x509certificate.java

gcc的JAVA模块的源代码

    throws CertificateParsingException
  {
    byte[] ext = getExtensionValue("2.5.29.18");
    if (ext == null)
      return null;
    return getAltNames(ext);
  }

// X509Extension methods.
  // ------------------------------------------------------------------------

  public boolean hasUnsupportedCriticalExtension()
  {
    for (Iterator it = critOids.iterator(); it.hasNext(); )
      {
        String oid = (String) it.next();
        if (!oid.equals("2.5.29.15") && !oid.equals("2.5.29.17") &&
            !oid.equals("2.5.29.18") && !oid.equals("2.5.29.19") &&
            !oid.equals("2.5.29.37"))
          return true;
      }
    return false;
  }

  public Set getCriticalExtensionOIDs()
  {
    return Collections.unmodifiableSet(critOids);
  }

  public Set getNonCriticalExtensionOIDs()
  {
    return Collections.unmodifiableSet(nonCritOids);
  }

  public byte[] getExtensionValue(String oid)
  {
    byte[] ext = (byte[]) extensions.get(oid);
    if (ext != null)
      return (byte[]) ext.clone();
    return null;
  }

  // Certificate methods.
  // ------------------------------------------------------------------------

  public byte[] getEncoded() throws CertificateEncodingException
  {
    return (byte[]) encoded.clone();
  }

  public void verify(PublicKey key)
    throws CertificateException, NoSuchAlgorithmException, 
           InvalidKeyException, NoSuchProviderException, SignatureException
  {
    Signature sig = Signature.getInstance(sigAlgId.toString());
    doVerify(sig, key);
  }

  public void verify(PublicKey key, String provider)
    throws CertificateException, NoSuchAlgorithmException,
           InvalidKeyException, NoSuchProviderException, SignatureException
  {
    Signature sig = Signature.getInstance(sigAlgId.toString(), provider);
    doVerify(sig, key);
  }

  public String toString()
  {
    // XXX say more than this.
    return gnu.java.security.x509.X509Certificate.class.getName();
  }

  public PublicKey getPublicKey()
  {
    return subjectKey;
  }

  protected Object writeReplace() throws ObjectStreamException
  {
    return super.writeReplace();
  }
  
  // Own methods.
  // ------------------------------------------------------------------------

  /**
   * Verify this certificate's signature.
   */
  private void doVerify(Signature sig, PublicKey key)
    throws CertificateException, InvalidKeyException, SignatureException
  {
    sig.initVerify(key);
    sig.update(tbsCertBytes);
    if (!sig.verify(signature))
      throw new CertificateException("signature not validated");
  }

  /**
   * Read a GeneralNames structure.
   */
  private List getAltNames(byte[] encoded)
    throws CertificateParsingException
  {
    LinkedList names = new LinkedList();
    try
      {
        ByteArrayInputStream in = new ByteArrayInputStream(encoded);
        DERReader der = new DERReader(in);
        DERValue seq = der.read();
        if (!seq.isConstructed())
          throw new CertificateParsingException();
        int len = 0;
        while (len < seq.getLength())
          {
            DERValue name = der.read();
            ArrayList pair = new ArrayList(2);
            Object nameVal = null;
            switch (name.getTag())
              {
                case RFC882_NAME:
                case DNS_NAME:
                case URI:
                  nameVal = new String((byte[]) name.getValue());
                  break;
                case IP_ADDRESS:
                  nameVal = InetAddress.getByAddress(
                    (byte[]) name.getValue()).getHostAddress();
                  break;
                case REGISTERED_ID:
                  nameVal = new OID((byte[]) name.getValue());
                  break;
                case OTHER_NAME:
                case X400_ADDRESS:
                case DIRECTORY_NAME:
                case EDI_PARTY_NAME:
                  nameVal = name.getEncoded();
                  break;
                default:
                  throw new CertificateParsingException();
              }
            pair.add(new Integer(name.getTag()));
            pair.add(nameVal);
            names.add(pair);
            if (name.isConstructed())
              in.skip(name.getLength());
            len += name.getEncodedLength();
          }
      }
    catch (IOException ioe)
      {
        throw new CertificateParsingException(ioe.toString());
      }
    return Collections.unmodifiableList(names);
  }

  /**
   * Parse a DER stream into an X.509 certificate.
   *
   * @param encoded The encoded bytes.
   */
  private void parse(InputStream encoded) throws Exception
  {
    DERReader der = new DERReader(encoded);

    // Certificate ::= SEQUENCE {
    DERValue cert = der.read();
    this.encoded = cert.getEncoded();
    if (!cert.isConstructed())
      throw new ASN1ParsingException("malformed Certificate");

    // TBSCertificate ::= SEQUENCE {
    DERValue tbsCert = der.read();
    if (tbsCert.getValue() != DER.CONSTRUCTED_VALUE)
      throw new ASN1ParsingException("malformed TBSCertificate");
    tbsCertBytes = tbsCert.getEncoded();

    DERValue val = der.read();
    if (val.getTagClass() == DER.CONTEXT && val.getTag() == 0)
      {
        // Version ::= INTEGER [0] { v1(0), v2(1), v3(2) }
        version = ((BigInteger) der.read().getValue()).intValue() + 1;
        val = der.read();
      }
    else
      {
        version = 1;
      }
    // SerialNumber ::= INTEGER
    serialNo = (BigInteger) val.getValue();

    // AlgorithmIdentifier ::= SEQUENCE {
    val = der.read();
    if (!val.isConstructed())
      throw new ASN1ParsingException("malformed AlgorithmIdentifier");
    int certAlgLen = val.getLength();
    val = der.read();
    algId = (OID) val.getValue();
    if (certAlgLen > val.getEncodedLength())
      {
        val = der.read();
        if (val == null)
          algVal = null;
        else
          algVal = val.getEncoded();
        if (val.isConstructed())
          encoded.skip(val.getLength());
      }

    issuer = new X500Principal(encoded);

    if (!der.read().isConstructed())
      throw new ASN1ParsingException("malformed Validity");
    notBefore = (Date) der.read().getValue();
    notAfter  = (Date) der.read().getValue();

    subject = new X500Principal(encoded);

    if (!der.read().isConstructed())
      throw new ASN1ParsingException("malformed SubjectPublicKeyInfo");
   
    val = der.read();
    if (!val.isConstructed())
      throw new ASN1ParsingException("malformed AlgorithmIdentifier");
    int keyAlgLen = val.getLength();
    val = der.read();
    OID keyID = (OID) val.getValue();
    byte[] keyParams = null;
    if (keyAlgLen > val.getEncodedLength())
      {
        val = der.read();
        keyParams = val.getEncoded();
        if (algVal == null)
          algVal = keyParams;
        if (val.isConstructed())
          encoded.skip(val.getLength());
      }
    val = der.read();
    byte[] keyVal = ((BitString) val.getValue()).toByteArray();

    if (keyID.equals(ID_DSA))
      {
        AlgorithmParameters params = AlgorithmParameters.getInstance("DSA");
        params.init(keyParams, "ASN.1");
        KeyFactory keyFac = KeyFactory.getInstance("DSA");
        DSAParameterSpec spec = (DSAParameterSpec)
          params.getParameterSpec(DSAParameterSpec.class);
        subjectKey = keyFac.generatePublic(new DSAPublicKeySpec(
          (BigInteger) new DERReader(keyVal).read().getValue(),
          spec.getP(), spec.getQ(), spec.getG()));
      }
    else if (keyID.equals(ID_RSA))
      {
        KeyFactory keyFac = KeyFactory.getInstance("RSA");
        DERReader rsaKey = new DERReader(keyVal);
        if (!rsaKey.read().isConstructed())
          throw new ASN1ParsingException("malformed RSAPublicKey");
        subjectKey = keyFac.generatePublic(new RSAPublicKeySpec(
          (BigInteger) rsaKey.read().getValue(),
          (BigInteger) rsaKey.read().getValue()));
      }
    else
      throw new ASN1ParsingException("unknown key algorithm " + keyID);

    if (version > 1)
      val = der.read();
    if (version >= 2 && val.getTagClass() != DER.UNIVERSAL && val.getTag() == 1)
      {
        byte[] b = (byte[]) val.getValue();
        issuerUniqueId = new BitString(b, 1, b.length-1, b[0] & 0xFF);
        val = der.read();
      }
    if (version >= 2 && val.getTagClass() != DER.UNIVERSAL && val.getTag() == 2)
      {
        byte[] b = (byte[]) val.getValue();
        subjectUniqueId = new BitString(b, 1, b.length-1, b[0] & 0xFF);
        val = der.read();
      }
    if (version >= 3 && val.getTagClass() != DER.UNIVERSAL && val.getTag() == 3)
      {
        val = der.read();
        int len = 0;
        while (len < val.getLength())
          {
            DERValue ext = der.read();
            OID extId = (OID) der.read().getValue();
            DERValue val2 = der.read();
            Boolean crit = Boolean.valueOf(false);
            if (val2.getValue() instanceof Boolean)
              {
                crit = (Boolean) val2.getValue();
                val2 = der.read();
              }
            byte[] extVal = (byte[]) val2.getValue();
            extensions.put(extId.toString(), extVal);
            if (crit.booleanValue())
              critOids.add(extId.toString());
            else
              nonCritOids.add(extId.toString());
            if (extId.equals(ID_KEY_USAGE))
              {
                keyUsage = (BitString) DERReader.read(extVal).getValue();
              }
            else if (extId.equals(ID_BASIC_CONSTRAINTS))
              {
                DERReader bc = new DERReader(extVal);
                DERValue constraints = bc.read();
                if (!constraints.isConstructed())
                  throw new ASN1ParsingException("malformed BasicConstraints");
                if (constraints.getLength() > 0)
                  {
                    boolean ca = false;
                    int constr = -1;
                    val2 = bc.read();
                    if (val2.getValue() instanceof Boolean)
                      {
                        ca = ((Boolean) val2.getValue()).booleanValue();
                        if (constraints.getLength() > val2.getEncodedLength())
                          val2 = bc.read();
                      }
                    if (val2.getValue() instanceof BigInteger)
                      constr = ((BigInteger) val2.getValue()).intValue();
                    basicConstraints = constr;
                  }
              }
            len += ext.getEncodedLength();
          }
      }

    val = der.read();
    if (!val.isConstructed())
      throw new ASN1ParsingException("malformed AlgorithmIdentifier");
    int sigAlgLen = val.getLength();
    val = der.read();
    sigAlgId = (OID) val.getValue();
    if (sigAlgLen > val.getEncodedLength())
      {
        val = der.read();
        if (val.getValue() == null)
          sigAlgVal = keyParams;
        else
          sigAlgVal = (byte[]) val.getEncoded();
        if (val.isConstructed())
          encoded.skip(val.getLength());
      }
    signature = ((BitString) der.read().getValue()).toByteArray();
  }
}