PublicCaInfo.java

/*
 *
 * Copyright (c) 2013 - 2017 Lijun Liao
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License version 3
 * as published by the Free Software Foundation with the addition of the
 * following permission added to Section 15 as permitted in Section 7(a):
 *
 * FOR ANY PART OF THE COVERED WORK IN WHICH THE COPYRIGHT IS OWNED BY
 * THE AUTHOR LIJUN LIAO. LIJUN LIAO DISCLAIMS THE WARRANTY OF NON INFRINGEMENT
 * OF THIRD PARTY RIGHTS.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 *
 * The interactive user interfaces in modified source and object code versions
 * of this program must display Appropriate Legal Notices, as required under
 * Section 5 of the GNU Affero General Public License.
 *
 * You can be released from the requirements of the license by purchasing
 * a commercial license. Buying such a license is mandatory as soon as you
 * develop commercial activities involving the XiPKI software without
 * disclosing the source code of your own applications.
 *
 * For more information, please contact Lijun Liao at this
 * address: lijun.liao@gmail.com
 */

package org.xipki.pki.ca.server.impl;

import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;

import javax.security.auth.x500.X500Principal;

import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.x509.extension.X509ExtensionUtil;
import org.xipki.commons.common.util.CollectionUtil;
import org.xipki.commons.common.util.ParamUtil;
import org.xipki.commons.security.X509Cert;
import org.xipki.commons.security.util.X509Util;
import org.xipki.pki.ca.api.OperationException;
import org.xipki.pki.ca.api.OperationException.ErrorCode;

/**
 * @author Lijun Liao
 * @since 2.0.0
 */

class PublicCaInfo {

    private final X500Principal subject;

    private final X500Name x500Subject;

    private final String c14nSubject;

    private final byte[] subjectKeyIdentifier;

    private final GeneralNames subjectAltName;

    private final BigInteger serialNumber;

    private final X509Cert caCertificate;

    private X509Certificate crlSignerCertificate;

    private final List<String> caCertUris;

    private final List<String> ocspUris;

    private final List<String> crlUris;

    private final List<String> deltaCrlUris;

    PublicCaInfo(final X509Certificate caCertificate, final List<String> caCertUris,
            final List<String> ocspUris, final List<String> crlUris,
            final List<String> deltaCrlUris) throws OperationException {
        ParamUtil.requireNonNull("caCertificate", caCertificate);

        this.caCertificate = new X509Cert(caCertificate);
        this.serialNumber = caCertificate.getSerialNumber();
        this.subject = caCertificate.getSubjectX500Principal();
        this.x500Subject = X500Name.getInstance(subject.getEncoded());
        this.c14nSubject = X509Util.canonicalizName(x500Subject);
        try {
            this.subjectKeyIdentifier = X509Util.extractSki(caCertificate);
        } catch (CertificateEncodingException ex) {
            throw new OperationException(ErrorCode.INVALID_EXTENSION, ex);
        }
        this.caCertUris = CollectionUtil.unmodifiableList(caCertUris);
        this.ocspUris = CollectionUtil.unmodifiableList(ocspUris);
        this.crlUris = CollectionUtil.unmodifiableList(crlUris);
        this.deltaCrlUris = CollectionUtil.unmodifiableList(deltaCrlUris);

        byte[] encodedSubjectAltName = caCertificate.getExtensionValue(
                Extension.subjectAlternativeName.getId());
        if (encodedSubjectAltName == null) {
            subjectAltName = null;
        } else {
            try {
                subjectAltName = GeneralNames.getInstance(
                        X509ExtensionUtil.fromExtensionValue(encodedSubjectAltName));
            } catch (IOException ex) {
                throw new OperationException(ErrorCode.INVALID_EXTENSION,
                        "invalid SubjectAltName extension in CA certificate");
            }
        }
    } // constructor

    PublicCaInfo(final X500Name subject, final BigInteger serialNumber,
            final GeneralNames subjectAltName, final byte[] subjectKeyIdentifier,
            final List<String> caCertUris, final List<String> ocspUris, final List<String> crlUris,
            final List<String> deltaCrlUris) throws OperationException {
        this.x500Subject = ParamUtil.requireNonNull("subject", subject);
        this.serialNumber = ParamUtil.requireNonNull("serialNumber", serialNumber);

        this.caCertificate = null;
        this.c14nSubject = X509Util.canonicalizName(subject);
        try {
            this.subject = new X500Principal(subject.getEncoded());
        } catch (IOException ex) {
            throw new OperationException(ErrorCode.SYSTEM_FAILURE,
                    "invalid SubjectAltName extension in CA certificate");
        }

        this.subjectKeyIdentifier = (subjectKeyIdentifier == null) ? null
                : Arrays.copyOf(subjectKeyIdentifier, subjectKeyIdentifier.length);

        this.subjectAltName = subjectAltName;
        this.caCertUris = CollectionUtil.unmodifiableList(caCertUris);
        this.ocspUris = CollectionUtil.unmodifiableList(ocspUris);
        this.crlUris = CollectionUtil.unmodifiableList(crlUris);
        this.deltaCrlUris = CollectionUtil.unmodifiableList(deltaCrlUris);
    } // constructor

    public List<String> getCaCertUris() {
        return caCertUris;
    }

    public List<String> getOcspUris() {
        return ocspUris;
    }

    public List<String> getCrlUris() {
        return crlUris;
    }

    public List<String> getDeltaCrlUris() {
        return deltaCrlUris;
    }

    public X509Certificate getCrlSignerCertificate() {
        return crlSignerCertificate;
    }

    public void setCrlSignerCertificate(final X509Certificate crlSignerCert) {
        this.crlSignerCertificate = caCertificate.getCert().equals(crlSignerCert)
                ? null : crlSignerCert;
    }

    public X500Principal getSubject() {
        return subject;
    }

    public X500Name getX500Subject() {
        return x500Subject;
    }

    public String getC14nSubject() {
        return c14nSubject;
    }

    public GeneralNames getSubjectAltName() {
        return subjectAltName;
    }

    public byte[] getSubjectKeyIdentifer() {
        if (caCertificate != null) {
            return caCertificate.getSubjectKeyIdentifier();
        } else {
            return (subjectKeyIdentifier == null) ? null
                    : Arrays.copyOf(subjectKeyIdentifier, subjectKeyIdentifier.length);
        }
    }

    public BigInteger getSerialNumber() {
        return serialNumber;
    }

    public X509Cert getCaCertificate() {
        return caCertificate;
    }

}