Example 1 with CertificateFactory
use of org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory in project pdfbox by apache.
the class CrlHelper method performCrlRequestAndCheck.
/**
* Performs the CRL-Request and checks if the given certificate has been revoked.
*
* @param crlUrl to get the CRL from
* @param cert to be checked if it is inside the CRL
* @return CRL-Response; might be very big depending on the issuer.
* @throws CRLException if an Error occurred getting the CRL, or parsing it.
* @throws RevokedCertificateException
*/
public static byte[] performCrlRequestAndCheck(String crlUrl, X509Certificate cert) throws CRLException, RevokedCertificateException {
try {
URL url = new URL(crlUrl);
HttpURLConnection con = (HttpURLConnection) url.openConnection();
if (con.getResponseCode() != 200) {
throw new IOException("Unsuccessful CRL request. Status: " + con.getResponseCode() + " Url: " + crlUrl);
}
CertificateFactory certFac = new CertificateFactory();
X509CRL crl = (X509CRL) certFac.engineGenerateCRL(con.getInputStream());
if (crl.isRevoked(cert)) {
throw new RevokedCertificateException("The Certificate was found on the CRL and is revoked!");
}
return crl.getEncoded();
} catch (IOException e) {
throw new CRLException(e);
}
}
Also used :
HttpURLConnection(java.net.HttpURLConnection)
X509CRL(java.security.cert.X509CRL)
IOException(java.io.IOException)
CertificateFactory(org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory)
CRLException(java.security.cert.CRLException)
URL(java.net.URL)
Example 2 with CertificateFactory
use of org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory in project ddf by codice.
the class PkiTools method pemToCertificate.
/**
* Given a PEM encoded X509 certificate, return an object representation of the certificate
*
* @param certString PEM encoded X509 certificate
* @return instance of X509 certificate
*/
public static X509Certificate pemToCertificate(String certString) {
CertificateFactory cf = new CertificateFactory();
ByteArrayInputStream in = new ByteArrayInputStream(PkiTools.pemToDer(certString));
X509Certificate cert;
try {
cert = (X509Certificate) cf.engineGenerateCertificate(in);
} catch (CertificateException e) {
throw new CertificateGeneratorException("Cannot convert this PEM object to X509 certificate", e);
}
if (cert == null) {
throw new CertificateGeneratorException("Cannot convert this PEM object to X509 certificate");
}
return cert;
}
Also used :
ByteArrayInputStream(java.io.ByteArrayInputStream)
CertificateException(java.security.cert.CertificateException)
CertificateFactory(org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory)
X509Certificate(java.security.cert.X509Certificate)
Aggregations
CertificateFactory (org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory)2
ByteArrayInputStream (java.io.ByteArrayInputStream)1
IOException (java.io.IOException)1
HttpURLConnection (java.net.HttpURLConnection)1
URL (java.net.URL)1
CRLException (java.security.cert.CRLException)1
CertificateException (java.security.cert.CertificateException)1
X509CRL (java.security.cert.X509CRL)1
X509Certificate (java.security.cert.X509Certificate)1
