Examples of java.security.cert.X509CRL

java.security.cert.X509CRL

etf.org/rfc/rfc3280.txt">RFC 3280: Internet X.509 Public Key Infrastructure Certificate and CRL Profile.

The ASN.1 definition of {@code tbsCertList} is:

 TBSCertList  ::=  SEQUENCE  { version                 Version OPTIONAL, -- if present, must be v2 signature               AlgorithmIdentifier, issuer                  Name, thisUpdate              ChoiceOfTime, nextUpdate              ChoiceOfTime OPTIONAL, revokedCertificates     SEQUENCE OF SEQUENCE  { userCertificate         CertificateSerialNumber, revocationDate          ChoiceOfTime, crlEntryExtensions      Extensions OPTIONAL -- if present, must be v2 }  OPTIONAL, crlExtensions           [0]  EXPLICIT Extensions OPTIONAL -- if present, must be v2 }

CRLs are instantiated using a certificate factory. The following is an example of how to instantiate an X.509 CRL:

 {@code}try (InputStream inStream = new FileInputStream("fileName-of-crl"))  CertificateFactory cf = CertificateFactory.getInstance("X.509"); X509CRL crl = (X509CRL)cf.generateCRL(inStream); } }

@author Hemma Prafullchandra @see CRL @see CertificateFactory @see X509Extension

            try {
                if (crlFile.isDirectory()) {
                    continue;
                }
                if (crlFile.getParent().endsWith(CRLS_PATH)) {
                    X509CRL crl = readCRL(crlFile);
                    results.add(crl);
                }
            } catch (Exception e) {
                LOG.warn(String.format("Cannot load CRL from file: %s. Error: %s", crlFile,
                                       e.getMessage()));

View Full Code Here

        try {
            crls = new ArrayList<CRL>();
            for (int k = 0; k < seq.size(); ++k) {
                ByteArrayInputStream ar = new ByteArrayInputStream(seq.getObjectAt(k).toASN1Primitive().getEncoded(ASN1Encoding.DER));
                CertificateFactory cf = CertificateFactory.getInstance("X.509");
                X509CRL crl = (X509CRL)cf.generateCRL(ar);
                crls.add(crl);
            }
        }
        catch (Exception ex) {
            // ignore

View Full Code Here

    if (crlarray == null)
      return crls;
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    for (int i = 0; i < crlarray.size(); i++) {
      PRStream stream = (PRStream) crlarray.getAsStream(i);
      X509CRL crl = (X509CRL)cf.generateCRL(new ByteArrayInputStream(PdfReader.getStreamBytes(stream)));
      crls.add(crl);
    }
    return crls;
  }

View Full Code Here

  //
  // Public methods used to help us manage CRLs
  //
  @Transient
  public X509CRL getCRL() {
    X509CRL crl = null;
    try {
      String b64Crl = getBase64Crl();
      crl = CertTools.getCRLfromByteArray(Base64.decode(b64Crl.getBytes()));
    } catch (CRLException ce) {
      log.error("Can't decode CRL.", ce);

View Full Code Here

      log.trace(">getLastCRL(" + issuerdn + ", "+deltaCRL+")");
    }
    int maxnumber = 0;
    try {
      maxnumber = getLastCRLNumber(admin, issuerdn, deltaCRL);
      X509CRL crl = null;
      CRLData data = CRLData.findByIssuerDNAndCRLNumber(getEntityManager(), issuerdn, maxnumber);
      if (data != null) {
        crl = data.getCRL();
      }
      if (crl != null) {
        String msg = intres.getLocalizedMessage("store.getcrl", issuerdn, Integer.valueOf(maxnumber));              
        log(admin, crl.getIssuerDN().toString().hashCode(), LogConstants.MODULE_CA, new java.util.Date(), null, null, LogConstants.EVENT_INFO_GETLASTCRL, msg);
        return crl.getEncoded();
      }
    } catch (Exception e) {
      String msg = intres.getLocalizedMessage("store.errorgetcrl", issuerdn);              
      log(admin, admin.getCaId(), LogConstants.MODULE_CA, new java.util.Date(), null, null, LogConstants.EVENT_ERROR_GETLASTCRL, msg);
      throw new EJBException(e);

View Full Code Here

        log.trace(">getIssuerDN(crl)");
      }*/
        String dn = null;
        try {
            CertificateFactory cf = CertTools.getCertificateFactory();
            X509CRL x509crl = (X509CRL) cf.generateCRL(new ByteArrayInputStream(crl.getEncoded()));
            //log.debug("Created certificate of class: " + x509crl.getClass().getName());
            dn = x509crl.getIssuerDN().toString();
        } catch (CRLException ce) {
            log.error("CRLException: ", ce);
            return null;
        }
        /*if (log.isTraceEnabled()) {

View Full Code Here

     */
    public static X509CRL getCRLfromByteArray(byte[] crl)
        throws CRLException {
        log.trace(">getCRLfromByteArray");
        CertificateFactory cf = CertTools.getCertificateFactory();
        X509CRL x509crl = (X509CRL) cf.generateCRL(new ByteArrayInputStream(crl));
        log.trace("<getCRLfromByteArray");


        return x509crl;
    } // getCRLfromByteArray

View Full Code Here

            if ( (ca.getStatus() != SecConst.CA_ACTIVE) && (ca.getStatus() != SecConst.CA_WAITING_CERTIFICATE_RESPONSE) ) {
                String msg = intres.getLocalizedMessage("signsession.canotactive", ca.getSubjectDN());
                logSession.log(admin, ca.getCAId(), LogConstants.MODULE_CA, new java.util.Date(), null, null, LogConstants.EVENT_ERROR_CREATECERTIFICATE, msg);
                throw new CATokenOfflineException(msg);
            }
            final X509CRL crl;
            final String certSubjectDN = CertTools.getSubjectDN(ca.getCACertificate());
            int fullnumber = crlSession.getLastCRLNumber(admin, certSubjectDN, false);
            int deltanumber = crlSession.getLastCRLNumber(admin, certSubjectDN, true);
            // nextCrlNumber: The highest number of last CRL (full or delta) and increased by 1 (both full CRLs and deltaCRLs share the same series of CRL Number)
            int nextCrlNumber = ( (fullnumber > deltanumber) ? fullnumber : deltanumber ) +1; 
            boolean deltaCRL = (basecrlnumber > -1);
            if (deltaCRL) {
                // Workaround if transaction handling fails so that crlNumber for deltaCRL would happen to be the same
                if (nextCrlNumber == basecrlnumber) {
                        nextCrlNumber++;
                }
                crl = (X509CRL) ca.generateDeltaCRL(certs, nextCrlNumber, basecrlnumber);       
            } else {
                crl = (X509CRL) ca.generateCRL(certs, nextCrlNumber);
            }
            if (crl != null) {
                String msg = intres.getLocalizedMessage("signsession.createdcrl", Integer.valueOf(nextCrlNumber), ca.getName(), ca.getSubjectDN());
                logSession.log(admin, ca.getCAId(), LogConstants.MODULE_CA, new java.util.Date(), null, null, LogConstants.EVENT_INFO_CREATECRL, msg);


                // Store CRL in the database
                String fingerprint = CertTools.getFingerprintAsString(ca.getCACertificate());
                crlBytes = crl.getEncoded();                    
                if (log.isDebugEnabled()) {
                        log.debug("Storing CRL in certificate store.");
                }
                crlSession.storeCRL(admin, crlBytes, fingerprint, nextCrlNumber, crl.getIssuerDN().getName(), crl.getThisUpdate(), crl.getNextUpdate(), (deltaCRL ? 1 : -1));
                // Store crl in ca CRL publishers.
                log.debug("Storing CRL in publishers");
                this.publisherSession.storeCRL(admin, ca.getCRLPublishers(), crlBytes, fingerprint, nextCrlNumber, ca.getSubjectDN());
            }
        } catch (CATokenOfflineException ctoe) {

View Full Code Here

                                }
                                certs.add(ci);
                        }
                        // create a delta CRL
                        crlBytes = createCRL(admin, ca, certs, baseCrlNumber);
                        X509CRL crl = CertTools.getCRLfromByteArray(crlBytes);
                                if (log.isDebugEnabled()) {
                                        log.debug("Created delta CRL with expire date: "+crl.getNextUpdate());
                                }
                }
        } catch (CATokenOfflineException e) {
            throw e;            
        } catch (Exception e) {

View Full Code Here

              fos.close();
            }            
          }
          if(next2.getName().getLocalPart().equals("X509CRL")){          
            byte[] encoded = (byte[]) next2.getValue();
            X509CRL nextCRL = CertTools.getCRLfromByteArray(encoded);


            getPrintStream().println("  Found CRLissued by " + CertTools.getIssuerDN(nextCRL));
            if(pEMEncoding){
              filename = outputPath  + CertTools.getPartFromDN(CertTools.getIssuerDN(nextCRL), "CN") + "-crl.pem";
              FileOutputStream fos = new FileOutputStream(filename);
              fos.write("-----BEGIN X509 CRL-----\n".getBytes());
              fos.write(Base64.encode(nextCRL.getEncoded(), true));
              fos.write("\n-----END X509 CRL-----\n".getBytes());            
              fos.close();            
            }else{
              filename = outputPath  + CertTools.getPartFromDN(CertTools.getIssuerDN(nextCRL), "CN") + ".crl";
              FileOutputStream fos = new FileOutputStream(filename);
              fos.write(nextCRL.getEncoded());
              fos.close();
            }
          }
          getPrintStream().println("  Written to : " + filename + "\n");
        }

View Full Code Here

0 1 2 3 4 5 6 7 8 9

TOP

Related Classes of java.security.cert.X509CRL

br.net.woodstock.rockframework.security.cert.impl.BouncyCastleCRLGenerator

br.net.woodstock.rockframework.security.cert.impl.CRLCertificateValidator

br.net.woodstock.rockframework.security.cert.impl.CRLCertificateVerifier

CertUtils

com.gitblit.GitblitTrustManager

com.gitblit.utils.X509Utils

com.itextpdf.text.pdf.PdfPKCS7

com.itextpdf.text.pdf.security.LtvVerifier

com.itextpdf.text.pdf.security.PdfPKCS7

de.innovationgate.webgate.api.WGDatabase

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.