Source for java.security.cert.X509CRL

   1: /* X509CRL.java --- X.509 Certificate Revocation List
   2:    Copyright (C) 1999, 2004  Free Software Foundation, Inc.
   3: 
   4: This file is part of GNU Classpath.
   5: 
   6: GNU Classpath is free software; you can redistribute it and/or modify
   7: it under the terms of the GNU General Public License as published by
   8: the Free Software Foundation; either version 2, or (at your option)
   9: any later version.
  10: 
  11: GNU Classpath is distributed in the hope that it will be useful, but
  12: WITHOUT ANY WARRANTY; without even the implied warranty of
  13: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14: General Public License for more details.
  15: 
  16: You should have received a copy of the GNU General Public License
  17: along with GNU Classpath; see the file COPYING.  If not, write to the
  18: Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
  19: 02110-1301 USA.
  20: 
  21: Linking this library statically or dynamically with other modules is
  22: making a combined work based on this library.  Thus, the terms and
  23: conditions of the GNU General Public License cover the whole
  24: combination.
  25: 
  26: As a special exception, the copyright holders of this library give you
  27: permission to link this library with independent modules to produce an
  28: executable, regardless of the license terms of these independent
  29: modules, and to copy and distribute the resulting executable under
  30: terms of your choice, provided that you also meet, for each linked
  31: independent module, the terms and conditions of the license of that
  32: module.  An independent module is a module which is not derived from
  33: or based on this library.  If you modify this library, you may extend
  34: this exception to your version of the library, but you are not
  35: obligated to do so.  If you do not wish to do so, delete this
  36: exception statement from your version. */
  37: 
  38: 
  39: package java.security.cert;
  40: 
  41: import java.math.BigInteger;
  42: import java.security.InvalidKeyException;
  43: import java.security.NoSuchAlgorithmException;
  44: import java.security.NoSuchProviderException;
  45: import java.security.Principal;
  46: import java.security.PublicKey;
  47: import java.security.SignatureException;
  48: import java.util.Date;
  49: import java.util.Set;
  50: 
  51: import javax.security.auth.x500.X500Principal;
  52: 
  53: /**
  54:    The X509CRL class is the abstract class used to manage
  55:    X.509 Certificate Revocation Lists. The CRL is a list of
  56:    time stamped entries which indicate which lists have been
  57:    revoked. The list is signed by a Certificate Authority (CA)
  58:    and made publically available in a repository.
  59: 
  60:    Each revoked certificate in the CRL is identified by its
  61:    certificate serial number. When a piece of code uses a
  62:    certificate, the certificates validity is checked by
  63:    validating its signature and determing that it is not
  64:    only a recently acquired CRL. The recently aquired CRL
  65:    is depends on the local policy in affect. The CA issues
  66:    a new CRL periodically and entries are removed as the
  67:    certificate expiration date is reached
  68: 
  69: 
  70:    A description of the X.509 v2 CRL follows below from rfc2459.
  71: 
  72:    "The X.509 v2 CRL syntax is as follows.  For signature calculation,
  73:    the data that is to be signed is ASN.1 DER encoded.  ASN.1 DER
  74:    encoding is a tag, length, value encoding system for each element.
  75: 
  76:            CertificateList  ::=  SEQUENCE  {
  77:                 tbsCertList          TBSCertList,
  78:                 signatureAlgorithm   AlgorithmIdentifier,
  79:                 signatureValue       BIT STRING  }
  80: 
  81:            TBSCertList  ::=  SEQUENCE  {
  82:                 version                 Version OPTIONAL,
  83:                                      -- if present, shall be v2
  84:                 signature               AlgorithmIdentifier,
  85:                 issuer                  Name,
  86:                 thisUpdate              Time,
  87:                 nextUpdate              Time OPTIONAL,
  88:                 revokedCertificates     SEQUENCE OF SEQUENCE  {
  89:                      userCertificate         CertificateSerialNumber,
  90:                      revocationDate          Time,
  91:                      crlEntryExtensions      Extensions OPTIONAL
  92:                                                    -- if present, shall be v2
  93:                                           }  OPTIONAL,
  94:                 crlExtensions           [0]  EXPLICIT Extensions OPTIONAL
  95:                                                    -- if present, shall be v2
  96:                                           }"
  97: 
  98:         @author Mark Benvenuto
  99: 
 100:         @since 1.2
 101: */
 102: public abstract class X509CRL extends CRL implements X509Extension
 103: {
 104: 
 105:   /**
 106:      Constructs a new X509CRL.
 107:   */
 108:   protected X509CRL()
 109:   {
 110:     super("X.509");
 111:   }
 112: 
 113:   /**
 114:      Compares this X509CRL to other. It checks if the
 115:      object if instanceOf X509CRL and then checks if
 116:      the encoded form matches.
 117: 
 118:      @param other An Object to test for equality
 119: 
 120:      @return true if equal, false otherwise
 121:   */
 122:   public boolean equals(Object other)
 123:   {
 124:     if( other instanceof X509CRL ) {
 125:       try {
 126:         X509CRL x = (X509CRL) other;
 127:         if( getEncoded().length != x.getEncoded().length )
 128:           return false;
 129: 
 130:         byte[] b1 = getEncoded();
 131:         byte[] b2 = x.getEncoded();
 132: 
 133:         for( int i = 0; i < b1.length; i++ )
 134:           if( b1[i] != b2[i] )
 135:             return false;
 136: 
 137:       } catch( CRLException crle ) {
 138:         return false;
 139:       }
 140:       return true;
 141:     }
 142:     return false;
 143:   }
 144: 
 145:   /**
 146:      Returns a hash code for this X509CRL in its encoded
 147:      form.
 148: 
 149:      @return A hash code of this class
 150:   */
 151:   public int hashCode()
 152:   {
 153:     return super.hashCode();
 154:   }
 155: 
 156:   /**
 157:      Gets the DER ASN.1 encoded format for this X.509 CRL.
 158: 
 159:      @return byte array containg encoded form
 160: 
 161:      @throws CRLException if an error occurs
 162:   */
 163:   public abstract byte[] getEncoded() throws CRLException;
 164: 
 165:   /**
 166:      Verifies that this CRL was properly signed with the
 167:      PublicKey that corresponds to its private key.
 168: 
 169:      @param key PublicKey to verify with
 170: 
 171:      @throws CRLException encoding error
 172:      @throws NoSuchAlgorithmException unsupported algorithm
 173:      @throws InvalidKeyException incorrect key
 174:      @throws NoSuchProviderException no provider
 175:      @throws SignatureException signature error
 176:   */
 177:   public abstract void verify(PublicKey key)
 178:     throws CRLException,
 179:     NoSuchAlgorithmException,
 180:     InvalidKeyException,
 181:     NoSuchProviderException,
 182:     SignatureException;
 183: 
 184:   /**
 185:      Verifies that this CRL was properly signed with the
 186:      PublicKey that corresponds to its private key and uses
 187:      the signature engine provided by the provider.
 188: 
 189:      @param key PublicKey to verify with
 190:      @param sigProvider Provider to use for signature algorithm
 191: 
 192:      @throws CRLException encoding error
 193:      @throws NoSuchAlgorithmException unsupported algorithm
 194:      @throws InvalidKeyException incorrect key
 195:      @throws NoSuchProviderException incorrect provider
 196:      @throws SignatureException signature error
 197:   */
 198:   public abstract void verify(PublicKey key,
 199:                               String sigProvider)
 200:     throws CRLException,
 201:     NoSuchAlgorithmException,
 202:     InvalidKeyException,
 203:     NoSuchProviderException,
 204:     SignatureException;
 205: 
 206:   /**
 207:      Gets the version of this CRL.
 208: 
 209:      The ASN.1 encoding is:
 210: 
 211:      version                 Version OPTIONAL,
 212:      -- if present, shall be v2
 213: 
 214:      Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
 215: 
 216:      Consult rfc2459 for more information.
 217: 
 218:      @return the version number, Ex: 1 or 2
 219:   */
 220:   public abstract int getVersion();
 221: 
 222:   /**
 223:      Returns the issuer (issuer distinguished name) of the CRL.
 224:      The issuer is the entity who signed and issued the
 225:      Certificate Revocation List.
 226: 
 227:      The ASN.1 DER encoding is:
 228: 
 229:      issuer                  Name,
 230: 
 231:      Name ::= CHOICE {
 232:      RDNSequence }
 233: 
 234:      RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
 235: 
 236:      RelativeDistinguishedName ::=
 237:      SET OF AttributeTypeAndValue
 238: 
 239:      AttributeTypeAndValue ::= SEQUENCE {
 240:      type     AttributeType,
 241:      value    AttributeValue }
 242: 
 243:      AttributeType ::= OBJECT IDENTIFIER
 244: 
 245:      AttributeValue ::= ANY DEFINED BY AttributeType
 246: 
 247:      DirectoryString ::= CHOICE {
 248:      teletexString           TeletexString (SIZE (1..MAX)),
 249:      printableString         PrintableString (SIZE (1..MAX)),
 250:      universalString         UniversalString (SIZE (1..MAX)),
 251:      utf8String              UTF8String (SIZE (1.. MAX)),
 252:      bmpString               BMPString (SIZE (1..MAX)) }
 253: 
 254:      Consult rfc2459 for more information.
 255: 
 256:      @return the issuer in the Principal class
 257:   */
 258:   public abstract Principal getIssuerDN();
 259: 
 260:   /**
 261:      Returns the thisUpdate date of the CRL.
 262: 
 263:      The ASN.1 DER encoding is:
 264: 
 265:      thisUpdate              Time,
 266: 
 267:      Time ::= CHOICE {
 268:      utcTime        UTCTime,
 269:      generalTime    GeneralizedTime }
 270: 
 271:      Consult rfc2459 for more information.
 272: 
 273:      @return the thisUpdate date
 274:   */
 275:   public abstract Date getThisUpdate();
 276: 
 277:   /*
 278:     Gets the nextUpdate field
 279: 
 280:     The ASN.1 DER encoding is:
 281: 
 282:     nextUpdate              Time OPTIONAL,
 283: 
 284:     Time ::= CHOICE {
 285:     utcTime        UTCTime,
 286:     generalTime    GeneralizedTime }
 287: 
 288:     Consult rfc2459 for more information.
 289: 
 290:     @return the nextUpdate date
 291:   */
 292:   public abstract Date getNextUpdate();
 293: 
 294:   /**
 295:      Gets the requeste dX509Entry for the specified
 296:      certificate serial number.
 297: 
 298:      @return a X509CRLEntry representing the X.509 CRL entry
 299:   */
 300:   public abstract X509CRLEntry getRevokedCertificate(BigInteger serialNumber);
 301: 
 302:   /**
 303:      Returns a Set of revoked certificates.
 304: 
 305:      @return a set of revoked certificates.
 306:   */
 307:   public abstract Set<? extends X509CRLEntry> getRevokedCertificates();
 308: 
 309:   /**
 310:      Returns the DER ASN.1 encoded tbsCertList which is
 311:      the basic information of the list and associated certificates
 312:      in the encoded state. See top for more information.
 313: 
 314:      The ASN.1 DER encoding is:
 315: 
 316:      tbsCertList          TBSCertList,
 317: 
 318:      Consult rfc2459 for more information.
 319: 
 320:      @return byte array representing tbsCertList
 321:   */
 322:   public abstract byte[] getTBSCertList() throws CRLException;
 323: 
 324: 
 325:   /**
 326:      Returns the signature for the CRL.
 327: 
 328:      The ASN.1 DER encoding is:
 329: 
 330:      signatureValue       BIT STRING
 331: 
 332:      Consult rfc2459 for more information.
 333:   */
 334:   public abstract byte[] getSignature();
 335: 
 336:   /**
 337:      Returns the signature algorithm used to sign the CRL.
 338:      An examples is "SHA-1/DSA".
 339: 
 340:      The ASN.1 DER encoding is:
 341: 
 342:      signatureAlgorithm   AlgorithmIdentifier,
 343: 
 344:      AlgorithmIdentifier  ::=  SEQUENCE  {
 345:      algorithm               OBJECT IDENTIFIER,
 346:      parameters              ANY DEFINED BY algorithm OPTIONAL  }
 347: 
 348:      Consult rfc2459 for more information.
 349: 
 350:      The algorithm name is determined from the OID.
 351: 
 352:      @return a string with the signature algorithm name
 353:   */
 354:   public abstract String getSigAlgName();
 355: 
 356:   /**
 357:      Returns the OID for the signature algorithm used.
 358:      Example "1.2.840.10040.4.3" is return for SHA-1 with DSA.\
 359: 
 360:      The ASN.1 DER encoding for the example is:
 361: 
 362:      id-dsa-with-sha1 ID  ::=  {
 363:      iso(1) member-body(2) us(840) x9-57 (10040)
 364:      x9cm(4) 3 }
 365: 
 366:      Consult rfc2459 for more information.
 367: 
 368:      @return a string containing the OID.
 369:   */
 370:   public abstract String getSigAlgOID();
 371: 
 372:   /**
 373:      Returns the AlgorithmParameters in the encoded form
 374:      for the signature algorithm used.
 375: 
 376:      If access to the parameters is need, create an
 377:      instance of AlgorithmParameters.
 378: 
 379:      @return byte array containing algorithm parameters, null
 380:      if no parameters are present in CRL
 381:   */
 382:   public abstract byte[] getSigAlgParams();
 383: 
 384:   // 1.4 instance methods.
 385:   // ------------------------------------------------------------------------
 386: 
 387:   /**
 388:    * Returns the X.500 distinguished name of this CRL's issuer.
 389:    *
 390:    * @return The issuer's X.500 distinguished name.
 391:    * @since JDK 1.4
 392:    */
 393:   public X500Principal getIssuerX500Principal()
 394:   {
 395:     throw new UnsupportedOperationException();
 396:   }
 397: }