File Doc Category Size Date Package
X509CRLImpl.java API Doc Android 1.5 API 17777 Wed May 06 22:41:06 BST 2009 org.apache.harmony.security.provider.cert

X509CRLImpl

java.lang.Object
- java.security.cert.CRL
  - java.security.cert.X509CRL

public class X509CRLImpl extends X509CRL

This class is an implementation of X509CRL. It wraps the instance of org.apache.harmony.security.x509.CertificateList built on the base of provided ASN.1 DER encoded form of CertificateList structure (as specified in RFC 3280 http://www.ietf.org/rfc/rfc3280.txt). Implementation supports work with indirect CRLs.

see: org.apache.harmony.security.x509.CertificateList
see: java.security.cert.X509CRL

Fields Summary
private final org.apache.harmony.security.x509.CertificateList
crl
private final org.apache.harmony.security.x509.TBSCertList
tbsCertList
private byte[]
tbsCertListEncoding
private final org.apache.harmony.security.x509.Extensions
extensions
private X500Principal
issuer
private ArrayList
entries
private int
entriesSize
private byte[]
signature
private String
sigAlgOID
private String
sigAlgName
private byte[]
sigAlgParams
private byte[]
encoding
private boolean
nullSigAlgParams
private boolean
entriesRetrieved
private boolean
isIndirectCRL
private int
nonIndirectEntriesSize
Constructors Summary
public X509CRLImpl(org.apache.harmony.security.x509.CertificateList crl)
Creates X.509 CRL by wrapping of the specified CertificateList object.
this.crl = crl; this.tbsCertList = crl.getTbsCertList(); this.extensions = tbsCertList.getCrlExtensions();
public X509CRLImpl(InputStream in)
Creates X.509 CRL on the base of ASN.1 DER encoded form of the CRL (CertificateList structure described in RFC 3280) provided via input stream.
throws
CRLException if decoding errors occur.
try { // decode CertificateList structure this.crl = (CertificateList) CertificateList.ASN1.decode(in); this.tbsCertList = crl.getTbsCertList(); this.extensions = tbsCertList.getCrlExtensions(); } catch (IOException e) { throw new CRLException(e); }
public X509CRLImpl(byte[] encoding)
Creates X.509 CRL on the base of ASN.1 DER encoded form of the CRL (CertificateList structure described in RFC 3280) provided via array of bytes.
throws
IOException if decoding errors occur.
this((CertificateList) CertificateList.ASN1.decode(encoding));
Methods Summary
public java.util.Set getCriticalExtensionOIDs()
see
java.security.cert.X509Extension#getCriticalExtensionOIDs() method documentation for more info
if (extensions == null) { return null; } return extensions.getCriticalExtensions();
public byte[] getEncoded()
see
java.security.cert.X509CRL#getEncoded() method documentation for more info
if (encoding == null) { encoding = crl.getEncoded(); } byte[] result = new byte[encoding.length]; System.arraycopy(encoding, 0, result, 0, encoding.length); return result;
public byte[] getExtensionValue(java.lang.String oid)
see
java.security.cert.X509Extension#getExtensionValue(String) method documentation for more info
if (extensions == null) { return null; } Extension ext = extensions.getExtensionByOID(oid); return (ext == null) ? null : ext.getRawExtnValue();
public java.security.Principal getIssuerDN()
see
java.security.cert.X509CRL#getIssuerDN() method documentation for more info
if (issuer == null) { issuer = tbsCertList.getIssuer().getX500Principal(); } return issuer;
public javax.security.auth.x500.X500Principal getIssuerX500Principal()
see
java.security.cert.X509CRL#getIssuerX500Principal() method documentation for more info
if (issuer == null) { issuer = tbsCertList.getIssuer().getX500Principal(); } return issuer;
public java.util.Date getNextUpdate()
see
java.security.cert.X509CRL#getNextUpdate() method documentation for more info
return tbsCertList.getNextUpdate();
public java.util.Set getNonCriticalExtensionOIDs()
see
java.security.cert.X509Extension#getNonCriticalExtensionOIDs() method documentation for more info
if (extensions == null) { return null; } return extensions.getNonCriticalExtensions();
public java.security.cert.X509CRLEntry getRevokedCertificate(java.security.cert.X509Certificate certificate)
Searches for certificate in CRL. This method supports indirect CRLs: if CRL is indirect method takes into account serial number and issuer of the certificate, if CRL issued by CA (i.e. it is not indirect) search is done only by serial number of the specified certificate.
see
java.security.cert.X509CRL#getRevokedCertificate(X509Certificate) method documentation for more info
if (certificate == null) { throw new NullPointerException(); } if (!entriesRetrieved) { retirieveEntries(); } if (entries == null) { return null; } BigInteger serialN = certificate.getSerialNumber(); if (isIndirectCRL) { // search in indirect crl X500Principal certIssuer = certificate.getIssuerX500Principal(); if (certIssuer.equals(getIssuerX500Principal())) { // certificate issuer is CRL issuer certIssuer = null; } for (int i=0; i<entriesSize; i++) { X509CRLEntry entry = (X509CRLEntry) entries.get(i); // check the serial number of revoked certificate if (serialN.equals(entry.getSerialNumber())) { // revoked certificate issuer X500Principal iss = entry.getCertificateIssuer(); // check the issuer of revoked certificate if (certIssuer != null) { // certificate issuer is not a CRL issuer, so // check issuers for equality if (certIssuer.equals(iss)) { return entry; } } else if (iss == null) { // both certificates was issued by CRL issuer return entry; } } } } else { // search in CA's (non indirect) crl: just look up the serial number for (int i=0; i<entriesSize; i++) { X509CRLEntry entry = (X509CRLEntry) entries.get(i); if (serialN.equals(entry.getSerialNumber())) { return entry; } } } return null;
public java.security.cert.X509CRLEntry getRevokedCertificate(java.math.BigInteger serialNumber)
Method searches for CRL entry with specified serial number. The method will search only certificate issued by CRL's issuer.
see
java.security.cert.X509CRL#getRevokedCertificate(BigInteger) method documentation for more info
if (!entriesRetrieved) { retirieveEntries(); } if (entries == null) { return null; } for (int i=0; i<nonIndirectEntriesSize; i++) { X509CRLEntry entry = (X509CRLEntry) entries.get(i); if (serialNumber.equals(entry.getSerialNumber())) { return entry; } } return null;
public java.util.Set getRevokedCertificates()
see
java.security.cert.X509CRL#getRevokedCertificates() method documentation for more info
if (!entriesRetrieved) { retirieveEntries(); } if (entries == null) { return null; } return new HashSet(entries);
public java.lang.String getSigAlgName()
see
java.security.cert.X509CRL#getSigAlgName() method documentation for more info
if (sigAlgOID == null) { sigAlgOID = tbsCertList.getSignature().getAlgorithm(); sigAlgName = AlgNameMapper.map2AlgName(sigAlgOID); if (sigAlgName == null) { sigAlgName = sigAlgOID; } } return sigAlgName;
public java.lang.String getSigAlgOID()
see
java.security.cert.X509CRL#getSigAlgOID() method documentation for more info
if (sigAlgOID == null) { sigAlgOID = tbsCertList.getSignature().getAlgorithm(); sigAlgName = AlgNameMapper.map2AlgName(sigAlgOID); if (sigAlgName == null) { sigAlgName = sigAlgOID; } } return sigAlgOID;
public byte[] getSigAlgParams()
see
java.security.cert.X509CRL#getSigAlgParams() method documentation for more info
if (nullSigAlgParams) { return null; } if (sigAlgParams == null) { sigAlgParams = tbsCertList.getSignature().getParameters(); if (sigAlgParams == null) { nullSigAlgParams = true; return null; } } return sigAlgParams;
public byte[] getSignature()
see
java.security.cert.X509CRL#getSignature() method documentation for more info
if (signature == null) { signature = crl.getSignatureValue(); } byte[] result = new byte[signature.length]; System.arraycopy(signature, 0, result, 0, signature.length); return result;
public byte[] getTBSCertList()
see
java.security.cert.X509CRL#getTBSCertList() method documentation for more info
if (tbsCertListEncoding == null) { tbsCertListEncoding = tbsCertList.getEncoded(); } byte[] result = new byte[tbsCertListEncoding.length]; System.arraycopy(tbsCertListEncoding, 0, result, 0, tbsCertListEncoding.length); return result;
public java.util.Date getThisUpdate()
see
java.security.cert.X509CRL#getThisUpdate() method documentation for more info
return tbsCertList.getThisUpdate();
public int getVersion()
see
java.security.cert.X509CRL#getVersion() method documentation for more info
return tbsCertList.getVersion();
public boolean hasUnsupportedCriticalExtension()
see
java.security.cert.X509Extension#hasUnsupportedCriticalExtension() method documentation for more info
if (extensions == null) { return false; } return extensions.hasUnsupportedCritical();
public boolean isRevoked(java.security.cert.Certificate cert)
see
java.security.cert.CRL#isRevoked(Certificate) method documentation for more info
if (!(cert instanceof X509Certificate)) { return false; } return getRevokedCertificate((X509Certificate) cert) != null;
private void retirieveEntries()
entriesRetrieved = true; List rcerts = tbsCertList.getRevokedCertificates(); if (rcerts == null) { return; } entriesSize = rcerts.size(); entries = new ArrayList(entriesSize); // null means that revoked certificate issuer is the same as CRL issuer X500Principal rcertIssuer = null; for (int i=0; i<entriesSize; i++) { TBSCertList.RevokedCertificate rcert = (TBSCertList.RevokedCertificate) rcerts.get(i); X500Principal iss = rcert.getIssuer(); if (iss != null) { // certificate issuer differs from CRL issuer // and CRL is indirect. rcertIssuer = iss; isIndirectCRL = true; // remember how many leading revoked certificates in the // list are issued by the same issuer as issuer of CRL // (these certificates are first in the list) nonIndirectEntriesSize = i; } entries.add(new X509CRLEntryImpl(rcert, rcertIssuer)); }
public java.lang.String toString()
see
java.security.cert.CRL#toString() method documentation for more info
return crl.toString();
public void verify(java.security.PublicKey key)
see
java.security.cert.X509CRL#verify(PublicKey key) method documentation for more info
Signature signature = Signature.getInstance(getSigAlgName()); signature.initVerify(key); byte[] tbsEncoding = tbsCertList.getEncoded(); signature.update(tbsEncoding, 0, tbsEncoding.length); if (!signature.verify(crl.getSignatureValue())) { throw new SignatureException(Messages.getString("security.15C")); //$NON-NLS-1$ }
public void verify(java.security.PublicKey key, java.lang.String sigProvider)
see
java.security.cert.X509CRL#verify(PublicKey key, String sigProvider) method documentation for more info
Signature signature = Signature.getInstance( getSigAlgName(), sigProvider); signature.initVerify(key); byte[] tbsEncoding = tbsCertList.getEncoded(); signature.update(tbsEncoding, 0, tbsEncoding.length); if (!signature.verify(crl.getSignatureValue())) { throw new SignatureException(Messages.getString("security.15C")); //$NON-NLS-1$ }