Example 1 with CertUtils
use of org.apereo.cas.adaptors.x509.util.CertUtils in project cas by apereo.
the class AbstractCRLRevocationChecker method check.
@Override
public void check(final X509Certificate cert) throws GeneralSecurityException {
if (cert == null) {
throw new IllegalArgumentException("Certificate cannot be null.");
}
LOGGER.debug("Evaluating certificate revocation status for [{}]", CertUtils.toString(cert));
final Collection<X509CRL> crls = getCRLs(cert);
if (crls == null || crls.isEmpty()) {
LOGGER.warn("CRL data is not available for [{}]", CertUtils.toString(cert));
this.unavailableCRLPolicy.apply(null);
return;
}
final List<X509CRL> expiredCrls = new ArrayList<>();
final List<X509CRLEntry> revokedCrls;
crls.stream().filter(CertUtils::isExpired).forEach(crl -> {
LOGGER.warn("CRL data expired on [{}]", crl.getNextUpdate());
expiredCrls.add(crl);
});
if (crls.size() == expiredCrls.size()) {
LOGGER.warn("All CRLs retrieved have expired. Applying CRL expiration policy...");
for (final X509CRL crl : expiredCrls) {
this.expiredCRLPolicy.apply(crl);
}
} else {
crls.removeAll(expiredCrls);
LOGGER.debug("Valid CRLs [{}] found that are not expired yet", crls);
revokedCrls = crls.stream().map(crl -> crl.getRevokedCertificate(cert)).filter(Objects::nonNull).collect(Collectors.toList());
if (revokedCrls.size() == crls.size()) {
final X509CRLEntry entry = revokedCrls.get(0);
LOGGER.warn("All CRL entries have been revoked. Rejecting the first entry [{}]", entry);
throw new RevokedCertificateException(entry);
}
}
}
Also used :
X509Certificate(java.security.cert.X509Certificate)
RevocationPolicy(org.apereo.cas.adaptors.x509.authentication.revocation.policy.RevocationPolicy)
X509CRLEntry(java.security.cert.X509CRLEntry)
Logger(org.slf4j.Logger)
Collection(java.util.Collection)
LoggerFactory(org.slf4j.LoggerFactory)
X509CRL(java.security.cert.X509CRL)
Collectors(java.util.stream.Collectors)
RevokedCertificateException(org.apereo.cas.adaptors.x509.authentication.revocation.RevokedCertificateException)
ArrayList(java.util.ArrayList)
Objects(java.util.Objects)
List(java.util.List)
DenyRevocationPolicy(org.apereo.cas.adaptors.x509.authentication.revocation.policy.DenyRevocationPolicy)
GeneralSecurityException(java.security.GeneralSecurityException)
CertUtils(org.apereo.cas.adaptors.x509.util.CertUtils)
ThresholdExpiredCRLRevocationPolicy(org.apereo.cas.adaptors.x509.authentication.revocation.policy.ThresholdExpiredCRLRevocationPolicy)
X509CRLEntry(java.security.cert.X509CRLEntry)
X509CRL(java.security.cert.X509CRL)
RevokedCertificateException(org.apereo.cas.adaptors.x509.authentication.revocation.RevokedCertificateException)
ArrayList(java.util.ArrayList)
Objects(java.util.Objects)
Aggregations
GeneralSecurityException (java.security.GeneralSecurityException)1
X509CRL (java.security.cert.X509CRL)1
X509CRLEntry (java.security.cert.X509CRLEntry)1
X509Certificate (java.security.cert.X509Certificate)1
ArrayList (java.util.ArrayList)1
Collection (java.util.Collection)1
List (java.util.List)1
Objects (java.util.Objects)1
Collectors (java.util.stream.Collectors)1
RevokedCertificateException (org.apereo.cas.adaptors.x509.authentication.revocation.RevokedCertificateException)1
DenyRevocationPolicy (org.apereo.cas.adaptors.x509.authentication.revocation.policy.DenyRevocationPolicy)1
RevocationPolicy (org.apereo.cas.adaptors.x509.authentication.revocation.policy.RevocationPolicy)1
ThresholdExpiredCRLRevocationPolicy (org.apereo.cas.adaptors.x509.authentication.revocation.policy.ThresholdExpiredCRLRevocationPolicy)1
CertUtils (org.apereo.cas.adaptors.x509.util.CertUtils)1
Logger (org.slf4j.Logger)1
LoggerFactory (org.slf4j.LoggerFactory)1
