use of org.bouncycastle.x509.X509CRLStoreSelector in project robovm by robovm.
the class CertPathValidatorUtilities method getDeltaCRLs.
/**
* Fetches delta CRLs according to RFC 3280 section 5.2.4.
*
* @param currentDate The date for which the delta CRLs must be valid.
* @param paramsPKIX The extended PKIX parameters.
* @param completeCRL The complete CRL the delta CRL is for.
* @return A <code>Set</code> of <code>X509CRL</code>s with delta CRLs.
* @throws AnnotatedException if an exception occurs while picking the delta
* CRLs.
*/
protected static Set getDeltaCRLs(Date currentDate, ExtendedPKIXParameters paramsPKIX, X509CRL completeCRL) throws AnnotatedException {
X509CRLStoreSelector deltaSelect = new X509CRLStoreSelector();
// 5.2.4 (a)
try {
deltaSelect.addIssuerName(CertPathValidatorUtilities.getIssuerPrincipal(completeCRL).getEncoded());
} catch (IOException e) {
throw new AnnotatedException("Cannot extract issuer from CRL.", e);
}
BigInteger completeCRLNumber = null;
try {
ASN1Primitive derObject = CertPathValidatorUtilities.getExtensionValue(completeCRL, CRL_NUMBER);
if (derObject != null) {
completeCRLNumber = ASN1Integer.getInstance(derObject).getPositiveValue();
}
} catch (Exception e) {
throw new AnnotatedException("CRL number extension could not be extracted from CRL.", e);
}
// 5.2.4 (b)
byte[] idp = null;
try {
idp = completeCRL.getExtensionValue(ISSUING_DISTRIBUTION_POINT);
} catch (Exception e) {
throw new AnnotatedException("Issuing distribution point extension value could not be read.", e);
}
// 5.2.4 (d)
deltaSelect.setMinCRLNumber(completeCRLNumber == null ? null : completeCRLNumber.add(BigInteger.valueOf(1)));
deltaSelect.setIssuingDistributionPoint(idp);
deltaSelect.setIssuingDistributionPointEnabled(true);
// 5.2.4 (c)
deltaSelect.setMaxBaseCRLNumber(completeCRLNumber);
// find delta CRLs
Set temp = CRL_UTIL.findCRLs(deltaSelect, paramsPKIX, currentDate);
Set result = new HashSet();
for (Iterator it = temp.iterator(); it.hasNext(); ) {
X509CRL crl = (X509CRL) it.next();
if (isDeltaCRL(crl)) {
result.add(crl);
}
}
return result;
}
use of org.bouncycastle.x509.X509CRLStoreSelector in project robovm by robovm.
the class RFC3280CertPathUtilities method processCRLA1ii.
protected static Set[] processCRLA1ii(Date currentDate, ExtendedPKIXParameters paramsPKIX, X509Certificate cert, X509CRL crl) throws AnnotatedException {
Set deltaSet = new HashSet();
X509CRLStoreSelector crlselect = new X509CRLStoreSelector();
crlselect.setCertificateChecking(cert);
try {
crlselect.addIssuerName(crl.getIssuerX500Principal().getEncoded());
} catch (IOException e) {
throw new AnnotatedException("Cannot extract issuer from CRL." + e, e);
}
crlselect.setCompleteCRLEnabled(true);
Set completeSet = CRL_UTIL.findCRLs(crlselect, paramsPKIX, currentDate);
if (paramsPKIX.isUseDeltasEnabled()) {
// get delta CRL(s)
try {
deltaSet.addAll(CertPathValidatorUtilities.getDeltaCRLs(currentDate, paramsPKIX, crl));
} catch (AnnotatedException e) {
throw new AnnotatedException("Exception obtaining delta CRLs.", e);
}
}
return new Set[] { completeSet, deltaSet };
}
use of org.bouncycastle.x509.X509CRLStoreSelector in project XobotOS by xamarin.
the class PKIXCRLUtil method findCRLs.
/**
* Return a Collection of all CRLs found in the X509Store's that are
* matching the crlSelect criteriums.
*
* @param crlSelect a {@link X509CRLStoreSelector} object that will be used
* to select the CRLs
* @param crlStores a List containing only
* {@link org.bouncycastle.x509.X509Store X509Store} objects.
* These are used to search for CRLs
*
* @return a Collection of all found {@link java.security.cert.X509CRL X509CRL} objects. May be
* empty but never <code>null</code>.
*/
private final Collection findCRLs(X509CRLStoreSelector crlSelect, List crlStores) throws AnnotatedException {
Set crls = new HashSet();
Iterator iter = crlStores.iterator();
AnnotatedException lastException = null;
boolean foundValidStore = false;
while (iter.hasNext()) {
Object obj = iter.next();
if (obj instanceof X509Store) {
X509Store store = (X509Store) obj;
try {
crls.addAll(store.getMatches(crlSelect));
foundValidStore = true;
} catch (StoreException e) {
lastException = new AnnotatedException("Exception searching in X.509 CRL store.", e);
}
} else {
CertStore store = (CertStore) obj;
try {
crls.addAll(store.getCRLs(crlSelect));
foundValidStore = true;
} catch (CertStoreException e) {
lastException = new AnnotatedException("Exception searching in X.509 CRL store.", e);
}
}
}
if (!foundValidStore && lastException != null) {
throw lastException;
}
return crls;
}
use of org.bouncycastle.x509.X509CRLStoreSelector in project XobotOS by xamarin.
the class RFC3280CertPathUtilities method processCRLA1ii.
protected static Set[] processCRLA1ii(Date currentDate, ExtendedPKIXParameters paramsPKIX, X509Certificate cert, X509CRL crl) throws AnnotatedException {
Set deltaSet = new HashSet();
X509CRLStoreSelector crlselect = new X509CRLStoreSelector();
crlselect.setCertificateChecking(cert);
try {
crlselect.addIssuerName(crl.getIssuerX500Principal().getEncoded());
} catch (IOException e) {
throw new AnnotatedException("Cannot extract issuer from CRL." + e, e);
}
crlselect.setCompleteCRLEnabled(true);
Set completeSet = CRL_UTIL.findCRLs(crlselect, paramsPKIX, currentDate);
if (paramsPKIX.isUseDeltasEnabled()) {
// get delta CRL(s)
try {
deltaSet.addAll(CertPathValidatorUtilities.getDeltaCRLs(currentDate, paramsPKIX, crl));
} catch (AnnotatedException e) {
throw new AnnotatedException("Exception obtaining delta CRLs.", e);
}
}
return new Set[] { completeSet, deltaSet };
}
use of org.bouncycastle.x509.X509CRLStoreSelector in project XobotOS by xamarin.
the class CertPathValidatorUtilities method getCompleteCRLs.
/**
* Fetches complete CRLs according to RFC 3280.
*
* @param dp The distribution point for which the complete CRL
* @param cert The <code>X509Certificate</code> or
* {@link org.bouncycastle.x509.X509AttributeCertificate} for
* which the CRL should be searched.
* @param currentDate The date for which the delta CRLs must be valid.
* @param paramsPKIX The extended PKIX parameters.
* @return A <code>Set</code> of <code>X509CRL</code>s with complete
* CRLs.
* @throws AnnotatedException if an exception occurs while picking the CRLs
* or no CRLs are found.
*/
protected static Set getCompleteCRLs(DistributionPoint dp, Object cert, Date currentDate, ExtendedPKIXParameters paramsPKIX) throws AnnotatedException {
X509CRLStoreSelector crlselect = new X509CRLStoreSelector();
try {
Set issuers = new HashSet();
if (cert instanceof X509AttributeCertificate) {
issuers.add(((X509AttributeCertificate) cert).getIssuer().getPrincipals()[0]);
} else {
issuers.add(getEncodedIssuerPrincipal(cert));
}
CertPathValidatorUtilities.getCRLIssuersFromDistributionPoint(dp, issuers, crlselect, paramsPKIX);
} catch (AnnotatedException e) {
new AnnotatedException("Could not get issuer information from distribution point.", e);
}
if (cert instanceof X509Certificate) {
crlselect.setCertificateChecking((X509Certificate) cert);
} else if (cert instanceof X509AttributeCertificate) {
crlselect.setAttrCertificateChecking((X509AttributeCertificate) cert);
}
crlselect.setCompleteCRLEnabled(true);
Set crls = CRL_UTIL.findCRLs(crlselect, paramsPKIX, currentDate);
if (crls.isEmpty()) {
if (cert instanceof X509AttributeCertificate) {
X509AttributeCertificate aCert = (X509AttributeCertificate) cert;
throw new AnnotatedException("No CRLs found for issuer \"" + aCert.getIssuer().getPrincipals()[0] + "\"");
} else {
X509Certificate xCert = (X509Certificate) cert;
throw new AnnotatedException("No CRLs found for issuer \"" + xCert.getIssuerX500Principal() + "\"");
}
}
return crls;
}
Aggregations