Search in sources :

Example 1 with ICPBR_CRL

use of org.demoiselle.signer.core.extension.ICPBR_CRL in project signer by demoiselle.

the class RevocationRefs method getValue.

@Override
public Attribute getValue() throws SignerException {
    try {
        int chainSize = certificates.length - 1;
        ArrayList<CrlValidatedID> crls = new ArrayList<CrlValidatedID>();
        for (int ix = 0; ix < chainSize; ix++) {
            X509Certificate cert = (X509Certificate) certificates[ix];
            Collection<ICPBR_CRL> icpCrls = crlRepository.getX509CRL(cert);
            for (ICPBR_CRL icpCrl : icpCrls) {
                crls.add(makeCrlValidatedID(icpCrl.getCRL()));
            }
        }
        int crlsIdSize = crls.size();
        CrlValidatedID[] crlsForId = new CrlValidatedID[crlsIdSize];
        int i = 0;
        for (CrlValidatedID crlVID : crls) {
            crlsForId[i] = crlVID;
            i++;
        }
        // CrlListID crlids = new CrlListID(crlsForId);
        DERSequence crlValidatedIDSeq = new DERSequence(crlsForId);
        // --CRLListID--/
        ASN1Encodable[] crlValidatedIDSeqArr = new ASN1Encodable[1];
        crlValidatedIDSeqArr[0] = crlValidatedIDSeq;
        DERSequence crlListID = new DERSequence(crlValidatedIDSeqArr);
        // CRLListID--/
        DERTaggedObject crlListIDTagged = new DERTaggedObject(0, crlListID);
        // CrlOcspRef--/
        ASN1Encodable[] crlListIDTaggedArr = new ASN1Encodable[1];
        crlListIDTaggedArr[0] = crlListIDTagged;
        DERSequence crlOscpRef = new DERSequence(crlListIDTaggedArr);
        // --CompleteRevocationRefs--/
        ASN1Encodable[] crlOscpRefArr = new ASN1Encodable[1];
        crlOscpRefArr[0] = crlOscpRef;
        DERSequence completeRevocationRefs = new DERSequence(crlOscpRefArr);
        // CrlOcspRef crlOcspRef = new CrlOcspRef(crlids, null, null);
        return new Attribute(new ASN1ObjectIdentifier(identifier), new DERSet(completeRevocationRefs));
    // CrlOcspRef[] crlOcspRefArray = new
    // CrlOcspRef[completeRevocationRefs.size()];
    } catch (NoSuchAlgorithmException | CRLException e) {
        throw new SignerException(e.getMessage());
    }
}
Also used : Attribute(org.bouncycastle.asn1.cms.Attribute) UnsignedAttribute(org.demoiselle.signer.policy.impl.cades.pkcs7.attribute.UnsignedAttribute) DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject) ArrayList(java.util.ArrayList) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) DERSet(org.bouncycastle.asn1.DERSet) X509Certificate(java.security.cert.X509Certificate) ICPBR_CRL(org.demoiselle.signer.core.extension.ICPBR_CRL) CrlValidatedID(org.bouncycastle.asn1.esf.CrlValidatedID) DERSequence(org.bouncycastle.asn1.DERSequence) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) CRLException(java.security.cert.CRLException) SignerException(org.demoiselle.signer.policy.impl.cades.SignerException) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 2 with ICPBR_CRL

use of org.demoiselle.signer.core.extension.ICPBR_CRL in project signer by demoiselle.

the class OnLineCRLRepository method getICPBR_CRL.

private ICPBR_CRL getICPBR_CRL(String uRLCRL) {
    try {
        URL url = new URL(uRLCRL);
        URLConnection conexao = url.openConnection();
        conexao.setConnectTimeout(5000);
        conexao.setReadTimeout(5000);
        DataInputStream inStream = new DataInputStream(conexao.getInputStream());
        ICPBR_CRL icpbr_crl = new ICPBR_CRL(inStream);
        inStream.close();
        return icpbr_crl;
    } catch (MalformedURLException e) {
        logger.error(coreMessagesBundle.getString("error.malformedURL", uRLCRL) + e.getMessage());
    } catch (IOException e) {
        logger.info(coreMessagesBundle.getString("error.crl.connect", uRLCRL) + e.getMessage());
    } catch (CRLException e) {
        logger.error(coreMessagesBundle.getString("error.crl.exception", uRLCRL) + e.getMessage());
    } catch (CertificateException e) {
        logger.error(coreMessagesBundle.getString("error.crl.certificate", uRLCRL) + e.getMessage());
    }
    return null;
}
Also used : ICPBR_CRL(org.demoiselle.signer.core.extension.ICPBR_CRL) MalformedURLException(java.net.MalformedURLException) CertificateException(java.security.cert.CertificateException) IOException(java.io.IOException) DataInputStream(java.io.DataInputStream) CRLException(java.security.cert.CRLException) URL(java.net.URL) URLConnection(java.net.URLConnection)

Example 3 with ICPBR_CRL

use of org.demoiselle.signer.core.extension.ICPBR_CRL in project signer by demoiselle.

the class OnLineCRLRepository method getX509CRL.

@Override
public Collection<ICPBR_CRL> getX509CRL(X509Certificate certificate) {
    Collection<ICPBR_CRL> list = new ArrayList<ICPBR_CRL>();
    try {
        BasicCertificate cert = new BasicCertificate(certificate);
        List<String> ListaURLCRL = cert.getCRLDistributionPoint();
        if (ListaURLCRL == null || ListaURLCRL.isEmpty()) {
            throw new CRLRepositoryException(coreMessagesBundle.getString("error.invalid.crl"));
        }
        ICPBR_CRL validCrl = null;
        for (String URLCRL : ListaURLCRL) {
            // Achou uma CRL válida
            validCrl = getICPBR_CRL(URLCRL);
            if (validCrl != null) {
                list.add(validCrl);
                logger.info(coreMessagesBundle.getString("info.crl.found", URLCRL));
                break;
            }
        }
        if (validCrl == null) {
            throw new CRLRepositoryException(coreMessagesBundle.getString("error.validate.on.crl", ListaURLCRL));
        }
    } catch (IOException e) {
        throw new CRLRepositoryException(coreMessagesBundle.getString("error.invalid.crl") + e);
    }
    return list;
}
Also used : ICPBR_CRL(org.demoiselle.signer.core.extension.ICPBR_CRL) BasicCertificate(org.demoiselle.signer.core.extension.BasicCertificate) ArrayList(java.util.ArrayList) IOException(java.io.IOException)

Example 4 with ICPBR_CRL

use of org.demoiselle.signer.core.extension.ICPBR_CRL in project signer by demoiselle.

the class OffLineCRLRepository method getICPBR_CRL.

/**
 * @param uRLCRL a valid url address
 * @return
 */
private ICPBR_CRL getICPBR_CRL(String uRLCRL) {
    File fileCRL = null;
    try {
        ICPBR_CRL crl = null;
        if (new File(config.getCrlPath()).mkdirs()) {
            logger.info(coreMessagesBundle.getString("info.creating.crl"));
        } else {
            logger.info(coreMessagesBundle.getString("info.created.crl"));
        }
        fileCRL = new File(config.getCrlPath(), RepositoryUtil.urlToMD5(uRLCRL));
        if (!fileCRL.exists()) {
            RepositoryUtil.saveURL(uRLCRL, fileCRL);
        }
        if (fileCRL.length() != 0) {
            crl = new ICPBR_CRL(new FileInputStream(fileCRL));
            if (crl.getCRL().getNextUpdate().before(new Date())) {
                // Se estiver expirado, atualiza com a CRL mais nova
                logger.info(coreMessagesBundle.getString("info.update.crl"));
                RepositoryUtil.saveURL(uRLCRL, fileCRL);
            }
        }
        return crl;
    } catch (FileNotFoundException e) {
        addFileIndex(uRLCRL);
        logger.info(coreMessagesBundle.getString("error.file.not.found", fileCRL));
    } catch (CRLException e) {
        addFileIndex(uRLCRL);
        logger.info(coreMessagesBundle.getString("error.file.corrupted", fileCRL, e.getMessage()));
        if (!fileCRL.delete()) {
            logger.info(coreMessagesBundle.getString("error.file.remove", fileCRL));
        }
    } catch (CertificateException e) {
        addFileIndex(uRLCRL);
        logger.info(coreMessagesBundle.getString("error.crl.certificate", e.getMessage()));
    }
    return null;
}
Also used : ICPBR_CRL(org.demoiselle.signer.core.extension.ICPBR_CRL) FileNotFoundException(java.io.FileNotFoundException) CertificateException(java.security.cert.CertificateException) File(java.io.File) CRLException(java.security.cert.CRLException) FileInputStream(java.io.FileInputStream) Date(java.util.Date)

Example 5 with ICPBR_CRL

use of org.demoiselle.signer.core.extension.ICPBR_CRL in project signer by demoiselle.

the class OffLineCRLRepository method getX509CRL.

/**
 *  Returns a CRL (Certificate Revoked List)  from a given authority of IPC-Brasil.
 */
@Override
public Collection<ICPBR_CRL> getX509CRL(X509Certificate certificate) {
    Collection<ICPBR_CRL> list = new ArrayList<ICPBR_CRL>();
    try {
        BasicCertificate cert = new BasicCertificate(certificate);
        List<String> ListaURLCRL = cert.getCRLDistributionPoint();
        if (ListaURLCRL == null || ListaURLCRL.isEmpty()) {
            throw new CRLRepositoryException(coreMessagesBundle.getString("error.invalid.crl"));
        }
        for (String URLCRL : ListaURLCRL) {
            // Achou uma CRL válida
            ICPBR_CRL crl = getICPBR_CRL(URLCRL);
            if (crl != null) {
                list.add(crl);
                logger.info(coreMessagesBundle.getString("info.crl.found", URLCRL));
                break;
            }
        }
    } catch (IOException e) {
        throw new CRLRepositoryException(coreMessagesBundle.getString("error.invalid.crl") + e);
    }
    return list;
}
Also used : ICPBR_CRL(org.demoiselle.signer.core.extension.ICPBR_CRL) BasicCertificate(org.demoiselle.signer.core.extension.BasicCertificate) ArrayList(java.util.ArrayList) IOException(java.io.IOException)

Aggregations

ICPBR_CRL (org.demoiselle.signer.core.extension.ICPBR_CRL)6 ArrayList (java.util.ArrayList)4 IOException (java.io.IOException)3 CRLException (java.security.cert.CRLException)3 CertificateException (java.security.cert.CertificateException)2 X509Certificate (java.security.cert.X509Certificate)2 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)2 DERSequence (org.bouncycastle.asn1.DERSequence)2 DERSet (org.bouncycastle.asn1.DERSet)2 Attribute (org.bouncycastle.asn1.cms.Attribute)2 BasicCertificate (org.demoiselle.signer.core.extension.BasicCertificate)2 SignerException (org.demoiselle.signer.policy.impl.cades.SignerException)2 UnsignedAttribute (org.demoiselle.signer.policy.impl.cades.pkcs7.attribute.UnsignedAttribute)2 DataInputStream (java.io.DataInputStream)1 File (java.io.File)1 FileInputStream (java.io.FileInputStream)1 FileNotFoundException (java.io.FileNotFoundException)1 MalformedURLException (java.net.MalformedURLException)1 URL (java.net.URL)1 URLConnection (java.net.URLConnection)1