Example 16 with X509CRL
use of java.security.cert.X509CRL in project XobotOS by xamarin.
the class X509CertFactoryImpl method getCRL.
/**
* Returns the CRL object corresponding to the provided encoding.
* Resulting object is retrieved from the cache
* if it contains such correspondence
* and is constructed on the base of encoding
* and stored in the cache otherwise.
* @throws IOException if some decoding errors occur
* (in the case of cache miss).
*/
private static CRL getCRL(byte[] encoding) throws CRLException, IOException {
if (encoding.length < CRL_CACHE_SEED_LENGTH) {
throw new CRLException("encoding.length < CRL_CACHE_SEED_LENGTH");
}
synchronized (CRL_CACHE) {
long hash = CRL_CACHE.getHash(encoding);
if (CRL_CACHE.contains(hash)) {
X509CRL res = (X509CRL) CRL_CACHE.get(hash, encoding);
if (res != null) {
return res;
}
}
X509CRL res = new X509CRLImpl(encoding);
CRL_CACHE.put(hash, encoding, res);
return res;
}
}
Also used :
X509CRL(java.security.cert.X509CRL)
CRLException(java.security.cert.CRLException)
Example 17 with X509CRL
use of java.security.cert.X509CRL in project XobotOS by xamarin.
the class MiscPEMGenerator method createPemObject.
private PemObject createPemObject(Object o) throws IOException {
String type;
byte[] encoding;
if (o instanceof PemObject) {
return (PemObject) o;
}
if (o instanceof PemObjectGenerator) {
return ((PemObjectGenerator) o).generate();
}
if (o instanceof X509Certificate) {
type = "CERTIFICATE";
try {
encoding = ((X509Certificate) o).getEncoded();
} catch (CertificateEncodingException e) {
throw new PemGenerationException("Cannot encode object: " + e.toString());
}
} else if (o instanceof X509CRL) {
type = "X509 CRL";
try {
encoding = ((X509CRL) o).getEncoded();
} catch (CRLException e) {
throw new PemGenerationException("Cannot encode object: " + e.toString());
}
} else if (o instanceof KeyPair) {
return createPemObject(((KeyPair) o).getPrivate());
} else if (o instanceof PrivateKey) {
PrivateKeyInfo info = new PrivateKeyInfo((ASN1Sequence) ASN1Object.fromByteArray(((Key) o).getEncoded()));
if (o instanceof RSAPrivateKey) {
type = "RSA PRIVATE KEY";
encoding = info.getPrivateKey().getEncoded();
} else if (o instanceof DSAPrivateKey) {
type = "DSA PRIVATE KEY";
DSAParameter p = DSAParameter.getInstance(info.getAlgorithmId().getParameters());
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(new DERInteger(0));
v.add(new DERInteger(p.getP()));
v.add(new DERInteger(p.getQ()));
v.add(new DERInteger(p.getG()));
BigInteger x = ((DSAPrivateKey) o).getX();
BigInteger y = p.getG().modPow(x, p.getP());
v.add(new DERInteger(y));
v.add(new DERInteger(x));
encoding = new DERSequence(v).getEncoded();
} else if (((PrivateKey) o).getAlgorithm().equals("ECDSA")) {
type = "EC PRIVATE KEY";
encoding = info.getPrivateKey().getEncoded();
} else {
throw new IOException("Cannot identify private key");
}
} else if (o instanceof PublicKey) {
type = "PUBLIC KEY";
encoding = ((PublicKey) o).getEncoded();
} else if (o instanceof X509AttributeCertificate) {
type = "ATTRIBUTE CERTIFICATE";
encoding = ((X509V2AttributeCertificate) o).getEncoded();
} else if (o instanceof PKCS10CertificationRequest) {
type = "CERTIFICATE REQUEST";
encoding = ((PKCS10CertificationRequest) o).getEncoded();
} else if (o instanceof ContentInfo) {
type = "PKCS7";
encoding = ((ContentInfo) o).getEncoded();
} else {
throw new PemGenerationException("unknown object passed - can't encode.");
}
return new PemObject(type, encoding);
}
Also used :
X509CRL(java.security.cert.X509CRL)
DSAPrivateKey(java.security.interfaces.DSAPrivateKey)
RSAPrivateKey(java.security.interfaces.RSAPrivateKey)
PrivateKey(java.security.PrivateKey)
X509AttributeCertificate(org.bouncycastle.x509.X509AttributeCertificate)
DERInteger(org.bouncycastle.asn1.DERInteger)
PemObjectGenerator(org.bouncycastle.util.io.pem.PemObjectGenerator)
DERSequence(org.bouncycastle.asn1.DERSequence)
ContentInfo(org.bouncycastle.asn1.cms.ContentInfo)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
DSAParameter(org.bouncycastle.asn1.x509.DSAParameter)
CRLException(java.security.cert.CRLException)
PKCS10CertificationRequest(org.bouncycastle.jce.PKCS10CertificationRequest)
KeyPair(java.security.KeyPair)
PemGenerationException(org.bouncycastle.util.io.pem.PemGenerationException)
PublicKey(java.security.PublicKey)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
IOException(java.io.IOException)
X509V2AttributeCertificate(org.bouncycastle.x509.X509V2AttributeCertificate)
X509Certificate(java.security.cert.X509Certificate)
PemObject(org.bouncycastle.util.io.pem.PemObject)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
DSAPrivateKey(java.security.interfaces.DSAPrivateKey)
BigInteger(java.math.BigInteger)
RSAPrivateKey(java.security.interfaces.RSAPrivateKey)
PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo)
DSAPrivateKey(java.security.interfaces.DSAPrivateKey)
RSAPrivateKey(java.security.interfaces.RSAPrivateKey)
PublicKey(java.security.PublicKey)
Key(java.security.Key)
PrivateKey(java.security.PrivateKey)
RSAPrivateCrtKey(java.security.interfaces.RSAPrivateCrtKey)
Example 18 with X509CRL
use of java.security.cert.X509CRL in project nhin-d by DirectProject.
the class CRLRevocationManager_writeCRLCacheFileTest method testWriteCRLCacheFile_noCRLLocation_assertFileNotCreated.
public void testWriteCRLCacheFile_noCRLLocation_assertFileNotCreated() throws Exception {
CRL crlToWrite = TestUtils.loadCRL("certs.crl");
String distURI = "http://localhost:8080/config";
CRLRevocationManager.getInstance().writeCRLCacheFile(distURI, (X509CRL) crlToWrite);
// make sure the file does not exists
File crlFile = new File(CRLRevocationManager.getCacheFileName(distURI));
assertFalse(crlFile.exists());
}Example 19 with X509CRL
use of java.security.cert.X509CRL in project nhin-d by DirectProject.
the class CRLRevocationManager method getCrlFromUri.
/**
* Create an X509CRLImpl object from a URL pointing to a valid CRL.
*
* @param crlUrlString
* The URL of a valid CRL.
* @return an X509CRLImpl object representing the CRL.
* @throws Exception
*/
protected X509CRL getCrlFromUri(String crlUrlString) {
if (crlUrlString == null || crlUrlString.trim().length() == 0)
return null;
X509CRL crlImpl = null;
// if memory resources are low
synchronized (cache) {
final SoftReference<X509CRL> crlRef = cache.get(crlUrlString);
if (crlRef != null) {
// make sure the reference is still valid
crlImpl = crlRef.get();
if ((crlImpl != null && crlImpl.getNextUpdate().before(new Date())) || (crlImpl == null)) {
// the CRL either is no longer valid, or the SoftReference has been removed
// either way, remove the SoftReference object from the in memory cache
cache.remove(crlUrlString);
// don't removed if the only the SoftReference was removed
if (crlImpl != null) {
// the CRL is expired
removeCrlCacheFile(crlUrlString);
crlImpl = null;
}
}
}
}
// CRLs distribution point URI
if (crlImpl == null) {
// get the file name
final String uriFileName = getCacheFileName(crlUrlString);
if (!uriFileName.isEmpty()) {
// create a file to load from
final File cacheFile = new File(uriFileName);
InputStream fileInStream = null;
try {
// make sure the file exists before attempting to load
if (cacheFile.exists()) {
synchronized (cache) {
// load the CRL from an input stream
fileInStream = FileUtils.openInputStream(cacheFile);
crlImpl = (X509CRL) certificateFactory.generateCRL(fileInStream);
if (crlImpl == null) {
throw new CRLException("CRL load from cache resulted in null CLR implementation instance.");
}
// close the stream now because we can't delete it on windows
// if the stream is open
IOUtils.closeQuietly(fileInStream);
fileInStream = null;
// make sure the CRL isn't expired
if (crlImpl != null && crlImpl.getNextUpdate().before(new Date())) {
// the CRL has expired, so removed it from the cache and
// delete the file
cache.remove(crlUrlString);
removeCrlCacheFile(crlUrlString);
crlImpl = null;
} else {
// file load successful... add it the cache
cache.put(crlUrlString, new SoftReference<X509CRL>(crlImpl));
}
}
}
} catch (CRLException e) {
synchronized (cache) {
LOGGER.warn("CRL cache file " + uriFileName + " appears to be corrupt. Deleting file.", e);
// have to close the file stream or else we can't delete file on windows
IOUtils.closeQuietly(fileInStream);
removeCrlCacheFile(crlUrlString);
}
} catch (Throwable t) {
LOGGER.warn("Failed to load CRL from cache file " + uriFileName, t);
} finally {
if (fileInStream != null) {
IOUtils.closeQuietly(fileInStream);
}
}
}
}
// could not get file from memory or file cache... load from URL
if (crlImpl == null) {
try {
// create a URL connection object from the distribution point
URLConnection urlConnection = new URL(crlUrlString).openConnection();
urlConnection.setConnectTimeout(CRL_CONNECT_TIMEOUT);
urlConnection.setReadTimeout(CRL_READ_TIMEOUT);
// get the input stream
InputStream crlInputStream = urlConnection.getInputStream();
try {
// load from URI
crlImpl = (X509CRL) certificateFactory.generateCRL(crlInputStream);
} catch (Throwable t) {
LOGGER.warn("Failed to load CRL from URL " + crlUrlString, t);
} finally {
IOUtils.closeQuietly(crlInputStream);
}
if (crlImpl != null) {
// and write it a file
synchronized (cache) {
cache.put(crlUrlString, new SoftReference<X509CRL>(crlImpl));
writeCRLCacheFile(crlUrlString, crlImpl);
}
}
} catch (Exception e) {
LOGGER.warn("Unable to retrieve or parse CRL from URI " + crlUrlString);
}
}
return crlImpl;
}
Also used :
X509CRL(java.security.cert.X509CRL)
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
InputStream(java.io.InputStream)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
File(java.io.File)
CRLException(java.security.cert.CRLException)
Date(java.util.Date)
URLConnection(java.net.URLConnection)
URL(java.net.URL)
AnnotatedException(org.bouncycastle.jce.provider.AnnotatedException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
NHINDException(org.nhindirect.stagent.NHINDException)
CRLException(java.security.cert.CRLException)
NoSuchProviderException(java.security.NoSuchProviderException)
Example 20 with X509CRL
use of java.security.cert.X509CRL in project nhin-d by DirectProject.
the class CRLRevocationManager_getCrlFromUriTest method testGetCrlFromUri_existsInCache_crlExpire_assertCRLNotFound.
public void testGetCrlFromUri_existsInCache_crlExpire_assertCRLNotFound() {
String uri = "http://localhost:8080/master.crl";
Calendar nextUpdateDate = Calendar.getInstance();
nextUpdateDate.set(Calendar.YEAR, nextUpdateDate.get(Calendar.YEAR) - 10);
X509CRL crl = mock(X509CRL.class);
when(crl.getNextUpdate()).thenReturn(nextUpdateDate.getTime());
CRLRevocationManager.cache.put(uri, new SoftReference<X509CRL>(crl));
X509CRL retCrl = CRLRevocationManager.getInstance().getCrlFromUri(uri);
assertNull(retCrl);
//make sure it got removed from the cache
assertEquals(0, CRLRevocationManager.cache.size());
}Aggregations
X509CRL (java.security.cert.X509CRL)74
IOException (java.io.IOException)23
CRLException (java.security.cert.CRLException)14
X509Certificate (java.security.cert.X509Certificate)14
File (java.io.File)12
GeneralSecurityException (java.security.GeneralSecurityException)8
CertificateException (java.security.cert.CertificateException)8
CRL (java.security.cert.CRL)7
CertificateFactory (java.security.cert.CertificateFactory)7
Iterator (java.util.Iterator)7
Calendar (java.util.Calendar)6
HashSet (java.util.HashSet)6
Set (java.util.Set)6
ByteArrayInputStream (java.io.ByteArrayInputStream)5
InputStream (java.io.InputStream)5
ArrayList (java.util.ArrayList)5
Date (java.util.Date)5
LocalizedIllegalArgumentException (org.forgerock.i18n.LocalizedIllegalArgumentException)5
LdapException (org.forgerock.opendj.ldap.LdapException)5
FileInputStream (java.io.FileInputStream)4
