Example 1 with CRLNumberExtension
use of org.mozilla.jss.netscape.security.x509.CRLNumberExtension in project jss by dogtagpki.
the class EnumerationZeroTest method buildCrl.
/**
* Build a CRL using JSS
* @param useZero whether or not to try creating a CRLEntry with the reason set to "unspecified"
* @return an X509CRL object
* @throws Exception if anything goes wrong
*/
public static X509CRL buildCrl(boolean useZero) throws Exception {
KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");
generator.initialize(2048);
KeyPair kp = generator.generateKeyPair();
List<RevokedCertificate> revokedCerts = new ArrayList<>();
for (int i = 0; i <= 10; i++) {
// 7 is an unused value in the enumeration
if (i == 7 || (i == 0 && !useZero)) {
continue;
}
CRLReasonExtension reasonExt = new CRLReasonExtension(RevocationReason.fromInt(i));
outputExtension(reasonExt);
CRLExtensions entryExtensions = new CRLExtensions();
entryExtensions.add(reasonExt);
revokedCerts.add(new RevokedCertImpl(BigInteger.valueOf(i), new Date(), entryExtensions));
}
CRLExtensions crlExtensions = new CRLExtensions();
crlExtensions.add(new CRLNumberExtension(BigInteger.ONE));
crlExtensions.add(buildAuthorityKeyIdentifier((RSAPublicKey) kp.getPublic()));
X500Name issuer = new X500Name("CN=Test");
Date now = new Date();
Calendar calendar = Calendar.getInstance();
calendar.add(Calendar.DAY_OF_MONTH, 365);
Date until = calendar.getTime();
X509CRLImpl crlImpl = new X509CRLImpl(issuer, now, until, revokedCerts.toArray(new RevokedCertificate[] {}), crlExtensions);
crlImpl.sign(kp.getPrivate(), "SHA256withRSA");
CertificateFactory cf = CertificateFactory.getInstance("X.509");
byte[] data = crlImpl.getEncoded();
return (X509CRL) cf.generateCRL(new ByteArrayInputStream(data));
}
Also used :
KeyPair(java.security.KeyPair)
X509CRL(java.security.cert.X509CRL)
Calendar(java.util.Calendar)
ArrayList(java.util.ArrayList)
RevokedCertificate(org.mozilla.jss.netscape.security.x509.RevokedCertificate)
KeyPairGenerator(java.security.KeyPairGenerator)
X500Name(org.mozilla.jss.netscape.security.x509.X500Name)
CertificateFactory(java.security.cert.CertificateFactory)
Date(java.util.Date)
RevokedCertImpl(org.mozilla.jss.netscape.security.x509.RevokedCertImpl)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
ByteArrayInputStream(java.io.ByteArrayInputStream)
CRLReasonExtension(org.mozilla.jss.netscape.security.x509.CRLReasonExtension)
CRLNumberExtension(org.mozilla.jss.netscape.security.x509.CRLNumberExtension)
X509CRLImpl(org.mozilla.jss.netscape.security.x509.X509CRLImpl)
CRLExtensions(org.mozilla.jss.netscape.security.x509.CRLExtensions)
Example 2 with CRLNumberExtension
use of org.mozilla.jss.netscape.security.x509.CRLNumberExtension in project jss by dogtagpki.
the class ExtPrettyPrint method getCRLNumberExtension.
/**
* String Representation of CRLNumberExtension
*/
private String getCRLNumberExtension() {
StringBuffer sb = new StringBuffer();
try {
sb.append(pp.indent(mIndentSize) + mResource.getString(PrettyPrintResources.TOKEN_IDENTIFIER));
sb.append(mResource.getString(PrettyPrintResources.TOKEN_CRL_NUMBER) + "- " + mExt.getExtensionId().toString() + "\n");
sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_CRITICAL));
CRLNumberExtension ext = (CRLNumberExtension) mExt;
if (mExt.isCritical()) {
sb.append(mResource.getString(PrettyPrintResources.TOKEN_YES) + "\n");
} else {
sb.append(mResource.getString(PrettyPrintResources.TOKEN_NO) + "\n");
}
BigInteger crlNumber = (BigInteger) ext.get(CRLNumberExtension.NUMBER);
if (crlNumber != null) {
sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_NUMBER) + crlNumber.toString() + "\n");
}
return sb.toString();
} catch (IOException e) {
e.printStackTrace();
return "";
}
}
Also used :
BigInteger(java.math.BigInteger)
IOException(java.io.IOException)
CRLNumberExtension(org.mozilla.jss.netscape.security.x509.CRLNumberExtension)
Example 3 with CRLNumberExtension
use of org.mozilla.jss.netscape.security.x509.CRLNumberExtension in project structure-project by wudskq.
the class X509CRLSelector method match.
/**
* Decides whether a {@code CRL} should be selected.
*
* @param crl the {@code CRL} to be checked
* @return {@code true} if the {@code CRL} should be selected,
* {@code false} otherwise
*/
public boolean match(CRL crl) {
if (!(crl instanceof X509CRL)) {
return false;
}
X509CRL xcrl = (X509CRL) crl;
/* match on issuer name */
if (issuerNames != null) {
X500Principal issuer = xcrl.getIssuerX500Principal();
Iterator<X500Principal> i = issuerX500Principals.iterator();
boolean found = false;
while (!found && i.hasNext()) {
if (i.next().equals(issuer)) {
found = true;
}
}
if (!found) {
if (debug != null) {
debug.println("X509CRLSelector.match: issuer DNs " + "don't match");
}
return false;
}
}
if ((minCRL != null) || (maxCRL != null)) {
/* Get CRL number extension from CRL */
byte[] crlNumExtVal = xcrl.getExtensionValue("2.5.29.20");
if (crlNumExtVal == null) {
if (debug != null) {
debug.println("X509CRLSelector.match: no CRLNumber");
}
}
BigInteger crlNum;
try {
DerInputStream in = new DerInputStream(crlNumExtVal);
byte[] encoded = in.getOctetString();
CRLNumberExtension crlNumExt = new CRLNumberExtension(Boolean.FALSE, encoded);
crlNum = crlNumExt.get(CRLNumberExtension.NUMBER);
} catch (IOException ex) {
if (debug != null) {
debug.println("X509CRLSelector.match: exception in " + "decoding CRL number");
}
return false;
}
/* match on minCRLNumber */
if (minCRL != null) {
if (crlNum.compareTo(minCRL) < 0) {
if (debug != null) {
debug.println("X509CRLSelector.match: CRLNumber too small");
}
return false;
}
}
/* match on maxCRLNumber */
if (maxCRL != null) {
if (crlNum.compareTo(maxCRL) > 0) {
if (debug != null) {
debug.println("X509CRLSelector.match: CRLNumber too large");
}
return false;
}
}
}
/* match on dateAndTime */
if (dateAndTime != null) {
Date crlThisUpdate = xcrl.getThisUpdate();
Date nextUpdate = xcrl.getNextUpdate();
if (nextUpdate == null) {
if (debug != null) {
debug.println("X509CRLSelector.match: nextUpdate null");
}
return false;
}
Date nowPlusSkew = dateAndTime;
Date nowMinusSkew = dateAndTime;
if (skew > 0) {
nowPlusSkew = new Date(dateAndTime.getTime() + skew);
nowMinusSkew = new Date(dateAndTime.getTime() - skew);
}
// nextUpdate + MAX_CLOCK_SKEW ]
if (nowMinusSkew.after(nextUpdate) || nowPlusSkew.before(crlThisUpdate)) {
if (debug != null) {
debug.println("X509CRLSelector.match: update out-of-range");
}
return false;
}
}
return true;
}
Also used :
X500Principal(javax.security.auth.x500.X500Principal)
BigInteger(java.math.BigInteger)
DerInputStream(sun.security.util.DerInputStream)
IOException(java.io.IOException)
CRLNumberExtension(sun.security.x509.CRLNumberExtension)
Example 4 with CRLNumberExtension
use of org.mozilla.jss.netscape.security.x509.CRLNumberExtension in project jdk8u_jdk by JetBrains.
the class X509CRLSelector method match.
/**
* Decides whether a {@code CRL} should be selected.
*
* @param crl the {@code CRL} to be checked
* @return {@code true} if the {@code CRL} should be selected,
* {@code false} otherwise
*/
public boolean match(CRL crl) {
if (!(crl instanceof X509CRL)) {
return false;
}
X509CRL xcrl = (X509CRL) crl;
/* match on issuer name */
if (issuerNames != null) {
X500Principal issuer = xcrl.getIssuerX500Principal();
Iterator<X500Principal> i = issuerX500Principals.iterator();
boolean found = false;
while (!found && i.hasNext()) {
if (i.next().equals(issuer)) {
found = true;
}
}
if (!found) {
if (debug != null) {
debug.println("X509CRLSelector.match: issuer DNs " + "don't match");
}
return false;
}
}
if ((minCRL != null) || (maxCRL != null)) {
/* Get CRL number extension from CRL */
byte[] crlNumExtVal = xcrl.getExtensionValue("2.5.29.20");
if (crlNumExtVal == null) {
if (debug != null) {
debug.println("X509CRLSelector.match: no CRLNumber");
}
}
BigInteger crlNum;
try {
DerInputStream in = new DerInputStream(crlNumExtVal);
byte[] encoded = in.getOctetString();
CRLNumberExtension crlNumExt = new CRLNumberExtension(Boolean.FALSE, encoded);
crlNum = crlNumExt.get(CRLNumberExtension.NUMBER);
} catch (IOException ex) {
if (debug != null) {
debug.println("X509CRLSelector.match: exception in " + "decoding CRL number");
}
return false;
}
/* match on minCRLNumber */
if (minCRL != null) {
if (crlNum.compareTo(minCRL) < 0) {
if (debug != null) {
debug.println("X509CRLSelector.match: CRLNumber too small");
}
return false;
}
}
/* match on maxCRLNumber */
if (maxCRL != null) {
if (crlNum.compareTo(maxCRL) > 0) {
if (debug != null) {
debug.println("X509CRLSelector.match: CRLNumber too large");
}
return false;
}
}
}
/* match on dateAndTime */
if (dateAndTime != null) {
Date crlThisUpdate = xcrl.getThisUpdate();
Date nextUpdate = xcrl.getNextUpdate();
if (nextUpdate == null) {
if (debug != null) {
debug.println("X509CRLSelector.match: nextUpdate null");
}
return false;
}
Date nowPlusSkew = dateAndTime;
Date nowMinusSkew = dateAndTime;
if (skew > 0) {
nowPlusSkew = new Date(dateAndTime.getTime() + skew);
nowMinusSkew = new Date(dateAndTime.getTime() - skew);
}
// nextUpdate + MAX_CLOCK_SKEW ]
if (nowMinusSkew.after(nextUpdate) || nowPlusSkew.before(crlThisUpdate)) {
if (debug != null) {
debug.println("X509CRLSelector.match: update out-of-range");
}
return false;
}
}
return true;
}
Also used :
X500Principal(javax.security.auth.x500.X500Principal)
BigInteger(java.math.BigInteger)
DerInputStream(sun.security.util.DerInputStream)
IOException(java.io.IOException)
CRLNumberExtension(sun.security.x509.CRLNumberExtension)
Example 5 with CRLNumberExtension
use of org.mozilla.jss.netscape.security.x509.CRLNumberExtension in project Bytecoder by mirkosertic.
the class X509CRLSelector method match.
/**
* Decides whether a {@code CRL} should be selected.
*
* @param crl the {@code CRL} to be checked
* @return {@code true} if the {@code CRL} should be selected,
* {@code false} otherwise
*/
public boolean match(CRL crl) {
if (!(crl instanceof X509CRL)) {
return false;
}
X509CRL xcrl = (X509CRL) crl;
/* match on issuer name */
if (issuerNames != null) {
X500Principal issuer = xcrl.getIssuerX500Principal();
Iterator<X500Principal> i = issuerX500Principals.iterator();
boolean found = false;
while (!found && i.hasNext()) {
if (i.next().equals(issuer)) {
found = true;
}
}
if (!found) {
if (debug != null) {
debug.println("X509CRLSelector.match: issuer DNs " + "don't match");
}
return false;
}
}
if ((minCRL != null) || (maxCRL != null)) {
/* Get CRL number extension from CRL */
byte[] crlNumExtVal = xcrl.getExtensionValue("2.5.29.20");
if (crlNumExtVal == null) {
if (debug != null) {
debug.println("X509CRLSelector.match: no CRLNumber");
}
}
BigInteger crlNum;
try {
DerInputStream in = new DerInputStream(crlNumExtVal);
byte[] encoded = in.getOctetString();
CRLNumberExtension crlNumExt = new CRLNumberExtension(Boolean.FALSE, encoded);
crlNum = crlNumExt.get(CRLNumberExtension.NUMBER);
} catch (IOException ex) {
if (debug != null) {
debug.println("X509CRLSelector.match: exception in " + "decoding CRL number");
}
return false;
}
/* match on minCRLNumber */
if (minCRL != null) {
if (crlNum.compareTo(minCRL) < 0) {
if (debug != null) {
debug.println("X509CRLSelector.match: CRLNumber too small");
}
return false;
}
}
/* match on maxCRLNumber */
if (maxCRL != null) {
if (crlNum.compareTo(maxCRL) > 0) {
if (debug != null) {
debug.println("X509CRLSelector.match: CRLNumber too large");
}
return false;
}
}
}
/* match on dateAndTime */
if (dateAndTime != null) {
Date crlThisUpdate = xcrl.getThisUpdate();
Date nextUpdate = xcrl.getNextUpdate();
if (nextUpdate == null) {
if (debug != null) {
debug.println("X509CRLSelector.match: nextUpdate null");
}
return false;
}
Date nowPlusSkew = dateAndTime;
Date nowMinusSkew = dateAndTime;
if (skew > 0) {
nowPlusSkew = new Date(dateAndTime.getTime() + skew);
nowMinusSkew = new Date(dateAndTime.getTime() - skew);
}
// nextUpdate + MAX_CLOCK_SKEW ]
if (nowMinusSkew.after(nextUpdate) || nowPlusSkew.before(crlThisUpdate)) {
if (debug != null) {
debug.println("X509CRLSelector.match: update out-of-range");
}
return false;
}
}
return true;
}
Also used :
X500Principal(javax.security.auth.x500.X500Principal)
BigInteger(java.math.BigInteger)
DerInputStream(sun.security.util.DerInputStream)
IOException(java.io.IOException)
CRLNumberExtension(sun.security.x509.CRLNumberExtension)
Aggregations
IOException (java.io.IOException)7
BigInteger (java.math.BigInteger)7
X500Principal (javax.security.auth.x500.X500Principal)6
DerInputStream (sun.security.util.DerInputStream)6
CRLNumberExtension (sun.security.x509.CRLNumberExtension)6
CRLNumberExtension (org.mozilla.jss.netscape.security.x509.CRLNumberExtension)2
ByteArrayInputStream (java.io.ByteArrayInputStream)1
KeyPair (java.security.KeyPair)1
KeyPairGenerator (java.security.KeyPairGenerator)1
CertificateFactory (java.security.cert.CertificateFactory)1
X509CRL (java.security.cert.X509CRL)1
RSAPublicKey (java.security.interfaces.RSAPublicKey)1
ArrayList (java.util.ArrayList)1
Calendar (java.util.Calendar)1
Date (java.util.Date)1
CRLExtensions (org.mozilla.jss.netscape.security.x509.CRLExtensions)1
CRLReasonExtension (org.mozilla.jss.netscape.security.x509.CRLReasonExtension)1
RevokedCertImpl (org.mozilla.jss.netscape.security.x509.RevokedCertImpl)1
RevokedCertificate (org.mozilla.jss.netscape.security.x509.RevokedCertificate)1
X500Name (org.mozilla.jss.netscape.security.x509.X500Name)1
