520 tmp.putBitString(signature);
521
522 // Wrap the signed data in a SEQUENCE { data, algorithm, sig }
523 out.write(DerValue.tag_Sequence, tmp);
524 signedCRL = out.toByteArray();
525 readOnly = true;
526
527 } catch (IOException e) {
528 throw new CRLException("Error while encoding data: " +
529 e.getMessage());
530 }
531 }
532
533 /**
534 * Returns a printable string of this CRL.
535 *
536 * @return value of this CRL in a printable form.
537 */
538 public String toString() {
539 StringBuilder sb = new StringBuilder();
540 sb.append("X.509 CRL v" + (version+1) + "\n");
541 if (sigAlgId != null)
542 sb.append("Signature Algorithm: " + sigAlgId.toString() +
543 ", OID=" + (sigAlgId.getOID()).toString() + "\n");
544 if (issuer != null)
545 sb.append("Issuer: " + issuer.toString() + "\n");
546 if (thisUpdate != null)
547 sb.append("\nThis Update: " + thisUpdate.toString() + "\n");
548 if (nextUpdate != null)
549 sb.append("Next Update: " + nextUpdate.toString() + "\n");
550 if (revokedList.isEmpty())
551 sb.append("\nNO certificates have been revoked\n");
552 else {
553 sb.append("\nRevoked Certificates: " + revokedList.size());
554 int i = 1;
555 for (X509CRLEntry entry: revokedList) {
556 sb.append("\n[" + i++ + "] " + entry.toString());
557 }
558 }
559 if (extensions != null) {
560 Collection<Extension> allExts = extensions.getAllExtensions();
561 Object[] objs = allExts.toArray();
562 sb.append("\nCRL Extensions: " + objs.length);
563 for (int i = 0; i < objs.length; i++) {
564 sb.append("\n[" + (i+1) + "]: ");
565 Extension ext = (Extension)objs[i];
566 try {
567 if (OIDMap.getClass(ext.getExtensionId()) == null) {
568 sb.append(ext.toString());
569 byte[] extValue = ext.getExtensionValue();
570 if (extValue != null) {
571 DerOutputStream out = new DerOutputStream();
572 out.putOctetString(extValue);
573 extValue = out.toByteArray();
574 HexDumpEncoder enc = new HexDumpEncoder();
575 sb.append("Extension unknown: "
576 + "DER encoded OCTET string =\n"
577 + enc.encodeBuffer(extValue) + "\n");
578 }
579 } else
580 sb.append(ext.toString()); // sub-class exists
581 } catch (Exception e) {
582 sb.append(", Error parsing this extension");
583 }
584 }
585 }
586 if (signature != null) {
587 HexDumpEncoder encoder = new HexDumpEncoder();
588 sb.append("\nSignature:\n" + encoder.encodeBuffer(signature)
589 + "\n");
590 } else
591 sb.append("NOT signed yet\n");
592 return sb.toString();
593 }
594
595 /**
596 * Checks whether the given certificate is on this CRL.
597 *
598 * @param cert the certificate to check for.
599 * @return true if the given certificate is on this CRL,
600 * false otherwise.
601 */
602 public boolean isRevoked(Certificate cert) {
603 if (revokedMap.isEmpty() || (!(cert instanceof X509Certificate))) {
604 return false;
605 }
606 X509Certificate xcert = (X509Certificate) cert;
607 X509IssuerSerial issuerSerial = new X509IssuerSerial(xcert);
608 return revokedMap.containsKey(issuerSerial);
609 }
|
520 tmp.putBitString(signature);
521
522 // Wrap the signed data in a SEQUENCE { data, algorithm, sig }
523 out.write(DerValue.tag_Sequence, tmp);
524 signedCRL = out.toByteArray();
525 readOnly = true;
526
527 } catch (IOException e) {
528 throw new CRLException("Error while encoding data: " +
529 e.getMessage());
530 }
531 }
532
533 /**
534 * Returns a printable string of this CRL.
535 *
536 * @return value of this CRL in a printable form.
537 */
538 public String toString() {
539 StringBuilder sb = new StringBuilder();
540 sb.append("X.509 CRL v").append(version + 1).append('\n');
541 if (sigAlgId != null)
542 sb.append("Signature Algorithm: ").append(sigAlgId.toString())
543 .append(", OID=")
544 .append((sigAlgId.getOID()).toString()).append('\n');
545 if (issuer != null)
546 sb.append("Issuer: ").append(issuer.toString()).append('\n');
547 if (thisUpdate != null)
548 sb.append("\nThis Update: ").append(thisUpdate.toString()).append('\n');
549 if (nextUpdate != null)
550 sb.append("Next Update: ").append(nextUpdate.toString()).append('\n');
551 if (revokedList.isEmpty())
552 sb.append("\nNO certificates have been revoked\n");
553 else {
554 sb.append("\nRevoked Certificates: ").append(revokedList.size());
555 int i = 1;
556 for (X509CRLEntry entry: revokedList) {
557 sb.append("\n[").append(i++).append("] ").append(entry.toString());
558 }
559 }
560 if (extensions != null) {
561 Collection<Extension> allExts = extensions.getAllExtensions();
562 Object[] objs = allExts.toArray();
563 sb.append("\nCRL Extensions: ").append(objs.length);
564 for (int i = 0; i < objs.length; i++) {
565 sb.append("\n[").append(i + 1).append("]: ");
566 Extension ext = (Extension)objs[i];
567 try {
568 if (OIDMap.getClass(ext.getExtensionId()) == null) {
569 sb.append(ext.toString());
570 byte[] extValue = ext.getExtensionValue();
571 if (extValue != null) {
572 DerOutputStream out = new DerOutputStream();
573 out.putOctetString(extValue);
574 extValue = out.toByteArray();
575 HexDumpEncoder enc = new HexDumpEncoder();
576 sb.append("Extension unknown: " + "DER encoded OCTET string =\n")
577 .append(enc.encodeBuffer(extValue)).append('\n');
578 }
579 } else
580 sb.append(ext.toString()); // sub-class exists
581 } catch (Exception e) {
582 sb.append(", Error parsing this extension");
583 }
584 }
585 }
586 if (signature != null) {
587 HexDumpEncoder encoder = new HexDumpEncoder();
588 sb.append("\nSignature:\n").append(encoder.encodeBuffer(signature)).append('\n');
589 } else
590 sb.append("NOT signed yet\n");
591 return sb.toString();
592 }
593
594 /**
595 * Checks whether the given certificate is on this CRL.
596 *
597 * @param cert the certificate to check for.
598 * @return true if the given certificate is on this CRL,
599 * false otherwise.
600 */
601 public boolean isRevoked(Certificate cert) {
602 if (revokedMap.isEmpty() || (!(cert instanceof X509Certificate))) {
603 return false;
604 }
605 X509Certificate xcert = (X509Certificate) cert;
606 X509IssuerSerial issuerSerial = new X509IssuerSerial(xcert);
607 return revokedMap.containsKey(issuerSerial);
608 }
|