package model.pki.crl; import model.asn1.*; import model.pki.AlgorithmIdentifier; import model.x501.Name; import java.util.Arrays; import java.util.Collection; import java.util.Collections; import java.util.List; import java.util.stream.Collectors; import java.util.stream.Stream; /** * Represents a CRL content: * *
* CertificateListContent ::= SEQUENCE { * version Version OPTIONAL, * -- if present, version shall be v2 * signature AlgorithmIdentifier{{SupportedAlgorithms}}, * issuer Name, * thisUpdate Time, * nextUpdate Time OPTIONAL, * revokedCertificates SEQUENCE OF SEQUENCE { * serialNumber CertificateSerialNumber, * revocationDate Time, * crlEntryExtensions Extensions OPTIONAL, * ...} OPTIONAL, * ..., * ..., * crlExtensions [0] Extensions OPTIONAL } ** * A CRL is a signed object published by the CA that revokes any certificates signed by this CA before their * expiration. Relying-parties should check the CRL from corresponding CDPs to see if the certificate to check is * already revoked. * Because the CA will only generate CRLs, this object won't be parsed. */ public class CertificateListContent extends ASN1Object { private final Int version = new Int(Int.TAG, null, 1); private final Name issuer; private final AlgorithmIdentifier signature; private final ASN1Time thisUpdate; private final ASN1Time nextUpdate; private final RevokedCertificate[] revokedCertificates; /** * EFFECTS: Init with tags and the given parameters. Version is always set to 1. * REQUIRES: except for nextUpdate, all other fields are non-null; items in revokedCerts should be SEQUENCE. */ public CertificateListContent(Tag tag, Tag parentTag, Name issuer, AlgorithmIdentifier signature, ASN1Time thisUpdate, ASN1Time nextUpdate, RevokedCertificate[] revokedCertificates) { super(tag, parentTag); this.issuer = issuer; this.signature = signature; this.thisUpdate = thisUpdate; this.nextUpdate = nextUpdate; this.revokedCertificates = revokedCertificates; } @Override public Byte[] encodeValueDER() { final List