/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/**
* <p>Abstract class for a revoked certificate in a CRL.
* This class is for each entry in the <code>revokedCertificates</code>,
* so it deals with the inner <em>SEQUENCE</em>.
* The ASN.1 definition for this is:
* <pre>
* revokedCertificates SEQUENCE OF SEQUENCE {
* userCertificate CertificateSerialNumber,
* revocationDate ChoiceOfTime,
* crlEntryExtensions Extensions OPTIONAL
* -- if present, must be v2
* } OPTIONAL
*
* CertificateSerialNumber ::= INTEGER
*
* Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
*
* Extension ::= SEQUENCE {
* extnId OBJECT IDENTIFIER,
* critical BOOLEAN DEFAULT FALSE,
* extnValue OCTET STRING
* -- contains a DER encoding of a value
* -- of the type registered for use with
* -- the extnId object identifier value
* }
* </pre>
*
* @author Hemma Prafullchandra
*/
implements Comparable<X509CRLEntryImpl> {
private final static boolean isExplicit = false;
/**
* Constructs a revoked certificate entry using the given
* serial number and revocation date.
*
* @param num the serial number of the revoked certificate.
* @param date the Date on which revocation took place.
*/
this.revocationDate = date;
}
/**
* Constructs a revoked certificate entry using the given
* serial number, revocation date and the entry
* extensions.
*
* @param num the serial number of the revoked certificate.
* @param date the Date on which revocation took place.
* @param crlEntryExts the extensions for this entry.
*/
this.revocationDate = date;
this.extensions = crlEntryExts;
}
/**
* Unmarshals a revoked certificate from its encoded form.
*
* @param revokedCert the encoded bytes.
* @exception CRLException on parsing errors.
*/
try {
} catch (IOException e) {
this.revokedCert = null;
}
}
/**
* Unmarshals a revoked certificate from its encoded form.
*
* @param derVal the DER value containing the revoked certificate.
* @exception CRLException on parsing errors.
*/
try {
} catch (IOException e) {
revokedCert = null;
}
}
/**
* Returns true if this revoked certificate entry has
* extensions, otherwise false.
*
* @return true if this CRL entry has extensions, otherwise
* false.
*/
public boolean hasExtensions() {
return (extensions != null);
}
/**
* Encodes the revoked certificate to an output stream.
*
* @param outStrm an output stream to which the encoded revoked
* certificate is written.
* @exception CRLException on encoding errors.
*/
try {
if (revokedCert == null) {
// sequence { serialNumber, revocationDate, extensions }
} else {
}
if (extensions != null)
}
} catch (IOException e) {
}
}
/**
* Returns the ASN.1 DER-encoded form of this CRL Entry,
* which corresponds to the inner SEQUENCE.
*
* @exception CRLException if an encoding error occurs.
*/
return getEncoded0().clone();
}
// Called internally to avoid clone
if (revokedCert == null)
this.encode(new DerOutputStream());
return revokedCert;
}
return certIssuer;
}
this.certIssuer = null;
} else {
this.certIssuer = certIssuer;
}
}
/**
* Gets the serial number from this X509CRLEntry,
* i.e. the <em>userCertificate</em>.
*
* @return the serial number.
*/
return serialNumber.getNumber();
}
/**
* Gets the revocation date from this X509CRLEntry,
* the <em>revocationDate</em>.
*
* @return the revocation date.
*/
}
/**
* This method is the overridden implementation of the getRevocationReason
* method in X509CRLEntry. It is better performance-wise since it returns
* cached values.
*/
return null;
}
return rcExt.getReasonCode();
}
/**
* This static method is the default implementation of the
* getRevocationReason method in X509CRLEntry.
*/
try {
return null;
}
return rcExt.getReasonCode();
} catch (IOException ioe) {
return null;
}
}
/**
* get Reason Code from CRL entry.
*
* @returns Integer or null, if no such extension
* @throws IOException on error
*/
return null;
}
/**
* Returns a printable string of this revoked certificate.
*
* @return value of this revoked certificate in a printable form.
*/
if (certIssuer != null) {
}
if (extensions != null) {
try {
+ "DER encoded OCTET string =\n"
}
} else
} catch (Exception e) {
}
}
}
}
/**
* Return true if a critical extension is found that is
* not supported, otherwise return false.
*/
public boolean hasUnsupportedCriticalExtension() {
if (extensions == null)
return false;
return extensions.hasUnsupportedCriticalExtension();
}
/**
* Gets a Set of the extension(s) marked CRITICAL in this
* X509CRLEntry. In the returned set, each extension is
* represented by its OID string.
*
* @return a set of the extension oid strings in the
* Object that are marked critical.
*/
if (extensions == null) {
return null;
}
if (ex.isCritical()) {
}
}
return extSet;
}
/**
* Gets a Set of the extension(s) marked NON-CRITICAL in this
* X509CRLEntry. In the returned set, each extension is
* represented by its OID string.
*
* @return a set of the extension oid strings in the
* Object that are marked critical.
*/
if (extensions == null) {
return null;
}
if (!ex.isCritical()) {
}
}
return extSet;
}
/**
* Gets the DER encoded OCTET string for the extension value
* (<em>extnValue</em>) identified by the passed in oid String.
* The <code>oid</code> string is
* represented by a set of positive whole number separated
* by ".", that means,<br>
* <positive whole number>.<positive whole number>.<positive
* whole number>.<...>
*
* @param oid the Object Identifier value for the extension.
* @return the DER encoded octet string of the extension value.
*/
if (extensions == null)
return null;
try {
e.hasMoreElements();) {
ex = e.nextElement();
break;
}
}
} else
return null;
return null;
return out.toByteArray();
} catch (Exception e) {
return null;
}
}
/**
* get an extension
*
* @param oid ObjectIdentifier of extension desired
* @returns Extension of type <extension> or null, if not found
*/
if (extensions == null)
return null;
// following returns null if no such OID in map
//XXX consider cloning this
}
throws CRLException, IOException {
throw new CRLException("Invalid encoded RevokedCertificate, " +
"starting sequence tag missing.");
}
throw new CRLException("No data encoded for RevokedCertificates");
// serial number
// revocationDate
} else
throw new CRLException("Invalid encoding for revocation date");
return; // no extensions
// crlEntryExtensions
}
/**
* Utility method to convert an arbitrary instance of X509CRLEntry
* to a X509CRLEntryImpl. Does a cast if possible, otherwise reparses
* the encoding.
*/
throws CRLException {
if (entry instanceof X509CRLEntryImpl) {
return (X509CRLEntryImpl)entry;
} else {
}
}
/**
* Returns the CertificateIssuerExtension
*
* @return the CertificateIssuerExtension, or null if it does not exist
*/
return (CertificateIssuerExtension)
}
/**
* Returns all extensions for this entry in a map
* @return the extension map, can be empty, but not null
*/
if (extensions == null) {
return Collections.emptyMap();
}
}
return map;
}
if (compSerial != 0) {
return compSerial;
}
try {
byte[] thisEncoded = this.getEncoded0();
int a = thisEncoded[i] & 0xff;
int b = thatEncoded[i] & 0xff;
if (a != b) return a-b;
}
} catch (CRLException ce) {
return -1;
}
}
}