1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
|
package model.pki.cert;
import annotations.Assoc;
import model.asn1.*;
import model.asn1.exceptions.ParseException;
import model.asn1.parsing.BytesReader;
import java.util.Arrays;
import java.util.Collection;
import java.util.stream.Stream;
/**
* Represents the following ASN.1 structure:
* <pre>
* Validity ::= SEQUENCE {
* notBefore Time,
* notAfter Time,
* ...
* }
*
* Time ::= CHOICE {
* utcTime UTCTime,
* generalizedTime GeneralizedTime
* }
* </pre>
* It describes the validity period of the certificate.
*/
public class Validity extends ASN1Object {
/**
* The certificate is not valid before that time.
*/
@Assoc(partOf = true)
private final ASN1Time notBefore;
/**
* The certificate is not valid after that time.
*/
@Assoc(partOf = true)
private final ASN1Time notAfter;
/**
* EFFECTS: Init with the given tag, parentTag, notBefore, and notAfter. For more info on tag and parentTag, see
* {@link ASN1Object}.
* REQUIRES: notBefore and notAfter are either UTCTime or GeneralizedTime.
*/
public Validity(Tag tag, Tag parentTag,
ASN1Time notBefore, ASN1Time notAfter) {
super(tag, parentTag);
this.notBefore = notBefore;
this.notAfter = notAfter;
}
/**
* EFFECTS: Parse input DER.
* Throws {@link ASN1Object} if invalid:
* - Any fields missing (info, algorithm, signature)
* - Any fields having an incorrect tag (as seen in the ASN.1 definition)
* - Any fields with encoding instructions that violate implicit / explicit encoding rules
* - Other issues found during parsing the object, like early EOF (see {@link ASN1Object})
* MODIFIES: this, encoded
*/
public Validity(BytesReader encoded, boolean hasParentTag) throws ParseException {
super(encoded, hasParentTag);
if (encoded.detectTag(GeneralizedTime.TAG)) {
this.notBefore = new GeneralizedTime(encoded, false);
this.notBefore.getTag().enforce(GeneralizedTime.TAG);
} else {
this.notBefore = new UtcTime(encoded, false);
this.notBefore.getTag().enforce(UtcTime.TAG);
}
if (encoded.detectTag(GeneralizedTime.TAG)) {
this.notAfter = new GeneralizedTime(encoded, false);
this.notAfter.getTag().enforce(GeneralizedTime.TAG);
} else {
this.notAfter = new UtcTime(encoded, false);
this.notAfter.getTag().enforce(UtcTime.TAG);
}
}
/**
* EFFECTS: Encode into ordered DER.
*/
@Override
public Byte[] encodeValueDER() {
return Stream.of(Arrays.asList(notBefore.encodeDER()),
Arrays.asList(notAfter.encodeDER()))
.flatMap(Collection::stream)
.toArray(Byte[]::new);
}
public ASN1Time getNotBefore() {
return notBefore;
}
public ASN1Time getNotAfter() {
return notAfter;
}
}
|
