diff options
author | David Hook <dgh@cryptoworkshop.com> | 2014-06-03 15:26:59 +0400 |
---|---|---|
committer | David Hook <dgh@cryptoworkshop.com> | 2014-06-03 15:26:59 +0400 |
commit | d913b0c5e5d9337cccabca173f4babdfaaf22f37 (patch) | |
tree | 6e470874585633fd4a1836d62e09bec591888209 /pkix/src | |
parent | ca724440515e49780946453bba056f3c26fa5b63 (diff) |
BJB-31 added support for including OtherRevocationInfoFormat in crl additions
Diffstat (limited to 'pkix/src')
-rw-r--r-- | pkix/src/main/java/org/bouncycastle/cms/CMSSignedData.java | 10 | ||||
-rw-r--r-- | pkix/src/main/java/org/bouncycastle/cms/CMSUtils.java | 52 |
2 files changed, 43 insertions, 19 deletions
diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSSignedData.java b/pkix/src/main/java/org/bouncycastle/cms/CMSSignedData.java index 0465b771..a17d7909 100644 --- a/pkix/src/main/java/org/bouncycastle/cms/CMSSignedData.java +++ b/pkix/src/main/java/org/bouncycastle/cms/CMSSignedData.java @@ -471,7 +471,7 @@ public class CMSSignedData * @param signedData the signed data object to be used as a base. * @param certificates the new certificates to be used. * @param attrCerts the new attribute certificates to be used. - * @param crls the new CRLs to be used. + * @param revocations the new CRLs to be used - a collection of X509CRLHolder objects, OtherRevocationInfoFormat, or both. * @return a new signed data object. * @exception CMSException if there is an error processing the CertStore */ @@ -479,7 +479,7 @@ public class CMSSignedData CMSSignedData signedData, Store certificates, Store attrCerts, - Store crls) + Store revocations) throws CMSException { // @@ -488,7 +488,7 @@ public class CMSSignedData CMSSignedData cms = new CMSSignedData(signedData); // - // replace the certs and crls in the SignedData object + // replace the certs and revocations in the SignedData object // ASN1Set certSet = null; ASN1Set crlSet = null; @@ -514,9 +514,9 @@ public class CMSSignedData } } - if (crls != null) + if (revocations != null) { - ASN1Set set = CMSUtils.createBerSetFromList(CMSUtils.getCRLsFromStore(crls)); + ASN1Set set = CMSUtils.createBerSetFromList(CMSUtils.getCRLsFromStore(revocations)); if (set.size() != 0) { diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSUtils.java b/pkix/src/main/java/org/bouncycastle/cms/CMSUtils.java index a2914281..41f2c001 100644 --- a/pkix/src/main/java/org/bouncycastle/cms/CMSUtils.java +++ b/pkix/src/main/java/org/bouncycastle/cms/CMSUtils.java @@ -13,6 +13,7 @@ import org.bouncycastle.asn1.ASN1EncodableVector; import org.bouncycastle.asn1.ASN1InputStream; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1Set; +import org.bouncycastle.asn1.ASN1TaggedObject; import org.bouncycastle.asn1.BEROctetStringGenerator; import org.bouncycastle.asn1.BERSet; import org.bouncycastle.asn1.DERSet; @@ -98,18 +99,35 @@ class CMSUtils static List getCRLsFromStore(Store crlStore) throws CMSException { - List certs = new ArrayList(); + List crls = new ArrayList(); try { for (Iterator it = crlStore.getMatches(null).iterator(); it.hasNext();) { - X509CRLHolder c = (X509CRLHolder)it.next(); + Object rev = it.next(); - certs.add(c.toASN1Structure()); + if (rev instanceof X509CRLHolder) + { + X509CRLHolder c = (X509CRLHolder)rev; + + crls.add(c.toASN1Structure()); + } + else if (rev instanceof OtherRevocationInfoFormat) + { + OtherRevocationInfoFormat infoFormat = OtherRevocationInfoFormat.getInstance(rev); + + validateInfoFormat(infoFormat); + + crls.add(new DERTaggedObject(false, 1, infoFormat)); + } + else if (rev instanceof ASN1TaggedObject) + { + crls.add(rev); + } } - return certs; + return crls; } catch (ClassCastException e) { @@ -117,6 +135,19 @@ class CMSUtils } } + private static void validateInfoFormat(OtherRevocationInfoFormat infoFormat) + { + if (CMSObjectIdentifiers.id_ri_ocsp_response.equals(infoFormat.getInfoFormat())) + { + OCSPResponse resp = OCSPResponse.getInstance(infoFormat.getInfo()); + + if (resp.getResponseStatus().getValue().intValue() != OCSPResponseStatus.SUCCESSFUL) + { + throw new IllegalArgumentException("cannot add unsuccessful OCSP response to CMS SignedData"); + } + } + } + static Collection getOthersFromStore(ASN1ObjectIdentifier otherRevocationInfoFormat, Store otherRevocationInfos) { List others = new ArrayList(); @@ -124,18 +155,11 @@ class CMSUtils for (Iterator it = otherRevocationInfos.getMatches(null).iterator(); it.hasNext();) { ASN1Encodable info = (ASN1Encodable)it.next(); + OtherRevocationInfoFormat infoFormat = new OtherRevocationInfoFormat(otherRevocationInfoFormat, info); - if (CMSObjectIdentifiers.id_ri_ocsp_response.equals(otherRevocationInfoFormat)) - { - OCSPResponse resp = OCSPResponse.getInstance(info); - - if (resp.getResponseStatus().getValue().intValue() != OCSPResponseStatus.SUCCESSFUL) - { - throw new IllegalArgumentException("cannot add unsuccessful OCSP response to CMS SignedData"); - } - } + validateInfoFormat(infoFormat); - others.add(new DERTaggedObject(false, 1, new OtherRevocationInfoFormat(otherRevocationInfoFormat, info))); + others.add(new DERTaggedObject(false, 1, infoFormat)); } return others; |