Examples of java.security.cert.X509CRLEntry

java.security.cert.X509CRLEntry

Abstract class for a revoked certificate in a CRL (Certificate Revocation List). The ASN.1 definition for revokedCertificates is:

 revokedCertificates    SEQUENCE OF SEQUENCE  { userCertificate    CertificateSerialNumber, revocationDate     ChoiceOfTime, crlEntryExtensions Extensions OPTIONAL -- if present, must be v2 }  OPTIONAL CertificateSerialNumber  ::=  INTEGER Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension Extension  ::=  SEQUENCE  { extnId        OBJECT IDENTIFIER, critical      BOOLEAN DEFAULT FALSE, extnValue     OCTET STRING -- contains a DER encoding of a value -- of the type registered for use with -- the extnId object identifier value }

@see X509CRL @see X509Extension @author Hemma Prafullchandra

        X509CRL crl,
        Object cert,
        CertStatus certStatus)
        throws AnnotatedException
    {
        X509CRLEntry crl_entry = null;


        boolean isIndirect;
        try
        {
            isIndirect = X509CRLObject.isIndirectCRL(crl);
        }
        catch (CRLException exception)
        {
            throw new AnnotatedException("Failed check for indirect CRL.", exception);
        }


        if (isIndirect)
        {
            crl_entry = crl.getRevokedCertificate(getSerialNumber(cert));


            if (crl_entry == null)
            {
                return;
            }


            X500Principal certIssuer = crl_entry.getCertificateIssuer();


            if (certIssuer == null)
            {
                certIssuer = getIssuerPrincipal(crl);
            }


            if (!getEncodedIssuerPrincipal(cert).equals(certIssuer))
            {
                return;
            }
        }
        else if (!getEncodedIssuerPrincipal(cert).equals(getIssuerPrincipal(crl)))
        {
            return;  // not for our issuer, ignore
        }
        else
        {
            crl_entry = crl.getRevokedCertificate(getSerialNumber(cert));


            if (crl_entry == null)
            {
                return;
            }
        }


        DEREnumerated reasonCode = null;
        if (crl_entry.hasExtensions())
        {
            try
            {
                reasonCode = DEREnumerated
                    .getInstance(CertPathValidatorUtilities
                        .getExtensionValue(crl_entry,
                            X509Extension.reasonCode.getId()));
            }
            catch (Exception e)
            {
                throw new AnnotatedException(
                    "Reason code CRL entry extension could not be decoded.",
                    e);
            }
        }


        // for reason keyCompromise, caCompromise, aACompromise or
        // unspecified
        if (!(validDate.getTime() < crl_entry.getRevocationDate().getTime())
            || reasonCode == null
            || reasonCode.getValue().intValue() == 0
            || reasonCode.getValue().intValue() == 1
            || reasonCode.getValue().intValue() == 2
            || reasonCode.getValue().intValue() == 8)
        {


            // (i) or (j) (1)
            if (reasonCode != null)
            {
                certStatus.setCertStatus(reasonCode.getValue().intValue());
            }
            // (i) or (j) (2)
            else
            {
                certStatus.setCertStatus(CRLReason.unspecified);
            }
            certStatus.setRevocationDate(crl_entry.getRevocationDate());
        }
    }

View Full Code Here

            fail("failed to find CRL extension");
        }
        
        AuthorityKeyIdentifier authId = new AuthorityKeyIdentifierStructure(authExt);
        
        X509CRLEntry entry = crl.getRevokedCertificate(BigInteger.ONE);
        
        if (entry == null)
        {
            fail("failed to find CRL entry");
        }
        
        if (!entry.getSerialNumber().equals(BigInteger.ONE))
        {
            fail("CRL cert serial number does not match");
        }
        
        if (!entry.hasExtensions())
        {
            fail("CRL entry extension not found");
        }
    
        byte[]  ext = entry.getExtensionValue(X509Extensions.ReasonCode.getId());
    
        if (ext != null)
        {
            DEREnumerated   reasonCode = (DEREnumerated)X509ExtensionUtil.fromExtensionValue(ext);

View Full Code Here

            fail("failed to find CRL extension");
        }
        
        AuthorityKeyIdentifier authId = new AuthorityKeyIdentifierStructure(authExt);
        
        X509CRLEntry entry = crl.getRevokedCertificate(BigInteger.ONE);
        
        if (entry == null)
        {
            fail("failed to find CRL entry");
        }
        
        if (!entry.getSerialNumber().equals(BigInteger.ONE))
        {
            fail("CRL cert serial number does not match");
        }
        
        if (!entry.hasExtensions())
        {
            fail("CRL entry extension not found");
        }


        byte[]  ext = entry.getExtensionValue(X509Extensions.ReasonCode.getId());


        if (ext != null)
        {
            DEREnumerated   reasonCode = (DEREnumerated)X509ExtensionUtil.fromExtensionValue(ext);

View Full Code Here

            fail("failed to find CRL extension");
        }
        
        AuthorityKeyIdentifier authId = new AuthorityKeyIdentifierStructure(authExt);
        
        X509CRLEntry entry = crl.getRevokedCertificate(BigInteger.ONE);
        
        if (entry == null)
        {
            fail("failed to find CRL entry");
        }
        
        if (!entry.getSerialNumber().equals(BigInteger.ONE))
        {
            fail("CRL cert serial number does not match");
        }
        
        if (!entry.hasExtensions())
        {
            fail("CRL entry extension not found");
        }
    
        byte[]  ext = entry.getExtensionValue(X509Extensions.ReasonCode.getId());
    
        if (ext != null)
        {
            DEREnumerated   reasonCode = (DEREnumerated)X509ExtensionUtil.fromExtensionValue(ext);
                                                                       
            if (reasonCode.getValue().intValue() != CRLReason.privilegeWithdrawn)
            {
                fail("CRL entry reasonCode wrong");
            }
        }
        else
        {
            fail("CRL entry reasonCode not found");
        }
        
        //
        // check loading of existing CRL
        //
        crlGen = new X509V2CRLGenerator();
        now = new Date();
        
        crlGen.setIssuerDN(new X500Principal("CN=Test CA"));
        
        crlGen.setThisUpdate(now);
        crlGen.setNextUpdate(new Date(now.getTime() + 100000));
        crlGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
        
        crlGen.addCRL(crl);
        
        crlGen.addCRLEntry(BigInteger.valueOf(2), now, entryExtensions);
        
        crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(pair.getPublic()));
        
        X509CRL    newCrl = crlGen.generate(pair.getPrivate(), "BC");
        
        int     count = 0;
        boolean oneFound = false;
        boolean twoFound = false;
        
        Iterator it = newCrl.getRevokedCertificates().iterator();
        while (it.hasNext())
        {
            X509CRLEntry crlEnt = (X509CRLEntry)it.next();


            if (crlEnt.getSerialNumber().intValue() == 1)
            {
                oneFound = true;
            }
            else if (crlEnt.getSerialNumber().intValue() == 2)
            {
                twoFound = true;
            }
            
            count++;

View Full Code Here

                }
            }
        }
        
        // check the crl
        X509CRLEntry crl_entry;
        if (crl != null)
        {
            if (sign != null)
            {
                boolean[] keyusage = sign.getKeyUsage();


                if (keyusage != null
                    && (keyusage.length < 7 || !keyusage[CRL_SIGN]))
                {
                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.noCrlSigningPermited");
                    throw new CertPathReviewerException(msg);
                }
            }


            if (workingPublicKey != null)
            {
                try
                {
                    crl.verify(workingPublicKey, "BC");
                }
                catch (Exception e)
                {
                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlVerifyFailed");
                    throw new CertPathReviewerException(msg,e);
                }
            }
            else // issuer public key not known
            {
                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlNoIssuerPublicKey");
                throw new CertPathReviewerException(msg);
            }


            crl_entry = crl.getRevokedCertificate(cert.getSerialNumber());
            if (crl_entry != null)
            {
                String reason = null;
                
                if (crl_entry.hasExtensions())
                {
                    DEREnumerated reasonCode;
                    try
                    {
                        reasonCode = DEREnumerated.getInstance(getExtensionValue(crl_entry, X509Extensions.ReasonCode.getId()));
                    }
                    catch (AnnotatedException ae)
                    {
                        ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlReasonExtError");
                        throw new CertPathReviewerException(msg,ae);
                    }
                    if (reasonCode != null)
                    {
                        reason = crlReasons[reasonCode.getValue().intValue()];
                    }
                }


                if (reason == null)
                {
                    reason = crlReasons[7]; // unknown
                }


                // i18n reason
                LocaleString ls = new LocaleString(RESOURCE_NAME, reason);
                
                if (!validDate.before(crl_entry.getRevocationDate()))
                {
                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.certRevoked",
                            new Object[] {new TrustedInput(crl_entry.getRevocationDate()),ls});
                    throw new CertPathReviewerException(msg);
                }
                else // cert was revoked after validation date
                {
                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.revokedAfterValidation",
                            new Object[] {new TrustedInput(crl_entry.getRevocationDate()),ls});
                    addNotification(msg,index);
                }
            }
            else // cert is not revoked
            {

View Full Code Here

        if (revocations != null)
        {
            Iterator it = revocations.iterator();
            while (it.hasNext())
            {
                X509CRLEntry entry = (X509CRLEntry)it.next();


                ASN1InputStream aIn = new ASN1InputStream(entry.getEncoded());


                try
                {
                    tbsGen.addCRLEntry(ASN1Sequence.getInstance(aIn.readObject()));
                }

View Full Code Here

        if (revocations != null)
        {
            Iterator it = revocations.iterator();
            while (it.hasNext())
            {
                X509CRLEntry entry = (X509CRLEntry)it.next();


                ASN1InputStream aIn = new ASN1InputStream(entry.getEncoded());


                try
                {
                    tbsGen.addCRLEntry(ASN1Sequence.getInstance(aIn.readObject()));
                }

View Full Code Here

                }
            }
        }
        
        // check the crl
        X509CRLEntry crl_entry;
        if (crl != null)
        {
            if (sign != null)
            {
                boolean[] keyusage = sign.getKeyUsage();


                if (keyusage != null
                    && (keyusage.length < 7 || !keyusage[CRL_SIGN]))
                {
                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.noCrlSigningPermited");
                    throw new CertPathReviewerException(msg);
                }
            }


            if (workingPublicKey != null)
            {
                try
                {
                    crl.verify(workingPublicKey, "BC");
                }
                catch (Exception e)
                {
                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlVerifyFailed");
                    throw new CertPathReviewerException(msg,e);
                }
            }
            else // issuer public key not known
            {
                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlNoIssuerPublicKey");
                throw new CertPathReviewerException(msg);
            }


            crl_entry = crl.getRevokedCertificate(cert.getSerialNumber());
            if (crl_entry != null)
            {
                String reason = null;
                
                if (crl_entry.hasExtensions())
                {
                    DEREnumerated reasonCode;
                    try
                    {
                        reasonCode = DEREnumerated.getInstance(getExtensionValue(crl_entry, X509Extensions.ReasonCode.getId()));
                    }
                    catch (AnnotatedException ae)
                    {
                        ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlReasonExtError");
                        throw new CertPathReviewerException(msg,ae);
                    }
                    if (reasonCode != null)
                    {
                        reason = crlReasons[reasonCode.getValue().intValue()];
                    }
                    else
                    {
                        reason = crlReasons[7];
                    }
                }
                
                // i18n reason
                LocaleString ls = new LocaleString(RESOURCE_NAME, reason);
                
                if (!validDate.before(crl_entry.getRevocationDate()))
                {
                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.certRevoked",
                            new Object[] {new TrustedInput(crl_entry.getRevocationDate()),ls});
                    throw new CertPathReviewerException(msg);
                }
                else // cert was revoked after validation date
                {
                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.revokedAfterValidation",
                            new Object[] {new TrustedInput(crl_entry.getRevocationDate()),ls});
                    addNotification(msg,index);
                }
            }
            else // cert is not revoked
            {

View Full Code Here

            fail("failed to find CRL extension");
        }
        
        AuthorityKeyIdentifier authId = new AuthorityKeyIdentifierStructure(authExt);
        
        X509CRLEntry entry = crl.getRevokedCertificate(BigInteger.ONE);
        
        if (entry == null)
        {
            fail("failed to find CRL entry");
        }
        
        if (!entry.getSerialNumber().equals(BigInteger.ONE))
        {
            fail("CRL cert serial number does not match");
        }
        
        if (!entry.hasExtensions())
        {
            fail("CRL entry extension not found");
        }
    
        byte[]  ext = entry.getExtensionValue(X509Extensions.ReasonCode.getId());
    
        if (ext != null)
        {
            DEREnumerated   reasonCode = (DEREnumerated)X509ExtensionUtil.fromExtensionValue(ext);

View Full Code Here

            fail("failed to find CRL extension");
        }
        
        AuthorityKeyIdentifier authId = new AuthorityKeyIdentifierStructure(authExt);
        
        X509CRLEntry entry = crl.getRevokedCertificate(BigInteger.ONE);
        
        if (entry == null)
        {
            fail("failed to find CRL entry");
        }
        
        if (!entry.getSerialNumber().equals(BigInteger.ONE))
        {
            fail("CRL cert serial number does not match");
        }
        
        if (!entry.hasExtensions())
        {
            fail("CRL entry extension not found");
        }


        byte[]  ext = entry.getExtensionValue(X509Extensions.ReasonCode.getId());


        if (ext != null)
        {
            DEREnumerated   reasonCode = (DEREnumerated)X509ExtensionUtil.fromExtensionValue(ext);

View Full Code Here

0 1 2 3 4

TOP

Related Classes of java.security.cert.X509CRLEntry

com.gitblit.GitblitTrustManager

de.innovationgate.utils.CertificateValidationUtils

org.apache.harmony.jretools.keytool.CRLManager

org.apache.harmony.security.provider.cert.X509CRLImpl

org.apache.harmony.tools.keytool.CRLManager

org.bouncycastle.jce.provider.CertPathValidatorUtilities

org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi

org.bouncycastle.jce.provider.test.CertTest

org.bouncycastle.x509.PKIXCertPathReviewer

org.bouncycastle.x509.X509V2CRLGenerator

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.