085            public X509Extensions getExtensions()
086            {
087                return crlEntryExtensions;
088            }
089    
090            public DERObject toASN1Object()
091            {
092                return seq;
093            }
094        }
095    
096        ASN1Sequence     seq;
097    
098        DERInteger              version;
099        AlgorithmIdentifier     signature;
100        X509Name                issuer;
101        Time                    thisUpdate;
102        Time                    nextUpdate;
103        CRLEntry[]              revokedCertificates;
104        X509Extensions          crlExtensions;
105    
106        public static TBSCertList getInstance(
107            ASN1TaggedObject obj,
108            boolean          explicit)
109        {
110            return getInstance(ASN1Sequence.getInstance(obj, explicit));
111        }
112    
113        public static TBSCertList getInstance(
114            Object  obj)
115        {
116            if (obj instanceof TBSCertList)
117            {
118                return (TBSCertList)obj;
119            }
120            else if (obj instanceof ASN1Sequence)
121            {
122                return new TBSCertList((ASN1Sequence)obj);
123            }
124    
125            throw new IllegalArgumentException("unknown object in factory");
126        }
127    
128        public TBSCertList(
129            ASN1Sequence  seq)
130        {
131            int seqPos = 0;
132    
133            this.seq = seq;
134    
135            if (seq.getObjectAt(seqPos) instanceof DERInteger)
136            {
137                version = (DERInteger)seq.getObjectAt(seqPos++);
138            }
139            else
140            {
141                version = new DERInteger(0);
142            }
143    
144            signature = AlgorithmIdentifier.getInstance(seq.getObjectAt(seqPos++));
145            issuer = X509Name.getInstance(seq.getObjectAt(seqPos++));
146            thisUpdate = Time.getInstance(seq.getObjectAt(seqPos++));
147    
148            if (seqPos < seq.size()
149                && (seq.getObjectAt(seqPos) instanceof DERUTCTime
150                   || seq.getObjectAt(seqPos) instanceof DERGeneralizedTime
151                   || seq.getObjectAt(seqPos) instanceof Time))
152            {
153                nextUpdate = Time.getInstance(seq.getObjectAt(seqPos++));
154            }
155    
156            if (seqPos < seq.size()
157                && !(seq.getObjectAt(seqPos) instanceof DERTaggedObject))
158            {
159                ASN1Sequence certs = (ASN1Sequence)seq.getObjectAt(seqPos++);
160                revokedCertificates = new CRLEntry[certs.size()];
161    
162                for ( int i = 0; i < revokedCertificates.length; i++)
163                {
164                    revokedCertificates[i] = new CRLEntry((ASN1Sequence)certs.getObjectAt(i));
165                }
166            }
167    
168            if (seqPos < seq.size()
169                && seq.getObjectAt(seqPos) instanceof DERTaggedObject)
170            {
171                crlExtensions = X509Extensions.getInstance(seq.getObjectAt(seqPos++));
172            }
173        }
174    
175        public int getVersion()
176        {
177            return version.getValue().intValue() + 1;
178        }
179    
180        public DERInteger getVersionNumber()
181        {
182            return version;
183        }
184    
185        public AlgorithmIdentifier getSignature()
186        {
187            return signature;
188        }
189    
190        public X509Name getIssuer()
191        {
192            return issuer;
193        }
194    
195        public Time getThisUpdate()
196        {
197            return thisUpdate;
198        }
199    
200        public Time getNextUpdate()
201        {
202            return nextUpdate;
203        }
204    
205        public CRLEntry[] getRevokedCertificates()
206        {
207            return revokedCertificates;
208        }
209    
210        public X509Extensions getExtensions()
211        {
212            return crlExtensions;
213        }
214    
215        public DERObject toASN1Object()
216        {
217            return seq;
218        }
219    }