diff options
Diffstat (limited to 'src/main/model/pki/crl/CertificateListContent.java')
-rw-r--r-- | src/main/model/pki/crl/CertificateListContent.java | 106 |
1 files changed, 106 insertions, 0 deletions
diff --git a/src/main/model/pki/crl/CertificateListContent.java b/src/main/model/pki/crl/CertificateListContent.java new file mode 100644 index 0000000..6f75d71 --- /dev/null +++ b/src/main/model/pki/crl/CertificateListContent.java @@ -0,0 +1,106 @@ +package model.pki.crl; + +import model.asn1.*; +import model.pki.AlgorithmIdentifier; +import model.x501.Name; + +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.List; +import java.util.stream.Collectors; +import java.util.stream.Stream; + +/** + * Represents a CRL content: + * + * <pre> + * CertificateListContent ::= SEQUENCE { + * version Version OPTIONAL, + * -- if present, version shall be v2 + * signature AlgorithmIdentifier{{SupportedAlgorithms}}, + * issuer Name, + * thisUpdate Time, + * nextUpdate Time OPTIONAL, + * revokedCertificates SEQUENCE OF SEQUENCE { + * serialNumber CertificateSerialNumber, + * revocationDate Time, + * crlEntryExtensions Extensions OPTIONAL, + * ...} OPTIONAL, + * ..., + * ..., + * crlExtensions [0] Extensions OPTIONAL } + * </pre> + * + * A CRL is a signed object published by the CA that revokes any certificates signed by this CA before their + * expiration. Relying-parties should check the CRL from corresponding CDPs to see if the certificate to check is + * already revoked. + * Because the CA will only generate CRLs, this object won't be parsed. + */ +public class CertificateListContent extends ASN1Object { + private final Int version = new Int(Int.TAG, null, 1); + private final Name issuer; + private final AlgorithmIdentifier signature; + private final ASN1Time thisUpdate; + private final ASN1Time nextUpdate; + private final RevokedCertificate[] revokedCertificates; + + /** + * EFFECTS: Init with tags and the given parameters. Version is always set to 1. + * REQUIRES: except for nextUpdate, all other fields are non-null; items in revokedCerts should be SEQUENCE. + */ + public CertificateListContent(Tag tag, Tag parentTag, + Name issuer, + AlgorithmIdentifier signature, + ASN1Time thisUpdate, + ASN1Time nextUpdate, + RevokedCertificate[] revokedCertificates) { + super(tag, parentTag); + this.issuer = issuer; + this.signature = signature; + this.thisUpdate = thisUpdate; + this.nextUpdate = nextUpdate; + this.revokedCertificates = revokedCertificates; + } + + @Override + public Byte[] encodeValueDER() { + final List<Byte> itemsEncoded = Arrays.stream(revokedCertificates) + .map(Encodable::encodeDER) + .flatMap(Arrays::stream) + .collect(Collectors.toList()); + return Stream.of(Arrays.asList(version.encodeDER()), + Arrays.asList(issuer.encodeDER()), + Arrays.asList(signature.encodeDER()), + Arrays.asList(thisUpdate.encodeDER()), + nextUpdate == null ? Collections.<Byte>emptyList() : Arrays.asList(nextUpdate.encodeDER()), + Arrays.asList(new Tag(TagClass.UNIVERSAL, true, 0x30).encodeDER()), + Arrays.asList(new ASN1Length(itemsEncoded.size()).encodeDER()), itemsEncoded) + .flatMap(Collection::stream) + .toArray(Byte[]::new); + } + + public Int getVersion() { + return version; + } + + public Name getIssuer() { + return issuer; + } + + public AlgorithmIdentifier getSignature() { + return signature; + } + + public ASN1Time getThisUpdate() { + return thisUpdate; + } + + public ASN1Time getNextUpdate() { + return nextUpdate; + } + + public RevokedCertificate[] getRevokedCertificates() { + return revokedCertificates; + } +} |