use of org.demoiselle.signer.core.extension.ICPBR_CRL in project signer by demoiselle.
the class RevocationRefs method getValue.
@Override
public Attribute getValue() throws SignerException {
try {
int chainSize = certificates.length - 1;
ArrayList<CrlValidatedID> crls = new ArrayList<CrlValidatedID>();
for (int ix = 0; ix < chainSize; ix++) {
X509Certificate cert = (X509Certificate) certificates[ix];
Collection<ICPBR_CRL> icpCrls = crlRepository.getX509CRL(cert);
for (ICPBR_CRL icpCrl : icpCrls) {
crls.add(makeCrlValidatedID(icpCrl.getCRL()));
}
}
int crlsIdSize = crls.size();
CrlValidatedID[] crlsForId = new CrlValidatedID[crlsIdSize];
int i = 0;
for (CrlValidatedID crlVID : crls) {
crlsForId[i] = crlVID;
i++;
}
// CrlListID crlids = new CrlListID(crlsForId);
DERSequence crlValidatedIDSeq = new DERSequence(crlsForId);
// --CRLListID--/
ASN1Encodable[] crlValidatedIDSeqArr = new ASN1Encodable[1];
crlValidatedIDSeqArr[0] = crlValidatedIDSeq;
DERSequence crlListID = new DERSequence(crlValidatedIDSeqArr);
// CRLListID--/
DERTaggedObject crlListIDTagged = new DERTaggedObject(0, crlListID);
// CrlOcspRef--/
ASN1Encodable[] crlListIDTaggedArr = new ASN1Encodable[1];
crlListIDTaggedArr[0] = crlListIDTagged;
DERSequence crlOscpRef = new DERSequence(crlListIDTaggedArr);
// --CompleteRevocationRefs--/
ASN1Encodable[] crlOscpRefArr = new ASN1Encodable[1];
crlOscpRefArr[0] = crlOscpRef;
DERSequence completeRevocationRefs = new DERSequence(crlOscpRefArr);
// CrlOcspRef crlOcspRef = new CrlOcspRef(crlids, null, null);
return new Attribute(new ASN1ObjectIdentifier(identifier), new DERSet(completeRevocationRefs));
// CrlOcspRef[] crlOcspRefArray = new
// CrlOcspRef[completeRevocationRefs.size()];
} catch (NoSuchAlgorithmException | CRLException e) {
throw new SignerException(e.getMessage());
}
}
use of org.demoiselle.signer.core.extension.ICPBR_CRL in project signer by demoiselle.
the class OnLineCRLRepository method getICPBR_CRL.
private ICPBR_CRL getICPBR_CRL(String uRLCRL) {
try {
URL url = new URL(uRLCRL);
URLConnection conexao = url.openConnection();
conexao.setConnectTimeout(5000);
conexao.setReadTimeout(5000);
DataInputStream inStream = new DataInputStream(conexao.getInputStream());
ICPBR_CRL icpbr_crl = new ICPBR_CRL(inStream);
inStream.close();
return icpbr_crl;
} catch (MalformedURLException e) {
logger.error(coreMessagesBundle.getString("error.malformedURL", uRLCRL) + e.getMessage());
} catch (IOException e) {
logger.info(coreMessagesBundle.getString("error.crl.connect", uRLCRL) + e.getMessage());
} catch (CRLException e) {
logger.error(coreMessagesBundle.getString("error.crl.exception", uRLCRL) + e.getMessage());
} catch (CertificateException e) {
logger.error(coreMessagesBundle.getString("error.crl.certificate", uRLCRL) + e.getMessage());
}
return null;
}
use of org.demoiselle.signer.core.extension.ICPBR_CRL in project signer by demoiselle.
the class OnLineCRLRepository method getX509CRL.
@Override
public Collection<ICPBR_CRL> getX509CRL(X509Certificate certificate) {
Collection<ICPBR_CRL> list = new ArrayList<ICPBR_CRL>();
try {
BasicCertificate cert = new BasicCertificate(certificate);
List<String> ListaURLCRL = cert.getCRLDistributionPoint();
if (ListaURLCRL == null || ListaURLCRL.isEmpty()) {
throw new CRLRepositoryException(coreMessagesBundle.getString("error.invalid.crl"));
}
ICPBR_CRL validCrl = null;
for (String URLCRL : ListaURLCRL) {
// Achou uma CRL válida
validCrl = getICPBR_CRL(URLCRL);
if (validCrl != null) {
list.add(validCrl);
logger.info(coreMessagesBundle.getString("info.crl.found", URLCRL));
break;
}
}
if (validCrl == null) {
throw new CRLRepositoryException(coreMessagesBundle.getString("error.validate.on.crl", ListaURLCRL));
}
} catch (IOException e) {
throw new CRLRepositoryException(coreMessagesBundle.getString("error.invalid.crl") + e);
}
return list;
}
use of org.demoiselle.signer.core.extension.ICPBR_CRL in project signer by demoiselle.
the class OffLineCRLRepository method getICPBR_CRL.
/**
* @param uRLCRL a valid url address
* @return
*/
private ICPBR_CRL getICPBR_CRL(String uRLCRL) {
File fileCRL = null;
try {
ICPBR_CRL crl = null;
if (new File(config.getCrlPath()).mkdirs()) {
logger.info(coreMessagesBundle.getString("info.creating.crl"));
} else {
logger.info(coreMessagesBundle.getString("info.created.crl"));
}
fileCRL = new File(config.getCrlPath(), RepositoryUtil.urlToMD5(uRLCRL));
if (!fileCRL.exists()) {
RepositoryUtil.saveURL(uRLCRL, fileCRL);
}
if (fileCRL.length() != 0) {
crl = new ICPBR_CRL(new FileInputStream(fileCRL));
if (crl.getCRL().getNextUpdate().before(new Date())) {
// Se estiver expirado, atualiza com a CRL mais nova
logger.info(coreMessagesBundle.getString("info.update.crl"));
RepositoryUtil.saveURL(uRLCRL, fileCRL);
}
}
return crl;
} catch (FileNotFoundException e) {
addFileIndex(uRLCRL);
logger.info(coreMessagesBundle.getString("error.file.not.found", fileCRL));
} catch (CRLException e) {
addFileIndex(uRLCRL);
logger.info(coreMessagesBundle.getString("error.file.corrupted", fileCRL, e.getMessage()));
if (!fileCRL.delete()) {
logger.info(coreMessagesBundle.getString("error.file.remove", fileCRL));
}
} catch (CertificateException e) {
addFileIndex(uRLCRL);
logger.info(coreMessagesBundle.getString("error.crl.certificate", e.getMessage()));
}
return null;
}
use of org.demoiselle.signer.core.extension.ICPBR_CRL in project signer by demoiselle.
the class OffLineCRLRepository method getX509CRL.
/**
* Returns a CRL (Certificate Revoked List) from a given authority of IPC-Brasil.
*/
@Override
public Collection<ICPBR_CRL> getX509CRL(X509Certificate certificate) {
Collection<ICPBR_CRL> list = new ArrayList<ICPBR_CRL>();
try {
BasicCertificate cert = new BasicCertificate(certificate);
List<String> ListaURLCRL = cert.getCRLDistributionPoint();
if (ListaURLCRL == null || ListaURLCRL.isEmpty()) {
throw new CRLRepositoryException(coreMessagesBundle.getString("error.invalid.crl"));
}
for (String URLCRL : ListaURLCRL) {
// Achou uma CRL válida
ICPBR_CRL crl = getICPBR_CRL(URLCRL);
if (crl != null) {
list.add(crl);
logger.info(coreMessagesBundle.getString("info.crl.found", URLCRL));
break;
}
}
} catch (IOException e) {
throw new CRLRepositoryException(coreMessagesBundle.getString("error.invalid.crl") + e);
}
return list;
}
Aggregations