1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
|
package model.pki.crl;
import annotations.Assoc;
import model.asn1.*;
import model.pki.AlgorithmIdentifier;
import model.x501.Name;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.stream.Collectors;
import java.util.stream.Stream;
/**
* Represents a CRL content:
*
* <pre>
* CertificateListContent ::= SEQUENCE {
* version Version OPTIONAL,
* -- if present, version shall be v2
* signature AlgorithmIdentifier{{SupportedAlgorithms}},
* issuer Name,
* thisUpdate Time,
* nextUpdate Time OPTIONAL,
* revokedCertificates SEQUENCE OF SEQUENCE {
* serialNumber CertificateSerialNumber,
* revocationDate Time,
* crlEntryExtensions Extensions OPTIONAL,
* ...} OPTIONAL,
* ...,
* ...,
* crlExtensions [0] Extensions OPTIONAL }
* </pre>
* <p>
* A CRL is a signed object published by the CA that revokes any certificates signed by this CA before their
* expiration. Relying-parties should check the CRL from corresponding CDPs to see if the certificate to check is
* already revoked.
* Because the CA will only generate CRLs, this object won't be parsed.
*/
public class CertificateListContent extends ASN1Object {
private final Int version = new Int(Int.TAG, null, 1);
@Assoc(partOf = true)
private final Name issuer;
@Assoc(partOf = true)
private final AlgorithmIdentifier signature;
@Assoc(partOf = true)
private final ASN1Time thisUpdate;
@Assoc(partOf = true)
private final ASN1Time nextUpdate;
@Assoc(partOf = true, lowerBond = 0)
private final RevokedCertificate[] revokedCertificates;
/**
* EFFECTS: Init with tags and the given parameters. Version is always set to 1.
* REQUIRES: except for nextUpdate, all other fields are non-null; items in revokedCerts should be SEQUENCE.
*/
public CertificateListContent(Tag tag, Tag parentTag,
Name issuer,
AlgorithmIdentifier signature,
ASN1Time thisUpdate,
ASN1Time nextUpdate,
RevokedCertificate[] revokedCertificates) {
super(tag, parentTag);
this.issuer = issuer;
this.signature = signature;
this.thisUpdate = thisUpdate;
this.nextUpdate = nextUpdate;
this.revokedCertificates = revokedCertificates;
}
@Override
public Byte[] encodeValueDER() {
final List<Byte> itemsEncoded = Arrays.stream(revokedCertificates)
.map(Encodable::encodeDER)
.flatMap(Arrays::stream)
.collect(Collectors.toList());
return Stream.of(Arrays.asList(version.encodeDER()),
Arrays.asList(signature.encodeDER()),
Arrays.asList(issuer.encodeDER()),
Arrays.asList(thisUpdate.encodeDER()),
nextUpdate == null ? Collections.<Byte>emptyList() : Arrays.asList(nextUpdate.encodeDER()),
Arrays.asList(new Tag(TagClass.UNIVERSAL, true, 0x30).encodeDER()),
Arrays.asList(new ASN1Length(itemsEncoded.size()).encodeDER()), itemsEncoded)
.flatMap(Collection::stream)
.toArray(Byte[]::new);
}
public Int getVersion() {
return version;
}
public Name getIssuer() {
return issuer;
}
public AlgorithmIdentifier getSignature() {
return signature;
}
public ASN1Time getThisUpdate() {
return thisUpdate;
}
public ASN1Time getNextUpdate() {
return nextUpdate;
}
public RevokedCertificate[] getRevokedCertificates() {
return revokedCertificates;
}
}
|
