package org.bouncycastle.asn1.x509;

import java.util.Enumeration;
import java.util.NoSuchElementException;

import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1GeneralizedTime;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1Object;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.ASN1UTCTime;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.x500.X500Name;

PKIX RFC-2459 - TBSCertList object.
TBSCertList  ::=  SEQUENCE  {
     version                 Version OPTIONAL,
                                  -- if present, shall be v2
     signature               AlgorithmIdentifier,
     issuer                  Name,
     thisUpdate              Time,
     nextUpdate              Time OPTIONAL,
     revokedCertificates     SEQUENCE OF SEQUENCE  {
          userCertificate         CertificateSerialNumber,
          revocationDate          Time,
          crlEntryExtensions      Extensions OPTIONAL
                                        -- if present, shall be v2
                               }  OPTIONAL,
     crlExtensions           [0]  EXPLICIT Extensions OPTIONAL
                                        -- if present, shall be v2
                               }
/** * PKIX RFC-2459 - TBSCertList object. * <pre> * TBSCertList ::= SEQUENCE { * version Version OPTIONAL, * -- if present, shall be v2 * signature AlgorithmIdentifier, * issuer Name, * thisUpdate Time, * nextUpdate Time OPTIONAL, * revokedCertificates SEQUENCE OF SEQUENCE { * userCertificate CertificateSerialNumber, * revocationDate Time, * crlEntryExtensions Extensions OPTIONAL * -- if present, shall be v2 * } OPTIONAL, * crlExtensions [0] EXPLICIT Extensions OPTIONAL * -- if present, shall be v2 * } * </pre> */
public class TBSCertList extends ASN1Object { public static class CRLEntry extends ASN1Object { ASN1Sequence seq; Extensions crlEntryExtensions; private CRLEntry( ASN1Sequence seq) { if (seq.size() < 2 || seq.size() > 3) { throw new IllegalArgumentException("Bad sequence size: " + seq.size()); } this.seq = seq; } public static CRLEntry getInstance(Object o) { if (o instanceof CRLEntry) { return ((CRLEntry)o); } else if (o != null) { return new CRLEntry(ASN1Sequence.getInstance(o)); } return null; } public ASN1Integer getUserCertificate() { return ASN1Integer.getInstance(seq.getObjectAt(0)); } public Time getRevocationDate() { return Time.getInstance(seq.getObjectAt(1)); } public Extensions getExtensions() { if (crlEntryExtensions == null && seq.size() == 3) { crlEntryExtensions = Extensions.getInstance(seq.getObjectAt(2)); } return crlEntryExtensions; } public ASN1Primitive toASN1Primitive() { return seq; } public boolean hasExtensions() { return seq.size() == 3; } } private class RevokedCertificatesEnumeration implements Enumeration { private final Enumeration en; RevokedCertificatesEnumeration(Enumeration en) { this.en = en; } public boolean hasMoreElements() { return en.hasMoreElements(); } public Object nextElement() { return CRLEntry.getInstance(en.nextElement()); } } private class EmptyEnumeration implements Enumeration { public boolean hasMoreElements() { return false; } public Object nextElement() { throw new NoSuchElementException("Empty Enumeration"); } } ASN1Integer version; AlgorithmIdentifier signature; X500Name issuer; Time thisUpdate; Time nextUpdate; ASN1Sequence revokedCertificates; Extensions crlExtensions; public static TBSCertList getInstance( ASN1TaggedObject obj, boolean explicit) { return getInstance(ASN1Sequence.getInstance(obj, explicit)); } public static TBSCertList getInstance( Object obj) { if (obj instanceof TBSCertList) { return (TBSCertList)obj; } else if (obj != null) { return new TBSCertList(ASN1Sequence.getInstance(obj)); } return null; } public TBSCertList( ASN1Sequence seq) { if (seq.size() < 3 || seq.size() > 7) { throw new IllegalArgumentException("Bad sequence size: " + seq.size()); } int seqPos = 0; if (seq.getObjectAt(seqPos) instanceof ASN1Integer) { version = ASN1Integer.getInstance(seq.getObjectAt(seqPos++)); } else { version = null; // version is optional } signature = AlgorithmIdentifier.getInstance(seq.getObjectAt(seqPos++)); issuer = X500Name.getInstance(seq.getObjectAt(seqPos++)); thisUpdate = Time.getInstance(seq.getObjectAt(seqPos++)); if (seqPos < seq.size() && (seq.getObjectAt(seqPos) instanceof ASN1UTCTime || seq.getObjectAt(seqPos) instanceof ASN1GeneralizedTime || seq.getObjectAt(seqPos) instanceof Time)) { nextUpdate = Time.getInstance(seq.getObjectAt(seqPos++)); } if (seqPos < seq.size() && !(seq.getObjectAt(seqPos) instanceof ASN1TaggedObject)) { revokedCertificates = ASN1Sequence.getInstance(seq.getObjectAt(seqPos++)); } if (seqPos < seq.size() && seq.getObjectAt(seqPos) instanceof ASN1TaggedObject) { crlExtensions = Extensions.getInstance(ASN1Sequence.getInstance((ASN1TaggedObject)seq.getObjectAt(seqPos), true)); } } public int getVersionNumber() { if (version == null) { return 1; } return version.getValue().intValue() + 1; } public ASN1Integer getVersion() { return version; } public AlgorithmIdentifier getSignature() { return signature; } public X500Name getIssuer() { return issuer; } public Time getThisUpdate() { return thisUpdate; } public Time getNextUpdate() { return nextUpdate; } public CRLEntry[] getRevokedCertificates() { if (revokedCertificates == null) { return new CRLEntry[0]; } CRLEntry[] entries = new CRLEntry[revokedCertificates.size()]; for (int i = 0; i < entries.length; i++) { entries[i] = CRLEntry.getInstance(revokedCertificates.getObjectAt(i)); } return entries; } public Enumeration getRevokedCertificateEnumeration() { if (revokedCertificates == null) { return new EmptyEnumeration(); } return new RevokedCertificatesEnumeration(revokedCertificates.getObjects()); } public Extensions getExtensions() { return crlExtensions; } public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); if (version != null) { v.add(version); } v.add(signature); v.add(issuer); v.add(thisUpdate); if (nextUpdate != null) { v.add(nextUpdate); } // Add CRLEntries if they exist if (revokedCertificates != null) { v.add(revokedCertificates); } if (crlExtensions != null) { v.add(new DERTaggedObject(0, crlExtensions)); } return new DERSequence(v); } }