| /* |
| * Licensed to the Apache Software Foundation (ASF) under one or more |
| * contributor license agreements. See the NOTICE file distributed with |
| * this work for additional information regarding copyright ownership. |
| * The ASF licenses this file to You under the Apache License, Version 2.0 |
| * (the "License"); you may not use this file except in compliance with |
| * the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| package java.security.cert; |
| |
| import java.io.ByteArrayInputStream; |
| import java.math.BigInteger; |
| import java.security.InvalidKeyException; |
| import java.security.NoSuchAlgorithmException; |
| import java.security.NoSuchProviderException; |
| import java.security.Principal; |
| import java.security.PublicKey; |
| import java.security.SignatureException; |
| import java.util.Arrays; |
| import java.util.Date; |
| import java.util.Set; |
| import javax.security.auth.x500.X500Principal; |
| |
| /** |
| * Abstract base class for X.509 certificate revocation lists (CRL). |
| * <p> |
| * More information regarding CRL can be found in RFC 2459, |
| * "Internet X.509 Public Key Infrastructure Certificate and CRL Profile" at <a |
| * href |
| * ="http://www.ietf.org/rfc/rfc2459.txt">http://www.ietf.org/rfc/rfc2459.txt |
| * </a>. |
| */ |
| public abstract class X509CRL extends CRL implements X509Extension { |
| |
| /** |
| * Creates a new {@code X509CRL} instance. |
| */ |
| protected X509CRL() { |
| super("X.509"); |
| } |
| |
| /** |
| * Returns whether the specified object equals to this instance. |
| * |
| * @param other |
| * the object to compare. |
| * @return {@code true} if the specified object is equal to this, otherwise |
| * {@code false}. |
| */ |
| public boolean equals(Object other) { |
| if (other == this) { |
| return true; |
| } |
| if (!(other instanceof X509CRL)) { |
| return false; |
| } |
| X509CRL obj = (X509CRL) other; |
| try { |
| return Arrays.equals(getEncoded(), obj.getEncoded()); |
| } catch (CRLException e) { |
| return false; |
| } |
| } |
| |
| /** |
| * Returns the hashcode of this CRL instance. |
| * |
| * @return the hashcode. |
| */ |
| public int hashCode() { |
| try { |
| int res = 0; |
| byte[] array = getEncoded(); |
| for (int i=0; i<array.length; i++) { |
| res += array[i] & 0xFF; |
| } |
| return res; |
| } catch (CRLException e) { |
| return 0; |
| } |
| } |
| |
| /** |
| * Returns this CRL in ASN.1 DER encoded form. |
| * |
| * @return this CRL in ASN.1 DER encoded form. |
| * @throws CRLException |
| * if encoding fails. |
| */ |
| public abstract byte[] getEncoded() throws CRLException; |
| |
| |
| /** |
| * Verifies this CRL by verifying that this CRL was signed with the |
| * corresponding private key to the specified public key. |
| * |
| * @param key |
| * the public key to verify this CRL with. |
| * @throws CRLException |
| * if encoding or decoding fails. |
| * @throws NoSuchAlgorithmException |
| * if a needed algorithm is not present. |
| * @throws InvalidKeyException |
| * if the specified key is invalid. |
| * @throws NoSuchProviderException |
| * if no provider can be found. |
| * @throws SignatureException |
| * if errors occur on signatures. |
| */ |
| public abstract void verify(PublicKey key) |
| throws CRLException, NoSuchAlgorithmException, |
| InvalidKeyException, NoSuchProviderException, |
| SignatureException; |
| |
| /** |
| * Verifies this CRL by verifying that this CRL was signed with the |
| * corresponding private key to the specified public key. The signature |
| * verification engine of the specified provider will be used. |
| * |
| * @param key |
| * the public key to verify this CRL with. |
| * @param sigProvider |
| * the name of the provider for the signature algorithm. |
| * @throws CRLException |
| * if encoding decoding fails. |
| * @throws NoSuchAlgorithmException |
| * if a needed algorithm is not present. |
| * @throws InvalidKeyException |
| * if the specified key is invalid. |
| * @throws NoSuchProviderException |
| * if the specified provider cannot be found. |
| * @throws SignatureException |
| * if errors occur on signatures. |
| */ |
| public abstract void verify(PublicKey key, String sigProvider) |
| throws CRLException, NoSuchAlgorithmException, |
| InvalidKeyException, NoSuchProviderException, |
| SignatureException; |
| |
| /** |
| * Returns the version number of this CRL. |
| * |
| * @return the version number of this CRL. |
| */ |
| public abstract int getVersion(); |
| |
| /** |
| * <b>Do not use</b>, use {@link #getIssuerX500Principal()} instead. Returns |
| * the issuer as an implementation specific Principal object. |
| * |
| * @return the issuer distinguished name. |
| */ |
| public abstract Principal getIssuerDN(); |
| |
| /** |
| * Returns the issuer distinguished name of this CRL. |
| * |
| * @return the issuer distinguished name of this CRL. |
| */ |
| public X500Principal getIssuerX500Principal() { |
| try { |
| // TODO if there is no X.509 certificate provider installed |
| // should we try to access Harmony X509CRLImpl via classForName? |
| CertificateFactory factory = CertificateFactory |
| .getInstance("X.509"); |
| |
| X509CRL crl = (X509CRL) factory |
| .generateCRL(new ByteArrayInputStream(getEncoded())); |
| |
| return crl.getIssuerX500Principal(); |
| |
| } catch (Exception e) { |
| throw new RuntimeException("Failed to get X500Principal issuer", e); |
| } |
| } |
| |
| /** |
| * Returns the {@code thisUpdate} value of this CRL. |
| * |
| * @return the {@code thisUpdate} value of this CRL. |
| */ |
| public abstract Date getThisUpdate(); |
| |
| /** |
| * Returns the {@code nextUpdate} value of this CRL. |
| * |
| * @return the {@code nextUpdate} value of this CRL, or {@code null} if none |
| * is present. |
| */ |
| public abstract Date getNextUpdate(); |
| |
| /** |
| * Returns the CRL entry with the specified certificate serial number. |
| * |
| * @param serialNumber |
| * the certificate serial number to search for a CRL entry. |
| * @return the entry for the specified certificate serial number, or {@code |
| * null} if not found. |
| */ |
| public abstract X509CRLEntry getRevokedCertificate(BigInteger serialNumber); |
| |
| /** |
| * Returns the CRL entry for the specified certificate. |
| * |
| * @param certificate |
| * the certificate to search a CRL entry for. |
| * @return the entry for the specified certificate, or {@code null} if not |
| * found. |
| */ |
| public X509CRLEntry getRevokedCertificate(X509Certificate certificate) { |
| if (certificate == null) { |
| throw new NullPointerException("certificate == null"); |
| } |
| return getRevokedCertificate(certificate.getSerialNumber()); |
| } |
| |
| /** |
| * Returns the set of revoked certificates. |
| * |
| * @return the set of revoked certificates, or {@code null} if no revoked |
| * certificates are in this CRL. |
| */ |
| public abstract Set<? extends X509CRLEntry> getRevokedCertificates(); |
| |
| /** |
| * Returns the {@code tbsCertList} information of this CRL in DER encoded |
| * form. |
| * |
| * @return the CRL information in DER encoded form. |
| * @throws CRLException |
| * if encoding fails. |
| */ |
| public abstract byte[] getTBSCertList() throws CRLException; |
| |
| /** |
| * Returns the signature bytes of this CRL. |
| * |
| * @return the signature bytes of this CRL. |
| */ |
| public abstract byte[] getSignature(); |
| |
| /** |
| * Returns the name of the signature algorithm. |
| * |
| * @return the name of the signature algorithm. |
| */ |
| public abstract String getSigAlgName(); |
| |
| /** |
| * Returns the OID of the signature algorithm. |
| * |
| * @return the OID of the signature algorithm. |
| */ |
| public abstract String getSigAlgOID(); |
| |
| /** |
| * Returns the parameters of the signature algorithm in DER encoded form. |
| * |
| * @return the parameters of the signature algorithm in DER encoded form, or |
| * {@code null} if not present. |
| */ |
| public abstract byte[] getSigAlgParams(); |
| } |