Example 61 with CRLException
use of java.security.cert.CRLException in project jdk8u_jdk by JetBrains.
the class PKCS7 method parseSignedData.
private void parseSignedData(DerValue val) throws ParsingException, IOException {
DerInputStream dis = val.toDerInputStream();
// Version
version = dis.getBigInteger();
// digestAlgorithmIds
DerValue[] digestAlgorithmIdVals = dis.getSet(1);
int len = digestAlgorithmIdVals.length;
digestAlgorithmIds = new AlgorithmId[len];
try {
for (int i = 0; i < len; i++) {
DerValue oid = digestAlgorithmIdVals[i];
digestAlgorithmIds[i] = AlgorithmId.parse(oid);
}
} catch (IOException e) {
ParsingException pe = new ParsingException("Error parsing digest AlgorithmId IDs: " + e.getMessage());
pe.initCause(e);
throw pe;
}
// contentInfo
contentInfo = new ContentInfo(dis);
CertificateFactory certfac = null;
try {
certfac = CertificateFactory.getInstance("X.509");
} catch (CertificateException ce) {
// do nothing
}
/*
* check if certificates (implicit tag) are provided
* (certificates are OPTIONAL)
*/
if ((byte) (dis.peekByte()) == (byte) 0xA0) {
DerValue[] certVals = dis.getSet(2, true);
len = certVals.length;
certificates = new X509Certificate[len];
int count = 0;
for (int i = 0; i < len; i++) {
ByteArrayInputStream bais = null;
try {
byte tag = certVals[i].getTag();
// CertificateChoices ignored.
if (tag == DerValue.tag_Sequence) {
if (certfac == null) {
certificates[count] = new X509CertImpl(certVals[i]);
} else {
byte[] encoded = certVals[i].toByteArray();
bais = new ByteArrayInputStream(encoded);
certificates[count] = (X509Certificate) certfac.generateCertificate(bais);
bais.close();
bais = null;
}
count++;
}
} catch (CertificateException ce) {
ParsingException pe = new ParsingException(ce.getMessage());
pe.initCause(ce);
throw pe;
} catch (IOException ioe) {
ParsingException pe = new ParsingException(ioe.getMessage());
pe.initCause(ioe);
throw pe;
} finally {
if (bais != null)
bais.close();
}
}
if (count != len) {
certificates = Arrays.copyOf(certificates, count);
}
}
// check if crls (implicit tag) are provided (crls are OPTIONAL)
if ((byte) (dis.peekByte()) == (byte) 0xA1) {
DerValue[] crlVals = dis.getSet(1, true);
len = crlVals.length;
crls = new X509CRL[len];
for (int i = 0; i < len; i++) {
ByteArrayInputStream bais = null;
try {
if (certfac == null)
crls[i] = new X509CRLImpl(crlVals[i]);
else {
byte[] encoded = crlVals[i].toByteArray();
bais = new ByteArrayInputStream(encoded);
crls[i] = (X509CRL) certfac.generateCRL(bais);
bais.close();
bais = null;
}
} catch (CRLException e) {
ParsingException pe = new ParsingException(e.getMessage());
pe.initCause(e);
throw pe;
} finally {
if (bais != null)
bais.close();
}
}
}
// signerInfos
DerValue[] signerInfoVals = dis.getSet(1);
len = signerInfoVals.length;
signerInfos = new SignerInfo[len];
for (int i = 0; i < len; i++) {
DerInputStream in = signerInfoVals[i].toDerInputStream();
signerInfos[i] = new SignerInfo(in);
}
}
Also used :
CertificateException(java.security.cert.CertificateException)
CertificateFactory(java.security.cert.CertificateFactory)
X509CertImpl(sun.security.x509.X509CertImpl)
X509CRLImpl(sun.security.x509.X509CRLImpl)
CRLException(java.security.cert.CRLException)
Example 62 with CRLException
use of java.security.cert.CRLException in project jdk8u_jdk by JetBrains.
the class X509CRLImpl method encodeInfo.
/**
* Encodes the "to-be-signed" CRL to the OutputStream.
*
* @param out the OutputStream to write to.
* @exception CRLException on encoding errors.
*/
public void encodeInfo(OutputStream out) throws CRLException {
try {
DerOutputStream tmp = new DerOutputStream();
DerOutputStream rCerts = new DerOutputStream();
DerOutputStream seq = new DerOutputStream();
if (// v2 crl encode version
version != 0)
tmp.putInteger(version);
infoSigAlgId.encode(tmp);
if ((version == 0) && (issuer.toString() == null))
throw new CRLException("Null Issuer DN not allowed in v1 CRL");
issuer.encode(tmp);
if (thisUpdate.getTime() < YR_2050)
tmp.putUTCTime(thisUpdate);
else
tmp.putGeneralizedTime(thisUpdate);
if (nextUpdate != null) {
if (nextUpdate.getTime() < YR_2050)
tmp.putUTCTime(nextUpdate);
else
tmp.putGeneralizedTime(nextUpdate);
}
if (!revokedList.isEmpty()) {
for (X509CRLEntry entry : revokedList) {
((X509CRLEntryImpl) entry).encode(rCerts);
}
tmp.write(DerValue.tag_Sequence, rCerts);
}
if (extensions != null)
extensions.encode(tmp, isExplicit);
seq.write(DerValue.tag_Sequence, tmp);
tbsCertList = seq.toByteArray();
out.write(tbsCertList);
} catch (IOException e) {
throw new CRLException("Encoding error: " + e.getMessage());
}
}
Also used :
X509CRLEntry(java.security.cert.X509CRLEntry)
IOException(java.io.IOException)
CRLException(java.security.cert.CRLException)
Example 63 with CRLException
use of java.security.cert.CRLException in project nhin-d by DirectProject.
the class CRLRevocationManager method loadCRLs.
/**
* Extract and fetch all CRLs stored within a given certificate. Cache is
* updated per policy or if the cached CRL has passed planned update date.
* This method is thread safe.
*
* @param certificate
* The certificate from which to extract and fetch CRLs.
* @return The first CRL loaded from the certificate CRL distribution points
* @throws CRLException
*/
protected X509CRL loadCRLs(X509Certificate certificate) {
if (certificate == null)
return null;
X509CRL retVal = null;
try {
// get the distribution points extension
CRLDistPoint distPoints = CRLDistPoint.getInstance(getExtensionValue(certificate, X509Extensions.CRLDistributionPoints.getId()));
// Add CRL distribution point(s)
if (distPoints != null) {
// iterate through the distribution points and get the first CRL that can be obtained
for (DistributionPoint distPoint : distPoints.getDistributionPoints()) {
String distPointURL = distPoint.getDistributionPoint().getName().toString();
if (distPointURL.startsWith("General")) {
// get the actual URL associated with the name
distPointURL = getNameString(distPointURL);
}
// get the CRL from the distribution point CRL
retVal = getCrlFromUri(distPointURL);
if (retVal != null)
// do we need to retrieve the list from each CRL, or is each dist point identical?
return retVal;
}
}
} catch (Exception e) {
if (LOGGER.isWarnEnabled())
LOGGER.warn("Unable to handle CDP CRL(s): " + e.getMessage());
}
return null;
}
Also used :
X509CRL(java.security.cert.X509CRL)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
AnnotatedException(org.bouncycastle.jce.provider.AnnotatedException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
NHINDException(org.nhindirect.stagent.NHINDException)
CRLException(java.security.cert.CRLException)
NoSuchProviderException(java.security.NoSuchProviderException)
Aggregations
CRLException (java.security.cert.CRLException)63
IOException (java.io.IOException)26
CertificateException (java.security.cert.CertificateException)21
X509CRL (java.security.cert.X509CRL)14
CRL (java.security.cert.CRL)11
ByteArrayInputStream (java.io.ByteArrayInputStream)8
Signature (java.security.Signature)8
CertificateFactory (java.security.cert.CertificateFactory)8
SignatureException (java.security.SignatureException)6
InputStream (java.io.InputStream)5
Certificate (java.security.cert.Certificate)5
X509CRLImpl (sun.security.x509.X509CRLImpl)5
CertificateParsingException (java.security.cert.CertificateParsingException)4
ArrayList (java.util.ArrayList)4
DataInputStream (java.io.DataInputStream)3
CertificateFactorySpi (java.security.cert.CertificateFactorySpi)3
X509CRLEntry (java.security.cert.X509CRLEntry)3
X509Certificate (java.security.cert.X509Certificate)3
X500Principal (javax.security.auth.x500.X500Principal)3
MyCertificateFactorySpi (org.apache.harmony.security.tests.support.cert.MyCertificateFactorySpi)3
