001: /*
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. See the NOTICE file distributed with
004: * this work for additional information regarding copyright ownership.
005: * The ASF licenses this file to You under the Apache License, Version 2.0
006: * (the "License"); you may not use this file except in compliance with
007: * the License. You may obtain a copy of the License at
008: *
009: * http://www.apache.org/licenses/LICENSE-2.0
010: *
011: * Unless required by applicable law or agreed to in writing, software
012: * distributed under the License is distributed on an "AS IS" BASIS,
013: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014: * See the License for the specific language governing permissions and
015: * limitations under the License.
016: */
017:
018: /**
019: * @author Alexander Y. Kleymenov
020: * @version $Revision$
021: */package org.apache.harmony.security.x509;
022:
023: import java.math.BigInteger;
024: import javax.security.auth.x500.X500Principal;
025:
026: import org.apache.harmony.security.asn1.ASN1BitString;
027: import org.apache.harmony.security.asn1.ASN1Explicit;
028: import org.apache.harmony.security.asn1.ASN1Implicit;
029: import org.apache.harmony.security.asn1.ASN1Integer;
030: import org.apache.harmony.security.asn1.ASN1Sequence;
031: import org.apache.harmony.security.asn1.ASN1Type;
032: import org.apache.harmony.security.asn1.BerInputStream;
033: import org.apache.harmony.security.asn1.BitString;
034: import org.apache.harmony.security.x501.Name;
035:
036: /**
037: * The class encapsulates the ASN.1 DER encoding/decoding work
038: * with TBSCertificate structure which is the part of X.509 certificate
039: * (as specified in RFC 3280 -
040: * Internet X.509 Public Key Infrastructure.
041: * Certificate and Certificate Revocation List (CRL) Profile.
042: * http://www.ietf.org/rfc/rfc3280.txt):
043: *
044: * <pre>
045: * TBSCertificate ::= SEQUENCE {
046: * version [0] EXPLICIT Version DEFAULT v1,
047: * serialNumber CertificateSerialNumber,
048: * signature AlgorithmIdentifier,
049: * issuer Name,
050: * validity Validity,
051: * subject Name,
052: * subjectPublicKeyInfo SubjectPublicKeyInfo,
053: * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
054: * -- If present, version MUST be v2 or v3
055: * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
056: * -- If present, version MUST be v2 or v3
057: * extensions [3] EXPLICIT Extensions OPTIONAL
058: * -- If present, version MUST be v3
059: * }
060: * </pre>
061: */
062: public class TBSCertificate {
063:
064: // the value of version field of the structure
065: private final int version;
066: // the value of serialNumber field of the structure
067: private final BigInteger serialNumber;
068: // the value of signature field of the structure
069: private final AlgorithmIdentifier signature;
070: // the value of issuer field of the structure
071: private final Name issuer;
072: // the value of validity field of the structure
073: private final Validity validity;
074: // the value of subject field of the structure
075: private final Name subject;
076: // the value of subjectPublicKeyInfo field of the structure
077: private final SubjectPublicKeyInfo subjectPublicKeyInfo;
078: // the value of issuerUniqueID field of the structure
079: private final boolean[] issuerUniqueID;
080: // the value of subjectUniqueID field of the structure
081: private final boolean[] subjectUniqueID;
082: // the value of extensions field of the structure
083: private final Extensions extensions;
084: // the ASN.1 encoded form of TBSCertificate
085: byte[] encoding;
086:
087: /**
088: * Constructs the instance of TBSCertificate without optional
089: * fields (issuerUniqueID, subjectUniqueID, extensions)
090: * @param version : int
091: * @param serialNumber : BigInteger
092: * @param signature : AlgorithmIdentifier
093: * @param issuer : Name
094: * @param validity : Validity
095: * @param subject : Name
096: * @param subjectPublicKeyInfo : SubjectPublicKeyInfo
097: */
098: public TBSCertificate(int version, BigInteger serialNumber,
099: AlgorithmIdentifier signature, Name issuer,
100: Validity validity, Name subject,
101: SubjectPublicKeyInfo subjectPublicKeyInfo) {
102: this (version, serialNumber, signature, issuer, validity,
103: subject, subjectPublicKeyInfo, null, null, null);
104: }
105:
106: /**
107: * TODO
108: * @param version: int
109: * @param serialNumber: BigInteger
110: * @param signature: AlgorithmIdentifier
111: * @param issuer: Name
112: * @param validity: Validity
113: * @param subject: Name
114: * @param subjectPublicKeyInfo: SubjectPublicKeyInfo
115: * @param issuerUniqueID: byte[]
116: * @param subjectUniqueID: byte[]
117: * @param extensions: Extensions
118: */
119: public TBSCertificate(int version, BigInteger serialNumber,
120: AlgorithmIdentifier signature, Name issuer,
121: Validity validity, Name subject,
122: SubjectPublicKeyInfo subjectPublicKeyInfo,
123: boolean[] issuerUniqueID, boolean[] subjectUniqueID,
124: Extensions extensions) {
125: this .version = version;
126: this .serialNumber = serialNumber;
127: this .signature = signature;
128: this .issuer = issuer;
129: this .validity = validity;
130: this .subject = subject;
131: this .subjectPublicKeyInfo = subjectPublicKeyInfo;
132: this .issuerUniqueID = issuerUniqueID;
133: this .subjectUniqueID = subjectUniqueID;
134: this .extensions = extensions;
135: }
136:
137: //
138: // TODO
139: // @param version: int
140: // @param serialNumber: BigInteger
141: // @param signature: AlgorithmIdentifier
142: // @param issuer: Name
143: // @param validity: Validity
144: // @param subject: Name
145: // @param subjectPublicKeyInfo: SubjectPublicKeyInfo
146: // @param issuerUniqueID: byte[]
147: // @param subjectUniqueID: byte[]
148: // @param extensions: Extensions
149: // @param encoding: byte[]
150: //
151: private TBSCertificate(int version, BigInteger serialNumber,
152: AlgorithmIdentifier signature, Name issuer,
153: Validity validity, Name subject,
154: SubjectPublicKeyInfo subjectPublicKeyInfo,
155: boolean[] issuerUniqueID, boolean[] subjectUniqueID,
156: Extensions extensions, byte[] encoding) {
157: this (version, serialNumber, signature, issuer, validity,
158: subject, subjectPublicKeyInfo, issuerUniqueID,
159: subjectUniqueID, extensions);
160: this .encoding = encoding;
161: }
162:
163: /**
164: * Returns the value of version field of the structure.
165: * @return version
166: */
167: public int getVersion() {
168: return version;
169: }
170:
171: /**
172: * Returns the value of serialNumber field of the structure.
173: * @return serialNumber
174: */
175: public BigInteger getSerialNumber() {
176: return serialNumber;
177: }
178:
179: /**
180: * Returns the value of signature field of the structure.
181: * @return signature
182: */
183: public AlgorithmIdentifier getSignature() {
184: return signature;
185: }
186:
187: /**
188: * Returns the value of issuer field of the structure.
189: * @return issuer
190: */
191: public Name getIssuer() {
192: return issuer;
193: }
194:
195: /**
196: * Returns the value of validity field of the structure.
197: * @return validity
198: */
199: public Validity getValidity() {
200: return validity;
201: }
202:
203: /**
204: * Returns the value of subject field of the structure.
205: * @return subject
206: */
207: public Name getSubject() {
208: return subject;
209: }
210:
211: /**
212: * Returns the value of subjectPublicKeyInfo field of the structure.
213: * @return subjectPublicKeyInfo
214: */
215: public SubjectPublicKeyInfo getSubjectPublicKeyInfo() {
216: return subjectPublicKeyInfo;
217: }
218:
219: /**
220: * Returns the value of issuerUniqueID field of the structure.
221: * @return issuerUniqueID
222: */
223: public boolean[] getIssuerUniqueID() {
224: return issuerUniqueID;
225: }
226:
227: /**
228: * Returns the value of subjectUniqueID field of the structure.
229: * @return subjectUniqueID
230: */
231: public boolean[] getSubjectUniqueID() {
232: return subjectUniqueID;
233: }
234:
235: /**
236: * Returns the value of extensions field of the structure.
237: * @return extensions
238: */
239: public Extensions getExtensions() {
240: return extensions;
241: }
242:
243: /**
244: * Returns ASN.1 encoded form of this X.509 TBSCertificate value.
245: * @return a byte array containing ASN.1 encode form.
246: */
247: public byte[] getEncoded() {
248: if (encoding == null) {
249: encoding = ASN1.encode(this );
250: }
251: return encoding;
252: }
253:
254: /**
255: * Places the string representation into the StringBuffer object.
256: */
257: public void dumpValue(StringBuffer buffer) {
258: buffer.append('[');
259: buffer.append("\n Version: V").append(version + 1); //$NON-NLS-1$
260: buffer.append("\n Subject: ") //$NON-NLS-1$
261: .append(subject.getName(X500Principal.RFC2253));
262: buffer.append("\n Signature Algorithm: "); //$NON-NLS-1$
263: signature.dumpValue(buffer);
264: buffer.append("\n Key: "); //$NON-NLS-1$
265: buffer.append(subjectPublicKeyInfo.getPublicKey().toString());
266: buffer.append("\n Validity: [From: "); //$NON-NLS-1$
267: buffer.append(validity.getNotBefore());
268: buffer.append("\n To: "); //$NON-NLS-1$
269: buffer.append(validity.getNotAfter()).append(']');
270: buffer.append("\n Issuer: "); //$NON-NLS-1$
271: buffer.append(issuer.getName(X500Principal.RFC2253));
272: buffer.append("\n Serial Number: "); //$NON-NLS-1$
273: buffer.append(serialNumber);
274: if (issuerUniqueID != null) {
275: buffer.append("\n Issuer Id: "); //$NON-NLS-1$
276: for (int i = 0; i < issuerUniqueID.length; i++) {
277: buffer.append(issuerUniqueID[i] ? '1' : '0');
278: }
279: }
280: if (subjectUniqueID != null) {
281: buffer.append("\n Subject Id: "); //$NON-NLS-1$
282: for (int i = 0; i < subjectUniqueID.length; i++) {
283: buffer.append(subjectUniqueID[i] ? '1' : '0');
284: }
285: }
286: if (extensions != null) {
287: buffer.append("\n\n Extensions: "); //$NON-NLS-1$
288: buffer.append("[\n"); //$NON-NLS-1$
289: extensions.dumpValue(buffer, " "); //$NON-NLS-1$
290: buffer.append(" ]"); //$NON-NLS-1$
291: }
292: buffer.append("\n]"); //$NON-NLS-1$
293: }
294:
295: /**
296: * X.509 TBSCertificate encoder/decoder.
297: */
298: public static final ASN1Sequence ASN1 = new ASN1Sequence(
299: new ASN1Type[] {
300: new ASN1Explicit(0, ASN1Integer.getInstance()),
301: ASN1Integer.getInstance(),
302: AlgorithmIdentifier.ASN1, Name.ASN1, Validity.ASN1,
303: Name.ASN1, SubjectPublicKeyInfo.ASN1,
304: new ASN1Implicit(1, ASN1BitString.getInstance()),
305: new ASN1Implicit(2, ASN1BitString.getInstance()),
306: new ASN1Explicit(3, Extensions.ASN1) }) {
307: {
308: setDefault(new byte[] { 0 }, 0);
309: setOptional(7);
310: setOptional(8);
311: setOptional(9);
312: }
313:
314: protected Object getDecodedObject(BerInputStream in) {
315: Object[] values = (Object[]) in.content;
316:
317: boolean[] issuerUniqueID = (values[7] == null) ? null
318: : ((BitString) values[7]).toBooleanArray();
319: boolean[] subjectUniqueID = (values[8] == null) ? null
320: : ((BitString) values[8]).toBooleanArray();
321: return new TBSCertificate(
322: ASN1Integer.toIntValue(values[0]), new BigInteger(
323: (byte[]) values[1]),
324: (AlgorithmIdentifier) values[2], (Name) values[3],
325: (Validity) values[4], (Name) values[5],
326: (SubjectPublicKeyInfo) values[6], issuerUniqueID,
327: subjectUniqueID, (Extensions) values[9], in
328: .getEncoded());
329: }
330:
331: protected void getValues(Object object, Object[] values) {
332: TBSCertificate tbs = (TBSCertificate) object;
333: values[0] = ASN1Integer.fromIntValue(tbs.version);
334: values[1] = tbs.serialNumber.toByteArray();
335: values[2] = tbs.signature;
336: values[3] = tbs.issuer;
337: values[4] = tbs.validity;
338: values[5] = tbs.subject;
339: values[6] = tbs.subjectPublicKeyInfo;
340: if (tbs.issuerUniqueID != null) {
341: values[7] = new BitString(tbs.issuerUniqueID);
342: }
343: if (tbs.subjectUniqueID != null) {
344: values[8] = new BitString(tbs.subjectUniqueID);
345: }
346: values[9] = tbs.extensions;
347: }
348: };
349: }
|