Example 41 with X509CRL
use of java.security.cert.X509CRL in project cxf by apache.
the class LdapCertificateRepo method getCRLsFromLdap.
private List<X509CRL> getCRLsFromLdap(String tmpRootDN, String tmpFilter, String tmpAttrName) {
try {
List<X509CRL> crls = new ArrayList<>();
NamingEnumeration<SearchResult> answer = ldapSearch.searchSubTree(tmpRootDN, tmpFilter);
while (answer.hasMore()) {
SearchResult sr = answer.next();
Attributes attrs = sr.getAttributes();
Attribute attribute = attrs.get(tmpAttrName);
if (attribute != null) {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509CRL crl = (X509CRL) cf.generateCRL(new ByteArrayInputStream((byte[]) attribute.get()));
crls.add(crl);
}
}
return crls;
} catch (CertificateException e) {
throw new RuntimeException(e.getMessage(), e);
} catch (NamingException e) {
throw new RuntimeException(e.getMessage(), e);
} catch (CRLException e) {
throw new RuntimeException(e.getMessage(), e);
}
}
Also used :
X509CRL(java.security.cert.X509CRL)
BasicAttribute(javax.naming.directory.BasicAttribute)
Attribute(javax.naming.directory.Attribute)
ArrayList(java.util.ArrayList)
BasicAttributes(javax.naming.directory.BasicAttributes)
Attributes(javax.naming.directory.Attributes)
SearchResult(javax.naming.directory.SearchResult)
CertificateException(java.security.cert.CertificateException)
CertificateFactory(java.security.cert.CertificateFactory)
ByteArrayInputStream(java.io.ByteArrayInputStream)
NamingException(javax.naming.NamingException)
CRLException(java.security.cert.CRLException)
Example 42 with X509CRL
use of java.security.cert.X509CRL in project Openfire by igniterealtime.
the class ClientTrustManager method loadCRL.
private void loadCRL() {
File crlFile = new File(JiveGlobals.getProperty("xmpp.client.certificate.crl", "resources" + File.separator + "security" + File.separator + "crl.pem"));
if (!crlFile.isFile()) {
Log.debug("ClientTrustmanager: crl file not found " + crlFile.toString());
useCRLs = false;
return;
}
long modified = crlFile.lastModified();
if (modified > crlLastUpdated) {
crlLastUpdated = modified;
Log.debug("ClientTrustManager: Updating CRLs");
useCRLs = false;
try {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509CRL crl;
FileInputStream crlStream = new FileInputStream(crlFile);
BufferedInputStream crlBuffer = new BufferedInputStream(crlStream);
//remove existing CRLs
crls.clear();
while (crlBuffer.available() > 0) {
crl = (X509CRL) cf.generateCRL(crlBuffer);
Log.debug("ClientTrustManager: adding CRL for " + crl.getIssuerDN());
crls.add(crl);
}
useCRLs = true;
} catch (FileNotFoundException e) {
// Its ok if the file wasnt found- maybe we dont have any CRL's
Log.debug("ClientTrustManager: CRL file not found: " + crlFile.toString());
} catch (IOException e) {
//Thrown bot the input streams
Log.error("ClientTrustManager: IOException while parsing CRLs", e);
} catch (CertificateException e) {
//Thrown by CertificateFactory.getInstance(...)
Log.error("ClientTrustManager: ", e);
} catch (CRLException e) {
Log.error("ClientTrustManager: CRLException while parsing CRLs", e);
}
}
}
Also used :
X509CRL(java.security.cert.X509CRL)
BufferedInputStream(java.io.BufferedInputStream)
FileNotFoundException(java.io.FileNotFoundException)
CertificateException(java.security.cert.CertificateException)
IOException(java.io.IOException)
File(java.io.File)
CertificateFactory(java.security.cert.CertificateFactory)
CRLException(java.security.cert.CRLException)
FileInputStream(java.io.FileInputStream)
Example 43 with X509CRL
use of java.security.cert.X509CRL in project gitblit by gitblit.
the class X509Utils method isRevoked.
/**
* Returns true if the certificate has been revoked.
*
* @param cert
* @param caRevocationList
* @return true if the certificate is revoked
*/
public static boolean isRevoked(X509Certificate cert, File caRevocationList) {
if (!caRevocationList.exists()) {
return false;
}
InputStream inStream = null;
try {
inStream = new FileInputStream(caRevocationList);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509CRL crl = (X509CRL) cf.generateCRL(inStream);
return crl.isRevoked(cert);
} catch (Exception e) {
logger.error(MessageFormat.format("Failed to check revocation status for certificate {0,number,0} [{1}] in {2}", cert.getSerialNumber(), cert.getSubjectDN().getName(), caRevocationList));
} finally {
if (inStream != null) {
try {
inStream.close();
} catch (Exception e) {
}
}
}
return false;
}
Also used :
X509CRL(java.security.cert.X509CRL)
FileInputStream(java.io.FileInputStream)
InputStream(java.io.InputStream)
CertificateFactory(java.security.cert.CertificateFactory)
FileInputStream(java.io.FileInputStream)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
SignatureException(java.security.SignatureException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
CertPathBuilderException(java.security.cert.CertPathBuilderException)
IOException(java.io.IOException)
Example 44 with X509CRL
use of java.security.cert.X509CRL in project robovm by robovm.
the class X509CRLStoreSelector method match.
public boolean match(Object obj) {
if (!(obj instanceof X509CRL)) {
return false;
}
X509CRL crl = (X509CRL) obj;
DERInteger dci = null;
try {
byte[] bytes = crl.getExtensionValue(X509Extensions.DeltaCRLIndicator.getId());
if (bytes != null) {
dci = DERInteger.getInstance(X509ExtensionUtil.fromExtensionValue(bytes));
}
} catch (Exception e) {
return false;
}
if (isDeltaCRLIndicatorEnabled()) {
if (dci == null) {
return false;
}
}
if (isCompleteCRLEnabled()) {
if (dci != null) {
return false;
}
}
if (dci != null) {
if (maxBaseCRLNumber != null) {
if (dci.getPositiveValue().compareTo(maxBaseCRLNumber) == 1) {
return false;
}
}
}
if (issuingDistributionPointEnabled) {
byte[] idp = crl.getExtensionValue(X509Extensions.IssuingDistributionPoint.getId());
if (issuingDistributionPoint == null) {
if (idp != null) {
return false;
}
} else {
if (!Arrays.areEqual(idp, issuingDistributionPoint)) {
return false;
}
}
}
return super.match((X509CRL) obj);
}
Also used :
X509CRL(java.security.cert.X509CRL)
IOException(java.io.IOException)
DERInteger(org.bouncycastle.asn1.DERInteger)
Example 45 with X509CRL
use of java.security.cert.X509CRL in project robovm by robovm.
the class X509CRLTest method isRevoked.
private void isRevoked(CertificateFactory f) throws Exception {
X509Certificate rsaCert = getCertificate(f, CERT_RSA);
X509Certificate dsaCert = getCertificate(f, CERT_DSA);
X509CRL crlRsa = getCRL(f, CRL_RSA);
X509CRL crlRsaDsa = getCRL(f, CRL_RSA_DSA);
assertTrue(crlRsa.isRevoked(rsaCert));
assertFalse(crlRsa.isRevoked(dsaCert));
assertTrue(crlRsaDsa.isRevoked(rsaCert));
assertTrue(crlRsaDsa.isRevoked(dsaCert));
try {
assertFalse(crlRsa.isRevoked(null));
if ("BC".equals(f.getProvider().getName())) {
fail("BouncyCastle throws on null input");
}
} catch (NullPointerException e) {
if (!"BC".equals(f.getProvider().getName())) {
fail("Should not throw on null input");
}
}
}
Also used :
X509CRL(java.security.cert.X509CRL)
X509Certificate(java.security.cert.X509Certificate)
Aggregations
X509CRL (java.security.cert.X509CRL)78
IOException (java.io.IOException)24
CRLException (java.security.cert.CRLException)16
X509Certificate (java.security.cert.X509Certificate)15
File (java.io.File)13
CertificateException (java.security.cert.CertificateException)10
CertificateFactory (java.security.cert.CertificateFactory)9
GeneralSecurityException (java.security.GeneralSecurityException)8
CRL (java.security.cert.CRL)7
ArrayList (java.util.ArrayList)7
Iterator (java.util.Iterator)7
ByteArrayInputStream (java.io.ByteArrayInputStream)6
InputStream (java.io.InputStream)6
Calendar (java.util.Calendar)6
HashSet (java.util.HashSet)6
Set (java.util.Set)6
Date (java.util.Date)5
LocalizedIllegalArgumentException (org.forgerock.i18n.LocalizedIllegalArgumentException)5
LdapException (org.forgerock.opendj.ldap.LdapException)5
FileInputStream (java.io.FileInputStream)4
