Search in sources :

Example 1 with CRLNumberExtension

use of org.mozilla.jss.netscape.security.x509.CRLNumberExtension in project jss by dogtagpki.

the class EnumerationZeroTest method buildCrl.

/**
 * Build a CRL using JSS
 * @param useZero whether or not to try creating a CRLEntry with the reason set to "unspecified"
 * @return an X509CRL object
 * @throws Exception if anything goes wrong
 */
public static X509CRL buildCrl(boolean useZero) throws Exception {
    KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");
    generator.initialize(2048);
    KeyPair kp = generator.generateKeyPair();
    List<RevokedCertificate> revokedCerts = new ArrayList<>();
    for (int i = 0; i <= 10; i++) {
        // 7 is an unused value in the enumeration
        if (i == 7 || (i == 0 && !useZero)) {
            continue;
        }
        CRLReasonExtension reasonExt = new CRLReasonExtension(RevocationReason.fromInt(i));
        outputExtension(reasonExt);
        CRLExtensions entryExtensions = new CRLExtensions();
        entryExtensions.add(reasonExt);
        revokedCerts.add(new RevokedCertImpl(BigInteger.valueOf(i), new Date(), entryExtensions));
    }
    CRLExtensions crlExtensions = new CRLExtensions();
    crlExtensions.add(new CRLNumberExtension(BigInteger.ONE));
    crlExtensions.add(buildAuthorityKeyIdentifier((RSAPublicKey) kp.getPublic()));
    X500Name issuer = new X500Name("CN=Test");
    Date now = new Date();
    Calendar calendar = Calendar.getInstance();
    calendar.add(Calendar.DAY_OF_MONTH, 365);
    Date until = calendar.getTime();
    X509CRLImpl crlImpl = new X509CRLImpl(issuer, now, until, revokedCerts.toArray(new RevokedCertificate[] {}), crlExtensions);
    crlImpl.sign(kp.getPrivate(), "SHA256withRSA");
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    byte[] data = crlImpl.getEncoded();
    return (X509CRL) cf.generateCRL(new ByteArrayInputStream(data));
}
Also used : KeyPair(java.security.KeyPair) X509CRL(java.security.cert.X509CRL) Calendar(java.util.Calendar) ArrayList(java.util.ArrayList) RevokedCertificate(org.mozilla.jss.netscape.security.x509.RevokedCertificate) KeyPairGenerator(java.security.KeyPairGenerator) X500Name(org.mozilla.jss.netscape.security.x509.X500Name) CertificateFactory(java.security.cert.CertificateFactory) Date(java.util.Date) RevokedCertImpl(org.mozilla.jss.netscape.security.x509.RevokedCertImpl) RSAPublicKey(java.security.interfaces.RSAPublicKey) ByteArrayInputStream(java.io.ByteArrayInputStream) CRLReasonExtension(org.mozilla.jss.netscape.security.x509.CRLReasonExtension) CRLNumberExtension(org.mozilla.jss.netscape.security.x509.CRLNumberExtension) X509CRLImpl(org.mozilla.jss.netscape.security.x509.X509CRLImpl) CRLExtensions(org.mozilla.jss.netscape.security.x509.CRLExtensions)

Example 2 with CRLNumberExtension

use of org.mozilla.jss.netscape.security.x509.CRLNumberExtension in project jss by dogtagpki.

the class ExtPrettyPrint method getCRLNumberExtension.

/**
 * String Representation of CRLNumberExtension
 */
private String getCRLNumberExtension() {
    StringBuffer sb = new StringBuffer();
    try {
        sb.append(pp.indent(mIndentSize) + mResource.getString(PrettyPrintResources.TOKEN_IDENTIFIER));
        sb.append(mResource.getString(PrettyPrintResources.TOKEN_CRL_NUMBER) + "- " + mExt.getExtensionId().toString() + "\n");
        sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_CRITICAL));
        CRLNumberExtension ext = (CRLNumberExtension) mExt;
        if (mExt.isCritical()) {
            sb.append(mResource.getString(PrettyPrintResources.TOKEN_YES) + "\n");
        } else {
            sb.append(mResource.getString(PrettyPrintResources.TOKEN_NO) + "\n");
        }
        BigInteger crlNumber = (BigInteger) ext.get(CRLNumberExtension.NUMBER);
        if (crlNumber != null) {
            sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_NUMBER) + crlNumber.toString() + "\n");
        }
        return sb.toString();
    } catch (IOException e) {
        e.printStackTrace();
        return "";
    }
}
Also used : BigInteger(java.math.BigInteger) IOException(java.io.IOException) CRLNumberExtension(org.mozilla.jss.netscape.security.x509.CRLNumberExtension)

Example 3 with CRLNumberExtension

use of org.mozilla.jss.netscape.security.x509.CRLNumberExtension in project structure-project by wudskq.

the class X509CRLSelector method match.

/**
 * Decides whether a {@code CRL} should be selected.
 *
 * @param crl the {@code CRL} to be checked
 * @return {@code true} if the {@code CRL} should be selected,
 *         {@code false} otherwise
 */
public boolean match(CRL crl) {
    if (!(crl instanceof X509CRL)) {
        return false;
    }
    X509CRL xcrl = (X509CRL) crl;
    /* match on issuer name */
    if (issuerNames != null) {
        X500Principal issuer = xcrl.getIssuerX500Principal();
        Iterator<X500Principal> i = issuerX500Principals.iterator();
        boolean found = false;
        while (!found && i.hasNext()) {
            if (i.next().equals(issuer)) {
                found = true;
            }
        }
        if (!found) {
            if (debug != null) {
                debug.println("X509CRLSelector.match: issuer DNs " + "don't match");
            }
            return false;
        }
    }
    if ((minCRL != null) || (maxCRL != null)) {
        /* Get CRL number extension from CRL */
        byte[] crlNumExtVal = xcrl.getExtensionValue("2.5.29.20");
        if (crlNumExtVal == null) {
            if (debug != null) {
                debug.println("X509CRLSelector.match: no CRLNumber");
            }
        }
        BigInteger crlNum;
        try {
            DerInputStream in = new DerInputStream(crlNumExtVal);
            byte[] encoded = in.getOctetString();
            CRLNumberExtension crlNumExt = new CRLNumberExtension(Boolean.FALSE, encoded);
            crlNum = crlNumExt.get(CRLNumberExtension.NUMBER);
        } catch (IOException ex) {
            if (debug != null) {
                debug.println("X509CRLSelector.match: exception in " + "decoding CRL number");
            }
            return false;
        }
        /* match on minCRLNumber */
        if (minCRL != null) {
            if (crlNum.compareTo(minCRL) < 0) {
                if (debug != null) {
                    debug.println("X509CRLSelector.match: CRLNumber too small");
                }
                return false;
            }
        }
        /* match on maxCRLNumber */
        if (maxCRL != null) {
            if (crlNum.compareTo(maxCRL) > 0) {
                if (debug != null) {
                    debug.println("X509CRLSelector.match: CRLNumber too large");
                }
                return false;
            }
        }
    }
    /* match on dateAndTime */
    if (dateAndTime != null) {
        Date crlThisUpdate = xcrl.getThisUpdate();
        Date nextUpdate = xcrl.getNextUpdate();
        if (nextUpdate == null) {
            if (debug != null) {
                debug.println("X509CRLSelector.match: nextUpdate null");
            }
            return false;
        }
        Date nowPlusSkew = dateAndTime;
        Date nowMinusSkew = dateAndTime;
        if (skew > 0) {
            nowPlusSkew = new Date(dateAndTime.getTime() + skew);
            nowMinusSkew = new Date(dateAndTime.getTime() - skew);
        }
        // nextUpdate + MAX_CLOCK_SKEW ]
        if (nowMinusSkew.after(nextUpdate) || nowPlusSkew.before(crlThisUpdate)) {
            if (debug != null) {
                debug.println("X509CRLSelector.match: update out-of-range");
            }
            return false;
        }
    }
    return true;
}
Also used : X500Principal(javax.security.auth.x500.X500Principal) BigInteger(java.math.BigInteger) DerInputStream(sun.security.util.DerInputStream) IOException(java.io.IOException) CRLNumberExtension(sun.security.x509.CRLNumberExtension)

Example 4 with CRLNumberExtension

use of org.mozilla.jss.netscape.security.x509.CRLNumberExtension in project jdk8u_jdk by JetBrains.

the class X509CRLSelector method match.

/**
     * Decides whether a {@code CRL} should be selected.
     *
     * @param crl the {@code CRL} to be checked
     * @return {@code true} if the {@code CRL} should be selected,
     *         {@code false} otherwise
     */
public boolean match(CRL crl) {
    if (!(crl instanceof X509CRL)) {
        return false;
    }
    X509CRL xcrl = (X509CRL) crl;
    /* match on issuer name */
    if (issuerNames != null) {
        X500Principal issuer = xcrl.getIssuerX500Principal();
        Iterator<X500Principal> i = issuerX500Principals.iterator();
        boolean found = false;
        while (!found && i.hasNext()) {
            if (i.next().equals(issuer)) {
                found = true;
            }
        }
        if (!found) {
            if (debug != null) {
                debug.println("X509CRLSelector.match: issuer DNs " + "don't match");
            }
            return false;
        }
    }
    if ((minCRL != null) || (maxCRL != null)) {
        /* Get CRL number extension from CRL */
        byte[] crlNumExtVal = xcrl.getExtensionValue("2.5.29.20");
        if (crlNumExtVal == null) {
            if (debug != null) {
                debug.println("X509CRLSelector.match: no CRLNumber");
            }
        }
        BigInteger crlNum;
        try {
            DerInputStream in = new DerInputStream(crlNumExtVal);
            byte[] encoded = in.getOctetString();
            CRLNumberExtension crlNumExt = new CRLNumberExtension(Boolean.FALSE, encoded);
            crlNum = crlNumExt.get(CRLNumberExtension.NUMBER);
        } catch (IOException ex) {
            if (debug != null) {
                debug.println("X509CRLSelector.match: exception in " + "decoding CRL number");
            }
            return false;
        }
        /* match on minCRLNumber */
        if (minCRL != null) {
            if (crlNum.compareTo(minCRL) < 0) {
                if (debug != null) {
                    debug.println("X509CRLSelector.match: CRLNumber too small");
                }
                return false;
            }
        }
        /* match on maxCRLNumber */
        if (maxCRL != null) {
            if (crlNum.compareTo(maxCRL) > 0) {
                if (debug != null) {
                    debug.println("X509CRLSelector.match: CRLNumber too large");
                }
                return false;
            }
        }
    }
    /* match on dateAndTime */
    if (dateAndTime != null) {
        Date crlThisUpdate = xcrl.getThisUpdate();
        Date nextUpdate = xcrl.getNextUpdate();
        if (nextUpdate == null) {
            if (debug != null) {
                debug.println("X509CRLSelector.match: nextUpdate null");
            }
            return false;
        }
        Date nowPlusSkew = dateAndTime;
        Date nowMinusSkew = dateAndTime;
        if (skew > 0) {
            nowPlusSkew = new Date(dateAndTime.getTime() + skew);
            nowMinusSkew = new Date(dateAndTime.getTime() - skew);
        }
        //     nextUpdate + MAX_CLOCK_SKEW ]
        if (nowMinusSkew.after(nextUpdate) || nowPlusSkew.before(crlThisUpdate)) {
            if (debug != null) {
                debug.println("X509CRLSelector.match: update out-of-range");
            }
            return false;
        }
    }
    return true;
}
Also used : X500Principal(javax.security.auth.x500.X500Principal) BigInteger(java.math.BigInteger) DerInputStream(sun.security.util.DerInputStream) IOException(java.io.IOException) CRLNumberExtension(sun.security.x509.CRLNumberExtension)

Example 5 with CRLNumberExtension

use of org.mozilla.jss.netscape.security.x509.CRLNumberExtension in project Bytecoder by mirkosertic.

the class X509CRLSelector method match.

/**
 * Decides whether a {@code CRL} should be selected.
 *
 * @param crl the {@code CRL} to be checked
 * @return {@code true} if the {@code CRL} should be selected,
 *         {@code false} otherwise
 */
public boolean match(CRL crl) {
    if (!(crl instanceof X509CRL)) {
        return false;
    }
    X509CRL xcrl = (X509CRL) crl;
    /* match on issuer name */
    if (issuerNames != null) {
        X500Principal issuer = xcrl.getIssuerX500Principal();
        Iterator<X500Principal> i = issuerX500Principals.iterator();
        boolean found = false;
        while (!found && i.hasNext()) {
            if (i.next().equals(issuer)) {
                found = true;
            }
        }
        if (!found) {
            if (debug != null) {
                debug.println("X509CRLSelector.match: issuer DNs " + "don't match");
            }
            return false;
        }
    }
    if ((minCRL != null) || (maxCRL != null)) {
        /* Get CRL number extension from CRL */
        byte[] crlNumExtVal = xcrl.getExtensionValue("2.5.29.20");
        if (crlNumExtVal == null) {
            if (debug != null) {
                debug.println("X509CRLSelector.match: no CRLNumber");
            }
        }
        BigInteger crlNum;
        try {
            DerInputStream in = new DerInputStream(crlNumExtVal);
            byte[] encoded = in.getOctetString();
            CRLNumberExtension crlNumExt = new CRLNumberExtension(Boolean.FALSE, encoded);
            crlNum = crlNumExt.get(CRLNumberExtension.NUMBER);
        } catch (IOException ex) {
            if (debug != null) {
                debug.println("X509CRLSelector.match: exception in " + "decoding CRL number");
            }
            return false;
        }
        /* match on minCRLNumber */
        if (minCRL != null) {
            if (crlNum.compareTo(minCRL) < 0) {
                if (debug != null) {
                    debug.println("X509CRLSelector.match: CRLNumber too small");
                }
                return false;
            }
        }
        /* match on maxCRLNumber */
        if (maxCRL != null) {
            if (crlNum.compareTo(maxCRL) > 0) {
                if (debug != null) {
                    debug.println("X509CRLSelector.match: CRLNumber too large");
                }
                return false;
            }
        }
    }
    /* match on dateAndTime */
    if (dateAndTime != null) {
        Date crlThisUpdate = xcrl.getThisUpdate();
        Date nextUpdate = xcrl.getNextUpdate();
        if (nextUpdate == null) {
            if (debug != null) {
                debug.println("X509CRLSelector.match: nextUpdate null");
            }
            return false;
        }
        Date nowPlusSkew = dateAndTime;
        Date nowMinusSkew = dateAndTime;
        if (skew > 0) {
            nowPlusSkew = new Date(dateAndTime.getTime() + skew);
            nowMinusSkew = new Date(dateAndTime.getTime() - skew);
        }
        // nextUpdate + MAX_CLOCK_SKEW ]
        if (nowMinusSkew.after(nextUpdate) || nowPlusSkew.before(crlThisUpdate)) {
            if (debug != null) {
                debug.println("X509CRLSelector.match: update out-of-range");
            }
            return false;
        }
    }
    return true;
}
Also used : X500Principal(javax.security.auth.x500.X500Principal) BigInteger(java.math.BigInteger) DerInputStream(sun.security.util.DerInputStream) IOException(java.io.IOException) CRLNumberExtension(sun.security.x509.CRLNumberExtension)

Aggregations

IOException (java.io.IOException)7 BigInteger (java.math.BigInteger)7 X500Principal (javax.security.auth.x500.X500Principal)6 DerInputStream (sun.security.util.DerInputStream)6 CRLNumberExtension (sun.security.x509.CRLNumberExtension)6 CRLNumberExtension (org.mozilla.jss.netscape.security.x509.CRLNumberExtension)2 ByteArrayInputStream (java.io.ByteArrayInputStream)1 KeyPair (java.security.KeyPair)1 KeyPairGenerator (java.security.KeyPairGenerator)1 CertificateFactory (java.security.cert.CertificateFactory)1 X509CRL (java.security.cert.X509CRL)1 RSAPublicKey (java.security.interfaces.RSAPublicKey)1 ArrayList (java.util.ArrayList)1 Calendar (java.util.Calendar)1 Date (java.util.Date)1 CRLExtensions (org.mozilla.jss.netscape.security.x509.CRLExtensions)1 CRLReasonExtension (org.mozilla.jss.netscape.security.x509.CRLReasonExtension)1 RevokedCertImpl (org.mozilla.jss.netscape.security.x509.RevokedCertImpl)1 RevokedCertificate (org.mozilla.jss.netscape.security.x509.RevokedCertificate)1 X500Name (org.mozilla.jss.netscape.security.x509.X500Name)1