Example 11 with X509CRL
use of java.security.cert.X509CRL in project robovm by robovm.
the class X509CRLTest method getSigAlgParams.
private void getSigAlgParams(CertificateFactory f) throws Exception {
X509CRL crl1 = getCRL(f, CRL_RSA);
final byte[] sigAlgParams = crl1.getSigAlgParams();
if (StandardNames.IS_RI) {
assertNull(f.getProvider().getName(), sigAlgParams);
} else {
assertNotNull(f.getProvider().getName(), sigAlgParams);
/* ASN.1 NULL */
final byte[] expected = new byte[] { 0x05, 0x00 };
assertEquals(f.getProvider().getName(), Arrays.toString(expected), Arrays.toString(sigAlgParams));
}
{
X509CRL crlSigOpt = getCRL(f, CRL_RSA_DSA_SIGOPT);
/* SEQUENCE, INTEGER 1 */
final byte[] expected = new byte[] { /* SEQUENCE, constructed, len=5 */
(byte) 0x30, (byte) 0x05, /* Type=2, constructed, context-specific, len=3 */
(byte) 0xA2, (byte) 0x03, /* INTEGER, len=1, value=1 */
(byte) 0x02, (byte) 0x01, (byte) 0x01 };
final byte[] params = crlSigOpt.getSigAlgParams();
assertNotNull(f.getProvider().getName(), params);
assertEquals(Arrays.toString(expected), Arrays.toString(params));
}
}
Also used :
X509CRL(java.security.cert.X509CRL)
Example 12 with X509CRL
use of java.security.cert.X509CRL in project robovm by robovm.
the class X509CRLTest method test_equals.
private void test_equals(CertificateFactory f) throws Exception {
X509CRL crl1 = getCRL(f, CRL_RSA);
X509CRL crl2 = getCRL(f, CRL_RSA);
X509Certificate rsaCert = getCertificate(f, CERT_RSA);
X509CRL crlRsaDsa = getCRL(f, CRL_RSA_DSA);
assertEquals(crl1, crl2);
assertFalse(crl1.equals(crlRsaDsa));
X509CRLEntry entry1 = crl1.getRevokedCertificate(rsaCert);
assertNotNull(entry1);
X509CRLEntry entry2 = crl2.getRevokedCertificate(rsaCert);
assertNotNull(entry2);
assertEquals(entry1, entry2);
}
Also used :
X509CRLEntry(java.security.cert.X509CRLEntry)
X509CRL(java.security.cert.X509CRL)
X509Certificate(java.security.cert.X509Certificate)
Example 13 with X509CRL
use of java.security.cert.X509CRL in project cas by apereo.
the class AbstractCRLRevocationChecker method check.
@Override
public void check(final X509Certificate cert) throws GeneralSecurityException {
if (cert == null) {
throw new IllegalArgumentException("Certificate cannot be null.");
}
LOGGER.debug("Evaluating certificate revocation status for [{}]", CertUtils.toString(cert));
final Collection<X509CRL> crls = getCRLs(cert);
if (crls == null || crls.isEmpty()) {
LOGGER.warn("CRL data is not available for [{}]", CertUtils.toString(cert));
this.unavailableCRLPolicy.apply(null);
return;
}
final List<X509CRL> expiredCrls = new ArrayList<>();
final List<X509CRLEntry> revokedCrls;
crls.stream().filter(CertUtils::isExpired).forEach(crl -> {
LOGGER.warn("CRL data expired on [{}]", crl.getNextUpdate());
expiredCrls.add(crl);
});
if (crls.size() == expiredCrls.size()) {
LOGGER.warn("All CRLs retrieved have expired. Applying CRL expiration policy...");
for (final X509CRL crl : expiredCrls) {
this.expiredCRLPolicy.apply(crl);
}
} else {
crls.removeAll(expiredCrls);
LOGGER.debug("Valid CRLs [{}] found that are not expired yet", crls);
revokedCrls = crls.stream().map(crl -> crl.getRevokedCertificate(cert)).filter(Objects::nonNull).collect(Collectors.toList());
if (revokedCrls.size() == crls.size()) {
final X509CRLEntry entry = revokedCrls.get(0);
LOGGER.warn("All CRL entries have been revoked. Rejecting the first entry [{}]", entry);
throw new RevokedCertificateException(entry);
}
}
}
Also used :
X509Certificate(java.security.cert.X509Certificate)
RevocationPolicy(org.apereo.cas.adaptors.x509.authentication.revocation.policy.RevocationPolicy)
X509CRLEntry(java.security.cert.X509CRLEntry)
Logger(org.slf4j.Logger)
Collection(java.util.Collection)
LoggerFactory(org.slf4j.LoggerFactory)
X509CRL(java.security.cert.X509CRL)
Collectors(java.util.stream.Collectors)
RevokedCertificateException(org.apereo.cas.adaptors.x509.authentication.revocation.RevokedCertificateException)
ArrayList(java.util.ArrayList)
Objects(java.util.Objects)
List(java.util.List)
DenyRevocationPolicy(org.apereo.cas.adaptors.x509.authentication.revocation.policy.DenyRevocationPolicy)
GeneralSecurityException(java.security.GeneralSecurityException)
CertUtils(org.apereo.cas.adaptors.x509.util.CertUtils)
ThresholdExpiredCRLRevocationPolicy(org.apereo.cas.adaptors.x509.authentication.revocation.policy.ThresholdExpiredCRLRevocationPolicy)
X509CRLEntry(java.security.cert.X509CRLEntry)
X509CRL(java.security.cert.X509CRL)
RevokedCertificateException(org.apereo.cas.adaptors.x509.authentication.revocation.RevokedCertificateException)
ArrayList(java.util.ArrayList)
Objects(java.util.Objects)
Example 14 with X509CRL
use of java.security.cert.X509CRL in project gitblit by gitblit.
the class GitblitTrustManager method read.
protected synchronized void read() {
if (lastModified.get() == caRevocationList.lastModified()) {
return;
}
logger.info("Reloading CRL from " + caRevocationList.getAbsolutePath());
InputStream inStream = null;
try {
inStream = new FileInputStream(caRevocationList);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509CRL list = (X509CRL) cf.generateCRL(inStream);
crl = list;
lastModified.set(caRevocationList.lastModified());
} catch (Exception e) {
} finally {
if (inStream != null) {
try {
inStream.close();
} catch (Exception e) {
}
}
}
}
Also used :
X509CRL(java.security.cert.X509CRL)
FileInputStream(java.io.FileInputStream)
InputStream(java.io.InputStream)
CertificateFactory(java.security.cert.CertificateFactory)
FileInputStream(java.io.FileInputStream)
CertificateException(java.security.cert.CertificateException)
Example 15 with X509CRL
use of java.security.cert.X509CRL in project j2objc by google.
the class PKCS7 method encodeSignedData.
/**
* Encodes the signed data to a DerOutputStream.
*
* @param out the DerOutputStream to write the encoded data to.
* @exception IOException on encoding errors.
*/
public void encodeSignedData(DerOutputStream out) throws IOException {
DerOutputStream signedData = new DerOutputStream();
// version
signedData.putInteger(version);
// digestAlgorithmIds
signedData.putOrderedSetOf(DerValue.tag_Set, digestAlgorithmIds);
// contentInfo
contentInfo.encode(signedData);
// certificates (optional)
if (certificates != null && certificates.length != 0) {
// cast to X509CertImpl[] since X509CertImpl implements DerEncoder
X509CertImpl[] implCerts = new X509CertImpl[certificates.length];
for (int i = 0; i < certificates.length; i++) {
if (certificates[i] instanceof X509CertImpl)
implCerts[i] = (X509CertImpl) certificates[i];
else {
try {
byte[] encoded = certificates[i].getEncoded();
implCerts[i] = new X509CertImpl(encoded);
} catch (CertificateException ce) {
IOException ie = new IOException(ce.getMessage());
ie.initCause(ce);
throw ie;
}
}
}
// Add the certificate set (tagged with [0] IMPLICIT)
// to the signed data
signedData.putOrderedSetOf((byte) 0xA0, implCerts);
}
// CRLs (optional)
if (crls != null && crls.length != 0) {
// cast to X509CRLImpl[] since X509CRLImpl implements DerEncoder
Set<X509CRLImpl> implCRLs = new HashSet<X509CRLImpl>(crls.length);
for (X509CRL crl : crls) {
if (crl instanceof X509CRLImpl)
implCRLs.add((X509CRLImpl) crl);
else {
try {
byte[] encoded = crl.getEncoded();
implCRLs.add(new X509CRLImpl(encoded));
} catch (CRLException ce) {
IOException ie = new IOException(ce.getMessage());
ie.initCause(ce);
throw ie;
}
}
}
// Add the CRL set (tagged with [1] IMPLICIT)
// to the signed data
signedData.putOrderedSetOf((byte) 0xA1, implCRLs.toArray(new X509CRLImpl[implCRLs.size()]));
}
// signerInfos
signedData.putOrderedSetOf(DerValue.tag_Set, signerInfos);
// making it a signed data block
DerValue signedDataSeq = new DerValue(DerValue.tag_Sequence, signedData.toByteArray());
// making it a content info sequence
ContentInfo block = new ContentInfo(ContentInfo.SIGNED_DATA_OID, signedDataSeq);
// writing out the contentInfo sequence
block.encode(out);
}
Also used :
X509CRL(java.security.cert.X509CRL)
CertificateException(java.security.cert.CertificateException)
X509CertImpl(sun.security.x509.X509CertImpl)
X509CRLImpl(sun.security.x509.X509CRLImpl)
CRLException(java.security.cert.CRLException)
Aggregations
X509CRL (java.security.cert.X509CRL)74
IOException (java.io.IOException)23
CRLException (java.security.cert.CRLException)14
X509Certificate (java.security.cert.X509Certificate)14
File (java.io.File)12
GeneralSecurityException (java.security.GeneralSecurityException)8
CertificateException (java.security.cert.CertificateException)8
CRL (java.security.cert.CRL)7
CertificateFactory (java.security.cert.CertificateFactory)7
Iterator (java.util.Iterator)7
Calendar (java.util.Calendar)6
HashSet (java.util.HashSet)6
Set (java.util.Set)6
ByteArrayInputStream (java.io.ByteArrayInputStream)5
InputStream (java.io.InputStream)5
ArrayList (java.util.ArrayList)5
Date (java.util.Date)5
LocalizedIllegalArgumentException (org.forgerock.i18n.LocalizedIllegalArgumentException)5
LdapException (org.forgerock.opendj.ldap.LdapException)5
FileInputStream (java.io.FileInputStream)4
