Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
BEGIN LICENSE BLOCK ***** Version: CPL 1.0/GPL 2.0/LGPL 2.1 The contents of this file are subject to the Common Public License Version 1.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.eclipse.org/legal/cpl-v10.html Software distributed under the License is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for the specific language governing rights and limitations under the License. Copyright (C) 2006 Ola Bini <ola@ologix.com> Alternatively, the contents of this file may be used under the terms of either of the GNU General Public License Version 2 or later (the "GPL"), or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), in which case the provisions of the GPL or the LGPL are applicable instead of those above. If you wish to allow use of your version of this file only under the terms of either the GPL or the LGPL, and not to allow others to use your version of this file under the terms of the CPL, indicate your decision by deleting the provisions above and replace them with the notice and other provisions required by the GPL or the LGPL. If you do not delete the provisions above, a recipient may use your version of this file under the terms of any one of the CPL, the GPL or the LGPL. END LICENSE BLOCK ***
  
  package org.jruby.ext.openssl.x509store;
  
  
  import java.util.Date;
  import java.util.List;
  import java.util.Set;
  import java.util.HashSet;
  
  import  org.bouncycastle.asn1.ASN1InputStream;
  import  org.bouncycastle.asn1.DERSequence;
  import  org.bouncycastle.asn1.DERInteger;

c: X509_STORE_CTX

Author(s):
Ola Bini
  
  public class StoreContext {
      public Store ctx;
      public int currentMethod;
  
      public X509AuxCertificate certificate;
      public List<X509AuxCertificateuntrusted;
      public List<X509CRLcrls;
  
      public VerifyParameter param;
  
      public List<X509AuxCertificateotherContext;
  
      public static interface CheckPolicyFunction extends Function1 {
          public static final CheckPolicyFunction EMPTY = new CheckPolicyFunction(){
                  public int call(Object arg0) {
                      return -1;
                  }
              };
      }
  
      public Store.VerifyFunction verify;
      public Store.GetIssuerFunction getIssuer;
      public Store.GetCRLFunction getCRL;
      public Store.CheckCRLFunction checkCRL;
      public CheckPolicyFunction checkPolicy;
      public Store.CleanupFunction cleanup;
  
      public boolean isValid;
      public int lastUntrusted;
      
      public List<X509AuxCertificatechain//List<X509AuxCertificate>
      public PolicyTree tree;
  
      public int explicitPolicy;
  
      public int errorDepth;
      public int error;
      public X509AuxCertificate currentIssuer;
      public java.security.cert.CRL currentCRL;
  
      public List<ObjectextraData;

    
c: X509_STORE_CTX_set_depth
 
     public void setDepth(int depth) { 
         .setDepth(depth);
     }

    
c: X509_STORE_CTX_set_app_data
 
     public void setApplicationData(Object data) {
         setExtraData(0,data);
     }

    
c: X509_STORE_CTX_get_app_data
 
     public Object getApplicationData() {
         return getExtraData(0);
     }

    
c: X509_STORE_CTX_get1_issuer
 
     public int getFirstIssuer(X509AuxCertificate[] issuerX509AuxCertificate xthrows Exception { 
         Name xn = new Name(x.getIssuerX500Principal());
         X509Object[] s_obj = new X509Object[1];
         int ok =  == null ? 0 : getBySubject(.,xn,s_obj);
         if(ok != .) {
             if(ok == .) {
                 X509Error.addError(.);
                 return -1;
             } else if (ok != .) {
                 return -1;
             }
             return 0;
         }
         X509Object obj = s_obj[0];
         if(this..call(this,x,((Certificate)obj).) != 0) {
             issuer[0] = ((Certificate)obj).;
             return 1;
         }
 
         int idx = X509Object.indexBySubject(.,.xn);
         if(idx == -1) {
             return 0;
         }
 
         /* Look through all matching certificates for a suitable issuer */
         for(int i = idxi < ..size(); i++) {
             X509Object pobj = ..get(i);
             if(pobj.type() != .) {
                 return 0;
             }
             if(!xn.isEqual((((Certificate)pobj).).getSubjectX500Principal())) {
                 return 0;
             }
             if(this..call(this,x,((Certificate)pobj).) != 0) {
                 issuer[0] = ((Certificate)pobj).;
                 return 1;
             }
         }
         return 0;
     }
 
     public static List<X509AuxCertificateensureAux(Collection<X509Certificateinp) {
         if (inp == null) {
             return null;
         }
         List<X509AuxCertificateout = new ArrayList<X509AuxCertificate>();
         for(X509Certificate o : inp) {
             out.add(ensureAux(o));
         }
         return out;
     }
 
     public static List<X509AuxCertificateensureAux(X509Certificate[] inp) {
         if (inp == null) {
             return null;
         }
         List<X509AuxCertificateo = new ArrayList<X509AuxCertificate>();
         for(X509Certificate c : inp) {
             o.add(ensureAux(c));
         }
         return o;
     }
 
     public static X509AuxCertificate ensureAux(X509Certificate i) {
         if (i == null) {
             return null;
         }
         if(i instanceof X509AuxCertificate) {
             return (X509AuxCertificate)i;
         } else {
             return new X509AuxCertificate(i);
         }
     }

    
c: X509_STORE_CTX_init
 
     public int init(Store storeX509AuxCertificate x509List<X509AuxCertificatechain) { 
         int ret = 1;
         this.=store;
         this.=0;
         this.=x509;
         this.=chain;
         this. = null;
         this.=0;
         this. = null;
         this.=false;
         this. = null;
         this.=0;
         this.=0;
         this.=0;
         this.=null;
         this.=null;
         this. = null;
 
         this. = new VerifyParameter();
 
         if(store != null) {
             ret = .inherit(store.param);
         } else {
         }
         if(store != null) {
              = store.verifyCallback;
              = store.cleanup;
         } else {
              = ..;
         }
 
         if(ret != 0) {
             ret = .inherit(VerifyParameter.lookup("default"));
         }
 
         if(ret == 0) {
             X509Error.addError(.);
             return 0;
         }
 
         if(store != null && store.checkIssued != null && store.checkIssued != ..) {
             this. = store.checkIssued;
         } else {
             this. = ;
         }
 
         if(store != null && store.getIssuer != null && store.getIssuer != ..) {
             this. = store.getIssuer;
         } else {
             this. = new Store.GetIssuerFunction() {
                     public int call(Object arg1Object arg2Object arg3throws Exception {
                         return ((StoreContext)arg2).getFirstIssuer((X509AuxCertificate[])arg1,(X509AuxCertificate)arg3);
                     }
                 };
         }
 
         if(store != null && store.verifyCallback != null && store.verifyCallback != ..) {
             this. = store.verifyCallback;
         } else {
             this. = ;
         }
 
         if(store != null && store.verify != null && store.verify != ..) {
             this. = store.verify;
         } else {
             this. = ;
         }
 
         if(store != null && store.checkRevocation != null && store.checkRevocation != ..) {
             this. = store.checkRevocation;
         } else {
             this. = ;
         }
 
         if(store != null && store.getCRL != null && store.getCRL != ..) {
             this. = store.getCRL;
         } else {
             this. = ;
         }
 
         if(store != null && store.checkCRL != null && store.checkCRL != ..) {
             this. = store.checkCRL;
         } else {
             this. = ;
         }
 
         if(store != null && store.certificateCRL != null && store.certificateCRL != ..) {
             this. = store.certificateCRL;
         } else {
             this. = ;
         }
 
         this. = ;
 
         this. = new ArrayList<Object>();
         this..add(null);this..add(null);this..add(null);
         this..add(null);this..add(null);this..add(null);
         return 1;
     } 

    
c: X509_STORE_CTX_trusted_stack
 
     public void trustedStack(List<X509AuxCertificatesk) {
          = sk;
          = ;
     }

    
c: X509_STORE_CTX_cleanup
 
     public void cleanup() throws Exception {
         if( != null &&  != ..) {
             .call(this);
         }
          = null;
          = null;
          = null;
          = null;
     } 

    
c: find_issuer
 
         for(X509AuxCertificate issuer : sk) {
             if(.call(this,x,issuer) != 0) {
                 return issuer;
             }
         }
         return null;
     }

    
c: X509_STORE_CTX_set_ex_data
 
     public int setExtraData(int idx,Object data) { 
         .set(idx,data);
         return 1; 
     } 

    
c: X509_STORE_CTX_get_ex_data
 
     public Object getExtraData(int idx) { 
         return .get(idx); 
     }

    
c: X509_STORE_CTX_get_error
 
     public int getError() { 
         return ;
     }

    
c: X509_STORE_CTX_set_error
 
     public void setError(int s) {
         this. = s;
     } 

    
c: X509_STORE_CTX_get_error_depth
 
     public int getErrorDepth() { 
         return 
     } 

    
c: X509_STORE_CTX_get_current_cert
 
         return 
     }

    
c: X509_STORE_CTX_get_chain
 
     public List<X509AuxCertificategetChain() { 
         return 
     } 

    
c: X509_STORE_CTX_get1_chain
 
     public List<X509AuxCertificategetFirstChain() { 
         if(null == ) {
             return null;
         }
         return new ArrayList<X509AuxCertificate>(); 
     } 

    
c: X509_STORE_CTX_set_cert
 
     public void setCertificate(X509AuxCertificate x) {
         this. = x;
     }
 
     public void setCertificate(X509Certificate x) {
         this. = ensureAux(x);
     }

    
c: X509_STORE_CTX_set_chain
 
     public void setChain(List<X509Certificatesk) {
         this. = ensureAux(sk);
     }
 
     public void setChain(X509Certificate[] sk) {
         this. = ensureAux(sk);
     }

    
c: X509_STORE_CTX_set0_crls
 
     public void setCRLs(List<X509CRLsk) {
         this. = sk;
     } 

    
c: X509_STORE_CTX_set_purpose
 
     public int setPurpose(int purpose) { 
         return purposeInherit(0,purpose,0);
     }

    
c: X509_STORE_CTX_set_trust
 
     public int setTrust(int trust) { 
         return purposeInherit(0,0,trust);
     }
 
     private void resetSettingsToWithoutStore() {
          = null;
         this. = new VerifyParameter();
         this..inherit(VerifyParameter.lookup("default"));
         this. = ..;
         this. = ;
         this. = new Store.GetIssuerFunction() {
                 public int call(Object arg1Object arg2Object arg3throws Exception {
                     return ((StoreContext)arg2).getFirstIssuer((X509AuxCertificate[])arg1,(X509AuxCertificate)arg3);
                 }
             };
         this. = ;
         this. = ;
         this. = ;
         this. = ;
         this. = ;
         this. = ;
     }

    
c: SSL_CTX_load_verify_locations
 
     public int loadVerifyLocations(String CAfileString CApath) {
         boolean reset = false;
         try {
             if( == null) {
                 reset = true;
                  = new Store();
                 this..inherit(.);
                 .inherit(VerifyParameter.lookup("default"));
                 this. = .;
                 if(. != null && . != ..) {
                     this. = .;
                 }
                 if(. != null && . != ..) {
                     this. = .;
                 }
 
                 if(. != null && . != ..) {
                     this. = .;
                 }
 
                 if(. != null && . != ..) {
                     this. = .;
                 }
 
                 if(. != null && . != ..) {
                     this. = .;
                 }
 
                 if(. != null && . != ..) {
                     this. = .;
                 }
 
                 if(. != null && . != ..) {
                     this. = .;
                 }
 
                 if(. != null && . != ..) {
                     this. = .;
                 }
             }
 
             int ret = .loadLocations(CAfileCApath);
             if(ret == 0 && resetresetSettingsToWithoutStore();
 
             return ret;
         } catch(Exception e) {
             if(reset) {
                 resetSettingsToWithoutStore();
             }
             return 0;
         }
     }

    
c: X509_STORE_CTX_purpose_inherit
 
     public int purposeInherit(int defaultPurpose,int purposeint trust) { 
         int idx;
         if(purpose == 0) {
             purpose = defaultPurpose;
         }
         if(purpose != 0) {
             idx = Purpose.getByID(purpose);
             if(idx == -1) {
                 X509Error.addError(.);
                 return 0;
             }
             Purpose ptmp = Purpose.getFirst(idx);
             if(ptmp.trust == .) {
                 idx = Purpose.getByID(defaultPurpose);
                 if(idx == -1) {
                     X509Error.addError(.);
                     return 0;
                 }
                 ptmp = Purpose.getFirst(idx);
             }
             if(trust == 0) {
                 trust = ptmp.trust;
             }
         }
         if(trust != 0) {
             idx = Trust.getByID(trust);
             if(idx == -1) {
                 X509Error.addError(.);
                 return 0;
             }
         }
 
         if(purpose != 0 && . == 0) {
             . = purpose;
         }
         if(trust != 0 && . == 0) {
             . = trust;
         }
         return 1;
     } 

    
c: X509_STORE_CTX_set_flags
 
     public void setFlags(long flags) {
         .setFlags(flags);
     } 

    
c: X509_STORE_CTX_set_time
 
     public void setTime(long flags,Date t) {
         .setTime(t);
     } 

    
c: X509_STORE_CTX_set_verify_cb
 
     public void setVerifyCallback(Store.VerifyCallbackFunction verifyCallback) {
         this. = verifyCallback;
     } 

    
c: X509_STORE_CTX_get0_policy_tree
 
         return ;
     }

    
c: X509_STORE_CTX_get_explicit_policy
 
     public int getExplicitPolicy() { 
         return ;
     } 

    
c: X509_STORE_CTX_get0_param
 
     public VerifyParameter getParam() { 
         return 
     } 

    
c: X509_STORE_CTX_set0_param
 
     public void setParam(VerifyParameter param) {
         this. = param;
     } 

    
c: X509_STORE_CTX_set_default
 
     public int setDefault(String name) { 
         VerifyParameter p = VerifyParameter.lookup(name);
         if(p == null) {
             return 0;
         }
         return .inherit(p);
     }

    
c: X509_STORE_get_by_subject (it gets X509_STORE_CTX as the first parameter)
 
     public int getBySubject(int type,Name name,X509Object[] retthrows Exception {
         Store c = ;
 
         X509Object tmp = X509Object.retrieveBySubject(c.objs,type,name);
         if(tmp == null) {
             for(int i=i<c.certificateMethods.size(); i++) {
                 Lookup lu = c.certificateMethods.get(i);
                 X509Object[] stmp = new X509Object[1];
                 int j = lu.bySubject(type,name,stmp);
                 if(j<0) {
                      = i;
                     return j;
                 } else if(j>0) {
                     tmp = stmp[0];
                     break;
                 }
             }
              = 0;
             if(tmp == null) {
                 return 0;
             }
         }
         ret[0] = tmp;
         return 1;
     }

    
c: X509_verify_cert
 
     public int verifyCertificate() throws Exception {
         X509AuxCertificate x,xtmp=null,chain_ss = null;
         //X509_NAME xn;
         int bad_chain = 0;
         int depth,i,ok=0;
         int num;
         Store.VerifyCallbackFunction cb;
         List<X509AuxCertificatesktmp = null;
         if( == null) {
             X509Error.addError(.);
             return -1;
         }
         cb=;
 
         /* first we make sure the chain we are going to build is
          * present and that the first entry is in place */
 
         if(null == ) {
              = new ArrayList<X509AuxCertificate>();
             .add();
              = 1;
         }
 
         /* We use a temporary STACK so we can chop and hack at it */
 
         if( != null) {
             sktmp = new ArrayList<X509AuxCertificate>();
         }
         num = .size();
         x = .get(num-1);
         depth = .;
         for(;;) {
             if(depth < num) {
                 break;
             }
 
             if(.call(this,x,x) != 0) {
                 break;
             }
 
             if( != null) {
                 xtmp = findIssuer(sktmp,x);
                 if(xtmp != null) {
                     .add(xtmp);
                     sktmp.remove(xtmp);
                     ++;
                     x = xtmp;
                     num++;
                     continue;
                 }
             }
             break;
         }
 
         /* at this point, chain should contain a list of untrusted
          * certificates.  We now need to add at least one trusted one,
          * if possible, otherwise we complain. */
 
         /* Examine last certificate in chain and see if it
          * is self signed.
          */
 
         i = .size();
         x = .get(i-1);
         
         if(.call(this,x,x) != 0) {
             /* we have a self signed certificate */
             if(.size() == 1) {
                 /* We have a single self signed certificate: see if
                  * we can find it in the store. We must have an exact
                  * match to avoid possible impersonation.
                  */
                 X509AuxCertificate[] p_xtmp = new X509AuxCertificate[]{xtmp};
                 ok = .call(p_xtmp,this,x);
                 xtmp = p_xtmp[0];
                 if(ok <= 0 || !x.equals(xtmp)) {
                      = .;
                      = x;
                      = i-1;
                     bad_chain = 1;
                     ok = cb.call(new Integer(0),this);
                     if(ok == 0) {
                         return ok;
                     }
                 } else {
                     /* We have a match: replace certificate with store version
                      * so we get any trust settings.
                      */
                     x = xtmp;
                     .set(i-1,x);
                      = 0;
                 }
             } else {
                 /* extract and save self signed certificate for later use */
                 chain_ss = .remove(.size()-1);
                 --;
                 num--;
                 x = .get(num-1);
             }
         }
         /* We now lookup certs from the certificate store */
         for(;;) {
             /* If we have enough, we break */
             if(depth<num) {
                 break;
             }
             //xn = new X509_NAME(x.getIssuerX500Principal());
             /* If we are self signed, we break */
             if(.call(this,x,x) != 0) {
                 break;
             }
             X509AuxCertificate[] p_xtmp = new X509AuxCertificate[]{xtmp};
             ok = .call(p_xtmp,this,x);
             xtmp = p_xtmp[0];
             if(ok < 0) {
                 return ok;
             }
             if(ok == 0) {
                 break;
             }
             x = xtmp;
             .add(x);
             num++;
         }
         
         /* we now have our chain, lets check it... */
 
         //xn = new X509_NAME(x.getIssuerX500Principal());
         /* Is last certificate looked up self signed? */
         if(.call(this,x,x) == 0) {
             if(chain_ss == null || .call(this,x,chain_ss) == 0) {
                 if( >= num) {
                      = .;
                 } else {
                      = .;
                 }
                  = x;
             } else {
                 .add(chain_ss);
                 num++;
                  = num;
                  = chain_ss;
                  = .;
                 chain_ss = null;
             }
              = num-1;
             bad_chain = 1;
             ok = cb.call(new Integer(0),this);
             if(ok == 0) {
                 return ok;
             }
         }
 
         /* We have the chain complete: now we need to check its purpose */
         ok = checkChainExtensions();
         if(ok == 0) {
             return ok;
         }
 
         /* TODO: Check name constraints (from 1.0.0) */
 
         /* The chain extensions are OK: check trust */
         if(. > 0) {
             ok = checkTrust();
         }
         if(ok == 0) {
             return ok;
         }
 
         /* Check revocation status: we do this after copying parameters
          * because they may be needed for CRL signature verification.
          */
         ok = .call(this);
         if(ok == 0) {
             return ok;
         }
 
         /* At this point, we have a chain and need to verify it */
         if( != null &&  != ..) {
             ok = .call(this);
         } else {
             ok = .call(this);
         }
         if(ok == 0) {
             return ok;
         }
         
         /* TODO: RFC 3779 path validation, now that CRL check has been done (from 1.0.0) */
 
         /* If we get this far evaluate policies */
         if(bad_chain == 0 && (. & .) != 0) {
             ok = .call(this);
         }
         return ok;
     }
 
 
     private final static Set<StringCRITICAL_EXTENSIONS = new HashSet<String>();
     static {
         .add("2.16.840.1.113730.1.1"); // netscape cert type, NID 71
         .add("2.5.29.15"); // key usage, NID 83
         .add("2.5.29.17"); // subject alt name, NID 85
         .add("2.5.29.19"); // basic constraints, NID 87
         .add("2.5.29.37"); // ext key usage, NID 126
         .add("1.3.6.1.5.5.7.1.14"); // proxy cert info, NID 661
     }
 
     private static boolean supportsCriticalExtension(String oid) {
         return .contains(oid);
     }
 
     private static boolean unhandledCritical(X509Extension xx) {
         if(xx.getCriticalExtensionOIDs() == null || xx.getCriticalExtensionOIDs().size() == 0) {
             return false;
         }
         for(String ss : xx.getCriticalExtensionOIDs()) {
             if(!supportsCriticalExtension(ss)) {
                 return true;
             }
         }
         return false;
     }

    
c: check_chain_extensions
 
     public int checkChainExtensions() throws Exception {
         int ok=0, must_be_ca;
         X509AuxCertificate x;
         Store.VerifyCallbackFunction cb;
         int proxy_path_length = 0;
         int allow_proxy_certs = (. & .) != 0 ? 1 : 0;
         cb = ;
         must_be_ca = -1;
 
         try {
             if (System.getenv("OPENSSL_ALLOW_PROXY_CERTS") != null && !"false".equalsIgnoreCase(System.getenv("OPENSSL_ALLOW_PROXY_CERTS"))) {
                 allow_proxy_certs = 1;
             }
         } catch (Error e) {
             // just ignore if we can't use System.getenv
         }
 
         for(int i = 0; i<;i++) {
             int ret;
             x = .get(i);
             if((. & .) == 0 && unhandledCritical(x)) {
                  = .;
                  = i;
                  = x;
                 ok = cb.call(new Integer(0),this);
                 if(ok == 0) {
                     return ok;
                 }
             }
             if(allow_proxy_certs == 0 && x.getExtensionValue("1.3.6.1.5.5.7.1.14") != null) {
                  = .;
                  = i;
                  = x;
                 ok = cb.call(new Integer(0),this);
                 if(ok == 0) {
                     return ok;
                 }
             }
 
             ret = Purpose.checkCA(x);
             switch(must_be_ca) {
             case -1:
                 if((. & .) != 0 && ret != 1 && ret != 0) {
                     ret = 0;
                      = .;
                 } else {
                     ret = 1;
                 }
                 break;
             case 0:
                 if(ret != 0) {
                     ret = 0;
                      = .;
                 } else {
                     ret = 1;
                 }
                 break;
             default:
                 if(ret == 0 || ((. & .) != 0 && ret != 1)) {
                     ret = 0;
                      = .;
                 } else {
                     ret = 1;
                 }
                 break;
             }
             if(ret == 0) {
                  = i;
                  = x;
                 ok = cb.call(new Integer(0),this);
                 if(ok == 0) {
                     return ok;
                 }
             }
             if(. > 0) {
                 ret = Purpose.checkPurpose(x,.must_be_ca > 0 ? 1 : 0);
                 if(ret == 0 || ((. & .) != 0 && ret != 1)) {
                      = .;
                      = i;
                      = x;
                     ok = cb.call(new Integer(0),this);
                     if(ok == 0) {
                         return ok;
                     }
                 }
             }
 
             if(i > 1 && x.getBasicConstraints() != -1 && x.getBasicConstraints() != . && (i > (x.getBasicConstraints() + proxy_path_length + 1))) {
                  = .;
                  = i;
                  = x;
                 ok = cb.call(new Integer(0),this);
                 if(ok == 0) {
                     return ok;
                 }
             }
 
             if(x.getExtensionValue("1.3.6.1.5.5.7.1.14") != null) {
                 DERSequence pci = (DERSequence)new ASN1InputStream(x.getExtensionValue("1.3.6.1.5.5.7.1.14")).readObject();
                 if(pci.size() > 0 && pci.getObjectAt(0) instanceof DERInteger) {
                     int pcpathlen = ((DERInteger)pci.getObjectAt(0)).getValue().intValue();
                     if(i > pcpathlen) {
                          = .;
                          = i;
                          = x;
                         ok = cb.call(new Integer(0),this);
                         if(ok == 0) {
                             return ok;
                         }
                     }
                 }
                 proxy_path_length++;
                 must_be_ca = 0;
             } else {
                 must_be_ca = 1;
             }
         }
         return 1;
     }

    
c: X509_check_trust
 
     public int checkTrust() throws Exception {
         int i,ok;
        X509AuxCertificate x;
        Store.VerifyCallbackFunction cb;
        cb = ;
        i = .size()-1;
        x = .get(i);
        ok = Trust.checkTrust(x,.,0);
        if(ok == .) {
            return 1;
        }
         = 1;
         = x;
        if(ok == .) {
             = .;
        } else {
             = .;
        }
        return cb.call(new Integer(0),this);
    }

    
c: check_cert_time
    public int checkCertificateTime(X509AuxCertificate xthrows Exception {
        Date ptime = null;
        if((. & .) != 0) {
            ptime = this..;
        } else {
            ptime = Calendar.getInstance().getTime();
        }
        if(!x.getNotBefore().before(ptime)) {
             = .;
             = x;
            if(.call(new Integer(0),this) == 0) {
                return 0;
            }
        }
        if(!x.getNotAfter().after(ptime)) {
             = .;
             = x;
            if(.call(new Integer(0),this) == 0) {
                return 0;
            }
        }
        return 1;
    }

    
c: check_cert
    public int checkCertificate() throws Exception {
        X509CRL[] crl = new X509CRL[1];
        X509AuxCertificate x;
        int ok,cnum;
        cnum = ;
        x = .get(cnum);
         = x;
        ok = .call(this,crl,x);
        if(ok == 0) {
             = .;
            ok = .call(new Integer(0), this);
             = null;
            return ok;
        }
         = crl[0];
        ok = .call(thiscrl[0]);
        if(ok == 0) {
             = null;
            return ok;
        }
        ok = .call(this,crl[0],x);
         = null;
        return ok;
    }

    
c: check_crl_time
    public int checkCRLTime(X509CRL crlint notifythrows Exception {
         = crl;
        Date ptime = null;
        if((. & .) != 0) {
            ptime = this..;
        } else {
            ptime = Calendar.getInstance().getTime();
        }
        
        if(!crl.getThisUpdate().before(ptime)) {
            if(notify == 0 || .call(new Integer(0),this) == 0) {
                return 0;
            }
        }
        if(crl.getNextUpdate() != null && !crl.getNextUpdate().after(ptime)) {
            =.;
            if(notify == 0 || .call(new Integer(0),this) == 0) {
                return 0;
            }
        }
         = null;
        return 1;
    }

    
c: get_crl_sk
    public int getCRLStack(X509CRL[] pcrlName nmList<X509CRLcrlsthrows Exception { 
        X509CRL best_crl = null;
        if(null != crls) {
            for(X509CRL crl : crls) {
                if(!nm.isEqual(crl.getIssuerX500Principal())) {
                    continue;
                }
                if(checkCRLTime(crl,0) != 0) {
                    pcrl[0] = crl;
                    return 1;
                }
                best_crl = crl;
            }
        }
        if(best_crl != null) {
            pcrl[0] = best_crl;
        }
        return 0;