java.security.cert.X509CRLEntry Java Examples

The following examples show how to use java.security.cert.X509CRLEntry. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: X509CRLEntryImpl.java    From Bytecoder with Apache License 2.0 6 votes vote down vote up
/**
 * This static method is the default implementation of the
 * getRevocationReason method in X509CRLEntry.
 */
public static CRLReason getRevocationReason(X509CRLEntry crlEntry) {
    try {
        byte[] ext = crlEntry.getExtensionValue("2.5.29.21");
        if (ext == null) {
            return null;
        }
        DerValue val = new DerValue(ext);
        byte[] data = val.getOctetString();

        CRLReasonCodeExtension rcExt =
            new CRLReasonCodeExtension(Boolean.FALSE, data);
        return rcExt.getReasonCode();
    } catch (IOException ioe) {
        return null;
    }
}
 
Example #2
Source File: AbstractTestCRLUtils.java    From dss with GNU Lesser General Public License v2.1 6 votes vote down vote up
@Test
public void derVsPemEncodedTest() throws Exception {
	try (InputStream isDer = AbstractTestCRLUtils.class.getResourceAsStream("/DSS-2039/crl.der");
			InputStream isPem = AbstractTestCRLUtils.class.getResourceAsStream("/DSS-2039/crl.pem");
			InputStream isCert = AbstractTestCRLUtils.class.getResourceAsStream("/DSS-2039/cert.pem");
			InputStream isCA = AbstractTestCRLUtils.class.getResourceAsStream("/DSS-2039/ca.pem") ) {

		CertificateToken cert = loadCert(isCert);
		CertificateToken ca = loadCert(isCA);
		
		CRLBinary crlBinaryDER = CRLUtils.buildCRLBinary(toByteArray(isDer));
		CRLValidity crlDER = CRLUtils.buildCRLValidity(crlBinaryDER, ca);
		
		CRLBinary crlBinaryPEM = CRLUtils.buildCRLBinary(toByteArray(isPem));
		CRLValidity crlPEM = CRLUtils.buildCRLValidity(crlBinaryPEM, ca);
		
		assertArrayEquals(crlDER.getDerEncoded(), crlPEM.getDerEncoded());
		
		X509CRLEntry revocationInfoDER = CRLUtils.getRevocationInfo(crlDER, cert.getSerialNumber());
		X509CRLEntry revocationInfoPEM = CRLUtils.getRevocationInfo(crlPEM, cert.getSerialNumber());
		assertEquals(revocationInfoDER, revocationInfoPEM);
	}
}
 
Example #3
Source File: X509CRLObject.java    From TorrentEngine with GNU General Public License v3.0 6 votes vote down vote up
public X509CRLEntry getRevokedCertificate(BigInteger serialNumber)
{
	TBSCertList.CRLEntry[] certs = c.getRevokedCertificates();

	if ( certs != null )
	{
		for ( int i = 0; i < certs.length; i++ )
		{
			if ( certs[i].getUserCertificate().getValue().equals(serialNumber) ) {
				return new X509CRLEntryObject(certs[i]);
			}
		}
	}

	return null;
}
 
Example #4
Source File: X509CRLEntryImpl.java    From j2objc with Apache License 2.0 6 votes vote down vote up
/**
 * This static method is the default implementation of the
 * getRevocationReason method in X509CRLEntry.
 */
public static CRLReason getRevocationReason(X509CRLEntry crlEntry) {
    try {
        byte[] ext = crlEntry.getExtensionValue("2.5.29.21");
        if (ext == null) {
            return null;
        }
        DerValue val = new DerValue(ext);
        byte[] data = val.getOctetString();

        CRLReasonCodeExtension rcExt =
            new CRLReasonCodeExtension(Boolean.FALSE, data);
        return rcExt.getReasonCode();
    } catch (IOException ioe) {
        return null;
    }
}
 
Example #5
Source File: X509CRLEntryImpl.java    From jdk8u-jdk with GNU General Public License v2.0 6 votes vote down vote up
/**
 * This static method is the default implementation of the
 * getRevocationReason method in X509CRLEntry.
 */
public static CRLReason getRevocationReason(X509CRLEntry crlEntry) {
    try {
        byte[] ext = crlEntry.getExtensionValue("2.5.29.21");
        if (ext == null) {
            return null;
        }
        DerValue val = new DerValue(ext);
        byte[] data = val.getOctetString();

        CRLReasonCodeExtension rcExt =
            new CRLReasonCodeExtension(Boolean.FALSE, data);
        return rcExt.getReasonCode();
    } catch (IOException ioe) {
        return null;
    }
}
 
Example #6
Source File: X509CRLEntryImpl.java    From jdk8u_jdk with GNU General Public License v2.0 6 votes vote down vote up
/**
 * This static method is the default implementation of the
 * getRevocationReason method in X509CRLEntry.
 */
public static CRLReason getRevocationReason(X509CRLEntry crlEntry) {
    try {
        byte[] ext = crlEntry.getExtensionValue("2.5.29.21");
        if (ext == null) {
            return null;
        }
        DerValue val = new DerValue(ext);
        byte[] data = val.getOctetString();

        CRLReasonCodeExtension rcExt =
            new CRLReasonCodeExtension(Boolean.FALSE, data);
        return rcExt.getReasonCode();
    } catch (IOException ioe) {
        return null;
    }
}
 
Example #7
Source File: X509CRLEntryImpl.java    From dragonwell8_jdk with GNU General Public License v2.0 6 votes vote down vote up
/**
 * This static method is the default implementation of the
 * getRevocationReason method in X509CRLEntry.
 */
public static CRLReason getRevocationReason(X509CRLEntry crlEntry) {
    try {
        byte[] ext = crlEntry.getExtensionValue("2.5.29.21");
        if (ext == null) {
            return null;
        }
        DerValue val = new DerValue(ext);
        byte[] data = val.getOctetString();

        CRLReasonCodeExtension rcExt =
            new CRLReasonCodeExtension(Boolean.FALSE, data);
        return rcExt.getReasonCode();
    } catch (IOException ioe) {
        return null;
    }
}
 
Example #8
Source File: X509V2CRLGenerator.java    From RipplePower with Apache License 2.0 6 votes vote down vote up
/**
 * Add the CRLEntry objects contained in a previous CRL.
 * 
 * @param other the X509CRL to source the other entries from. 
 */
public void addCRL(X509CRL other)
    throws CRLException
{
    Set revocations = other.getRevokedCertificates();

    if (revocations != null)
    {
        Iterator it = revocations.iterator();
        while (it.hasNext())
        {
            X509CRLEntry entry = (X509CRLEntry)it.next();

            ASN1InputStream aIn = new ASN1InputStream(entry.getEncoded());

            try
            {
                tbsGen.addCRLEntry(ASN1Sequence.getInstance(aIn.readObject()));
            }
            catch (IOException e)
            {
                throw new CRLException("exception processing encoding of CRL: " + e.toString());
            }
        }
    }
}
 
Example #9
Source File: DViewCrl.java    From keystore-explorer with GNU General Public License v3.0 6 votes vote down vote up
private void displayCrlEntryExtensions() {
	int row = jtRevokedCerts.getSelectedRow();

	if (row != -1) {
		BigInteger serialNumber = (BigInteger) jtRevokedCerts.getValueAt(row, 0);

		Set<?> revokedCertsSet = crl.getRevokedCertificates();

		X509CRLEntry x509CrlEntry = null;

		for (Iterator<?> itr = revokedCertsSet.iterator(); itr.hasNext();) {
			X509CRLEntry entry = (X509CRLEntry) itr.next();
			if (serialNumber.equals(entry.getSerialNumber())) {
				x509CrlEntry = entry;
				break;
			}
		}

		if (x509CrlEntry.hasExtensions()) {
			DViewExtensions dViewExtensions = new DViewExtensions(this,
					res.getString("DViewCrl.EntryExtensions.Title"), x509CrlEntry);
			dViewExtensions.setLocationRelativeTo(this);
			dViewExtensions.setVisible(true);
		}
	}
}
 
Example #10
Source File: X509CRLImpl.java    From jdk8u-dev-jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Gets the CRL entry with the given serial number from this CRL.
 *
 * @return the entry with the given serial number, or <code>null</code> if
 * no such entry exists in the CRL.
 * @see X509CRLEntry
 */
public X509CRLEntry getRevokedCertificate(BigInteger serialNumber) {
    if (revokedMap.isEmpty()) {
        return null;
    }
    // assume this is a direct CRL entry (cert and CRL issuer are the same)
    X509IssuerSerial issuerSerial = new X509IssuerSerial
        (getIssuerX500Principal(), serialNumber);
    return revokedMap.get(issuerSerial);
}
 
Example #11
Source File: OrderAndDup.java    From jdk8u-jdk with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {

        // Generate 20 serial numbers with dup and a special order
        int count = 20;
        BigInteger[] serials = new BigInteger[count];
        for (int i=0; i<count; i++) {
            serials[i] = BigInteger.valueOf(i*7%10);
        }

        // Generates a CRL
        X509CRLEntry[] badCerts = new X509CRLEntry[count];
        for (int i=0; i<count; i++) {
            badCerts[i] = new X509CRLEntryImpl(serials[i],
                    new Date(System.currentTimeMillis()+i*1000));
        }
        X500Name owner = new X500Name("CN=CA");
        X509CRLImpl crl = new X509CRLImpl(owner, new Date(), new Date(), badCerts);
        KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
        crl.sign(kpg.genKeyPair().getPrivate(), "SHA1withRSA");
        byte[] data = crl.getEncodedInternal();

        // Check the encoding
        checkData(crl, data, serials);

        // Load a CRL from raw data
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        X509CRLImpl crl2 = (X509CRLImpl)cf.generateCRL(new ByteArrayInputStream(data));

        // Check the encoding again
        data = crl2.getEncodedInternal();
        checkData(crl2, data, serials);
    }
 
Example #12
Source File: X509CRLEntryImpl.java    From jdk8u-jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Utility method to convert an arbitrary instance of X509CRLEntry
 * to a X509CRLEntryImpl. Does a cast if possible, otherwise reparses
 * the encoding.
 */
public static X509CRLEntryImpl toImpl(X509CRLEntry entry)
        throws CRLException {
    if (entry instanceof X509CRLEntryImpl) {
        return (X509CRLEntryImpl)entry;
    } else {
        return new X509CRLEntryImpl(entry.getEncoded());
    }
}
 
Example #13
Source File: X509CRLImpl.java    From dragonwell8_jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * CRL constructor, revoked certs, no extensions.
 *
 * @param issuer the name of the CA issuing this CRL.
 * @param thisUpdate the Date of this issue.
 * @param nextUpdate the Date of the next CRL.
 * @param badCerts the array of CRL entries.
 *
 * @exception CRLException on parsing/construction errors.
 */
public X509CRLImpl(X500Name issuer, Date thisDate, Date nextDate,
                   X509CRLEntry[] badCerts)
    throws CRLException
{
    this.issuer = issuer;
    this.thisUpdate = thisDate;
    this.nextUpdate = nextDate;
    if (badCerts != null) {
        X500Principal crlIssuer = getIssuerX500Principal();
        X500Principal badCertIssuer = crlIssuer;
        for (int i = 0; i < badCerts.length; i++) {
            X509CRLEntryImpl badCert = (X509CRLEntryImpl)badCerts[i];
            try {
                badCertIssuer = getCertIssuer(badCert, badCertIssuer);
            } catch (IOException ioe) {
                throw new CRLException(ioe);
            }
            badCert.setCertificateIssuer(crlIssuer, badCertIssuer);
            X509IssuerSerial issuerSerial = new X509IssuerSerial
                (badCertIssuer, badCert.getSerialNumber());
            this.revokedMap.put(issuerSerial, badCert);
            this.revokedList.add(badCert);
            if (badCert.hasExtensions()) {
                this.version = 1;
            }
        }
    }
}
 
Example #14
Source File: X509CRLEntryImpl.java    From jdk8u-jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Utility method to convert an arbitrary instance of X509CRLEntry
 * to a X509CRLEntryImpl. Does a cast if possible, otherwise reparses
 * the encoding.
 */
public static X509CRLEntryImpl toImpl(X509CRLEntry entry)
        throws CRLException {
    if (entry instanceof X509CRLEntryImpl) {
        return (X509CRLEntryImpl)entry;
    } else {
        return new X509CRLEntryImpl(entry.getEncoded());
    }
}
 
Example #15
Source File: DViewCRL.java    From portecle with GNU General Public License v2.0 5 votes vote down vote up
/**
 * CRL entry selected or deselected. Enable/disable the "CRL Extensions" button accordingly (i.e. enable it if only
 * one extension is selected and it has extensions.
 */
private void crlEntrySelection()
{
	ListSelectionModel listSelectionModel = m_jtRevokedCerts.getSelectionModel();

	if (!listSelectionModel.isSelectionEmpty()) // Entry must be selected
	{
		// Only one entry though
		// TODO: probably no longer necessary?
		if (listSelectionModel.getMinSelectionIndex() == listSelectionModel.getMaxSelectionIndex())
		{
			// Get serial number of entry
			int iRow = listSelectionModel.getMinSelectionIndex();
			BigInteger serialNumber = (BigInteger) m_jtRevokedCerts.getValueAt(iRow, 0);

			// Find CRL entry using serial number
			Set<? extends X509CRLEntry> revokedCertsSet = m_crl.getRevokedCertificates();
			X509CRLEntry x509CrlEntry = null;
			for (X509CRLEntry entry : revokedCertsSet)
			{
				if (serialNumber.equals(entry.getSerialNumber()))
				{
					x509CrlEntry = entry;
					break;
				}
			}

			if (x509CrlEntry != null && x509CrlEntry.hasExtensions())
			{
				m_jbCrlEntryExtensions.setEnabled(true);
				return;
			}
		}
	}

	// Disable "CRL Extensions" button
	m_jbCrlEntryExtensions.setEnabled(false);
}
 
Example #16
Source File: X509CRLImpl.java    From TencentKona-8 with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Gets the CRL entry for the given certificate.
 */
public X509CRLEntry getRevokedCertificate(X509Certificate cert) {
    if (revokedMap.isEmpty()) {
        return null;
    }
    X509IssuerSerial issuerSerial = new X509IssuerSerial(cert);
    return revokedMap.get(issuerSerial);
}
 
Example #17
Source File: X509CRLImpl.java    From jdk8u-jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Gets the CRL entry for the given certificate.
 */
public X509CRLEntry getRevokedCertificate(X509Certificate cert) {
    if (revokedMap.isEmpty()) {
        return null;
    }
    X509IssuerSerial issuerSerial = new X509IssuerSerial(cert);
    return revokedMap.get(issuerSerial);
}
 
Example #18
Source File: OrderAndDup.java    From openjdk-jdk8u with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {

        // Generate 20 serial numbers with dup and a special order
        int count = 20;
        BigInteger[] serials = new BigInteger[count];
        for (int i=0; i<count; i++) {
            serials[i] = BigInteger.valueOf(i*7%10);
        }

        // Generates a CRL
        X509CRLEntry[] badCerts = new X509CRLEntry[count];
        for (int i=0; i<count; i++) {
            badCerts[i] = new X509CRLEntryImpl(serials[i],
                    new Date(System.currentTimeMillis()+i*1000));
        }
        X500Name owner = new X500Name("CN=CA");
        X509CRLImpl crl = new X509CRLImpl(owner, new Date(), new Date(), badCerts);
        KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
        crl.sign(kpg.genKeyPair().getPrivate(), "SHA1withRSA");
        byte[] data = crl.getEncodedInternal();

        // Check the encoding
        checkData(crl, data, serials);

        // Load a CRL from raw data
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        X509CRLImpl crl2 = (X509CRLImpl)cf.generateCRL(new ByteArrayInputStream(data));

        // Check the encoding again
        data = crl2.getEncodedInternal();
        checkData(crl2, data, serials);
    }
 
Example #19
Source File: CRLParserTest.java    From dss with GNU Lesser General Public License v2.1 5 votes vote down vote up
@Test
public void retrieveRevocationInfo() throws IOException {
	try (InputStream fis = CRLParserTest.class.getResourceAsStream("/LTGRCA.crl"); BufferedInputStream is = new BufferedInputStream(fis)) {
		BigInteger serialNumber = new BigInteger("5203");
		X509CRLEntry entry = parser.retrieveRevocationInfo(fis, serialNumber);
		assertNotNull(entry);
		assertNotNull(entry.getRevocationDate());
		assertNotNull(entry.getRevocationReason());
		assertNotNull(entry.getSerialNumber());
		assertEquals(serialNumber, entry.getSerialNumber());
	}
}
 
Example #20
Source File: MockX509CRL.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
/**
 * @see java.security.cert.CRL#isRevoked(java.security.cert.Certificate)
 */
@Override
public boolean isRevoked(final Certificate cert) {
    if (cert instanceof X509Certificate) {
        final X509Certificate xcert = (X509Certificate) cert;
        for (final X509CRLEntry entry : getRevokedCertificates()) {
            if (entry.getSerialNumber().equals(xcert.getSerialNumber())) {
                return true;
            }
        }
    }
    return false;
}
 
Example #21
Source File: MockX509CRL.java    From cas4.0.x-server-wechat with Apache License 2.0 5 votes vote down vote up
/**
 * @see java.security.cert.CRL#isRevoked(java.security.cert.Certificate)
 */
@Override
public boolean isRevoked(final Certificate cert) {
    if (cert instanceof X509Certificate) {
        final X509Certificate xcert = (X509Certificate) cert;
        for (X509CRLEntry entry : getRevokedCertificates()) {
            if (entry.getSerialNumber().equals(xcert.getSerialNumber())) {
                return true;
            }
        }
    }
    return false;
}
 
Example #22
Source File: X509CRLImpl.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 5 votes vote down vote up
/**
 * CRL constructor, revoked certs, no extensions.
 *
 * @param issuer the name of the CA issuing this CRL.
 * @param thisUpdate the Date of this issue.
 * @param nextUpdate the Date of the next CRL.
 * @param badCerts the array of CRL entries.
 *
 * @exception CRLException on parsing/construction errors.
 */
public X509CRLImpl(X500Name issuer, Date thisDate, Date nextDate,
                   X509CRLEntry[] badCerts)
    throws CRLException
{
    this.issuer = issuer;
    this.thisUpdate = thisDate;
    this.nextUpdate = nextDate;
    if (badCerts != null) {
        X500Principal crlIssuer = getIssuerX500Principal();
        X500Principal badCertIssuer = crlIssuer;
        for (int i = 0; i < badCerts.length; i++) {
            X509CRLEntryImpl badCert = (X509CRLEntryImpl)badCerts[i];
            try {
                badCertIssuer = getCertIssuer(badCert, badCertIssuer);
            } catch (IOException ioe) {
                throw new CRLException(ioe);
            }
            badCert.setCertificateIssuer(crlIssuer, badCertIssuer);
            X509IssuerSerial issuerSerial = new X509IssuerSerial
                (badCertIssuer, badCert.getSerialNumber());
            this.revokedMap.put(issuerSerial, badCert);
            this.revokedList.add(badCert);
            if (badCert.hasExtensions()) {
                this.version = 1;
            }
        }
    }
}
 
Example #23
Source File: X509CRLImpl.java    From openjdk-8 with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Gets the CRL entry for the given certificate.
 */
public X509CRLEntry getRevokedCertificate(X509Certificate cert) {
    if (revokedMap.isEmpty()) {
        return null;
    }
    X509IssuerSerial issuerSerial = new X509IssuerSerial(cert);
    return revokedMap.get(issuerSerial);
}
 
Example #24
Source File: X509CRLImpl.java    From jdk8u-jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * CRL constructor, revoked certs, no extensions.
 *
 * @param issuer the name of the CA issuing this CRL.
 * @param thisUpdate the Date of this issue.
 * @param nextUpdate the Date of the next CRL.
 * @param badCerts the array of CRL entries.
 *
 * @exception CRLException on parsing/construction errors.
 */
public X509CRLImpl(X500Name issuer, Date thisDate, Date nextDate,
                   X509CRLEntry[] badCerts)
    throws CRLException
{
    this.issuer = issuer;
    this.thisUpdate = thisDate;
    this.nextUpdate = nextDate;
    if (badCerts != null) {
        X500Principal crlIssuer = getIssuerX500Principal();
        X500Principal badCertIssuer = crlIssuer;
        for (int i = 0; i < badCerts.length; i++) {
            X509CRLEntryImpl badCert = (X509CRLEntryImpl)badCerts[i];
            try {
                badCertIssuer = getCertIssuer(badCert, badCertIssuer);
            } catch (IOException ioe) {
                throw new CRLException(ioe);
            }
            badCert.setCertificateIssuer(crlIssuer, badCertIssuer);
            X509IssuerSerial issuerSerial = new X509IssuerSerial
                (badCertIssuer, badCert.getSerialNumber());
            this.revokedMap.put(issuerSerial, badCert);
            this.revokedList.add(badCert);
            if (badCert.hasExtensions()) {
                this.version = 1;
            }
        }
    }
}
 
Example #25
Source File: X509CRLImpl.java    From openjdk-jdk9 with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Gets the CRL entry with the given serial number from this CRL.
 *
 * @return the entry with the given serial number, or <code>null</code> if
 * no such entry exists in the CRL.
 * @see X509CRLEntry
 */
public X509CRLEntry getRevokedCertificate(BigInteger serialNumber) {
    if (revokedMap.isEmpty()) {
        return null;
    }
    // assume this is a direct CRL entry (cert and CRL issuer are the same)
    X509IssuerSerial issuerSerial = new X509IssuerSerial
        (getIssuerX500Principal(), serialNumber);
    return revokedMap.get(issuerSerial);
}
 
Example #26
Source File: OrderAndDup.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {

        // Generate 20 serial numbers with dup and a special order
        int count = 20;
        BigInteger[] serials = new BigInteger[count];
        for (int i=0; i<count; i++) {
            serials[i] = BigInteger.valueOf(i*7%10);
        }

        // Generates a CRL
        X509CRLEntry[] badCerts = new X509CRLEntry[count];
        for (int i=0; i<count; i++) {
            badCerts[i] = new X509CRLEntryImpl(serials[i],
                    new Date(System.currentTimeMillis()+i*1000));
        }
        X500Name owner = new X500Name("CN=CA");
        X509CRLImpl crl = new X509CRLImpl(owner, new Date(), new Date(), badCerts);
        KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
        crl.sign(kpg.genKeyPair().getPrivate(), "SHA1withRSA");
        byte[] data = crl.getEncodedInternal();

        // Check the encoding
        checkData(crl, data, serials);

        // Load a CRL from raw data
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        X509CRLImpl crl2 = (X509CRLImpl)cf.generateCRL(new ByteArrayInputStream(data));

        // Check the encoding again
        data = crl2.getEncodedInternal();
        checkData(crl2, data, serials);
    }
 
Example #27
Source File: CRLToken.java    From dss with GNU Lesser General Public License v2.1 5 votes vote down vote up
/**
 * @param certificateToken
 *            the {@code CertificateToken} which is managed by this CRL.
 */
private void setRevocationStatus(final CertificateToken certificateToken) {
	final X500Principal issuerToken = certificateToken.getIssuerX500Principal();
	CertificateToken crlSigner = crlValidity.getIssuerToken();
	X500Principal crlSignerSubject = null;
	if (crlSigner != null) {
		crlSignerSubject = crlSigner.getSubject().getPrincipal();
	}

	if (!DSSASN1Utils.x500PrincipalAreEquals(issuerToken, crlSignerSubject)) {
		if (!crlValidity.isSignatureIntact()) {
			throw new DSSException(crlValidity.getSignatureInvalidityReason());
		}
		throw new DSSException("The CRLToken is not signed by the same issuer as the CertificateToken to be verified!");
	}

	final BigInteger serialNumber = certificateToken.getSerialNumber();
	X509CRLEntry crlEntry = CRLUtils.getRevocationInfo(crlValidity, serialNumber);

	if (crlEntry != null) {
		status = CertificateStatus.REVOKED;
		revocationDate = crlEntry.getRevocationDate();
		CRLReason revocationReason = crlEntry.getRevocationReason();
		if (revocationReason != null) {
			reason = RevocationReason.fromInt(revocationReason.ordinal());
		}
	} else {
		status = CertificateStatus.GOOD;
	}
}
 
Example #28
Source File: X509CRLImpl.java    From jdk8u-dev-jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * CRL constructor, revoked certs, no extensions.
 *
 * @param issuer the name of the CA issuing this CRL.
 * @param thisUpdate the Date of this issue.
 * @param nextUpdate the Date of the next CRL.
 * @param badCerts the array of CRL entries.
 *
 * @exception CRLException on parsing/construction errors.
 */
public X509CRLImpl(X500Name issuer, Date thisDate, Date nextDate,
                   X509CRLEntry[] badCerts)
    throws CRLException
{
    this.issuer = issuer;
    this.thisUpdate = thisDate;
    this.nextUpdate = nextDate;
    if (badCerts != null) {
        X500Principal crlIssuer = getIssuerX500Principal();
        X500Principal badCertIssuer = crlIssuer;
        for (int i = 0; i < badCerts.length; i++) {
            X509CRLEntryImpl badCert = (X509CRLEntryImpl)badCerts[i];
            try {
                badCertIssuer = getCertIssuer(badCert, badCertIssuer);
            } catch (IOException ioe) {
                throw new CRLException(ioe);
            }
            badCert.setCertificateIssuer(crlIssuer, badCertIssuer);
            X509IssuerSerial issuerSerial = new X509IssuerSerial
                (badCertIssuer, badCert.getSerialNumber());
            this.revokedMap.put(issuerSerial, badCert);
            this.revokedList.add(badCert);
            if (badCert.hasExtensions()) {
                this.version = 1;
            }
        }
    }
}
 
Example #29
Source File: X509CRLImpl.java    From Bytecoder with Apache License 2.0 5 votes vote down vote up
/**
 * Gets the CRL entry for the given certificate.
 */
public X509CRLEntry getRevokedCertificate(X509Certificate cert) {
    if (revokedMap.isEmpty()) {
        return null;
    }
    X509IssuerSerial issuerSerial = new X509IssuerSerial(cert);
    return revokedMap.get(issuerSerial);
}
 
Example #30
Source File: OrderAndDup.java    From openjdk-jdk9 with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {

        // Generate 20 serial numbers with dup and a special order
        int count = 20;
        BigInteger[] serials = new BigInteger[count];
        for (int i=0; i<count; i++) {
            serials[i] = BigInteger.valueOf(i*7%10);
        }

        // Generates a CRL
        X509CRLEntry[] badCerts = new X509CRLEntry[count];
        for (int i=0; i<count; i++) {
            badCerts[i] = new X509CRLEntryImpl(serials[i],
                    new Date(System.currentTimeMillis()+i*1000));
        }
        X500Name owner = new X500Name("CN=CA");
        X509CRLImpl crl = new X509CRLImpl(owner, new Date(), new Date(), badCerts);
        KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
        crl.sign(kpg.genKeyPair().getPrivate(), "SHA1withRSA");
        byte[] data = crl.getEncodedInternal();

        // Check the encoding
        checkData(crl, data, serials);

        // Load a CRL from raw data
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        X509CRLImpl crl2 = (X509CRLImpl)cf.generateCRL(new ByteArrayInputStream(data));

        // Check the encoding again
        data = crl2.getEncodedInternal();
        checkData(crl2, data, serials);
    }