Package java.security.cert

Examples of java.security.cert.X509CRL

100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
        // Get number of last Delta CRL
        int number = createCrlSession.getLastCRLNumber(admin, ca.getSubjectDN(), true);
        log.debug("Last CRLNumber = " + number);
        byte[] crl = createCrlSession.getLastCRL(admin, ca.getSubjectDN(), true);
        assertNotNull("Could not get CRL", crl);
        X509CRL x509crl = CertTools.getCRLfromByteArray(crl);
        BigInteger num = CrlExtensions.getCrlNumber(x509crl);
        assertEquals(number, num.intValue());
        // Create a new CRL again to see that the number increases
        crlStoreSession.runDeltaCRL(admin, ca, -1, -1);
        int number1 = createCrlSession.getLastCRLNumber(admin, ca.getSubjectDN(), true);
        assertEquals(number + 1, number1);
        byte[] crl1 = createCrlSession.getLastCRL(admin, ca.getSubjectDN(), true);
        X509CRL x509crl1 = CertTools.getCRLfromByteArray(crl1);
        BigInteger num1 = CrlExtensions.getCrlNumber(x509crl1);
        assertEquals(number + 1, num1.intValue());
        // Now create a normal CRL and a deltaCRL again. CRLNUmber should now be
        // increased by two
        crlStoreSession.run(admin, ca);
        crlStoreSession.runDeltaCRL(admin, ca, -1, -1);
        int number2 = createCrlSession.getLastCRLNumber(admin, ca.getSubjectDN(), true);
        assertEquals(number1 + 2, number2);
        byte[] crl2 = createCrlSession.getLastCRL(admin, ca.getSubjectDN(), true);
        X509CRL x509crl2 = CertTools.getCRLfromByteArray(crl2);
        BigInteger num2 = CrlExtensions.getCrlNumber(x509crl2);
        assertEquals(number1 + 2, num2.intValue());
        log.trace("<test02LastDeltaCRL()");
    }
View Full Code Here
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
    public void test03CheckNumberofRevokedCerts() throws Exception {
        // check revoked certificates
        log.trace(">test03CheckNumberofRevokedCerts()");

        byte[] crl = createCrlSession.getLastCRL(admin, ca.getSubjectDN(), false);
        X509CRL x509crl = CertTools.getCRLfromByteArray(crl);
        // Get number of last CRL
        Collection<RevokedCertInfo> revfp = certificateStoreSession.listRevokedCertInfo(admin, ca.getSubjectDN(), x509crl.getThisUpdate().getTime());
        log.debug("Number of revoked certificates=" + revfp.size());
        crl = createCrlSession.getLastCRL(admin, ca.getSubjectDN(), true);
        assertNotNull("Could not get CRL", crl);

        x509crl = CertTools.getCRLfromByteArray(crl);
        Set<? extends X509CRLEntry> revset = x509crl.getRevokedCertificates();
        int revsize = 0;
        // This is probably 0
        if (revset != null) {
            revsize = revset.size();
            assertEquals(revfp.size(), revsize);
        }

        // Do some revoke
        X509Certificate cert = createUserAndCert();
        certificateStoreSession.revokeCertificate(admin, cert, null, RevokedCertInfo.REVOCATION_REASON_CERTIFICATEHOLD, null);
        // Sleep 1 second so we don't issue the next CRL at the exact same time
        // as the revocation
        Thread.sleep(1000);
        // Create a new CRL again...
        crl = crlStoreSession.runDeltaCRL(admin, ca, -1, -1);
        // Check that our newly signed certificate is present in a new CRL
        // crl = storeremote.getLastCRL(admin, cadn, true);
        assertNotNull("Could not get CRL", crl);
        x509crl = CertTools.getCRLfromByteArray(crl);
        revset = x509crl.getRevokedCertificates();
        assertNotNull("revset can not be null", revset);
        assertEquals(revsize + 1, revset.size());

        log.trace("<test03CheckNumberofRevokedCerts()");
    }
View Full Code Here
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
        // Create a new CRL again...
        crlStoreSession.run(admin, ca);
        // Check that our newly signed certificate is not present in a new CRL
        byte[] crl = createCrlSession.getLastCRL(admin, ca.getSubjectDN(), false);
        assertNotNull("Could not get CRL", crl);
        X509CRL x509crl = CertTools.getCRLfromByteArray(crl);
        Set<? extends X509CRLEntry> revset = x509crl.getRevokedCertificates();
        if (revset != null) {
            Iterator<? extends X509CRLEntry> iter = revset.iterator();
            while (iter.hasNext()) {
                X509CRLEntry ce = iter.next();
                assertTrue(ce.getSerialNumber().compareTo(cert.getSerialNumber()) != 0);
            }
        } // If no revoked certificates exist at all, this test passed...

        certificateStoreSession.revokeCertificate(admin, cert, null, RevokedCertInfo.REVOCATION_REASON_CERTIFICATEHOLD, null);
        // Sleep 1 second so we don't issue the next CRL at the exact same time
        // as the revocation
        Thread.sleep(1000);
        // Create a new delta CRL again...
        crl = crlStoreSession.runDeltaCRL(admin, ca, -1, -1);
        // Check that our newly signed certificate IS present in a new Delta CRL
        // crl = storeremote.getLastCRL(admin, cadn, true);
        assertNotNull("Could not get CRL", crl);
        x509crl = CertTools.getCRLfromByteArray(crl);
        revset = x509crl.getRevokedCertificates();
        assertNotNull("revset can not be null", revset);
        Iterator<? extends X509CRLEntry> iter = revset.iterator();
        boolean found = false;
        while (iter.hasNext()) {
            X509CRLEntry ce = iter.next();
            if (ce.getSerialNumber().compareTo(cert.getSerialNumber()) == 0) {
                found = true;
                // TODO: verify the reason code
            }
        }
        assertTrue(found);

        // Unrevoke the certificate that we just revoked
        certificateStoreSession.revokeCertificate(admin, cert, null, RevokedCertInfo.NOT_REVOKED, null);
        // Create a new Delta CRL again...
        crlStoreSession.runDeltaCRL(admin, ca, -1, -1);
        // Check that our newly signed certificate IS NOT present in the new
        // CRL.
        crl = createCrlSession.getLastCRL(admin, ca.getSubjectDN(), true);
        assertNotNull("Could not get CRL", crl);
        x509crl = CertTools.getCRLfromByteArray(crl);
        revset = x509crl.getRevokedCertificates();
        if (revset != null) {
            iter = revset.iterator();
            found = false;
            while (iter.hasNext()) {
                X509CRLEntry ce = (X509CRLEntry) iter.next();
                if (ce.getSerialNumber().compareTo(cert.getSerialNumber()) == 0) {
                    found = true;
                }
            }
            assertFalse(found);
        } // If no revoked certificates exist at all, this test passed...

        // Check that when we revoke a certificate it will be present on the
        // delta CRL
        // When we create a new full CRL it will be present there, and not on
        // the next delta CRL
        certificateStoreSession.revokeCertificate(admin, cert, null, RevokedCertInfo.REVOCATION_REASON_CACOMPROMISE, null);
        // Sleep 1 second so we don't issue the next CRL at the exact same time
        // as the revocation
        Thread.sleep(1000);
        // Create a new delta CRL again...
        crl = crlStoreSession.runDeltaCRL(admin, ca, -1, -1);
        // Check that our newly signed certificate IS present in a new Delta CRL
        // crl = storeremote.getLastCRL(admin, cadn, true);
        assertNotNull("Could not get CRL", crl);
        x509crl = CertTools.getCRLfromByteArray(crl);
        revset = x509crl.getRevokedCertificates();
        assertNotNull(revset);
        iter = revset.iterator();
        found = false;
        // log.debug(x509crl.getThisUpdate());
        while (iter.hasNext()) {
            X509CRLEntry ce = (X509CRLEntry) iter.next();
            // log.debug(ce);
            if (ce.getSerialNumber().compareTo(cert.getSerialNumber()) == 0) {
                found = true;
                // TODO: verify the reason code
            }
        }
        assertTrue(found);

        // Sleep 1 second so we don't issue the next CRL at the exact same time
        // as the revocation
        Thread.sleep(1000);
        // Create a new Full CRL
        crlStoreSession.run(admin, ca);
        // Check that our newly signed certificate IS present in a new Full CRL
        crl = createCrlSession.getLastCRL(admin, ca.getSubjectDN(), false);
        assertNotNull("Could not get CRL", crl);
        x509crl = CertTools.getCRLfromByteArray(crl);
        revset = x509crl.getRevokedCertificates();
        assertNotNull(revset);
        iter = revset.iterator();
        found = false;
        // log.debug(x509crl.getThisUpdate());
        // log.debug(x509crl.getThisUpdate().getTime());
        while (iter.hasNext()) {
            X509CRLEntry ce = (X509CRLEntry) iter.next();
            // log.debug(ce);
            if (ce.getSerialNumber().compareTo(cert.getSerialNumber()) == 0) {
                found = true;
                // TODO: verify the reason code
            }
        }
        assertTrue(found);

        // Sleep 1 second so we don't issue the next CRL at the exact same time
        // as the revocation
        Thread.sleep(1000);
        // Create a new Delta CRL again...
        crlStoreSession.runDeltaCRL(admin, ca, -1, -1);
        // Check that our newly signed certificate IS NOT present in the new
        // Delta CRL.
        crl = createCrlSession.getLastCRL(admin, ca.getSubjectDN(), true);
        assertNotNull("Could not get CRL", crl);
        x509crl = CertTools.getCRLfromByteArray(crl);
        revset = x509crl.getRevokedCertificates();
        // log.debug(x509crl.getThisUpdate());
        if (revset != null) {
            iter = revset.iterator();
            found = false;
            while (iter.hasNext()) {
View Full Code Here
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
        }
        if (command.equalsIgnoreCase(COMMAND_CRL) && issuerdn != null) {
            try {
                Admin admin = ejbcawebbean.getAdminObject();
                byte[] crl = crlSession.getLastCRL(admin, issuerdn, false);
                X509CRL x509crl = CertTools.getCRLfromByteArray(crl);
                String dn = CertTools.getIssuerDN(x509crl);
            String basename = getBaseFileName(dn);
                String filename = basename+".crl";
                // We must remove cache headers for IE
                ServletUtils.removeCacheHeaders(res);
                res.setHeader("Content-disposition", "attachment; filename=" +  filename);
                res.setContentType("application/pkix-crl");
                res.setContentLength(crl.length);
                res.getOutputStream().write(crl);
                String iMsg = intres.getLocalizedMessage("certreq.sentlatestcrl", remoteAddr);
                log.info(iMsg);
            } catch (Exception e) {
                String errMsg = intres.getLocalizedMessage("certreq.errorsendcrl", remoteAddr, e.getMessage());
                log.error(errMsg, e);
                res.sendError(HttpServletResponse.SC_NOT_FOUND, errMsg);
                return;
            }
        }
        if (command.equalsIgnoreCase(COMMAND_DELTACRL) && issuerdn != null) {
          try {
            Admin admin = ejbcawebbean.getAdminObject();
            byte[] crl = crlSession.getLastCRL(admin, issuerdn, true);
            X509CRL x509crl = CertTools.getCRLfromByteArray(crl);
            String dn = CertTools.getIssuerDN(x509crl);
            String basename = getBaseFileName(dn);
            String filename = basename+"_delta.crl";
            // We must remove cache headers for IE
            ServletUtils.removeCacheHeaders(res);
View Full Code Here
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
                  StressTest.this.performanceTest.getLog().error("CRLS should be 1: "+crls.size());
                  return false;
                }
                final Iterator<?> it = crls.iterator();
                // CRL is first (and only)
                final X509CRL retCrl = (X509CRL)it.next();
                //System.out.println("Got CRL with DN: "+ retCrl.getIssuerDN().getName());
                //                        try {
                //                            FileOutputStream fos = new FileOutputStream("sceptest.der");
                //                            fos.write(retCrl.getEncoded());
                //                            fos.close();
                //                        } catch (Exception e) {}
                // check the returned CRL
                if ( !StringUtils.equals(this.sessionData.certchain[1].getSubjectDN().getName(), retCrl.getIssuerDN().getName()) ) {
                  StressTest.this.performanceTest.getLog().error("CRL issuerDN should be "+this.sessionData.certchain[1].getSubjectDN().getName()+" but was: "+retCrl.getIssuerDN().getName());
                  return false;
                }
                retCrl.verify(this.sessionData.certchain[1].getPublicKey());
                return true;
              }
              // We got a reply with a requested certificate
              final Collection<?> certs = certstore.getCertificates(null);
              //System.out.println("Got certificate reply with certchain of length: "+certs.size());
View Full Code Here
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
                // We got a reply with a requested CRL
                final Collection<X509CRL> crls = (Collection<X509CRL>) certstore.getCRLs(null);
                assertEquals(crls.size(), 1);
                final Iterator<X509CRL> it = crls.iterator();
                // CRL is first (and only)
                final X509CRL retCrl = it.next();
                log.info("Got CRL with DN: " + retCrl.getIssuerDN().getName());

                // check the returned CRL
                assertEquals(cacert.getSubjectDN().getName(), retCrl.getIssuerDN().getName());
                retCrl.verify(cacert.getPublicKey());
            } else {
                // We got a reply with a requested certificate
                final Collection<X509Certificate> certs = (Collection<X509Certificate>) certstore.getCertificates(null);
                // EJBCA returns the issued cert and the CA cert (cisco vpn
                // client requires that the ca cert is included)
View Full Code Here
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
            if (crlRep) {
                // We got a reply with a requested CRL
                Collection crls = certstore.getCRLs(null);
                assertEquals(crls.size(), 1);
                it = crls.iterator();
                X509CRL retCrl = null;
                // CRL is first (and only)
                retCrl = (X509CRL)it.next();
                log.info("Got CRL with DN: "+ retCrl.getIssuerDN().getName());
//                try {
//                    FileOutputStream fos = new FileOutputStream("sceptest.der");
//                    fos.write(retCrl.getEncoded());
//                    fos.close();
//                } catch (Exception e) {}
                // check the returned CRL
                assertEquals(cacert.getSubjectDN().getName(), retCrl.getIssuerDN().getName());
                retCrl.verify(cacert.getPublicKey());
            } else {
                // We got a reply with a requested certificate
                Collection certs = certstore.getCertificates(null);
                log.info("Got certificate reply with certchain of length: "+certs.size());
                // EJBCA returns the issued cert and the CA cert (cisco vpn client requires that the ca cert is included)
View Full Code Here
337
338
339
340
341
342
343
344
345
346
347
        try {
            crls = new ArrayList<CRL>();
            for (int k = 0; k < seq.size(); ++k) {
                ByteArrayInputStream ar = new ByteArrayInputStream(seq.getObjectAt(k).getDERObject().getDEREncoded());
                CertificateFactory cf = CertificateFactory.getInstance("X.509");
                X509CRL crl = (X509CRL)cf.generateCRL(ar);
                crls.add(crl);
            }
        }
        catch (Exception ex) {
            // ignore
View Full Code Here
451
452
453
454
455
456
457
458
459
460
461
462
463
464
    final String dn;
    final String crldn;
    final boolean isDeltaCRL;
    try {
      // Extract the users DN from the crl. Use the least number of encodings...
      final X509CRL crl = CertTools.getCRLfromByteArray(incrl);
      crldn = CertTools.stringToBCDNString(crl.getIssuerDN().toString());
      // Is it a delta CRL?
      if (crl.getExtensionValue(X509Extensions.DeltaCRLIndicator.getId()) != null) {
        isDeltaCRL = true;
      } else {
        isDeltaCRL = false;
      }
      // Construct the DN used for the LDAP object entry
View Full Code Here
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
   * Method to lazy create the fake CRL.
   */
  protected byte[] getFakeCRL(){
    byte[] fakecrl = null;
    try {
      X509CRL crl = CertTools.getCRLfromByteArray(fakecrlbytes);
      fakecrl = crl.getEncoded();
    } catch (CRLException e) {}
    return fakecrl;
  }
View Full Code Here
TOP

Related Classes of java.security.cert.X509CRL

  • br.net.woodstock.rockframework.security.cert.impl.BouncyCastleCRLGenerator
  • br.net.woodstock.rockframework.security.cert.impl.CRLCertificateValidator
  • br.net.woodstock.rockframework.security.cert.impl.CRLCertificateVerifier
  • CertUtils
  • com.gitblit.GitblitTrustManager
  • com.gitblit.utils.X509Utils
  • com.itextpdf.text.pdf.PdfPKCS7
  • com.itextpdf.text.pdf.security.LtvVerifier
  • com.itextpdf.text.pdf.security.PdfPKCS7
  • de.innovationgate.webgate.api.WGDatabase
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.