Examples of java.security.cert.X509CRL

java.security.cert.X509CRL

etf.org/rfc/rfc3280.txt">RFC 3280: Internet X.509 Public Key Infrastructure Certificate and CRL Profile.

The ASN.1 definition of {@code tbsCertList} is:

 TBSCertList  ::=  SEQUENCE  { version                 Version OPTIONAL, -- if present, must be v2 signature               AlgorithmIdentifier, issuer                  Name, thisUpdate              ChoiceOfTime, nextUpdate              ChoiceOfTime OPTIONAL, revokedCertificates     SEQUENCE OF SEQUENCE  { userCertificate         CertificateSerialNumber, revocationDate          ChoiceOfTime, crlEntryExtensions      Extensions OPTIONAL -- if present, must be v2 }  OPTIONAL, crlExtensions           [0]  EXPLICIT Extensions OPTIONAL -- if present, must be v2 }

CRLs are instantiated using a certificate factory. The following is an example of how to instantiate an X.509 CRL:

 {@code}try (InputStream inStream = new FileInputStream("fileName-of-crl"))  CertificateFactory cf = CertificateFactory.getInstance("X.509"); X509CRL crl = (X509CRL)cf.generateCRL(inStream); } }

@author Hemma Prafullchandra @see CRL @see CertificateFactory @see X509Extension

            Log.debug("ClientTrustManager: Updating CRLs");
            useCRLs = false;
            try {
                CertificateFactory cf = CertificateFactory.getInstance("X.509");;


                X509CRL crl;


                FileInputStream crlStream = new FileInputStream(crlFile);
                BufferedInputStream crlBuffer = new BufferedInputStream(crlStream);
                
                crls.clear(); //remove existing CRLs
                while (crlBuffer.available() > 0) {
                    crl = (X509CRL)cf.generateCRL(crlBuffer);
                    Log.debug("ClientTrustManager: adding CRL for "+crl.getIssuerDN());
                    crls.add(crl);
                }
                useCRLs = true;
            }
            catch(FileNotFoundException e) {

View Full Code Here

        try {
            crls = new ArrayList<CRL>();
            for (int k = 0; k < seq.size(); ++k) {
                ByteArrayInputStream ar = new ByteArrayInputStream(seq.getObjectAt(k).toASN1Primitive().getEncoded(ASN1Encoding.DER));
                CertificateFactory cf = CertificateFactory.getInstance("X.509");
                X509CRL crl = (X509CRL)cf.generateCRL(ar);
                crls.add(crl);
            }
        }
        catch (Exception ex) {
            // ignore

View Full Code Here

    if (crlarray == null)
      return crls;
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    for (int i = 0; i < crlarray.size(); i++) {
      PRStream stream = (PRStream) crlarray.getAsStream(i);
      X509CRL crl = (X509CRL)cf.generateCRL(new ByteArrayInputStream(PdfReader.getStreamBytes(stream)));
      crls.add(crl);
    }
    return crls;
  }

View Full Code Here

            crlLocation = crlLocation.trim();
            InputStream is = loadInputStream(loader, crlLocation);


            try {
                CertificateFactory cf = getCertificateFactory();
                X509CRL crl = (X509CRL)cf.generateCRL(is);
                
                if (provider == null || provider.length() == 0) {
                    crlCertStore = 
                        CertStore.getInstance(
                            "Collection",

View Full Code Here

            crlLocation = crlLocation.trim();
            InputStream is = loadInputStream(loader, crlLocation);


            try {
                CertificateFactory cf = getCertificateFactory();
                X509CRL crl = (X509CRL)cf.generateCRL(is);
                
                if (provider == null || provider.length() == 0) {
                    crlCertStore = 
                        CertStore.getInstance(
                            "Collection",

View Full Code Here

        signatureVerificationWSSCrypto.setKeyStore(keyStore);
    }
    
    public void loadCRLCertStore(URL url) throws Exception {
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        X509CRL crl = (X509CRL)cf.generateCRL(url.openStream());
        this.crlCertStore =
            CertStore.getInstance(
                "Collection",
                new CollectionCertStoreParameters(Collections.singletonList(crl))
            );

View Full Code Here

        try {
            crls = new ArrayList<CRL>();
            for (int k = 0; k < seq.size(); ++k) {
                ByteArrayInputStream ar = new ByteArrayInputStream(seq.getObjectAt(k).getDERObject().getDEREncoded());
                CertificateFactory cf = CertificateFactory.getInstance("X.509");
                X509CRL crl = (X509CRL)cf.generateCRL(ar);
                crls.add(crl);
            }
        }
        catch (Exception ex) {
            // ignore

View Full Code Here

                    new Object[] {ae.getCause().getMessage(),ae.getCause(),ae.getCause().getClass().getName()});
            addError(msg,index);
            crl_iter = new ArrayList().iterator();
        }
        boolean validCrlFound = false;
        X509CRL crl = null;
        while (crl_iter.hasNext())
        {
            crl = (X509CRL)crl_iter.next();
            
            if (crl.getNextUpdate() == null
                || new Date().before(crl.getNextUpdate()))
            {
                validCrlFound = true;
                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
                        "CertPathReviewer.localValidCRL",
                        new Object[] {new TrustedInput(crl.getThisUpdate()), new TrustedInput(crl.getNextUpdate())});
                addNotification(msg,index);
                break;
            }
            else
            {
                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
                        "CertPathReviewer.localInvalidCRL",
                        new Object[] {new TrustedInput(crl.getThisUpdate()), new TrustedInput(crl.getNextUpdate())});
                addNotification(msg,index);
            }
        }
        
        // if no valid crl was found in the CertStores try to get one from a
        // crl distribution point
        if (!validCrlFound)
        {
            X509CRL onlineCRL = null;
            Iterator urlIt = crlDistPointUrls.iterator();
            while (urlIt.hasNext())
            {
                try
                {
                    String location = (String) urlIt.next();
                    onlineCRL = getCRL(location);
                    if (onlineCRL != null)
                    {
                        // check if crl issuer is correct
                        if (!cert.getIssuerX500Principal().equals(onlineCRL.getIssuerX500Principal()))
                        {
                            ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
                                        "CertPathReviewer.onlineCRLWrongCA",
                                        new Object[] {new UntrustedInput(onlineCRL.getIssuerX500Principal().getName()),
                                                      new UntrustedInput(cert.getIssuerX500Principal().getName()),
                                                      new UntrustedUrlInput(location)});
                            addNotification(msg,index);
                            continue;
                        }
                        
                        if (onlineCRL.getNextUpdate() == null
                            || new Date().before(onlineCRL.getNextUpdate()))
                        {
                            validCrlFound = true;
                            ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
                                    "CertPathReviewer.onlineValidCRL",
                                    new Object[] {new TrustedInput(onlineCRL.getThisUpdate()),
                                                  new TrustedInput(onlineCRL.getNextUpdate()),
                                                  new UntrustedUrlInput(location)});
                            addNotification(msg,index);
                            crl = onlineCRL;
                            break;
                        }
                        else
                        {
                            ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
                                    "CertPathReviewer.onlineInvalidCRL",
                                    new Object[] {new TrustedInput(onlineCRL.getThisUpdate()),
                                                  new TrustedInput(onlineCRL.getNextUpdate()),
                                                  new UntrustedUrlInput(location)});
                            addNotification(msg,index);
                        }
                    }
                }
                catch (CertPathReviewerException cpre)
                {
                    addNotification(cpre.getErrorMessage(),index);
                }
            }
        }
        
        // check the crl
        X509CRLEntry crl_entry;
        if (crl != null)
        {
            if (sign != null)
            {
                boolean[] keyusage = sign.getKeyUsage();


                if (keyusage != null
                    && (keyusage.length < 7 || !keyusage[CRL_SIGN]))
                {
                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.noCrlSigningPermited");
                    throw new CertPathReviewerException(msg);
                }
            }


            if (workingPublicKey != null)
            {
                try
                {
                    crl.verify(workingPublicKey, "BC");
                }
                catch (Exception e)
                {
                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlVerifyFailed");
                    throw new CertPathReviewerException(msg,e);
                }
            }
            else // issuer public key not known
            {
                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlNoIssuerPublicKey");
                throw new CertPathReviewerException(msg);
            }


            crl_entry = crl.getRevokedCertificate(cert.getSerialNumber());
            if (crl_entry != null)
            {
                String reason = null;
                
                if (crl_entry.hasExtensions())
                {
                    DEREnumerated reasonCode;
                    try
                    {
                        reasonCode = DEREnumerated.getInstance(getExtensionValue(crl_entry, X509Extensions.ReasonCode.getId()));
                    }
                    catch (AnnotatedException ae)
                    {
                        ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlReasonExtError");
                        throw new CertPathReviewerException(msg,ae);
                    }
                    if (reasonCode != null)
                    {
                        reason = crlReasons[reasonCode.getValue().intValue()];
                    }
                    else
                    {
                        reason = crlReasons[7];
                    }
                }
                
                // i18n reason
                LocaleString ls = new LocaleString(RESOURCE_NAME, reason);
                
                if (!validDate.before(crl_entry.getRevocationDate()))
                {
                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.certRevoked",
                            new Object[] {new TrustedInput(crl_entry.getRevocationDate()),ls});
                    throw new CertPathReviewerException(msg);
                }
                else // cert was revoked after validation date
                {
                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.revokedAfterValidation",
                            new Object[] {new TrustedInput(crl_entry.getRevocationDate()),ls});
                    addNotification(msg,index);
                }
            }
            else // cert is not revoked
            {
                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.notRevoked");
                addNotification(msg,index);
            }
            
            //
            // warn if a new crl is available
            //
            if (crl.getNextUpdate() != null && crl.getNextUpdate().before(new Date()))
            {
                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlUpdateAvailable",
                        new Object[] {new TrustedInput(crl.getNextUpdate())});
                addNotification(msg,index);
            }
            
            //
            // check the DeltaCRL indicator, base point and the issuing distribution point
            //
            DERObject idp;
            try
            {
                idp = getExtensionValue(crl, ISSUING_DISTRIBUTION_POINT);
            }
            catch (AnnotatedException ae)
            {
                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.distrPtExtError");
                throw new CertPathReviewerException(msg);
            }
            DERObject dci;
            try
            {
                dci = getExtensionValue(crl, DELTA_CRL_INDICATOR);
            }
            catch (AnnotatedException ae)
            {
                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.deltaCrlExtError");
                throw new CertPathReviewerException(msg);
            }


            if (dci != null)
            {
                X509CRLStoreSelector baseSelect = new X509CRLStoreSelector();


                try
                {
                    baseSelect.addIssuerName(getIssuerPrincipal(crl).getEncoded());
                }
                catch (IOException e)
                {
                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlIssuerException");
                    throw new CertPathReviewerException(msg,e);
                }


                baseSelect.setMinCRLNumber(((DERInteger)dci).getPositiveValue());
                try
                {
                    baseSelect.setMaxCRLNumber(((DERInteger)getExtensionValue(crl, CRL_NUMBER)).getPositiveValue().subtract(BigInteger.valueOf(1)));
                }
                catch (AnnotatedException ae)
                {
                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlNbrExtError");
                    throw new CertPathReviewerException(msg,ae);
                }
                
                boolean  foundBase = false;
                Iterator it;
                try 
                {
                    it  = findCRLs(baseSelect, paramsPKIX.getCertStores()).iterator();
                }
                catch (AnnotatedException ae)
                {
                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlExtractionError");
                    throw new CertPathReviewerException(msg,ae);
                }
                while (it.hasNext())
                {
                    X509CRL base = (X509CRL)it.next();


                    DERObject baseIdp;
                    try
                    {
                        baseIdp = getExtensionValue(base, ISSUING_DISTRIBUTION_POINT);

View Full Code Here

        return urls;
    }
    
    private X509CRL getCRL(String location) throws CertPathReviewerException
    {
        X509CRL result = null;
        try
        {
            URL url = new URL(location);
            
            if (url.getProtocol().equals("http") || url.getProtocol().equals("https"))

View Full Code Here

    {
        Exception lastException = null;


        for (Iterator it = deltacrls.iterator(); it.hasNext();)
        {
            X509CRL crl = (X509CRL)it.next();
            try
            {
                crl.verify(key);
                return crl;
            }
            catch (Exception e)
            {
                lastException = e;

View Full Code Here

0 1 2 3 4 5 6 7 8 9

TOP

Related Classes of java.security.cert.X509CRL

br.net.woodstock.rockframework.security.cert.impl.BouncyCastleCRLGenerator

br.net.woodstock.rockframework.security.cert.impl.CRLCertificateValidator

br.net.woodstock.rockframework.security.cert.impl.CRLCertificateVerifier

CertUtils

com.gitblit.GitblitTrustManager

com.gitblit.utils.X509Utils

com.itextpdf.text.pdf.PdfPKCS7

com.itextpdf.text.pdf.security.LtvVerifier

com.itextpdf.text.pdf.security.PdfPKCS7

de.innovationgate.webgate.api.WGDatabase

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.