package org.bouncycastle.asn1.x509;
import java.util.Enumeration;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.DERGeneralizedTime;
import org.bouncycastle.asn1.DERInteger;
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.DERUTCTime;
PKIX RFC-2459 - TBSCertList object.
TBSCertList ::= SEQUENCE {
version Version OPTIONAL,
-- if present, shall be v2
signature AlgorithmIdentifier,
issuer Name,
thisUpdate Time,
nextUpdate Time OPTIONAL,
revokedCertificates SEQUENCE OF SEQUENCE {
userCertificate CertificateSerialNumber,
revocationDate Time,
crlEntryExtensions Extensions OPTIONAL
-- if present, shall be v2
} OPTIONAL,
crlExtensions [0] EXPLICIT Extensions OPTIONAL
-- if present, shall be v2
}
/**
* PKIX RFC-2459 - TBSCertList object.
* <pre>
* TBSCertList ::= SEQUENCE {
* version Version OPTIONAL,
* -- if present, shall be v2
* signature AlgorithmIdentifier,
* issuer Name,
* thisUpdate Time,
* nextUpdate Time OPTIONAL,
* revokedCertificates SEQUENCE OF SEQUENCE {
* userCertificate CertificateSerialNumber,
* revocationDate Time,
* crlEntryExtensions Extensions OPTIONAL
* -- if present, shall be v2
* } OPTIONAL,
* crlExtensions [0] EXPLICIT Extensions OPTIONAL
* -- if present, shall be v2
* }
* </pre>
*/
public class TBSCertList
extends ASN1Encodable
{
public static class CRLEntry
extends ASN1Encodable
{
ASN1Sequence seq;
DERInteger userCertificate;
Time revocationDate;
X509Extensions crlEntryExtensions;
public CRLEntry(
ASN1Sequence seq)
{
if (seq.size() < 2 || seq.size() > 3)
{
throw new IllegalArgumentException("Bad sequence size: " + seq.size());
}
this.seq = seq;
userCertificate = DERInteger.getInstance(seq.getObjectAt(0));
revocationDate = Time.getInstance(seq.getObjectAt(1));
}
public DERInteger getUserCertificate()
{
return userCertificate;
}
public Time getRevocationDate()
{
return revocationDate;
}
public X509Extensions getExtensions()
{
if (crlEntryExtensions == null && seq.size() == 3)
{
crlEntryExtensions = X509Extensions.getInstance(seq.getObjectAt(2));
}
return crlEntryExtensions;
}
public DERObject toASN1Object()
{
return seq;
}
}
private class RevokedCertificatesEnumeration
implements Enumeration
{
private final Enumeration en;
RevokedCertificatesEnumeration(Enumeration en)
{
this.en = en;
}
public boolean hasMoreElements()
{
return en.hasMoreElements();
}
public Object nextElement()
{
return new CRLEntry(ASN1Sequence.getInstance(en.nextElement()));
}
}
private class EmptyEnumeration
implements Enumeration
{
public boolean hasMoreElements()
{
return false;
}
public Object nextElement()
{
return null; // TODO: check exception handling
}
}
ASN1Sequence seq;
DERInteger version;
AlgorithmIdentifier signature;
X509Name issuer;
Time thisUpdate;
Time nextUpdate;
ASN1Sequence revokedCertificates;
X509Extensions crlExtensions;
public static TBSCertList getInstance(
ASN1TaggedObject obj,
boolean explicit)
{
return getInstance(ASN1Sequence.getInstance(obj, explicit));
}
public static TBSCertList getInstance(
Object obj)
{
if (obj instanceof TBSCertList)
{
return (TBSCertList)obj;
}
else if (obj instanceof ASN1Sequence)
{
return new TBSCertList((ASN1Sequence)obj);
}
throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName());
}
public TBSCertList(
ASN1Sequence seq)
{
if (seq.size() < 3 || seq.size() > 7)
{
throw new IllegalArgumentException("Bad sequence size: " + seq.size());
}
int seqPos = 0;
this.seq = seq;
if (seq.getObjectAt(seqPos) instanceof DERInteger)
{
version = DERInteger.getInstance(seq.getObjectAt(seqPos++));
}
else
{
version = new DERInteger(0);
}
signature = AlgorithmIdentifier.getInstance(seq.getObjectAt(seqPos++));
issuer = X509Name.getInstance(seq.getObjectAt(seqPos++));
thisUpdate = Time.getInstance(seq.getObjectAt(seqPos++));
if (seqPos < seq.size()
&& (seq.getObjectAt(seqPos) instanceof DERUTCTime
|| seq.getObjectAt(seqPos) instanceof DERGeneralizedTime
|| seq.getObjectAt(seqPos) instanceof Time))
{
nextUpdate = Time.getInstance(seq.getObjectAt(seqPos++));
}
if (seqPos < seq.size()
&& !(seq.getObjectAt(seqPos) instanceof DERTaggedObject))
{
revokedCertificates = ASN1Sequence.getInstance(seq.getObjectAt(seqPos++));
}
if (seqPos < seq.size()
&& seq.getObjectAt(seqPos) instanceof DERTaggedObject)
{
crlExtensions = X509Extensions.getInstance(seq.getObjectAt(seqPos));
}
}
public int getVersion()
{
return version.getValue().intValue() + 1;
}
public DERInteger getVersionNumber()
{
return version;
}
public AlgorithmIdentifier getSignature()
{
return signature;
}
public X509Name getIssuer()
{
return issuer;
}
public Time getThisUpdate()
{
return thisUpdate;
}
public Time getNextUpdate()
{
return nextUpdate;
}
public CRLEntry[] getRevokedCertificates()
{
if (revokedCertificates == null)
{
return new CRLEntry[0];
}
CRLEntry[] entries = new CRLEntry[revokedCertificates.size()];
for (int i = 0; i < entries.length; i++)
{
entries[i] = new CRLEntry(ASN1Sequence.getInstance(revokedCertificates.getObjectAt(i)));
}
return entries;
}
public Enumeration getRevokedCertificateEnumeration()
{
if (revokedCertificates == null)
{
return new EmptyEnumeration();
}
return new RevokedCertificatesEnumeration(revokedCertificates.getObjects());
}
public X509Extensions getExtensions()
{
return crlExtensions;
}
public DERObject toASN1Object()
{
return seq;
}
}