Example 11 with OCSPResp
use of org.bouncycastle.cert.ocsp.OCSPResp in project neo4j by neo4j.
the class CertConfiguredSecureSocketConnection method getSeenOcspResponses.
public Set<BasicOCSPResp> getSeenOcspResponses() throws IOException, OCSPException {
Set<BasicOCSPResp> ocspResponses = new HashSet<>();
List<byte[]> binaryStatusResponses = ((ExtendedSSLSession) ((SSLSocket) getSocket()).getSession()).getStatusResponses();
for (byte[] bResp : binaryStatusResponses) {
if (bResp.length > 0) {
OCSPResp ocspResp = new OCSPResp(bResp);
ocspResponses.add((BasicOCSPResp) ocspResp.getResponseObject());
}
}
return ocspResponses;
}
Also used :
BasicOCSPResp(org.bouncycastle.cert.ocsp.BasicOCSPResp)
ExtendedSSLSession(javax.net.ssl.ExtendedSSLSession)
HashSet(java.util.HashSet)
OCSPResp(org.bouncycastle.cert.ocsp.OCSPResp)
BasicOCSPResp(org.bouncycastle.cert.ocsp.BasicOCSPResp)
Example 12 with OCSPResp
use of org.bouncycastle.cert.ocsp.OCSPResp in project oxAuth by GluuFederation.
the class OCSPCertificateVerifier method validate.
@Override
public ValidationStatus validate(X509Certificate certificate, List<X509Certificate> issuers, Date validationDate) {
X509Certificate issuer = issuers.get(0);
ValidationStatus status = new ValidationStatus(certificate, issuer, validationDate, ValidatorSourceType.OCSP, CertificateValidity.UNKNOWN);
try {
Principal subjectX500Principal = certificate.getSubjectX500Principal();
String ocspUrl = getOCSPUrl(certificate);
if (ocspUrl == null) {
log.error("OCSP URL for '" + subjectX500Principal + "' is empty");
return status;
}
log.debug("OCSP URL for '" + subjectX500Principal + "' is '" + ocspUrl + "'");
DigestCalculator digestCalculator = new JcaDigestCalculatorProviderBuilder().build().get(CertificateID.HASH_SHA1);
CertificateID certificateId = new CertificateID(digestCalculator, new JcaX509CertificateHolder(certificate), certificate.getSerialNumber());
// Generate OCSP request
OCSPReq ocspReq = generateOCSPRequest(certificateId);
// Get OCSP response from server
OCSPResp ocspResp = requestOCSPResponse(ocspUrl, ocspReq);
if (ocspResp.getStatus() != OCSPRespBuilder.SUCCESSFUL) {
log.error("OCSP response is invalid!");
status.setValidity(CertificateValidity.INVALID);
return status;
}
boolean foundResponse = false;
BasicOCSPResp basicOCSPResp = (BasicOCSPResp) ocspResp.getResponseObject();
SingleResp[] singleResps = basicOCSPResp.getResponses();
for (SingleResp singleResp : singleResps) {
CertificateID responseCertificateId = singleResp.getCertID();
if (!certificateId.equals(responseCertificateId)) {
continue;
}
foundResponse = true;
log.debug("OCSP validationDate: " + validationDate);
log.debug("OCSP thisUpdate: " + singleResp.getThisUpdate());
log.debug("OCSP nextUpdate: " + singleResp.getNextUpdate());
status.setRevocationObjectIssuingTime(basicOCSPResp.getProducedAt());
Object certStatus = singleResp.getCertStatus();
if (certStatus == CertificateStatus.GOOD) {
log.debug("OCSP status is valid for '" + certificate.getSubjectX500Principal() + "'");
status.setValidity(CertificateValidity.VALID);
} else {
if (singleResp.getCertStatus() instanceof RevokedStatus) {
log.warn("OCSP status is revoked for: " + subjectX500Principal);
if (validationDate.before(((RevokedStatus) singleResp.getCertStatus()).getRevocationTime())) {
log.warn("OCSP revocation time after the validation date, the certificate '" + subjectX500Principal + "' was valid at " + validationDate);
status.setValidity(CertificateValidity.VALID);
} else {
Date revocationDate = ((RevokedStatus) singleResp.getCertStatus()).getRevocationTime();
log.info("OCSP for certificate '" + subjectX500Principal + "' is revoked since " + revocationDate);
status.setRevocationDate(revocationDate);
status.setRevocationObjectIssuingTime(singleResp.getThisUpdate());
status.setValidity(CertificateValidity.REVOKED);
}
}
}
}
if (!foundResponse) {
log.error("There is no matching OCSP response entries");
}
} catch (Exception ex) {
log.error("OCSP exception: ", ex);
}
return status;
}
Also used :
CertificateID(org.bouncycastle.cert.ocsp.CertificateID)
DigestCalculator(org.bouncycastle.operator.DigestCalculator)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder)
X509Certificate(java.security.cert.X509Certificate)
Date(java.util.Date)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
MalformedURLException(java.net.MalformedURLException)
IOException(java.io.IOException)
OCSPException(org.bouncycastle.cert.ocsp.OCSPException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
OCSPResp(org.bouncycastle.cert.ocsp.OCSPResp)
BasicOCSPResp(org.bouncycastle.cert.ocsp.BasicOCSPResp)
ValidationStatus(org.gluu.oxauth.cert.validation.model.ValidationStatus)
RevokedStatus(org.bouncycastle.cert.ocsp.RevokedStatus)
OCSPReq(org.bouncycastle.cert.ocsp.OCSPReq)
BasicOCSPResp(org.bouncycastle.cert.ocsp.BasicOCSPResp)
ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject)
JcaDigestCalculatorProviderBuilder(org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder)
SingleResp(org.bouncycastle.cert.ocsp.SingleResp)
Principal(java.security.Principal)
Example 13 with OCSPResp
use of org.bouncycastle.cert.ocsp.OCSPResp in project netty by netty.
the class OcspUtils method request.
/**
* TODO: This is a very crude and non-scalable HTTP client to fetch the OCSP response from the
* CA's OCSP responder server. It's meant to demonstrate the basic building blocks on how to
* interact with the responder server and you should consider using Netty's HTTP client instead.
*/
public static OCSPResp request(URI uri, OCSPReq request, long timeout, TimeUnit unit) throws IOException {
byte[] encoded = request.getEncoded();
URL url = uri.toURL();
HttpURLConnection connection = (HttpURLConnection) url.openConnection();
try {
connection.setConnectTimeout((int) unit.toMillis(timeout));
connection.setReadTimeout((int) unit.toMillis(timeout));
connection.setDoOutput(true);
connection.setDoInput(true);
connection.setRequestMethod("POST");
connection.setRequestProperty("host", uri.getHost());
connection.setRequestProperty("content-type", OCSP_REQUEST_TYPE);
connection.setRequestProperty("accept", OCSP_RESPONSE_TYPE);
connection.setRequestProperty("content-length", String.valueOf(encoded.length));
OutputStream out = connection.getOutputStream();
try {
out.write(encoded);
out.flush();
InputStream in = connection.getInputStream();
try {
int code = connection.getResponseCode();
if (code != HttpsURLConnection.HTTP_OK) {
throw new IOException("Unexpected status-code=" + code);
}
String contentType = connection.getContentType();
if (!contentType.equalsIgnoreCase(OCSP_RESPONSE_TYPE)) {
throw new IOException("Unexpected content-type=" + contentType);
}
int contentLength = connection.getContentLength();
if (contentLength == -1) {
// Probably a terrible idea!
contentLength = Integer.MAX_VALUE;
}
ByteArrayOutputStream baos = new ByteArrayOutputStream();
try {
byte[] buffer = new byte[8192];
int length = -1;
while ((length = in.read(buffer)) != -1) {
baos.write(buffer, 0, length);
if (baos.size() >= contentLength) {
break;
}
}
} finally {
baos.close();
}
return new OCSPResp(baos.toByteArray());
} finally {
in.close();
}
} finally {
out.close();
}
} finally {
connection.disconnect();
}
}
Also used :
HttpURLConnection(java.net.HttpURLConnection)
InputStream(java.io.InputStream)
OutputStream(java.io.OutputStream)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
IOException(java.io.IOException)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
URL(java.net.URL)
OCSPResp(org.bouncycastle.cert.ocsp.OCSPResp)
Example 14 with OCSPResp
use of org.bouncycastle.cert.ocsp.OCSPResp in project Openfire by igniterealtime.
the class OCSPChecker method check.
@Override
public void check(Certificate cert, Collection<String> unresolvedCritExts) throws CertPathValidatorException {
Log.debug("OCSPChecker: check called");
InputStream in = null;
OutputStream out = null;
try {
// Examine OCSP properties
X509Certificate responderCert = null;
// defaults to issuers cert
boolean haveResponderCert = true;
X500Principal responderSubjectName = null;
boolean haveIssuerCert = false;
// If we set the subject name, we need to find the certificate
if (ocspServerSubject != null) {
haveResponderCert = false;
responderSubjectName = new X500Principal(ocspServerSubject);
}
X509Certificate issuerCert = null;
X509Certificate currCert = (X509Certificate) cert;
// Set the issuer certificate if we were passed a chain
if (certIndex != 0) {
issuerCert = certs[certIndex];
haveIssuerCert = true;
if (haveResponderCert) {
responderCert = certs[certIndex];
}
}
if (!haveIssuerCert || !haveResponderCert) {
if (!haveResponderCert) {
Log.debug("OCSPChecker: Looking for responder's certificate");
}
if (!haveIssuerCert) {
Log.debug("OCSPChecker: Looking for issuer's certificate");
}
// Extract the anchor certs
Iterator anchors = pkixParams.getTrustAnchors().iterator();
if (!anchors.hasNext()) {
throw new CertPathValidatorException("Must specify at least one trust anchor");
}
X500Principal certIssuerName = currCert.getIssuerX500Principal();
while (anchors.hasNext() && (!haveIssuerCert || !haveResponderCert)) {
TrustAnchor anchor = (TrustAnchor) anchors.next();
X509Certificate anchorCert = anchor.getTrustedCert();
X500Principal anchorSubjectName = anchorCert.getSubjectX500Principal();
// Check if this anchor cert is the issuer cert
if (!haveIssuerCert && certIssuerName.equals(anchorSubjectName)) {
issuerCert = anchorCert;
haveIssuerCert = true;
// If we have not set the responderCert at this point, set it to the issuer
if (haveResponderCert && responderCert == null) {
responderCert = anchorCert;
Log.debug("OCSPChecker: Responder's certificate = issuer certificate");
}
}
// Check if this anchor cert is the responder cert
if (!haveResponderCert) {
if (responderSubjectName != null && responderSubjectName.equals(anchorSubjectName)) {
responderCert = anchorCert;
haveResponderCert = true;
}
}
}
if (issuerCert == null) {
// No trust anchor was found matching the issuer
throw new CertPathValidatorException("No trusted certificate for " + currCert.getIssuerDN());
}
// Check cert stores if responder cert has not yet been found
if (!haveResponderCert) {
Log.debug("OCSPChecker: Searching cert stores for responder's certificate");
if (responderSubjectName != null) {
X509CertSelector filter = new X509CertSelector();
filter.setSubject(responderSubjectName.getName());
List<CertStore> certStores = pkixParams.getCertStores();
for (CertStore certStore : certStores) {
Iterator i = certStore.getCertificates(filter).iterator();
if (i.hasNext()) {
responderCert = (X509Certificate) i.next();
haveResponderCert = true;
break;
}
}
}
}
}
// Could not find the responder cert
if (!haveResponderCert) {
throw new CertPathValidatorException("Cannot find the responder's certificate.");
}
// Construct an OCSP Request
OCSPReqBuilder gen = new OCSPReqBuilder();
CertificateID certID = new CertificateID(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build().get(CertificateID.HASH_SHA1), new X509CertificateHolder(issuerCert.getEncoded()), currCert.getSerialNumber());
gen.addRequest(certID);
OCSPReq ocspRequest = gen.build();
URL url;
if (ocspServerUrl != null) {
try {
url = new URL(ocspServerUrl);
} catch (MalformedURLException e) {
throw new CertPathValidatorException(e);
}
} else {
throw new CertPathValidatorException("Must set OCSP Server URL");
}
HttpURLConnection con = (HttpURLConnection) url.openConnection();
Log.debug("OCSPChecker: connecting to OCSP service at: " + url);
con.setDoOutput(true);
con.setDoInput(true);
con.setRequestMethod("POST");
con.setRequestProperty("Content-type", "application/ocsp-request");
con.setRequestProperty("Accept", "application/ocsp-response");
byte[] bytes = ocspRequest.getEncoded();
con.setRequestProperty("Content-length", String.valueOf(bytes.length));
out = con.getOutputStream();
out.write(bytes);
out.flush();
// Check the response
if (con.getResponseCode() != HttpURLConnection.HTTP_OK) {
Log.debug("OCSPChecker: Received HTTP error: " + con.getResponseCode() + " - " + con.getResponseMessage());
}
in = con.getInputStream();
OCSPResp ocspResponse = new OCSPResp(in);
BigInteger serialNumber = currCert.getSerialNumber();
BasicOCSPResp brep = (BasicOCSPResp) ocspResponse.getResponseObject();
try {
if (!brep.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider("BC").build(responderCert.getPublicKey()))) {
throw new CertPathValidatorException("OCSP response is not verified");
}
} catch (Exception e) {
throw new CertPathValidatorException("OCSP response could not be verified (" + e.getMessage() + ")", null, cp, certIndex);
}
SingleResp[] singleResp = brep.getResponses();
boolean foundResponse = false;
for (SingleResp resp : singleResp) {
CertificateID respCertID = resp.getCertID();
if (respCertID.equals(certID)) {
Object status = resp.getCertStatus();
if (status == CertificateStatus.GOOD) {
Log.debug("OCSPChecker: Status of certificate (with serial number " + serialNumber.toString() + ") is: good");
foundResponse = true;
break;
} else if (status instanceof org.bouncycastle.cert.ocsp.RevokedStatus) {
Log.debug("OCSPChecker: Status of certificate (with serial number " + serialNumber.toString() + ") is: revoked");
throw new CertPathValidatorException("Certificate has been revoked", null, cp, certIndex);
} else if (status instanceof org.bouncycastle.cert.ocsp.UnknownStatus) {
Log.debug("OCSPChecker: Status of certificate (with serial number " + serialNumber.toString() + ") is: unknown");
throw new CertPathValidatorException("Certificate's revocation status is unknown", null, cp, certIndex);
} else {
Log.debug("Status of certificate (with serial number " + serialNumber.toString() + ") is: not recognized");
throw new CertPathValidatorException("Unknown OCSP response for certificate", null, cp, certIndex);
}
}
}
// Check that response applies to the cert that was supplied
if (!foundResponse) {
throw new CertPathValidatorException("No certificates in the OCSP response match the " + "certificate supplied in the OCSP request.");
}
} catch (CertPathValidatorException cpve) {
throw cpve;
} catch (Exception e) {
throw new CertPathValidatorException(e);
} finally {
if (in != null) {
try {
in.close();
} catch (IOException ioe) {
throw new CertPathValidatorException(ioe);
}
}
if (out != null) {
try {
out.close();
} catch (IOException ioe) {
throw new CertPathValidatorException(ioe);
}
}
}
}
Also used :
MalformedURLException(java.net.MalformedURLException)
OutputStream(java.io.OutputStream)
X509CertSelector(java.security.cert.X509CertSelector)
URL(java.net.URL)
OCSPResp(org.bouncycastle.cert.ocsp.OCSPResp)
BasicOCSPResp(org.bouncycastle.cert.ocsp.BasicOCSPResp)
HttpURLConnection(java.net.HttpURLConnection)
Iterator(java.util.Iterator)
OCSPReqBuilder(org.bouncycastle.cert.ocsp.OCSPReqBuilder)
SingleResp(org.bouncycastle.cert.ocsp.SingleResp)
InputStream(java.io.InputStream)
CertificateID(org.bouncycastle.cert.ocsp.CertificateID)
TrustAnchor(java.security.cert.TrustAnchor)
IOException(java.io.IOException)
X509Certificate(java.security.cert.X509Certificate)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
MalformedURLException(java.net.MalformedURLException)
IOException(java.io.IOException)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
JcaContentVerifierProviderBuilder(org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder)
OCSPReq(org.bouncycastle.cert.ocsp.OCSPReq)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
BasicOCSPResp(org.bouncycastle.cert.ocsp.BasicOCSPResp)
X500Principal(javax.security.auth.x500.X500Principal)
BigInteger(java.math.BigInteger)
JcaDigestCalculatorProviderBuilder(org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder)
CertStore(java.security.cert.CertStore)
Example 15 with OCSPResp
use of org.bouncycastle.cert.ocsp.OCSPResp in project ddf by codice.
the class OcspChecker method getStatusFromOcspResponse.
/**
* Gets the {@link CertificateStatus} from the given {@param ocspResponse}.
*
* @param ocspResponse - the {@link OCSPResp} to get the {@link CertificateStatus} from.
* @return the {@link CertificateStatus} from the given {@param ocspResponse}. Returns an {@link
* UnknownStatus} if the status could not be found.
*/
private CertificateStatus getStatusFromOcspResponse(OCSPResp ocspResponse, X509Certificate certificate) {
try {
BasicOCSPResp basicResponse = (BasicOCSPResp) ocspResponse.getResponseObject();
if (basicResponse == null) {
return new UnknownStatus();
}
SingleResp[] singleResps = basicResponse.getResponses();
if (singleResps == null) {
return new UnknownStatus();
}
SingleResp response = Arrays.stream(singleResps).filter(singleResp -> singleResp.getCertID() != null).filter(singleResp -> singleResp.getCertID().getSerialNumber().equals(certificate.getSerialNumber())).findFirst().orElse(null);
if (response == null) {
LOGGER.debug("Certificate status from OCSP response is unknown.");
return new UnknownStatus();
}
if (response.getCertStatus() == null) {
LOGGER.debug("Certificate status from OCSP response is good.");
return CertificateStatus.GOOD;
}
return response.getCertStatus();
} catch (OCSPException e) {
return new UnknownStatus();
}
}
Also used :
X509Certificate(java.security.cert.X509Certificate)
Req(org.bouncycastle.cert.ocsp.Req)
Arrays(java.util.Arrays)
AccessDescription(org.bouncycastle.asn1.x509.AccessDescription)
Enumeration(java.util.Enumeration)
Extension(org.bouncycastle.asn1.x509.Extension)
URISyntaxException(java.net.URISyntaxException)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
LoggerFactory(org.slf4j.LoggerFactory)
KeyStoreException(java.security.KeyStoreException)
X500Name(org.bouncycastle.asn1.x500.X500Name)
OCSPReq(org.bouncycastle.cert.ocsp.OCSPReq)
Map(java.util.Map)
URI(java.net.URI)
X509ExtensionUtil(org.bouncycastle.x509.extension.X509ExtensionUtil)
ClientBuilderFactory(org.codice.ddf.cxf.client.ClientBuilderFactory)
OcspService(org.codice.ddf.security.OcspService)
OCSPReqBuilder(org.bouncycastle.cert.ocsp.OCSPReqBuilder)
NoticePriority(org.codice.ddf.system.alerts.NoticePriority)
Set(java.util.Set)
KeyStore(java.security.KeyStore)
OCSPException(org.bouncycastle.cert.ocsp.OCSPException)
ClientBuilder(org.codice.ddf.cxf.client.ClientBuilder)
PrivilegedAction(java.security.PrivilegedAction)
Collectors(java.util.stream.Collectors)
Objects(java.util.Objects)
List(java.util.List)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
Response(javax.ws.rs.core.Response)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
Entry(java.util.Map.Entry)
ProcessingException(javax.ws.rs.ProcessingException)
SecureCxfClientFactory(org.codice.ddf.cxf.client.SecureCxfClientFactory)
AccessController(java.security.AccessController)
Certificate(org.bouncycastle.asn1.x509.Certificate)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
EventAdmin(org.osgi.service.event.EventAdmin)
RevokedStatus(org.bouncycastle.cert.ocsp.RevokedStatus)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
AuthorityInformationAccess(org.bouncycastle.asn1.x509.AuthorityInformationAccess)
HashMap(java.util.HashMap)
SingleResp(org.bouncycastle.cert.ocsp.SingleResp)
ArrayList(java.util.ArrayList)
HashSet(java.util.HashSet)
CertificateID(org.bouncycastle.cert.ocsp.CertificateID)
SecurityConstants(ddf.security.SecurityConstants)
Nullable(javax.annotation.Nullable)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
JcaDigestCalculatorProviderBuilder(org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder)
Logger(org.slf4j.Logger)
SecurityLogger(ddf.security.audit.SecurityLogger)
CertificateStatus(org.bouncycastle.cert.ocsp.CertificateStatus)
UnknownStatus(org.bouncycastle.cert.ocsp.UnknownStatus)
WebClient(org.apache.cxf.jaxrs.client.WebClient)
OCSPResp(org.bouncycastle.cert.ocsp.OCSPResp)
DigestCalculator(org.bouncycastle.operator.DigestCalculator)
IOException(java.io.IOException)
FileInputStream(java.io.FileInputStream)
CertificateException(java.security.cert.CertificateException)
BasicOCSPResponse(org.bouncycastle.asn1.ocsp.BasicOCSPResponse)
SystemNotice(org.codice.ddf.system.alerts.SystemNotice)
BasicOCSPResp(org.bouncycastle.cert.ocsp.BasicOCSPResp)
StringUtils.isBlank(org.apache.commons.lang3.StringUtils.isBlank)
DigestCalculatorProvider(org.bouncycastle.operator.DigestCalculatorProvider)
VisibleForTesting(com.google.common.annotations.VisibleForTesting)
Event(org.osgi.service.event.Event)
InputStream(java.io.InputStream)
OCSPException(org.bouncycastle.cert.ocsp.OCSPException)
BasicOCSPResp(org.bouncycastle.cert.ocsp.BasicOCSPResp)
SingleResp(org.bouncycastle.cert.ocsp.SingleResp)
UnknownStatus(org.bouncycastle.cert.ocsp.UnknownStatus)
Aggregations
OCSPResp (org.bouncycastle.cert.ocsp.OCSPResp)24
BasicOCSPResp (org.bouncycastle.cert.ocsp.BasicOCSPResp)19
IOException (java.io.IOException)13
X509Certificate (java.security.cert.X509Certificate)10
OCSPReq (org.bouncycastle.cert.ocsp.OCSPReq)10
CertificateID (org.bouncycastle.cert.ocsp.CertificateID)9
BigInteger (java.math.BigInteger)8
SingleResp (org.bouncycastle.cert.ocsp.SingleResp)8
JcaDigestCalculatorProviderBuilder (org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder)8
InputStream (java.io.InputStream)6
URL (java.net.URL)6
OCSPException (org.bouncycastle.cert.ocsp.OCSPException)6
OutputStream (java.io.OutputStream)5
HttpURLConnection (java.net.HttpURLConnection)5
Extension (org.bouncycastle.asn1.x509.Extension)5
RevokedStatus (org.bouncycastle.cert.ocsp.RevokedStatus)5
DigestCalculator (org.bouncycastle.operator.DigestCalculator)5
CertificateEncodingException (java.security.cert.CertificateEncodingException)4
ArrayList (java.util.ArrayList)4
Date (java.util.Date)4
