/*
 * Copyright (c) 2003, 2004, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Oracle designates this
 * particular file as subject to the "Classpath" exception as provided
 * by Oracle in the LICENSE file that accompanied this code.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */

package sun.security.pkcs;

import java.io.IOException;
import java.util.ArrayList;

import sun.security.util.HexDumpEncoder;
import sun.security.util.DerInputStream;
import sun.security.util.DerValue;
import sun.security.x509.GeneralNames;
import sun.security.x509.SerialNumber;

This class represents a signing certificate attribute. Its attribute value is defined by the following ASN.1 definition.
  id-aa-signingCertificate OBJECT IDENTIFIER ::= { iso(1)
    member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
    smime(16) id-aa(2) 12 }
  SigningCertificate ::=  SEQUENCE {
      certs       SEQUENCE OF ESSCertID,
      policies    SEQUENCE OF PolicyInformation OPTIONAL
  }
  ESSCertID ::=  SEQUENCE {
      certHash        Hash,
      issuerSerial    IssuerSerial OPTIONAL
  }
  Hash ::= OCTET STRING -- SHA1 hash of entire certificate
  IssuerSerial ::= SEQUENCE {
      issuer         GeneralNames,
      serialNumber   CertificateSerialNumber
  }
  PolicyInformation ::= SEQUENCE {
      policyIdentifier   CertPolicyId,
      policyQualifiers   SEQUENCE SIZE (1..MAX) OF
              PolicyQualifierInfo OPTIONAL }
  CertPolicyId ::= OBJECT IDENTIFIER
  PolicyQualifierInfo ::= SEQUENCE {
      policyQualifierId  PolicyQualifierId,
      qualifier        ANY DEFINED BY policyQualifierId }
  -- Implementations that recognize additional policy qualifiers MUST
  -- augment the following definition for PolicyQualifierId
  PolicyQualifierId ::= OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice )
Author:Vincent Ryan
Since:1.5
/** * This class represents a signing certificate attribute. * Its attribute value is defined by the following ASN.1 definition. * <pre> * * id-aa-signingCertificate OBJECT IDENTIFIER ::= { iso(1) * member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) * smime(16) id-aa(2) 12 } * * SigningCertificate ::= SEQUENCE { * certs SEQUENCE OF ESSCertID, * policies SEQUENCE OF PolicyInformation OPTIONAL * } * * ESSCertID ::= SEQUENCE { * certHash Hash, * issuerSerial IssuerSerial OPTIONAL * } * * Hash ::= OCTET STRING -- SHA1 hash of entire certificate * * IssuerSerial ::= SEQUENCE { * issuer GeneralNames, * serialNumber CertificateSerialNumber * } * * PolicyInformation ::= SEQUENCE { * policyIdentifier CertPolicyId, * policyQualifiers SEQUENCE SIZE (1..MAX) OF * PolicyQualifierInfo OPTIONAL } * * CertPolicyId ::= OBJECT IDENTIFIER * * PolicyQualifierInfo ::= SEQUENCE { * policyQualifierId PolicyQualifierId, * qualifier ANY DEFINED BY policyQualifierId } * * -- Implementations that recognize additional policy qualifiers MUST * -- augment the following definition for PolicyQualifierId * * PolicyQualifierId ::= OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice ) * * </pre> * * @since 1.5 * @author Vincent Ryan */
public class SigningCertificateInfo { private byte[] ber = null; private ESSCertId[] certId = null; public SigningCertificateInfo(byte[] ber) throws IOException { parse(ber); } public String toString() { StringBuilder sb = new StringBuilder(); sb.append("[\n"); for (int i = 0; i < certId.length; i++) { sb.append(certId[i].toString()); } // format policies as a string sb.append("\n]"); return sb.toString(); } public void parse(byte[] bytes) throws IOException { // Parse signingCertificate DerValue derValue = new DerValue(bytes); if (derValue.tag != DerValue.tag_Sequence) { throw new IOException("Bad encoding for signingCertificate"); } // Parse certs DerValue[] certs = derValue.data.getSequence(1); certId = new ESSCertId[certs.length]; for (int i = 0; i < certs.length; i++) { certId[i] = new ESSCertId(certs[i]); } // Parse policies, if present if (derValue.data.available() > 0) { DerValue[] policies = derValue.data.getSequence(1); for (int i = 0; i < policies.length; i++) { // parse PolicyInformation } } } } class ESSCertId { private static volatile HexDumpEncoder hexDumper; private byte[] certHash; private GeneralNames issuer; private SerialNumber serialNumber; ESSCertId(DerValue certId) throws IOException { // Parse certHash certHash = certId.data.getDerValue().toByteArray(); // Parse issuerSerial, if present if (certId.data.available() > 0) { DerValue issuerSerial = certId.data.getDerValue(); // Parse issuer issuer = new GeneralNames(issuerSerial.data.getDerValue()); // Parse serialNumber serialNumber = new SerialNumber(issuerSerial.data.getDerValue()); } } public String toString() { StringBuilder sb = new StringBuilder(); sb.append("[\n\tCertificate hash (SHA-1):\n"); if (hexDumper == null) { hexDumper = new HexDumpEncoder(); } sb.append(hexDumper.encode(certHash)); if (issuer != null && serialNumber != null) { sb.append("\n\tIssuer: " + issuer + "\n"); sb.append("\t" + serialNumber); } sb.append("\n]"); return sb.toString(); } }