libjava/java/security/cert/X509CRL.java

   1 /* X509CRL.java --- X.509 Certificate Revocation List
   2    Copyright (C) 1999 Free Software Foundation, Inc.
   3
   4 This file is part of GNU Classpath.
   5
   6 GNU Classpath is free software; you can redistribute it and/or modify
   7 it under the terms of the GNU General Public License as published by
   8 the Free Software Foundation; either version 2, or (at your option)
   9 any later version.
  10
  11 GNU Classpath is distributed in the hope that it will be useful, but
  12 WITHOUT ANY WARRANTY; without even the implied warranty of
  13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14 General Public License for more details.
  15
  16 You should have received a copy of the GNU General Public License
  17 along with GNU Classpath; see the file COPYING.  If not, write to the
  18 Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
  19 02111-1307 USA.
  20
  21 Linking this library statically or dynamically with other modules is
  22 making a combined work based on this library.  Thus, the terms and
  23 conditions of the GNU General Public License cover the whole
  24 combination.
  25
  26 As a special exception, the copyright holders of this library give you
  27 permission to link this library with independent modules to produce an
  28 executable, regardless of the license terms of these independent
  29 modules, and to copy and distribute the resulting executable under
  30 terms of your choice, provided that you also meet, for each linked
  31 independent module, the terms and conditions of the license of that
  32 module.  An independent module is a module which is not derived from
  33 or based on this library.  If you modify this library, you may extend
  34 this exception to your version of the library, but you are not
  35 obligated to do so.  If you do not wish to do so, delete this
  36 exception statement from your version. */
  37
  38
  39 package java.security.cert;
  40 import java.math.BigInteger;
  41 import java.security.Principal;
  42 import java.security.PublicKey;
  43 import java.security.NoSuchAlgorithmException;
  44 import java.security.InvalidKeyException;
  45 import java.security.NoSuchProviderException;
  46 import java.security.SignatureException;
  47 import java.util.Date;
  48 import java.util.Set;
  49
  50 import javax.security.auth.x500.X500Principal;
  51
  52 /**
  53    The X509CRL class is the abstract class used to manage
  54    X.509 Certificate Revocation Lists. The CRL is a list of
  55    time stamped entries which indicate which lists have been
  56    revoked. The list is signed by a Certificate Authority (CA)
  57    and made publically available in a repository.
  58
  59    Each revoked certificate in the CRL is identified by its
  60    certificate serial number. When a piece of code uses a
  61    certificate, the certificates validity is checked by
  62    validating its signature and determing that it is not
  63    only a recently acquired CRL. The recently aquired CRL
  64    is depends on the local policy in affect. The CA issues
  65    a new CRL periodically and entries are removed as the
  66    certificate expiration date is reached
  67
  68
  69    A description of the X.509 v2 CRL follows below from rfc2459.
  70
  71    "The X.509 v2 CRL syntax is as follows.  For signature calculation,
  72    the data that is to be signed is ASN.1 DER encoded.  ASN.1 DER
  73    encoding is a tag, length, value encoding system for each element.
  74
  75            CertificateList  ::=  SEQUENCE  {
  76                 tbsCertList          TBSCertList,
  77                 signatureAlgorithm   AlgorithmIdentifier,
  78                 signatureValue       BIT STRING  }
  79
  80            TBSCertList  ::=  SEQUENCE  {
  81                 version                 Version OPTIONAL,
  82                                      -- if present, shall be v2
  83                 signature               AlgorithmIdentifier,
  84                 issuer                  Name,
  85                 thisUpdate              Time,
  86                 nextUpdate              Time OPTIONAL,
  87                 revokedCertificates     SEQUENCE OF SEQUENCE  {
  88                      userCertificate         CertificateSerialNumber,
  89                      revocationDate          Time,
  90                      crlEntryExtensions      Extensions OPTIONAL
  91                                                    -- if present, shall be v2
  92                                           }  OPTIONAL,
  93                 crlExtensions           [0]  EXPLICIT Extensions OPTIONAL
  94                                                    -- if present, shall be v2
  95                                           }"
  96
  97         @author Mark Benvenuto
  98
  99         @since JDK 1.2
 100 */
 101 public abstract class X509CRL extends CRL implements X509Extension
 102 {
 103
 104   /**
 105      Constructs a new X509CRL.
 106   */
 107   protected X509CRL()
 108   {
 109     super("X.509");
 110   }
 111
 112   /**
 113      Compares this X509CRL to other. It checks if the
 114      object if instanceOf X509CRL and then checks if
 115      the encoded form matches.
 116
 117      @param other An Object to test for equality
 118
 119      @return true if equal, false otherwise
 120   */
 121   public boolean equals(Object other)
 122   {
 123     if( other instanceof X509CRL ) {
 124       try {
 125         X509CRL x = (X509CRL) other;
 126         if( getEncoded().length != x.getEncoded().length )
 127           return false;
 128
 129         byte b1[] = getEncoded();
 130         byte b2[] = x.getEncoded();
 131
 132         for( int i = 0; i < b1.length; i++ )
 133           if( b1[i] != b2[i] )
 134             return false;
 135
 136       } catch( CRLException crle ) {
 137         return false;
 138       }
 139       return true;
 140     }
 141     return false;
 142   }
 143
 144   /**
 145      Returns a hash code for this X509CRL in its encoded
 146      form.
 147
 148      @return A hash code of this class
 149   */
 150   public int hashCode()
 151   {
 152     return super.hashCode();
 153   }
 154
 155   /**
 156      Gets the DER ASN.1 encoded format for this X.509 CRL.
 157
 158      @return byte array containg encoded form
 159
 160      @throws CRLException if an error occurs
 161   */
 162   public abstract byte[] getEncoded() throws CRLException;
 163
 164   /**
 165      Verifies that this CRL was properly signed with the
 166      PublicKey that corresponds to its private key.
 167
 168      @param key PublicKey to verify with
 169
 170      @throws CRLException encoding error
 171      @throws NoSuchAlgorithmException unsupported algorithm
 172      @throws InvalidKeyException incorrect key
 173      @throws NoSuchProviderException no provider
 174      @throws SignatureException signature error
 175   */
 176   public abstract void verify(PublicKey key)
 177     throws CRLException,
 178     NoSuchAlgorithmException,
 179     InvalidKeyException,
 180     NoSuchProviderException,
 181     SignatureException;
 182
 183   /**
 184      Verifies that this CRL was properly signed with the
 185      PublicKey that corresponds to its private key and uses
 186      the signature engine provided by the provider.
 187
 188      @param key PublicKey to verify with
 189      @param sigProvider Provider to use for signature algorithm
 190
 191      @throws CRLException encoding error
 192      @throws NoSuchAlgorithmException unsupported algorithm
 193      @throws InvalidKeyException incorrect key
 194      @throws NoSuchProviderException incorrect provider
 195      @throws SignatureException signature error
 196   */
 197   public abstract void verify(PublicKey key,
 198                               String sigProvider)
 199     throws CRLException,
 200     NoSuchAlgorithmException,
 201     InvalidKeyException,
 202     NoSuchProviderException,
 203     SignatureException;
 204
 205   /**
 206      Gets the version of this CRL.
 207
 208      The ASN.1 encoding is:
 209
 210      version                 Version OPTIONAL,
 211      -- if present, shall be v2
 212
 213      Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
 214
 215      Consult rfc2459 for more information.
 216
 217      @return the version number, Ex: 1 or 2
 218   */
 219   public abstract int getVersion();
 220
 221   /**
 222      Returns the issuer (issuer distinguished name) of the CRL.
 223      The issuer is the entity who signed and issued the
 224      Certificate Revocation List.
 225
 226      The ASN.1 DER encoding is:
 227
 228      issuer                  Name,
 229
 230      Name ::= CHOICE {
 231      RDNSequence }
 232
 233      RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
 234
 235      RelativeDistinguishedName ::=
 236      SET OF AttributeTypeAndValue
 237
 238      AttributeTypeAndValue ::= SEQUENCE {
 239      type     AttributeType,
 240      value    AttributeValue }
 241
 242      AttributeType ::= OBJECT IDENTIFIER
 243
 244      AttributeValue ::= ANY DEFINED BY AttributeType
 245
 246      DirectoryString ::= CHOICE {
 247      teletexString           TeletexString (SIZE (1..MAX)),
 248      printableString         PrintableString (SIZE (1..MAX)),
 249      universalString         UniversalString (SIZE (1..MAX)),
 250      utf8String              UTF8String (SIZE (1.. MAX)),
 251      bmpString               BMPString (SIZE (1..MAX)) }
 252
 253      Consult rfc2459 for more information.
 254
 255      @return the issuer in the Principal class
 256   */
 257   public abstract Principal getIssuerDN();
 258
 259   /**
 260      Returns the thisUpdate date of the CRL.
 261
 262      The ASN.1 DER encoding is:
 263
 264      thisUpdate              Time,
 265
 266      Time ::= CHOICE {
 267      utcTime        UTCTime,
 268      generalTime    GeneralizedTime }
 269
 270      Consult rfc2459 for more information.
 271
 272      @return the thisUpdate date
 273   */
 274   public abstract Date getThisUpdate();
 275
 276   /*
 277     Gets the nextUpdate field
 278
 279     The ASN.1 DER encoding is:
 280
 281     nextUpdate              Time OPTIONAL,
 282
 283     Time ::= CHOICE {
 284     utcTime        UTCTime,
 285     generalTime    GeneralizedTime }
 286
 287     Consult rfc2459 for more information.
 288
 289     @return the nextUpdate date
 290   */
 291   public abstract Date getNextUpdate();
 292
 293   /**
 294      Gets the requeste dX509Entry for the specified
 295      certificate serial number.
 296
 297      @return a X509CRLEntry representing the X.509 CRL entry
 298   */
 299   public abstract X509CRLEntry getRevokedCertificate(BigInteger serialNumber);
 300
 301   /**
 302      Returns a Set of revoked certificates.
 303
 304      @return a set of revoked certificates.
 305   */
 306   public abstract Set getRevokedCertificates();
 307
 308   /**
 309      Returns the DER ASN.1 encoded tbsCertList which is
 310      the basic information of the list and associated certificates
 311      in the encoded state. See top for more information.
 312
 313      The ASN.1 DER encoding is:
 314
 315      tbsCertList          TBSCertList,
 316
 317      Consult rfc2459 for more information.
 318
 319      @return byte array representing tbsCertList
 320   */
 321   public abstract byte[] getTBSCertList() throws CRLException;
 322
 323
 324   /**
 325      Returns the signature for the CRL.
 326
 327      The ASN.1 DER encoding is:
 328
 329      signatureValue       BIT STRING
 330
 331      Consult rfc2459 for more information.
 332   */
 333   public abstract byte[] getSignature();
 334
 335   /**
 336      Returns the signature algorithm used to sign the CRL.
 337      An examples is "SHA-1/DSA".
 338
 339      The ASN.1 DER encoding is:
 340
 341      signatureAlgorithm   AlgorithmIdentifier,
 342
 343      AlgorithmIdentifier  ::=  SEQUENCE  {
 344      algorithm               OBJECT IDENTIFIER,
 345      parameters              ANY DEFINED BY algorithm OPTIONAL  }
 346
 347      Consult rfc2459 for more information.
 348
 349      The algorithm name is determined from the OID.
 350
 351      @return a string with the signature algorithm name
 352   */
 353   public abstract String getSigAlgName();
 354
 355   /**
 356      Returns the OID for the signature algorithm used.
 357      Example "1.2.840.10040.4.3" is return for SHA-1 with DSA.\
 358
 359      The ASN.1 DER encoding for the example is:
 360
 361      id-dsa-with-sha1 ID  ::=  {
 362      iso(1) member-body(2) us(840) x9-57 (10040)
 363      x9cm(4) 3 }
 364
 365      Consult rfc2459 for more information.
 366
 367      @return a string containing the OID.
 368   */
 369   public abstract String getSigAlgOID();
 370
 371   /**
 372      Returns the AlgorithmParameters in the encoded form
 373      for the signature algorithm used.
 374
 375      If access to the parameters is need, create an
 376      instance of AlgorithmParameters.
 377
 378      @return byte array containing algorithm parameters, null
 379      if no parameters are present in CRL
 380   */
 381   public abstract byte[] getSigAlgParams();
 382
 383   // 1.4 instance methods.
 384   // ------------------------------------------------------------------------
 385
 386   /**
 387    * Returns the X.500 distinguished name of this CRL's issuer.
 388    *
 389    * @return The issuer's X.500 distinguished name.
 390    * @since JDK 1.4
 391    */
 392   public X500Principal getIssuerX500Principal()
 393   {
 394     throw new UnsupportedOperationException();
 395   }
 396 }