/* * Copyright (c) 2003, 2004, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. Oracle designates this * particular file as subject to the "Classpath" exception as provided * by Oracle in the LICENSE file that accompanied this code. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ package sun.security.pkcs; import java.io.IOException; import java.util.ArrayList; import sun.misc.HexDumpEncoder; import sun.security.util.DerInputStream; import sun.security.util.DerValue; import sun.security.x509.GeneralNames; import sun.security.x509.SerialNumber; /** * This class represents a signing certificate attribute. * Its attribute value is defined by the following ASN.1 definition. *
* * id-aa-signingCertificate OBJECT IDENTIFIER ::= { iso(1) * member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) * smime(16) id-aa(2) 12 } * * SigningCertificate ::= SEQUENCE { * certs SEQUENCE OF ESSCertID, * policies SEQUENCE OF PolicyInformation OPTIONAL * } * * ESSCertID ::= SEQUENCE { * certHash Hash, * issuerSerial IssuerSerial OPTIONAL * } * * Hash ::= OCTET STRING -- SHA1 hash of entire certificate * * IssuerSerial ::= SEQUENCE { * issuer GeneralNames, * serialNumber CertificateSerialNumber * } * * PolicyInformation ::= SEQUENCE { * policyIdentifier CertPolicyId, * policyQualifiers SEQUENCE SIZE (1..MAX) OF * PolicyQualifierInfo OPTIONAL } * * CertPolicyId ::= OBJECT IDENTIFIER * * PolicyQualifierInfo ::= SEQUENCE { * policyQualifierId PolicyQualifierId, * qualifier ANY DEFINED BY policyQualifierId } * * -- Implementations that recognize additional policy qualifiers MUST * -- augment the following definition for PolicyQualifierId * * PolicyQualifierId ::= OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice ) * ** * @since 1.5 * @author Vincent Ryan */ public class SigningCertificateInfo { private byte[] ber = null; private ESSCertId[] certId = null; public SigningCertificateInfo(byte[] ber) throws IOException { parse(ber); } public String toString() { StringBuffer buffer = new StringBuffer(); buffer.append("[\n"); for (int i = 0; i < certId.length; i++) { buffer.append(certId[i].toString()); } // format policies as a string buffer.append("\n]"); return buffer.toString(); } public void parse(byte[] bytes) throws IOException { // Parse signingCertificate DerValue derValue = new DerValue(bytes); if (derValue.tag != DerValue.tag_Sequence) { throw new IOException("Bad encoding for signingCertificate"); } // Parse certs DerValue[] certs = derValue.data.getSequence(1); certId = new ESSCertId[certs.length]; for (int i = 0; i < certs.length; i++) { certId[i] = new ESSCertId(certs[i]); } // Parse policies, if present if (derValue.data.available() > 0) { DerValue[] policies = derValue.data.getSequence(1); for (int i = 0; i < policies.length; i++) { // parse PolicyInformation } } } } class ESSCertId { private static volatile HexDumpEncoder hexDumper; private byte[] certHash; private GeneralNames issuer; private SerialNumber serialNumber; ESSCertId(DerValue certId) throws IOException { // Parse certHash certHash = certId.data.getDerValue().toByteArray(); // Parse issuerSerial, if present if (certId.data.available() > 0) { DerValue issuerSerial = certId.data.getDerValue(); // Parse issuer issuer = new GeneralNames(issuerSerial.data.getDerValue()); // Parse serialNumber serialNumber = new SerialNumber(issuerSerial.data.getDerValue()); } } public String toString() { StringBuffer buffer = new StringBuffer(); buffer.append("[\n\tCertificate hash (SHA-1):\n"); if (hexDumper == null) { hexDumper = new HexDumpEncoder(); } buffer.append(hexDumper.encode(certHash)); if (issuer != null && serialNumber != null) { buffer.append("\n\tIssuer: " + issuer + "\n"); buffer.append("\t" + serialNumber); } buffer.append("\n]"); return buffer.toString(); } }