Home | History | Annotate | Download | only in conscrypt 
      1 /*
      2  * Copyright (C) 2013 The Android Open Source Project
      3  *
      4  * Licensed under the Apache License, Version 2.0 (the "License");
      5  * you may not use this file except in compliance with the License.
      6  * You may obtain a copy of the License at
      7  *
      8  *      http://www.apache.org/licenses/LICENSE-2.0
      9  *
     10  * Unless required by applicable law or agreed to in writing, software
     11  * distributed under the License is distributed on an "AS IS" BASIS,
     12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     13  * See the License for the specific language governing permissions and
     14  * limitations under the License.
     15  */
     16 
     17 package org.conscrypt;
     18 
     19 import java.io.ByteArrayOutputStream;
     20 import java.math.BigInteger;
     21 import java.security.cert.CRLException;
     22 import java.security.cert.X509CRLEntry;
     23 import java.util.Arrays;
     24 import java.util.Date;
     25 import java.util.HashSet;
     26 import java.util.Set;
     27 import org.conscrypt.OpenSSLX509CertificateFactory.ParsingException;
     28 
     29 /**
     30  * An implementation of {@link X509CRLEntry} based on BoringSSL.
     31  */
     32 final class OpenSSLX509CRLEntry extends X509CRLEntry {
     33     private final long mContext;
     34     private final Date revocationDate;
     35 
     36     OpenSSLX509CRLEntry(long ctx) throws ParsingException {
     37         mContext = ctx;
     38         // The legacy X509 OpenSSL APIs don't validate ASN1_TIME structures until access, so
     39         // parse them here because this is the only time we're allowed to throw ParsingException
     40         revocationDate = OpenSSLX509CRL.toDate(NativeCrypto.get_X509_REVOKED_revocationDate(mContext));
     41     }
     42 
     43     @Override
     44     public Set<String> getCriticalExtensionOIDs() {
     45         String[] critOids =
     46                 NativeCrypto.get_X509_REVOKED_ext_oids(mContext,
     47                         NativeCrypto.EXTENSION_TYPE_CRITICAL);
     48 
     49         /*
     50          * This API has a special case that if there are no extensions, we
     51          * should return null. So if we have no critical extensions, we'll check
     52          * non-critical extensions.
     53          */
     54         if ((critOids.length == 0)
     55                 && (NativeCrypto.get_X509_REVOKED_ext_oids(mContext,
     56                         NativeCrypto.EXTENSION_TYPE_NON_CRITICAL).length == 0)) {
     57             return null;
     58         }
     59 
     60         return new HashSet<String>(Arrays.asList(critOids));
     61     }
     62 
     63     @Override
     64     public byte[] getExtensionValue(String oid) {
     65         return NativeCrypto.X509_REVOKED_get_ext_oid(mContext, oid);
     66     }
     67 
     68     @Override
     69     public Set<String> getNonCriticalExtensionOIDs() {
     70         String[] critOids =
     71                 NativeCrypto.get_X509_REVOKED_ext_oids(mContext,
     72                         NativeCrypto.EXTENSION_TYPE_NON_CRITICAL);
     73 
     74         /*
     75          * This API has a special case that if there are no extensions, we
     76          * should return null. So if we have no non-critical extensions, we'll
     77          * check critical extensions.
     78          */
     79         if ((critOids.length == 0)
     80                 && (NativeCrypto.get_X509_REVOKED_ext_oids(mContext,
     81                         NativeCrypto.EXTENSION_TYPE_CRITICAL).length == 0)) {
     82             return null;
     83         }
     84 
     85         return new HashSet<String>(Arrays.asList(critOids));
     86     }
     87 
     88     @Override
     89     public boolean hasUnsupportedCriticalExtension() {
     90         final String[] criticalOids =
     91                 NativeCrypto.get_X509_REVOKED_ext_oids(mContext,
     92                         NativeCrypto.EXTENSION_TYPE_CRITICAL);
     93         for (String oid : criticalOids) {
     94             final long extensionRef = NativeCrypto.X509_REVOKED_get_ext(mContext, oid);
     95             if (NativeCrypto.X509_supported_extension(extensionRef) != 1) {
     96                 return true;
     97             }
     98         }
     99 
    100         return false;
    101     }
    102 
    103     @Override
    104     public byte[] getEncoded() throws CRLException {
    105         return NativeCrypto.i2d_X509_REVOKED(mContext);
    106     }
    107 
    108     @Override
    109     public BigInteger getSerialNumber() {
    110         return new BigInteger(NativeCrypto.X509_REVOKED_get_serialNumber(mContext));
    111     }
    112 
    113     @Override
    114     public Date getRevocationDate() {
    115         return (Date) revocationDate.clone();
    116     }
    117 
    118     @Override
    119     public boolean hasExtensions() {
    120         return (NativeCrypto.get_X509_REVOKED_ext_oids(mContext,
    121                 NativeCrypto.EXTENSION_TYPE_NON_CRITICAL).length != 0)
    122                 || (NativeCrypto.get_X509_REVOKED_ext_oids(mContext,
    123                         NativeCrypto.EXTENSION_TYPE_CRITICAL).length != 0);
    124     }
    125 
    126     @Override
    127     public String toString() {
    128         ByteArrayOutputStream os = new ByteArrayOutputStream();
    129         long bioCtx = NativeCrypto.create_BIO_OutputStream(os);
    130         try {
    131             NativeCrypto.X509_REVOKED_print(bioCtx, mContext);
    132             return os.toString();
    133         } finally {
    134             NativeCrypto.BIO_free_all(bioCtx);
    135         }
    136     }
    137 }
    138