/* * Copyright (c) 2003, 2004, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. Oracle designates this * particular file as subject to the "Classpath" exception as provided * by Oracle in the LICENSE file that accompanied this code. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ package sun.security.pkcs; import java.io.IOException; import java.util.ArrayList; import sun.misc.HexDumpEncoder; import sun.security.util.DerInputStream; import sun.security.util.DerValue; import sun.security.x509.GeneralNames; import sun.security.x509.SerialNumber; /** * This class represents a signing certificate attribute. * Its attribute value is defined by the following ASN.1 definition. *
 *
 *   id-aa-signingCertificate OBJECT IDENTIFIER ::= { iso(1)
 *     member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
 *     smime(16) id-aa(2) 12 }
 *
 *   SigningCertificate ::=  SEQUENCE {
 *       certs       SEQUENCE OF ESSCertID,
 *       policies    SEQUENCE OF PolicyInformation OPTIONAL
 *   }
 *
 *   ESSCertID ::=  SEQUENCE {
 *       certHash        Hash,
 *       issuerSerial    IssuerSerial OPTIONAL
 *   }
 *
 *   Hash ::= OCTET STRING -- SHA1 hash of entire certificate
 *
 *   IssuerSerial ::= SEQUENCE {
 *       issuer         GeneralNames,
 *       serialNumber   CertificateSerialNumber
 *   }
 *
 *   PolicyInformation ::= SEQUENCE {
 *       policyIdentifier   CertPolicyId,
 *       policyQualifiers   SEQUENCE SIZE (1..MAX) OF
 *               PolicyQualifierInfo OPTIONAL }
 *
 *   CertPolicyId ::= OBJECT IDENTIFIER
 *
 *   PolicyQualifierInfo ::= SEQUENCE {
 *       policyQualifierId  PolicyQualifierId,
 *       qualifier        ANY DEFINED BY policyQualifierId }
 *
 *   -- Implementations that recognize additional policy qualifiers MUST
 *   -- augment the following definition for PolicyQualifierId
 *
 *   PolicyQualifierId ::= OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice )
 *
 * 
* * @since 1.5 * @author Vincent Ryan */ public class SigningCertificateInfo { private byte[] ber = null; private ESSCertId[] certId = null; public SigningCertificateInfo(byte[] ber) throws IOException { parse(ber); } public String toString() { StringBuffer buffer = new StringBuffer(); buffer.append("[\n"); for (int i = 0; i < certId.length; i++) { buffer.append(certId[i].toString()); } // format policies as a string buffer.append("\n]"); return buffer.toString(); } public void parse(byte[] bytes) throws IOException { // Parse signingCertificate DerValue derValue = new DerValue(bytes); if (derValue.tag != DerValue.tag_Sequence) { throw new IOException("Bad encoding for signingCertificate"); } // Parse certs DerValue[] certs = derValue.data.getSequence(1); certId = new ESSCertId[certs.length]; for (int i = 0; i < certs.length; i++) { certId[i] = new ESSCertId(certs[i]); } // Parse policies, if present if (derValue.data.available() > 0) { DerValue[] policies = derValue.data.getSequence(1); for (int i = 0; i < policies.length; i++) { // parse PolicyInformation } } } } class ESSCertId { private static volatile HexDumpEncoder hexDumper; private byte[] certHash; private GeneralNames issuer; private SerialNumber serialNumber; ESSCertId(DerValue certId) throws IOException { // Parse certHash certHash = certId.data.getDerValue().toByteArray(); // Parse issuerSerial, if present if (certId.data.available() > 0) { DerValue issuerSerial = certId.data.getDerValue(); // Parse issuer issuer = new GeneralNames(issuerSerial.data.getDerValue()); // Parse serialNumber serialNumber = new SerialNumber(issuerSerial.data.getDerValue()); } } public String toString() { StringBuffer buffer = new StringBuffer(); buffer.append("[\n\tCertificate hash (SHA-1):\n"); if (hexDumper == null) { hexDumper = new HexDumpEncoder(); } buffer.append(hexDumper.encode(certHash)); if (issuer != null && serialNumber != null) { buffer.append("\n\tIssuer: " + issuer + "\n"); buffer.append("\t" + serialNumber); } buffer.append("\n]"); return buffer.toString(); } }