Example 66 with X509CRL
use of java.security.cert.X509CRL in project nhin-d by DirectProject.
the class CRLRevocationManager method loadCRLs.
/**
* Extract and fetch all CRLs stored within a given certificate. Cache is
* updated per policy or if the cached CRL has passed planned update date.
* This method is thread safe.
*
* @param certificate
* The certificate from which to extract and fetch CRLs.
* @return The first CRL loaded from the certificate CRL distribution points
* @throws CRLException
*/
protected X509CRL loadCRLs(X509Certificate certificate) {
if (certificate == null)
return null;
X509CRL retVal = null;
try {
// get the distribution points extension
CRLDistPoint distPoints = CRLDistPoint.getInstance(getExtensionValue(certificate, X509Extensions.CRLDistributionPoints.getId()));
// Add CRL distribution point(s)
if (distPoints != null) {
// iterate through the distribution points and get the first CRL that can be obtained
for (DistributionPoint distPoint : distPoints.getDistributionPoints()) {
String distPointURL = distPoint.getDistributionPoint().getName().toString();
if (distPointURL.startsWith("General")) {
// get the actual URL associated with the name
distPointURL = getNameString(distPointURL);
}
// get the CRL from the distribution point CRL
retVal = getCrlFromUri(distPointURL);
if (retVal != null)
// do we need to retrieve the list from each CRL, or is each dist point identical?
return retVal;
}
}
} catch (Exception e) {
if (LOGGER.isWarnEnabled())
LOGGER.warn("Unable to handle CDP CRL(s): " + e.getMessage());
}
return null;
}
Also used :
X509CRL(java.security.cert.X509CRL)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
AnnotatedException(org.bouncycastle.jce.provider.AnnotatedException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
NHINDException(org.nhindirect.stagent.NHINDException)
CRLException(java.security.cert.CRLException)
NoSuchProviderException(java.security.NoSuchProviderException)
Example 67 with X509CRL
use of java.security.cert.X509CRL in project nhin-d by DirectProject.
the class CRLRevocationManager_getCRLCollectionTest method testGetCRLCollection_singleCRL_assertCRLRetrieved.
public void testGetCRLCollection_singleCRL_assertCRLRetrieved() {
String uri = "http://localhost:8080/master.crl";
Calendar nextUpdateDate = Calendar.getInstance();
nextUpdateDate.set(Calendar.YEAR, nextUpdateDate.get(Calendar.YEAR) + 10);
X509CRL crl = mock(X509CRL.class);
when(crl.getNextUpdate()).thenReturn(nextUpdateDate.getTime());
CRLRevocationManager.cache.put(uri, new SoftReference<X509CRL>(crl));
X509CRL retCrl = CRLRevocationManager.getInstance().getCrlFromUri(uri);
assertNotNull(retCrl);
assertEquals(crl, retCrl);
assertEquals(1, CRLRevocationManager.getInstance().getCRLCollection().size());
}Example 68 with X509CRL
use of java.security.cert.X509CRL in project nhin-d by DirectProject.
the class CRLRevocationManager_getCrlFromUriTest method testGetCrlFromUri_fromURL_corruptEncoding_assertCRLNotFound.
public void testGetCrlFromUri_fromURL_corruptEncoding_assertCRLNotFound() throws Exception {
CRLRevocationManager.initCRLCacheLocation();
String fileName = UUID.randomUUID().toString();
final File crlFile = new File("target/" + fileName + ".crl");
FileUtils.writeByteArrayToFile(crlFile, new byte[] { 93, 39, 0, 1 });
CRLRevocationManager mgr = new CRLRevocationManager() {
@Override
protected String getNameString(String generalNameString) {
return "file:///" + crlFile.getAbsolutePath();
}
};
String uri = crlFile.getAbsolutePath();
X509CRL retCRL = mgr.getCrlFromUri("file:///" + uri);
assertNull(retCRL);
String cacheFileName = CRLRevocationManager.getCacheFileName("file:///" + uri);
File cacheFile = new File(cacheFileName);
assertFalse(cacheFile.exists());
}Example 69 with X509CRL
use of java.security.cert.X509CRL in project nhin-d by DirectProject.
the class CRLRevocationManager_getCrlFromUriTest method testGetCrlFromUri_notInCache_noCacheFile_assertCRLNotFound.
public void testGetCrlFromUri_notInCache_noCacheFile_assertCRLNotFound() {
CRLRevocationManager.initCRLCacheLocation();
String uri = "http://localhost:8080/master.crl";
X509CRL retCrl = CRLRevocationManager.getInstance().getCrlFromUri(uri);
assertNull(retCrl);
}
Also used :
X509CRL(java.security.cert.X509CRL)
Example 70 with X509CRL
use of java.security.cert.X509CRL in project nhin-d by DirectProject.
the class CRLRevocationManager_getCrlFromUriTest method testGetCrlFromUri_notInCache_loadFromCacheFile_corruptFile_assertCRLNotFound.
public void testGetCrlFromUri_notInCache_loadFromCacheFile_corruptFile_assertCRLNotFound() throws Exception {
CRLRevocationManager.initCRLCacheLocation();
String uri = "http://localhost:8080/certs.crl";
String fileName = CRLRevocationManager.getCacheFileName(uri);
File writeFile = new File(fileName);
FileUtils.writeByteArrayToFile(writeFile, new byte[] { 9, 6, 4 });
X509CRL retCrl = CRLRevocationManager.getInstance().getCrlFromUri(uri);
assertNull(retCrl);
writeFile = new File(fileName);
assertFalse(writeFile.exists());
}Aggregations
X509CRL (java.security.cert.X509CRL)74
IOException (java.io.IOException)23
CRLException (java.security.cert.CRLException)14
X509Certificate (java.security.cert.X509Certificate)14
File (java.io.File)12
GeneralSecurityException (java.security.GeneralSecurityException)8
CertificateException (java.security.cert.CertificateException)8
CRL (java.security.cert.CRL)7
CertificateFactory (java.security.cert.CertificateFactory)7
Iterator (java.util.Iterator)7
Calendar (java.util.Calendar)6
HashSet (java.util.HashSet)6
Set (java.util.Set)6
ByteArrayInputStream (java.io.ByteArrayInputStream)5
InputStream (java.io.InputStream)5
ArrayList (java.util.ArrayList)5
Date (java.util.Date)5
LocalizedIllegalArgumentException (org.forgerock.i18n.LocalizedIllegalArgumentException)5
LdapException (org.forgerock.opendj.ldap.LdapException)5
FileInputStream (java.io.FileInputStream)4
