001 /**
002 * Licensed to the Apache Software Foundation (ASF) under one or more
003 * contributor license agreements. See the NOTICE file distributed with
004 * this work for additional information regarding copyright ownership.
005 * The ASF licenses this file to You under the Apache License, Version 2.0
006 * (the "License"); you may not use this file except in compliance with
007 * the License. You may obtain a copy of the License at
008 *
009 * http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017
018 package org.apache.geronimo.util.asn1.x509;
019
020 import org.apache.geronimo.util.asn1.ASN1Encodable;
021 import org.apache.geronimo.util.asn1.ASN1Sequence;
022 import org.apache.geronimo.util.asn1.ASN1TaggedObject;
023 import org.apache.geronimo.util.asn1.DERGeneralizedTime;
024 import org.apache.geronimo.util.asn1.DERInteger;
025 import org.apache.geronimo.util.asn1.DERObject;
026 import org.apache.geronimo.util.asn1.DERTaggedObject;
027 import org.apache.geronimo.util.asn1.DERUTCTime;
028
029 /**
030 * PKIX RFC-2459 - TBSCertList object.
031 * <pre>
032 * TBSCertList ::= SEQUENCE {
033 * version Version OPTIONAL,
034 * -- if present, shall be v2
035 * signature AlgorithmIdentifier,
036 * issuer Name,
037 * thisUpdate Time,
038 * nextUpdate Time OPTIONAL,
039 * revokedCertificates SEQUENCE OF SEQUENCE {
040 * userCertificate CertificateSerialNumber,
041 * revocationDate Time,
042 * crlEntryExtensions Extensions OPTIONAL
043 * -- if present, shall be v2
044 * } OPTIONAL,
045 * crlExtensions [0] EXPLICIT Extensions OPTIONAL
046 * -- if present, shall be v2
047 * }
048 * </pre>
049 */
050 public class TBSCertList
051 extends ASN1Encodable
052 {
053 public class CRLEntry
054 extends ASN1Encodable
055 {
056 ASN1Sequence seq;
057
058 DERInteger userCertificate;
059 Time revocationDate;
060 X509Extensions crlEntryExtensions;
061
062 public CRLEntry(
063 ASN1Sequence seq)
064 {
065 this.seq = seq;
066
067 userCertificate = (DERInteger)seq.getObjectAt(0);
068 revocationDate = Time.getInstance(seq.getObjectAt(1));
069 if (seq.size() == 3)
070 {
071 crlEntryExtensions = X509Extensions.getInstance(seq.getObjectAt(2));
072 }
073 }
074
075 public DERInteger getUserCertificate()
076 {
077 return userCertificate;
078 }
079
080 public Time getRevocationDate()
081 {
082 return revocationDate;
083 }
084
085 public X509Extensions getExtensions()
086 {
087 return crlEntryExtensions;
088 }
089
090 public DERObject toASN1Object()
091 {
092 return seq;
093 }
094 }
095
096 ASN1Sequence seq;
097
098 DERInteger version;
099 AlgorithmIdentifier signature;
100 X509Name issuer;
101 Time thisUpdate;
102 Time nextUpdate;
103 CRLEntry[] revokedCertificates;
104 X509Extensions crlExtensions;
105
106 public static TBSCertList getInstance(
107 ASN1TaggedObject obj,
108 boolean explicit)
109 {
110 return getInstance(ASN1Sequence.getInstance(obj, explicit));
111 }
112
113 public static TBSCertList getInstance(
114 Object obj)
115 {
116 if (obj instanceof TBSCertList)
117 {
118 return (TBSCertList)obj;
119 }
120 else if (obj instanceof ASN1Sequence)
121 {
122 return new TBSCertList((ASN1Sequence)obj);
123 }
124
125 throw new IllegalArgumentException("unknown object in factory");
126 }
127
128 public TBSCertList(
129 ASN1Sequence seq)
130 {
131 int seqPos = 0;
132
133 this.seq = seq;
134
135 if (seq.getObjectAt(seqPos) instanceof DERInteger)
136 {
137 version = (DERInteger)seq.getObjectAt(seqPos++);
138 }
139 else
140 {
141 version = new DERInteger(0);
142 }
143
144 signature = AlgorithmIdentifier.getInstance(seq.getObjectAt(seqPos++));
145 issuer = X509Name.getInstance(seq.getObjectAt(seqPos++));
146 thisUpdate = Time.getInstance(seq.getObjectAt(seqPos++));
147
148 if (seqPos < seq.size()
149 && (seq.getObjectAt(seqPos) instanceof DERUTCTime
150 || seq.getObjectAt(seqPos) instanceof DERGeneralizedTime
151 || seq.getObjectAt(seqPos) instanceof Time))
152 {
153 nextUpdate = Time.getInstance(seq.getObjectAt(seqPos++));
154 }
155
156 if (seqPos < seq.size()
157 && !(seq.getObjectAt(seqPos) instanceof DERTaggedObject))
158 {
159 ASN1Sequence certs = (ASN1Sequence)seq.getObjectAt(seqPos++);
160 revokedCertificates = new CRLEntry[certs.size()];
161
162 for ( int i = 0; i < revokedCertificates.length; i++)
163 {
164 revokedCertificates[i] = new CRLEntry((ASN1Sequence)certs.getObjectAt(i));
165 }
166 }
167
168 if (seqPos < seq.size()
169 && seq.getObjectAt(seqPos) instanceof DERTaggedObject)
170 {
171 crlExtensions = X509Extensions.getInstance(seq.getObjectAt(seqPos++));
172 }
173 }
174
175 public int getVersion()
176 {
177 return version.getValue().intValue() + 1;
178 }
179
180 public DERInteger getVersionNumber()
181 {
182 return version;
183 }
184
185 public AlgorithmIdentifier getSignature()
186 {
187 return signature;
188 }
189
190 public X509Name getIssuer()
191 {
192 return issuer;
193 }
194
195 public Time getThisUpdate()
196 {
197 return thisUpdate;
198 }
199
200 public Time getNextUpdate()
201 {
202 return nextUpdate;
203 }
204
205 public CRLEntry[] getRevokedCertificates()
206 {
207 return revokedCertificates;
208 }
209
210 public X509Extensions getExtensions()
211 {
212 return crlExtensions;
213 }
214
215 public DERObject toASN1Object()
216 {
217 return seq;
218 }
219 }