Examples with CRLException java.security.cert.CRLException used on opensource projects

Example 1 with CRLException

use of java.security.cert.CRLException in project robovm by robovm.

the class CertPathValidatorUtilities method getCertStatus.

protected static void getCertStatus(Date validDate, X509CRL crl, Object cert, CertStatus certStatus) throws AnnotatedException {
    X509CRLEntry crl_entry = null;
    boolean isIndirect;
    try {
        isIndirect = X509CRLObject.isIndirectCRL(crl);
    } catch (CRLException exception) {
        throw new AnnotatedException("Failed check for indirect CRL.", exception);
    }
    if (isIndirect) {
        crl_entry = crl.getRevokedCertificate(getSerialNumber(cert));
        if (crl_entry == null) {
            return;
        }
        X500Principal certIssuer = crl_entry.getCertificateIssuer();
        if (certIssuer == null) {
            certIssuer = getIssuerPrincipal(crl);
        }
        if (!getEncodedIssuerPrincipal(cert).equals(certIssuer)) {
            return;
        }
    } else if (!getEncodedIssuerPrincipal(cert).equals(getIssuerPrincipal(crl))) {
        // not for our issuer, ignore
        return;
    } else {
        crl_entry = crl.getRevokedCertificate(getSerialNumber(cert));
        if (crl_entry == null) {
            return;
        }
    }
    DEREnumerated reasonCode = null;
    if (crl_entry.hasExtensions()) {
        try {
            reasonCode = DEREnumerated.getInstance(CertPathValidatorUtilities.getExtensionValue(crl_entry, X509Extension.reasonCode.getId()));
        } catch (Exception e) {
            throw new AnnotatedException("Reason code CRL entry extension could not be decoded.", e);
        }
    }
    // unspecified
    if (!(validDate.getTime() < crl_entry.getRevocationDate().getTime()) || reasonCode == null || reasonCode.getValue().intValue() == 0 || reasonCode.getValue().intValue() == 1 || reasonCode.getValue().intValue() == 2 || reasonCode.getValue().intValue() == 8) {
        // (i) or (j) (1)
        if (reasonCode != null) {
            certStatus.setCertStatus(reasonCode.getValue().intValue());
        } else // (i) or (j) (2)
        {
            certStatus.setCertStatus(CRLReason.unspecified);
        }
        certStatus.setRevocationDate(crl_entry.getRevocationDate());
    }
}

Example 2 with CRLException

use of java.security.cert.CRLException in project robovm by robovm.

the class X509CertFactoryImpl method getCRL.

/**
     * Returns the CRL object corresponding to the encoding provided
     * by the stream.
     * Resulting object is retrieved from the cache
     * if it contains such correspondence
     * and is constructed on the base of encoding
     * and stored in the cache otherwise.
     * @throws IOException if some decoding errors occur
     * (in the case of cache miss).
     */
private static CRL getCRL(InputStream inStream) throws CRLException, IOException {
    synchronized (CRL_CACHE) {
        inStream.mark(CRL_CACHE_SEED_LENGTH);
        byte[] buff = readBytes(inStream, CRL_CACHE_SEED_LENGTH);
        // read the prefix of the encoding
        inStream.reset();
        if (buff == null) {
            throw new CRLException("InputStream doesn't contain enough data");
        }
        long hash = CRL_CACHE.getHash(buff);
        if (CRL_CACHE.contains(hash)) {
            byte[] encoding = new byte[BerInputStream.getLength(buff)];
            if (encoding.length < CRL_CACHE_SEED_LENGTH) {
                throw new CRLException("Bad CRL encoding");
            }
            Streams.readFully(inStream, encoding);
            CRL res = (CRL) CRL_CACHE.get(hash, encoding);
            if (res != null) {
                return res;
            }
            res = new X509CRLImpl(encoding);
            CRL_CACHE.put(hash, encoding, res);
            return res;
        } else {
            X509CRL res = new X509CRLImpl(inStream);
            CRL_CACHE.put(hash, res.getEncoded(), res);
            return res;
        }
    }
}

Example 3 with CRLException

use of java.security.cert.CRLException in project robovm by robovm.

the class X509CertFactoryImpl method getCRL.

/**
     * Returns the CRL object corresponding to the provided encoding.
     * Resulting object is retrieved from the cache
     * if it contains such correspondence
     * and is constructed on the base of encoding
     * and stored in the cache otherwise.
     * @throws IOException if some decoding errors occur
     * (in the case of cache miss).
     */
private static CRL getCRL(byte[] encoding) throws CRLException, IOException {
    if (encoding.length < CRL_CACHE_SEED_LENGTH) {
        throw new CRLException("encoding.length < CRL_CACHE_SEED_LENGTH");
    }
    synchronized (CRL_CACHE) {
        long hash = CRL_CACHE.getHash(encoding);
        if (CRL_CACHE.contains(hash)) {
            X509CRL res = (X509CRL) CRL_CACHE.get(hash, encoding);
            if (res != null) {
                return res;
            }
        }
        X509CRL res = new X509CRLImpl(encoding);
        CRL_CACHE.put(hash, encoding, res);
        return res;
    }
}

Example 4 with CRLException

use of java.security.cert.CRLException in project robovm by robovm.

the class X509CertFactoryImpl method engineGenerateCRLs.

/**
     * @see java.security.cert.CertificateFactorySpi#engineGenerateCRLs(InputStream)
     * method documentation for more info
     */
public Collection<? extends CRL> engineGenerateCRLs(InputStream inStream) throws CRLException {
    if (inStream == null) {
        throw new CRLException("inStream == null");
    }
    ArrayList<CRL> result = new ArrayList<CRL>();
    try {
        if (!inStream.markSupported()) {
            inStream = new RestoringInputStream(inStream);
        }
        // if it is PEM encoded form this array will contain the encoding
        // so ((it is PEM) <-> (encoding != null))
        byte[] encoding = null;
        // The following by SEQUENCE ASN.1 tag, used for
        // recognizing the data format
        // (is it PKCS7 ContentInfo structure, X.509 CRL, or
        // unsupported encoding)
        int second_asn1_tag = -1;
        inStream.mark(1);
        int ch;
        while ((ch = inStream.read()) != -1) {
            // check if it is PEM encoded form
            if (ch == '-') {
                // beginning of PEM encoding ('-' char)
                // decode PEM chunk and store its content (ASN.1 encoding)
                encoding = decodePEM(inStream, FREE_BOUND_SUFFIX);
            } else if (ch == 0x30) {
                // beginning of ASN.1 sequence (0x30)
                encoding = null;
                inStream.reset();
                // prepare for data format determination
                inStream.mark(CRL_CACHE_SEED_LENGTH);
            } else {
                // unsupported data
                if (result.size() == 0) {
                    throw new CRLException("Unsupported encoding");
                } else {
                    // it can be trailing user data,
                    // so keep it in the stream
                    inStream.reset();
                    return result;
                }
            }
            // Check the data format
            BerInputStream in = (encoding == null) ? new BerInputStream(inStream) : new BerInputStream(encoding);
            // read the next ASN.1 tag
            second_asn1_tag = in.next();
            if (encoding == null) {
                // keep whole structure in the stream
                inStream.reset();
            }
            // check if it is a TBSCertList structure
            if (second_asn1_tag != ASN1Constants.TAG_C_SEQUENCE) {
                if (result.size() == 0) {
                    // whether it is PKCS7 structure
                    break;
                } else {
                    // so return what we already read
                    return result;
                }
            } else {
                if (encoding == null) {
                    result.add(getCRL(inStream));
                } else {
                    result.add(getCRL(encoding));
                }
            }
            inStream.mark(1);
        }
        if (result.size() != 0) {
            // the stream was read out
            return result;
        } else if (ch == -1) {
            throw new CRLException("There is no data in the stream");
        }
        // else: check if it is PKCS7
        if (second_asn1_tag == ASN1Constants.TAG_OID) {
            // it is PKCS7 ContentInfo structure, so decode it
            ContentInfo info = (ContentInfo) ((encoding != null) ? ContentInfo.ASN1.decode(encoding) : ContentInfo.ASN1.decode(inStream));
            // retrieve SignedData
            SignedData data = info.getSignedData();
            if (data == null) {
                throw new CRLException("Invalid PKCS7 data provided");
            }
            List<CertificateList> crls = data.getCRLs();
            if (crls != null) {
                for (CertificateList crl : crls) {
                    result.add(new X509CRLImpl(crl));
                }
            }
            return result;
        }
        // else: Unknown data format
        throw new CRLException("Unsupported encoding");
    } catch (IOException e) {
        throw new CRLException(e);
    }
}

Example 5 with CRLException

use of java.security.cert.CRLException in project robovm by robovm.

the class X509CRLObject method verify.

public void verify(PublicKey key, String sigProvider) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
    if (!c.getSignatureAlgorithm().equals(c.getTBSCertList().getSignature())) {
        throw new CRLException("Signature algorithm on CertificateList does not match TBSCertList.");
    }
    Signature sig;
    if (sigProvider != null) {
        sig = Signature.getInstance(getSigAlgName(), sigProvider);
    } else {
        sig = Signature.getInstance(getSigAlgName());
    }
    sig.initVerify(key);
    sig.update(this.getTBSCertList());
    if (!sig.verify(this.getSignature())) {
        throw new SignatureException("CRL does not verify with supplied public key.");
    }
}