1 package org.bouncycastle.asn1.x509; 2 3 import org.bouncycastle.asn1.ASN1Boolean; 4 import org.bouncycastle.asn1.ASN1EncodableVector; 5 import org.bouncycastle.asn1.ASN1Object; 6 import org.bouncycastle.asn1.ASN1Primitive; 7 import org.bouncycastle.asn1.ASN1Sequence; 8 import org.bouncycastle.asn1.ASN1TaggedObject; 9 import org.bouncycastle.asn1.DERSequence; 10 import org.bouncycastle.asn1.DERTaggedObject; 11 import org.bouncycastle.util.Strings; 12 13 /** 14 * <pre> 15 * IssuingDistributionPoint ::= SEQUENCE { 16 * distributionPoint [0] DistributionPointName OPTIONAL, 17 * onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE, 18 * onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE, 19 * onlySomeReasons [3] ReasonFlags OPTIONAL, 20 * indirectCRL [4] BOOLEAN DEFAULT FALSE, 21 * onlyContainsAttributeCerts [5] BOOLEAN DEFAULT FALSE } 22 * </pre> 23 */ 24 public class IssuingDistributionPoint 25 extends ASN1Object 26 { 27 private DistributionPointName distributionPoint; 28 29 private boolean onlyContainsUserCerts; 30 31 private boolean onlyContainsCACerts; 32 33 private ReasonFlags onlySomeReasons; 34 35 private boolean indirectCRL; 36 37 private boolean onlyContainsAttributeCerts; 38 39 private ASN1Sequence seq; 40 getInstance( ASN1TaggedObject obj, boolean explicit)41 public static IssuingDistributionPoint getInstance( 42 ASN1TaggedObject obj, 43 boolean explicit) 44 { 45 return getInstance(ASN1Sequence.getInstance(obj, explicit)); 46 } 47 getInstance( Object obj)48 public static IssuingDistributionPoint getInstance( 49 Object obj) 50 { 51 if (obj instanceof IssuingDistributionPoint) 52 { 53 return (IssuingDistributionPoint)obj; 54 } 55 else if (obj != null) 56 { 57 return new IssuingDistributionPoint(ASN1Sequence.getInstance(obj)); 58 } 59 60 return null; 61 } 62 63 /** 64 * Constructor from given details. 65 * 66 * @param distributionPoint 67 * May contain an URI as pointer to most current CRL. 68 * @param onlyContainsUserCerts Covers revocation information for end certificates. 69 * @param onlyContainsCACerts Covers revocation information for CA certificates. 70 * 71 * @param onlySomeReasons 72 * Which revocation reasons does this point cover. 73 * @param indirectCRL 74 * If <code>true</code> then the CRL contains revocation 75 * information about certificates ssued by other CAs. 76 * @param onlyContainsAttributeCerts Covers revocation information for attribute certificates. 77 */ IssuingDistributionPoint( DistributionPointName distributionPoint, boolean onlyContainsUserCerts, boolean onlyContainsCACerts, ReasonFlags onlySomeReasons, boolean indirectCRL, boolean onlyContainsAttributeCerts)78 public IssuingDistributionPoint( 79 DistributionPointName distributionPoint, 80 boolean onlyContainsUserCerts, 81 boolean onlyContainsCACerts, 82 ReasonFlags onlySomeReasons, 83 boolean indirectCRL, 84 boolean onlyContainsAttributeCerts) 85 { 86 this.distributionPoint = distributionPoint; 87 this.indirectCRL = indirectCRL; 88 this.onlyContainsAttributeCerts = onlyContainsAttributeCerts; 89 this.onlyContainsCACerts = onlyContainsCACerts; 90 this.onlyContainsUserCerts = onlyContainsUserCerts; 91 this.onlySomeReasons = onlySomeReasons; 92 93 ASN1EncodableVector vec = new ASN1EncodableVector(); 94 if (distributionPoint != null) 95 { // CHOICE item so explicitly tagged 96 vec.add(new DERTaggedObject(true, 0, distributionPoint)); 97 } 98 if (onlyContainsUserCerts) 99 { 100 vec.add(new DERTaggedObject(false, 1, ASN1Boolean.getInstance(true))); 101 } 102 if (onlyContainsCACerts) 103 { 104 vec.add(new DERTaggedObject(false, 2, ASN1Boolean.getInstance(true))); 105 } 106 if (onlySomeReasons != null) 107 { 108 vec.add(new DERTaggedObject(false, 3, onlySomeReasons)); 109 } 110 if (indirectCRL) 111 { 112 vec.add(new DERTaggedObject(false, 4, ASN1Boolean.getInstance(true))); 113 } 114 if (onlyContainsAttributeCerts) 115 { 116 vec.add(new DERTaggedObject(false, 5, ASN1Boolean.getInstance(true))); 117 } 118 119 seq = new DERSequence(vec); 120 } 121 122 /** 123 * Shorthand Constructor from given details. 124 * 125 * @param distributionPoint 126 * May contain an URI as pointer to most current CRL. 127 * @param indirectCRL 128 * If <code>true</code> then the CRL contains revocation 129 * information about certificates ssued by other CAs. 130 * @param onlyContainsAttributeCerts Covers revocation information for attribute certificates. 131 */ IssuingDistributionPoint( DistributionPointName distributionPoint, boolean indirectCRL, boolean onlyContainsAttributeCerts)132 public IssuingDistributionPoint( 133 DistributionPointName distributionPoint, 134 boolean indirectCRL, 135 boolean onlyContainsAttributeCerts) 136 { 137 this(distributionPoint, false, false, null, indirectCRL, onlyContainsAttributeCerts); 138 } 139 140 /** 141 * Constructor from ASN1Sequence 142 */ IssuingDistributionPoint( ASN1Sequence seq)143 private IssuingDistributionPoint( 144 ASN1Sequence seq) 145 { 146 this.seq = seq; 147 148 for (int i = 0; i != seq.size(); i++) 149 { 150 ASN1TaggedObject o = ASN1TaggedObject.getInstance(seq.getObjectAt(i)); 151 152 switch (o.getTagNo()) 153 { 154 case 0: 155 // CHOICE so explicit 156 distributionPoint = DistributionPointName.getInstance(o, true); 157 break; 158 case 1: 159 onlyContainsUserCerts = ASN1Boolean.getInstance(o, false).isTrue(); 160 break; 161 case 2: 162 onlyContainsCACerts = ASN1Boolean.getInstance(o, false).isTrue(); 163 break; 164 case 3: 165 onlySomeReasons = new ReasonFlags(ReasonFlags.getInstance(o, false)); 166 break; 167 case 4: 168 indirectCRL = ASN1Boolean.getInstance(o, false).isTrue(); 169 break; 170 case 5: 171 onlyContainsAttributeCerts = ASN1Boolean.getInstance(o, false).isTrue(); 172 break; 173 default: 174 throw new IllegalArgumentException( 175 "unknown tag in IssuingDistributionPoint"); 176 } 177 } 178 } 179 onlyContainsUserCerts()180 public boolean onlyContainsUserCerts() 181 { 182 return onlyContainsUserCerts; 183 } 184 onlyContainsCACerts()185 public boolean onlyContainsCACerts() 186 { 187 return onlyContainsCACerts; 188 } 189 isIndirectCRL()190 public boolean isIndirectCRL() 191 { 192 return indirectCRL; 193 } 194 onlyContainsAttributeCerts()195 public boolean onlyContainsAttributeCerts() 196 { 197 return onlyContainsAttributeCerts; 198 } 199 200 /** 201 * @return Returns the distributionPoint. 202 */ getDistributionPoint()203 public DistributionPointName getDistributionPoint() 204 { 205 return distributionPoint; 206 } 207 208 /** 209 * @return Returns the onlySomeReasons. 210 */ getOnlySomeReasons()211 public ReasonFlags getOnlySomeReasons() 212 { 213 return onlySomeReasons; 214 } 215 toASN1Primitive()216 public ASN1Primitive toASN1Primitive() 217 { 218 return seq; 219 } 220 toString()221 public String toString() 222 { 223 String sep = Strings.lineSeparator(); 224 StringBuffer buf = new StringBuffer(); 225 226 buf.append("IssuingDistributionPoint: ["); 227 buf.append(sep); 228 if (distributionPoint != null) 229 { 230 appendObject(buf, sep, "distributionPoint", distributionPoint.toString()); 231 } 232 if (onlyContainsUserCerts) 233 { 234 appendObject(buf, sep, "onlyContainsUserCerts", booleanToString(onlyContainsUserCerts)); 235 } 236 if (onlyContainsCACerts) 237 { 238 appendObject(buf, sep, "onlyContainsCACerts", booleanToString(onlyContainsCACerts)); 239 } 240 if (onlySomeReasons != null) 241 { 242 appendObject(buf, sep, "onlySomeReasons", onlySomeReasons.toString()); 243 } 244 if (onlyContainsAttributeCerts) 245 { 246 appendObject(buf, sep, "onlyContainsAttributeCerts", booleanToString(onlyContainsAttributeCerts)); 247 } 248 if (indirectCRL) 249 { 250 appendObject(buf, sep, "indirectCRL", booleanToString(indirectCRL)); 251 } 252 buf.append("]"); 253 buf.append(sep); 254 return buf.toString(); 255 } 256 appendObject(StringBuffer buf, String sep, String name, String value)257 private void appendObject(StringBuffer buf, String sep, String name, String value) 258 { 259 String indent = " "; 260 261 buf.append(indent); 262 buf.append(name); 263 buf.append(":"); 264 buf.append(sep); 265 buf.append(indent); 266 buf.append(indent); 267 buf.append(value); 268 buf.append(sep); 269 } 270 booleanToString(boolean value)271 private String booleanToString(boolean value) 272 { 273 return value ? "true" : "false"; 274 } 275 } 276