Examples with PKIXCRLStore com.github.zhenwei.provider.jcajce.PKIXCRLStore used on opensource projects

Search in sources :

Example 1 with PKIXCRLStore

use of com.github.zhenwei.provider.jcajce.PKIXCRLStore in project LinLong-Java by zhenwei1108.

the class X509RevocationChecker method getAdditionalStoresFromCRLDistributionPoint.

static List<PKIXCRLStore> getAdditionalStoresFromCRLDistributionPoint(CRLDistPoint crldp, Map<GeneralName, PKIXCRLStore> namedCRLStoreMap) throws AnnotatedException {
    if (crldp == null) {
        return Collections.emptyList();
    }
    DistributionPoint[] dps;
    try {
        dps = crldp.getDistributionPoints();
    } catch (Exception e) {
        throw new AnnotatedException("could not read distribution points could not be read", e);
    }
    List<PKIXCRLStore> stores = new ArrayList<PKIXCRLStore>();
    for (int i = 0; i < dps.length; i++) {
        DistributionPointName dpn = dps[i].getDistributionPoint();
        // look for URIs in fullName
        if (dpn != null && dpn.getType() == DistributionPointName.FULL_NAME) {
            GeneralName[] genNames = GeneralNames.getInstance(dpn.getName()).getNames();
            for (int j = 0; j < genNames.length; j++) {
                PKIXCRLStore store = namedCRLStoreMap.get(genNames[j]);
                if (store != null) {
                    stores.add(store);
                }
            }
        }
    }
    return stores;
}
Also used : ArrayList(java.util.ArrayList) DistributionPointName(com.github.zhenwei.core.asn1.x509.DistributionPointName) DistributionPoint(com.github.zhenwei.core.asn1.x509.DistributionPoint) GeneralName(com.github.zhenwei.core.asn1.x509.GeneralName) KeyStoreException(java.security.KeyStoreException) GeneralSecurityException(java.security.GeneralSecurityException) CertPathValidatorException(java.security.cert.CertPathValidatorException) CertStoreException(java.security.cert.CertStoreException) CRLDistPoint(com.github.zhenwei.core.asn1.x509.CRLDistPoint) DistributionPoint(com.github.zhenwei.core.asn1.x509.DistributionPoint) PKIXCRLStore(com.github.zhenwei.provider.jcajce.PKIXCRLStore)

Example 2 with PKIXCRLStore

use of com.github.zhenwei.provider.jcajce.PKIXCRLStore in project LinLong-Java by zhenwei1108.

the class CertPathValidatorUtilities method getDeltaCRLs.

/**
 * Fetches delta CRLs according to RFC 3280 section 5.2.4.
 *
 * @param validityDate The date for which the delta CRLs must be valid.
 * @param completeCRL  The complete CRL the delta CRL is for.
 * @return A <code>Set</code> of <code>X509CRL</code>s with delta CRLs.
 * @throws AnnotatedException if an exception occurs while picking the delta CRLs.
 */
protected static Set getDeltaCRLs(Date validityDate, X509CRL completeCRL, List<CertStore> certStores, List<PKIXCRLStore> pkixCrlStores, JcaJceHelper helper) throws AnnotatedException {
    X509CRLSelector baseDeltaSelect = new X509CRLSelector();
    // 5.2.4 (a)
    try {
        baseDeltaSelect.addIssuerName(PrincipalUtils.getIssuerPrincipal(completeCRL).getEncoded());
    } catch (IOException e) {
        throw new AnnotatedException("Cannot extract issuer from CRL.", e);
    }
    BigInteger completeCRLNumber = null;
    try {
        ASN1Primitive derObject = CertPathValidatorUtilities.getExtensionValue(completeCRL, CRL_NUMBER);
        if (derObject != null) {
            completeCRLNumber = ASN1Integer.getInstance(derObject).getPositiveValue();
        }
    } catch (Exception e) {
        throw new AnnotatedException("CRL number extension could not be extracted from CRL.", e);
    }
    // 5.2.4 (b)
    byte[] idp;
    try {
        idp = completeCRL.getExtensionValue(ISSUING_DISTRIBUTION_POINT);
    } catch (Exception e) {
        throw new AnnotatedException("Issuing distribution point extension value could not be read.", e);
    }
    // 5.2.4 (d)
    baseDeltaSelect.setMinCRLNumber(completeCRLNumber == null ? null : completeCRLNumber.add(BigInteger.valueOf(1)));
    PKIXCRLStoreSelector.Builder selBuilder = new PKIXCRLStoreSelector.Builder(baseDeltaSelect);
    selBuilder.setIssuingDistributionPoint(idp);
    selBuilder.setIssuingDistributionPointEnabled(true);
    // 5.2.4 (c)
    selBuilder.setMaxBaseCRLNumber(completeCRLNumber);
    PKIXCRLStoreSelector deltaSelect = selBuilder.build();
    // find delta CRLs
    Set temp = PKIXCRLUtil.findCRLs(deltaSelect, validityDate, certStores, pkixCrlStores);
    // if the named CRL store is empty, and we're told to check with CRLDP
    if (temp.isEmpty() && Properties.isOverrideSet("com.github.zhenwei.provider.x509.enableCRLDP")) {
        CertificateFactory certFact;
        try {
            certFact = helper.createCertificateFactory("X.509");
        } catch (Exception e) {
            throw new AnnotatedException("cannot create certificate factory: " + e.getMessage(), e);
        }
        CRLDistPoint id = CRLDistPoint.getInstance(idp);
        DistributionPoint[] dps = id.getDistributionPoints();
        for (int i = 0; i < dps.length; i++) {
            DistributionPointName dpn = dps[i].getDistributionPoint();
            // look for URIs in fullName
            if (dpn != null && dpn.getType() == DistributionPointName.FULL_NAME) {
                GeneralName[] genNames = GeneralNames.getInstance(dpn.getName()).getNames();
                for (int j = 0; j < genNames.length; j++) {
                    GeneralName name = genNames[i];
                    if (name.getTagNo() == GeneralName.uniformResourceIdentifier) {
                        try {
                            PKIXCRLStore store = CrlCache.getCrl(certFact, validityDate, new URI(((ASN1String) name.getName()).getString()));
                            if (store != null) {
                                temp = PKIXCRLUtil.findCRLs(deltaSelect, validityDate, Collections.EMPTY_LIST, Collections.singletonList(store));
                            }
                            break;
                        } catch (Exception e) {
                        // ignore...  TODO: maybe log
                        }
                    }
                }
            }
        }
    }
    Set result = new HashSet();
    for (Iterator it = temp.iterator(); it.hasNext(); ) {
        X509CRL crl = (X509CRL) it.next();
        if (isDeltaCRL(crl)) {
            result.add(crl);
        }
    }
    return result;
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) LinkedHashSet(java.util.LinkedHashSet) X509CRL(java.security.cert.X509CRL) PKIXCRLStoreSelector(com.github.zhenwei.provider.jcajce.PKIXCRLStoreSelector) CertificateFactory(java.security.cert.CertificateFactory) URI(java.net.URI) Iterator(java.util.Iterator) DistributionPoint(com.github.zhenwei.core.asn1.x509.DistributionPoint) CRLDistPoint(com.github.zhenwei.core.asn1.x509.CRLDistPoint) X509CRLSelector(java.security.cert.X509CRLSelector) HashSet(java.util.HashSet) LinkedHashSet(java.util.LinkedHashSet) DistributionPointName(com.github.zhenwei.core.asn1.x509.DistributionPointName) IOException(java.io.IOException) GeneralSecurityException(java.security.GeneralSecurityException) CertPathValidatorException(java.security.cert.CertPathValidatorException) ParseException(java.text.ParseException) CertStoreException(java.security.cert.CertStoreException) ExtCertPathValidatorException(com.github.zhenwei.provider.jce.exception.ExtCertPathValidatorException) CRLException(java.security.cert.CRLException) StoreException(com.github.zhenwei.core.util.StoreException) CertificateParsingException(java.security.cert.CertificateParsingException) CertPathBuilderException(java.security.cert.CertPathBuilderException) IOException(java.io.IOException) ExtCertPathBuilderException(com.github.zhenwei.provider.jce.exception.ExtCertPathBuilderException) CRLDistPoint(com.github.zhenwei.core.asn1.x509.CRLDistPoint) DistributionPoint(com.github.zhenwei.core.asn1.x509.DistributionPoint) PKIXCRLStore(com.github.zhenwei.provider.jcajce.PKIXCRLStore) BigInteger(java.math.BigInteger) GeneralName(com.github.zhenwei.core.asn1.x509.GeneralName) ASN1String(com.github.zhenwei.core.asn1.ASN1String) ASN1Primitive(com.github.zhenwei.core.asn1.ASN1Primitive)

Example 3 with PKIXCRLStore

use of com.github.zhenwei.provider.jcajce.PKIXCRLStore in project LinLong-Java by zhenwei1108.

the class CrlCache method getCrl.

static synchronized PKIXCRLStore getCrl(CertificateFactory certFact, Date validDate, URI distributionPoint) throws IOException, CRLException {
    PKIXCRLStore crlStore = null;
    WeakReference<PKIXCRLStore> markerRef = (WeakReference) cache.get(distributionPoint);
    if (markerRef != null) {
        crlStore = (PKIXCRLStore) markerRef.get();
    }
    if (crlStore != null) {
        boolean isExpired = false;
        for (Iterator it = crlStore.getMatches(null).iterator(); it.hasNext(); ) {
            X509CRL crl = (X509CRL) it.next();
            Date nextUpdate = crl.getNextUpdate();
            if (nextUpdate != null && nextUpdate.before(validDate)) {
                isExpired = true;
                break;
            }
        }
        if (!isExpired) {
            return crlStore;
        }
    }
    Collection crls;
    if (distributionPoint.getScheme().equals("ldap")) {
        crls = getCrlsFromLDAP(certFact, distributionPoint);
    } else {
        // http, https, ftp
        crls = getCrls(certFact, distributionPoint);
    }
    LocalCRLStore localCRLStore = new LocalCRLStore(new CollectionStore<CRL>(crls));
    cache.put(distributionPoint, new WeakReference<PKIXCRLStore>(localCRLStore));
    return localCRLStore;
}
Also used : X509CRL(java.security.cert.X509CRL) WeakReference(java.lang.ref.WeakReference) Iterator(java.util.Iterator) Collection(java.util.Collection) X509CRL(java.security.cert.X509CRL) CRL(java.security.cert.CRL) Date(java.util.Date) PKIXCRLStore(com.github.zhenwei.provider.jcajce.PKIXCRLStore)

Example 4 with PKIXCRLStore

use of com.github.zhenwei.provider.jcajce.PKIXCRLStore in project LinLong-Java by zhenwei1108.

the class RevocationUtilities method getAdditionalStoresFromCRLDistributionPoint.

static List<PKIXCRLStore> getAdditionalStoresFromCRLDistributionPoint(CRLDistPoint crldp, Map<GeneralName, PKIXCRLStore> namedCRLStoreMap) throws AnnotatedException {
    if (crldp == null) {
        return Collections.emptyList();
    }
    DistributionPoint[] dps;
    try {
        dps = crldp.getDistributionPoints();
    } catch (Exception e) {
        throw new AnnotatedException("Distribution points could not be read.", e);
    }
    List<PKIXCRLStore> stores = new ArrayList<PKIXCRLStore>();
    for (int i = 0; i < dps.length; i++) {
        DistributionPointName dpn = dps[i].getDistributionPoint();
        // look for URIs in fullName
        if (dpn != null && dpn.getType() == DistributionPointName.FULL_NAME) {
            GeneralName[] genNames = GeneralNames.getInstance(dpn.getName()).getNames();
            for (int j = 0; j < genNames.length; j++) {
                PKIXCRLStore store = namedCRLStoreMap.get(genNames[j]);
                if (store != null) {
                    stores.add(store);
                }
            }
        }
    }
    return stores;
}
Also used : ArrayList(java.util.ArrayList) DistributionPointName(com.github.zhenwei.core.asn1.x509.DistributionPointName) IssuingDistributionPoint(com.github.zhenwei.core.asn1.x509.IssuingDistributionPoint) DistributionPoint(com.github.zhenwei.core.asn1.x509.DistributionPoint) GeneralName(com.github.zhenwei.core.asn1.x509.GeneralName) CertPathValidatorException(java.security.cert.CertPathValidatorException) CertStoreException(java.security.cert.CertStoreException) CRLException(java.security.cert.CRLException) StoreException(com.github.zhenwei.core.util.StoreException) IOException(java.io.IOException) IssuingDistributionPoint(com.github.zhenwei.core.asn1.x509.IssuingDistributionPoint) CRLDistPoint(com.github.zhenwei.core.asn1.x509.CRLDistPoint) DistributionPoint(com.github.zhenwei.core.asn1.x509.DistributionPoint) PKIXCRLStore(com.github.zhenwei.provider.jcajce.PKIXCRLStore)

Example 5 with PKIXCRLStore

use of com.github.zhenwei.provider.jcajce.PKIXCRLStore in project LinLong-Java by zhenwei1108.

the class CertPathValidatorUtilities method getAdditionalStoresFromCRLDistributionPoint.

static List<PKIXCRLStore> getAdditionalStoresFromCRLDistributionPoint(CRLDistPoint crldp, Map<GeneralName, PKIXCRLStore> namedCRLStoreMap, Date validDate, JcaJceHelper helper) throws AnnotatedException {
    if (null == crldp) {
        return Collections.EMPTY_LIST;
    }
    DistributionPoint[] dps;
    try {
        dps = crldp.getDistributionPoints();
    } catch (Exception e) {
        throw new AnnotatedException("Distribution points could not be read.", e);
    }
    List<PKIXCRLStore> stores = new ArrayList<PKIXCRLStore>();
    for (int i = 0; i < dps.length; i++) {
        DistributionPointName dpn = dps[i].getDistributionPoint();
        // look for URIs in fullName
        if (dpn != null && dpn.getType() == DistributionPointName.FULL_NAME) {
            GeneralName[] genNames = GeneralNames.getInstance(dpn.getName()).getNames();
            for (int j = 0; j < genNames.length; j++) {
                PKIXCRLStore store = namedCRLStoreMap.get(genNames[j]);
                if (store != null) {
                    stores.add(store);
                }
            }
        }
    }
    // if the named CRL store is empty, and we're told to check with CRLDP
    if (stores.isEmpty() && Properties.isOverrideSet("com.github.zhenwei.provider.x509.enableCRLDP")) {
        CertificateFactory certFact;
        try {
            certFact = helper.createCertificateFactory("X.509");
        } catch (Exception e) {
            throw new AnnotatedException("cannot create certificate factory: " + e.getMessage(), e);
        }
        for (int i = 0; i < dps.length; i++) {
            DistributionPointName dpn = dps[i].getDistributionPoint();
            // look for URIs in fullName
            if (dpn != null && dpn.getType() == DistributionPointName.FULL_NAME) {
                GeneralName[] genNames = GeneralNames.getInstance(dpn.getName()).getNames();
                for (int j = 0; j < genNames.length; j++) {
                    GeneralName name = genNames[i];
                    if (name.getTagNo() == GeneralName.uniformResourceIdentifier) {
                        try {
                            URI distributionPoint = new URI(((ASN1String) name.getName()).getString());
                            PKIXCRLStore store = CrlCache.getCrl(certFact, validDate, distributionPoint);
                            if (store != null) {
                                stores.add(store);
                            }
                            break;
                        } catch (Exception e) {
                        // ignore...  TODO: maybe log
                        }
                    }
                }
            }
        }
    }
    return stores;
}
Also used : ArrayList(java.util.ArrayList) DistributionPointName(com.github.zhenwei.core.asn1.x509.DistributionPointName) CertificateFactory(java.security.cert.CertificateFactory) URI(java.net.URI) GeneralSecurityException(java.security.GeneralSecurityException) CertPathValidatorException(java.security.cert.CertPathValidatorException) ParseException(java.text.ParseException) CertStoreException(java.security.cert.CertStoreException) ExtCertPathValidatorException(com.github.zhenwei.provider.jce.exception.ExtCertPathValidatorException) CRLException(java.security.cert.CRLException) StoreException(com.github.zhenwei.core.util.StoreException) CertificateParsingException(java.security.cert.CertificateParsingException) CertPathBuilderException(java.security.cert.CertPathBuilderException) IOException(java.io.IOException) ExtCertPathBuilderException(com.github.zhenwei.provider.jce.exception.ExtCertPathBuilderException) CRLDistPoint(com.github.zhenwei.core.asn1.x509.CRLDistPoint) DistributionPoint(com.github.zhenwei.core.asn1.x509.DistributionPoint) PKIXCRLStore(com.github.zhenwei.provider.jcajce.PKIXCRLStore) DistributionPoint(com.github.zhenwei.core.asn1.x509.DistributionPoint) GeneralName(com.github.zhenwei.core.asn1.x509.GeneralName)

Aggregations

PKIXCRLStore (com.github.zhenwei.provider.jcajce.PKIXCRLStore)5 CRLDistPoint (com.github.zhenwei.core.asn1.x509.CRLDistPoint)4 DistributionPoint (com.github.zhenwei.core.asn1.x509.DistributionPoint)4 DistributionPointName (com.github.zhenwei.core.asn1.x509.DistributionPointName)4 GeneralName (com.github.zhenwei.core.asn1.x509.GeneralName)4 CertPathValidatorException (java.security.cert.CertPathValidatorException)4 CertStoreException (java.security.cert.CertStoreException)4 StoreException (com.github.zhenwei.core.util.StoreException)3 IOException (java.io.IOException)3 GeneralSecurityException (java.security.GeneralSecurityException)3 CRLException (java.security.cert.CRLException)3 ArrayList (java.util.ArrayList)3 ExtCertPathBuilderException (com.github.zhenwei.provider.jce.exception.ExtCertPathBuilderException)2 ExtCertPathValidatorException (com.github.zhenwei.provider.jce.exception.ExtCertPathValidatorException)2 URI (java.net.URI)2 CertPathBuilderException (java.security.cert.CertPathBuilderException)2 CertificateFactory (java.security.cert.CertificateFactory)2 CertificateParsingException (java.security.cert.CertificateParsingException)2 X509CRL (java.security.cert.X509CRL)2 ParseException (java.text.ParseException)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial