jdk/src/share/classes/sun/security/x509/CertificateValidity.java
changeset 2 90ce3da70b43
child 5506 202f599c92aa
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/share/classes/sun/security/x509/CertificateValidity.java	Sat Dec 01 00:00:00 2007 +0000
@@ -0,0 +1,277 @@
+/*
+ * Copyright 1997-2006 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Sun designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Sun in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+package sun.security.x509;
+
+import java.io.IOException;
+import java.io.OutputStream;
+import java.security.cert.*;
+import java.util.Date;
+import java.util.Enumeration;
+
+import sun.security.util.*;
+
+/**
+ * This class defines the interval for which the certificate is valid.
+ *
+ * @author Amit Kapoor
+ * @author Hemma Prafullchandra
+ * @see CertAttrSet
+ */
+public class CertificateValidity implements CertAttrSet<String> {
+    /**
+     * Identifier for this attribute, to be used with the
+     * get, set, delete methods of Certificate, x509 type.
+     */
+    public static final String IDENT = "x509.info.validity";
+    /**
+     * Sub attributes name for this CertAttrSet.
+     */
+    public static final String NAME = "validity";
+    public static final String NOT_BEFORE = "notBefore";
+    public static final String NOT_AFTER = "notAfter";
+    private static final long YR_2050 = 2524636800000L;
+
+    // Private data members
+    private Date        notBefore;
+    private Date        notAfter;
+
+    // Returns the first time the certificate is valid.
+    private Date getNotBefore() {
+        return (new Date(notBefore.getTime()));
+    }
+
+    // Returns the last time the certificate is valid.
+    private Date getNotAfter() {
+       return (new Date(notAfter.getTime()));
+    }
+
+    // Construct the class from the DerValue
+    private void construct(DerValue derVal) throws IOException {
+        if (derVal.tag != DerValue.tag_Sequence) {
+            throw new IOException("Invalid encoded CertificateValidity, " +
+                                  "starting sequence tag missing.");
+        }
+        // check if UTCTime encoded or GeneralizedTime
+        if (derVal.data.available() == 0)
+            throw new IOException("No data encoded for CertificateValidity");
+
+        DerInputStream derIn = new DerInputStream(derVal.toByteArray());
+        DerValue[] seq = derIn.getSequence(2);
+        if (seq.length != 2)
+            throw new IOException("Invalid encoding for CertificateValidity");
+
+        if (seq[0].tag == DerValue.tag_UtcTime) {
+            notBefore = derVal.data.getUTCTime();
+        } else if (seq[0].tag == DerValue.tag_GeneralizedTime) {
+            notBefore = derVal.data.getGeneralizedTime();
+        } else {
+            throw new IOException("Invalid encoding for CertificateValidity");
+        }
+
+        if (seq[1].tag == DerValue.tag_UtcTime) {
+            notAfter = derVal.data.getUTCTime();
+        } else if (seq[1].tag == DerValue.tag_GeneralizedTime) {
+            notAfter = derVal.data.getGeneralizedTime();
+        } else {
+            throw new IOException("Invalid encoding for CertificateValidity");
+        }
+    }
+
+    /**
+     * Default constructor for the class.
+     */
+    public CertificateValidity() { }
+
+    /**
+     * The default constructor for this class for the specified interval.
+     *
+     * @param notBefore the date and time before which the certificate
+     *                   is not valid.
+     * @param notAfter the date and time after which the certificate is
+     *                  not valid.
+     */
+    public CertificateValidity(Date notBefore, Date notAfter) {
+        this.notBefore = notBefore;
+        this.notAfter = notAfter;
+    }
+
+    /**
+     * Create the object, decoding the values from the passed DER stream.
+     *
+     * @param in the DerInputStream to read the CertificateValidity from.
+     * @exception IOException on decoding errors.
+     */
+    public CertificateValidity(DerInputStream in) throws IOException {
+        DerValue derVal = in.getDerValue();
+        construct(derVal);
+    }
+
+    /**
+     * Return the validity period as user readable string.
+     */
+    public String toString() {
+        if (notBefore == null || notAfter == null)
+            return "";
+        return ("Validity: [From: " + notBefore.toString() +
+             ",\n               To: " + notAfter.toString() + "]");
+    }
+
+    /**
+     * Encode the CertificateValidity period in DER form to the stream.
+     *
+     * @param out the OutputStream to marshal the contents to.
+     * @exception IOException on errors.
+     */
+    public void encode(OutputStream out) throws IOException {
+
+        // in cases where default constructor is used check for
+        // null values
+        if (notBefore == null || notAfter == null) {
+            throw new IOException("CertAttrSet:CertificateValidity:" +
+                                  " null values to encode.\n");
+        }
+        DerOutputStream pair = new DerOutputStream();
+
+        if (notBefore.getTime() < YR_2050) {
+            pair.putUTCTime(notBefore);
+        } else
+            pair.putGeneralizedTime(notBefore);
+
+        if (notAfter.getTime() < YR_2050) {
+            pair.putUTCTime(notAfter);
+        } else {
+            pair.putGeneralizedTime(notAfter);
+        }
+        DerOutputStream seq = new DerOutputStream();
+        seq.write(DerValue.tag_Sequence, pair);
+
+        out.write(seq.toByteArray());
+    }
+
+    /**
+     * Set the attribute value.
+     */
+    public void set(String name, Object obj) throws IOException {
+        if (!(obj instanceof Date)) {
+            throw new IOException("Attribute must be of type Date.");
+        }
+        if (name.equalsIgnoreCase(NOT_BEFORE)) {
+            notBefore = (Date)obj;
+        } else if (name.equalsIgnoreCase(NOT_AFTER)) {
+            notAfter = (Date)obj;
+        } else {
+            throw new IOException("Attribute name not recognized by " +
+                            "CertAttrSet: CertificateValidity.");
+        }
+    }
+
+    /**
+     * Get the attribute value.
+     */
+    public Object get(String name) throws IOException {
+        if (name.equalsIgnoreCase(NOT_BEFORE)) {
+            return (getNotBefore());
+        } else if (name.equalsIgnoreCase(NOT_AFTER)) {
+            return (getNotAfter());
+        } else {
+            throw new IOException("Attribute name not recognized by " +
+                            "CertAttrSet: CertificateValidity.");
+        }
+    }
+
+    /**
+     * Delete the attribute value.
+     */
+    public void delete(String name) throws IOException {
+        if (name.equalsIgnoreCase(NOT_BEFORE)) {
+            notBefore = null;
+        } else if (name.equalsIgnoreCase(NOT_AFTER)) {
+            notAfter = null;
+        } else {
+            throw new IOException("Attribute name not recognized by " +
+                            "CertAttrSet: CertificateValidity.");
+        }
+    }
+
+    /**
+     * Return an enumeration of names of attributes existing within this
+     * attribute.
+     */
+    public Enumeration<String> getElements() {
+        AttributeNameEnumeration elements = new AttributeNameEnumeration();
+        elements.addElement(NOT_BEFORE);
+        elements.addElement(NOT_AFTER);
+
+        return (elements.elements());
+    }
+
+    /**
+     * Return the name of this attribute.
+     */
+    public String getName() {
+        return (NAME);
+    }
+
+    /**
+     * Verify that the current time is within the validity period.
+     *
+     * @exception CertificateExpiredException if the certificate has expired.
+     * @exception CertificateNotYetValidException if the certificate is not
+     * yet valid.
+     */
+    public void valid()
+    throws CertificateNotYetValidException, CertificateExpiredException {
+        Date now = new Date();
+        valid(now);
+    }
+
+    /**
+     * Verify that the passed time is within the validity period.
+     * @param now the Date against which to compare the validity
+     * period.
+     *
+     * @exception CertificateExpiredException if the certificate has expired
+     * with respect to the <code>Date</code> supplied.
+     * @exception CertificateNotYetValidException if the certificate is not
+     * yet valid with respect to the <code>Date</code> supplied.
+     *
+     */
+    public void valid(Date now)
+    throws CertificateNotYetValidException, CertificateExpiredException {
+        /*
+         * we use the internal Dates rather than the passed in Date
+         * because someone could override the Date methods after()
+         * and before() to do something entirely different.
+         */
+        if (notBefore.after(now)) {
+            throw new CertificateNotYetValidException("NotBefore: " +
+                                                      notBefore.toString());
+        }
+        if (notAfter.before(now)) {
+            throw new CertificateExpiredException("NotAfter: " +
+                                                  notAfter.toString());
+        }
+    }
+}