--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/java.base/share/classes/sun/security/x509/CertificateValidity.java Tue Sep 12 19:03:39 2017 +0200
@@ -0,0 +1,277 @@
+/*
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+package sun.security.x509;
+
+import java.io.IOException;
+import java.io.OutputStream;
+import java.security.cert.*;
+import java.util.Date;
+import java.util.Enumeration;
+
+import sun.security.util.*;
+
+/**
+ * This class defines the interval for which the certificate is valid.
+ *
+ * @author Amit Kapoor
+ * @author Hemma Prafullchandra
+ * @see CertAttrSet
+ */
+public class CertificateValidity implements CertAttrSet<String> {
+ /**
+ * Identifier for this attribute, to be used with the
+ * get, set, delete methods of Certificate, x509 type.
+ */
+ public static final String IDENT = "x509.info.validity";
+ /**
+ * Sub attributes name for this CertAttrSet.
+ */
+ public static final String NAME = "validity";
+ public static final String NOT_BEFORE = "notBefore";
+ public static final String NOT_AFTER = "notAfter";
+ private static final long YR_2050 = 2524636800000L;
+
+ // Private data members
+ private Date notBefore;
+ private Date notAfter;
+
+ // Returns the first time the certificate is valid.
+ private Date getNotBefore() {
+ return (new Date(notBefore.getTime()));
+ }
+
+ // Returns the last time the certificate is valid.
+ private Date getNotAfter() {
+ return (new Date(notAfter.getTime()));
+ }
+
+ // Construct the class from the DerValue
+ private void construct(DerValue derVal) throws IOException {
+ if (derVal.tag != DerValue.tag_Sequence) {
+ throw new IOException("Invalid encoded CertificateValidity, " +
+ "starting sequence tag missing.");
+ }
+ // check if UTCTime encoded or GeneralizedTime
+ if (derVal.data.available() == 0)
+ throw new IOException("No data encoded for CertificateValidity");
+
+ DerInputStream derIn = new DerInputStream(derVal.toByteArray());
+ DerValue[] seq = derIn.getSequence(2);
+ if (seq.length != 2)
+ throw new IOException("Invalid encoding for CertificateValidity");
+
+ if (seq[0].tag == DerValue.tag_UtcTime) {
+ notBefore = derVal.data.getUTCTime();
+ } else if (seq[0].tag == DerValue.tag_GeneralizedTime) {
+ notBefore = derVal.data.getGeneralizedTime();
+ } else {
+ throw new IOException("Invalid encoding for CertificateValidity");
+ }
+
+ if (seq[1].tag == DerValue.tag_UtcTime) {
+ notAfter = derVal.data.getUTCTime();
+ } else if (seq[1].tag == DerValue.tag_GeneralizedTime) {
+ notAfter = derVal.data.getGeneralizedTime();
+ } else {
+ throw new IOException("Invalid encoding for CertificateValidity");
+ }
+ }
+
+ /**
+ * Default constructor for the class.
+ */
+ public CertificateValidity() { }
+
+ /**
+ * The default constructor for this class for the specified interval.
+ *
+ * @param notBefore the date and time before which the certificate
+ * is not valid.
+ * @param notAfter the date and time after which the certificate is
+ * not valid.
+ */
+ public CertificateValidity(Date notBefore, Date notAfter) {
+ this.notBefore = notBefore;
+ this.notAfter = notAfter;
+ }
+
+ /**
+ * Create the object, decoding the values from the passed DER stream.
+ *
+ * @param in the DerInputStream to read the CertificateValidity from.
+ * @exception IOException on decoding errors.
+ */
+ public CertificateValidity(DerInputStream in) throws IOException {
+ DerValue derVal = in.getDerValue();
+ construct(derVal);
+ }
+
+ /**
+ * Return the validity period as user readable string.
+ */
+ public String toString() {
+ if (notBefore == null || notAfter == null)
+ return "";
+ return "Validity: [From: " + notBefore +
+ ",\n To: " + notAfter + ']';
+ }
+
+ /**
+ * Encode the CertificateValidity period in DER form to the stream.
+ *
+ * @param out the OutputStream to marshal the contents to.
+ * @exception IOException on errors.
+ */
+ public void encode(OutputStream out) throws IOException {
+
+ // in cases where default constructor is used check for
+ // null values
+ if (notBefore == null || notAfter == null) {
+ throw new IOException("CertAttrSet:CertificateValidity:" +
+ " null values to encode.\n");
+ }
+ DerOutputStream pair = new DerOutputStream();
+
+ if (notBefore.getTime() < YR_2050) {
+ pair.putUTCTime(notBefore);
+ } else
+ pair.putGeneralizedTime(notBefore);
+
+ if (notAfter.getTime() < YR_2050) {
+ pair.putUTCTime(notAfter);
+ } else {
+ pair.putGeneralizedTime(notAfter);
+ }
+ DerOutputStream seq = new DerOutputStream();
+ seq.write(DerValue.tag_Sequence, pair);
+
+ out.write(seq.toByteArray());
+ }
+
+ /**
+ * Set the attribute value.
+ */
+ public void set(String name, Object obj) throws IOException {
+ if (!(obj instanceof Date)) {
+ throw new IOException("Attribute must be of type Date.");
+ }
+ if (name.equalsIgnoreCase(NOT_BEFORE)) {
+ notBefore = (Date)obj;
+ } else if (name.equalsIgnoreCase(NOT_AFTER)) {
+ notAfter = (Date)obj;
+ } else {
+ throw new IOException("Attribute name not recognized by " +
+ "CertAttrSet: CertificateValidity.");
+ }
+ }
+
+ /**
+ * Get the attribute value.
+ */
+ public Date get(String name) throws IOException {
+ if (name.equalsIgnoreCase(NOT_BEFORE)) {
+ return (getNotBefore());
+ } else if (name.equalsIgnoreCase(NOT_AFTER)) {
+ return (getNotAfter());
+ } else {
+ throw new IOException("Attribute name not recognized by " +
+ "CertAttrSet: CertificateValidity.");
+ }
+ }
+
+ /**
+ * Delete the attribute value.
+ */
+ public void delete(String name) throws IOException {
+ if (name.equalsIgnoreCase(NOT_BEFORE)) {
+ notBefore = null;
+ } else if (name.equalsIgnoreCase(NOT_AFTER)) {
+ notAfter = null;
+ } else {
+ throw new IOException("Attribute name not recognized by " +
+ "CertAttrSet: CertificateValidity.");
+ }
+ }
+
+ /**
+ * Return an enumeration of names of attributes existing within this
+ * attribute.
+ */
+ public Enumeration<String> getElements() {
+ AttributeNameEnumeration elements = new AttributeNameEnumeration();
+ elements.addElement(NOT_BEFORE);
+ elements.addElement(NOT_AFTER);
+
+ return (elements.elements());
+ }
+
+ /**
+ * Return the name of this attribute.
+ */
+ public String getName() {
+ return (NAME);
+ }
+
+ /**
+ * Verify that the current time is within the validity period.
+ *
+ * @exception CertificateExpiredException if the certificate has expired.
+ * @exception CertificateNotYetValidException if the certificate is not
+ * yet valid.
+ */
+ public void valid()
+ throws CertificateNotYetValidException, CertificateExpiredException {
+ Date now = new Date();
+ valid(now);
+ }
+
+ /**
+ * Verify that the passed time is within the validity period.
+ * @param now the Date against which to compare the validity
+ * period.
+ *
+ * @exception CertificateExpiredException if the certificate has expired
+ * with respect to the <code>Date</code> supplied.
+ * @exception CertificateNotYetValidException if the certificate is not
+ * yet valid with respect to the <code>Date</code> supplied.
+ *
+ */
+ public void valid(Date now)
+ throws CertificateNotYetValidException, CertificateExpiredException {
+ /*
+ * we use the internal Dates rather than the passed in Date
+ * because someone could override the Date methods after()
+ * and before() to do something entirely different.
+ */
+ if (notBefore.after(now)) {
+ throw new CertificateNotYetValidException("NotBefore: " +
+ notBefore.toString());
+ }
+ if (notAfter.before(now)) {
+ throw new CertificateExpiredException("NotAfter: " +
+ notAfter.toString());
+ }
+ }
+}