1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
|
package org.spongycastle.asn1.x509;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;
import org.spongycastle.asn1.ASN1Boolean;
import org.spongycastle.asn1.ASN1EncodableVector;
import org.spongycastle.asn1.ASN1Object;
import org.spongycastle.asn1.ASN1ObjectIdentifier;
import org.spongycastle.asn1.ASN1OctetString;
import org.spongycastle.asn1.ASN1Primitive;
import org.spongycastle.asn1.ASN1Sequence;
import org.spongycastle.asn1.ASN1TaggedObject;
import org.spongycastle.asn1.DERSequence;
/**
* @deprecated use Extensions
*/
public class X509Extensions
extends ASN1Object
{
/**
* Subject Directory Attributes
* @deprecated use X509Extension value.
*/
public static final ASN1ObjectIdentifier SubjectDirectoryAttributes = new ASN1ObjectIdentifier("2.5.29.9");
/**
* Subject Key Identifier
* @deprecated use X509Extension value.
*/
public static final ASN1ObjectIdentifier SubjectKeyIdentifier = new ASN1ObjectIdentifier("2.5.29.14");
/**
* Key Usage
* @deprecated use X509Extension value.
*/
public static final ASN1ObjectIdentifier KeyUsage = new ASN1ObjectIdentifier("2.5.29.15");
/**
* Private Key Usage Period
* @deprecated use X509Extension value.
*/
public static final ASN1ObjectIdentifier PrivateKeyUsagePeriod = new ASN1ObjectIdentifier("2.5.29.16");
/**
* Subject Alternative Name
* @deprecated use X509Extension value.
*/
public static final ASN1ObjectIdentifier SubjectAlternativeName = new ASN1ObjectIdentifier("2.5.29.17");
/**
* Issuer Alternative Name
* @deprecated use X509Extension value.
*/
public static final ASN1ObjectIdentifier IssuerAlternativeName = new ASN1ObjectIdentifier("2.5.29.18");
/**
* Basic Constraints
* @deprecated use X509Extension value.
*/
public static final ASN1ObjectIdentifier BasicConstraints = new ASN1ObjectIdentifier("2.5.29.19");
/**
* CRL Number
* @deprecated use X509Extension value.
*/
public static final ASN1ObjectIdentifier CRLNumber = new ASN1ObjectIdentifier("2.5.29.20");
/**
* Reason code
* @deprecated use X509Extension value.
*/
public static final ASN1ObjectIdentifier ReasonCode = new ASN1ObjectIdentifier("2.5.29.21");
/**
* Hold Instruction Code
* @deprecated use X509Extension value.
*/
public static final ASN1ObjectIdentifier InstructionCode = new ASN1ObjectIdentifier("2.5.29.23");
/**
* Invalidity Date
* @deprecated use X509Extension value.
*/
public static final ASN1ObjectIdentifier InvalidityDate = new ASN1ObjectIdentifier("2.5.29.24");
/**
* Delta CRL indicator
* @deprecated use X509Extension value.
*/
public static final ASN1ObjectIdentifier DeltaCRLIndicator = new ASN1ObjectIdentifier("2.5.29.27");
/**
* Issuing Distribution Point
* @deprecated use X509Extension value.
*/
public static final ASN1ObjectIdentifier IssuingDistributionPoint = new ASN1ObjectIdentifier("2.5.29.28");
/**
* Certificate Issuer
* @deprecated use X509Extension value.
*/
public static final ASN1ObjectIdentifier CertificateIssuer = new ASN1ObjectIdentifier("2.5.29.29");
/**
* Name Constraints
* @deprecated use X509Extension value.
*/
public static final ASN1ObjectIdentifier NameConstraints = new ASN1ObjectIdentifier("2.5.29.30");
/**
* CRL Distribution Points
* @deprecated use X509Extension value.
*/
public static final ASN1ObjectIdentifier CRLDistributionPoints = new ASN1ObjectIdentifier("2.5.29.31");
/**
* Certificate Policies
* @deprecated use X509Extension value.
*/
public static final ASN1ObjectIdentifier CertificatePolicies = new ASN1ObjectIdentifier("2.5.29.32");
/**
* Policy Mappings
* @deprecated use X509Extension value.
*/
public static final ASN1ObjectIdentifier PolicyMappings = new ASN1ObjectIdentifier("2.5.29.33");
/**
* Authority Key Identifier
* @deprecated use X509Extension value.
*/
public static final ASN1ObjectIdentifier AuthorityKeyIdentifier = new ASN1ObjectIdentifier("2.5.29.35");
/**
* Policy Constraints
* @deprecated use X509Extension value.
*/
public static final ASN1ObjectIdentifier PolicyConstraints = new ASN1ObjectIdentifier("2.5.29.36");
/**
* Extended Key Usage
* @deprecated use X509Extension value.
*/
public static final ASN1ObjectIdentifier ExtendedKeyUsage = new ASN1ObjectIdentifier("2.5.29.37");
/**
* Freshest CRL
* @deprecated use X509Extension value.
*/
public static final ASN1ObjectIdentifier FreshestCRL = new ASN1ObjectIdentifier("2.5.29.46");
/**
* Inhibit Any Policy
* @deprecated use X509Extension value.
*/
public static final ASN1ObjectIdentifier InhibitAnyPolicy = new ASN1ObjectIdentifier("2.5.29.54");
/**
* Authority Info Access
* @deprecated use X509Extension value.
*/
public static final ASN1ObjectIdentifier AuthorityInfoAccess = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.1.1");
/**
* Subject Info Access
* @deprecated use X509Extension value.
*/
public static final ASN1ObjectIdentifier SubjectInfoAccess = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.1.11");
/**
* Logo Type
* @deprecated use X509Extension value.
*/
public static final ASN1ObjectIdentifier LogoType = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.1.12");
/**
* BiometricInfo
* @deprecated use X509Extension value.
*/
public static final ASN1ObjectIdentifier BiometricInfo = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.1.2");
/**
* QCStatements
* @deprecated use X509Extension value.
*/
public static final ASN1ObjectIdentifier QCStatements = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.1.3");
/**
* Audit identity extension in attribute certificates.
* @deprecated use X509Extension value.
*/
public static final ASN1ObjectIdentifier AuditIdentity = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.1.4");
/**
* NoRevAvail extension in attribute certificates.
* @deprecated use X509Extension value.
*/
public static final ASN1ObjectIdentifier NoRevAvail = new ASN1ObjectIdentifier("2.5.29.56");
/**
* TargetInformation extension in attribute certificates.
* @deprecated use X509Extension value.
*/
public static final ASN1ObjectIdentifier TargetInformation = new ASN1ObjectIdentifier("2.5.29.55");
private Hashtable extensions = new Hashtable();
private Vector ordering = new Vector();
public static X509Extensions getInstance(
ASN1TaggedObject obj,
boolean explicit)
{
return getInstance(ASN1Sequence.getInstance(obj, explicit));
}
public static X509Extensions getInstance(
Object obj)
{
if (obj == null || obj instanceof X509Extensions)
{
return (X509Extensions)obj;
}
if (obj instanceof ASN1Sequence)
{
return new X509Extensions((ASN1Sequence)obj);
}
if (obj instanceof Extensions)
{
return new X509Extensions((ASN1Sequence)((Extensions)obj).toASN1Primitive());
}
if (obj instanceof ASN1TaggedObject)
{
return getInstance(((ASN1TaggedObject)obj).getObject());
}
throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
}
/**
* Constructor from ASN1Sequence.
*
* the extensions are a list of constructed sequences, either with (OID, OctetString) or (OID, Boolean, OctetString)
*/
public X509Extensions(
ASN1Sequence seq)
{
Enumeration e = seq.getObjects();
while (e.hasMoreElements())
{
ASN1Sequence s = ASN1Sequence.getInstance(e.nextElement());
if (s.size() == 3)
{
extensions.put(s.getObjectAt(0), new X509Extension(ASN1Boolean.getInstance(s.getObjectAt(1)), ASN1OctetString.getInstance(s.getObjectAt(2))));
}
else if (s.size() == 2)
{
extensions.put(s.getObjectAt(0), new X509Extension(false, ASN1OctetString.getInstance(s.getObjectAt(1))));
}
else
{
throw new IllegalArgumentException("Bad sequence size: " + s.size());
}
ordering.addElement(s.getObjectAt(0));
}
}
/**
* constructor from a table of extensions.
* <p>
* it's is assumed the table contains OID/String pairs.
*/
public X509Extensions(
Hashtable extensions)
{
this(null, extensions);
}
/**
* Constructor from a table of extensions with ordering.
* <p>
* It's is assumed the table contains OID/String pairs.
* @deprecated use Extensions
*/
public X509Extensions(
Vector ordering,
Hashtable extensions)
{
Enumeration e;
if (ordering == null)
{
e = extensions.keys();
}
else
{
e = ordering.elements();
}
while (e.hasMoreElements())
{
this.ordering.addElement(ASN1ObjectIdentifier.getInstance(e.nextElement()));
}
e = this.ordering.elements();
while (e.hasMoreElements())
{
ASN1ObjectIdentifier oid = ASN1ObjectIdentifier.getInstance(e.nextElement());
X509Extension ext = (X509Extension)extensions.get(oid);
this.extensions.put(oid, ext);
}
}
/**
* Constructor from two vectors
*
* @param objectIDs a vector of the object identifiers.
* @param values a vector of the extension values.
* @deprecated use Extensions
*/
public X509Extensions(
Vector objectIDs,
Vector values)
{
Enumeration e = objectIDs.elements();
while (e.hasMoreElements())
{
this.ordering.addElement(e.nextElement());
}
int count = 0;
e = this.ordering.elements();
while (e.hasMoreElements())
{
ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement();
X509Extension ext = (X509Extension)values.elementAt(count);
this.extensions.put(oid, ext);
count++;
}
}
/**
* return an Enumeration of the extension field's object ids.
*/
public Enumeration oids()
{
return ordering.elements();
}
/**
* return the extension represented by the object identifier
* passed in.
*
* @return the extension if it's present, null otherwise.
*/
public X509Extension getExtension(
ASN1ObjectIdentifier oid)
{
return (X509Extension)extensions.get(oid);
}
/**
* <pre>
* Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
*
* Extension ::= SEQUENCE {
* extnId EXTENSION.&id ({ExtensionSet}),
* critical BOOLEAN DEFAULT FALSE,
* extnValue OCTET STRING }
* </pre>
*/
public ASN1Primitive toASN1Primitive()
{
ASN1EncodableVector vec = new ASN1EncodableVector();
Enumeration e = ordering.elements();
while (e.hasMoreElements())
{
ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement();
X509Extension ext = (X509Extension)extensions.get(oid);
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(oid);
if (ext.isCritical())
{
v.add(ASN1Boolean.TRUE);
}
v.add(ext.getValue());
vec.add(new DERSequence(v));
}
return new DERSequence(vec);
}
public boolean equivalent(
X509Extensions other)
{
if (extensions.size() != other.extensions.size())
{
return false;
}
Enumeration e1 = extensions.keys();
while (e1.hasMoreElements())
{
Object key = e1.nextElement();
if (!extensions.get(key).equals(other.extensions.get(key)))
{
return false;
}
}
return true;
}
public ASN1ObjectIdentifier[] getExtensionOIDs()
{
return toOidArray(ordering);
}
public ASN1ObjectIdentifier[] getNonCriticalExtensionOIDs()
{
return getExtensionOIDs(false);
}
public ASN1ObjectIdentifier[] getCriticalExtensionOIDs()
{
return getExtensionOIDs(true);
}
private ASN1ObjectIdentifier[] getExtensionOIDs(boolean isCritical)
{
Vector oidVec = new Vector();
for (int i = 0; i != ordering.size(); i++)
{
Object oid = ordering.elementAt(i);
if (((X509Extension)extensions.get(oid)).isCritical() == isCritical)
{
oidVec.addElement(oid);
}
}
return toOidArray(oidVec);
}
private ASN1ObjectIdentifier[] toOidArray(Vector oidVec)
{
ASN1ObjectIdentifier[] oids = new ASN1ObjectIdentifier[oidVec.size()];
for (int i = 0; i != oids.length; i++)
{
oids[i] = (ASN1ObjectIdentifier)oidVec.elementAt(i);
}
return oids;
}
}
|
