001    /* X509CRL.java --- X.509 Certificate Revocation List
002       Copyright (C) 1999, 2004  Free Software Foundation, Inc.
003    
004    This file is part of GNU Classpath.
005    
006    GNU Classpath is free software; you can redistribute it and/or modify
007    it under the terms of the GNU General Public License as published by
008    the Free Software Foundation; either version 2, or (at your option)
009    any later version.
010     
011    GNU Classpath is distributed in the hope that it will be useful, but
012    WITHOUT ANY WARRANTY; without even the implied warranty of
013    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
014    General Public License for more details.
015    
016    You should have received a copy of the GNU General Public License
017    along with GNU Classpath; see the file COPYING.  If not, write to the
018    Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
019    02110-1301 USA.
020    
021    Linking this library statically or dynamically with other modules is
022    making a combined work based on this library.  Thus, the terms and
023    conditions of the GNU General Public License cover the whole
024    combination.
025    
026    As a special exception, the copyright holders of this library give you
027    permission to link this library with independent modules to produce an
028    executable, regardless of the license terms of these independent
029    modules, and to copy and distribute the resulting executable under
030    terms of your choice, provided that you also meet, for each linked
031    independent module, the terms and conditions of the license of that
032    module.  An independent module is a module which is not derived from
033    or based on this library.  If you modify this library, you may extend
034    this exception to your version of the library, but you are not
035    obligated to do so.  If you do not wish to do so, delete this
036    exception statement from your version. */
037    
038    
039    package java.security.cert;
040    
041    import java.math.BigInteger;
042    import java.security.InvalidKeyException;
043    import java.security.NoSuchAlgorithmException;
044    import java.security.NoSuchProviderException;
045    import java.security.Principal;
046    import java.security.PublicKey;
047    import java.security.SignatureException;
048    import java.util.Date;
049    import java.util.Set;
050    
051    import javax.security.auth.x500.X500Principal;
052    
053    /**
054       The X509CRL class is the abstract class used to manage
055       X.509 Certificate Revocation Lists. The CRL is a list of
056       time stamped entries which indicate which lists have been
057       revoked. The list is signed by a Certificate Authority (CA)
058       and made publically available in a repository.
059       
060       Each revoked certificate in the CRL is identified by its 
061       certificate serial number. When a piece of code uses a 
062       certificate, the certificates validity is checked by 
063       validating its signature and determing that it is not
064       only a recently acquired CRL. The recently aquired CRL
065       is depends on the local policy in affect. The CA issues
066       a new CRL periodically and entries are removed as the 
067       certificate expiration date is reached
068       
069       
070       A description of the X.509 v2 CRL follows below from rfc2459.
071       
072       "The X.509 v2 CRL syntax is as follows.  For signature calculation,
073       the data that is to be signed is ASN.1 DER encoded.  ASN.1 DER
074       encoding is a tag, length, value encoding system for each element.
075       
076               CertificateList  ::=  SEQUENCE  {
077                    tbsCertList          TBSCertList,
078                    signatureAlgorithm   AlgorithmIdentifier,
079                    signatureValue       BIT STRING  }
080            
081               TBSCertList  ::=  SEQUENCE  {
082                    version                 Version OPTIONAL,
083                                         -- if present, shall be v2
084                    signature               AlgorithmIdentifier,
085                    issuer                  Name,
086                    thisUpdate              Time,
087                    nextUpdate              Time OPTIONAL,
088                    revokedCertificates     SEQUENCE OF SEQUENCE  {
089                         userCertificate         CertificateSerialNumber,
090                         revocationDate          Time,
091                         crlEntryExtensions      Extensions OPTIONAL
092                                                       -- if present, shall be v2
093                                              }  OPTIONAL,
094                    crlExtensions           [0]  EXPLICIT Extensions OPTIONAL
095                                                       -- if present, shall be v2
096                                              }"
097    
098            @author Mark Benvenuto
099    
100            @since 1.2
101    */
102    public abstract class X509CRL extends CRL implements X509Extension
103    {
104    
105      /**
106         Constructs a new X509CRL.
107      */
108      protected X509CRL()
109      {
110        super("X.509");
111      }
112    
113      /**
114         Compares this X509CRL to other. It checks if the
115         object if instanceOf X509CRL and then checks if
116         the encoded form matches.
117    
118         @param other An Object to test for equality
119    
120         @return true if equal, false otherwise
121      */
122      public boolean equals(Object other)
123      {
124        if( other instanceof X509CRL ) {
125          try {
126            X509CRL x = (X509CRL) other;
127            if( getEncoded().length != x.getEncoded().length )
128              return false;
129    
130            byte[] b1 = getEncoded();
131            byte[] b2 = x.getEncoded();
132    
133            for( int i = 0; i < b1.length; i++ )
134              if( b1[i] != b2[i] )
135                return false;
136    
137          } catch( CRLException crle ) { 
138            return false;
139          }
140          return true;
141        }
142        return false;
143      }
144    
145      /**
146         Returns a hash code for this X509CRL in its encoded
147         form.
148    
149         @return A hash code of this class
150      */
151      public int hashCode()
152      {
153        return super.hashCode();
154      }
155    
156      /**
157         Gets the DER ASN.1 encoded format for this X.509 CRL.
158    
159         @return byte array containg encoded form
160    
161         @throws CRLException if an error occurs
162      */
163      public abstract byte[] getEncoded() throws CRLException;
164    
165      /**
166         Verifies that this CRL was properly signed with the
167         PublicKey that corresponds to its private key. 
168    
169         @param key PublicKey to verify with
170    
171         @throws CRLException encoding error
172         @throws NoSuchAlgorithmException unsupported algorithm
173         @throws InvalidKeyException incorrect key
174         @throws NoSuchProviderException no provider
175         @throws SignatureException signature error
176      */
177      public abstract void verify(PublicKey key)
178        throws CRLException,
179        NoSuchAlgorithmException,
180        InvalidKeyException,
181        NoSuchProviderException,
182        SignatureException;
183    
184      /**
185         Verifies that this CRL was properly signed with the
186         PublicKey that corresponds to its private key and uses
187         the signature engine provided by the provider. 
188    
189         @param key PublicKey to verify with
190         @param sigProvider Provider to use for signature algorithm
191    
192         @throws CRLException encoding error
193         @throws NoSuchAlgorithmException unsupported algorithm
194         @throws InvalidKeyException incorrect key
195         @throws NoSuchProviderException incorrect provider
196         @throws SignatureException signature error
197      */
198      public abstract void verify(PublicKey key,
199                                  String sigProvider)
200        throws CRLException,
201        NoSuchAlgorithmException,
202        InvalidKeyException,
203        NoSuchProviderException,
204        SignatureException;
205    
206      /**
207         Gets the version of this CRL.
208    
209         The ASN.1 encoding is:
210    
211         version                 Version OPTIONAL,
212         -- if present, shall be v2
213    
214         Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
215    
216         Consult rfc2459 for more information.
217    
218         @return the version number, Ex: 1 or 2
219      */
220      public abstract int getVersion();
221    
222      /**
223         Returns the issuer (issuer distinguished name) of the CRL.
224         The issuer is the entity who signed and issued the 
225         Certificate Revocation List.
226    
227         The ASN.1 DER encoding is:
228    
229         issuer                  Name,
230    
231         Name ::= CHOICE {
232         RDNSequence }
233    
234         RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
235    
236         RelativeDistinguishedName ::=
237         SET OF AttributeTypeAndValue
238    
239         AttributeTypeAndValue ::= SEQUENCE {
240         type     AttributeType,
241         value    AttributeValue }
242    
243         AttributeType ::= OBJECT IDENTIFIER
244    
245         AttributeValue ::= ANY DEFINED BY AttributeType
246    
247         DirectoryString ::= CHOICE {
248         teletexString           TeletexString (SIZE (1..MAX)),
249         printableString         PrintableString (SIZE (1..MAX)),
250         universalString         UniversalString (SIZE (1..MAX)),
251         utf8String              UTF8String (SIZE (1.. MAX)),
252         bmpString               BMPString (SIZE (1..MAX)) }
253    
254         Consult rfc2459 for more information.
255    
256         @return the issuer in the Principal class
257      */
258      public abstract Principal getIssuerDN();
259    
260      /**
261         Returns the thisUpdate date of the CRL.
262    
263         The ASN.1 DER encoding is:
264    
265         thisUpdate              Time,
266    
267         Time ::= CHOICE {
268         utcTime        UTCTime,
269         generalTime    GeneralizedTime }
270    
271         Consult rfc2459 for more information.
272    
273         @return the thisUpdate date
274      */
275      public abstract Date getThisUpdate();
276    
277      /*
278        Gets the nextUpdate field
279    
280        The ASN.1 DER encoding is:
281    
282        nextUpdate              Time OPTIONAL,
283    
284        Time ::= CHOICE {
285        utcTime        UTCTime,
286        generalTime    GeneralizedTime }
287    
288        Consult rfc2459 for more information.
289    
290        @return the nextUpdate date
291      */
292      public abstract Date getNextUpdate();
293    
294      /**
295         Gets the requeste dX509Entry for the specified
296         certificate serial number.
297    
298         @return a X509CRLEntry representing the X.509 CRL entry
299      */
300      public abstract X509CRLEntry getRevokedCertificate(BigInteger serialNumber);
301    
302      /**
303         Returns a Set of revoked certificates.
304    
305         @return a set of revoked certificates.
306      */
307      public abstract Set<? extends X509CRLEntry> getRevokedCertificates();
308    
309      /**
310         Returns the DER ASN.1 encoded tbsCertList which is 
311         the basic information of the list and associated certificates
312         in the encoded state. See top for more information.
313    
314         The ASN.1 DER encoding is:
315    
316         tbsCertList          TBSCertList,
317    
318         Consult rfc2459 for more information.
319    
320         @return byte array representing tbsCertList
321      */
322      public abstract byte[] getTBSCertList() throws CRLException;
323    
324    
325      /**
326         Returns the signature for the CRL. 
327    
328         The ASN.1 DER encoding is:
329    
330         signatureValue       BIT STRING
331    
332         Consult rfc2459 for more information.
333      */
334      public abstract byte[] getSignature();
335    
336      /**
337         Returns the signature algorithm used to sign the CRL. 
338         An examples is "SHA-1/DSA".
339    
340         The ASN.1 DER encoding is:
341    
342         signatureAlgorithm   AlgorithmIdentifier,
343    
344         AlgorithmIdentifier  ::=  SEQUENCE  {
345         algorithm               OBJECT IDENTIFIER,
346         parameters              ANY DEFINED BY algorithm OPTIONAL  }
347    
348         Consult rfc2459 for more information.
349    
350         The algorithm name is determined from the OID.
351    
352         @return a string with the signature algorithm name
353      */
354      public abstract String getSigAlgName();
355    
356      /**
357         Returns the OID for the signature algorithm used.
358         Example "1.2.840.10040.4.3" is return for SHA-1 with DSA.\
359    
360         The ASN.1 DER encoding for the example is:
361    
362         id-dsa-with-sha1 ID  ::=  {
363         iso(1) member-body(2) us(840) x9-57 (10040)
364         x9cm(4) 3 }
365    
366         Consult rfc2459 for more information.
367    
368         @return a string containing the OID.
369      */
370      public abstract String getSigAlgOID();
371    
372      /**
373         Returns the AlgorithmParameters in the encoded form
374         for the signature algorithm used. 
375    
376         If access to the parameters is need, create an 
377         instance of AlgorithmParameters.
378    
379         @return byte array containing algorithm parameters, null
380         if no parameters are present in CRL
381      */
382      public abstract byte[] getSigAlgParams();
383    
384      // 1.4 instance methods.
385      // ------------------------------------------------------------------------
386    
387      /**
388       * Returns the X.500 distinguished name of this CRL's issuer.
389       *
390       * @return The issuer's X.500 distinguished name.
391       * @since JDK 1.4
392       */
393      public X500Principal getIssuerX500Principal()
394      {
395        throw new UnsupportedOperationException();
396      }
397    }