Example 16 with DistributionPointName
use of com.github.zhenwei.core.asn1.x509.DistributionPointName in project LinLong-Java by zhenwei1108.
the class X509RevocationChecker method downloadCRLs.
private CRL downloadCRLs(X500Principal issuer, Date currentDate, ASN1Primitive crlDpPrimitive, JcaJceHelper helper) {
CRLDistPoint crlDp = CRLDistPoint.getInstance(crlDpPrimitive);
DistributionPoint[] points = crlDp.getDistributionPoints();
for (int i = 0; i != points.length; i++) {
DistributionPoint dp = points[i];
DistributionPointName dpn = dp.getDistributionPoint();
if (dpn != null && dpn.getType() == DistributionPointName.FULL_NAME) {
GeneralName[] names = GeneralNames.getInstance(dpn.getName()).getNames();
for (int n = 0; n != names.length; n++) {
GeneralName name = names[n];
if (name.getTagNo() == GeneralName.uniformResourceIdentifier) {
X509CRL crl;
WeakReference<X509CRL> crlRef = crlCache.get(name);
if (crlRef != null) {
crl = crlRef.get();
if (crl != null && !currentDate.before(crl.getThisUpdate()) && !currentDate.after(crl.getNextUpdate())) {
return crl;
}
// delete expired/out-of-range entry
crlCache.remove(name);
}
URL url = null;
try {
url = new URL(name.getName().toString());
CertificateFactory certFact = helper.createCertificateFactory("X.509");
InputStream urlStream = url.openStream();
crl = (X509CRL) certFact.generateCRL(new BufferedInputStream(urlStream));
urlStream.close();
LOG.log(Level.INFO, "downloaded CRL from CrlDP " + url + " for issuer \"" + issuer + "\"");
crlCache.put(name, new WeakReference<X509CRL>(crl));
return crl;
} catch (Exception e) {
if (LOG.isLoggable(Level.FINE)) {
LOG.log(Level.FINE, "CrlDP " + url + " ignored: " + e.getMessage(), e);
} else {
LOG.log(Level.INFO, "CrlDP " + url + " ignored: " + e.getMessage());
}
}
}
}
}
}
return null;
}
Also used :
X509CRL(java.security.cert.X509CRL)
BufferedInputStream(java.io.BufferedInputStream)
InputStream(java.io.InputStream)
DistributionPointName(com.github.zhenwei.core.asn1.x509.DistributionPointName)
CertificateFactory(java.security.cert.CertificateFactory)
CRLDistPoint(com.github.zhenwei.core.asn1.x509.CRLDistPoint)
DistributionPoint(com.github.zhenwei.core.asn1.x509.DistributionPoint)
URL(java.net.URL)
KeyStoreException(java.security.KeyStoreException)
GeneralSecurityException(java.security.GeneralSecurityException)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
CertStoreException(java.security.cert.CertStoreException)
BufferedInputStream(java.io.BufferedInputStream)
DistributionPoint(com.github.zhenwei.core.asn1.x509.DistributionPoint)
GeneralName(com.github.zhenwei.core.asn1.x509.GeneralName)
CRLDistPoint(com.github.zhenwei.core.asn1.x509.CRLDistPoint)
Example 17 with DistributionPointName
use of com.github.zhenwei.core.asn1.x509.DistributionPointName in project LinLong-Java by zhenwei1108.
the class RFC3280CertPathUtilities method processCRLB2.
/**
* If the complete CRL includes an issuing distribution point (IDP) CRL extension check the
* following:
* <p>
* (i) If the distribution point name is present in the IDP CRL extension and the distribution
* field is present in the DP, then verify that one of the names in the IDP matches one of the
* names in the DP. If the distribution point name is present in the IDP CRL extension and the
* distribution field is omitted from the DP, then verify that one of the names in the IDP matches
* one of the names in the cRLIssuer field of the DP.
* </p>
* <p>
* (ii) If the onlyContainsUserCerts boolean is asserted in the IDP CRL extension, verify that the
* certificate does not include the basic constraints extension with the cA boolean asserted.
* </p>
* <p>
* (iii) If the onlyContainsCACerts boolean is asserted in the IDP CRL extension, verify that the
* certificate includes the basic constraints extension with the cA boolean asserted.
* </p>
* <p>
* (iv) Verify that the onlyContainsAttributeCerts boolean is not asserted.
* </p>
*
* @param dp The distribution point.
* @param cert The certificate.
* @param crl The CRL.
* @throws AnnotatedException if one of the conditions is not met or an error occurs.
*/
protected static void processCRLB2(DistributionPoint dp, Object cert, X509CRL crl) throws AnnotatedException {
IssuingDistributionPoint idp = null;
try {
idp = IssuingDistributionPoint.getInstance(CertPathValidatorUtilities.getExtensionValue(crl, RFC3280CertPathUtilities.ISSUING_DISTRIBUTION_POINT));
} catch (Exception e) {
throw new AnnotatedException("Issuing distribution point extension could not be decoded.", e);
}
// distribution point name is present
if (idp != null) {
if (idp.getDistributionPoint() != null) {
// make list of names
DistributionPointName dpName = IssuingDistributionPoint.getInstance(idp).getDistributionPoint();
List names = new ArrayList();
if (dpName.getType() == DistributionPointName.FULL_NAME) {
GeneralName[] genNames = GeneralNames.getInstance(dpName.getName()).getNames();
for (int j = 0; j < genNames.length; j++) {
names.add(genNames[j]);
}
}
if (dpName.getType() == DistributionPointName.NAME_RELATIVE_TO_CRL_ISSUER) {
ASN1EncodableVector vec = new ASN1EncodableVector();
try {
Enumeration e = ASN1Sequence.getInstance(PrincipalUtils.getIssuerPrincipal(crl)).getObjects();
while (e.hasMoreElements()) {
vec.add((ASN1Encodable) e.nextElement());
}
} catch (Exception e) {
throw new AnnotatedException("Could not read CRL issuer.", e);
}
vec.add(dpName.getName());
names.add(new GeneralName(X500Name.getInstance(new DERSequence(vec))));
}
boolean matches = false;
// of the names in the DP.
if (dp.getDistributionPoint() != null) {
dpName = dp.getDistributionPoint();
GeneralName[] genNames = null;
if (dpName.getType() == DistributionPointName.FULL_NAME) {
genNames = GeneralNames.getInstance(dpName.getName()).getNames();
}
if (dpName.getType() == DistributionPointName.NAME_RELATIVE_TO_CRL_ISSUER) {
if (dp.getCRLIssuer() != null) {
genNames = dp.getCRLIssuer().getNames();
} else {
genNames = new GeneralName[1];
try {
genNames[0] = new GeneralName(PrincipalUtils.getEncodedIssuerPrincipal(cert));
} catch (Exception e) {
throw new AnnotatedException("Could not read certificate issuer.", e);
}
}
for (int j = 0; j < genNames.length; j++) {
Enumeration e = ASN1Sequence.getInstance(genNames[j].getName().toASN1Primitive()).getObjects();
ASN1EncodableVector vec = new ASN1EncodableVector();
while (e.hasMoreElements()) {
vec.add((ASN1Encodable) e.nextElement());
}
vec.add(dpName.getName());
genNames[j] = new GeneralName(X500Name.getInstance(new DERSequence(vec)));
}
}
if (genNames != null) {
for (int j = 0; j < genNames.length; j++) {
if (names.contains(genNames[j])) {
matches = true;
break;
}
}
}
if (!matches) {
throw new AnnotatedException("No match for certificate CRL issuing distribution point name to cRLIssuer CRL distribution point.");
}
} else // verify that one of the names in
// the IDP matches one of the names in the cRLIssuer field of
// the DP
{
if (dp.getCRLIssuer() == null) {
throw new AnnotatedException("Either the cRLIssuer or the distributionPoint field must " + "be contained in DistributionPoint.");
}
GeneralName[] genNames = dp.getCRLIssuer().getNames();
for (int j = 0; j < genNames.length; j++) {
if (names.contains(genNames[j])) {
matches = true;
break;
}
}
if (!matches) {
throw new AnnotatedException("No match for certificate CRL issuing distribution point name to cRLIssuer CRL distribution point.");
}
}
}
BasicConstraints bc = null;
try {
bc = BasicConstraints.getInstance(CertPathValidatorUtilities.getExtensionValue((X509Extension) cert, BASIC_CONSTRAINTS));
} catch (Exception e) {
throw new AnnotatedException("Basic constraints extension could not be decoded.", e);
}
if (cert instanceof X509Certificate) {
// (b) (2) (ii)
if (idp.onlyContainsUserCerts() && (bc != null && bc.isCA())) {
throw new AnnotatedException("CA Cert CRL only contains user certificates.");
}
// (b) (2) (iii)
if (idp.onlyContainsCACerts() && (bc == null || !bc.isCA())) {
throw new AnnotatedException("End CRL only contains CA certificates.");
}
}
// (b) (2) (iv)
if (idp.onlyContainsAttributeCerts()) {
throw new AnnotatedException("onlyContainsAttributeCerts boolean is asserted.");
}
}
}
Also used :
IssuingDistributionPoint(com.github.zhenwei.core.asn1.x509.IssuingDistributionPoint)
Enumeration(java.util.Enumeration)
DistributionPointName(com.github.zhenwei.core.asn1.x509.DistributionPointName)
ArrayList(java.util.ArrayList)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
GeneralSecurityException(java.security.GeneralSecurityException)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
ExtCertPathValidatorException(com.github.zhenwei.provider.jce.exception.ExtCertPathValidatorException)
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
CertPathBuilderException(java.security.cert.CertPathBuilderException)
IOException(java.io.IOException)
IssuingDistributionPoint(com.github.zhenwei.core.asn1.x509.IssuingDistributionPoint)
CRLDistPoint(com.github.zhenwei.core.asn1.x509.CRLDistPoint)
DistributionPoint(com.github.zhenwei.core.asn1.x509.DistributionPoint)
X509Certificate(java.security.cert.X509Certificate)
DERSequence(com.github.zhenwei.core.asn1.DERSequence)
ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector)
List(java.util.List)
ArrayList(java.util.ArrayList)
GeneralName(com.github.zhenwei.core.asn1.x509.GeneralName)
BasicConstraints(com.github.zhenwei.core.asn1.x509.BasicConstraints)
Example 18 with DistributionPointName
use of com.github.zhenwei.core.asn1.x509.DistributionPointName in project LinLong-Java by zhenwei1108.
the class RFC3281CertPathUtilities method checkCRLs.
/**
* Checks if an attribute certificate is revoked.
*
* @param attrCert Attribute certificate to check if it is revoked.
* @param paramsPKIX PKIX parameters.
* @param validityDate The date when the certificate revocation status should be checked.
* @param issuerCert The issuer certificate of the attribute certificate
* <code>attrCert</code>.
* @param certPathCerts The certificates of the certification path to be checked.
* @throws CertPathValidatorException if the certificate is revoked or the status cannot be
* checked or some error occurs.
*/
protected static void checkCRLs(X509AttributeCertificate attrCert, PKIXExtendedParameters paramsPKIX, Date currentDate, Date validityDate, X509Certificate issuerCert, List certPathCerts, JcaJceHelper helper) throws CertPathValidatorException {
if (paramsPKIX.isRevocationEnabled()) {
// check if revocation is available
if (attrCert.getExtensionValue(NO_REV_AVAIL) == null) {
CRLDistPoint crldp = null;
try {
crldp = CRLDistPoint.getInstance(CertPathValidatorUtilities.getExtensionValue(attrCert, CRL_DISTRIBUTION_POINTS));
} catch (AnnotatedException e) {
throw new CertPathValidatorException("CRL distribution point extension could not be read.", e);
}
List crlStores = new ArrayList();
try {
crlStores.addAll(CertPathValidatorUtilities.getAdditionalStoresFromCRLDistributionPoint(crldp, paramsPKIX.getNamedCRLStoreMap(), validityDate, helper));
} catch (AnnotatedException e) {
throw new CertPathValidatorException("No additional CRL locations could be decoded from CRL distribution point extension.", e);
}
PKIXExtendedParameters.Builder bldr = new PKIXExtendedParameters.Builder(paramsPKIX);
for (Iterator it = crlStores.iterator(); it.hasNext(); ) {
bldr.addCRLStore((PKIXCRLStore) crlStores);
}
paramsPKIX = bldr.build();
CertStatus certStatus = new CertStatus();
ReasonsMask reasonsMask = new ReasonsMask();
AnnotatedException lastException = null;
boolean validCrlFound = false;
// for each distribution point
if (crldp != null) {
DistributionPoint[] dps = null;
try {
dps = crldp.getDistributionPoints();
} catch (Exception e) {
throw new ExtCertPathValidatorException("Distribution points could not be read.", e);
}
try {
for (int i = 0; i < dps.length && certStatus.getCertStatus() == CertStatus.UNREVOKED && !reasonsMask.isAllReasons(); i++) {
PKIXExtendedParameters paramsPKIXClone = (PKIXExtendedParameters) paramsPKIX.clone();
checkCRL(dps[i], attrCert, paramsPKIXClone, currentDate, validityDate, issuerCert, certStatus, reasonsMask, certPathCerts, helper);
validCrlFound = true;
}
} catch (AnnotatedException e) {
lastException = new AnnotatedException("No valid CRL for distribution point found.", e);
}
}
if (certStatus.getCertStatus() == CertStatus.UNREVOKED && !reasonsMask.isAllReasons()) {
try {
/*
* assume a DP with both the reasons and the cRLIssuer
* fields omitted and a distribution point name of the
* certificate issuer.
*/
X500Name issuer;
try {
issuer = PrincipalUtils.getEncodedIssuerPrincipal(attrCert);
} catch (Exception e) {
throw new AnnotatedException("Issuer from certificate for CRL could not be reencoded.", e);
}
DistributionPoint dp = new DistributionPoint(new DistributionPointName(0, new GeneralNames(new GeneralName(GeneralName.directoryName, issuer))), null, null);
PKIXExtendedParameters paramsPKIXClone = (PKIXExtendedParameters) paramsPKIX.clone();
checkCRL(dp, attrCert, paramsPKIXClone, currentDate, validityDate, issuerCert, certStatus, reasonsMask, certPathCerts, helper);
validCrlFound = true;
} catch (AnnotatedException e) {
lastException = new AnnotatedException("No valid CRL for distribution point found.", e);
}
}
if (!validCrlFound) {
throw new ExtCertPathValidatorException("No valid CRL found.", lastException);
}
if (certStatus.getCertStatus() != CertStatus.UNREVOKED) {
String message = "Attribute certificate revocation after " + certStatus.getRevocationDate();
message += ", reason: " + RFC3280CertPathUtilities.crlReasons[certStatus.getCertStatus()];
throw new CertPathValidatorException(message);
}
if (!reasonsMask.isAllReasons() && certStatus.getCertStatus() == CertStatus.UNREVOKED) {
certStatus.setCertStatus(CertStatus.UNDETERMINED);
}
if (certStatus.getCertStatus() == CertStatus.UNDETERMINED) {
throw new CertPathValidatorException("Attribute certificate status could not be determined.");
}
} else {
if (attrCert.getExtensionValue(CRL_DISTRIBUTION_POINTS) != null || attrCert.getExtensionValue(AUTHORITY_INFO_ACCESS) != null) {
throw new CertPathValidatorException("No rev avail extension is set, but also an AC revocation pointer.");
}
}
}
}
Also used :
CertPathBuilder(java.security.cert.CertPathBuilder)
ArrayList(java.util.ArrayList)
DistributionPointName(com.github.zhenwei.core.asn1.x509.DistributionPointName)
X500Name(com.github.zhenwei.core.asn1.x500.X500Name)
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
CertPathBuilderException(java.security.cert.CertPathBuilderException)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
IOException(java.io.IOException)
ExtCertPathValidatorException(com.github.zhenwei.provider.jce.exception.ExtCertPathValidatorException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
NoSuchProviderException(java.security.NoSuchProviderException)
DistributionPoint(com.github.zhenwei.core.asn1.x509.DistributionPoint)
CRLDistPoint(com.github.zhenwei.core.asn1.x509.CRLDistPoint)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
ExtCertPathValidatorException(com.github.zhenwei.provider.jce.exception.ExtCertPathValidatorException)
PKIXExtendedParameters(com.github.zhenwei.provider.jcajce.PKIXExtendedParameters)
ExtCertPathValidatorException(com.github.zhenwei.provider.jce.exception.ExtCertPathValidatorException)
GeneralNames(com.github.zhenwei.core.asn1.x509.GeneralNames)
Iterator(java.util.Iterator)
ArrayList(java.util.ArrayList)
List(java.util.List)
DistributionPoint(com.github.zhenwei.core.asn1.x509.DistributionPoint)
GeneralName(com.github.zhenwei.core.asn1.x509.GeneralName)
CRLDistPoint(com.github.zhenwei.core.asn1.x509.CRLDistPoint)
Example 19 with DistributionPointName
use of com.github.zhenwei.core.asn1.x509.DistributionPointName in project LinLong-Java by zhenwei1108.
the class PKIXCertPathReviewer method getCRLDistUrls.
protected Vector getCRLDistUrls(CRLDistPoint crlDistPoints) {
Vector urls = new Vector();
if (crlDistPoints != null) {
DistributionPoint[] distPoints = crlDistPoints.getDistributionPoints();
for (int i = 0; i < distPoints.length; i++) {
DistributionPointName dp_name = distPoints[i].getDistributionPoint();
if (dp_name.getType() == DistributionPointName.FULL_NAME) {
GeneralName[] generalNames = GeneralNames.getInstance(dp_name.getName()).getNames();
for (int j = 0; j < generalNames.length; j++) {
if (generalNames[j].getTagNo() == GeneralName.uniformResourceIdentifier) {
String url = ((ASN1IA5String) generalNames[j].getName()).getString();
urls.add(url);
}
}
}
}
}
return urls;
}
Also used :
ASN1IA5String(com.github.zhenwei.core.asn1.ASN1IA5String)
DistributionPointName(com.github.zhenwei.core.asn1.x509.DistributionPointName)
IssuingDistributionPoint(com.github.zhenwei.core.asn1.x509.IssuingDistributionPoint)
DistributionPoint(com.github.zhenwei.core.asn1.x509.DistributionPoint)
GeneralName(com.github.zhenwei.core.asn1.x509.GeneralName)
ASN1OctetString(com.github.zhenwei.core.asn1.ASN1OctetString)
DEROctetString(com.github.zhenwei.core.asn1.DEROctetString)
LocaleString(com.github.zhenwei.core.i18n.LocaleString)
ASN1IA5String(com.github.zhenwei.core.asn1.ASN1IA5String)
Vector(java.util.Vector)
IssuingDistributionPoint(com.github.zhenwei.core.asn1.x509.IssuingDistributionPoint)
CRLDistPoint(com.github.zhenwei.core.asn1.x509.CRLDistPoint)
DistributionPoint(com.github.zhenwei.core.asn1.x509.DistributionPoint)
Example 20 with DistributionPointName
use of com.github.zhenwei.core.asn1.x509.DistributionPointName in project LinLong-Java by zhenwei1108.
the class CertPathValidatorUtilities method getDeltaCRLs.
/**
* Fetches delta CRLs according to RFC 3280 section 5.2.4.
*
* @param validityDate The date for which the delta CRLs must be valid.
* @param completeCRL The complete CRL the delta CRL is for.
* @return A <code>Set</code> of <code>X509CRL</code>s with delta CRLs.
* @throws AnnotatedException if an exception occurs while picking the delta CRLs.
*/
protected static Set getDeltaCRLs(Date validityDate, X509CRL completeCRL, List<CertStore> certStores, List<PKIXCRLStore> pkixCrlStores, JcaJceHelper helper) throws AnnotatedException {
X509CRLSelector baseDeltaSelect = new X509CRLSelector();
// 5.2.4 (a)
try {
baseDeltaSelect.addIssuerName(PrincipalUtils.getIssuerPrincipal(completeCRL).getEncoded());
} catch (IOException e) {
throw new AnnotatedException("Cannot extract issuer from CRL.", e);
}
BigInteger completeCRLNumber = null;
try {
ASN1Primitive derObject = CertPathValidatorUtilities.getExtensionValue(completeCRL, CRL_NUMBER);
if (derObject != null) {
completeCRLNumber = ASN1Integer.getInstance(derObject).getPositiveValue();
}
} catch (Exception e) {
throw new AnnotatedException("CRL number extension could not be extracted from CRL.", e);
}
// 5.2.4 (b)
byte[] idp;
try {
idp = completeCRL.getExtensionValue(ISSUING_DISTRIBUTION_POINT);
} catch (Exception e) {
throw new AnnotatedException("Issuing distribution point extension value could not be read.", e);
}
// 5.2.4 (d)
baseDeltaSelect.setMinCRLNumber(completeCRLNumber == null ? null : completeCRLNumber.add(BigInteger.valueOf(1)));
PKIXCRLStoreSelector.Builder selBuilder = new PKIXCRLStoreSelector.Builder(baseDeltaSelect);
selBuilder.setIssuingDistributionPoint(idp);
selBuilder.setIssuingDistributionPointEnabled(true);
// 5.2.4 (c)
selBuilder.setMaxBaseCRLNumber(completeCRLNumber);
PKIXCRLStoreSelector deltaSelect = selBuilder.build();
// find delta CRLs
Set temp = PKIXCRLUtil.findCRLs(deltaSelect, validityDate, certStores, pkixCrlStores);
// if the named CRL store is empty, and we're told to check with CRLDP
if (temp.isEmpty() && Properties.isOverrideSet("com.github.zhenwei.provider.x509.enableCRLDP")) {
CertificateFactory certFact;
try {
certFact = helper.createCertificateFactory("X.509");
} catch (Exception e) {
throw new AnnotatedException("cannot create certificate factory: " + e.getMessage(), e);
}
CRLDistPoint id = CRLDistPoint.getInstance(idp);
DistributionPoint[] dps = id.getDistributionPoints();
for (int i = 0; i < dps.length; i++) {
DistributionPointName dpn = dps[i].getDistributionPoint();
// look for URIs in fullName
if (dpn != null && dpn.getType() == DistributionPointName.FULL_NAME) {
GeneralName[] genNames = GeneralNames.getInstance(dpn.getName()).getNames();
for (int j = 0; j < genNames.length; j++) {
GeneralName name = genNames[i];
if (name.getTagNo() == GeneralName.uniformResourceIdentifier) {
try {
PKIXCRLStore store = CrlCache.getCrl(certFact, validityDate, new URI(((ASN1String) name.getName()).getString()));
if (store != null) {
temp = PKIXCRLUtil.findCRLs(deltaSelect, validityDate, Collections.EMPTY_LIST, Collections.singletonList(store));
}
break;
} catch (Exception e) {
// ignore... TODO: maybe log
}
}
}
}
}
}
Set result = new HashSet();
for (Iterator it = temp.iterator(); it.hasNext(); ) {
X509CRL crl = (X509CRL) it.next();
if (isDeltaCRL(crl)) {
result.add(crl);
}
}
return result;
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
LinkedHashSet(java.util.LinkedHashSet)
X509CRL(java.security.cert.X509CRL)
PKIXCRLStoreSelector(com.github.zhenwei.provider.jcajce.PKIXCRLStoreSelector)
CertificateFactory(java.security.cert.CertificateFactory)
URI(java.net.URI)
Iterator(java.util.Iterator)
DistributionPoint(com.github.zhenwei.core.asn1.x509.DistributionPoint)
CRLDistPoint(com.github.zhenwei.core.asn1.x509.CRLDistPoint)
X509CRLSelector(java.security.cert.X509CRLSelector)
HashSet(java.util.HashSet)
LinkedHashSet(java.util.LinkedHashSet)
DistributionPointName(com.github.zhenwei.core.asn1.x509.DistributionPointName)
IOException(java.io.IOException)
GeneralSecurityException(java.security.GeneralSecurityException)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
ParseException(java.text.ParseException)
CertStoreException(java.security.cert.CertStoreException)
ExtCertPathValidatorException(com.github.zhenwei.provider.jce.exception.ExtCertPathValidatorException)
CRLException(java.security.cert.CRLException)
StoreException(com.github.zhenwei.core.util.StoreException)
CertificateParsingException(java.security.cert.CertificateParsingException)
CertPathBuilderException(java.security.cert.CertPathBuilderException)
IOException(java.io.IOException)
ExtCertPathBuilderException(com.github.zhenwei.provider.jce.exception.ExtCertPathBuilderException)
CRLDistPoint(com.github.zhenwei.core.asn1.x509.CRLDistPoint)
DistributionPoint(com.github.zhenwei.core.asn1.x509.DistributionPoint)
PKIXCRLStore(com.github.zhenwei.provider.jcajce.PKIXCRLStore)
BigInteger(java.math.BigInteger)
GeneralName(com.github.zhenwei.core.asn1.x509.GeneralName)
ASN1String(com.github.zhenwei.core.asn1.ASN1String)
ASN1Primitive(com.github.zhenwei.core.asn1.ASN1Primitive)
Aggregations
DistributionPointName (org.bouncycastle.asn1.x509.DistributionPointName)30
DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)29
GeneralName (org.bouncycastle.asn1.x509.GeneralName)29
CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)27
IOException (java.io.IOException)22
ArrayList (java.util.ArrayList)19
GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)19
DERIA5String (org.bouncycastle.asn1.DERIA5String)18
CertPathValidatorException (java.security.cert.CertPathValidatorException)16
GeneralSecurityException (java.security.GeneralSecurityException)13
CRLDistPoint (com.github.zhenwei.core.asn1.x509.CRLDistPoint)11
DistributionPoint (com.github.zhenwei.core.asn1.x509.DistributionPoint)11
DistributionPointName (com.github.zhenwei.core.asn1.x509.DistributionPointName)11
GeneralName (com.github.zhenwei.core.asn1.x509.GeneralName)11
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)11
ASN1Primitive (org.bouncycastle.asn1.ASN1Primitive)11
DEROctetString (org.bouncycastle.asn1.DEROctetString)11
CertPathBuilderException (java.security.cert.CertPathBuilderException)10
ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)9
CertStoreException (java.security.cert.CertStoreException)8
