Examples with CRLDistributionPointsExtension org.mozilla.jss.netscape.security.x509.CRLDistributionPointsExtension used on opensource projects

Example 1 with CRLDistributionPointsExtension

use of org.mozilla.jss.netscape.security.x509.CRLDistributionPointsExtension in project jss by dogtagpki.

the class ExtPrettyPrint method getCRLDistributionPointsExtension.

/**
 * String Representation of CRLDistributionPointsExtension
 */
private String getCRLDistributionPointsExtension() {
    StringBuffer sb = new StringBuffer();
    // 
    // Generic stuff: name, OID, criticality
    // 
    sb.append(pp.indent(mIndentSize) + mResource.getString(PrettyPrintResources.TOKEN_IDENTIFIER));
    sb.append(mResource.getString(PrettyPrintResources.TOKEN_CRL_DP_EXT) + "- " + mExt.getExtensionId().toString() + "\n");
    sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_CRITICAL));
    if (mExt.isCritical()) {
        sb.append(mResource.getString(PrettyPrintResources.TOKEN_YES) + "\n");
    } else {
        sb.append(mResource.getString(PrettyPrintResources.TOKEN_NO) + "\n");
    }
    // 
    // Now the CRLDP-specific stuff
    // 
    CRLDistributionPointsExtension ext = (CRLDistributionPointsExtension) mExt;
    int numPoints = ext.getNumPoints();
    sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_CRLDP_NUMPOINTS) + numPoints + "\n");
    for (int i = 0; i < numPoints; i++) {
        // 
        // print one individual CRL distribution point
        // 
        int idt;
        // reset each time through loop
        idt = mIndentSize + 4;
        boolean isEmpty = true;
        sb.append(pp.indent(idt) + mResource.getString(PrettyPrintResources.TOKEN_CRLDP_POINTN) + i + "\n");
        CRLDistributionPoint pt = ext.getPointAt(i);
        // further indent rest of information
        idt += 4;
        if (pt.getFullName() != null) {
            isEmpty = false;
            sb.append(pp.indent(idt) + mResource.getString(PrettyPrintResources.TOKEN_CRLDP_DISTPOINT) + pt.getFullName() + "\n");
        }
        if (pt.getRelativeName() != null) {
            isEmpty = false;
            sb.append(pp.indent(idt) + mResource.getString(PrettyPrintResources.TOKEN_CRLDP_DISTPOINT) + pt.getRelativeName() + "\n");
        }
        if (pt.getReasons() != null) {
            isEmpty = false;
            byte[] reasonBits = pt.getReasons().toByteArray();
            String reasonList = reasonBitsToReasonList(reasonBits);
            sb.append(pp.indent(idt) + mResource.getString(PrettyPrintResources.TOKEN_CRLDP_REASONS) + reasonList + "\n");
        }
        if (pt.getCRLIssuer() != null) {
            isEmpty = false;
            sb.append(pp.indent(idt) + mResource.getString(PrettyPrintResources.TOKEN_CRLDP_CRLISSUER) + pt.getCRLIssuer() + "\n");
        }
        if (isEmpty) {
            sb.append(pp.indent(idt) + "<i>empty</i>\n");
        }
    }
    return sb.toString();
}

Example 2 with CRLDistributionPointsExtension

use of org.mozilla.jss.netscape.security.x509.CRLDistributionPointsExtension in project OpenAM by OpenRock.

the class AMCRLStore method getCRLDPExt.

/**
     * It checks whether the certificate has CRLDistributionPointsExtension
     * or not. If there is, it returns the extension.
     *
     * @param certificate
     */
private CRLDistributionPointsExtension getCRLDPExt(X509Certificate certificate) {
    CRLDistributionPointsExtension dpExt = null;
    try {
        X509CertImpl certImpl = new X509CertImpl(certificate.getEncoded());
        dpExt = certImpl.getCRLDistributionPointsExtension();
    } catch (Exception e) {
        debug.error("Error finding CRL distribution Point configured: ", e);
    }
    return dpExt;
}

Example 3 with CRLDistributionPointsExtension

use of org.mozilla.jss.netscape.security.x509.CRLDistributionPointsExtension in project OpenAM by OpenRock.

the class AMCRLStore method getCRL.

/**
     * Checks certificate and returns corresponding stored CRL in ldap store
     *
     * @param certificate
     */
public X509CRL getCRL(X509Certificate certificate) throws IOException {
    SearchResultEntry crlEntry = null;
    X509CRL crl = null;
    if (storeParam.isDoCRLCaching()) {
        if (debug.messageEnabled()) {
            debug.message("AMCRLStore.getCRL: Trying to get CRL from cache");
        }
        crl = getCRLFromCache(certificate);
    }
    try (Connection ldc = getConnection()) {
        if (ldc == null) {
            return null;
        }
        if (crl == null) {
            if (debug.messageEnabled()) {
                debug.message("AMCRLStore.getCRL: crl is null");
            }
            if (mCrlAttrName == null) {
                crlEntry = getLdapEntry(ldc, CERTIFICATE_REVOCATION_LIST, CERTIFICATE_REVOCATION_LIST_BINARY);
            } else {
                crlEntry = getLdapEntry(ldc, mCrlAttrName);
            }
            crl = getCRLFromEntry(crlEntry);
        }
        if (storeParam.isDoUpdateCRLs() && needCRLUpdate(crl)) {
            if (debug.messageEnabled()) {
                debug.message("AMCRLStore.getCRL: need CRL update");
            }
            X509CRL tmpcrl = null;
            IssuingDistributionPointExtension crlIDPExt = null;
            try {
                if (crl != null) {
                    crlIDPExt = getCRLIDPExt(crl);
                }
            } catch (Exception e) {
                debug.message("AMCRLStore.getCRL: crlIDPExt is null");
            }
            CRLDistributionPointsExtension crlDPExt = null;
            try {
                crlDPExt = getCRLDPExt(certificate);
            } catch (Exception e) {
                debug.message("AMCRLStore.getCRL: crlDPExt is null");
            }
            if ((tmpcrl == null) && (crlIDPExt != null)) {
                tmpcrl = getUpdateCRLFromCrlIDP(crlIDPExt);
            }
            if ((tmpcrl == null) && (crlDPExt != null)) {
                tmpcrl = getUpdateCRLFromCrlDP(crlDPExt);
            }
            if (tmpcrl != null) {
                if (crlEntry == null) {
                    crlEntry = getLdapEntry(ldc);
                }
                if (debug.messageEnabled()) {
                    debug.message("AMCRLStore.getCRL: new crl = " + tmpcrl);
                }
                if (crlEntry != null) {
                    updateCRL(ldc, crlEntry.getName().toString(), tmpcrl.getEncoded());
                }
            }
            crl = tmpcrl;
        }
        if (storeParam.isDoCRLCaching()) {
            if (debug.messageEnabled()) {
                debug.message("AMCRLStore.getCRL: Updating CRL cache");
            }
            updateCRLCache(certificate, crl);
        }
    } catch (Exception e) {
        debug.error("AMCRLStore.getCRL: Error in getting CRL : ", e);
    }
    return crl;
}

Example 4 with CRLDistributionPointsExtension

use of org.mozilla.jss.netscape.security.x509.CRLDistributionPointsExtension in project jdk8u_jdk by JetBrains.

the class Parse method CRLDistributionPointsExtensionTest.

/*
     * Create an X509Certificate then attempt to construct a
     * CRLDistributionPointsExtension object from its extension value bytes.
     */
private static void CRLDistributionPointsExtensionTest(String certStr) throws Exception {
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    ByteArrayInputStream is = new ByteArrayInputStream(certStr.getBytes());
    X509Certificate cert = (X509Certificate) cf.generateCertificate(is);
    // oid for CRL Distribution Points = 2.5.29.31
    byte[] CDPExtBytes = cert.getExtensionValue("2.5.29.31");
    DerValue val = new DerValue(CDPExtBytes);
    byte[] data = val.getOctetString();
    CRLDistributionPointsExtension CDPExt = new CRLDistributionPointsExtension(false, data);
}