📄 x509certificateobject.java
字号:
package org.bouncycastle.jce.provider;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Set;
import java.util.Vector;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.*;
import org.bouncycastle.asn1.misc.MiscObjectIdentifiers;
import org.bouncycastle.asn1.misc.NetscapeCertType;
import org.bouncycastle.asn1.misc.NetscapeRevocationURL;
import org.bouncycastle.asn1.misc.VerisignCzagExtension;
import org.bouncycastle.asn1.util.ASN1Dump;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.X509CertificateStructure;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.jce.X509Principal;
import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier;
import org.bouncycastle.util.encoders.Hex;
public class X509CertificateObject
extends X509Certificate
implements PKCS12BagAttributeCarrier
{
private X509CertificateStructure c;
private Hashtable pkcs12Attributes = new Hashtable();
private Vector pkcs12Ordering = new Vector();
public X509CertificateObject(
X509CertificateStructure c)
{
this.c = c;
}
public void checkValidity()
throws CertificateExpiredException, CertificateNotYetValidException
{
this.checkValidity(new Date());
}
public void checkValidity(
Date date)
throws CertificateExpiredException, CertificateNotYetValidException
{
if (date.after(this.getNotAfter()))
{
throw new CertificateExpiredException("certificate expired on " + c.getEndDate().getTime());
}
if (date.before(this.getNotBefore()))
{
throw new CertificateNotYetValidException("certificate not valid till " + c.getStartDate().getTime());
}
}
public int getVersion()
{
return c.getVersion();
}
public BigInteger getSerialNumber()
{
return c.getSerialNumber().getValue();
}
public Principal getIssuerDN()
{
return new X509Principal(c.getIssuer());
}
public X500Principal getIssuerX500Principal()
{
try
{
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
ASN1OutputStream aOut = new ASN1OutputStream(bOut);
aOut.writeObject(c.getIssuer());
return new X500Principal(bOut.toByteArray());
}
catch (IOException e)
{
throw new IllegalStateException("can't encode issuer DN");
}
}
public Principal getSubjectDN()
{
return new X509Principal(c.getSubject());
}
public X500Principal getSubjectX500Principal()
{
try
{
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
ASN1OutputStream aOut = new ASN1OutputStream(bOut);
aOut.writeObject(c.getSubject());
return new X500Principal(bOut.toByteArray());
}
catch (IOException e)
{
throw new IllegalStateException("can't encode issuer DN");
}
}
public Date getNotBefore()
{
return c.getStartDate().getDate();
}
public Date getNotAfter()
{
return c.getEndDate().getDate();
}
public byte[] getTBSCertificate()
throws CertificateEncodingException
{
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
DEROutputStream dOut = new DEROutputStream(bOut);
try
{
dOut.writeObject(c.getTBSCertificate());
return bOut.toByteArray();
}
catch (IOException e)
{
throw new CertificateEncodingException(e.toString());
}
}
public byte[] getSignature()
{
return c.getSignature().getBytes();
}
/**
* return a more "meaningful" representation for the signature algorithm used in
* the certficate.
*/
public String getSigAlgName()
{
Provider prov = Security.getProvider("BC");
String algName = prov.getProperty("Alg.Alias.Signature." + this.getSigAlgOID());
if (algName != null)
{
return algName;
}
Provider[] provs = Security.getProviders();
//
// search every provider looking for a real algorithm
//
for (int i = 0; i != provs.length; i++)
{
algName = provs[i].getProperty("Alg.Alias.Signature." + this.getSigAlgOID());
if (algName != null)
{
return algName;
}
}
return this.getSigAlgOID();
}
/**
* return the object identifier for the signature.
*/
public String getSigAlgOID()
{
return c.getSignatureAlgorithm().getObjectId().getId();
}
/**
* return the signature parameters, or null if there aren't any.
*/
public byte[] getSigAlgParams()
{
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
if (c.getSignatureAlgorithm().getParameters() != null)
{
try
{
DEROutputStream dOut = new DEROutputStream(bOut);
dOut.writeObject(c.getSignatureAlgorithm().getParameters());
}
catch (Exception e)
{
throw new RuntimeException("exception getting sig parameters " + e);
}
return bOut.toByteArray();
}
else
{
return null;
}
}
public boolean[] getIssuerUniqueID()
{
DERBitString id = c.getTBSCertificate().getIssuerUniqueId();
if (id != null)
{
byte[] bytes = id.getBytes();
boolean[] boolId = new boolean[bytes.length * 8 - id.getPadBits()];
for (int i = 0; i != boolId.length; i++)
{
boolId[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0;
}
return boolId;
}
return null;
}
public boolean[] getSubjectUniqueID()
{
DERBitString id = c.getTBSCertificate().getSubjectUniqueId();
if (id != null)
{
byte[] bytes = id.getBytes();
boolean[] boolId = new boolean[bytes.length * 8 - id.getPadBits()];
for (int i = 0; i != boolId.length; i++)
{
boolId[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0;
}
return boolId;
}
return null;
}
public boolean[] getKeyUsage()
{
byte[] bytes = this.getExtensionBytes("2.5.29.15");
int length = 0;
if (bytes != null)
{
try
{
DERInputStream dIn = new DERInputStream(new ByteArrayInputStream(bytes));
DERBitString bits = (DERBitString)dIn.readObject();
bytes = bits.getBytes();
length = (bytes.length * 8) - bits.getPadBits();
}
catch (Exception e)
{
throw new RuntimeException("error processing key usage extension");
}
boolean[] keyUsage = new boolean[(length < 9) ? 9 : length];
for (int i = 0; i != length; i++)
{
keyUsage[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0;
}
return keyUsage;
}
return null;
}
public int getBasicConstraints()
{
byte[] bytes = this.getExtensionBytes("2.5.29.19");
if (bytes != null)
{
try
{
DERInputStream dIn = new DERInputStream(new ByteArrayInputStream(bytes));
ASN1Sequence seq = (ASN1Sequence)dIn.readObject();
if (seq.size() == 2)
{
if (((DERBoolean)seq.getObjectAt(0)).isTrue())
{
return ((DERInteger)seq.getObjectAt(1)).getValue().intValue();
}
else
{
return -1;
}
}
else if (seq.size() == 1)
{
if (seq.getObjectAt(0) instanceof DERBoolean)
{
if (((DERBoolean)seq.getObjectAt(0)).isTrue())
{
return Integer.MAX_VALUE;
}
else
{
return -1;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -