CryptoMessage v1.3.2版本的 MD5 值为:66c611ce56a11450659dc23697562928
以下内容为反编译后的 X509CertificateObject.java 源代码,内容仅作参考
package kz.gamma.jce.provider;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import kz.gamma.asn1.ASN1InputStream;
import kz.gamma.asn1.ASN1Object;
import kz.gamma.asn1.ASN1OutputStream;
import kz.gamma.asn1.ASN1Sequence;
import kz.gamma.asn1.DERBitString;
import kz.gamma.asn1.DERIA5String;
import kz.gamma.asn1.DERObjectIdentifier;
import kz.gamma.asn1.DEROutputStream;
import kz.gamma.asn1.misc.MiscObjectIdentifiers;
import kz.gamma.asn1.misc.NetscapeCertType;
import kz.gamma.asn1.misc.NetscapeRevocationURL;
import kz.gamma.asn1.misc.VerisignCzagExtension;
import kz.gamma.asn1.util.ASN1Dump;
import kz.gamma.asn1.x509.AlgorithmIdentifier;
import kz.gamma.asn1.x509.BasicConstraints;
import kz.gamma.asn1.x509.KeyUsage;
import kz.gamma.asn1.x509.SubjectPublicKeyInfo;
import kz.gamma.asn1.x509.X509CertificateStructure;
import kz.gamma.asn1.x509.X509Extension;
import kz.gamma.asn1.x509.X509Extensions;
import kz.gamma.jce.X509Principal;
import kz.gamma.jce.interfaces.PKCS12BagAttributeCarrier;
import kz.gamma.util.Arrays;
import kz.gamma.util.encoders.Hex;
public class X509CertificateObject extends X509Certificate implements PKCS12BagAttributeCarrier {
private PKCS12BagAttributeCarrier attrCarrier = new PKCS12BagAttributeCarrierImpl();
private BasicConstraints basicConstraints;
private X509CertificateStructure c;
private boolean[] keyUsage;
public X509CertificateObject(X509CertificateStructure x509CertificateStructure) throws CertificateParsingException {
this.c = x509CertificateStructure;
try {
byte[] extensionBytes = getExtensionBytes("2.5.29.19");
if (extensionBytes != null) {
this.basicConstraints = BasicConstraints.getInstance(ASN1Object.fromByteArray(extensionBytes));
}
try {
byte[] extensionBytes2 = getExtensionBytes("2.5.29.15");
if (extensionBytes2 != null) {
DERBitString dERBitString = DERBitString.getInstance(ASN1Object.fromByteArray(extensionBytes2));
byte[] bytes = dERBitString.getBytes();
int length = (bytes.length * 8) - dERBitString.getPadBits();
int i = 9;
if (length >= 9) {
i = length;
}
this.keyUsage = new boolean[i];
for (int i2 = 0; i2 != length; i2++) {
this.keyUsage[i2] = (bytes[i2 / 8] & (128 >>> (i2 % 8))) != 0;
}
return;
}
this.keyUsage = null;
} catch (Exception e) {
throw new CertificateParsingException("cannot construct KeyUsage: " + e);
}
} catch (Exception e2) {
throw new CertificateParsingException("cannot construct BasicConstraints: " + e2);
}
}
@Override
public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException {
checkValidity(new Date());
}
@Override
public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException {
if (date.getTime() > getNotAfter().getTime()) {
throw new CertificateExpiredException("certificate expired on " + this.c.getEndDate().getTime());
}
if (date.getTime() >= getNotBefore().getTime()) {
return;
}
throw new CertificateNotYetValidException("certificate not valid till " + this.c.getStartDate().getTime());
}
@Override
public int getVersion() {
return this.c.getVersion();
}
@Override
public BigInteger getSerialNumber() {
return this.c.getSerialNumber().getValue();
}
@Override
public Principal getIssuerDN() {
return new X509Principal(this.c.getIssuer());
}
@Override
public X500Principal getIssuerX500Principal() {
try {
ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
new ASN1OutputStream(byteArrayOutputStream).writeObject(this.c.getIssuer());
return new X500Principal(byteArrayOutputStream.toByteArray());
} catch (IOException unused) {
throw new IllegalStateException("can't encode issuer DN");
}
}
@Override
public Principal getSubjectDN() {
return new X509Principal(this.c.getSubject());
}
@Override
public X500Principal getSubjectX500Principal() {
try {
ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
new ASN1OutputStream(byteArrayOutputStream).writeObject(this.c.getSubject());
return new X500Principal(byteArrayOutputStream.toByteArray());
} catch (IOException unused) {
throw new IllegalStateException("can't encode issuer DN");
}
}
@Override
public Date getNotBefore() {
return this.c.getStartDate().getDate();
}
@Override
public Date getNotAfter() {
return this.c.getEndDate().getDate();
}
@Override
public byte[] getTBSCertificate() throws CertificateEncodingException {
ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
try {
new DEROutputStream(byteArrayOutputStream).writeObject(this.c.getTBSCertificate());
return byteArrayOutputStream.toByteArray();
} catch (IOException e) {
throw new CertificateEncodingException(e.toString());
}
}
@Override
public byte[] getSignature() {
return this.c.getSignature().getBytes();
}
@Override
public String getSigAlgName() {
Provider provider = Security.getProvider(GammaTechProvider.PROVIDER_NAME);
if (provider != null) {
String property = provider.getProperty("Alg.Alias.Signature." + getSigAlgOID());
if (property != null) {
return property;
}
}
Provider[] providers = Security.getProviders();
for (int i = 0; i != providers.length; i++) {
String property2 = providers[i].getProperty("Alg.Alias.Signature." + getSigAlgOID());
if (property2 != null) {
return property2;
}
}
return getSigAlgOID();
}
@Override
public String getSigAlgOID() {
return this.c.getSignatureAlgorithm().getObjectId().getId();
}
@Override
public byte[] getSigAlgParams() {
if (this.c.getSignatureAlgorithm().getParameters() != null) {
return this.c.getSignatureAlgorithm().getParameters().getDERObject().getDEREncoded();
}
return null;
}
@Override
public boolean[] getIssuerUniqueID() {
DERBitString issuerUniqueId = this.c.getTBSCertificate().getIssuerUniqueId();
if (issuerUniqueId == null) {
return null;
}
byte[] bytes = issuerUniqueId.getBytes();
int length = (bytes.length * 8) - issuerUniqueId.getPadBits();
boolean[] zArr = new boolean[length];
for (int i = 0; i != length; i++) {
zArr[i] = (bytes[i / 8] & (128 >>> (i % 8))) != 0;
}
return zArr;
}
@Override
public boolean[] getSubjectUniqueID() {
DERBitString subjectUniqueId = this.c.getTBSCertificate().getSubjectUniqueId();
if (subjectUniqueId == null) {
return null;
}
byte[] bytes = subjectUniqueId.getBytes();
int length = (bytes.length * 8) - subjectUniqueId.getPadBits();
boolean[] zArr = new boolean[length];
for (int i = 0; i != length; i++) {
zArr[i] = (bytes[i / 8] & (128 >>> (i % 8))) != 0;
}
return zArr;
}
@Override
public boolean[] getKeyUsage() {
return this.keyUsage;
}
@Override
public List getExtendedKeyUsage() throws CertificateParsingException {
byte[] extensionBytes = getExtensionBytes("2.5.29.37");
if (extensionBytes == null) {
return null;
}
try {
ASN1Sequence aSN1Sequence = (ASN1Sequence) new ASN1InputStream(extensionBytes).readObject();
ArrayList arrayList = new ArrayList();
for (int i = 0; i != aSN1Sequence.size(); i++) {
arrayList.add(((DERObjectIdentifier) aSN1Sequence.getObjectAt(i)).getId());
}
return Collections.unmodifiableList(arrayList);
} catch (Exception unused) {
throw new CertificateParsingException("error processing extended key usage extension");
}
}
@Override
public int getBasicConstraints() {
BasicConstraints basicConstraints = this.basicConstraints;
if (basicConstraints == null || !basicConstraints.isCA()) {
return -1;
}
if (this.basicConstraints.getPathLenConstraint() == null) {
return Integer.MAX_VALUE;
}
return this.basicConstraints.getPathLenConstraint().intValue();
}
@Override
public Set getCriticalExtensionOIDs() {
if (getVersion() != 3) {
return null;
}
HashSet hashSet = new HashSet();
X509Extensions extensions = this.c.getTBSCertificate().getExtensions();
if (extensions == null) {
return null;
}
Enumeration oids = extensions.oids();
while (oids.hasMoreElements()) {
DERObjectIdentifier dERObjectIdentifier = (DERObjectIdentifier) oids.nextElement();
if (extensions.getExtension(dERObjectIdentifier).isCritical()) {
hashSet.add(dERObjectIdentifier.getId());
}
}
return hashSet;
}
private byte[] getExtensionBytes(String str) {
X509Extension extension;
X509Extensions extensions = this.c.getTBSCertificate().getExtensions();
if (extensions == null || (extension = extensions.getExtension(new DERObjectIdentifier(str))) == null) {
return null;
}
return extension.getValue().getOctets();
}
@Override
public byte[] getExtensionValue(String str) {
X509Extension extension;
X509Extensions extensions = this.c.getTBSCertificate().getExtensions();
if (extensions == null || (extension = extensions.getExtension(new DERObjectIdentifier(str))) == null) {
return null;
}
try {
return extension.getValue().getEncoded();
} catch (Exception e) {
throw new IllegalStateException("error parsing " + e.toString());
}
}
@Override
public Set getNonCriticalExtensionOIDs() {
if (getVersion() != 3) {
return null;
}
HashSet hashSet = new HashSet();
X509Extensions extensions = this.c.getTBSCertificate().getExtensions();
if (extensions == null) {
return null;
}
Enumeration oids = extensions.oids();
while (oids.hasMoreElements()) {
DERObjectIdentifier dERObjectIdentifier = (DERObjectIdentifier) oids.nextElement();
if (!extensions.getExtension(dERObjectIdentifier).isCritical()) {
hashSet.add(dERObjectIdentifier.getId());
}
}
return hashSet;
}
@Override
public boolean hasUnsupportedCriticalExtension() {
X509Extensions extensions;
if (getVersion() != 3 || (extensions = this.c.getTBSCertificate().getExtensions()) == null) {
return false;
}
Enumeration oids = extensions.oids();
while (oids.hasMoreElements()) {
DERObjectIdentifier dERObjectIdentifier = (DERObjectIdentifier) oids.nextElement();
if (!dERObjectIdentifier.getId().equals("2.5.29.15") && !dERObjectIdentifier.getId().equals("2.5.29.19") && extensions.getExtension(dERObjectIdentifier).isCritical()) {
return true;
}
}
return false;
}
@Override
public PublicKey getPublicKey() {
return JDKKeyFactory.createPublicKeyFromPublicKeyInfo(this.c.getSubjectPublicKeyInfo());
}
@Override
public byte[] getEncoded() throws CertificateEncodingException {
ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
try {
new DEROutputStream(byteArrayOutputStream).writeObject(this.c);
return byteArrayOutputStream.toByteArray();
} catch (IOException e) {
throw new CertificateEncodingException(e.toString());
}
}
@Override
public boolean equals(Object obj) {
if (obj == this) {
return true;
}
if (!(obj instanceof Certificate)) {
return false;
}
try {
return Arrays.areEqual(getEncoded(), ((Certificate) obj).getEncoded());
} catch (CertificateEncodingException unused) {
return false;
}
}
@Override
public int hashCode() {
try {
byte[] encoded = getEncoded();
int i = 0;
for (int i2 = 0; i2 != encoded.length; i2++) {
i ^= (encoded[i2] & 255) << (i2 % 4);
}
return i;
} catch (CertificateEncodingException unused) {
return 0;
}
}
@Override
public String toString() {
StringBuffer stringBuffer = new StringBuffer();
String property = System.getProperty("line.separator");
stringBuffer.append(" [0] Version: ");
stringBuffer.append(getVersion());
stringBuffer.append(property);
stringBuffer.append(" SerialNumber: ");
stringBuffer.append(getSerialNumber());
stringBuffer.append(property);
stringBuffer.append(" IssuerDN: ");
stringBuffer.append(getIssuerDN());
stringBuffer.append(property);
stringBuffer.append(" Start Date: ");
stringBuffer.append(getNotBefore());
stringBuffer.append(property);
stringBuffer.append(" Final Date: ");
stringBuffer.append(getNotAfter());
stringBuffer.append(property);
stringBuffer.append(" SubjectDN: ");
stringBuffer.append(getSubjectDN());
stringBuffer.append(property);
stringBuffer.append(" Public Key: ");
stringBuffer.append(getPublicKey());
stringBuffer.append(property);
stringBuffer.append(" Signature Algorithm: ");
stringBuffer.append(getSigAlgName());
stringBuffer.append(property);
byte[] signature = getSignature();
stringBuffer.append(" Signature: ");
stringBuffer.append(new String(Hex.encode(signature, 0, 20)));
stringBuffer.append(property);
for (int i = 20; i < signature.length; i += 20) {
if (i < signature.length - 20) {
stringBuffer.append(" ");
stringBuffer.append(new String(Hex.encode(signature, i, 20)));
stringBuffer.append(property);
} else {
stringBuffer.append(" ");
stringBuffer.append(new String(Hex.encode(signature, i, signature.length - i)));
stringBuffer.append(property);
}
}
X509Extensions extensions = this.c.getTBSCertificate().getExtensions();
if (extensions != null) {
Enumeration oids = extensions.oids();
if (oids.hasMoreElements()) {
stringBuffer.append(" Extensions: \n");
}
while (oids.hasMoreElements()) {
DERObjectIdentifier dERObjectIdentifier = (DERObjectIdentifier) oids.nextElement();
X509Extension extension = extensions.getExtension(dERObjectIdentifier);
if (extension.getValue() != null) {
ASN1InputStream aSN1InputStream = new ASN1InputStream(extension.getValue().getOctets());
stringBuffer.append(" critical(");
stringBuffer.append(extension.isCritical());
stringBuffer.append(") ");
try {
if (dERObjectIdentifier.equals(X509Extensions.BasicConstraints)) {
stringBuffer.append(new BasicConstraints((ASN1Sequence) aSN1InputStream.readObject()));
stringBuffer.append(property);
} else if (dERObjectIdentifier.equals(X509Extensions.KeyUsage)) {
stringBuffer.append(new KeyUsage((DERBitString) aSN1InputStream.readObject()));
stringBuffer.append(property);
} else if (dERObjectIdentifier.equals(MiscObjectIdentifiers.netscapeCertType)) {
stringBuffer.append(new NetscapeCertType((DERBitString) aSN1InputStream.readObject()));
stringBuffer.append(property);
} else if (dERObjectIdentifier.equals(MiscObjectIdentifiers.netscapeRevocationURL)) {
stringBuffer.append(new NetscapeRevocationURL((DERIA5String) aSN1InputStream.readObject()));
stringBuffer.append(property);
} else if (dERObjectIdentifier.equals(MiscObjectIdentifiers.verisignCzagExtension)) {
stringBuffer.append(new VerisignCzagExtension((DERIA5String) aSN1InputStream.readObject()));
stringBuffer.append(property);
} else {
stringBuffer.append(dERObjectIdentifier.getId());
stringBuffer.append(" value = ");
stringBuffer.append(ASN1Dump.dumpAsString(aSN1InputStream.readObject()));
stringBuffer.append(property);
}
} catch (Exception unused) {
stringBuffer.append(dERObjectIdentifier.getId());
stringBuffer.append(" value = ");
stringBuffer.append("*****");
stringBuffer.append(property);
}
} else {
stringBuffer.append(property);
}
}
}
return stringBuffer.toString();
}
@Override
public final void verify(PublicKey publicKey) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
Signature signature;
String signatureName = X509SignatureUtil.getSignatureName(this.c.getSignatureAlgorithm());
try {
signature = Signature.getInstance(signatureName, GammaTechProvider.PROVIDER_NAME);
} catch (Exception unused) {
signature = Signature.getInstance(signatureName);
}
checkSignature(publicKey, signature);
}
@Override
public final void verify(PublicKey publicKey, String str) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
checkSignature(publicKey, Signature.getInstance(X509SignatureUtil.getSignatureName(this.c.getSignatureAlgorithm()), str));
}
private void checkSignature(PublicKey publicKey, Signature signature) throws CertificateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException {
if (!this.c.getSignatureAlgorithm().equals(this.c.getTBSCertificate().getSignature())) {
throw new CertificateException("signature algorithm in TBS cert not same as outer cert");
}
X509SignatureUtil.setSignatureParameters(signature, this.c.getSignatureAlgorithm().getParameters());
signature.initVerify(publicKey);
signature.update(getTBSCertificate());
try {
new SubjectPublicKeyInfo(new AlgorithmIdentifier(new DERObjectIdentifier(publicKey.getAlgorithm()), null), publicKey.getEncoded());
if (!signature.verify(getSignature())) {
throw new InvalidKeyException("Public key presented not for certificate signature");
}
} catch (Exception unused) {
throw new InvalidKeyException("Public key presented not for certificate signature");
}
}
}