Example 76 with X509CRL
use of java.security.cert.X509CRL in project nhin-d by DirectProject.
the class CRLRevocationManager method loadCRLs.
/**
* Extract and fetch all CRLs stored within a given certificate. Cache is
* updated per policy or if the cached CRL has passed planned update date.
* This method is thread safe.
*
* @param certificate
* The certificate from which to extract and fetch CRLs.
* @return The first CRL loaded from the certificate CRL distribution points
* @throws CRLException
*/
protected X509CRL loadCRLs(X509Certificate certificate) {
if (certificate == null)
return null;
X509CRL retVal = null;
try {
// get the distribution points extension
CRLDistPoint distPoints = CRLDistPoint.getInstance(getExtensionValue(certificate, X509Extensions.CRLDistributionPoints.getId()));
// Add CRL distribution point(s)
if (distPoints != null) {
// iterate through the distribution points and get the first CRL that can be obtained
for (DistributionPoint distPoint : distPoints.getDistributionPoints()) {
String distPointURL = distPoint.getDistributionPoint().getName().toString();
if (distPointURL.startsWith("General")) {
// get the actual URL associated with the name
distPointURL = getNameString(distPointURL);
}
// get the CRL from the distribution point CRL
retVal = getCrlFromUri(distPointURL);
if (retVal != null)
// do we need to retrieve the list from each CRL, or is each dist point identical?
return retVal;
}
}
} catch (Exception e) {
if (LOGGER.isWarnEnabled())
LOGGER.warn("Unable to handle CDP CRL(s): " + e.getMessage());
}
return null;
}
Also used :
X509CRL(java.security.cert.X509CRL)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
AnnotatedException(org.bouncycastle.jce.provider.AnnotatedException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
NHINDException(org.nhindirect.stagent.NHINDException)
CRLException(java.security.cert.CRLException)
NoSuchProviderException(java.security.NoSuchProviderException)
Example 77 with X509CRL
use of java.security.cert.X509CRL in project cas by apereo.
the class CRLDistributionPointRevocationChecker method getCRLs.
@Override
@SneakyThrows
protected List<X509CRL> getCRLs(final X509Certificate cert) {
final URI[] urls = getDistributionPoints(cert);
LOGGER.debug("Distribution points for [{}]: [{}].", CertUtils.toString(cert), CollectionUtils.wrap(urls));
final List<X509CRL> listOfLocations = new ArrayList<>(urls.length);
boolean stopFetching = false;
for (int index = 0; !stopFetching && index < urls.length; index++) {
final URI url = urls[index];
final Element item = this.crlCache.get(url);
if (item != null) {
LOGGER.debug("Found CRL in cache for [{}]", CertUtils.toString(cert));
final byte[] encodedCrl = (byte[]) item.getObjectValue();
final X509CRL crlFetched = this.fetcher.fetch(new ByteArrayResource(encodedCrl));
if (crlFetched != null) {
listOfLocations.add(crlFetched);
} else {
LOGGER.warn("Could fetch X509 CRL for [{}]. Returned value is null", url);
}
} else {
LOGGER.debug("CRL for [{}] is not cached. Fetching and caching...", CertUtils.toString(cert));
try {
final X509CRL crl = this.fetcher.fetch(url);
if (crl != null) {
LOGGER.info("Success. Caching fetched CRL at [{}].", url);
addCRL(url, crl);
listOfLocations.add(crl);
}
} catch (final Exception e) {
LOGGER.error("Error fetching CRL at [{}]", url, e);
if (this.throwOnFetchFailure) {
throw new RuntimeException(e.getMessage(), e);
}
}
}
if (!this.checkAll && !listOfLocations.isEmpty()) {
LOGGER.debug("CRL fetching is configured to not check all locations.");
stopFetching = true;
}
}
LOGGER.debug("Found [{}] CRLs", listOfLocations.size());
return listOfLocations;
}
Also used :
X509CRL(java.security.cert.X509CRL)
Element(net.sf.ehcache.Element)
ArrayList(java.util.ArrayList)
ByteArrayResource(org.springframework.core.io.ByteArrayResource)
URI(java.net.URI)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
MalformedURLException(java.net.MalformedURLException)
SneakyThrows(lombok.SneakyThrows)
Example 78 with X509CRL
use of java.security.cert.X509CRL in project cxf by apache.
the class FileCertificateRepo method getCRLs.
@Override
public List<X509CRL> getCRLs() {
List<X509CRL> results = new ArrayList<>();
File[] list = getX509Files();
for (File crlFile : list) {
try {
if (crlFile.isDirectory()) {
continue;
}
if (crlFile.getParent().endsWith(CRLS_PATH)) {
X509CRL crl = readCRL(crlFile);
results.add(crl);
}
} catch (Exception e) {
LOG.warn(String.format("Cannot load CRL from file: %s. Error: %s", crlFile, e.getMessage()));
}
}
return results;
}
Also used :
X509CRL(java.security.cert.X509CRL)
ArrayList(java.util.ArrayList)
File(java.io.File)
URISyntaxException(java.net.URISyntaxException)
XKMSConfigurationException(org.apache.cxf.xkms.exception.XKMSConfigurationException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
FileNotFoundException(java.io.FileNotFoundException)
CRLException(java.security.cert.CRLException)
Aggregations
X509CRL (java.security.cert.X509CRL)78
IOException (java.io.IOException)24
CRLException (java.security.cert.CRLException)16
X509Certificate (java.security.cert.X509Certificate)15
File (java.io.File)13
CertificateException (java.security.cert.CertificateException)10
CertificateFactory (java.security.cert.CertificateFactory)9
GeneralSecurityException (java.security.GeneralSecurityException)8
CRL (java.security.cert.CRL)7
ArrayList (java.util.ArrayList)7
Iterator (java.util.Iterator)7
ByteArrayInputStream (java.io.ByteArrayInputStream)6
InputStream (java.io.InputStream)6
Calendar (java.util.Calendar)6
HashSet (java.util.HashSet)6
Set (java.util.Set)6
Date (java.util.Date)5
LocalizedIllegalArgumentException (org.forgerock.i18n.LocalizedIllegalArgumentException)5
LdapException (org.forgerock.opendj.ldap.LdapException)5
FileInputStream (java.io.FileInputStream)4
