Examples with ItrusCRL - com.itrus.portal.certAPI.cert.ItrusCRL

Example 1 with ItrusCRL

use of com.itrus.portal.certAPI.cert.ItrusCRL in project portal by ixinportal.

the class CVM method verifyCertificate.

/**
 * 通过CRL来验证证书的有效性
 *
 * @param userCert
 * @return int 返回状态码，可以使用CVM.VALID ...判断结果
 */
public static int verifyCertificate(java.security.cert.X509Certificate userCert) {
    if (crlContexts == null) {
        throw new RuntimeException("CVM未初始化");
    }
    String SerialNumber = DERUtils.BigIntegerToHexString(userCert.getSerialNumber());
    X509Certificate cert = null;
    try {
        cert = X509Certificate.getInstance(userCert);
    } catch (Exception e) {
        log.error(e.getMessage());
    }
    CRLContext crlContext = null;
    log.debug("查找支持的CA[" + cert.getIssuerDN().getName() + "]");
    crlContext = (CRLContext) crlContexts.get(cert.getIssuerDN().getName());
    if (null == crlContext) {
        log.info("不支持的颁发者=[" + cert.getIssuerDN().getName() + "]，Cert's SubjectDN=[" + cert.getSubjectDN().getName() + "]");
        return UNKNOWN_ISSUER;
    }
    X509Certificate cACert = crlContext.getM_CaCert();
    if (!cert.verify(cACert)) {
        log.info("验证CA签名失败，疑是伪造证书，Cert's SubjectDN=[" + cert.getSubjectDN().getName() + "]");
        return ILLEGAL_ISSUER;
    }
    if (crlContext.isM_ChechCRL()) {
        ItrusCRL itrusCRL = crlContext.getItrusCRL();
        if (itrusCRL == null) {
            log.error("无法获取CRL，请检查配置文件和网络。");
            return CRL_UNAVAILABLE;
        }
        if (itrusCRL.findSN(SerialNumber) >= 0) {
            log.info("证书已吊销，Cert's SubjectDN=[" + cert.getSubjectDN().getName() + "]");
            return REVOKED;
        }
    }
    // if (!cert.isOnValidPeriod()) {
    if (!cert.getNotAfter().after(new Date())) {
        // 不验证证书开始时间，即不验证证书是否已经生效
        log.info("证书已过期，Cert's SubjectDN=[" + cert.getSubjectDN().getName() + "]");
        return EXPIRED;
    }
    log.debug("证书状态有效，Cert's SubjectDN=[" + cert.getSubjectDN().getName() + "]");
    return VALID;
}

Also used : X509Certificate(com.itrus.cert.X509Certificate) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) CRLException(java.security.cert.CRLException) NoSuchProviderException(java.security.NoSuchProviderException) Date(java.util.Date) ItrusCRL(com.itrus.portal.certAPI.cert.ItrusCRL)

Aggregations

X509Certificate (com.itrus.cert.X509Certificate)1 ItrusCRL (com.itrus.portal.certAPI.cert.ItrusCRL)1 IOException (java.io.IOException)1 NoSuchProviderException (java.security.NoSuchProviderException)1 CRLException (java.security.cert.CRLException)1 CertificateException (java.security.cert.CertificateException)1 Date (java.util.Date)1