package org.bouncycastle.jce.provider;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.security.cert.CertPath;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactorySpi;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.BERInputStream;
import org.bouncycastle.asn1.DERInputStream;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.SignedData;
import org.bouncycastle.asn1.x509.CertificateList;
import org.bouncycastle.asn1.x509.X509CertificateStructure;
import org.bouncycastle.util.encoders.Base64;
/**
* class for dealing with X509 certificates.
* <p>
* At the moment this will deal with "-----BEGIN CERTIFICATE-----" to "-----END CERTIFICATE-----"
* base 64 encoded certs, as well as the BER binaries of certificates and some classes of PKCS#7
* objects.
*/
public class JDKX509CertificateFactory
extends CertificateFactorySpi
{
private SignedData sData = null;
private int sDataObjectCount = 0;
private String readLine(
InputStream in)
throws IOException
{
int c;
StringBuffer l = new StringBuffer();
while (((c = in.read()) != '\n') && (c >= 0))
{
if (c == '\r')
{
continue;
}
l.append((char)c);
}
if (c < 0)
{
return null;
}
return l.toString();
}
private Certificate readDERCertificate(
InputStream in)
throws IOException
{
DERInputStream dIn = new DERInputStream(in);
ASN1Sequence seq = (ASN1Sequence)dIn.readObject();
if (seq.size() > 1
&& seq.getObjectAt(0) instanceof DERObjectIdentifier)
{
if (seq.getObjectAt(0).equals(PKCSObjectIdentifiers.signedData))
{
sData = new SignedData(ASN1Sequence.getInstance(
(ASN1TaggedObject)seq.getObjectAt(1), true));
return new X509CertificateObject(
X509CertificateStructure.getInstance(
sData.getCertificates().getObjectAt(sDataObjectCount++)));
}
}
return new X509CertificateObject(
X509CertificateStructure.getInstance(seq));
}
/**
* read in a BER encoded PKCS7 certificate.
*/
private Certificate readPKCS7Certificate(
InputStream in)
throws IOException
{
BERInputStream dIn = new BERInputStream(in);
ASN1Sequence seq = (ASN1Sequence)dIn.readObject();
if (seq.size() > 1
&& seq.getObjectAt(0) instanceof DERObjectIdentifier)
{
if (seq.getObjectAt(0).equals(PKCSObjectIdentifiers.signedData))
{
sData = new SignedData(ASN1Sequence.getInstance(
(ASN1TaggedObject)seq.getObjectAt(1), true));
return new X509CertificateObject(
X509CertificateStructure.getInstance(
sData.getCertificates().getObjectAt(sDataObjectCount++)));
}
}
return new X509CertificateObject(
X509CertificateStructure.getInstance(seq));
}
private Certificate readPEMCertificate(
InputStream in)
throws IOException
{
String line;
StringBuffer pemBuf = new StringBuffer();
while ((line = readLine(in)) != null)
{
if (line.equals("-----BEGIN CERTIFICATE-----")
|| line.equals("-----BEGIN X509 CERTIFICATE-----"))
{
break;
}
}
while ((line = readLine(in)) != null)
{
if (line.equals("-----END CERTIFICATE-----")
|| line.equals("-----END X509 CERTIFICATE-----"))
{
break;
}
pemBuf.append(line);
}
if (pemBuf.length() != 0)
{
ByteArrayInputStream bIn = new ByteArrayInputStream(Base64.decode(pemBuf.toString()));
return readDERCertificate(bIn);
}
return null;
}
private CRL readDERCRL(
InputStream in)
throws IOException
{
DERInputStream dIn = new DERInputStream(in);
return new X509CRLObject(new CertificateList((ASN1Sequence)dIn.readObject()));
}
private CRL readPEMCRL(
InputStream in)
throws IOException
{
String line;
StringBuffer pemBuf = new StringBuffer();
while ((line = readLine(in)) != null)
{
if (line.equals("-----BEGIN CRL-----")
|| line.equals("-----BEGIN X509 CRL-----"))
{
break;
}
}
while ((line = readLine(in)) != null)
{
if (line.equals("-----END CRL-----")
|| line.equals("-----END X509 CRL-----"))
{
break;
}
pemBuf.append(line);
}
if (pemBuf.length() != 0)
{
ByteArrayInputStream bIn = new ByteArrayInputStream(Base64.decode(pemBuf.toString()));
return readDERCRL(bIn);
}
return null;
}
/**
* Generates a certificate object and initializes it with the data
* read from the input stream inStream.
*/
public Certificate engineGenerateCertificate(
InputStream in)
throws CertificateException
{
if (sData != null && sDataObjectCount != sData.getCertificates().size())
{
return new X509CertificateObject(
X509CertificateStructure.getInstance(
sData.getCertificates().getObjectAt(sDataObjectCount++)));
}
if (!in.markSupported())
{
in = new BufferedInputStream(in);
}
try
{
in.mark(10);
int tag = in.read();
if (tag == -1)
{
return null;
}
if (tag != 0x30) // assume ascii PEM encoded.
{
in.reset();
return readPEMCertificate(in);
}
else if (in.read() == 0x80) // assume BER encoded.
{
in.reset();
return readPKCS7Certificate(in);
}
else
{
in.reset();
return readDERCertificate(in);
}
}
catch (IOException e)
{
throw new CertificateException(e.toString());
}
}
/**
* Returns a (possibly empty) collection view of the certificates
* read from the given input stream inStream.
*/
public Collection engineGenerateCertificates(
InputStream inStream)
throws CertificateException
{
Certificate cert;
ArrayList certs = new ArrayList();
while ((cert = engineGenerateCertificate(inStream)) != null)
{
certs.add(cert);
}
return certs;
}
/**
* Generates a certificate revocation list (CRL) object and initializes
* it with the data read from the input stream inStream.
*/
public CRL engineGenerateCRL(
InputStream inStream)
throws CRLException
{
if (!inStream.markSupported())
{
inStream = new BufferedInputStream(inStream);
}
try
{
inStream.mark(10);
if (inStream.read() != 0x30) // assume ascii PEM encoded.
{
inStream.reset();
return readPEMCRL(inStream);
}
else
{
inStream.reset();
return readDERCRL(inStream);
}
}
catch (IOException e)
{
throw new CRLException(e.toString());
}
}
/**
* Returns a (possibly empty) collection view of the CRLs read from
* the given input stream inStream.
*
* The inStream may contain a sequence of DER-encoded CRLs, or
* a PKCS#7 CRL set. This is a PKCS#7 SignedData object, with the
* only signficant field being crls. In particular the signature
* and the contents are ignored.
*/
public Collection engineGenerateCRLs(
InputStream inStream)
throws CRLException
{
return null;
}
public Iterator engineGetCertPathEncodings()
{
return PKIXCertPath.certPathEncodings.iterator();
}
public CertPath engineGenerateCertPath(
InputStream inStream)
throws CertificateException
{
return engineGenerateCertPath( inStream, "PkiPath" );
}
public CertPath engineGenerateCertPath(
InputStream inStream,
String encoding)
throws CertificateException
{
return new PKIXCertPath( inStream, encoding );
}
public CertPath engineGenerateCertPath(
List certificates)
throws CertificateException
{
Iterator iter = certificates.iterator();
Object obj;
while ( iter.hasNext() )
{
obj = iter.next();
if ( obj != null ) {
if ( ! ( obj instanceof X509Certificate ) )
{
throw new CertificateException( "list contains none X509Certificate object while creating CertPath\n" + obj.toString() );
}
}
}
return new PKIXCertPath( certificates );
}
}