Java Code Examples for java.security.cert.CRLException

The following examples show how to use java.security.cert.CRLException. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: jdk8u60   Source File: CRLExtensions.java    License: GNU General Public License v2.0 6 votes vote down vote up
private void parseExtension(Extension ext) throws CRLException {
    try {
        Class<?> extClass = OIDMap.getClass(ext.getExtensionId());
        if (extClass == null) {   // Unsupported extension
            if (ext.isCritical())
                unsupportedCritExt = true;
            if (map.put(ext.getExtensionId().toString(), ext) != null)
                throw new CRLException("Duplicate extensions not allowed");
            return;
        }
        Constructor<?> cons = extClass.getConstructor(PARAMS);
        Object[] passed = new Object[] {Boolean.valueOf(ext.isCritical()),
                                        ext.getExtensionValue()};
        CertAttrSet<?> crlExt = (CertAttrSet<?>)cons.newInstance(passed);
        if (map.put(crlExt.getName(), (Extension)crlExt) != null) {
            throw new CRLException("Duplicate extensions not allowed");
        }
    } catch (InvocationTargetException invk) {
        throw new CRLException(invk.getTargetException().getMessage());
    } catch (Exception e) {
        throw new CRLException(e.toString());
    }
}
 
Example 2
@Override
public int compareTo(X509CRLEntryImpl that) {
    int compSerial = getSerialNumber().compareTo(that.getSerialNumber());
    if (compSerial != 0) {
        return compSerial;
    }
    try {
        byte[] thisEncoded = this.getEncoded0();
        byte[] thatEncoded = that.getEncoded0();
        for (int i=0; i<thisEncoded.length && i<thatEncoded.length; i++) {
            int a = thisEncoded[i] & 0xff;
            int b = thatEncoded[i] & 0xff;
            if (a != b) return a-b;
        }
        return thisEncoded.length -thatEncoded.length;
    } catch (CRLException ce) {
        return -1;
    }
}
 
Example 3
Source Project: servicecomb-java-chassis   Source File: KeyStoreUtilTest.java    License: Apache License 2.0 6 votes vote down vote up
@Test
public void testExceptionCRLException() {
  String crlfile = strFilePath + "/ssl/server.p12";
  boolean validAssert = true;
  try {
    new MockUp<CertificateFactory>() {
      @Mock
      public final CertificateFactory getInstance(String type) throws CertificateException, CRLException {
        throw new CRLException();
      }
    };
    KeyStoreUtil.createCRL(crlfile);
  } catch (Exception e) {
    validAssert = false;
    Assert.assertEquals("java.lang.IllegalArgumentException", e.getClass().getName());
  }
  Assert.assertFalse(validAssert);
}
 
Example 4
Source Project: RipplePower   Source File: X509CRLObject.java    License: Apache License 2.0 6 votes vote down vote up
protected X509CRLObject(
    CertificateList c)
    throws CRLException
{
    this.c = c;
    
    try
    {
        this.sigAlgName = X509SignatureUtil.getSignatureName(c.getSignatureAlgorithm());
        
        if (c.getSignatureAlgorithm().getParameters() != null)
        {
            this.sigAlgParams = ((ASN1Encodable)c.getSignatureAlgorithm().getParameters()).toASN1Primitive().getEncoded(ASN1Encoding.DER);
        }
        else
        {
            this.sigAlgParams = null;
        }

        this.isIndirect = isIndirectCRL(this);
    }
    catch (Exception e)
    {
        throw new CRLException("CRL contents invalid: " + e);
    }
}
 
Example 5
Source Project: TencentKona-8   Source File: CRLExtensions.java    License: GNU General Public License v2.0 6 votes vote down vote up
private void parseExtension(Extension ext) throws CRLException {
    try {
        Class<?> extClass = OIDMap.getClass(ext.getExtensionId());
        if (extClass == null) {   // Unsupported extension
            if (ext.isCritical())
                unsupportedCritExt = true;
            if (map.put(ext.getExtensionId().toString(), ext) != null)
                throw new CRLException("Duplicate extensions not allowed");
            return;
        }
        Constructor<?> cons = extClass.getConstructor(PARAMS);
        Object[] passed = new Object[] {Boolean.valueOf(ext.isCritical()),
                                        ext.getExtensionValue()};
        CertAttrSet<?> crlExt = (CertAttrSet<?>)cons.newInstance(passed);
        if (map.put(crlExt.getName(), (Extension)crlExt) != null) {
            throw new CRLException("Duplicate extensions not allowed");
        }
    } catch (InvocationTargetException invk) {
        throw new CRLException(invk.getTargetException().getMessage());
    } catch (Exception e) {
        throw new CRLException(e.toString());
    }
}
 
Example 6
Source Project: ssltest   Source File: SSLUtils.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Return the initialization parameters for the TrustManager.
 * Currently, only the default <code>PKIX</code> is supported.
 *
 * @param algorithm The algorithm to get parameters for.
 * @param crlFilename The path to the CRL file.
 * @param maxCertificateChainLength Optional maximum cert chain length.
 * @param trustStore The configured TrustStore.
 *
 * @return The parameters including the TrustStore and any CRLs.
 *
 * @throws InvalidAlgorithmParameterException
 * @throws KeyStoreException
 * @throws IOException
 * @throws CertificateException
 * @throws CRLException
 * @throws NoSuchAlgorithmException
 */
protected static CertPathParameters getParameters(String algorithm,
                                                  String crlFilename,
                                                  Integer maxCertificateChainLength,
                                                  KeyStore trustStore)
    throws KeyStoreException, InvalidAlgorithmParameterException, CRLException, CertificateException, IOException, NoSuchAlgorithmException
{
    CertPathParameters params = null;
    if("PKIX".equalsIgnoreCase(algorithm)) {
        PKIXBuilderParameters xparams =
            new PKIXBuilderParameters(trustStore, new X509CertSelector());
        Collection<? extends CRL> crls = getCRLs(crlFilename);
        CertStoreParameters csp = new CollectionCertStoreParameters(crls);
        CertStore store = CertStore.getInstance("Collection", csp);
        xparams.addCertStore(store);
        xparams.setRevocationEnabled(true);

        if(maxCertificateChainLength != null)
            xparams.setMaxPathLength(maxCertificateChainLength.intValue());

        params = xparams;
    } else {
        throw new CRLException("CRLs not supported for type: " + algorithm);
    }
    return params;
}
 
Example 7
Source Project: openjdk-jdk9   Source File: CRLExtensions.java    License: GNU General Public License v2.0 6 votes vote down vote up
private void init(DerInputStream derStrm) throws CRLException {
    try {
        DerInputStream str = derStrm;

        byte nextByte = (byte)derStrm.peekByte();
        // check for context specific byte 0; skip it
        if (((nextByte & 0x0c0) == 0x080) &&
            ((nextByte & 0x01f) == 0x000)) {
            DerValue val = str.getDerValue();
            str = val.data;
        }

        DerValue[] exts = str.getSequence(5);
        for (int i = 0; i < exts.length; i++) {
            Extension ext = new Extension(exts[i]);
            parseExtension(ext);
        }
    } catch (IOException e) {
        throw new CRLException("Parsing error: " + e.toString());
    }
}
 
Example 8
Source Project: qpid-broker-j   Source File: AbstractTrustStore.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Load the collection of CRLs.
 */
private Collection<? extends CRL> getCRLs(String crlUrl)
{
    Collection<? extends CRL> crls = Collections.emptyList();
    if (crlUrl != null)
    {
        try (InputStream is = getUrlFromString(crlUrl).openStream())
        {
            crls = SSLUtil.getCertificateFactory().generateCRLs(is);
        }
        catch (IOException | CRLException e)
        {
            throw new IllegalConfigurationException("Unable to load certificate revocation list '" + crlUrl +
                    "' for truststore '" + getName() + "' :" + e, e);
        }
    }
    return crls;
}
 
Example 9
Source Project: jdk8u-dev-jdk   Source File: CRLExtensions.java    License: GNU General Public License v2.0 6 votes vote down vote up
private void init(DerInputStream derStrm) throws CRLException {
    try {
        DerInputStream str = derStrm;

        byte nextByte = (byte)derStrm.peekByte();
        // check for context specific byte 0; skip it
        if (((nextByte & 0x0c0) == 0x080) &&
            ((nextByte & 0x01f) == 0x000)) {
            DerValue val = str.getDerValue();
            str = val.data;
        }

        DerValue[] exts = str.getSequence(5);
        for (int i = 0; i < exts.length; i++) {
            Extension ext = new Extension(exts[i]);
            parseExtension(ext);
        }
    } catch (IOException e) {
        throw new CRLException("Parsing error: " + e.toString());
    }
}
 
Example 10
@Override
public int compareTo(X509CRLEntryImpl that) {
    int compSerial = getSerialNumber().compareTo(that.getSerialNumber());
    if (compSerial != 0) {
        return compSerial;
    }
    try {
        byte[] thisEncoded = this.getEncoded0();
        byte[] thatEncoded = that.getEncoded0();
        for (int i=0; i<thisEncoded.length && i<thatEncoded.length; i++) {
            int a = thisEncoded[i] & 0xff;
            int b = thatEncoded[i] & 0xff;
            if (a != b) return a-b;
        }
        return thisEncoded.length -thatEncoded.length;
    } catch (CRLException ce) {
        return -1;
    }
}
 
Example 11
Source Project: RipplePower   Source File: X509CRLObject.java    License: Apache License 2.0 6 votes vote down vote up
public X509CRLObject(
    CertificateList c)
    throws CRLException
{
    this.c = c;
    
    try
    {
        this.sigAlgName = X509SignatureUtil.getSignatureName(c.getSignatureAlgorithm());
        
        if (c.getSignatureAlgorithm().getParameters() != null)
        {
            this.sigAlgParams = ((ASN1Encodable)c.getSignatureAlgorithm().getParameters()).toASN1Primitive().getEncoded(ASN1Encoding.DER);
        }
        else
        {
            this.sigAlgParams = null;
        }

        this.isIndirect = isIndirectCRL(this);
    }
    catch (Exception e)
    {
        throw new CRLException("CRL contents invalid: " + e);
    }
}
 
Example 12
Source Project: jdk8u-dev-jdk   Source File: X509CRLImpl.java    License: GNU General Public License v2.0 5 votes vote down vote up
/**
 * Returned the encoding as an uncloned byte array. Callers must
 * guarantee that they neither modify it nor expose it to untrusted
 * code.
 */
public byte[] getEncodedInternal() throws CRLException {
    if (signedCRL == null) {
        throw new CRLException("Null CRL to encode");
    }
    return signedCRL;
}
 
Example 13
Source Project: hadoop-ozone   Source File: CRLCodec.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Returns the Certificate as a PEM encoded String.
 *
 * @param holder - X.509 CRL Holder.
 * @return PEM Encoded Certificate String.
 * @throws SCMSecurityException - On failure to create a PEM String.
 */
public static String getPEMEncodedString(X509CRLHolder holder)
    throws SCMSecurityException {
  LOG.trace("Getting PEM version of a CRL.");
  try {
    return getPEMEncodedString(getX509CRL(holder));
  } catch (CRLException exp) {
    throw new SCMSecurityException(exp);
  }
}
 
Example 14
Source Project: lams   Source File: KeyInfoHelper.java    License: GNU General Public License v2.0 5 votes vote down vote up
/**
 * Builds an {@link org.opensaml.xml.signature.X509CRL} XMLObject from
 * a native Java {@link java.security.cert.X509CRL}.
 * 
 * @param crl the Java {@link java.security.cert.X509CRL} to convert
 * @return a {@link org.opensaml.xml.signature.X509CRL} XMLObject
 * @throws CRLException thrown when there is an error converting the Java 
 *           CRL representation to the XMLObject representation
 */
public static org.opensaml.xml.signature.X509CRL buildX509CRL(X509CRL crl) throws CRLException {
    org.opensaml.xml.signature.X509CRL xmlCRL =
        (org.opensaml.xml.signature.X509CRL) Configuration.getBuilderFactory()
        .getBuilder(org.opensaml.xml.signature.X509CRL.DEFAULT_ELEMENT_NAME)
        .buildObject(org.opensaml.xml.signature.X509CRL.DEFAULT_ELEMENT_NAME);
    
    xmlCRL.setValue(Base64.encodeBytes(crl.getEncoded()));
    
    return xmlCRL;
}
 
Example 15
private void parse(DerValue derVal)
throws CRLException, IOException {

    if (derVal.tag != DerValue.tag_Sequence) {
        throw new CRLException("Invalid encoded RevokedCertificate, " +
                              "starting sequence tag missing.");
    }
    if (derVal.data.available() == 0)
        throw new CRLException("No data encoded for RevokedCertificates");

    revokedCert = derVal.toByteArray();
    // serial number
    DerInputStream in = derVal.toDerInputStream();
    DerValue val = in.getDerValue();
    this.serialNumber = new SerialNumber(val);

    // revocationDate
    int nextByte = derVal.data.peekByte();
    if ((byte)nextByte == DerValue.tag_UtcTime) {
        this.revocationDate = derVal.data.getUTCTime();
    } else if ((byte)nextByte == DerValue.tag_GeneralizedTime) {
        this.revocationDate = derVal.data.getGeneralizedTime();
    } else
        throw new CRLException("Invalid encoding for revocation date");

    if (derVal.data.available() == 0)
        return;  // no extensions

    // crlEntryExtensions
    this.extensions = new CRLExtensions(derVal.toDerInputStream());
}
 
Example 16
Source Project: jdk8u60   Source File: X509CRLImpl.java    License: GNU General Public License v2.0 5 votes vote down vote up
/**
 * Verifies that this CRL was signed using the
 * private key that corresponds to the given public key,
 * and that the signature verification was computed by
 * the given provider. Note that the specified Provider object
 * does not have to be registered in the provider list.
 *
 * @param key the PublicKey used to carry out the verification.
 * @param sigProvider the signature provider.
 *
 * @exception NoSuchAlgorithmException on unsupported signature
 * algorithms.
 * @exception InvalidKeyException on incorrect key.
 * @exception SignatureException on signature errors.
 * @exception CRLException on encoding errors.
 */
public synchronized void verify(PublicKey key, Provider sigProvider)
        throws CRLException, NoSuchAlgorithmException, InvalidKeyException,
        SignatureException {

    if (signedCRL == null) {
        throw new CRLException("Uninitialized CRL");
    }
    Signature sigVerf = null;
    if (sigProvider == null) {
        sigVerf = Signature.getInstance(sigAlgId.getName());
    } else {
        sigVerf = Signature.getInstance(sigAlgId.getName(), sigProvider);
    }
    sigVerf.initVerify(key);

    if (tbsCertList == null) {
        throw new CRLException("Uninitialized CRL");
    }

    sigVerf.update(tbsCertList, 0, tbsCertList.length);

    if (!sigVerf.verify(signature)) {
        throw new SignatureException("Signature does not match.");
    }
    verifiedPublicKey = key;
}
 
Example 17
Source Project: Spark   Source File: SparkTrustManager.java    License: Apache License 2.0 5 votes vote down vote up
public Collection<X509CRL> loadCRL(X509Certificate[] chain) throws IOException, InvalidAlgorithmParameterException,
        NoSuchAlgorithmException, CertStoreException, CRLException, CertificateException {

    // for each certificate in chain
    for (X509Certificate cert : chain) {
        if (cert.getExtensionValue(Extension.cRLDistributionPoints.getId()) != null) {
            ASN1Primitive primitive = JcaX509ExtensionUtils
                    .parseExtensionValue(cert.getExtensionValue(Extension.cRLDistributionPoints.getId()));
            // extract distribution point extension
            CRLDistPoint distPoint = CRLDistPoint.getInstance(primitive);
            DistributionPoint[] dp = distPoint.getDistributionPoints();
            // each distribution point extension can hold number of distribution points
            for (DistributionPoint d : dp) {
                DistributionPointName dpName = d.getDistributionPoint();
                // Look for URIs in fullName
                if (dpName != null && dpName.getType() == DistributionPointName.FULL_NAME) {
                    GeneralName[] genNames = GeneralNames.getInstance(dpName.getName()).getNames();
                    // Look for an URI
                    for (GeneralName genName : genNames) {
                        // extract url
                        URL url = new URL(genName.getName().toString());
                        try {
                            // download from Internet to the collection
                            crlCollection.add(downloadCRL(url));
                        } catch (CertificateException | CRLException e) {
                            throw new CRLException("Couldn't download CRL");
                        }
                    }
                }
            }
        } else {
            Log.warning("Certificate " + cert.getSubjectX500Principal().getName().toString() + " have no CRLs");
        }
        // parameters for cert store is collection type, using collection with crl create parameters
        CollectionCertStoreParameters params = new CollectionCertStoreParameters(crlCollection);
        // this parameters are next used for creation of certificate store with crls
        crlStore = CertStore.getInstance("Collection", params);
    }
    return crlCollection;
}
 
Example 18
Source Project: dragonwell8_jdk   Source File: X509CRLImpl.java    License: GNU General Public License v2.0 5 votes vote down vote up
/**
 * Unmarshals an X.509 CRL from an input stream. Only one CRL
 * is expected at the end of the input stream.
 *
 * @param inStrm an input stream holding at least one CRL
 * @exception CRLException on parsing errors.
 */
public X509CRLImpl(InputStream inStrm) throws CRLException {
    try {
        parse(new DerValue(inStrm));
    } catch (IOException e) {
        signedCRL = null;
        throw new CRLException("Parsing error: " + e.getMessage());
    }
}
 
Example 19
Source Project: dragonwell8_jdk   Source File: X509CRLImpl.java    License: GNU General Public License v2.0 5 votes vote down vote up
/**
 * CRL constructor, revoked certs, no extensions.
 *
 * @param issuer the name of the CA issuing this CRL.
 * @param thisUpdate the Date of this issue.
 * @param nextUpdate the Date of the next CRL.
 * @param badCerts the array of CRL entries.
 *
 * @exception CRLException on parsing/construction errors.
 */
public X509CRLImpl(X500Name issuer, Date thisDate, Date nextDate,
                   X509CRLEntry[] badCerts)
    throws CRLException
{
    this.issuer = issuer;
    this.thisUpdate = thisDate;
    this.nextUpdate = nextDate;
    if (badCerts != null) {
        X500Principal crlIssuer = getIssuerX500Principal();
        X500Principal badCertIssuer = crlIssuer;
        for (int i = 0; i < badCerts.length; i++) {
            X509CRLEntryImpl badCert = (X509CRLEntryImpl)badCerts[i];
            try {
                badCertIssuer = getCertIssuer(badCert, badCertIssuer);
            } catch (IOException ioe) {
                throw new CRLException(ioe);
            }
            badCert.setCertificateIssuer(crlIssuer, badCertIssuer);
            X509IssuerSerial issuerSerial = new X509IssuerSerial
                (badCertIssuer, badCert.getSerialNumber());
            this.revokedMap.put(issuerSerial, badCert);
            this.revokedList.add(badCert);
            if (badCert.hasExtensions()) {
                this.version = 1;
            }
        }
    }
}
 
Example 20
Source Project: RipplePower   Source File: X509CRLObject.java    License: Apache License 2.0 5 votes vote down vote up
public static boolean isIndirectCRL(X509CRL crl)
    throws CRLException
{
    try
    {
        byte[] idp = crl.getExtensionValue(Extension.issuingDistributionPoint.getId());
        return idp != null
            && IssuingDistributionPoint.getInstance(ASN1OctetString.getInstance(idp).getOctets()).isIndirectCRL();
    }
    catch (Exception e)
    {
        throw new ExtCRLException(
                "Exception reading IssuingDistributionPoint", e);
    }
}
 
Example 21
Source Project: dragonwell8_jdk   Source File: X509CRLImpl.java    License: GNU General Public License v2.0 5 votes vote down vote up
/**
 * Verifies that this CRL was signed using the
 * private key that corresponds to the given public key,
 * and that the signature verification was computed by
 * the given provider. Note that the specified Provider object
 * does not have to be registered in the provider list.
 *
 * @param key the PublicKey used to carry out the verification.
 * @param sigProvider the signature provider.
 *
 * @exception NoSuchAlgorithmException on unsupported signature
 * algorithms.
 * @exception InvalidKeyException on incorrect key.
 * @exception SignatureException on signature errors.
 * @exception CRLException on encoding errors.
 */
public synchronized void verify(PublicKey key, Provider sigProvider)
        throws CRLException, NoSuchAlgorithmException, InvalidKeyException,
        SignatureException {

    if (signedCRL == null) {
        throw new CRLException("Uninitialized CRL");
    }
    Signature sigVerf = null;
    if (sigProvider == null) {
        sigVerf = Signature.getInstance(sigAlgId.getName());
    } else {
        sigVerf = Signature.getInstance(sigAlgId.getName(), sigProvider);
    }
    sigVerf.initVerify(key);

    if (tbsCertList == null) {
        throw new CRLException("Uninitialized CRL");
    }

    sigVerf.update(tbsCertList, 0, tbsCertList.length);

    if (!sigVerf.verify(signature)) {
        throw new SignatureException("Signature does not match.");
    }
    verifiedPublicKey = key;
}
 
Example 22
Source Project: openjdk-jdk9   Source File: X509CRLImpl.java    License: GNU General Public License v2.0 5 votes vote down vote up
/**
 * Verifies that this CRL was signed using the
 * private key that corresponds to the given public key,
 * and that the signature verification was computed by
 * the given provider.
 *
 * @param key the PublicKey used to carry out the verification.
 * @param sigProvider the name of the signature provider.
 *
 * @exception NoSuchAlgorithmException on unsupported signature
 * algorithms.
 * @exception InvalidKeyException on incorrect key.
 * @exception NoSuchProviderException on incorrect provider.
 * @exception SignatureException on signature errors.
 * @exception CRLException on encoding errors.
 */
public synchronized void verify(PublicKey key, String sigProvider)
        throws CRLException, NoSuchAlgorithmException, InvalidKeyException,
        NoSuchProviderException, SignatureException {

    if (sigProvider == null) {
        sigProvider = "";
    }
    if ((verifiedPublicKey != null) && verifiedPublicKey.equals(key)) {
        // this CRL has already been successfully verified using
        // this public key. Make sure providers match, too.
        if (sigProvider.equals(verifiedProvider)) {
            return;
        }
    }
    if (signedCRL == null) {
        throw new CRLException("Uninitialized CRL");
    }
    Signature   sigVerf = null;
    if (sigProvider.length() == 0) {
        sigVerf = Signature.getInstance(sigAlgId.getName());
    } else {
        sigVerf = Signature.getInstance(sigAlgId.getName(), sigProvider);
    }
    sigVerf.initVerify(key);

    if (tbsCertList == null) {
        throw new CRLException("Uninitialized CRL");
    }

    sigVerf.update(tbsCertList, 0, tbsCertList.length);

    if (!sigVerf.verify(signature)) {
        throw new SignatureException("Signature does not match.");
    }
    verifiedPublicKey = key;
    verifiedProvider = sigProvider;
}
 
Example 23
Source Project: jdk8u60   Source File: X509CRLImpl.java    License: GNU General Public License v2.0 5 votes vote down vote up
/**
 * Returned the encoding as an uncloned byte array. Callers must
 * guarantee that they neither modify it nor expose it to untrusted
 * code.
 */
public byte[] getEncodedInternal() throws CRLException {
    if (signedCRL == null) {
        throw new CRLException("Null CRL to encode");
    }
    return signedCRL;
}
 
Example 24
Source Project: jdk8u-jdk   Source File: X509CRLEntryImpl.java    License: GNU General Public License v2.0 5 votes vote down vote up
/**
 * Encodes the revoked certificate to an output stream.
 *
 * @param outStrm an output stream to which the encoded revoked
 * certificate is written.
 * @exception CRLException on encoding errors.
 */
public void encode(DerOutputStream outStrm) throws CRLException {
    try {
        if (revokedCert == null) {
            DerOutputStream tmp = new DerOutputStream();
            // sequence { serialNumber, revocationDate, extensions }
            serialNumber.encode(tmp);

            if (revocationDate.getTime() < YR_2050) {
                tmp.putUTCTime(revocationDate);
            } else {
                tmp.putGeneralizedTime(revocationDate);
            }

            if (extensions != null)
                extensions.encode(tmp, isExplicit);

            DerOutputStream seq = new DerOutputStream();
            seq.write(DerValue.tag_Sequence, tmp);

            revokedCert = seq.toByteArray();
        }
        outStrm.write(revokedCert);
    } catch (IOException e) {
         throw new CRLException("Encoding error: " + e.toString());
    }
}
 
Example 25
/**
 * Unmarshals a revoked certificate from its encoded form.
 *
 * @param derVal the DER value containing the revoked certificate.
 * @exception CRLException on parsing errors.
 */
public X509CRLEntryImpl(DerValue derValue) throws CRLException {
    try {
        parse(derValue);
    } catch (IOException e) {
        revokedCert = null;
        throw new CRLException("Parsing error: " + e.toString());
    }
}
 
Example 26
Source Project: j2objc   Source File: X509Factory.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Returns a (possibly empty) collection view of X.509 CRLs read
 * from the given input stream <code>is</code>.
 *
 * @param is the input stream with the CRLs.
 *
 * @return a (possibly empty) collection view of X.509 CRL objects
 * initialized with the data from the input stream.
 *
 * @exception CRLException on parsing errors.
 */
public Collection<? extends java.security.cert.CRL> engineGenerateCRLs(
        InputStream is) throws CRLException
{
    if (is == null) {
        throw new CRLException("Missing input stream");
    }
    try {
        return parseX509orPKCS7CRL(is);
    } catch (IOException ioe) {
        throw new CRLException(ioe.getMessage());
    }
}
 
Example 27
Source Project: jdk8u60   Source File: X509CRLImpl.java    License: GNU General Public License v2.0 5 votes vote down vote up
/**
 * CRL constructor, revoked certs, no extensions.
 *
 * @param issuer the name of the CA issuing this CRL.
 * @param thisUpdate the Date of this issue.
 * @param nextUpdate the Date of the next CRL.
 * @param badCerts the array of CRL entries.
 *
 * @exception CRLException on parsing/construction errors.
 */
public X509CRLImpl(X500Name issuer, Date thisDate, Date nextDate,
                   X509CRLEntry[] badCerts)
    throws CRLException
{
    this.issuer = issuer;
    this.thisUpdate = thisDate;
    this.nextUpdate = nextDate;
    if (badCerts != null) {
        X500Principal crlIssuer = getIssuerX500Principal();
        X500Principal badCertIssuer = crlIssuer;
        for (int i = 0; i < badCerts.length; i++) {
            X509CRLEntryImpl badCert = (X509CRLEntryImpl)badCerts[i];
            try {
                badCertIssuer = getCertIssuer(badCert, badCertIssuer);
            } catch (IOException ioe) {
                throw new CRLException(ioe);
            }
            badCert.setCertificateIssuer(crlIssuer, badCertIssuer);
            X509IssuerSerial issuerSerial = new X509IssuerSerial
                (badCertIssuer, badCert.getSerialNumber());
            this.revokedMap.put(issuerSerial, badCert);
            this.revokedList.add(badCert);
            if (badCert.hasExtensions()) {
                this.version = 1;
            }
        }
    }
}
 
Example 28
private void parse(DerValue derVal)
throws CRLException, IOException {

    if (derVal.tag != DerValue.tag_Sequence) {
        throw new CRLException("Invalid encoded RevokedCertificate, " +
                              "starting sequence tag missing.");
    }
    if (derVal.data.available() == 0)
        throw new CRLException("No data encoded for RevokedCertificates");

    revokedCert = derVal.toByteArray();
    // serial number
    DerInputStream in = derVal.toDerInputStream();
    DerValue val = in.getDerValue();
    this.serialNumber = new SerialNumber(val);

    // revocationDate
    int nextByte = derVal.data.peekByte();
    if ((byte)nextByte == DerValue.tag_UtcTime) {
        this.revocationDate = derVal.data.getUTCTime();
    } else if ((byte)nextByte == DerValue.tag_GeneralizedTime) {
        this.revocationDate = derVal.data.getGeneralizedTime();
    } else
        throw new CRLException("Invalid encoding for revocation date");

    if (derVal.data.available() == 0)
        return;  // no extensions

    // crlEntryExtensions
    this.extensions = new CRLExtensions(derVal.toDerInputStream());
}
 
Example 29
Source Project: openjdk-jdk9   Source File: X509CRLImpl.java    License: GNU General Public License v2.0 5 votes vote down vote up
/**
 * Verifies that this CRL was signed using the
 * private key that corresponds to the given public key,
 * and that the signature verification was computed by
 * the given provider. Note that the specified Provider object
 * does not have to be registered in the provider list.
 *
 * @param key the PublicKey used to carry out the verification.
 * @param sigProvider the signature provider.
 *
 * @exception NoSuchAlgorithmException on unsupported signature
 * algorithms.
 * @exception InvalidKeyException on incorrect key.
 * @exception SignatureException on signature errors.
 * @exception CRLException on encoding errors.
 */
public synchronized void verify(PublicKey key, Provider sigProvider)
        throws CRLException, NoSuchAlgorithmException, InvalidKeyException,
        SignatureException {

    if (signedCRL == null) {
        throw new CRLException("Uninitialized CRL");
    }
    Signature sigVerf = null;
    if (sigProvider == null) {
        sigVerf = Signature.getInstance(sigAlgId.getName());
    } else {
        sigVerf = Signature.getInstance(sigAlgId.getName(), sigProvider);
    }
    sigVerf.initVerify(key);

    if (tbsCertList == null) {
        throw new CRLException("Uninitialized CRL");
    }

    sigVerf.update(tbsCertList, 0, tbsCertList.length);

    if (!sigVerf.verify(signature)) {
        throw new SignatureException("Signature does not match.");
    }
    verifiedPublicKey = key;
}
 
Example 30
Source Project: j2objc   Source File: X509CRLEntryTest.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * X509CRLEntry() method testing. Tests for creating object.
 */
public void testX509CRLEntry() {
    TBTCRLEntry tbt_crlentry = new TBTCRLEntry();

    assertNull(tbt_crlentry.getCertificateIssuer());
    assertNull(tbt_crlentry.getCriticalExtensionOIDs());
    try {
        assertNull(tbt_crlentry.getEncoded());
    } catch (CRLException e) {
        fail("Unexpected exception " + e.getMessage());
    }
    assertNull(tbt_crlentry.getNonCriticalExtensionOIDs());
    assertNull(tbt_crlentry.getRevocationDate());

}