001 /**
002 * Licensed to the Apache Software Foundation (ASF) under one or more
003 * contributor license agreements. See the NOTICE file distributed with
004 * this work for additional information regarding copyright ownership.
005 * The ASF licenses this file to You under the Apache License, Version 2.0
006 * (the "License"); you may not use this file except in compliance with
007 * the License. You may obtain a copy of the License at
008 *
009 * http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017
018 package org.apache.geronimo.crypto.asn1.x509;
019
020 import java.io.IOException;
021 import java.util.Enumeration;
022 import java.util.Vector;
023
024 import org.apache.geronimo.crypto.asn1.ASN1EncodableVector;
025 import org.apache.geronimo.crypto.asn1.ASN1Sequence;
026 import org.apache.geronimo.crypto.asn1.DERGeneralizedTime;
027 import org.apache.geronimo.crypto.asn1.DERInteger;
028 import org.apache.geronimo.crypto.asn1.DEROctetString;
029 import org.apache.geronimo.crypto.asn1.DERSequence;
030 import org.apache.geronimo.crypto.asn1.DERTaggedObject;
031 import org.apache.geronimo.crypto.asn1.DERUTCTime;
032
033 /**
034 * Generator for Version 2 TBSCertList structures.
035 * <pre>
036 * TBSCertList ::= SEQUENCE {
037 * version Version OPTIONAL,
038 * -- if present, shall be v2
039 * signature AlgorithmIdentifier,
040 * issuer Name,
041 * thisUpdate Time,
042 * nextUpdate Time OPTIONAL,
043 * revokedCertificates SEQUENCE OF SEQUENCE {
044 * userCertificate CertificateSerialNumber,
045 * revocationDate Time,
046 * crlEntryExtensions Extensions OPTIONAL
047 * -- if present, shall be v2
048 * } OPTIONAL,
049 * crlExtensions [0] EXPLICIT Extensions OPTIONAL
050 * -- if present, shall be v2
051 * }
052 * </pre>
053 *
054 * <b>Note: This class may be subject to change</b>
055 */
056 public class V2TBSCertListGenerator
057 {
058 DERInteger version = new DERInteger(1);
059
060 AlgorithmIdentifier signature;
061 X509Name issuer;
062 Time thisUpdate, nextUpdate=null;
063 X509Extensions extensions=null;
064 private Vector crlentries=null;
065
066 public V2TBSCertListGenerator()
067 {
068 }
069
070
071 public void setSignature(
072 AlgorithmIdentifier signature)
073 {
074 this.signature = signature;
075 }
076
077 public void setIssuer(
078 X509Name issuer)
079 {
080 this.issuer = issuer;
081 }
082
083 public void setThisUpdate(
084 DERUTCTime thisUpdate)
085 {
086 this.thisUpdate = new Time(thisUpdate);
087 }
088
089 public void setNextUpdate(
090 DERUTCTime nextUpdate)
091 {
092 this.nextUpdate = new Time(nextUpdate);
093 }
094
095 public void setThisUpdate(
096 Time thisUpdate)
097 {
098 this.thisUpdate = thisUpdate;
099 }
100
101 public void setNextUpdate(
102 Time nextUpdate)
103 {
104 this.nextUpdate = nextUpdate;
105 }
106
107 public void addCRLEntry(
108 ASN1Sequence crlEntry)
109 {
110 if (crlentries == null)
111 crlentries = new Vector();
112 crlentries.addElement(crlEntry);
113 }
114
115 public void addCRLEntry(DERInteger userCertificate, DERUTCTime revocationDate, int reason)
116 {
117 addCRLEntry(userCertificate, new Time(revocationDate), reason);
118 }
119
120 public void addCRLEntry(DERInteger userCertificate, Time revocationDate, int reason)
121 {
122 addCRLEntry(userCertificate, revocationDate, reason, null);
123 }
124
125 public void addCRLEntry(DERInteger userCertificate, Time revocationDate, int reason, DERGeneralizedTime invalidityDate)
126 {
127 ASN1EncodableVector v = new ASN1EncodableVector();
128
129 v.add(userCertificate);
130 v.add(revocationDate);
131
132 Vector extOids = new Vector();
133 Vector extValues = new Vector();
134
135 if (reason != 0)
136 {
137 CRLReason crlReason = new CRLReason(reason);
138
139 try
140 {
141 extOids.addElement(X509Extensions.ReasonCode);
142 extValues.addElement(new X509Extension(false, new DEROctetString(crlReason.getEncoded())));
143 }
144 catch (IOException e)
145 {
146 throw new IllegalArgumentException("error encoding reason: " + e.getMessage(), e);
147 }
148 }
149
150 if (invalidityDate != null)
151 {
152 try
153 {
154 extOids.addElement(X509Extensions.InvalidityDate);
155 extValues.addElement(new X509Extension(false, new DEROctetString(invalidityDate.getEncoded())));
156 }
157 catch (IOException e)
158 {
159 throw new IllegalArgumentException("error encoding invalidityDate: " + e.getMessage(), e);
160 }
161 }
162
163 if (extOids.size() != 0)
164 {
165 X509Extensions ex = new X509Extensions(extOids, extValues);
166 v.add(ex);
167 }
168
169 if (crlentries == null)
170 {
171 crlentries = new Vector();
172 }
173
174 crlentries.addElement(new DERSequence(v));
175 }
176
177 public void setExtensions(
178 X509Extensions extensions)
179 {
180 this.extensions = extensions;
181 }
182
183 public TBSCertList generateTBSCertList()
184 {
185 if ((signature == null) || (issuer == null) || (thisUpdate == null))
186 {
187 throw new IllegalStateException("Not all mandatory fields set in V2 TBSCertList generator.");
188 }
189
190 ASN1EncodableVector v = new ASN1EncodableVector();
191
192 v.add(version);
193 v.add(signature);
194 v.add(issuer);
195
196 v.add(thisUpdate);
197 if (nextUpdate != null)
198 {
199 v.add(nextUpdate);
200 }
201
202 // Add CRLEntries if they exist
203 if (crlentries != null)
204 {
205 ASN1EncodableVector certs = new ASN1EncodableVector();
206 Enumeration it = crlentries.elements();
207 while( it.hasMoreElements() )
208 {
209 certs.add((ASN1Sequence)it.nextElement());
210 }
211 v.add(new DERSequence(certs));
212 }
213
214 if (extensions != null)
215 {
216 v.add(new DERTaggedObject(0, extensions));
217 }
218
219 return new TBSCertList(new DERSequence(v));
220 }
221 }