Example 6 with X509AttributeCertificate
use of org.bouncycastle.x509.X509AttributeCertificate in project robovm by robovm.
the class CertPathValidatorUtilities method getCompleteCRLs.
/**
* Fetches complete CRLs according to RFC 3280.
*
* @param dp The distribution point for which the complete CRL
* @param cert The <code>X509Certificate</code> or
* {@link org.bouncycastle.x509.X509AttributeCertificate} for
* which the CRL should be searched.
* @param currentDate The date for which the delta CRLs must be valid.
* @param paramsPKIX The extended PKIX parameters.
* @return A <code>Set</code> of <code>X509CRL</code>s with complete
* CRLs.
* @throws AnnotatedException if an exception occurs while picking the CRLs
* or no CRLs are found.
*/
protected static Set getCompleteCRLs(DistributionPoint dp, Object cert, Date currentDate, ExtendedPKIXParameters paramsPKIX) throws AnnotatedException {
X509CRLStoreSelector crlselect = new X509CRLStoreSelector();
try {
Set issuers = new HashSet();
if (cert instanceof X509AttributeCertificate) {
issuers.add(((X509AttributeCertificate) cert).getIssuer().getPrincipals()[0]);
} else {
issuers.add(getEncodedIssuerPrincipal(cert));
}
CertPathValidatorUtilities.getCRLIssuersFromDistributionPoint(dp, issuers, crlselect, paramsPKIX);
} catch (AnnotatedException e) {
throw new AnnotatedException("Could not get issuer information from distribution point.", e);
}
if (cert instanceof X509Certificate) {
crlselect.setCertificateChecking((X509Certificate) cert);
} else if (cert instanceof X509AttributeCertificate) {
crlselect.setAttrCertificateChecking((X509AttributeCertificate) cert);
}
crlselect.setCompleteCRLEnabled(true);
Set crls = CRL_UTIL.findCRLs(crlselect, paramsPKIX, currentDate);
if (crls.isEmpty()) {
if (cert instanceof X509AttributeCertificate) {
X509AttributeCertificate aCert = (X509AttributeCertificate) cert;
throw new AnnotatedException("No CRLs found for issuer \"" + aCert.getIssuer().getPrincipals()[0] + "\"");
} else {
X509Certificate xCert = (X509Certificate) cert;
throw new AnnotatedException("No CRLs found for issuer \"" + xCert.getIssuerX500Principal() + "\"");
}
}
return crls;
}
Also used :
X509CRLStoreSelector(org.bouncycastle.x509.X509CRLStoreSelector)
Set(java.util.Set)
HashSet(java.util.HashSet)
X509AttributeCertificate(org.bouncycastle.x509.X509AttributeCertificate)
X509Certificate(java.security.cert.X509Certificate)
HashSet(java.util.HashSet)
Aggregations
HashSet (java.util.HashSet)4
Set (java.util.Set)4
X509AttributeCertificate (org.bouncycastle.x509.X509AttributeCertificate)4
X509Certificate (java.security.cert.X509Certificate)3
Iterator (java.util.Iterator)3
IOException (java.io.IOException)2
CertStore (java.security.cert.CertStore)2
CertStoreException (java.security.cert.CertStoreException)2
StoreException (org.bouncycastle.util.StoreException)2
X509CRLStoreSelector (org.bouncycastle.x509.X509CRLStoreSelector)2
X509Store (org.bouncycastle.x509.X509Store)2
BigInteger (java.math.BigInteger)1
Key (java.security.Key)1
KeyPair (java.security.KeyPair)1
PrivateKey (java.security.PrivateKey)1
PublicKey (java.security.PublicKey)1
CRLException (java.security.cert.CRLException)1
CertificateEncodingException (java.security.cert.CertificateEncodingException)1
X509CRL (java.security.cert.X509CRL)1
DSAPrivateKey (java.security.interfaces.DSAPrivateKey)1
