1 /* 2 * Licensed to the Apache Software Foundation (ASF) under one or more 3 * contributor license agreements. See the NOTICE file distributed with 4 * this work for additional information regarding copyright ownership. 5 * The ASF licenses this file to You under the Apache License, Version 2.0 6 * (the "License"); you may not use this file except in compliance with 7 * the License. You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 */ 17 18 package java.security.cert; 19 20 import java.io.ByteArrayInputStream; 21 import java.math.BigInteger; 22 import java.security.InvalidKeyException; 23 import java.security.NoSuchAlgorithmException; 24 import java.security.NoSuchProviderException; 25 import java.security.Principal; 26 import java.security.PublicKey; 27 import java.security.SignatureException; 28 import java.util.Arrays; 29 import java.util.Date; 30 import java.util.Set; 31 import javax.security.auth.x500.X500Principal; 32 33 /** 34 * Abstract base class for X.509 certificate revocation lists (CRL). 35 * <p> 36 * More information regarding CRL can be found in RFC 2459, 37 * "Internet X.509 Public Key Infrastructure Certificate and CRL Profile" at <a 38 * href 39 * ="http://www.ietf.org/rfc/rfc2459.txt">http://www.ietf.org/rfc/rfc2459.txt 40 * </a>. 41 */ 42 public abstract class X509CRL extends CRL implements X509Extension { 43 44 /** 45 * Creates a new {@code X509CRL} instance. 46 */ 47 protected X509CRL() { 48 super("X.509"); 49 } 50 51 /** 52 * Returns whether the specified object equals to this instance. 53 * 54 * @param other 55 * the object to compare. 56 * @return {@code true} if the specified object is equal to this, otherwise 57 * {@code false}. 58 */ 59 public boolean equals(Object other) { 60 if (other == this) { 61 return true; 62 } 63 if (!(other instanceof X509CRL)) { 64 return false; 65 } 66 X509CRL obj = (X509CRL) other; 67 try { 68 return Arrays.equals(getEncoded(), obj.getEncoded()); 69 } catch (CRLException e) { 70 return false; 71 } 72 } 73 74 /** 75 * Returns the hashcode of this CRL instance. 76 * 77 * @return the hashcode. 78 */ 79 public int hashCode() { 80 try { 81 int res = 0; 82 byte[] array = getEncoded(); 83 for (int i=0; i<array.length; i++) { 84 res += array[i] & 0xFF; 85 } 86 return res; 87 } catch (CRLException e) { 88 return 0; 89 } 90 } 91 92 /** 93 * Returns this CRL in ASN.1 DER encoded form. 94 * 95 * @return this CRL in ASN.1 DER encoded form. 96 * @throws CRLException 97 * if encoding fails. 98 */ 99 public abstract byte[] getEncoded() throws CRLException; 100 101 102 /** 103 * Verifies this CRL by verifying that this CRL was signed with the 104 * corresponding private key to the specified public key. 105 * 106 * @param key 107 * the public key to verify this CRL with. 108 * @throws CRLException 109 * if encoding or decoding fails. 110 * @throws NoSuchAlgorithmException 111 * if a needed algorithm is not present. 112 * @throws InvalidKeyException 113 * if the specified key is invalid. 114 * @throws NoSuchProviderException 115 * if no provider can be found. 116 * @throws SignatureException 117 * if errors occur on signatures. 118 */ 119 public abstract void verify(PublicKey key) 120 throws CRLException, NoSuchAlgorithmException, 121 InvalidKeyException, NoSuchProviderException, 122 SignatureException; 123 124 /** 125 * Verifies this CRL by verifying that this CRL was signed with the 126 * corresponding private key to the specified public key. The signature 127 * verification engine of the specified provider will be used. 128 * 129 * @param key 130 * the public key to verify this CRL with. 131 * @param sigProvider 132 * the name of the provider for the signature algorithm. 133 * @throws CRLException 134 * if encoding decoding fails. 135 * @throws NoSuchAlgorithmException 136 * if a needed algorithm is not present. 137 * @throws InvalidKeyException 138 * if the specified key is invalid. 139 * @throws NoSuchProviderException 140 * if the specified provider cannot be found. 141 * @throws SignatureException 142 * if errors occur on signatures. 143 */ 144 public abstract void verify(PublicKey key, String sigProvider) 145 throws CRLException, NoSuchAlgorithmException, 146 InvalidKeyException, NoSuchProviderException, 147 SignatureException; 148 149 /** 150 * Returns the version number of this CRL. 151 * 152 * @return the version number of this CRL. 153 */ 154 public abstract int getVersion(); 155 156 /** 157 * <b>Do not use</b>, use {@link #getIssuerX500Principal()} instead. Returns 158 * the issuer as an implementation specific Principal object. 159 * 160 * @return the issuer distinguished name. 161 */ 162 public abstract Principal getIssuerDN(); 163 164 /** 165 * Returns the issuer distinguished name of this CRL. 166 * 167 * @return the issuer distinguished name of this CRL. 168 */ 169 public X500Principal getIssuerX500Principal() { 170 try { 171 // TODO if there is no X.509 certificate provider installed 172 // should we try to access Harmony X509CRLImpl via classForName? 173 CertificateFactory factory = CertificateFactory 174 .getInstance("X.509"); 175 176 X509CRL crl = (X509CRL) factory 177 .generateCRL(new ByteArrayInputStream(getEncoded())); 178 179 return crl.getIssuerX500Principal(); 180 181 } catch (Exception e) { 182 throw new RuntimeException("Failed to get X500Principal issuer", e); 183 } 184 } 185 186 /** 187 * Returns the {@code thisUpdate} value of this CRL. 188 * 189 * @return the {@code thisUpdate} value of this CRL. 190 */ 191 public abstract Date getThisUpdate(); 192 193 /** 194 * Returns the {@code nextUpdate} value of this CRL. 195 * 196 * @return the {@code nextUpdate} value of this CRL, or {@code null} if none 197 * is present. 198 */ 199 public abstract Date getNextUpdate(); 200 201 /** 202 * Returns the CRL entry with the specified certificate serial number. 203 * 204 * @param serialNumber 205 * the certificate serial number to search for a CRL entry. 206 * @return the entry for the specified certificate serial number, or {@code 207 * null} if not found. 208 */ 209 public abstract X509CRLEntry getRevokedCertificate(BigInteger serialNumber); 210 211 /** 212 * Returns the CRL entry for the specified certificate. 213 * 214 * @param certificate 215 * the certificate to search a CRL entry for. 216 * @return the entry for the specified certificate, or {@code null} if not 217 * found. 218 */ 219 public X509CRLEntry getRevokedCertificate(X509Certificate certificate) { 220 if (certificate == null) { 221 throw new NullPointerException("certificate == null"); 222 } 223 return getRevokedCertificate(certificate.getSerialNumber()); 224 } 225 226 /** 227 * Returns the set of revoked certificates. 228 * 229 * @return the set of revoked certificates, or {@code null} if no revoked 230 * certificates are in this CRL. 231 */ 232 public abstract Set<? extends X509CRLEntry> getRevokedCertificates(); 233 234 /** 235 * Returns the {@code tbsCertList} information of this CRL in DER encoded 236 * form. 237 * 238 * @return the CRL information in DER encoded form. 239 * @throws CRLException 240 * if encoding fails. 241 */ 242 public abstract byte[] getTBSCertList() throws CRLException; 243 244 /** 245 * Returns the signature bytes of this CRL. 246 * 247 * @return the signature bytes of this CRL. 248 */ 249 public abstract byte[] getSignature(); 250 251 /** 252 * Returns the name of the signature algorithm. 253 * 254 * @return the name of the signature algorithm. 255 */ 256 public abstract String getSigAlgName(); 257 258 /** 259 * Returns the OID of the signature algorithm. 260 * 261 * @return the OID of the signature algorithm. 262 */ 263 public abstract String getSigAlgOID(); 264 265 /** 266 * Returns the parameters of the signature algorithm in DER encoded form. 267 * 268 * @return the parameters of the signature algorithm in DER encoded form, or 269 * {@code null} if not present. 270 */ 271 public abstract byte[] getSigAlgParams(); 272 } 273