Examples with X509CRLEntry java.security.cert.X509CRLEntry used on opensource projects

Search in sources :

Example 1 with X509CRLEntry

use of java.security.cert.X509CRLEntry in project jdk8u_jdk by JetBrains.

the class BigCRL method main.

public static void main(String[] args) throws Exception {
    int n = 500000;
    String ks = System.getProperty("test.src", ".") + "/../../ssl/etc/keystore";
    String pass = "passphrase";
    String alias = "dummy";
    KeyStore keyStore = KeyStore.getInstance("JKS");
    keyStore.load(new FileInputStream(ks), pass.toCharArray());
    Certificate signerCert = keyStore.getCertificate(alias);
    byte[] encoded = signerCert.getEncoded();
    X509CertImpl signerCertImpl = new X509CertImpl(encoded);
    X509CertInfo signerCertInfo = (X509CertInfo) signerCertImpl.get(X509CertImpl.NAME + "." + X509CertImpl.INFO);
    X500Name owner = (X500Name) signerCertInfo.get(X509CertInfo.SUBJECT + "." + X509CertInfo.DN_NAME);
    Date date = new Date();
    PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, pass.toCharArray());
    String sigAlgName = signerCertImpl.getSigAlgOID();
    X509CRLEntry[] badCerts = new X509CRLEntry[n];
    CRLExtensions ext = new CRLExtensions();
    ext.set("Reason", new CRLReasonCodeExtension(1));
    for (int i = 0; i < n; i++) {
        badCerts[i] = new X509CRLEntryImpl(BigInteger.valueOf(i), date, ext);
    }
    X509CRLImpl crl = new X509CRLImpl(owner, date, date, badCerts);
    crl.sign(privateKey, sigAlgName);
    byte[] data = crl.getEncodedInternal();
    // Make sure the CRL is big enough
    if ((data[1] & 0xff) != 0x84) {
        throw new Exception("The file should be big enough?");
    }
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    cf.generateCRL(new ByteArrayInputStream(data));
}
Also used : PrivateKey(java.security.PrivateKey) KeyStore(java.security.KeyStore) CertificateFactory(java.security.cert.CertificateFactory) FileInputStream(java.io.FileInputStream) Date(java.util.Date) X509CRLEntry(java.security.cert.X509CRLEntry) ByteArrayInputStream(java.io.ByteArrayInputStream) Certificate(java.security.cert.Certificate)

Example 2 with X509CRLEntry

use of java.security.cert.X509CRLEntry in project oxAuth by GluuFederation.

the class CRLCertificateVerifier method validate.

@Override
public ValidationStatus validate(X509Certificate certificate, List<X509Certificate> issuers, Date validationDate) {
    X509Certificate issuer = issuers.get(0);
    ValidationStatus status = new ValidationStatus(certificate, issuer, validationDate, ValidatorSourceType.CRL, CertificateValidity.UNKNOWN);
    try {
        Principal subjectX500Principal = certificate.getSubjectX500Principal();
        String crlURL = getCrlUri(certificate);
        if (crlURL == null) {
            log.error("CRL's URL for '" + subjectX500Principal + "' is empty");
            return status;
        }
        log.debug("CRL's URL for '" + subjectX500Principal + "' is '" + crlURL + "'");
        X509CRL x509crl = getCrl(crlURL);
        if (!validateCRL(x509crl, certificate, issuer, validationDate)) {
            log.error("The CRL is not valid!");
            status.setValidity(CertificateValidity.INVALID);
            return status;
        }
        X509CRLEntry crlEntry = x509crl.getRevokedCertificate(certificate.getSerialNumber());
        if (crlEntry == null) {
            log.debug("CRL status is valid for '" + subjectX500Principal + "'");
            status.setValidity(CertificateValidity.VALID);
        } else if (crlEntry.getRevocationDate().after(validationDate)) {
            log.warn("CRL revocation time after the validation date, the certificate '" + subjectX500Principal + "' was valid at " + validationDate);
            status.setRevocationObjectIssuingTime(x509crl.getThisUpdate());
            status.setValidity(CertificateValidity.VALID);
        } else {
            log.info("CRL for certificate '" + subjectX500Principal + "' is revoked since " + crlEntry.getRevocationDate());
            status.setRevocationObjectIssuingTime(x509crl.getThisUpdate());
            status.setRevocationDate(crlEntry.getRevocationDate());
            status.setValidity(CertificateValidity.REVOKED);
        }
    } catch (Exception ex) {
        log.error("CRL exception: ", ex);
    }
    return status;
}
Also used : ValidationStatus(org.xdi.oxauth.cert.validation.model.ValidationStatus) X509CRLEntry(java.security.cert.X509CRLEntry) X509CRL(java.security.cert.X509CRL) DEROctetString(org.bouncycastle.asn1.DEROctetString) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) X509Certificate(java.security.cert.X509Certificate) Principal(java.security.Principal) NoSuchParserException(org.bouncycastle.x509.NoSuchParserException) StreamParsingException(org.bouncycastle.x509.util.StreamParsingException) MalformedURLException(java.net.MalformedURLException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) ExecutionException(java.util.concurrent.ExecutionException) CRLException(java.security.cert.CRLException) NoSuchProviderException(java.security.NoSuchProviderException)

Example 3 with X509CRLEntry

use of java.security.cert.X509CRLEntry in project robovm by robovm.

the class X509CRLTest method getRevokedCertificates.

private void getRevokedCertificates(CertificateFactory f) throws Exception {
    X509CRL crlEmpty = getCRL(f, CRL_EMPTY);
    assertNull(crlEmpty.getRevokedCertificates());
    X509CRL crlRsa = getCRL(f, CRL_RSA);
    X509Certificate rsaCert = getCertificate(f, CERT_RSA);
    X509Certificate dsaCert = getCertificate(f, CERT_DSA);
    Set<? extends X509CRLEntry> entries = crlRsa.getRevokedCertificates();
    assertEquals(1, entries.size());
    for (X509CRLEntry e : entries) {
        assertRsaCrlEntry(f, e);
    }
    X509CRL crlRsaDsa = getCRL(f, CRL_RSA_DSA);
    Set<? extends X509CRLEntry> entries2 = crlRsaDsa.getRevokedCertificates();
    assertEquals(2, entries2.size());
    assertRsaCrlEntry(f, crlRsaDsa.getRevokedCertificate(rsaCert));
    assertDsaCrlEntry(f, crlRsaDsa.getRevokedCertificate(dsaCert));
}
Also used : X509CRLEntry(java.security.cert.X509CRLEntry) X509CRL(java.security.cert.X509CRL) X509Certificate(java.security.cert.X509Certificate)

Example 4 with X509CRLEntry

use of java.security.cert.X509CRLEntry in project robovm by robovm.

the class X509CRLTest method test_equals.

private void test_equals(CertificateFactory f) throws Exception {
    X509CRL crl1 = getCRL(f, CRL_RSA);
    X509CRL crl2 = getCRL(f, CRL_RSA);
    X509Certificate rsaCert = getCertificate(f, CERT_RSA);
    X509CRL crlRsaDsa = getCRL(f, CRL_RSA_DSA);
    assertEquals(crl1, crl2);
    assertFalse(crl1.equals(crlRsaDsa));
    X509CRLEntry entry1 = crl1.getRevokedCertificate(rsaCert);
    assertNotNull(entry1);
    X509CRLEntry entry2 = crl2.getRevokedCertificate(rsaCert);
    assertNotNull(entry2);
    assertEquals(entry1, entry2);
}
Also used : X509CRLEntry(java.security.cert.X509CRLEntry) X509CRL(java.security.cert.X509CRL) X509Certificate(java.security.cert.X509Certificate)

Example 5 with X509CRLEntry

use of java.security.cert.X509CRLEntry in project robovm by robovm.

the class X509CRLObject method getRevokedCertificate.

public X509CRLEntry getRevokedCertificate(BigInteger serialNumber) {
    Enumeration certs = c.getRevokedCertificateEnumeration();
    // the issuer
    X500Name previousCertificateIssuer = null;
    while (certs.hasMoreElements()) {
        TBSCertList.CRLEntry entry = (TBSCertList.CRLEntry) certs.nextElement();
        if (serialNumber.equals(entry.getUserCertificate().getValue())) {
            return new X509CRLEntryObject(entry, isIndirect, previousCertificateIssuer);
        }
        if (isIndirect && entry.hasExtensions()) {
            Extension currentCaName = entry.getExtensions().getExtension(Extension.certificateIssuer);
            if (currentCaName != null) {
                previousCertificateIssuer = X500Name.getInstance(GeneralNames.getInstance(currentCaName.getParsedValue()).getNames()[0].getName());
            }
        }
    }
    return null;
}
Also used : Extension(org.bouncycastle.asn1.x509.Extension) Enumeration(java.util.Enumeration) TBSCertList(org.bouncycastle.asn1.x509.TBSCertList) X500Name(org.bouncycastle.asn1.x500.X500Name) X509CRLEntry(java.security.cert.X509CRLEntry)

Aggregations

X509CRLEntry (java.security.cert.X509CRLEntry)39 BigInteger (java.math.BigInteger)20 X509CRL (java.security.cert.X509CRL)17 Date (java.util.Date)13 IOException (java.io.IOException)12 HashSet (java.util.HashSet)11 Test (org.junit.Test)11 File (java.io.File)10 CRLException (java.security.cert.CRLException)10 BufferedOutputStream (java.io.BufferedOutputStream)9 FileOutputStream (java.io.FileOutputStream)9 OutputStream (java.io.OutputStream)9 X509Certificate (java.security.cert.X509Certificate)6 X509CRLHolder (org.bouncycastle.cert.X509CRLHolder)6 NoSuchProviderException (java.security.NoSuchProviderException)5 CertificateException (java.security.cert.CertificateException)5 CertificateFactory (java.security.cert.CertificateFactory)5 X509v2CRLBuilder (org.bouncycastle.cert.X509v2CRLBuilder)5 FileInputStream (java.io.FileInputStream)4 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial