1 package org.bouncycastle.cert; 2 3 import java.io.IOException; 4 import java.io.OutputStream; 5 import java.math.BigInteger; 6 import java.util.Date; 7 import java.util.List; 8 import java.util.Set; 9 10 import org.bouncycastle.asn1.ASN1ObjectIdentifier; 11 import org.bouncycastle.asn1.ASN1Primitive; 12 import org.bouncycastle.asn1.DEROutputStream; 13 import org.bouncycastle.asn1.x500.X500Name; 14 import org.bouncycastle.asn1.x509.AlgorithmIdentifier; 15 import org.bouncycastle.asn1.x509.Certificate; 16 import org.bouncycastle.asn1.x509.Extension; 17 import org.bouncycastle.asn1.x509.Extensions; 18 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; 19 import org.bouncycastle.asn1.x509.TBSCertificate; 20 import org.bouncycastle.operator.ContentVerifier; 21 import org.bouncycastle.operator.ContentVerifierProvider; 22 import org.bouncycastle.util.Encodable; 23 24 /** 25 * Holding class for an X.509 Certificate structure. 26 */ 27 public class X509CertificateHolder 28 implements Encodable 29 { 30 private Certificate x509Certificate; 31 private Extensions extensions; 32 parseBytes(byte[] certEncoding)33 private static Certificate parseBytes(byte[] certEncoding) 34 throws IOException 35 { 36 try 37 { 38 return Certificate.getInstance(ASN1Primitive.fromByteArray(certEncoding)); 39 } 40 catch (ClassCastException e) 41 { 42 throw new CertIOException("malformed data: " + e.getMessage(), e); 43 } 44 catch (IllegalArgumentException e) 45 { 46 throw new CertIOException("malformed data: " + e.getMessage(), e); 47 } 48 } 49 50 /** 51 * Create a X509CertificateHolder from the passed in bytes. 52 * 53 * @param certEncoding BER/DER encoding of the certificate. 54 * @throws IOException in the event of corrupted data, or an incorrect structure. 55 */ X509CertificateHolder(byte[] certEncoding)56 public X509CertificateHolder(byte[] certEncoding) 57 throws IOException 58 { 59 this(parseBytes(certEncoding)); 60 } 61 62 /** 63 * Create a X509CertificateHolder from the passed in ASN.1 structure. 64 * 65 * @param x509Certificate an ASN.1 Certificate structure. 66 */ X509CertificateHolder(Certificate x509Certificate)67 public X509CertificateHolder(Certificate x509Certificate) 68 { 69 this.x509Certificate = x509Certificate; 70 this.extensions = x509Certificate.getTBSCertificate().getExtensions(); 71 } 72 getVersionNumber()73 public int getVersionNumber() 74 { 75 return x509Certificate.getVersionNumber(); 76 } 77 78 /** 79 * @deprecated use getVersionNumber 80 */ getVersion()81 public int getVersion() 82 { 83 return x509Certificate.getVersionNumber(); 84 } 85 86 /** 87 * Return whether or not the holder's certificate contains extensions. 88 * 89 * @return true if extension are present, false otherwise. 90 */ hasExtensions()91 public boolean hasExtensions() 92 { 93 return extensions != null; 94 } 95 96 /** 97 * Look up the extension associated with the passed in OID. 98 * 99 * @param oid the OID of the extension of interest. 100 * 101 * @return the extension if present, null otherwise. 102 */ getExtension(ASN1ObjectIdentifier oid)103 public Extension getExtension(ASN1ObjectIdentifier oid) 104 { 105 if (extensions != null) 106 { 107 return extensions.getExtension(oid); 108 } 109 110 return null; 111 } 112 113 /** 114 * Return the extensions block associated with this certificate if there is one. 115 * 116 * @return the extensions block, null otherwise. 117 */ getExtensions()118 public Extensions getExtensions() 119 { 120 return extensions; 121 } 122 123 /** 124 * Returns a list of ASN1ObjectIdentifier objects representing the OIDs of the 125 * extensions contained in this holder's certificate. 126 * 127 * @return a list of extension OIDs. 128 */ getExtensionOIDs()129 public List getExtensionOIDs() 130 { 131 return CertUtils.getExtensionOIDs(extensions); 132 } 133 134 /** 135 * Returns a set of ASN1ObjectIdentifier objects representing the OIDs of the 136 * critical extensions contained in this holder's certificate. 137 * 138 * @return a set of critical extension OIDs. 139 */ getCriticalExtensionOIDs()140 public Set getCriticalExtensionOIDs() 141 { 142 return CertUtils.getCriticalExtensionOIDs(extensions); 143 } 144 145 /** 146 * Returns a set of ASN1ObjectIdentifier objects representing the OIDs of the 147 * non-critical extensions contained in this holder's certificate. 148 * 149 * @return a set of non-critical extension OIDs. 150 */ getNonCriticalExtensionOIDs()151 public Set getNonCriticalExtensionOIDs() 152 { 153 return CertUtils.getNonCriticalExtensionOIDs(extensions); 154 } 155 156 /** 157 * Return the serial number of this attribute certificate. 158 * 159 * @return the serial number. 160 */ getSerialNumber()161 public BigInteger getSerialNumber() 162 { 163 return x509Certificate.getSerialNumber().getValue(); 164 } 165 166 /** 167 * Return the issuer of this certificate. 168 * 169 * @return the certificate issuer. 170 */ getIssuer()171 public X500Name getIssuer() 172 { 173 return X500Name.getInstance(x509Certificate.getIssuer()); 174 } 175 176 /** 177 * Return the subject this certificate is for. 178 * 179 * @return the subject for the certificate. 180 */ getSubject()181 public X500Name getSubject() 182 { 183 return X500Name.getInstance(x509Certificate.getSubject()); 184 } 185 186 /** 187 * Return the date before which this certificate is not valid. 188 * 189 * @return the start time for the certificate's validity period. 190 */ getNotBefore()191 public Date getNotBefore() 192 { 193 return x509Certificate.getStartDate().getDate(); 194 } 195 196 /** 197 * Return the date after which this certificate is not valid. 198 * 199 * @return the final time for the certificate's validity period. 200 */ getNotAfter()201 public Date getNotAfter() 202 { 203 return x509Certificate.getEndDate().getDate(); 204 } 205 206 /** 207 * Return the SubjectPublicKeyInfo describing the public key this certificate is carrying. 208 * 209 * @return the public key ASN.1 structure contained in the certificate. 210 */ getSubjectPublicKeyInfo()211 public SubjectPublicKeyInfo getSubjectPublicKeyInfo() 212 { 213 return x509Certificate.getSubjectPublicKeyInfo(); 214 } 215 216 /** 217 * Return the underlying ASN.1 structure for the certificate in this holder. 218 * 219 * @return a Certificate object. 220 */ toASN1Structure()221 public Certificate toASN1Structure() 222 { 223 return x509Certificate; 224 } 225 226 /** 227 * Return the details of the signature algorithm used to create this attribute certificate. 228 * 229 * @return the AlgorithmIdentifier describing the signature algorithm used to create this attribute certificate. 230 */ getSignatureAlgorithm()231 public AlgorithmIdentifier getSignatureAlgorithm() 232 { 233 return x509Certificate.getSignatureAlgorithm(); 234 } 235 236 /** 237 * Return the bytes making up the signature associated with this attribute certificate. 238 * 239 * @return the attribute certificate signature bytes. 240 */ getSignature()241 public byte[] getSignature() 242 { 243 return x509Certificate.getSignature().getBytes(); 244 } 245 246 /** 247 * Return whether or not this certificate is valid on a particular date. 248 * 249 * @param date the date of interest. 250 * @return true if the certificate is valid, false otherwise. 251 */ isValidOn(Date date)252 public boolean isValidOn(Date date) 253 { 254 return !date.before(x509Certificate.getStartDate().getDate()) && !date.after(x509Certificate.getEndDate().getDate()); 255 } 256 257 /** 258 * Validate the signature on the certificate in this holder. 259 * 260 * @param verifierProvider a ContentVerifierProvider that can generate a verifier for the signature. 261 * @return true if the signature is valid, false otherwise. 262 * @throws CertException if the signature cannot be processed or is inappropriate. 263 */ isSignatureValid(ContentVerifierProvider verifierProvider)264 public boolean isSignatureValid(ContentVerifierProvider verifierProvider) 265 throws CertException 266 { 267 TBSCertificate tbsCert = x509Certificate.getTBSCertificate(); 268 269 if (!CertUtils.isAlgIdEqual(tbsCert.getSignature(), x509Certificate.getSignatureAlgorithm())) 270 { 271 throw new CertException("signature invalid - algorithm identifier mismatch"); 272 } 273 274 ContentVerifier verifier; 275 276 try 277 { 278 verifier = verifierProvider.get((tbsCert.getSignature())); 279 280 OutputStream sOut = verifier.getOutputStream(); 281 DEROutputStream dOut = new DEROutputStream(sOut); 282 283 dOut.writeObject(tbsCert); 284 285 sOut.close(); 286 } 287 catch (Exception e) 288 { 289 throw new CertException("unable to process signature: " + e.getMessage(), e); 290 } 291 292 return verifier.verify(x509Certificate.getSignature().getBytes()); 293 } 294 equals( Object o)295 public boolean equals( 296 Object o) 297 { 298 if (o == this) 299 { 300 return true; 301 } 302 303 if (!(o instanceof X509CertificateHolder)) 304 { 305 return false; 306 } 307 308 X509CertificateHolder other = (X509CertificateHolder)o; 309 310 return this.x509Certificate.equals(other.x509Certificate); 311 } 312 hashCode()313 public int hashCode() 314 { 315 return this.x509Certificate.hashCode(); 316 } 317 318 /** 319 * Return the ASN.1 encoding of this holder's certificate. 320 * 321 * @return a DER encoded byte array. 322 * @throws IOException if an encoding cannot be generated. 323 */ getEncoded()324 public byte[] getEncoded() 325 throws IOException 326 { 327 return x509Certificate.getEncoded(); 328 } 329 } 330