Examples of java.security.cert.X509CRL

java.security.cert.X509CRL

etf.org/rfc/rfc3280.txt">RFC 3280: Internet X.509 Public Key Infrastructure Certificate and CRL Profile.

The ASN.1 definition of {@code tbsCertList} is:

 TBSCertList  ::=  SEQUENCE  { version                 Version OPTIONAL, -- if present, must be v2 signature               AlgorithmIdentifier, issuer                  Name, thisUpdate              ChoiceOfTime, nextUpdate              ChoiceOfTime OPTIONAL, revokedCertificates     SEQUENCE OF SEQUENCE  { userCertificate         CertificateSerialNumber, revocationDate          ChoiceOfTime, crlEntryExtensions      Extensions OPTIONAL -- if present, must be v2 }  OPTIONAL, crlExtensions           [0]  EXPLICIT Extensions OPTIONAL -- if present, must be v2 }

CRLs are instantiated using a certificate factory. The following is an example of how to instantiate an X.509 CRL:

 {@code}try (InputStream inStream = new FileInputStream("fileName-of-crl"))  CertificateFactory cf = CertificateFactory.getInstance("X.509"); X509CRL crl = (X509CRL)cf.generateCRL(inStream); } }

@author Hemma Prafullchandra @see CRL @see CertificateFactory @see X509Extension

                }


            }
      }


        X509CRL crl;
        crl = crlgen.generate(getCAToken().getPrivateKey(SecConst.CAKEYPURPOSE_CRLSIGN),getCAToken().getProvider());
        // Verify before sending back
        crl.verify(getCAToken().getPublicKey(SecConst.CAKEYPURPOSE_CRLSIGN));


        return crl;        
    }

View Full Code Here

    private final String fingerprint;
    private final long thisUpdate;
    private final long nextUpdate;
    StoreCRLPreparer(byte[] incrl, String cafp, int number) throws PublisherException{
      super();
      final X509CRL crl;
      try {
        crl = CertTools.getCRLfromByteArray(incrl);
        // Is it a delta CRL?
        this.deltaCRLIndicator = crl.getExtensionValue(X509Extensions.DeltaCRLIndicator.getId())!=null ? 1 : -1;
        this.issuerDN = new X509Principal(crl.getIssuerX500Principal().getEncoded()).getName();// getName() the BC way
        this.cRLNumber = number;
        this.cAFingerprint = cafp;
        this.base64Crl = new String(Base64.encode(incrl));
        this.fingerprint = CertTools.getFingerprintAsString(incrl);
        this.thisUpdate = crl.getThisUpdate().getTime();
        this.nextUpdate = crl.getNextUpdate().getTime();
        if (log.isDebugEnabled()) {
          log.debug("Publishing CRL with fingerprint "+this.fingerprint+", number "+number+" to external CRL store for the CA "+this.issuerDN+(this.deltaCRLIndicator>0 ? ". It is a delta CRL." : "."));
        }
      } catch (Exception e) {
        String msg = intres.getLocalizedMessage("publisher.errorldapdecode", "CRL");

View Full Code Here

        }


        List additionalArguments = new ArrayList();


        if (calclulateDeltaCrlLocally) {
            X509CRL crl;
            try {
                crl = CertTools.getCRLfromByteArray(incrl);
                additionalArguments.add(Boolean.toString(crl.getExtensionValue(X509Extensions.DeltaCRLIndicator.getId()) != null));
            } catch (CRLException e) {
                log.error("Byte array does not contain a correct CRL.", e);
            }


        }

View Full Code Here

            crlLocation = crlLocation.trim();
            InputStream is = loadInputStream(loader, crlLocation);


            try {
                CertificateFactory cf = getCertificateFactory();
                X509CRL crl = (X509CRL)cf.generateCRL(is);
                
                if (provider == null || provider.length() == 0) {
                    crlCertStore = 
                        CertStore.getInstance(
                            "Collection",

View Full Code Here

    
    public static void verifyCertificateCRLs(X509Certificate cert) throws CertificateVerificationException {
        try {
            List<String> crlDistPoints = getCrlDistributionPoints(cert);
            for (String crlDP : crlDistPoints) {
                X509CRL crl = downloadCRL(crlDP);
                if (crl.isRevoked(cert)) {
                    throw new CertificateVerificationException(
                            "The certificate is revoked by CRL: " + crlDP);
                }
            }
        } catch (Exception ex) {

View Full Code Here

                    Messages.getString("security.152")); //$NON-NLS-1$
        }
        synchronized (CRL_CACHE) {
            long hash = CRL_CACHE.getHash(encoding);
            if (CRL_CACHE.contains(hash)) {
                X509CRL res = (X509CRL) CRL_CACHE.get(hash, encoding);
                if (res != null) {
                    return res;
                }
            }
            X509CRL res = new X509CRLImpl(encoding);
            CRL_CACHE.put(hash, encoding, res);
            return res;
        }
    }

View Full Code Here

                }
                res = new X509CRLImpl(encoding);
                CRL_CACHE.put(hash, encoding, res);
                return res;
            } else {
                X509CRL res = new X509CRLImpl(inStream);
                CRL_CACHE.put(hash, res.getEncoded(), res);
                return res;
            }
        }
    }

View Full Code Here

        signatureVerificationWSSCrypto.setKeyStore(keyStore);
    }
    
    public void loadCRLCertStore(URL url) throws Exception {
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        X509CRL crl = (X509CRL)cf.generateCRL(url.openStream());
        this.crlCertStore =
            CertStore.getInstance(
                "Collection",
                new CollectionCertStoreParameters(Collections.singletonList(crl))
            );

View Full Code Here

            throw new IllegalArgumentException("Certificate cannot be null.");
        }
        if (log.isDebugEnabled()) {
          log.debug("Evaluating certificate revocation status for " + CertUtils.toString(cert));
        }
        final X509CRL crl = getCRL(cert);
        if (crl == null) {
            log.warn("CRL data is not available for " + CertUtils.toString(cert));
            this.unavailableCRLPolicy.apply(null);
            return;
        }
        if (CertUtils.isExpired(crl)) {
            log.warn("CRL data expired on " + crl.getNextUpdate());
            this.expiredCRLPolicy.apply(crl);
        }
        final X509CRLEntry entry = crl.getRevokedCertificate(cert);
        if (entry != null) {
            throw new RevokedCertificateException(entry);
        }
    }

View Full Code Here

                return (X509CRL) item.getObjectValue();
            }
        }


        // Try all distribution points and stop at first fetch that succeeds
        X509CRL crl = null;
        for (int i = 0; i < urls.length && crl == null; i++) {
           this.log.info("Attempting to fetch CRL at " + urls[i]);
           try {
               crl = CertUtils.fetchCRL(new UrlResource(urls[i]));
               this.log.info("Success. Caching fetched CRL.");

View Full Code Here

0 1 2 3 4 5 6 7 8 9

TOP

Related Classes of java.security.cert.X509CRL

br.net.woodstock.rockframework.security.cert.impl.BouncyCastleCRLGenerator

br.net.woodstock.rockframework.security.cert.impl.CRLCertificateValidator

br.net.woodstock.rockframework.security.cert.impl.CRLCertificateVerifier

CertUtils

com.gitblit.GitblitTrustManager

com.gitblit.utils.X509Utils

com.itextpdf.text.pdf.PdfPKCS7

com.itextpdf.text.pdf.security.LtvVerifier

com.itextpdf.text.pdf.security.PdfPKCS7

de.innovationgate.webgate.api.WGDatabase

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.