Examples of java.security.cert.X509CRLEntry

java.security.cert.X509CRLEntry

Abstract class for a revoked certificate in a CRL (Certificate Revocation List). The ASN.1 definition for revokedCertificates is:

 revokedCertificates    SEQUENCE OF SEQUENCE  { userCertificate    CertificateSerialNumber, revocationDate     ChoiceOfTime, crlEntryExtensions Extensions OPTIONAL -- if present, must be v2 }  OPTIONAL CertificateSerialNumber  ::=  INTEGER Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension Extension  ::=  SEQUENCE  { extnId        OBJECT IDENTIFIER, critical      BOOLEAN DEFAULT FALSE, extnValue     OCTET STRING -- contains a DER encoding of a value -- of the type registered for use with -- the extnId object identifier value }

@see X509CRL @see X509Extension @author Hemma Prafullchandra

            if (certIssuer.equals(getIssuerX500Principal())) {
                // certificate issuer is CRL issuer
                certIssuer = null;
            }
            for (int i=0; i<entriesSize; i++) {
                X509CRLEntry entry = (X509CRLEntry) entries.get(i);
                // check the serial number of revoked certificate
                if (serialN.equals(entry.getSerialNumber())) {
                    // revoked certificate issuer
                    X500Principal iss = entry.getCertificateIssuer();
                    // check the issuer of revoked certificate
                    if (certIssuer != null) {
                        // certificate issuer is not a CRL issuer, so
                        // check issuers for equality
                        if (certIssuer.equals(iss)) {
                            return entry;
                        }
                    } else if (iss == null) {
                        // both certificates was issued by CRL issuer
                        return entry;
                    }
                }
            }
        } else {
            // search in CA's (non indirect) crl: just look up the serial number
            for (int i=0; i<entriesSize; i++) {
                X509CRLEntry entry = (X509CRLEntry) entries.get(i);
                if (serialN.equals(entry.getSerialNumber())) {
                    return entry;
                }
            }
        }
        return null;

View Full Code Here

        }
        if (entries == null) {
            return null;
        }
        for (int i=0; i<nonIndirectEntriesSize; i++) {
            X509CRLEntry entry = (X509CRLEntry) entries.get(i);
            if (serialNumber.equals(entry.getSerialNumber())) {
                return entry;
            }
        }
        return null;
    }

View Full Code Here

            return true;
        }
        if (!(other instanceof X509CRLEntry)) {
            return false;
        }
        X509CRLEntry obj = (X509CRLEntry) other;
        try {
            return Arrays.equals(getEncoded(), obj.getEncoded());
        } catch (CRLException e) {
            return false;
        }
    }

View Full Code Here

            if (certIssuer.equals(getIssuerX500Principal())) {
                // certificate issuer is CRL issuer
                certIssuer = null;
            }
            for (int i=0; i<entriesSize; i++) {
                X509CRLEntry entry = (X509CRLEntry) entries.get(i);
                // check the serial number of revoked certificate
                if (serialN.equals(entry.getSerialNumber())) {
                    // revoked certificate issuer
                    X500Principal iss = entry.getCertificateIssuer();
                    // check the issuer of revoked certificate
                    if (certIssuer != null) {
                        // certificate issuer is not a CRL issuer, so
                        // check issuers for equality
                        if (certIssuer.equals(iss)) {
                            return entry;
                        }
                    } else if (iss == null) {
                        // both certificates was issued by CRL issuer
                        return entry;
                    }
                }
            }
        } else {
            // search in CA's (non indirect) crl: just look up the serial number
            for (int i=0; i<entriesSize; i++) {
                X509CRLEntry entry = (X509CRLEntry) entries.get(i);
                if (serialN.equals(entry.getSerialNumber())) {
                    return entry;
                }
            }
        }
        return null;

View Full Code Here

        }
        if (entries == null) {
            return null;
        }
        for (int i=0; i<nonIndirectEntriesSize; i++) {
            X509CRLEntry entry = (X509CRLEntry) entries.get(i);
            if (serialNumber.equals(entry.getSerialNumber())) {
                return entry;
            }
        }
        return null;
    }

View Full Code Here

        while (crlIter.hasNext()) {
            X509CRL crl = (X509CRL) crlIter.next();
            Iterator certIter = certs.iterator();
            while (certIter.hasNext()) {
                X509Certificate cert = (X509Certificate) certIter.next();
                X509CRLEntry entry = crl.getRevokedCertificate(cert);
                if (entry != null) {
                    System.out.println("The certificate ...");
                    KeyStoreCertPrinter.printX509CertDetailed(cert, mdProvider);
                    System.out.println("... is revoked on "
                            + entry.getRevocationDate() + "\n");
                    foundRevoked = true;
                    continue;
                }
            }
        }

View Full Code Here

            if (certIssuer.equals(getIssuerX500Principal())) {
                // certificate issuer is CRL issuer
                certIssuer = null;
            }
            for (int i=0; i<entriesSize; i++) {
                X509CRLEntry entry = (X509CRLEntry) entries.get(i);
                // check the serial number of revoked certificate
                if (serialN.equals(entry.getSerialNumber())) {
                    // revoked certificate issuer
                    X500Principal iss = entry.getCertificateIssuer();
                    // check the issuer of revoked certificate
                    if (certIssuer != null) {
                        // certificate issuer is not a CRL issuer, so
                        // check issuers for equality
                        if (certIssuer.equals(iss)) {
                            return entry;
                        }
                    } else if (iss == null) {
                        // both certificates was issued by CRL issuer
                        return entry;
                    }
                }
            }
        } else {
            // search in CA's (non indirect) crl: just look up the serial number
            for (int i=0; i<entriesSize; i++) {
                X509CRLEntry entry = (X509CRLEntry) entries.get(i);
                if (serialN.equals(entry.getSerialNumber())) {
                    return entry;
                }
            }
        }
        return null;

View Full Code Here

        }
        if (entries == null) {
            return null;
        }
        for (int i=0; i<nonIndirectEntriesSize; i++) {
            X509CRLEntry entry = (X509CRLEntry) entries.get(i);
            if (serialNumber.equals(entry.getSerialNumber())) {
                return entry;
            }
        }
        return null;
    }

View Full Code Here

                }
            }
        }
        
        // check the crl
        X509CRLEntry crl_entry;
        if (crl != null)
        {
            if (sign != null)
            {
                boolean[] keyusage = sign.getKeyUsage();


                if (keyusage != null
                    && (keyusage.length < 7 || !keyusage[CRL_SIGN]))
                {
                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.noCrlSigningPermited");
                    throw new CertPathReviewerException(msg);
                }
            }


            if (workingPublicKey != null)
            {
                try
                {
                    crl.verify(workingPublicKey, "BC");
                }
                catch (Exception e)
                {
                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlVerifyFailed");
                    throw new CertPathReviewerException(msg,e);
                }
            }
            else // issuer public key not known
            {
                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlNoIssuerPublicKey");
                throw new CertPathReviewerException(msg);
            }


            crl_entry = crl.getRevokedCertificate(cert.getSerialNumber());
            if (crl_entry != null)
            {
                String reason = null;
                
                if (crl_entry.hasExtensions())
                {
                    DEREnumerated reasonCode;
                    try
                    {
                        reasonCode = DEREnumerated.getInstance(getExtensionValue(crl_entry, X509Extensions.ReasonCode.getId()));
                    }
                    catch (AnnotatedException ae)
                    {
                        ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlReasonExtError");
                        throw new CertPathReviewerException(msg,ae);
                    }
                    if (reasonCode != null)
                    {
                        reason = crlReasons[reasonCode.getValue().intValue()];
                    }
                    else
                    {
                        reason = crlReasons[7];
                    }
                }
                
                // i18n reason
                LocaleString ls = new LocaleString(RESOURCE_NAME, reason);
                
                if (!validDate.before(crl_entry.getRevocationDate()))
                {
                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.certRevoked",
                            new Object[] {new TrustedInput(crl_entry.getRevocationDate()),ls});
                    throw new CertPathReviewerException(msg);
                }
                else // cert was revoked after validation date
                {
                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.revokedAfterValidation",
                            new Object[] {new TrustedInput(crl_entry.getRevocationDate()),ls});
                    addNotification(msg,index);
                }
            }
            else // cert is not revoked
            {

View Full Code Here

                }
            });
        Set<? extends X509CRLEntry> result = this.generator.removeExpiredSerials(set);
        assertEquals(1, result.size());


        X509CRLEntry entry = result.iterator().next();
        assertEquals(BigInteger.ZERO, entry.getSerialNumber());
    }

View Full Code Here

0 1 2 3 4

TOP

Related Classes of java.security.cert.X509CRLEntry

com.gitblit.GitblitTrustManager

de.innovationgate.utils.CertificateValidationUtils

org.apache.harmony.jretools.keytool.CRLManager

org.apache.harmony.security.provider.cert.X509CRLImpl

org.apache.harmony.tools.keytool.CRLManager

org.bouncycastle.jce.provider.CertPathValidatorUtilities

org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi

org.bouncycastle.jce.provider.test.CertTest

org.bouncycastle.x509.PKIXCertPathReviewer

org.bouncycastle.x509.X509V2CRLGenerator

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.