001 /** 002 * Licensed to the Apache Software Foundation (ASF) under one or more 003 * contributor license agreements. See the NOTICE file distributed with 004 * this work for additional information regarding copyright ownership. 005 * The ASF licenses this file to You under the Apache License, Version 2.0 006 * (the "License"); you may not use this file except in compliance with 007 * the License. You may obtain a copy of the License at 008 * 009 * http://www.apache.org/licenses/LICENSE-2.0 010 * 011 * Unless required by applicable law or agreed to in writing, software 012 * distributed under the License is distributed on an "AS IS" BASIS, 013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 014 * See the License for the specific language governing permissions and 015 * limitations under the License. 016 */ 017 018 package org.apache.geronimo.util.asn1.x509; 019 020 import java.io.IOException; 021 import java.util.Enumeration; 022 import java.util.Vector; 023 024 import org.apache.geronimo.util.asn1.ASN1EncodableVector; 025 import org.apache.geronimo.util.asn1.ASN1Sequence; 026 import org.apache.geronimo.util.asn1.DERGeneralizedTime; 027 import org.apache.geronimo.util.asn1.DERInteger; 028 import org.apache.geronimo.util.asn1.DEROctetString; 029 import org.apache.geronimo.util.asn1.DERSequence; 030 import org.apache.geronimo.util.asn1.DERTaggedObject; 031 import org.apache.geronimo.util.asn1.DERUTCTime; 032 033 /** 034 * Generator for Version 2 TBSCertList structures. 035 * <pre> 036 * TBSCertList ::= SEQUENCE { 037 * version Version OPTIONAL, 038 * -- if present, shall be v2 039 * signature AlgorithmIdentifier, 040 * issuer Name, 041 * thisUpdate Time, 042 * nextUpdate Time OPTIONAL, 043 * revokedCertificates SEQUENCE OF SEQUENCE { 044 * userCertificate CertificateSerialNumber, 045 * revocationDate Time, 046 * crlEntryExtensions Extensions OPTIONAL 047 * -- if present, shall be v2 048 * } OPTIONAL, 049 * crlExtensions [0] EXPLICIT Extensions OPTIONAL 050 * -- if present, shall be v2 051 * } 052 * </pre> 053 * 054 * <b>Note: This class may be subject to change</b> 055 */ 056 public class V2TBSCertListGenerator 057 { 058 DERInteger version = new DERInteger(1); 059 060 AlgorithmIdentifier signature; 061 X509Name issuer; 062 Time thisUpdate, nextUpdate=null; 063 X509Extensions extensions=null; 064 private Vector crlentries=null; 065 066 public V2TBSCertListGenerator() 067 { 068 } 069 070 071 public void setSignature( 072 AlgorithmIdentifier signature) 073 { 074 this.signature = signature; 075 } 076 077 public void setIssuer( 078 X509Name issuer) 079 { 080 this.issuer = issuer; 081 } 082 083 public void setThisUpdate( 084 DERUTCTime thisUpdate) 085 { 086 this.thisUpdate = new Time(thisUpdate); 087 } 088 089 public void setNextUpdate( 090 DERUTCTime nextUpdate) 091 { 092 this.nextUpdate = new Time(nextUpdate); 093 } 094 095 public void setThisUpdate( 096 Time thisUpdate) 097 { 098 this.thisUpdate = thisUpdate; 099 } 100 101 public void setNextUpdate( 102 Time nextUpdate) 103 { 104 this.nextUpdate = nextUpdate; 105 } 106 107 public void addCRLEntry( 108 ASN1Sequence crlEntry) 109 { 110 if (crlentries == null) 111 crlentries = new Vector(); 112 crlentries.addElement(crlEntry); 113 } 114 115 public void addCRLEntry(DERInteger userCertificate, DERUTCTime revocationDate, int reason) 116 { 117 addCRLEntry(userCertificate, new Time(revocationDate), reason); 118 } 119 120 public void addCRLEntry(DERInteger userCertificate, Time revocationDate, int reason) 121 { 122 addCRLEntry(userCertificate, revocationDate, reason, null); 123 } 124 125 public void addCRLEntry(DERInteger userCertificate, Time revocationDate, int reason, DERGeneralizedTime invalidityDate) 126 { 127 ASN1EncodableVector v = new ASN1EncodableVector(); 128 129 v.add(userCertificate); 130 v.add(revocationDate); 131 132 Vector extOids = new Vector(); 133 Vector extValues = new Vector(); 134 135 if (reason != 0) 136 { 137 CRLReason crlReason = new CRLReason(reason); 138 139 try 140 { 141 extOids.addElement(X509Extensions.ReasonCode); 142 extValues.addElement(new X509Extension(false, new DEROctetString(crlReason.getEncoded()))); 143 } 144 catch (IOException e) 145 { 146 throw new IllegalArgumentException("error encoding reason: " + e.getMessage(), e); 147 } 148 } 149 150 if (invalidityDate != null) 151 { 152 try 153 { 154 extOids.addElement(X509Extensions.InvalidityDate); 155 extValues.addElement(new X509Extension(false, new DEROctetString(invalidityDate.getEncoded()))); 156 } 157 catch (IOException e) 158 { 159 throw new IllegalArgumentException("error encoding invalidityDate: " + e.getMessage(), e); 160 } 161 } 162 163 if (extOids.size() != 0) 164 { 165 X509Extensions ex = new X509Extensions(extOids, extValues); 166 v.add(ex); 167 } 168 169 if (crlentries == null) 170 { 171 crlentries = new Vector(); 172 } 173 174 crlentries.addElement(new DERSequence(v)); 175 } 176 177 public void setExtensions( 178 X509Extensions extensions) 179 { 180 this.extensions = extensions; 181 } 182 183 public TBSCertList generateTBSCertList() 184 { 185 if ((signature == null) || (issuer == null) || (thisUpdate == null)) 186 { 187 throw new IllegalStateException("Not all mandatory fields set in V2 TBSCertList generator."); 188 } 189 190 ASN1EncodableVector v = new ASN1EncodableVector(); 191 192 v.add(version); 193 v.add(signature); 194 v.add(issuer); 195 196 v.add(thisUpdate); 197 if (nextUpdate != null) 198 { 199 v.add(nextUpdate); 200 } 201 202 // Add CRLEntries if they exist 203 if (crlentries != null) 204 { 205 ASN1EncodableVector certs = new ASN1EncodableVector(); 206 Enumeration it = crlentries.elements(); 207 while( it.hasMoreElements() ) 208 { 209 certs.add((ASN1Sequence)it.nextElement()); 210 } 211 v.add(new DERSequence(certs)); 212 } 213 214 if (extensions != null) 215 { 216 v.add(new DERTaggedObject(0, extensions)); 217 } 218 219 return new TBSCertList(new DERSequence(v)); 220 } 221 }