diff options
Diffstat (limited to 'src/main/model/pki/cert')
| -rw-r--r-- | src/main/model/pki/cert/Certificate.java | 16 | ||||
| -rw-r--r-- | src/main/model/pki/cert/Extension.java | 20 | ||||
| -rw-r--r-- | src/main/model/pki/cert/Extensions.java | 5 | ||||
| -rw-r--r-- | src/main/model/pki/cert/TbsCertificate.java | 49 | ||||
| -rw-r--r-- | src/main/model/pki/cert/Validity.java | 12 |
5 files changed, 52 insertions, 50 deletions
diff --git a/src/main/model/pki/cert/Certificate.java b/src/main/model/pki/cert/Certificate.java index 4e6c291..25499e3 100644 --- a/src/main/model/pki/cert/Certificate.java +++ b/src/main/model/pki/cert/Certificate.java @@ -42,7 +42,7 @@ import java.util.stream.Stream; * COMPONENTS OF SIGNATURE{ToBeSigned}, * ... } * </pre> - * + * <p> * A certificate creates a binding between the proposed subject name and the public key. It is only valid once a trusted * CA signs it. Relying parties only need to trust a single trust anchor (the Root CA), and all of its issued certs are * trusted. This is done through the cert tree: each certificate contains the Issued By field, indicating the DN of the @@ -82,11 +82,11 @@ public class Certificate extends ASN1Object { /** * EFFECTS: Parse input DER, without verifying the signature. - * Throws {@link ParseException} if the input is invalid: - * - Any fields missing - * - Any fields having an incorrect tag (as seen in the ASN.1 definition) - * - Any fields with encoding instructions that violate implicit / explicit encoding rules - * - Other issues found during parsing the object, like early EOF (see {@link ASN1Object}) + * Throws {@link ParseException} if the input is invalid: + * - Any fields missing + * - Any fields having an incorrect tag (as seen in the ASN.1 definition) + * - Any fields with encoding instructions that violate implicit / explicit encoding rules + * - Other issues found during parsing the object, like early EOF (see {@link ASN1Object}) * MODIFIES: this, encoded */ public Certificate(BytesReader encoded, boolean hasParentTag) throws ParseException { @@ -107,8 +107,8 @@ public class Certificate extends ASN1Object { @Override public Byte[] encodeValueDER() { return Stream.of(Arrays.asList(certificate.encodeDER()), - Arrays.asList(signatureAlgorithm.encodeDER()), - Arrays.asList(signature.encodeDER())) + Arrays.asList(signatureAlgorithm.encodeDER()), + Arrays.asList(signature.encodeDER())) .flatMap(Collection::stream) .toArray(Byte[]::new); } diff --git a/src/main/model/pki/cert/Extension.java b/src/main/model/pki/cert/Extension.java index 0c104a4..9db83b2 100644 --- a/src/main/model/pki/cert/Extension.java +++ b/src/main/model/pki/cert/Extension.java @@ -62,13 +62,13 @@ public class Extension extends ASN1Object { /** * EFFECTS: Parse input DER. - * Throws {@link ParseException} if the input is invalid: - * - Any fields missing - * - Any fields having an incorrect tag (as seen in the ASN.1 definition) - * - Any fields with encoding instructions that violate implicit / explicit encoding rules - * - Other issues found during parsing the object, like early EOF (see {@link ASN1Object}) - * Note that critical is optional, and if it does not exist, it will be left as null, and it should be treated as - * false. + * Throws {@link ParseException} if the input is invalid: + * - Any fields missing + * - Any fields having an incorrect tag (as seen in the ASN.1 definition) + * - Any fields with encoding instructions that violate implicit / explicit encoding rules + * - Other issues found during parsing the object, like early EOF (see {@link ASN1Object}) + * Note that critical is optional, and if it does not exist, it will be left as null, and it should be treated as + * false. * MODIFIES: this, encoded */ public Extension(BytesReader encoded, boolean hasParentType) throws ParseException { @@ -92,9 +92,9 @@ public class Extension extends ASN1Object { @Override public Byte[] encodeValueDER() { return Stream.of(Arrays.asList(extnId.encodeDER()), - critical == null ? Collections.<Byte>emptyList() : - Arrays.asList(critical.encodeDER()), - Arrays.asList(extnValue.encodeDER())) + critical == null ? Collections.<Byte>emptyList() : + Arrays.asList(critical.encodeDER()), + Arrays.asList(extnValue.encodeDER())) .flatMap(Collection::stream) .toArray(Byte[]::new); } diff --git a/src/main/model/pki/cert/Extensions.java b/src/main/model/pki/cert/Extensions.java index 780fa2c..72d641f 100644 --- a/src/main/model/pki/cert/Extensions.java +++ b/src/main/model/pki/cert/Extensions.java @@ -5,7 +5,6 @@ import model.asn1.Encodable; import model.asn1.Tag; import model.asn1.exceptions.ParseException; import model.asn1.parsing.BytesReader; -import model.x501.RelativeDistinguishedName; import java.util.ArrayList; import java.util.Arrays; @@ -33,13 +32,13 @@ public class Extensions extends ASN1Object { /** * EFFECT: Parse the Name from input DER bytes. For details on parsing, refer to {@link ASN1Object}. - * Throws {@link ParseException} for invalid input. + * Throws {@link ParseException} for invalid input. * MODIFIES: this, encoded */ public Extensions(BytesReader encoded, boolean hasParentTag) throws ParseException { super(encoded, hasParentTag); final List<Extension> list = new ArrayList<>(); - for (int i = 0; i < getLength();) { + for (int i = 0; i < getLength(); ) { int index = encoded.getIndex(); final Extension ext = new Extension(encoded, false); ext.getTag().enforce(TAG_SEQUENCE); diff --git a/src/main/model/pki/cert/TbsCertificate.java b/src/main/model/pki/cert/TbsCertificate.java index ce228af..84cf0ba 100644 --- a/src/main/model/pki/cert/TbsCertificate.java +++ b/src/main/model/pki/cert/TbsCertificate.java @@ -1,6 +1,9 @@ package model.pki.cert; -import model.asn1.*; +import model.asn1.ASN1Object; +import model.asn1.Int; +import model.asn1.Tag; +import model.asn1.TagClass; import model.asn1.exceptions.ParseException; import model.asn1.parsing.BytesReader; import model.pki.AlgorithmIdentifier; @@ -45,7 +48,7 @@ import java.util.stream.Stream; * ID id-at-uniqueIdentifier } * UniqueIdentifier ::= BIT STRING * </pre> - * + * <p> * NOTE that subjectUniqueIdentifier and issuerUniqueIdentifier are not supported. */ public class TbsCertificate extends ASN1Object { @@ -103,21 +106,21 @@ public class TbsCertificate extends ASN1Object { /** * EFFECTS: Init with the given parameters. For tag and parentTag, see {@link ASN1Object}. * REQUIRES: - * - Version must be V1, V2, or V3. - * - {issuer,subject}UniqueIdentifier could be null. - * - If {issuer,subject}UniqueIdentifier presents, version must be V2 or V3. - * - Extensions could be null. - * - If extensions presents, version must be V3. - * - The signature should be valid. - * - Field and Desired Tags: - * version CONTEXT SPECIFIC 0 (EXPLICIT), INTEGER, OPTIONAL DEFAULT v1 - * serialNumber INTEGER - * signature SEQUENCE - * issuer SEQUENCE - * validity SEQUENCE - * subject SEQUENCE - * subjectPublicKeyInfo SEQUENCE - * extensions CONTEXT SPECIFIC 3 (EXPLICIT), SEQUENCE, OPTIONAL + * - Version must be V1, V2, or V3. + * - {issuer,subject}UniqueIdentifier could be null. + * - If {issuer,subject}UniqueIdentifier presents, version must be V2 or V3. + * - Extensions could be null. + * - If extensions presents, version must be V3. + * - The signature should be valid. + * - Field and Desired Tags: + * version CONTEXT SPECIFIC 0 (EXPLICIT), INTEGER, OPTIONAL DEFAULT v1 + * serialNumber INTEGER + * signature SEQUENCE + * issuer SEQUENCE + * validity SEQUENCE + * subject SEQUENCE + * subjectPublicKeyInfo SEQUENCE + * extensions CONTEXT SPECIFIC 3 (EXPLICIT), SEQUENCE, OPTIONAL */ public TbsCertificate(Tag tag, Tag parentTag, final Int version, @@ -141,12 +144,12 @@ public class TbsCertificate extends ASN1Object { /** * EFFECTS: Parse input DER. - * Throws {@link ASN1Object} if invalid: - * - Any fields missing - * - Any fields having an incorrect parent / inner tag (as seen in the ASN.1 definition) - * - Any fields with encoding instructions that violate implicit / explicit encoding rules - * - extensions are specified, but the version is v1 or v2 - * - Other issues found during parsing the object, like early EOF (see {@link ASN1Object}) + * Throws {@link ASN1Object} if invalid: + * - Any fields missing + * - Any fields having an incorrect parent / inner tag (as seen in the ASN.1 definition) + * - Any fields with encoding instructions that violate implicit / explicit encoding rules + * - extensions are specified, but the version is v1 or v2 + * - Other issues found during parsing the object, like early EOF (see {@link ASN1Object}) * MODIFIES: this, encoded */ public TbsCertificate(BytesReader encoded, boolean hasParentTag) throws ParseException { diff --git a/src/main/model/pki/cert/Validity.java b/src/main/model/pki/cert/Validity.java index 76279ed..e83d326 100644 --- a/src/main/model/pki/cert/Validity.java +++ b/src/main/model/pki/cert/Validity.java @@ -49,11 +49,11 @@ public class Validity extends ASN1Object { /** * EFFECTS: Parse input DER. - * Throws {@link ASN1Object} if invalid: - * - Any fields missing (info, algorithm, signature) - * - Any fields having an incorrect tag (as seen in the ASN.1 definition) - * - Any fields with encoding instructions that violate implicit / explicit encoding rules - * - Other issues found during parsing the object, like early EOF (see {@link ASN1Object}) + * Throws {@link ASN1Object} if invalid: + * - Any fields missing (info, algorithm, signature) + * - Any fields having an incorrect tag (as seen in the ASN.1 definition) + * - Any fields with encoding instructions that violate implicit / explicit encoding rules + * - Other issues found during parsing the object, like early EOF (see {@link ASN1Object}) * MODIFIES: this, encoded */ public Validity(BytesReader encoded, boolean hasParentTag) throws ParseException { @@ -80,7 +80,7 @@ public class Validity extends ASN1Object { @Override public Byte[] encodeValueDER() { return Stream.of(Arrays.asList(notBefore.encodeDER()), - Arrays.asList(notAfter.encodeDER())) + Arrays.asList(notAfter.encodeDER())) .flatMap(Collection::stream) .toArray(Byte[]::new); } |