Example 6 with CRLNumberExtension
use of org.mozilla.jss.netscape.security.x509.CRLNumberExtension in project force-oneself by Force-oneself.
the class X509CRLSelector method match.
/**
* Decides whether a {@code CRL} should be selected.
*
* @param crl the {@code CRL} to be checked
* @return {@code true} if the {@code CRL} should be selected,
* {@code false} otherwise
*/
public boolean match(CRL crl) {
if (!(crl instanceof X509CRL)) {
return false;
}
X509CRL xcrl = (X509CRL) crl;
/* match on issuer name */
if (issuerNames != null) {
X500Principal issuer = xcrl.getIssuerX500Principal();
Iterator<X500Principal> i = issuerX500Principals.iterator();
boolean found = false;
while (!found && i.hasNext()) {
if (i.next().equals(issuer)) {
found = true;
}
}
if (!found) {
if (debug != null) {
debug.println("X509CRLSelector.match: issuer DNs " + "don't match");
}
return false;
}
}
if ((minCRL != null) || (maxCRL != null)) {
/* Get CRL number extension from CRL */
byte[] crlNumExtVal = xcrl.getExtensionValue("2.5.29.20");
if (crlNumExtVal == null) {
if (debug != null) {
debug.println("X509CRLSelector.match: no CRLNumber");
}
}
BigInteger crlNum;
try {
DerInputStream in = new DerInputStream(crlNumExtVal);
byte[] encoded = in.getOctetString();
CRLNumberExtension crlNumExt = new CRLNumberExtension(Boolean.FALSE, encoded);
crlNum = crlNumExt.get(CRLNumberExtension.NUMBER);
} catch (IOException ex) {
if (debug != null) {
debug.println("X509CRLSelector.match: exception in " + "decoding CRL number");
}
return false;
}
/* match on minCRLNumber */
if (minCRL != null) {
if (crlNum.compareTo(minCRL) < 0) {
if (debug != null) {
debug.println("X509CRLSelector.match: CRLNumber too small");
}
return false;
}
}
/* match on maxCRLNumber */
if (maxCRL != null) {
if (crlNum.compareTo(maxCRL) > 0) {
if (debug != null) {
debug.println("X509CRLSelector.match: CRLNumber too large");
}
return false;
}
}
}
/* match on dateAndTime */
if (dateAndTime != null) {
Date crlThisUpdate = xcrl.getThisUpdate();
Date nextUpdate = xcrl.getNextUpdate();
if (nextUpdate == null) {
if (debug != null) {
debug.println("X509CRLSelector.match: nextUpdate null");
}
return false;
}
Date nowPlusSkew = dateAndTime;
Date nowMinusSkew = dateAndTime;
if (skew > 0) {
nowPlusSkew = new Date(dateAndTime.getTime() + skew);
nowMinusSkew = new Date(dateAndTime.getTime() - skew);
}
// nextUpdate + MAX_CLOCK_SKEW ]
if (nowMinusSkew.after(nextUpdate) || nowPlusSkew.before(crlThisUpdate)) {
if (debug != null) {
debug.println("X509CRLSelector.match: update out-of-range");
}
return false;
}
}
return true;
}
Also used :
X500Principal(javax.security.auth.x500.X500Principal)
BigInteger(java.math.BigInteger)
DerInputStream(sun.security.util.DerInputStream)
IOException(java.io.IOException)
CRLNumberExtension(sun.security.x509.CRLNumberExtension)
Example 7 with CRLNumberExtension
use of org.mozilla.jss.netscape.security.x509.CRLNumberExtension in project j2objc by google.
the class X509CRLSelector method match.
/**
* Decides whether a {@code CRL} should be selected.
*
* @param crl the {@code CRL} to be checked
* @return {@code true} if the {@code CRL} should be selected,
* {@code false} otherwise
*/
public boolean match(CRL crl) {
if (!(crl instanceof X509CRL)) {
return false;
}
X509CRL xcrl = (X509CRL) crl;
/* match on issuer name */
if (issuerNames != null) {
X500Principal issuer = xcrl.getIssuerX500Principal();
Iterator<X500Principal> i = issuerX500Principals.iterator();
boolean found = false;
while (!found && i.hasNext()) {
if (i.next().equals(issuer)) {
found = true;
}
}
if (!found) {
if (debug != null) {
debug.println("X509CRLSelector.match: issuer DNs " + "don't match");
}
return false;
}
}
if ((minCRL != null) || (maxCRL != null)) {
/* Get CRL number extension from CRL */
byte[] crlNumExtVal = xcrl.getExtensionValue("2.5.29.20");
if (crlNumExtVal == null) {
if (debug != null) {
debug.println("X509CRLSelector.match: no CRLNumber");
}
}
BigInteger crlNum;
try {
DerInputStream in = new DerInputStream(crlNumExtVal);
byte[] encoded = in.getOctetString();
CRLNumberExtension crlNumExt = new CRLNumberExtension(Boolean.FALSE, encoded);
crlNum = crlNumExt.get(CRLNumberExtension.NUMBER);
} catch (IOException ex) {
if (debug != null) {
debug.println("X509CRLSelector.match: exception in " + "decoding CRL number");
}
return false;
}
/* match on minCRLNumber */
if (minCRL != null) {
if (crlNum.compareTo(minCRL) < 0) {
if (debug != null) {
debug.println("X509CRLSelector.match: CRLNumber too small");
}
return false;
}
}
/* match on maxCRLNumber */
if (maxCRL != null) {
if (crlNum.compareTo(maxCRL) > 0) {
if (debug != null) {
debug.println("X509CRLSelector.match: CRLNumber too large");
}
return false;
}
}
}
/* match on dateAndTime */
if (dateAndTime != null) {
Date crlThisUpdate = xcrl.getThisUpdate();
Date nextUpdate = xcrl.getNextUpdate();
if (nextUpdate == null) {
if (debug != null) {
debug.println("X509CRLSelector.match: nextUpdate null");
}
return false;
}
Date nowPlusSkew = dateAndTime;
Date nowMinusSkew = dateAndTime;
if (skew > 0) {
nowPlusSkew = new Date(dateAndTime.getTime() + skew);
nowMinusSkew = new Date(dateAndTime.getTime() - skew);
}
// nextUpdate + MAX_CLOCK_SKEW ]
if (nowMinusSkew.after(nextUpdate) || nowPlusSkew.before(crlThisUpdate)) {
if (debug != null) {
debug.println("X509CRLSelector.match: update out-of-range");
}
return false;
}
}
return true;
}
Also used :
X500Principal(javax.security.auth.x500.X500Principal)
BigInteger(java.math.BigInteger)
DerInputStream(sun.security.util.DerInputStream)
IOException(java.io.IOException)
CRLNumberExtension(sun.security.x509.CRLNumberExtension)
Example 8 with CRLNumberExtension
use of org.mozilla.jss.netscape.security.x509.CRLNumberExtension in project BigDataSourceCode by baolibin.
the class X509CRLSelector method match.
/**
* Decides whether a {@code CRL} should be selected.
*
* @param crl the {@code CRL} to be checked
* @return {@code true} if the {@code CRL} should be selected,
* {@code false} otherwise
*/
public boolean match(CRL crl) {
if (!(crl instanceof X509CRL)) {
return false;
}
X509CRL xcrl = (X509CRL) crl;
/* match on issuer name */
if (issuerNames != null) {
X500Principal issuer = xcrl.getIssuerX500Principal();
Iterator<X500Principal> i = issuerX500Principals.iterator();
boolean found = false;
while (!found && i.hasNext()) {
if (i.next().equals(issuer)) {
found = true;
}
}
if (!found) {
if (debug != null) {
debug.println("X509CRLSelector.match: issuer DNs " + "don't match");
}
return false;
}
}
if ((minCRL != null) || (maxCRL != null)) {
/* Get CRL number extension from CRL */
byte[] crlNumExtVal = xcrl.getExtensionValue("2.5.29.20");
if (crlNumExtVal == null) {
if (debug != null) {
debug.println("X509CRLSelector.match: no CRLNumber");
}
}
BigInteger crlNum;
try {
DerInputStream in = new DerInputStream(crlNumExtVal);
byte[] encoded = in.getOctetString();
CRLNumberExtension crlNumExt = new CRLNumberExtension(Boolean.FALSE, encoded);
crlNum = crlNumExt.get(CRLNumberExtension.NUMBER);
} catch (IOException ex) {
if (debug != null) {
debug.println("X509CRLSelector.match: exception in " + "decoding CRL number");
}
return false;
}
/* match on minCRLNumber */
if (minCRL != null) {
if (crlNum.compareTo(minCRL) < 0) {
if (debug != null) {
debug.println("X509CRLSelector.match: CRLNumber too small");
}
return false;
}
}
/* match on maxCRLNumber */
if (maxCRL != null) {
if (crlNum.compareTo(maxCRL) > 0) {
if (debug != null) {
debug.println("X509CRLSelector.match: CRLNumber too large");
}
return false;
}
}
}
/* match on dateAndTime */
if (dateAndTime != null) {
Date crlThisUpdate = xcrl.getThisUpdate();
Date nextUpdate = xcrl.getNextUpdate();
if (nextUpdate == null) {
if (debug != null) {
debug.println("X509CRLSelector.match: nextUpdate null");
}
return false;
}
Date nowPlusSkew = dateAndTime;
Date nowMinusSkew = dateAndTime;
if (skew > 0) {
nowPlusSkew = new Date(dateAndTime.getTime() + skew);
nowMinusSkew = new Date(dateAndTime.getTime() - skew);
}
// nextUpdate + MAX_CLOCK_SKEW ]
if (nowMinusSkew.after(nextUpdate) || nowPlusSkew.before(crlThisUpdate)) {
if (debug != null) {
debug.println("X509CRLSelector.match: update out-of-range");
}
return false;
}
}
return true;
}
Also used :
X500Principal(javax.security.auth.x500.X500Principal)
BigInteger(java.math.BigInteger)
DerInputStream(sun.security.util.DerInputStream)
IOException(java.io.IOException)
CRLNumberExtension(sun.security.x509.CRLNumberExtension)
Aggregations
IOException (java.io.IOException)7
BigInteger (java.math.BigInteger)7
X500Principal (javax.security.auth.x500.X500Principal)6
DerInputStream (sun.security.util.DerInputStream)6
CRLNumberExtension (sun.security.x509.CRLNumberExtension)6
CRLNumberExtension (org.mozilla.jss.netscape.security.x509.CRLNumberExtension)2
ByteArrayInputStream (java.io.ByteArrayInputStream)1
KeyPair (java.security.KeyPair)1
KeyPairGenerator (java.security.KeyPairGenerator)1
CertificateFactory (java.security.cert.CertificateFactory)1
X509CRL (java.security.cert.X509CRL)1
RSAPublicKey (java.security.interfaces.RSAPublicKey)1
ArrayList (java.util.ArrayList)1
Calendar (java.util.Calendar)1
Date (java.util.Date)1
CRLExtensions (org.mozilla.jss.netscape.security.x509.CRLExtensions)1
CRLReasonExtension (org.mozilla.jss.netscape.security.x509.CRLReasonExtension)1
RevokedCertImpl (org.mozilla.jss.netscape.security.x509.RevokedCertImpl)1
RevokedCertificate (org.mozilla.jss.netscape.security.x509.RevokedCertificate)1
X500Name (org.mozilla.jss.netscape.security.x509.X500Name)1
