Examples with X509CRL - java.security.cert.X509CRL

Example 26 with X509CRL

use of java.security.cert.X509CRL in project nhin-d by DirectProject.

the class CRLRevocationManager_writeCRLCacheFileTest method testWriteCRLCacheFile_errorInWrite.

public void testWriteCRLCacheFile_errorInWrite() throws Exception {
    CRLRevocationManager.initCRLCacheLocation();
    X509CRL crlToWrite = mock(X509CRL.class);
    doThrow(new RuntimeException("Just Passing Through")).when(crlToWrite).getEncoded();
    String distURI = "http://localhost:8080/config";
    CRLRevocationManager.getInstance().writeCRLCacheFile(distURI, crlToWrite);
    // make sure the file does not exists
    File crlFile = new File(CRLRevocationManager.getCacheFileName(distURI));
    assertFalse(crlFile.exists());
}

Also used : X509CRL(java.security.cert.X509CRL) File(java.io.File)

Example 27 with X509CRL

use of java.security.cert.X509CRL in project nhin-d by DirectProject.

the class CRLRevocationManager_writeCRLCacheFileTest method testWriteCRLCacheFile_writeToFile_deleteExisting.

public void testWriteCRLCacheFile_writeToFile_deleteExisting() throws Exception {
    CRLRevocationManager.initCRLCacheLocation();
    CRL crlToWrite = TestUtils.loadCRL("certs.crl");
    String distURI = "http://localhost:8080/config";
    // make sure it doesn't exist
    File crlFile = new File(CRLRevocationManager.getCacheFileName(distURI));
    assertFalse(crlFile.exists());
    CRLRevocationManager.getInstance().writeCRLCacheFile(distURI, (X509CRL) crlToWrite);
    // make sure the file exists
    assertTrue(crlFile.exists());
    // mark the date
    long originalFileDate = crlFile.lastModified();
    // sleep 2000 ms to make sure we get a new date
    Thread.sleep(2000);
    // write it again
    CRLRevocationManager.getInstance().writeCRLCacheFile(distURI, (X509CRL) crlToWrite);
    // make sure the file exists
    crlFile = new File(CRLRevocationManager.getCacheFileName(distURI));
    assertTrue(crlFile.exists());
    // mark the date
    long newFileDate = crlFile.lastModified();
    // make sure the dates aren't the same
    assertTrue(originalFileDate != newFileDate);
}

Also used : X509CRL(java.security.cert.X509CRL) CRL(java.security.cert.CRL) File(java.io.File)

Example 28 with X509CRL

use of java.security.cert.X509CRL in project OpenAM by OpenRock.

the class CRLValidator method getCRL.

/**
     * Get certificate revocation list from cofigured ldap store
     * @param cert cert to be validated 
     * @return crl if ldap store configured with crl
     */
public static X509CRL getCRL(X509Certificate cert) {
    X509CRL crl = null;
    //Get the CN of the input certificate
    String attrValue = CertUtils.getAttributeValue(cert.getIssuerX500Principal(), crlSearchAttr);
    if (attrValue == null || ldapParams == null) {
        return null;
    }
    if (debug.messageEnabled()) {
        debug.message("CRLValidator - attrValue to search crl : " + attrValue);
    }
    //Lookup the certificate in the LDAP certificate directory and compare the values.
    String searchFilter = AMCRLStore.setSearchFilter(crlSearchAttr, attrValue);
    ldapParams.setSearchFilter(searchFilter);
    try {
        AMCRLStore store = new AMCRLStore(ldapParams);
        crl = store.getCRL(cert);
    } catch (IOException e) {
        debug.error("X509Certificate: verifyCertificate." + e.toString());
    }
    return crl;
}

Also used : X509CRL(java.security.cert.X509CRL) IOException(java.io.IOException)

Example 29 with X509CRL

use of java.security.cert.X509CRL in project OpenAM by OpenRock.

the class Cert method doJCERevocationValidation.

private int doJCERevocationValidation(X509Certificate[] allCerts) throws AuthLoginException {
    int ret = ISAuthConstants.LOGIN_IGNORE;
    try {
        Vector crls = new Vector();
        for (X509Certificate cert : allCerts) {
            X509CRL crl = AMCRLStore.getCRL(ldapParam, cert, amAuthCert_chkAttributesCRL);
            if (crl != null) {
                crls.add(crl);
            }
        }
        if (debug.messageEnabled()) {
            debug.message("Cert.doRevocationValidation: crls size = " + crls.size());
            if (crls.size() > 0) {
                debug.message("CRL = " + crls.toString());
            }
        }
        AMCertPath certpath = new AMCertPath(crls);
        if (!certpath.verify(allCerts, crlEnabled, ocspEnabled)) {
            debug.error("CertPath:verify failed.");
            return ret;
        } else {
            if (debug.messageEnabled()) {
                debug.message("CertPath:verify success.");
            }
        }
        ret = ISAuthConstants.LOGIN_SUCCEED;
    } catch (Exception e) {
        debug.error("Cert.doRevocationValidation: verify failed.", e);
    }
    return ret;
}

Also used : X509CRL(java.security.cert.X509CRL) AMCertPath(com.sun.identity.security.cert.AMCertPath) Vector(java.util.Vector) X509Certificate(java.security.cert.X509Certificate) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)

Example 30 with X509CRL

use of java.security.cert.X509CRL in project OpenAM by OpenRock.

the class AMCRLStore method getCRLFromEntry.

private X509CRL getCRLFromEntry(SearchResultEntry entry) throws Exception {
    if (debug.messageEnabled()) {
        debug.message("AMCRLStore.getCRLFromEntry:");
    }
    if (entry == null) {
        return null;
    }
    Attribute crlAttribute = null;
    X509CRL crl = null;
    try {
        if (mCrlAttrName == null) {
            crlAttribute = entry.getAttribute(CERTIFICATE_REVOCATION_LIST);
            if (crlAttribute == null) {
                crlAttribute = entry.getAttribute(CERTIFICATE_REVOCATION_LIST_BINARY);
                if (crlAttribute == null) {
                    debug.error("No CRL Cache is configured");
                    return null;
                }
            }
            mCrlAttrName = crlAttribute.getAttributeDescriptionAsString();
        } else {
            crlAttribute = entry.getAttribute(mCrlAttrName);
        }
        if (crlAttribute.size() > 1) {
            debug.error("More than one CRL entries are configured");
            return null;
        }
    } catch (Exception e) {
        debug.error("Error in getting Cached CRL");
        return null;
    }
    try {
        byte[] bytes = crlAttribute.firstValue().toByteArray();
        if (debug.messageEnabled()) {
            debug.message("AMCRLStore.getCRLFromEntry: crl size = " + bytes.length);
        }
        cf = CertificateFactory.getInstance("X.509");
        crl = (X509CRL) cf.generateCRL(new ByteArrayInputStream(bytes));
    } catch (Exception e) {
        debug.error("Certificate: CertRevoked = ", e);
    }
    return crl;
}

Also used : X509CRL(java.security.cert.X509CRL) Attribute(org.forgerock.opendj.ldap.Attribute) ByteArrayInputStream(java.io.ByteArrayInputStream) LdapException(org.forgerock.opendj.ldap.LdapException) GeneralSecurityException(java.security.GeneralSecurityException) IOException(java.io.IOException) LocalizedIllegalArgumentException(org.forgerock.i18n.LocalizedIllegalArgumentException)

Aggregations

X509CRL (java.security.cert.X509CRL)74 IOException (java.io.IOException)23 CRLException (java.security.cert.CRLException)14 X509Certificate (java.security.cert.X509Certificate)14 File (java.io.File)12 GeneralSecurityException (java.security.GeneralSecurityException)8 CertificateException (java.security.cert.CertificateException)8 CRL (java.security.cert.CRL)7 CertificateFactory (java.security.cert.CertificateFactory)7 Iterator (java.util.Iterator)7 Calendar (java.util.Calendar)6 HashSet (java.util.HashSet)6 Set (java.util.Set)6 ByteArrayInputStream (java.io.ByteArrayInputStream)5 InputStream (java.io.InputStream)5 ArrayList (java.util.ArrayList)5 Date (java.util.Date)5 LocalizedIllegalArgumentException (org.forgerock.i18n.LocalizedIllegalArgumentException)5 LdapException (org.forgerock.opendj.ldap.LdapException)5 FileInputStream (java.io.FileInputStream)4