java.security.cert.CRLReason Java Examples
The following examples show how to use
java.security.cert.CRLReason.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: AdvancedModifiableKeyStoreDecorator.java From wildfly-core with GNU Lesser General Public License v2.1 | 6 votes |
|
static CRLReason getCRLReason(String reason) throws OperationFailedException {
switch (reason.toUpperCase(Locale.ENGLISH)) {
case UNSPECIFIED:
return CRLReason.UNSPECIFIED;
case KEY_COMPROMISE:
return CRLReason.KEY_COMPROMISE;
case CA_COMPROMISE:
return CRLReason.CA_COMPROMISE;
case AFFILIATION_CHANGED:
return CRLReason.AFFILIATION_CHANGED;
case SUPERSEDED:
return CRLReason.SUPERSEDED;
case CESSATION_OF_OPERATION:
return CRLReason.CESSATION_OF_OPERATION;
case CERTIFICATE_HOLD:
return CRLReason.CERTIFICATE_HOLD;
case REMOVE_FROM_CRL:
return CRLReason.REMOVE_FROM_CRL;
case PRIVILEGE_WITHDRAWN:
return CRLReason.PRIVILEGE_WITHDRAWN;
case AA_COMPROMISE:
return CRLReason.AA_COMPROMISE;
default:
throw ROOT_LOGGER.invalidCertificateRevocationReason(reason);
}
}
Example #2
| Source File: X509CRLEntryImpl.java From jdk8u60 with GNU General Public License v2.0 | 6 votes |
|
/**
* This static method is the default implementation of the
* getRevocationReason method in X509CRLEntry.
*/
public static CRLReason getRevocationReason(X509CRLEntry crlEntry) {
try {
byte[] ext = crlEntry.getExtensionValue("2.5.29.21");
if (ext == null) {
return null;
}
DerValue val = new DerValue(ext);
byte[] data = val.getOctetString();
CRLReasonCodeExtension rcExt =
new CRLReasonCodeExtension(Boolean.FALSE, data);
return rcExt.getReasonCode();
} catch (IOException ioe) {
return null;
}
}
Example #3
| Source File: X509CRLEntryImpl.java From TencentKona-8 with GNU General Public License v2.0 | 6 votes |
|
/**
* This static method is the default implementation of the
* getRevocationReason method in X509CRLEntry.
*/
public static CRLReason getRevocationReason(X509CRLEntry crlEntry) {
try {
byte[] ext = crlEntry.getExtensionValue("2.5.29.21");
if (ext == null) {
return null;
}
DerValue val = new DerValue(ext);
byte[] data = val.getOctetString();
CRLReasonCodeExtension rcExt =
new CRLReasonCodeExtension(Boolean.FALSE, data);
return rcExt.getReasonCode();
} catch (IOException ioe) {
return null;
}
}
Example #4
| Source File: X509CRLEntryImpl.java From dragonwell8_jdk with GNU General Public License v2.0 | 6 votes |
|
/**
* This static method is the default implementation of the
* getRevocationReason method in X509CRLEntry.
*/
public static CRLReason getRevocationReason(X509CRLEntry crlEntry) {
try {
byte[] ext = crlEntry.getExtensionValue("2.5.29.21");
if (ext == null) {
return null;
}
DerValue val = new DerValue(ext);
byte[] data = val.getOctetString();
CRLReasonCodeExtension rcExt =
new CRLReasonCodeExtension(Boolean.FALSE, data);
return rcExt.getReasonCode();
} catch (IOException ioe) {
return null;
}
}
Example #5
| Source File: X509CRLEntryImpl.java From openjdk-jdk8u with GNU General Public License v2.0 | 6 votes |
|
/**
* This static method is the default implementation of the
* getRevocationReason method in X509CRLEntry.
*/
public static CRLReason getRevocationReason(X509CRLEntry crlEntry) {
try {
byte[] ext = crlEntry.getExtensionValue("2.5.29.21");
if (ext == null) {
return null;
}
DerValue val = new DerValue(ext);
byte[] data = val.getOctetString();
CRLReasonCodeExtension rcExt =
new CRLReasonCodeExtension(Boolean.FALSE, data);
return rcExt.getReasonCode();
} catch (IOException ioe) {
return null;
}
}
Example #6
| Source File: X509CRLEntryImpl.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 6 votes |
|
/**
* This static method is the default implementation of the
* getRevocationReason method in X509CRLEntry.
*/
public static CRLReason getRevocationReason(X509CRLEntry crlEntry) {
try {
byte[] ext = crlEntry.getExtensionValue("2.5.29.21");
if (ext == null) {
return null;
}
DerValue val = new DerValue(ext);
byte[] data = val.getOctetString();
CRLReasonCodeExtension rcExt =
new CRLReasonCodeExtension(Boolean.FALSE, data);
return rcExt.getReasonCode();
} catch (IOException ioe) {
return null;
}
}
Example #7
| Source File: X509CRLEntryImpl.java From Bytecoder with Apache License 2.0 | 6 votes |
|
/**
* This static method is the default implementation of the
* getRevocationReason method in X509CRLEntry.
*/
public static CRLReason getRevocationReason(X509CRLEntry crlEntry) {
try {
byte[] ext = crlEntry.getExtensionValue("2.5.29.21");
if (ext == null) {
return null;
}
DerValue val = new DerValue(ext);
byte[] data = val.getOctetString();
CRLReasonCodeExtension rcExt =
new CRLReasonCodeExtension(Boolean.FALSE, data);
return rcExt.getReasonCode();
} catch (IOException ioe) {
return null;
}
}
Example #8
| Source File: SimpleOCSPServer.java From openjdk-jdk9 with GNU General Public License v2.0 | 6 votes |
|
/**
* Create a CertStatusInfo providing type, revocation date
* (if applicable) and revocation reason.
*
* @param statType the status for this entry.
* @param revDate if applicable, the date that revocation took place.
* A value of {@code null} indicates that current time should be used.
* If the value of {@code statType} is not {@code CERT_STATUS_REVOKED},
* then the {@code revDate} parameter is ignored.
* @param revReason the reason the certificate was revoked. A value of
* {@code null} means that no reason was provided.
*/
public CertStatusInfo(CertStatus statType, Date revDate,
CRLReason revReason) {
Objects.requireNonNull(statType, "Cert Status must be non-null");
certStatusType = statType;
switch (statType) {
case CERT_STATUS_GOOD:
case CERT_STATUS_UNKNOWN:
revocationTime = null;
break;
case CERT_STATUS_REVOKED:
revocationTime = revDate != null ? (Date)revDate.clone() :
new Date();
break;
default:
throw new IllegalArgumentException("Unknown status type: " +
statType);
}
}
Example #9
| Source File: X509CRLEntryImpl.java From jdk8u-jdk with GNU General Public License v2.0 | 6 votes |
|
/**
* This static method is the default implementation of the
* getRevocationReason method in X509CRLEntry.
*/
public static CRLReason getRevocationReason(X509CRLEntry crlEntry) {
try {
byte[] ext = crlEntry.getExtensionValue("2.5.29.21");
if (ext == null) {
return null;
}
DerValue val = new DerValue(ext);
byte[] data = val.getOctetString();
CRLReasonCodeExtension rcExt =
new CRLReasonCodeExtension(Boolean.FALSE, data);
return rcExt.getReasonCode();
} catch (IOException ioe) {
return null;
}
}
Example #10
| Source File: X509CRLEntryImpl.java From hottub with GNU General Public License v2.0 | 6 votes |
|
/**
* This static method is the default implementation of the
* getRevocationReason method in X509CRLEntry.
*/
public static CRLReason getRevocationReason(X509CRLEntry crlEntry) {
try {
byte[] ext = crlEntry.getExtensionValue("2.5.29.21");
if (ext == null) {
return null;
}
DerValue val = new DerValue(ext);
byte[] data = val.getOctetString();
CRLReasonCodeExtension rcExt =
new CRLReasonCodeExtension(Boolean.FALSE, data);
return rcExt.getReasonCode();
} catch (IOException ioe) {
return null;
}
}
Example #11
| Source File: X509CRLEntryImpl.java From openjdk-8-source with GNU General Public License v2.0 | 6 votes |
|
/**
* This static method is the default implementation of the
* getRevocationReason method in X509CRLEntry.
*/
public static CRLReason getRevocationReason(X509CRLEntry crlEntry) {
try {
byte[] ext = crlEntry.getExtensionValue("2.5.29.21");
if (ext == null) {
return null;
}
DerValue val = new DerValue(ext);
byte[] data = val.getOctetString();
CRLReasonCodeExtension rcExt =
new CRLReasonCodeExtension(Boolean.FALSE, data);
return rcExt.getReasonCode();
} catch (IOException ioe) {
return null;
}
}
Example #12
| Source File: X509CRLEntryImpl.java From openjdk-8 with GNU General Public License v2.0 | 6 votes |
|
/**
* This static method is the default implementation of the
* getRevocationReason method in X509CRLEntry.
*/
public static CRLReason getRevocationReason(X509CRLEntry crlEntry) {
try {
byte[] ext = crlEntry.getExtensionValue("2.5.29.21");
if (ext == null) {
return null;
}
DerValue val = new DerValue(ext);
byte[] data = val.getOctetString();
CRLReasonCodeExtension rcExt =
new CRLReasonCodeExtension(Boolean.FALSE, data);
return rcExt.getReasonCode();
} catch (IOException ioe) {
return null;
}
}
Example #13
| Source File: X509CRLEntryImpl.java From jdk8u_jdk with GNU General Public License v2.0 | 6 votes |
|
/**
* This static method is the default implementation of the
* getRevocationReason method in X509CRLEntry.
*/
public static CRLReason getRevocationReason(X509CRLEntry crlEntry) {
try {
byte[] ext = crlEntry.getExtensionValue("2.5.29.21");
if (ext == null) {
return null;
}
DerValue val = new DerValue(ext);
byte[] data = val.getOctetString();
CRLReasonCodeExtension rcExt =
new CRLReasonCodeExtension(Boolean.FALSE, data);
return rcExt.getReasonCode();
} catch (IOException ioe) {
return null;
}
}
Example #14
| Source File: X509CRLEntryImpl.java From jdk8u-jdk with GNU General Public License v2.0 | 6 votes |
|
/**
* This static method is the default implementation of the
* getRevocationReason method in X509CRLEntry.
*/
public static CRLReason getRevocationReason(X509CRLEntry crlEntry) {
try {
byte[] ext = crlEntry.getExtensionValue("2.5.29.21");
if (ext == null) {
return null;
}
DerValue val = new DerValue(ext);
byte[] data = val.getOctetString();
CRLReasonCodeExtension rcExt =
new CRLReasonCodeExtension(Boolean.FALSE, data);
return rcExt.getReasonCode();
} catch (IOException ioe) {
return null;
}
}
Example #15
| Source File: X509CRLEntryImpl.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 6 votes |
|
/**
* This static method is the default implementation of the
* getRevocationReason method in X509CRLEntry.
*/
public static CRLReason getRevocationReason(X509CRLEntry crlEntry) {
try {
byte[] ext = crlEntry.getExtensionValue("2.5.29.21");
if (ext == null) {
return null;
}
DerValue val = new DerValue(ext);
byte[] data = val.getOctetString();
CRLReasonCodeExtension rcExt =
new CRLReasonCodeExtension(Boolean.FALSE, data);
return rcExt.getReasonCode();
} catch (IOException ioe) {
return null;
}
}
Example #16
| Source File: X509CRLEntryImpl.java From j2objc with Apache License 2.0 | 6 votes |
|
/**
* This static method is the default implementation of the
* getRevocationReason method in X509CRLEntry.
*/
public static CRLReason getRevocationReason(X509CRLEntry crlEntry) {
try {
byte[] ext = crlEntry.getExtensionValue("2.5.29.21");
if (ext == null) {
return null;
}
DerValue val = new DerValue(ext);
byte[] data = val.getOctetString();
CRLReasonCodeExtension rcExt =
new CRLReasonCodeExtension(Boolean.FALSE, data);
return rcExt.getReasonCode();
} catch (IOException ioe) {
return null;
}
}
Example #17
| Source File: X509CRLEntryImpl.java From openjdk-8 with GNU General Public License v2.0 | 5 votes |
|
/**
* This method is the overridden implementation of the getRevocationReason
* method in X509CRLEntry. It is better performance-wise since it returns
* cached values.
*/
@Override
public CRLReason getRevocationReason() {
Extension ext = getExtension(PKIXExtensions.ReasonCode_Id);
if (ext == null) {
return null;
}
CRLReasonCodeExtension rcExt = (CRLReasonCodeExtension) ext;
return rcExt.getReasonCode();
}
Example #18
| Source File: X509CRLEntryImpl.java From TencentKona-8 with GNU General Public License v2.0 | 5 votes |
|
/**
* This method is the overridden implementation of the getRevocationReason
* method in X509CRLEntry. It is better performance-wise since it returns
* cached values.
*/
@Override
public CRLReason getRevocationReason() {
Extension ext = getExtension(PKIXExtensions.ReasonCode_Id);
if (ext == null) {
return null;
}
CRLReasonCodeExtension rcExt = (CRLReasonCodeExtension) ext;
return rcExt.getReasonCode();
}
Example #19
| Source File: CRLReasonCodeExtension.java From openjdk-8 with GNU General Public License v2.0 | 5 votes |
|
/**
* Return the reason as a CRLReason enum.
*/
public CRLReason getReasonCode() {
// if out-of-range, return UNSPECIFIED
if (reasonCode > 0 && reasonCode < values.length) {
return values[reasonCode];
} else {
return CRLReason.UNSPECIFIED;
}
}
Example #20
| Source File: CRLReasonCodeExtension.java From openjdk-8-source with GNU General Public License v2.0 | 5 votes |
|
/**
* Return the reason as a CRLReason enum.
*/
public CRLReason getReasonCode() {
// if out-of-range, return UNSPECIFIED
if (reasonCode > 0 && reasonCode < values.length) {
return values[reasonCode];
} else {
return CRLReason.UNSPECIFIED;
}
}
Example #21
| Source File: SslErrorTest.java From netty-4.1.22 with Apache License 2.0 | 5 votes |
|
@Parameterized.Parameters(name = "{index}: serverProvider = {0}, clientProvider = {1}, exception = {2}")
public static Collection<Object[]> data() {
List<SslProvider> serverProviders = new ArrayList<SslProvider>(2);
List<SslProvider> clientProviders = new ArrayList<SslProvider>(3);
if (OpenSsl.isAvailable()) {
serverProviders.add(SslProvider.OPENSSL);
serverProviders.add(SslProvider.OPENSSL_REFCNT);
clientProviders.add(SslProvider.OPENSSL);
clientProviders.add(SslProvider.OPENSSL_REFCNT);
}
// We not test with SslProvider.JDK on the server side as the JDK implementation currently just send the same
// alert all the time, sigh.....
clientProviders.add(SslProvider.JDK);
List<CertificateException> exceptions = new ArrayList<CertificateException>(6);
exceptions.add(new CertificateExpiredException());
exceptions.add(new CertificateNotYetValidException());
exceptions.add(new CertificateRevokedException(
new Date(), CRLReason.AA_COMPROMISE, new X500Principal(""),
Collections.<String, Extension>emptyMap()));
// Also use wrapped exceptions as this is what the JDK implementation of X509TrustManagerFactory is doing.
exceptions.add(newCertificateException(CertPathValidatorException.BasicReason.EXPIRED));
exceptions.add(newCertificateException(CertPathValidatorException.BasicReason.NOT_YET_VALID));
exceptions.add(newCertificateException(CertPathValidatorException.BasicReason.REVOKED));
List<Object[]> params = new ArrayList<Object[]>();
for (SslProvider serverProvider: serverProviders) {
for (SslProvider clientProvider: clientProviders) {
for (CertificateException exception: exceptions) {
params.add(new Object[] { serverProvider, clientProvider, exception});
}
}
}
return params;
}
Example #22
| Source File: CRLReasonCodeExtension.java From jdk8u_jdk with GNU General Public License v2.0 | 5 votes |
|
/**
* Return the reason as a CRLReason enum.
*/
public CRLReason getReasonCode() {
// if out-of-range, return UNSPECIFIED
if (reasonCode > 0 && reasonCode < values.length) {
return values[reasonCode];
} else {
return CRLReason.UNSPECIFIED;
}
}
Example #23
| Source File: X509Utils.java From nomulus with Apache License 2.0 | 5 votes |
|
/**
* Check that {@code cert} is signed by the {@code ca} and not revoked.
*
* <p>Support for certificate chains has not been implemented.
*
* @throws GeneralSecurityException for unsupported protocols, certs not signed by the TMCH,
* parsing errors, encoding errors, if the CRL is expired, or if the CRL is older than the
* one currently in memory.
*/
public static void verifyCertificate(
X509Certificate rootCert, X509CRL crl, @Tainted X509Certificate cert, Date now)
throws GeneralSecurityException {
cert.checkValidity(checkNotNull(now, "now"));
cert.verify(rootCert.getPublicKey());
if (crl.isRevoked(cert)) {
X509CRLEntry entry = crl.getRevokedCertificate(cert);
throw new CertificateRevokedException(
checkNotNull(entry.getRevocationDate(), "revocationDate"),
Optional.ofNullable(entry.getRevocationReason()).orElse(CRLReason.UNSPECIFIED),
firstNonNull(entry.getCertificateIssuer(), crl.getIssuerX500Principal()),
ImmutableMap.of());
}
}
Example #24
| Source File: CRLReasonCodeExtension.java From jdk8u-jdk with GNU General Public License v2.0 | 5 votes |
|
/**
* Return the reason as a CRLReason enum.
*/
public CRLReason getReasonCode() {
// if out-of-range, return UNSPECIFIED
if (reasonCode > 0 && reasonCode < values.length) {
return values[reasonCode];
} else {
return CRLReason.UNSPECIFIED;
}
}
Example #25
| Source File: CRLReasonCodeExtension.java From TencentKona-8 with GNU General Public License v2.0 | 5 votes |
|
/**
* Return the reason as a CRLReason enum.
*/
public CRLReason getReasonCode() {
// if out-of-range, return UNSPECIFIED
if (reasonCode > 0 && reasonCode < values.length) {
return values[reasonCode];
} else {
return CRLReason.UNSPECIFIED;
}
}
Example #26
| Source File: X509CRLEntryImpl.java From jdk8u-jdk with GNU General Public License v2.0 | 5 votes |
|
/**
* This method is the overridden implementation of the getRevocationReason
* method in X509CRLEntry. It is better performance-wise since it returns
* cached values.
*/
@Override
public CRLReason getRevocationReason() {
Extension ext = getExtension(PKIXExtensions.ReasonCode_Id);
if (ext == null) {
return null;
}
CRLReasonCodeExtension rcExt = (CRLReasonCodeExtension) ext;
return rcExt.getReasonCode();
}
Example #27
| Source File: CRLToken.java From dss with GNU Lesser General Public License v2.1 | 5 votes |
|
/**
* @param certificateToken
* the {@code CertificateToken} which is managed by this CRL.
*/
private void setRevocationStatus(final CertificateToken certificateToken) {
final X500Principal issuerToken = certificateToken.getIssuerX500Principal();
CertificateToken crlSigner = crlValidity.getIssuerToken();
X500Principal crlSignerSubject = null;
if (crlSigner != null) {
crlSignerSubject = crlSigner.getSubject().getPrincipal();
}
if (!DSSASN1Utils.x500PrincipalAreEquals(issuerToken, crlSignerSubject)) {
if (!crlValidity.isSignatureIntact()) {
throw new DSSException(crlValidity.getSignatureInvalidityReason());
}
throw new DSSException("The CRLToken is not signed by the same issuer as the CertificateToken to be verified!");
}
final BigInteger serialNumber = certificateToken.getSerialNumber();
X509CRLEntry crlEntry = CRLUtils.getRevocationInfo(crlValidity, serialNumber);
if (crlEntry != null) {
status = CertificateStatus.REVOKED;
revocationDate = crlEntry.getRevocationDate();
CRLReason revocationReason = crlEntry.getRevocationReason();
if (revocationReason != null) {
reason = RevocationReason.fromInt(revocationReason.ordinal());
}
} else {
status = CertificateStatus.GOOD;
}
}
Example #28
| Source File: X509CRLEntryImpl.java From jdk8u-jdk with GNU General Public License v2.0 | 5 votes |
|
/**
* This method is the overridden implementation of the getRevocationReason
* method in X509CRLEntry. It is better performance-wise since it returns
* cached values.
*/
@Override
public CRLReason getRevocationReason() {
Extension ext = getExtension(PKIXExtensions.ReasonCode_Id);
if (ext == null) {
return null;
}
CRLReasonCodeExtension rcExt = (CRLReasonCodeExtension) ext;
return rcExt.getReasonCode();
}
Example #29
| Source File: X509CRLEntryImpl.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 5 votes |
|
/**
* This method is the overridden implementation of the getRevocationReason
* method in X509CRLEntry. It is better performance-wise since it returns
* cached values.
*/
@Override
public CRLReason getRevocationReason() {
Extension ext = getExtension(PKIXExtensions.ReasonCode_Id);
if (ext == null) {
return null;
}
CRLReasonCodeExtension rcExt = (CRLReasonCodeExtension) ext;
return rcExt.getReasonCode();
}
Example #30
| Source File: CRLReasonCodeExtension.java From jdk8u-jdk with GNU General Public License v2.0 | 5 votes |
|
/**
* Return the reason as a CRLReason enum.
*/
public CRLReason getReasonCode() {
// if out-of-range, return UNSPECIFIED
if (reasonCode > 0 && reasonCode < values.length) {
return values[reasonCode];
} else {
return CRLReason.UNSPECIFIED;
}
}
