Search in sources :

Example 11 with CRLDistPoint

use of org.bouncycastle.asn1.x509.CRLDistPoint in project robovm by robovm.

the class CertPathValidatorUtilities method addAdditionalStoresFromCRLDistributionPoint.

// BEGIN android-removed
// protected static Collection findCertificates(X509AttributeCertStoreSelector certSelect,
//                                              List certStores)
//     throws AnnotatedException
// {
//     Set certs = new HashSet();
//     Iterator iter = certStores.iterator();
//
//     while (iter.hasNext())
//     {
//         Object obj = iter.next();
//
//         if (obj instanceof X509Store)
//         {
//             X509Store certStore = (X509Store)obj;
//             try
//             {
//                 certs.addAll(certStore.getMatches(certSelect));
//             }
//             catch (StoreException e)
//             {
//                 throw new AnnotatedException(
//                         "Problem while picking certificates from X.509 store.", e);
//             }
//         }
//     }
//     return certs;
// }
// END android-removed
protected static void addAdditionalStoresFromCRLDistributionPoint(CRLDistPoint crldp, ExtendedPKIXParameters pkixParams) throws AnnotatedException {
    if (crldp != null) {
        DistributionPoint[] dps = null;
        try {
            dps = crldp.getDistributionPoints();
        } catch (Exception e) {
            throw new AnnotatedException("Distribution points could not be read.", e);
        }
        for (int i = 0; i < dps.length; i++) {
            DistributionPointName dpn = dps[i].getDistributionPoint();
            // look for URIs in fullName
            if (dpn != null) {
                if (dpn.getType() == DistributionPointName.FULL_NAME) {
                    GeneralName[] genNames = GeneralNames.getInstance(dpn.getName()).getNames();
                    // look for an URI
                    for (int j = 0; j < genNames.length; j++) {
                        if (genNames[j].getTagNo() == GeneralName.uniformResourceIdentifier) {
                            String location = DERIA5String.getInstance(genNames[j].getName()).getString();
                            CertPathValidatorUtilities.addAdditionalStoreFromLocation(location, pkixParams);
                        }
                    }
                }
            }
        }
    }
}
Also used : DistributionPointName(org.bouncycastle.asn1.x509.DistributionPointName) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) GeneralName(org.bouncycastle.asn1.x509.GeneralName) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) GeneralSecurityException(java.security.GeneralSecurityException) CertPathValidatorException(java.security.cert.CertPathValidatorException) ParseException(java.text.ParseException) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) CertStoreException(java.security.cert.CertStoreException) CRLException(java.security.cert.CRLException) CertificateParsingException(java.security.cert.CertificateParsingException) StoreException(org.bouncycastle.util.StoreException) IOException(java.io.IOException) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)

Example 12 with CRLDistPoint

use of org.bouncycastle.asn1.x509.CRLDistPoint in project robovm by robovm.

the class RFC3280CertPathUtilities method checkCRLs.

/**
     * Checks a certificate if it is revoked.
     *
     * @param paramsPKIX       PKIX parameters.
     * @param cert             Certificate to check if it is revoked.
     * @param validDate        The date when the certificate revocation status should be
     *                         checked.
     * @param sign             The issuer certificate of the certificate <code>cert</code>.
     * @param workingPublicKey The public key of the issuer certificate <code>sign</code>.
     * @param certPathCerts    The certificates of the certification path.
     * @throws AnnotatedException if the certificate is revoked or the status cannot be checked
     *                            or some error occurs.
     */
protected static void checkCRLs(ExtendedPKIXParameters paramsPKIX, X509Certificate cert, Date validDate, X509Certificate sign, PublicKey workingPublicKey, List certPathCerts) throws AnnotatedException {
    AnnotatedException lastException = null;
    CRLDistPoint crldp = null;
    try {
        crldp = CRLDistPoint.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.CRL_DISTRIBUTION_POINTS));
    } catch (Exception e) {
        throw new AnnotatedException("CRL distribution point extension could not be read.", e);
    }
    try {
        CertPathValidatorUtilities.addAdditionalStoresFromCRLDistributionPoint(crldp, paramsPKIX);
    } catch (AnnotatedException e) {
        throw new AnnotatedException("No additional CRL locations could be decoded from CRL distribution point extension.", e);
    }
    CertStatus certStatus = new CertStatus();
    ReasonsMask reasonsMask = new ReasonsMask();
    boolean validCrlFound = false;
    // for each distribution point
    if (crldp != null) {
        DistributionPoint[] dps = null;
        try {
            dps = crldp.getDistributionPoints();
        } catch (Exception e) {
            throw new AnnotatedException("Distribution points could not be read.", e);
        }
        if (dps != null) {
            for (int i = 0; i < dps.length && certStatus.getCertStatus() == CertStatus.UNREVOKED && !reasonsMask.isAllReasons(); i++) {
                ExtendedPKIXParameters paramsPKIXClone = (ExtendedPKIXParameters) paramsPKIX.clone();
                try {
                    checkCRL(dps[i], paramsPKIXClone, cert, validDate, sign, workingPublicKey, certStatus, reasonsMask, certPathCerts);
                    validCrlFound = true;
                } catch (AnnotatedException e) {
                    lastException = e;
                }
            }
        }
    }
    if (certStatus.getCertStatus() == CertStatus.UNREVOKED && !reasonsMask.isAllReasons()) {
        try {
            /*
                 * assume a DP with both the reasons and the cRLIssuer fields
                 * omitted and a distribution point name of the certificate
                 * issuer.
                 */
            ASN1Primitive issuer = null;
            try {
                issuer = new ASN1InputStream(CertPathValidatorUtilities.getEncodedIssuerPrincipal(cert).getEncoded()).readObject();
            } catch (Exception e) {
                throw new AnnotatedException("Issuer from certificate for CRL could not be reencoded.", e);
            }
            DistributionPoint dp = new DistributionPoint(new DistributionPointName(0, new GeneralNames(new GeneralName(GeneralName.directoryName, issuer))), null, null);
            ExtendedPKIXParameters paramsPKIXClone = (ExtendedPKIXParameters) paramsPKIX.clone();
            checkCRL(dp, paramsPKIXClone, cert, validDate, sign, workingPublicKey, certStatus, reasonsMask, certPathCerts);
            validCrlFound = true;
        } catch (AnnotatedException e) {
            lastException = e;
        }
    }
    if (!validCrlFound) {
        if (lastException instanceof AnnotatedException) {
            throw lastException;
        }
        throw new AnnotatedException("No valid CRL found.", lastException);
    }
    if (certStatus.getCertStatus() != CertStatus.UNREVOKED) {
        String message = "Certificate revocation after " + certStatus.getRevocationDate();
        message += ", reason: " + crlReasons[certStatus.getCertStatus()];
        throw new AnnotatedException(message);
    }
    if (!reasonsMask.isAllReasons() && certStatus.getCertStatus() == CertStatus.UNREVOKED) {
        certStatus.setCertStatus(CertStatus.UNDETERMINED);
    }
    if (certStatus.getCertStatus() == CertStatus.UNDETERMINED) {
        throw new AnnotatedException("Certificate status could not be determined.");
    }
}
Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) DistributionPointName(org.bouncycastle.asn1.x509.DistributionPointName) CertificateExpiredException(java.security.cert.CertificateExpiredException) GeneralSecurityException(java.security.GeneralSecurityException) CertPathValidatorException(java.security.cert.CertPathValidatorException) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException) CertPathBuilderException(java.security.cert.CertPathBuilderException) IOException(java.io.IOException) IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) ExtendedPKIXParameters(org.bouncycastle.x509.ExtendedPKIXParameters) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) GeneralName(org.bouncycastle.asn1.x509.GeneralName) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)

Example 13 with CRLDistPoint

use of org.bouncycastle.asn1.x509.CRLDistPoint in project nhin-d by DirectProject.

the class CRLRevocationManager method loadCRLs.

/**
     * Extract and fetch all CRLs stored within a given certificate. Cache is
     * updated per policy or if the cached CRL has passed planned update date.
     * This method is thread safe.
     * 
     * @param certificate
     *            The certificate from which to extract and fetch CRLs.
     * @return The first CRL loaded from the certificate CRL distribution points
     * @throws CRLException
     */
protected X509CRL loadCRLs(X509Certificate certificate) {
    if (certificate == null)
        return null;
    X509CRL retVal = null;
    try {
        // get the distribution points extension
        CRLDistPoint distPoints = CRLDistPoint.getInstance(getExtensionValue(certificate, X509Extensions.CRLDistributionPoints.getId()));
        // Add CRL distribution point(s)
        if (distPoints != null) {
            // iterate through the distribution points and get the first CRL that can be obtained
            for (DistributionPoint distPoint : distPoints.getDistributionPoints()) {
                String distPointURL = distPoint.getDistributionPoint().getName().toString();
                if (distPointURL.startsWith("General")) {
                    // get the actual URL associated with the name
                    distPointURL = getNameString(distPointURL);
                }
                // get the CRL from the distribution point CRL
                retVal = getCrlFromUri(distPointURL);
                if (retVal != null)
                    // do we need to retrieve the list from each CRL, or is each dist point identical?
                    return retVal;
            }
        }
    } catch (Exception e) {
        if (LOGGER.isWarnEnabled())
            LOGGER.warn("Unable to handle CDP CRL(s): " + e.getMessage());
    }
    return null;
}
Also used : X509CRL(java.security.cert.X509CRL) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) AnnotatedException(org.bouncycastle.jce.provider.AnnotatedException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) NHINDException(org.nhindirect.stagent.NHINDException) CRLException(java.security.cert.CRLException) NoSuchProviderException(java.security.NoSuchProviderException)

Example 14 with CRLDistPoint

use of org.bouncycastle.asn1.x509.CRLDistPoint in project xipki by xipki.

the class X509Ca method generateCrl0.

private X509CRL generateCrl0(boolean deltaCrl, Date thisUpdate, Date nextUpdate, AuditEvent event, String msgId) throws OperationException {
    X509CrlSignerEntryWrapper crlSigner = getCrlSigner();
    if (crlSigner == null) {
        throw new OperationException(ErrorCode.NOT_PERMITTED, "CRL generation is not allowed");
    }
    LOG.info("     START generateCrl: ca={}, deltaCRL={}, nextUpdate={}", caIdent, deltaCrl, nextUpdate);
    event.addEventData(CaAuditConstants.NAME_crlType, deltaCrl ? "DELTA_CRL" : "FULL_CRL");
    if (nextUpdate == null) {
        event.addEventData(CaAuditConstants.NAME_nextUpdate, "null");
    } else {
        event.addEventData(CaAuditConstants.NAME_nextUpdate, DateUtil.toUtcTimeyyyyMMddhhmmss(nextUpdate));
        if (nextUpdate.getTime() - thisUpdate.getTime() < 10 * 60 * MS_PER_SECOND) {
            // less than 10 minutes
            throw new OperationException(ErrorCode.CRL_FAILURE, "nextUpdate and thisUpdate are too close");
        }
    }
    CrlControl crlControl = crlSigner.getCrlControl();
    boolean successful = false;
    try {
        ConcurrentContentSigner tmpCrlSigner = crlSigner.getSigner();
        CrlControl control = crlSigner.getCrlControl();
        boolean directCrl;
        X500Name crlIssuer;
        if (tmpCrlSigner == null) {
            directCrl = true;
            crlIssuer = caInfo.getPublicCaInfo().getX500Subject();
        } else {
            directCrl = false;
            crlIssuer = X500Name.getInstance(tmpCrlSigner.getCertificate().getSubjectX500Principal().getEncoded());
        }
        X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(crlIssuer, thisUpdate);
        if (nextUpdate != null) {
            crlBuilder.setNextUpdate(nextUpdate);
        }
        final int numEntries = 100;
        Date notExpireAt;
        if (control.isIncludeExpiredCerts()) {
            notExpireAt = new Date(0);
        } else {
            // 10 minutes buffer
            notExpireAt = new Date(thisUpdate.getTime() - 600L * MS_PER_SECOND);
        }
        long startId = 1;
        // we have to cache the serial entries to sort them
        List<CertRevInfoWithSerial> allRevInfos = new LinkedList<>();
        List<CertRevInfoWithSerial> revInfos;
        do {
            if (deltaCrl) {
                revInfos = certstore.getCertsForDeltaCrl(caIdent, startId, numEntries, control.isOnlyContainsCaCerts(), control.isOnlyContainsUserCerts());
            } else {
                revInfos = certstore.getRevokedCerts(caIdent, notExpireAt, startId, numEntries, control.isOnlyContainsCaCerts(), control.isOnlyContainsUserCerts());
            }
            allRevInfos.addAll(revInfos);
            long maxId = 1;
            for (CertRevInfoWithSerial revInfo : revInfos) {
                if (revInfo.getId() > maxId) {
                    maxId = revInfo.getId();
                }
            }
            // end for
            startId = maxId + 1;
        } while (// end do
        revInfos.size() >= numEntries);
        if (revInfos != null) {
            // free the memory
            revInfos.clear();
        }
        // sort the list by SerialNumber ASC
        Collections.sort(allRevInfos);
        boolean isFirstCrlEntry = true;
        for (CertRevInfoWithSerial revInfo : allRevInfos) {
            CrlReason reason = revInfo.getReason();
            if (crlControl.isExcludeReason() && reason != CrlReason.REMOVE_FROM_CRL) {
                reason = CrlReason.UNSPECIFIED;
            }
            Date revocationTime = revInfo.getRevocationTime();
            Date invalidityTime = revInfo.getInvalidityTime();
            switch(crlControl.getInvalidityDateMode()) {
                case FORBIDDEN:
                    invalidityTime = null;
                    break;
                case OPTIONAL:
                    break;
                case REQUIRED:
                    if (invalidityTime == null) {
                        invalidityTime = revocationTime;
                    }
                    break;
                default:
                    throw new RuntimeException("unknown TripleState: " + crlControl.getInvalidityDateMode());
            }
            BigInteger serial = revInfo.getSerial();
            LOG.debug("added cert ca={} serial={} to CRL", caIdent, serial);
            if (directCrl || !isFirstCrlEntry) {
                if (invalidityTime != null) {
                    crlBuilder.addCRLEntry(serial, revocationTime, reason.getCode(), invalidityTime);
                } else {
                    crlBuilder.addCRLEntry(serial, revocationTime, reason.getCode());
                }
                continue;
            }
            List<Extension> extensions = new ArrayList<>(3);
            if (reason != CrlReason.UNSPECIFIED) {
                Extension ext = createReasonExtension(reason.getCode());
                extensions.add(ext);
            }
            if (invalidityTime != null) {
                Extension ext = createInvalidityDateExtension(invalidityTime);
                extensions.add(ext);
            }
            Extension ext = createCertificateIssuerExtension(caInfo.getPublicCaInfo().getX500Subject());
            extensions.add(ext);
            crlBuilder.addCRLEntry(serial, revocationTime, new Extensions(extensions.toArray(new Extension[0])));
            isFirstCrlEntry = false;
        }
        // free the memory
        allRevInfos.clear();
        BigInteger crlNumber = caInfo.nextCrlNumber();
        event.addEventData(CaAuditConstants.NAME_crlNumber, crlNumber);
        boolean onlyUserCerts = crlControl.isOnlyContainsUserCerts();
        boolean onlyCaCerts = crlControl.isOnlyContainsCaCerts();
        if (onlyUserCerts && onlyCaCerts) {
            throw new RuntimeException("should not reach here, onlyUserCerts and onlyCACerts are both true");
        }
        try {
            // AuthorityKeyIdentifier
            byte[] akiValues = directCrl ? caInfo.getPublicCaInfo().getSubjectKeyIdentifer() : crlSigner.getSubjectKeyIdentifier();
            AuthorityKeyIdentifier aki = new AuthorityKeyIdentifier(akiValues);
            crlBuilder.addExtension(Extension.authorityKeyIdentifier, false, aki);
            // add extension CRL Number
            crlBuilder.addExtension(Extension.cRLNumber, false, new ASN1Integer(crlNumber));
            // IssuingDistributionPoint
            if (onlyUserCerts || onlyCaCerts || !directCrl) {
                IssuingDistributionPoint idp = new IssuingDistributionPoint(// distributionPoint,
                (DistributionPointName) null, // onlyContainsUserCerts,
                onlyUserCerts, // onlyContainsCACerts,
                onlyCaCerts, // onlySomeReasons,
                (ReasonFlags) null, // indirectCRL,
                !directCrl, // onlyContainsAttributeCerts
                false);
                crlBuilder.addExtension(Extension.issuingDistributionPoint, true, idp);
            }
            // freshestCRL
            List<String> deltaCrlUris = getCaInfo().getPublicCaInfo().getDeltaCrlUris();
            if (control.getDeltaCrlIntervals() > 0 && CollectionUtil.isNonEmpty(deltaCrlUris)) {
                CRLDistPoint cdp = CaUtil.createCrlDistributionPoints(deltaCrlUris, caInfo.getPublicCaInfo().getX500Subject(), crlIssuer);
                crlBuilder.addExtension(Extension.freshestCRL, false, cdp);
            }
        } catch (CertIOException ex) {
            LogUtil.error(LOG, ex, "crlBuilder.addExtension");
            throw new OperationException(ErrorCode.INVALID_EXTENSION, ex);
        }
        addXipkiCertset(crlBuilder, deltaCrl, control, notExpireAt, onlyCaCerts, onlyUserCerts);
        ConcurrentContentSigner concurrentSigner = (tmpCrlSigner == null) ? caInfo.getSigner(null) : tmpCrlSigner;
        ConcurrentBagEntrySigner signer0;
        try {
            signer0 = concurrentSigner.borrowSigner();
        } catch (NoIdleSignerException ex) {
            throw new OperationException(ErrorCode.SYSTEM_FAILURE, "NoIdleSignerException: " + ex.getMessage());
        }
        X509CRLHolder crlHolder;
        try {
            crlHolder = crlBuilder.build(signer0.value());
        } finally {
            concurrentSigner.requiteSigner(signer0);
        }
        try {
            X509CRL crl = X509Util.toX509Crl(crlHolder.toASN1Structure());
            caInfo.getCaEntry().setNextCrlNumber(crlNumber.longValue() + 1);
            caManager.commitNextCrlNo(caIdent, caInfo.getCaEntry().getNextCrlNumber());
            publishCrl(crl);
            successful = true;
            LOG.info("SUCCESSFUL generateCrl: ca={}, crlNumber={}, thisUpdate={}", caIdent, crlNumber, crl.getThisUpdate());
            if (!deltaCrl) {
                // clean up the CRL
                cleanupCrlsWithoutException(msgId);
            }
            return crl;
        } catch (CRLException | CertificateException ex) {
            throw new OperationException(ErrorCode.CRL_FAILURE, ex);
        }
    } finally {
        if (!successful) {
            LOG.info("    FAILED generateCrl: ca={}", caIdent);
        }
    }
}
Also used : CrlControl(org.xipki.ca.server.mgmt.api.x509.CrlControl) IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint) X509CRL(java.security.cert.X509CRL) ArrayList(java.util.ArrayList) AuthorityKeyIdentifier(org.bouncycastle.asn1.x509.AuthorityKeyIdentifier) CertificateException(java.security.cert.CertificateException) X500Name(org.bouncycastle.asn1.x500.X500Name) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) Extensions(org.bouncycastle.asn1.x509.Extensions) NoIdleSignerException(org.xipki.security.exception.NoIdleSignerException) X509v2CRLBuilder(org.bouncycastle.cert.X509v2CRLBuilder) CrlReason(org.xipki.security.CrlReason) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) CRLException(java.security.cert.CRLException) OperationException(org.xipki.ca.api.OperationException) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) CertIOException(org.bouncycastle.cert.CertIOException) ConcurrentBagEntrySigner(org.xipki.security.ConcurrentBagEntrySigner) IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) Date(java.util.Date) LinkedList(java.util.LinkedList) Extension(org.bouncycastle.asn1.x509.Extension) ConcurrentContentSigner(org.xipki.security.ConcurrentContentSigner) X509CRLHolder(org.bouncycastle.cert.X509CRLHolder) BigInteger(java.math.BigInteger)

Example 15 with CRLDistPoint

use of org.bouncycastle.asn1.x509.CRLDistPoint in project xipki by xipki.

the class CaUtil method createCrlDistributionPoints.

public static CRLDistPoint createCrlDistributionPoints(List<String> crlUris, X500Name caSubject, X500Name crlSignerSubject) {
    ParamUtil.requireNonEmpty("crlUris", crlUris);
    int size = crlUris.size();
    DistributionPoint[] points = new DistributionPoint[1];
    GeneralName[] names = new GeneralName[size];
    for (int i = 0; i < size; i++) {
        names[i] = new GeneralName(GeneralName.uniformResourceIdentifier, crlUris.get(i));
    }
    // Distribution Point
    GeneralNames gns = new GeneralNames(names);
    DistributionPointName pointName = new DistributionPointName(gns);
    GeneralNames crlIssuer = null;
    if (crlSignerSubject != null && !crlSignerSubject.equals(caSubject)) {
        GeneralName crlIssuerName = new GeneralName(crlSignerSubject);
        crlIssuer = new GeneralNames(crlIssuerName);
    }
    points[0] = new DistributionPoint(pointName, null, crlIssuer);
    return new CRLDistPoint(points);
}
Also used : GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) DistributionPointName(org.bouncycastle.asn1.x509.DistributionPointName) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) GeneralName(org.bouncycastle.asn1.x509.GeneralName) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)

Aggregations

CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)21 DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)18 GeneralName (org.bouncycastle.asn1.x509.GeneralName)17 DistributionPointName (org.bouncycastle.asn1.x509.DistributionPointName)13 GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)12 IOException (java.io.IOException)9 DERIA5String (org.bouncycastle.asn1.DERIA5String)9 CRLException (java.security.cert.CRLException)5 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)5 ASN1Primitive (org.bouncycastle.asn1.ASN1Primitive)5 DEROctetString (org.bouncycastle.asn1.DEROctetString)5 IssuingDistributionPoint (org.bouncycastle.asn1.x509.IssuingDistributionPoint)5 GeneralSecurityException (java.security.GeneralSecurityException)4 CertPathValidatorException (java.security.cert.CertPathValidatorException)4 CertificateException (java.security.cert.CertificateException)4 ArrayList (java.util.ArrayList)4 HashSet (java.util.HashSet)4 ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)4 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)4 ExtCertPathValidatorException (org.bouncycastle.jce.exception.ExtCertPathValidatorException)4