// // Decompiled by Procyon v0.6.0 // package org.bouncycastle.pkix.jcajce; import org.bouncycastle.asn1.x509.IssuingDistributionPoint; import org.bouncycastle.asn1.x500.style.RFC4519Style; import java.security.interfaces.DSAParams; import java.security.spec.KeySpec; import java.security.spec.DSAPublicKeySpec; import java.security.cert.CertPathValidatorException; import java.security.interfaces.DSAPublicKey; import java.security.PublicKey; import org.bouncycastle.jcajce.util.JcaJceHelper; import java.util.HashSet; import java.security.cert.CRLSelector; import org.bouncycastle.jcajce.PKIXCRLStoreSelector; import java.math.BigInteger; import org.bouncycastle.asn1.ASN1Integer; import javax.security.auth.x500.X500Principal; import java.security.cert.X509CRLEntry; import org.bouncycastle.asn1.ASN1Enumerated; import org.bouncycastle.asn1.x509.Extension; import java.security.cert.X509Certificate; import java.security.cert.CRLException; import java.security.cert.X509CRL; import java.io.IOException; import org.bouncycastle.asn1.x500.X500Name; import java.security.cert.X509CRLSelector; import org.bouncycastle.asn1.x509.DistributionPointName; import org.bouncycastle.asn1.x509.DistributionPoint; import org.bouncycastle.asn1.x509.GeneralNames; import java.util.ArrayList; import java.util.Collections; import org.bouncycastle.jcajce.PKIXCRLStore; import org.bouncycastle.asn1.x509.GeneralName; import java.util.Map; import org.bouncycastle.asn1.x509.CRLDistPoint; import java.util.Iterator; import java.security.cert.CertStoreException; import java.security.cert.Certificate; import java.security.cert.CertStore; import org.bouncycastle.util.StoreException; import java.util.Collection; import org.bouncycastle.util.Selector; import org.bouncycastle.util.Store; import java.util.List; import org.bouncycastle.jcajce.PKIXCertStoreSelector; import java.util.Set; import org.bouncycastle.asn1.ASN1OctetString; import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import java.security.cert.X509Extension; import java.util.Date; import org.bouncycastle.jcajce.PKIXExtendedParameters; class RevocationUtilities { protected static final String ISSUING_DISTRIBUTION_POINT; protected static Date getValidityDate(final PKIXExtendedParameters pkixExtendedParameters, final Date date) { final Date validityDate = pkixExtendedParameters.getValidityDate(); return (null == validityDate) ? date : validityDate; } protected static ASN1Primitive getExtensionValue(final X509Extension x509Extension, final ASN1ObjectIdentifier asn1ObjectIdentifier) throws AnnotatedException { final byte[] extensionValue = x509Extension.getExtensionValue(asn1ObjectIdentifier.getId()); return (null == extensionValue) ? null : getObject(asn1ObjectIdentifier, extensionValue); } private static ASN1Primitive getObject(final ASN1ObjectIdentifier obj, final byte[] array) throws AnnotatedException { try { return ASN1Primitive.fromByteArray(ASN1OctetString.getInstance(array).getOctets()); } catch (final Exception ex) { throw new AnnotatedException("exception processing extension " + obj, ex); } } protected static void findCertificates(final Set set, final PKIXCertStoreSelector pkixCertStoreSelector, final List list) throws AnnotatedException { for (final Object next : list) { if (next instanceof Store) { final Store store = (Store)next; try { set.addAll(store.getMatches(pkixCertStoreSelector)); } catch (final StoreException ex) { throw new AnnotatedException("Problem while picking certificates from X.509 store.", ex); } } else { final CertStore certStore = (CertStore)next; try { set.addAll(PKIXCertStoreSelector.getCertificates(pkixCertStoreSelector, certStore)); } catch (final CertStoreException ex2) { throw new AnnotatedException("Problem while picking certificates from certificate store.", ex2); } } } } static List getAdditionalStoresFromCRLDistributionPoint(final CRLDistPoint crlDistPoint, final Map map) throws AnnotatedException { if (crlDistPoint == null) { return (List)Collections.emptyList(); } DistributionPoint[] distributionPoints; try { distributionPoints = crlDistPoint.getDistributionPoints(); } catch (final Exception ex) { throw new AnnotatedException("Distribution points could not be read.", ex); } final ArrayList list = new ArrayList(); final DistributionPoint[] array = distributionPoints; for (int length = array.length, i = 0; i < length; ++i) { final DistributionPointName distributionPoint = array[i].getDistributionPoint(); if (distributionPoint != null && distributionPoint.getType() == 0) { final GeneralName[] names = GeneralNames.getInstance(distributionPoint.getName()).getNames(); for (int length2 = names.length, j = 0; j < length2; ++j) { final PKIXCRLStore pkixcrlStore = map.get(names[j]); if (pkixcrlStore != null) { list.add(pkixcrlStore); } } } } return list; } protected static void getCRLIssuersFromDistributionPoint(final DistributionPoint distributionPoint, final Collection collection, final X509CRLSelector x509CRLSelector) throws AnnotatedException { final ArrayList list = new ArrayList(); if (distributionPoint.getCRLIssuer() != null) { final GeneralName[] names = distributionPoint.getCRLIssuer().getNames(); for (int i = 0; i < names.length; ++i) { if (names[i].getTagNo() == 4) { try { list.add(X500Name.getInstance(names[i].getName())); } catch (final IllegalArgumentException ex) { throw new AnnotatedException("CRL issuer information from distribution point cannot be decoded.", ex); } } } } else { if (distributionPoint.getDistributionPoint() == null) { throw new AnnotatedException("CRL issuer is omitted from distribution point but no distributionPoint field present."); } final Iterator iterator = collection.iterator(); while (iterator.hasNext()) { list.add(iterator.next()); } } final Iterator iterator2 = list.iterator(); while (iterator2.hasNext()) { try { x509CRLSelector.addIssuerName(((X500Name)iterator2.next()).getEncoded()); continue; } catch (final IOException ex2) { throw new AnnotatedException("Cannot decode CRL issuer information.", ex2); } break; } } protected static void getCertStatus(final Date date, final X509CRL x509CRL, final Object o, final CertStatus certStatus) throws AnnotatedException { boolean indirectCRL; try { indirectCRL = isIndirectCRL(x509CRL); } catch (final CRLException ex) { throw new AnnotatedException("Failed check for indirect CRL.", ex); } final X509Certificate x509Certificate = (X509Certificate)o; final X500Name issuer = getIssuer(x509Certificate); if (!indirectCRL && !issuer.equals(getIssuer(x509CRL))) { return; } final X509CRLEntry revokedCertificate = x509CRL.getRevokedCertificate(x509Certificate.getSerialNumber()); if (null == revokedCertificate) { return; } if (indirectCRL) { final X500Principal certificateIssuer = revokedCertificate.getCertificateIssuer(); X500Name x500Name; if (null == certificateIssuer) { x500Name = getIssuer(x509CRL); } else { x500Name = getX500Name(certificateIssuer); } if (!issuer.equals(x500Name)) { return; } } int intValueExact = 0; if (revokedCertificate.hasExtensions()) { try { final ASN1Enumerated instance = ASN1Enumerated.getInstance(getExtensionValue(revokedCertificate, Extension.reasonCode)); if (null != instance) { intValueExact = instance.intValueExact(); } } catch (final Exception ex2) { throw new AnnotatedException("Reason code CRL entry extension could not be decoded.", ex2); } } final Date revocationDate = revokedCertificate.getRevocationDate(); if (date.before(revocationDate)) { switch (intValueExact) { case 0: case 1: case 2: case 10: { break; } default: { return; } } } certStatus.setCertStatus(intValueExact); certStatus.setRevocationDate(revocationDate); } protected static Set getDeltaCRLs(final Date date, final X509CRL x509CRL, final List list, final List list2) throws AnnotatedException { final X509CRLSelector x509CRLSelector = new X509CRLSelector(); try { x509CRLSelector.addIssuerName(x509CRL.getIssuerX500Principal().getEncoded()); } catch (final IOException ex) { throw new AnnotatedException("cannot extract issuer from CRL.", ex); } BigInteger positiveValue = null; try { final ASN1Primitive extensionValue = getExtensionValue(x509CRL, Extension.cRLNumber); if (extensionValue != null) { positiveValue = ASN1Integer.getInstance(extensionValue).getPositiveValue(); } } catch (final Exception ex2) { throw new AnnotatedException("cannot extract CRL number extension from CRL", ex2); } byte[] extensionValue2; try { extensionValue2 = x509CRL.getExtensionValue(RevocationUtilities.ISSUING_DISTRIBUTION_POINT); } catch (final Exception ex3) { throw new AnnotatedException("issuing distribution point extension value could not be read", ex3); } x509CRLSelector.setMinCRLNumber((positiveValue == null) ? null : positiveValue.add(BigInteger.valueOf(1L))); final PKIXCRLStoreSelector.Builder builder = new PKIXCRLStoreSelector.Builder(x509CRLSelector); builder.setIssuingDistributionPoint(extensionValue2); builder.setIssuingDistributionPointEnabled(true); builder.setMaxBaseCRLNumber(positiveValue); final Set crLs = PKIXCRLUtil.findCRLs(builder.build(), date, list, list2); final HashSet set = new HashSet(); for (final X509CRL x509CRL2 : crLs) { if (isDeltaCRL(x509CRL2)) { set.add(x509CRL2); } } return set; } private static boolean isDeltaCRL(final X509CRL x509CRL) { final Set criticalExtensionOIDs = x509CRL.getCriticalExtensionOIDs(); return null != criticalExtensionOIDs && criticalExtensionOIDs.contains(RFC3280CertPathUtilities.DELTA_CRL_INDICATOR); } protected static Set getCompleteCRLs(final DistributionPoint distributionPoint, final Object o, final Date date, final List list, final List list2) throws AnnotatedException, CRLNotFoundException { final X509CRLSelector x509CRLSelector = new X509CRLSelector(); try { final HashSet set = new HashSet(); set.add(getIssuer((X509Certificate)o)); getCRLIssuersFromDistributionPoint(distributionPoint, set, x509CRLSelector); } catch (final AnnotatedException ex) { throw new AnnotatedException("Could not get issuer information from distribution point.", ex); } if (o instanceof X509Certificate) { x509CRLSelector.setCertificateChecking((X509Certificate)o); } final Set crLs = PKIXCRLUtil.findCRLs(new PKIXCRLStoreSelector.Builder(x509CRLSelector).setCompleteCRLEnabled(true).build(), date, list, list2); checkCRLsNotEmpty(crLs, o); return crLs; } protected static PublicKey getNextWorkingKey(final List list, final int n, final JcaJceHelper jcaJceHelper) throws CertPathValidatorException { final PublicKey publicKey = list.get(n).getPublicKey(); if (!(publicKey instanceof DSAPublicKey)) { return publicKey; } final DSAPublicKey dsaPublicKey = (DSAPublicKey)publicKey; if (dsaPublicKey.getParams() != null) { return dsaPublicKey; } for (int i = n + 1; i < list.size(); ++i) { final PublicKey publicKey2 = list.get(i).getPublicKey(); if (!(publicKey2 instanceof DSAPublicKey)) { throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate."); } final DSAPublicKey dsaPublicKey2 = (DSAPublicKey)publicKey2; if (dsaPublicKey2.getParams() != null) { final DSAParams params = dsaPublicKey2.getParams(); final DSAPublicKeySpec keySpec = new DSAPublicKeySpec(dsaPublicKey.getY(), params.getP(), params.getQ(), params.getG()); try { return jcaJceHelper.createKeyFactory("DSA").generatePublic(keySpec); } catch (final Exception ex) { throw new RuntimeException(ex.getMessage()); } } } throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate."); } static void checkCRLsNotEmpty(final Set set, final Object o) throws CRLNotFoundException { if (set.isEmpty()) { throw new CRLNotFoundException("No CRLs found for issuer \"" + RFC4519Style.INSTANCE.toString(getIssuer((X509Certificate)o)) + "\""); } } public static boolean isIndirectCRL(final X509CRL x509CRL) throws CRLException { try { final byte[] extensionValue = x509CRL.getExtensionValue(Extension.issuingDistributionPoint.getId()); return extensionValue != null && IssuingDistributionPoint.getInstance(ASN1OctetString.getInstance(extensionValue).getOctets()).isIndirectCRL(); } catch (final Exception cause) { throw new CRLException("exception reading IssuingDistributionPoint", cause); } } private static X500Name getIssuer(final X509Certificate x509Certificate) { return getX500Name(x509Certificate.getIssuerX500Principal()); } private static X500Name getIssuer(final X509CRL x509CRL) { return getX500Name(x509CRL.getIssuerX500Principal()); } private static X500Name getX500Name(final X500Principal x500Principal) { return X500Name.getInstance(x500Principal.getEncoded()); } static { ISSUING_DISTRIBUTION_POINT = Extension.issuingDistributionPoint.getId(); } }