java.security.cert.CRLException Java Examples
The following examples show how to use
java.security.cert.CRLException.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: KeyStoreUtilTest.java From servicecomb-java-chassis with Apache License 2.0 | 6 votes |
|
@Test
public void testExceptionCRLException() {
String crlfile = strFilePath + "/ssl/server.p12";
boolean validAssert = true;
try {
new MockUp<CertificateFactory>() {
@Mock
public final CertificateFactory getInstance(String type) throws CertificateException, CRLException {
throw new CRLException();
}
};
KeyStoreUtil.createCRL(crlfile);
} catch (Exception e) {
validAssert = false;
Assert.assertEquals("java.lang.IllegalArgumentException", e.getClass().getName());
}
Assert.assertFalse(validAssert);
}
Example #2
| Source File: SSLUtils.java From ssltest with Apache License 2.0 | 6 votes |
|
/**
* Return the initialization parameters for the TrustManager.
* Currently, only the default <code>PKIX</code> is supported.
*
* @param algorithm The algorithm to get parameters for.
* @param crlFilename The path to the CRL file.
* @param maxCertificateChainLength Optional maximum cert chain length.
* @param trustStore The configured TrustStore.
*
* @return The parameters including the TrustStore and any CRLs.
*
* @throws InvalidAlgorithmParameterException
* @throws KeyStoreException
* @throws IOException
* @throws CertificateException
* @throws CRLException
* @throws NoSuchAlgorithmException
*/
protected static CertPathParameters getParameters(String algorithm,
String crlFilename,
Integer maxCertificateChainLength,
KeyStore trustStore)
throws KeyStoreException, InvalidAlgorithmParameterException, CRLException, CertificateException, IOException, NoSuchAlgorithmException
{
CertPathParameters params = null;
if("PKIX".equalsIgnoreCase(algorithm)) {
PKIXBuilderParameters xparams =
new PKIXBuilderParameters(trustStore, new X509CertSelector());
Collection<? extends CRL> crls = getCRLs(crlFilename);
CertStoreParameters csp = new CollectionCertStoreParameters(crls);
CertStore store = CertStore.getInstance("Collection", csp);
xparams.addCertStore(store);
xparams.setRevocationEnabled(true);
if(maxCertificateChainLength != null)
xparams.setMaxPathLength(maxCertificateChainLength.intValue());
params = xparams;
} else {
throw new CRLException("CRLs not supported for type: " + algorithm);
}
return params;
}
Example #3
| Source File: CRLExtensions.java From openjdk-jdk9 with GNU General Public License v2.0 | 6 votes |
|
private void init(DerInputStream derStrm) throws CRLException {
try {
DerInputStream str = derStrm;
byte nextByte = (byte)derStrm.peekByte();
// check for context specific byte 0; skip it
if (((nextByte & 0x0c0) == 0x080) &&
((nextByte & 0x01f) == 0x000)) {
DerValue val = str.getDerValue();
str = val.data;
}
DerValue[] exts = str.getSequence(5);
for (int i = 0; i < exts.length; i++) {
Extension ext = new Extension(exts[i]);
parseExtension(ext);
}
} catch (IOException e) {
throw new CRLException("Parsing error: " + e.toString());
}
}
Example #4
| Source File: AbstractTrustStore.java From qpid-broker-j with Apache License 2.0 | 6 votes |
|
/**
* Load the collection of CRLs.
*/
private Collection<? extends CRL> getCRLs(String crlUrl)
{
Collection<? extends CRL> crls = Collections.emptyList();
if (crlUrl != null)
{
try (InputStream is = getUrlFromString(crlUrl).openStream())
{
crls = SSLUtil.getCertificateFactory().generateCRLs(is);
}
catch (IOException | CRLException e)
{
throw new IllegalConfigurationException("Unable to load certificate revocation list '" + crlUrl +
"' for truststore '" + getName() + "' :" + e, e);
}
}
return crls;
}
Example #5
| Source File: CRLExtensions.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 6 votes |
|
private void init(DerInputStream derStrm) throws CRLException {
try {
DerInputStream str = derStrm;
byte nextByte = (byte)derStrm.peekByte();
// check for context specific byte 0; skip it
if (((nextByte & 0x0c0) == 0x080) &&
((nextByte & 0x01f) == 0x000)) {
DerValue val = str.getDerValue();
str = val.data;
}
DerValue[] exts = str.getSequence(5);
for (int i = 0; i < exts.length; i++) {
Extension ext = new Extension(exts[i]);
parseExtension(ext);
}
} catch (IOException e) {
throw new CRLException("Parsing error: " + e.toString());
}
}
Example #6
| Source File: X509CRLEntryImpl.java From TencentKona-8 with GNU General Public License v2.0 | 6 votes |
|
@Override
public int compareTo(X509CRLEntryImpl that) {
int compSerial = getSerialNumber().compareTo(that.getSerialNumber());
if (compSerial != 0) {
return compSerial;
}
try {
byte[] thisEncoded = this.getEncoded0();
byte[] thatEncoded = that.getEncoded0();
for (int i=0; i<thisEncoded.length && i<thatEncoded.length; i++) {
int a = thisEncoded[i] & 0xff;
int b = thatEncoded[i] & 0xff;
if (a != b) return a-b;
}
return thisEncoded.length -thatEncoded.length;
} catch (CRLException ce) {
return -1;
}
}
Example #7
| Source File: X509CRLObject.java From RipplePower with Apache License 2.0 | 6 votes |
|
public X509CRLObject(
CertificateList c)
throws CRLException
{
this.c = c;
try
{
this.sigAlgName = X509SignatureUtil.getSignatureName(c.getSignatureAlgorithm());
if (c.getSignatureAlgorithm().getParameters() != null)
{
this.sigAlgParams = ((ASN1Encodable)c.getSignatureAlgorithm().getParameters()).toASN1Primitive().getEncoded(ASN1Encoding.DER);
}
else
{
this.sigAlgParams = null;
}
this.isIndirect = isIndirectCRL(this);
}
catch (Exception e)
{
throw new CRLException("CRL contents invalid: " + e);
}
}
Example #8
| Source File: CRLExtensions.java From jdk8u60 with GNU General Public License v2.0 | 6 votes |
|
private void parseExtension(Extension ext) throws CRLException {
try {
Class<?> extClass = OIDMap.getClass(ext.getExtensionId());
if (extClass == null) { // Unsupported extension
if (ext.isCritical())
unsupportedCritExt = true;
if (map.put(ext.getExtensionId().toString(), ext) != null)
throw new CRLException("Duplicate extensions not allowed");
return;
}
Constructor<?> cons = extClass.getConstructor(PARAMS);
Object[] passed = new Object[] {Boolean.valueOf(ext.isCritical()),
ext.getExtensionValue()};
CertAttrSet<?> crlExt = (CertAttrSet<?>)cons.newInstance(passed);
if (map.put(crlExt.getName(), (Extension)crlExt) != null) {
throw new CRLException("Duplicate extensions not allowed");
}
} catch (InvocationTargetException invk) {
throw new CRLException(invk.getTargetException().getMessage());
} catch (Exception e) {
throw new CRLException(e.toString());
}
}
Example #9
| Source File: CRLExtensions.java From TencentKona-8 with GNU General Public License v2.0 | 6 votes |
|
private void parseExtension(Extension ext) throws CRLException {
try {
Class<?> extClass = OIDMap.getClass(ext.getExtensionId());
if (extClass == null) { // Unsupported extension
if (ext.isCritical())
unsupportedCritExt = true;
if (map.put(ext.getExtensionId().toString(), ext) != null)
throw new CRLException("Duplicate extensions not allowed");
return;
}
Constructor<?> cons = extClass.getConstructor(PARAMS);
Object[] passed = new Object[] {Boolean.valueOf(ext.isCritical()),
ext.getExtensionValue()};
CertAttrSet<?> crlExt = (CertAttrSet<?>)cons.newInstance(passed);
if (map.put(crlExt.getName(), (Extension)crlExt) != null) {
throw new CRLException("Duplicate extensions not allowed");
}
} catch (InvocationTargetException invk) {
throw new CRLException(invk.getTargetException().getMessage());
} catch (Exception e) {
throw new CRLException(e.toString());
}
}
Example #10
| Source File: X509CRLObject.java From RipplePower with Apache License 2.0 | 6 votes |
|
protected X509CRLObject(
CertificateList c)
throws CRLException
{
this.c = c;
try
{
this.sigAlgName = X509SignatureUtil.getSignatureName(c.getSignatureAlgorithm());
if (c.getSignatureAlgorithm().getParameters() != null)
{
this.sigAlgParams = ((ASN1Encodable)c.getSignatureAlgorithm().getParameters()).toASN1Primitive().getEncoded(ASN1Encoding.DER);
}
else
{
this.sigAlgParams = null;
}
this.isIndirect = isIndirectCRL(this);
}
catch (Exception e)
{
throw new CRLException("CRL contents invalid: " + e);
}
}
Example #11
| Source File: X509CRLEntryImpl.java From dragonwell8_jdk with GNU General Public License v2.0 | 6 votes |
|
@Override
public int compareTo(X509CRLEntryImpl that) {
int compSerial = getSerialNumber().compareTo(that.getSerialNumber());
if (compSerial != 0) {
return compSerial;
}
try {
byte[] thisEncoded = this.getEncoded0();
byte[] thatEncoded = that.getEncoded0();
for (int i=0; i<thisEncoded.length && i<thatEncoded.length; i++) {
int a = thisEncoded[i] & 0xff;
int b = thatEncoded[i] & 0xff;
if (a != b) return a-b;
}
return thisEncoded.length -thatEncoded.length;
} catch (CRLException ce) {
return -1;
}
}
Example #12
| Source File: X509CRLImpl.java From jdk8u-jdk with GNU General Public License v2.0 | 5 votes |
|
/**
* Verifies that this CRL was signed using the
* private key that corresponds to the given public key,
* and that the signature verification was computed by
* the given provider. Note that the specified Provider object
* does not have to be registered in the provider list.
*
* @param key the PublicKey used to carry out the verification.
* @param sigProvider the signature provider.
*
* @exception NoSuchAlgorithmException on unsupported signature
* algorithms.
* @exception InvalidKeyException on incorrect key.
* @exception SignatureException on signature errors.
* @exception CRLException on encoding errors.
*/
public synchronized void verify(PublicKey key, Provider sigProvider)
throws CRLException, NoSuchAlgorithmException, InvalidKeyException,
SignatureException {
if (signedCRL == null) {
throw new CRLException("Uninitialized CRL");
}
Signature sigVerf = null;
if (sigProvider == null) {
sigVerf = Signature.getInstance(sigAlgId.getName());
} else {
sigVerf = Signature.getInstance(sigAlgId.getName(), sigProvider);
}
sigVerf.initVerify(key);
if (tbsCertList == null) {
throw new CRLException("Uninitialized CRL");
}
sigVerf.update(tbsCertList, 0, tbsCertList.length);
if (!sigVerf.verify(signature)) {
throw new SignatureException("Signature does not match.");
}
verifiedPublicKey = key;
}
Example #13
| Source File: IosCertificateFactory.java From j2objc with Apache License 2.0 | 5 votes |
|
@Override
public Collection<? extends CRL> engineGenerateCRLs(InputStream inStream)
throws CRLException {
List<CRL> result = new ArrayList<CRL>();
CRL crl;
while ((crl = engineGenerateCRL(inStream)) != null) {
result.add(crl);
}
return result;
}
Example #14
| Source File: CrlRef.java From freehealth-connector with GNU Affero General Public License v3.0 | 5 votes |
|
byte[] getEncoded() throws Ref.EncodingException {
try {
return this.crl.getEncoded();
} catch (CRLException var2) {
throw new Ref.EncodingException(var2);
}
}
Example #15
| Source File: CertificateFactory.java From RipplePower with Apache License 2.0 | 5 votes |
|
private CRL getCRL()
throws CRLException
{
if (sCrlData == null || sCrlDataObjectCount >= sCrlData.size())
{
return null;
}
return createCRL(
CertificateList.getInstance(
sCrlData.getObjectAt(sCrlDataObjectCount++)));
}
Example #16
| Source File: X509CRLImpl.java From openjdk-jdk8u with GNU General Public License v2.0 | 5 votes |
|
/**
* Returned the encoding of the given certificate for internal use.
* Callers must guarantee that they neither modify it nor expose it
* to untrusted code. Uses getEncodedInternal() if the certificate
* is instance of X509CertImpl, getEncoded() otherwise.
*/
public static byte[] getEncodedInternal(X509CRL crl) throws CRLException {
if (crl instanceof X509CRLImpl) {
return ((X509CRLImpl)crl).getEncodedInternal();
} else {
return crl.getEncoded();
}
}
Example #17
| Source File: AlgorithmChecker.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 5 votes |
|
/**
* Check the signature algorithm with the specified public key.
*
* @param key the public key to verify the CRL signature
* @param crl the target CRL
*/
static void check(PublicKey key, X509CRL crl)
throws CertPathValidatorException {
X509CRLImpl x509CRLImpl = null;
try {
x509CRLImpl = X509CRLImpl.toImpl(crl);
} catch (CRLException ce) {
throw new CertPathValidatorException(ce);
}
AlgorithmId algorithmId = x509CRLImpl.getSigAlgId();
check(key, algorithmId);
}
Example #18
| Source File: X509CertUtil.java From keystore-explorer with GNU General Public License v3.0 | 5 votes |
|
/**
* Load a CRL from the specified stream.
*
* @param crlData BA to load CRL from
* @return The CRL
* @throws CryptoException
* Problem encountered while loading the CRL
*/
public static X509CRL loadCRL(byte[] crlData) throws CryptoException {
try {
CertificateFactory cf = CertificateFactory.getInstance(X509_CERT_TYPE);
return (X509CRL) cf.generateCRL(new ByteArrayInputStream(crlData));
} catch (CertificateException | CRLException ex) {
throw new CryptoException(res.getString("NoLoadCrl.exception.message"), ex);
}
}
Example #19
| Source File: AlgorithmChecker.java From j2objc with Apache License 2.0 | 5 votes |
|
/**
* Check the signature algorithm with the specified public key.
*
* @param key the public key to verify the CRL signature
* @param crl the target CRL
*/
static void check(PublicKey key, X509CRL crl)
throws CertPathValidatorException {
X509CRLImpl x509CRLImpl = null;
try {
x509CRLImpl = X509CRLImpl.toImpl(crl);
} catch (CRLException ce) {
throw new CertPathValidatorException(ce);
}
AlgorithmId algorithmId = x509CRLImpl.getSigAlgId();
check(key, algorithmId);
}
Example #20
| Source File: X509CRLImpl.java From openjdk-8-source with GNU General Public License v2.0 | 5 votes |
|
/**
* Returned the encoding as an uncloned byte array. Callers must
* guarantee that they neither modify it nor expose it to untrusted
* code.
*/
public byte[] getEncodedInternal() throws CRLException {
if (signedCRL == null) {
throw new CRLException("Null CRL to encode");
}
return signedCRL;
}
Example #21
| Source File: X509CRLEntryImpl.java From TencentKona-8 with GNU General Public License v2.0 | 5 votes |
|
/**
* Encodes the revoked certificate to an output stream.
*
* @param outStrm an output stream to which the encoded revoked
* certificate is written.
* @exception CRLException on encoding errors.
*/
public void encode(DerOutputStream outStrm) throws CRLException {
try {
if (revokedCert == null) {
DerOutputStream tmp = new DerOutputStream();
// sequence { serialNumber, revocationDate, extensions }
serialNumber.encode(tmp);
if (revocationDate.getTime() < YR_2050) {
tmp.putUTCTime(revocationDate);
} else {
tmp.putGeneralizedTime(revocationDate);
}
if (extensions != null)
extensions.encode(tmp, isExplicit);
DerOutputStream seq = new DerOutputStream();
seq.write(DerValue.tag_Sequence, tmp);
revokedCert = seq.toByteArray();
}
outStrm.write(revokedCert);
} catch (IOException e) {
throw new CRLException("Encoding error: " + e.toString());
}
}
Example #22
| Source File: X509CRLEntryImpl.java From openjdk-jdk8u with GNU General Public License v2.0 | 5 votes |
|
/**
* Encodes the revoked certificate to an output stream.
*
* @param outStrm an output stream to which the encoded revoked
* certificate is written.
* @exception CRLException on encoding errors.
*/
public void encode(DerOutputStream outStrm) throws CRLException {
try {
if (revokedCert == null) {
DerOutputStream tmp = new DerOutputStream();
// sequence { serialNumber, revocationDate, extensions }
serialNumber.encode(tmp);
if (revocationDate.getTime() < CertificateValidity.YR_2050) {
tmp.putUTCTime(revocationDate);
} else {
tmp.putGeneralizedTime(revocationDate);
}
if (extensions != null)
extensions.encode(tmp, isExplicit);
DerOutputStream seq = new DerOutputStream();
seq.write(DerValue.tag_Sequence, tmp);
revokedCert = seq.toByteArray();
}
outStrm.write(revokedCert);
} catch (IOException e) {
throw new CRLException("Encoding error: " + e.toString());
}
}
Example #23
| Source File: X509CRLObject.java From RipplePower with Apache License 2.0 | 5 votes |
|
public void verify(PublicKey key, String sigProvider)
throws CRLException, NoSuchAlgorithmException,
InvalidKeyException, NoSuchProviderException, SignatureException
{
if (!c.getSignatureAlgorithm().equals(c.getTBSCertList().getSignature()))
{
throw new CRLException("Signature algorithm on CertificateList does not match TBSCertList.");
}
Signature sig;
if (sigProvider != null)
{
sig = Signature.getInstance(getSigAlgName(), sigProvider);
}
else
{
sig = Signature.getInstance(getSigAlgName());
}
sig.initVerify(key);
sig.update(this.getTBSCertList());
if (!sig.verify(this.getSignature()))
{
throw new SignatureException("CRL does not verify with supplied public key.");
}
}
Example #24
| Source File: X509CRLImpl.java From j2objc with Apache License 2.0 | 5 votes |
|
/**
* Verifies that this CRL was signed using the
* private key that corresponds to the given public key,
* and that the signature verification was computed by
* the given provider.
*
* @param key the PublicKey used to carry out the verification.
* @param sigProvider the name of the signature provider.
*
* @exception NoSuchAlgorithmException on unsupported signature
* algorithms.
* @exception InvalidKeyException on incorrect key.
* @exception NoSuchProviderException on incorrect provider.
* @exception SignatureException on signature errors.
* @exception CRLException on encoding errors.
*/
public synchronized void verify(PublicKey key, String sigProvider)
throws CRLException, NoSuchAlgorithmException, InvalidKeyException,
NoSuchProviderException, SignatureException {
if (sigProvider == null) {
sigProvider = "";
}
if ((verifiedPublicKey != null) && verifiedPublicKey.equals(key)) {
// this CRL has already been successfully verified using
// this public key. Make sure providers match, too.
if (sigProvider.equals(verifiedProvider)) {
return;
}
}
if (signedCRL == null) {
throw new CRLException("Uninitialized CRL");
}
Signature sigVerf = null;
if (sigProvider.length() == 0) {
sigVerf = Signature.getInstance(sigAlgId.getName());
} else {
sigVerf = Signature.getInstance(sigAlgId.getName(), sigProvider);
}
sigVerf.initVerify(key);
if (tbsCertList == null) {
throw new CRLException("Uninitialized CRL");
}
sigVerf.update(tbsCertList, 0, tbsCertList.length);
if (!sigVerf.verify(signature)) {
throw new SignatureException("Signature does not match.");
}
verifiedPublicKey = key;
verifiedProvider = sigProvider;
}
Example #25
| Source File: CertUtils.java From openjdk-jdk8u with GNU General Public License v2.0 | 5 votes |
|
/**
* Get a DER-encoded X.509 CRL from a file.
*
* @param crlFilePath path to file containing DER-encoded CRL
* @return the X509CRL
* @throws CertificateException if the crl type is not supported
* @throws CRLException if the crl cannot be parsed
* @throws IOException if the file cannot be opened
*/
public static X509CRL getCRLFromFile(String crlFilePath)
throws CertificateException, CRLException, IOException {
File crlFile = new File(System.getProperty("test.src", "."),
crlFilePath);
try (FileInputStream fis = new FileInputStream(crlFile)) {
return (X509CRL)
CertificateFactory.getInstance("X.509").generateCRL(fis);
}
}
Example #26
| Source File: X509CRLObject.java From ripple-lib-java with ISC License | 5 votes |
|
public byte[] getEncoded()
throws CRLException
{
try
{
return c.getEncoded(ASN1Encoding.DER);
}
catch (IOException e)
{
throw new CRLException(e.toString());
}
}
Example #27
| Source File: X509CRLObject.java From ripple-lib-java with ISC License | 5 votes |
|
public byte[] getEncoded()
throws CRLException
{
try
{
return c.getEncoded(ASN1Encoding.DER);
}
catch (IOException e)
{
throw new CRLException(e.toString());
}
}
Example #28
| Source File: DigSigUtil.java From juddi with Apache License 2.0 | 5 votes |
|
/**
* Downloads a CRL from given HTTP/HTTPS/FTP URL, e.g.
* http://crl.infonotary.com/crl/identity-ca.crl
*/
private X509CRL downloadCRLFromWeb(String crlURL)
throws MalformedURLException, IOException, CertificateException,
CRLException {
URL url = new URL(crlURL);
InputStream crlStream = url.openStream();
try {
// CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509CRL crl = (X509CRL) cf.generateCRL(crlStream);
return crl;
} finally {
crlStream.close();
}
}
Example #29
| Source File: X509CRLImpl.java From openjdk-jdk9 with GNU General Public License v2.0 | 5 votes |
|
/**
* Returned the encoding as an uncloned byte array. Callers must
* guarantee that they neither modify it nor expose it to untrusted
* code.
*/
public byte[] getEncodedInternal() throws CRLException {
if (signedCRL == null) {
throw new CRLException("Null CRL to encode");
}
return signedCRL;
}
Example #30
| Source File: X509CRLImpl.java From TencentKona-8 with GNU General Public License v2.0 | 5 votes |
|
/**
* CRL constructor, revoked certs, no extensions.
*
* @param issuer the name of the CA issuing this CRL.
* @param thisUpdate the Date of this issue.
* @param nextUpdate the Date of the next CRL.
* @param badCerts the array of CRL entries.
*
* @exception CRLException on parsing/construction errors.
*/
public X509CRLImpl(X500Name issuer, Date thisDate, Date nextDate,
X509CRLEntry[] badCerts)
throws CRLException
{
this.issuer = issuer;
this.thisUpdate = thisDate;
this.nextUpdate = nextDate;
if (badCerts != null) {
X500Principal crlIssuer = getIssuerX500Principal();
X500Principal badCertIssuer = crlIssuer;
for (int i = 0; i < badCerts.length; i++) {
X509CRLEntryImpl badCert = (X509CRLEntryImpl)badCerts[i];
try {
badCertIssuer = getCertIssuer(badCert, badCertIssuer);
} catch (IOException ioe) {
throw new CRLException(ioe);
}
badCert.setCertificateIssuer(crlIssuer, badCertIssuer);
X509IssuerSerial issuerSerial = new X509IssuerSerial
(badCertIssuer, badCert.getSerialNumber());
this.revokedMap.put(issuerSerial, badCert);
this.revokedList.add(badCert);
if (badCert.hasExtensions()) {
this.version = 1;
}
}
}
}
