📄 x509crlobject.java

📁 kmlnjlkj nlkjlkjkljl okopokipoipo oipipipo i
💻 JAVA
📖 第 1 页 / 共 2 页
字号:
12 下一页
package org.bouncycastle.jce.provider;import org.bouncycastle.asn1.ASN1Encodable;import org.bouncycastle.asn1.ASN1InputStream;import org.bouncycastle.asn1.ASN1OutputStream;import org.bouncycastle.asn1.ASN1Sequence;import org.bouncycastle.asn1.DERInteger;import org.bouncycastle.asn1.DERObjectIdentifier;import org.bouncycastle.asn1.DEROutputStream;import org.bouncycastle.asn1.util.ASN1Dump;import org.bouncycastle.asn1.x509.CRLDistPoint;import org.bouncycastle.asn1.x509.CRLNumber;import org.bouncycastle.asn1.x509.CertificateList;import org.bouncycastle.asn1.x509.IssuingDistributionPoint;import org.bouncycastle.asn1.x509.TBSCertList;import org.bouncycastle.asn1.x509.X509Extension;import org.bouncycastle.asn1.x509.X509Extensions;import org.bouncycastle.jce.X509Principal;import org.bouncycastle.util.encoders.Hex;import org.bouncycastle.x509.extension.X509ExtensionUtil;import javax.security.auth.x500.X500Principal;import java.io.ByteArrayOutputStream;import java.io.IOException;import java.math.BigInteger;import java.security.InvalidKeyException;import java.security.NoSuchAlgorithmException;import java.security.NoSuchProviderException;import java.security.Principal;import java.security.PublicKey;import java.security.Signature;import java.security.SignatureException;import java.security.cert.CRLException;import java.security.cert.Certificate;import java.security.cert.X509CRL;import java.security.cert.X509CRLEntry;import java.security.cert.X509Certificate;import java.util.Date;import java.util.Enumeration;import java.util.HashSet;import java.util.Iterator;import java.util.Set;import java.util.Collections;/** * The following extensions are listed in RFC 2459 as relevant to CRLs * * Authority Key Identifier * Issuer Alternative Name * CRL Number * Delta CRL Indicator (critical) * Issuing Distribution Point (critical) */public class X509CRLObject    extends X509CRL{    private CertificateList c;    private String sigAlgName;    private byte[] sigAlgParams;    private boolean isIndirect;    public X509CRLObject(        CertificateList c)        throws CRLException    {        this.c = c;                try        {            this.sigAlgName = X509SignatureUtil.getSignatureName(c.getSignatureAlgorithm());                        if (c.getSignatureAlgorithm().getParameters() != null)            {                this.sigAlgParams = ((ASN1Encodable)c.getSignatureAlgorithm().getParameters()).getDEREncoded();            }            else            {                this.sigAlgParams = null;            }            this.isIndirect = isIndirectCRL();        }        catch (Exception e)        {            throw new CRLException("CRL contents invalid: " + e);        }    }    /**     * Will return true if any extensions are present and marked     * as critical as we currently dont handle any extensions!     */    public boolean hasUnsupportedCriticalExtension()    {        Set extns = getCriticalExtensionOIDs();        if (extns == null)        {            return false;        }        extns.remove(RFC3280CertPathUtilities.ISSUING_DISTRIBUTION_POINT);        extns.remove(RFC3280CertPathUtilities.DELTA_CRL_INDICATOR);        return !extns.isEmpty();    }    private Set getExtensionOIDs(boolean critical)    {        if (this.getVersion() == 2)        {            X509Extensions extensions = c.getTBSCertList().getExtensions();            if (extensions != null)            {                Set set = new HashSet();                Enumeration e = extensions.oids();                while (e.hasMoreElements())                {                    DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement();                    X509Extension ext = extensions.getExtension(oid);                    if (critical == ext.isCritical())                    {                        set.add(oid.getId());                    }                }                return set;            }        }        return null;    }    public Set getCriticalExtensionOIDs()    {        return getExtensionOIDs(true);    }    public Set getNonCriticalExtensionOIDs()    {        return getExtensionOIDs(false);    }    public byte[] getExtensionValue(String oid)    {        X509Extensions exts = c.getTBSCertList().getExtensions();        if (exts != null)        {            X509Extension   ext = exts.getExtension(new DERObjectIdentifier(oid));            if (ext != null)            {                try                {                    return ext.getValue().getEncoded();                }                catch (Exception e)                {                    throw new IllegalStateException("error parsing " + e.toString());                }            }        }        return null;    }    public byte[] getEncoded()        throws CRLException    {        ByteArrayOutputStream    bOut = new ByteArrayOutputStream();        DEROutputStream            dOut = new DEROutputStream(bOut);        try        {            dOut.writeObject(c);            return bOut.toByteArray();        }        catch (IOException e)        {            throw new CRLException(e.toString());        }    }    public void verify(PublicKey key)        throws CRLException,  NoSuchAlgorithmException,            InvalidKeyException, NoSuchProviderException, SignatureException    {        verify(key, "BC");    }    public void verify(PublicKey key, String sigProvider)        throws CRLException, NoSuchAlgorithmException,            InvalidKeyException, NoSuchProviderException, SignatureException    {        if (!c.getSignatureAlgorithm().equals(c.getTBSCertList().getSignature()))        {            throw new CRLException("Signature algorithm on CertificateList does not match TBSCertList.");        }        Signature sig = Signature.getInstance(getSigAlgName(), sigProvider);        sig.initVerify(key);        sig.update(this.getTBSCertList());        if (!sig.verify(this.getSignature()))        {            throw new SignatureException("CRL does not verify with supplied public key.");        }    }    public int getVersion()    {        return c.getVersion();    }    public Principal getIssuerDN()    {        return new X509Principal(c.getIssuer());    }    public X500Principal getIssuerX500Principal()    {        try        {            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();            ASN1OutputStream        aOut = new ASN1OutputStream(bOut);            aOut.writeObject(c.getIssuer());            return new X500Principal(bOut.toByteArray());        }        catch (IOException e)        {            throw new IllegalStateException("can't encode issuer DN");        }    }    public Date getThisUpdate()    {        return c.getThisUpdate().getDate();    }    public Date getNextUpdate()    {        if (c.getNextUpdate() != null)        {            return c.getNextUpdate().getDate();        }        return null;    }     private Set loadCRLEntries()    {        Set entrySet = new HashSet();        Enumeration certs = c.getRevokedCertificateEnumeration();        X500Principal previousCertificateIssuer = getIssuerX500Principal();        while (certs.hasMoreElements())        {            TBSCertList.CRLEntry entry = (TBSCertList.CRLEntry)certs.nextElement();            X509CRLEntryObject crlEntry = new X509CRLEntryObject(entry, isIndirect, previousCertificateIssuer);            entrySet.add(crlEntry);            previousCertificateIssuer = crlEntry.getCertificateIssuer();
12 下一页
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -