Example 1 with X509CRL
use of java.security.cert.X509CRL in project OpenAM by OpenRock.
the class AMCRLStore method getCRLFromEntry.
private X509CRL getCRLFromEntry(SearchResultEntry entry) throws Exception {
if (debug.messageEnabled()) {
debug.message("AMCRLStore.getCRLFromEntry:");
}
if (entry == null) {
return null;
}
Attribute crlAttribute = null;
X509CRL crl = null;
try {
if (mCrlAttrName == null) {
crlAttribute = entry.getAttribute(CERTIFICATE_REVOCATION_LIST);
if (crlAttribute == null) {
crlAttribute = entry.getAttribute(CERTIFICATE_REVOCATION_LIST_BINARY);
if (crlAttribute == null) {
debug.error("No CRL Cache is configured");
return null;
}
}
mCrlAttrName = crlAttribute.getAttributeDescriptionAsString();
} else {
crlAttribute = entry.getAttribute(mCrlAttrName);
}
if (crlAttribute.size() > 1) {
debug.error("More than one CRL entries are configured");
return null;
}
} catch (Exception e) {
debug.error("Error in getting Cached CRL");
return null;
}
try {
byte[] bytes = crlAttribute.firstValue().toByteArray();
if (debug.messageEnabled()) {
debug.message("AMCRLStore.getCRLFromEntry: crl size = " + bytes.length);
}
cf = CertificateFactory.getInstance("X.509");
crl = (X509CRL) cf.generateCRL(new ByteArrayInputStream(bytes));
} catch (Exception e) {
debug.error("Certificate: CertRevoked = ", e);
}
return crl;
}
Also used :
X509CRL(java.security.cert.X509CRL)
Attribute(org.forgerock.opendj.ldap.Attribute)
ByteArrayInputStream(java.io.ByteArrayInputStream)
LdapException(org.forgerock.opendj.ldap.LdapException)
GeneralSecurityException(java.security.GeneralSecurityException)
IOException(java.io.IOException)
LocalizedIllegalArgumentException(org.forgerock.i18n.LocalizedIllegalArgumentException)
Example 2 with X509CRL
use of java.security.cert.X509CRL in project OpenAM by OpenRock.
the class AMCRLStore method getCRL.
/**
* Checks certificate and returns corresponding stored CRL in ldap store
*
* @param certificate
*/
public X509CRL getCRL(X509Certificate certificate) throws IOException {
SearchResultEntry crlEntry = null;
X509CRL crl = null;
if (storeParam.isDoCRLCaching()) {
if (debug.messageEnabled()) {
debug.message("AMCRLStore.getCRL: Trying to get CRL from cache");
}
crl = getCRLFromCache(certificate);
}
try (Connection ldc = getConnection()) {
if (ldc == null) {
return null;
}
if (crl == null) {
if (debug.messageEnabled()) {
debug.message("AMCRLStore.getCRL: crl is null");
}
if (mCrlAttrName == null) {
crlEntry = getLdapEntry(ldc, CERTIFICATE_REVOCATION_LIST, CERTIFICATE_REVOCATION_LIST_BINARY);
} else {
crlEntry = getLdapEntry(ldc, mCrlAttrName);
}
crl = getCRLFromEntry(crlEntry);
}
if (storeParam.isDoUpdateCRLs() && needCRLUpdate(crl)) {
if (debug.messageEnabled()) {
debug.message("AMCRLStore.getCRL: need CRL update");
}
X509CRL tmpcrl = null;
IssuingDistributionPointExtension crlIDPExt = null;
try {
if (crl != null) {
crlIDPExt = getCRLIDPExt(crl);
}
} catch (Exception e) {
debug.message("AMCRLStore.getCRL: crlIDPExt is null");
}
CRLDistributionPointsExtension crlDPExt = null;
try {
crlDPExt = getCRLDPExt(certificate);
} catch (Exception e) {
debug.message("AMCRLStore.getCRL: crlDPExt is null");
}
if ((tmpcrl == null) && (crlIDPExt != null)) {
tmpcrl = getUpdateCRLFromCrlIDP(crlIDPExt);
}
if ((tmpcrl == null) && (crlDPExt != null)) {
tmpcrl = getUpdateCRLFromCrlDP(crlDPExt);
}
if (tmpcrl != null) {
if (crlEntry == null) {
crlEntry = getLdapEntry(ldc);
}
if (debug.messageEnabled()) {
debug.message("AMCRLStore.getCRL: new crl = " + tmpcrl);
}
if (crlEntry != null) {
updateCRL(ldc, crlEntry.getName().toString(), tmpcrl.getEncoded());
}
}
crl = tmpcrl;
}
if (storeParam.isDoCRLCaching()) {
if (debug.messageEnabled()) {
debug.message("AMCRLStore.getCRL: Updating CRL cache");
}
updateCRLCache(certificate, crl);
}
} catch (Exception e) {
debug.error("AMCRLStore.getCRL: Error in getting CRL : ", e);
}
return crl;
}
Also used :
IssuingDistributionPointExtension(com.iplanet.security.x509.IssuingDistributionPointExtension)
X509CRL(java.security.cert.X509CRL)
CRLDistributionPointsExtension(sun.security.x509.CRLDistributionPointsExtension)
HttpURLConnection(java.net.HttpURLConnection)
Connection(org.forgerock.opendj.ldap.Connection)
LdapException(org.forgerock.opendj.ldap.LdapException)
GeneralSecurityException(java.security.GeneralSecurityException)
IOException(java.io.IOException)
LocalizedIllegalArgumentException(org.forgerock.i18n.LocalizedIllegalArgumentException)
SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)
Example 3 with X509CRL
use of java.security.cert.X509CRL in project nhin-d by DirectProject.
the class CRLRevocationManager method getCrlFromUri.
/**
* Create an X509CRLImpl object from a URL pointing to a valid CRL.
*
* @param crlUrlString
* The URL of a valid CRL.
* @return an X509CRLImpl object representing the CRL.
* @throws Exception
*/
protected X509CRL getCrlFromUri(String crlUrlString) {
if (crlUrlString == null || crlUrlString.trim().length() == 0)
return null;
X509CRL crlImpl = null;
// if memory resources are low
synchronized (cache) {
final SoftReference<X509CRL> crlRef = cache.get(crlUrlString);
if (crlRef != null) {
// make sure the reference is still valid
crlImpl = crlRef.get();
if ((crlImpl != null && crlImpl.getNextUpdate().before(new Date())) || (crlImpl == null)) {
// the CRL either is no longer valid, or the SoftReference has been removed
// either way, remove the SoftReference object from the in memory cache
cache.remove(crlUrlString);
// don't removed if the only the SoftReference was removed
if (crlImpl != null) {
// the CRL is expired
removeCrlCacheFile(crlUrlString);
crlImpl = null;
}
}
}
}
// CRLs distribution point URI
if (crlImpl == null) {
// get the file name
final String uriFileName = getCacheFileName(crlUrlString);
if (!uriFileName.isEmpty()) {
// create a file to load from
final File cacheFile = new File(uriFileName);
InputStream fileInStream = null;
try {
// make sure the file exists before attempting to load
if (cacheFile.exists()) {
synchronized (cache) {
// load the CRL from an input stream
fileInStream = FileUtils.openInputStream(cacheFile);
crlImpl = (X509CRL) certificateFactory.generateCRL(fileInStream);
if (crlImpl == null) {
throw new CRLException("CRL load from cache resulted in null CLR implementation instance.");
}
// close the stream now because we can't delete it on windows
// if the stream is open
IOUtils.closeQuietly(fileInStream);
fileInStream = null;
// make sure the CRL isn't expired
if (crlImpl != null && crlImpl.getNextUpdate().before(new Date())) {
// the CRL has expired, so removed it from the cache and
// delete the file
cache.remove(crlUrlString);
removeCrlCacheFile(crlUrlString);
crlImpl = null;
} else {
// file load successful... add it the cache
cache.put(crlUrlString, new SoftReference<X509CRL>(crlImpl));
}
}
}
} catch (CRLException e) {
synchronized (cache) {
LOGGER.warn("CRL cache file " + uriFileName + " appears to be corrupt. Deleting file.", e);
// have to close the file stream or else we can't delete file on windows
IOUtils.closeQuietly(fileInStream);
removeCrlCacheFile(crlUrlString);
}
} catch (Throwable t) {
LOGGER.warn("Failed to load CRL from cache file " + uriFileName, t);
} finally {
if (fileInStream != null) {
IOUtils.closeQuietly(fileInStream);
}
}
}
}
// could not get file from memory or file cache... load from URL
if (crlImpl == null) {
try {
// create a URL connection object from the distribution point
URLConnection urlConnection = new URL(crlUrlString).openConnection();
urlConnection.setConnectTimeout(CRL_CONNECT_TIMEOUT);
urlConnection.setReadTimeout(CRL_READ_TIMEOUT);
// get the input stream
InputStream crlInputStream = urlConnection.getInputStream();
try {
// load from URI
crlImpl = (X509CRL) certificateFactory.generateCRL(crlInputStream);
} catch (Throwable t) {
LOGGER.warn("Failed to load CRL from URL " + crlUrlString, t);
} finally {
IOUtils.closeQuietly(crlInputStream);
}
if (crlImpl != null) {
// and write it a file
synchronized (cache) {
cache.put(crlUrlString, new SoftReference<X509CRL>(crlImpl));
writeCRLCacheFile(crlUrlString, crlImpl);
}
}
} catch (Exception e) {
LOGGER.warn("Unable to retrieve or parse CRL from URI " + crlUrlString);
}
}
return crlImpl;
}
Also used :
X509CRL(java.security.cert.X509CRL)
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
InputStream(java.io.InputStream)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
File(java.io.File)
CRLException(java.security.cert.CRLException)
Date(java.util.Date)
URLConnection(java.net.URLConnection)
URL(java.net.URL)
AnnotatedException(org.bouncycastle.jce.provider.AnnotatedException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
NHINDException(org.nhindirect.stagent.NHINDException)
CRLException(java.security.cert.CRLException)
NoSuchProviderException(java.security.NoSuchProviderException)
Example 4 with X509CRL
use of java.security.cert.X509CRL in project nhin-d by DirectProject.
the class CRLRevocationManager_getCrlFromUriTest method testGetCrlFromUri_existsInCache_crlExpire_assertCRLNotFound.
public void testGetCrlFromUri_existsInCache_crlExpire_assertCRLNotFound() {
String uri = "http://localhost:8080/master.crl";
Calendar nextUpdateDate = Calendar.getInstance();
nextUpdateDate.set(Calendar.YEAR, nextUpdateDate.get(Calendar.YEAR) - 10);
X509CRL crl = mock(X509CRL.class);
when(crl.getNextUpdate()).thenReturn(nextUpdateDate.getTime());
CRLRevocationManager.cache.put(uri, new SoftReference<X509CRL>(crl));
X509CRL retCrl = CRLRevocationManager.getInstance().getCrlFromUri(uri);
assertNull(retCrl);
//make sure it got removed from the cache
assertEquals(0, CRLRevocationManager.cache.size());
}Example 5 with X509CRL
use of java.security.cert.X509CRL in project nhin-d by DirectProject.
the class CRLRevocationManager_getCrlFromUriTest method testGetCrlFromUri_fromURL_uriNotAvailable_assertCRLNotFound.
public void testGetCrlFromUri_fromURL_uriNotAvailable_assertCRLNotFound() throws Exception {
CRLRevocationManager.initCRLCacheLocation();
X509CRL retCRL = CRLRevocationManager.getInstance().getCrlFromUri("file://target/bogusURI");
assertNull(retCRL);
}
Also used :
X509CRL(java.security.cert.X509CRL)
Aggregations
X509CRL (java.security.cert.X509CRL)162
IOException (java.io.IOException)45
File (java.io.File)39
CRLException (java.security.cert.CRLException)37
X509Certificate (java.security.cert.X509Certificate)33
BigInteger (java.math.BigInteger)27
CertificateException (java.security.cert.CertificateException)25
CertificateFactory (java.security.cert.CertificateFactory)24
HashSet (java.util.HashSet)22
Date (java.util.Date)19
X509CRLEntry (java.security.cert.X509CRLEntry)17
GeneralSecurityException (java.security.GeneralSecurityException)16
Test (org.junit.Test)16
FileOutputStream (java.io.FileOutputStream)14
InputStream (java.io.InputStream)14
BufferedOutputStream (java.io.BufferedOutputStream)13
OutputStream (java.io.OutputStream)13
ArrayList (java.util.ArrayList)13
FileInputStream (java.io.FileInputStream)11
ByteArrayInputStream (java.io.ByteArrayInputStream)10
