/*
* Copyright (c) 2003, 2004, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.security.pkcs;
import java.io.IOException;
import java.util.ArrayList;
import sun.security.util.HexDumpEncoder;
import sun.security.util.DerInputStream;
import sun.security.util.DerValue;
import sun.security.x509.GeneralNames;
import sun.security.x509.SerialNumber;
This class represents a signing certificate attribute.
Its attribute value is defined by the following ASN.1 definition.
id-aa-signingCertificate OBJECT IDENTIFIER ::= { iso(1)
member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
smime(16) id-aa(2) 12 }
SigningCertificate ::= SEQUENCE {
certs SEQUENCE OF ESSCertID,
policies SEQUENCE OF PolicyInformation OPTIONAL
}
ESSCertID ::= SEQUENCE {
certHash Hash,
issuerSerial IssuerSerial OPTIONAL
}
Hash ::= OCTET STRING -- SHA1 hash of entire certificate
IssuerSerial ::= SEQUENCE {
issuer GeneralNames,
serialNumber CertificateSerialNumber
}
PolicyInformation ::= SEQUENCE {
policyIdentifier CertPolicyId,
policyQualifiers SEQUENCE SIZE (1..MAX) OF
PolicyQualifierInfo OPTIONAL }
CertPolicyId ::= OBJECT IDENTIFIER
PolicyQualifierInfo ::= SEQUENCE {
policyQualifierId PolicyQualifierId,
qualifier ANY DEFINED BY policyQualifierId }
-- Implementations that recognize additional policy qualifiers MUST
-- augment the following definition for PolicyQualifierId
PolicyQualifierId ::= OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice )
Author: Vincent Ryan Since: 1.5
/**
* This class represents a signing certificate attribute.
* Its attribute value is defined by the following ASN.1 definition.
* <pre>
*
* id-aa-signingCertificate OBJECT IDENTIFIER ::= { iso(1)
* member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
* smime(16) id-aa(2) 12 }
*
* SigningCertificate ::= SEQUENCE {
* certs SEQUENCE OF ESSCertID,
* policies SEQUENCE OF PolicyInformation OPTIONAL
* }
*
* ESSCertID ::= SEQUENCE {
* certHash Hash,
* issuerSerial IssuerSerial OPTIONAL
* }
*
* Hash ::= OCTET STRING -- SHA1 hash of entire certificate
*
* IssuerSerial ::= SEQUENCE {
* issuer GeneralNames,
* serialNumber CertificateSerialNumber
* }
*
* PolicyInformation ::= SEQUENCE {
* policyIdentifier CertPolicyId,
* policyQualifiers SEQUENCE SIZE (1..MAX) OF
* PolicyQualifierInfo OPTIONAL }
*
* CertPolicyId ::= OBJECT IDENTIFIER
*
* PolicyQualifierInfo ::= SEQUENCE {
* policyQualifierId PolicyQualifierId,
* qualifier ANY DEFINED BY policyQualifierId }
*
* -- Implementations that recognize additional policy qualifiers MUST
* -- augment the following definition for PolicyQualifierId
*
* PolicyQualifierId ::= OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice )
*
* </pre>
*
* @since 1.5
* @author Vincent Ryan
*/
public class SigningCertificateInfo {
private byte[] ber = null;
private ESSCertId[] certId = null;
public SigningCertificateInfo(byte[] ber) throws IOException {
parse(ber);
}
public String toString() {
StringBuilder sb = new StringBuilder();
sb.append("[\n");
for (int i = 0; i < certId.length; i++) {
sb.append(certId[i].toString());
}
// format policies as a string
sb.append("\n]");
return sb.toString();
}
public void parse(byte[] bytes) throws IOException {
// Parse signingCertificate
DerValue derValue = new DerValue(bytes);
if (derValue.tag != DerValue.tag_Sequence) {
throw new IOException("Bad encoding for signingCertificate");
}
// Parse certs
DerValue[] certs = derValue.data.getSequence(1);
certId = new ESSCertId[certs.length];
for (int i = 0; i < certs.length; i++) {
certId[i] = new ESSCertId(certs[i]);
}
// Parse policies, if present
if (derValue.data.available() > 0) {
DerValue[] policies = derValue.data.getSequence(1);
for (int i = 0; i < policies.length; i++) {
// parse PolicyInformation
}
}
}
}
class ESSCertId {
private static volatile HexDumpEncoder hexDumper;
private byte[] certHash;
private GeneralNames issuer;
private SerialNumber serialNumber;
ESSCertId(DerValue certId) throws IOException {
// Parse certHash
certHash = certId.data.getDerValue().toByteArray();
// Parse issuerSerial, if present
if (certId.data.available() > 0) {
DerValue issuerSerial = certId.data.getDerValue();
// Parse issuer
issuer = new GeneralNames(issuerSerial.data.getDerValue());
// Parse serialNumber
serialNumber = new SerialNumber(issuerSerial.data.getDerValue());
}
}
public String toString() {
StringBuilder sb = new StringBuilder();
sb.append("[\n\tCertificate hash (SHA-1):\n");
if (hexDumper == null) {
hexDumper = new HexDumpEncoder();
}
sb.append(hexDumper.encode(certHash));
if (issuer != null && serialNumber != null) {
sb.append("\n\tIssuer: " + issuer + "\n");
sb.append("\t" + serialNumber);
}
sb.append("\n]");
return sb.toString();
}
}