Example 1 with CRLDistributionPointsExtension
use of sun.security.x509.CRLDistributionPointsExtension in project jdk8u_jdk by JetBrains.
the class Parse method CRLDistributionPointsExtensionTest.
/*
* Create an X509Certificate then attempt to construct a
* CRLDistributionPointsExtension object from its extension value bytes.
*/
private static void CRLDistributionPointsExtensionTest(String certStr) throws Exception {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
ByteArrayInputStream is = new ByteArrayInputStream(certStr.getBytes());
X509Certificate cert = (X509Certificate) cf.generateCertificate(is);
// oid for CRL Distribution Points = 2.5.29.31
byte[] CDPExtBytes = cert.getExtensionValue("2.5.29.31");
DerValue val = new DerValue(CDPExtBytes);
byte[] data = val.getOctetString();
CRLDistributionPointsExtension CDPExt = new CRLDistributionPointsExtension(false, data);
}
Also used :
CRLDistributionPointsExtension(sun.security.x509.CRLDistributionPointsExtension)
ByteArrayInputStream(java.io.ByteArrayInputStream)
DerValue(sun.security.util.DerValue)
CertificateFactory(java.security.cert.CertificateFactory)
X509Certificate(java.security.cert.X509Certificate)
Example 2 with CRLDistributionPointsExtension
use of sun.security.x509.CRLDistributionPointsExtension in project OpenAM by OpenRock.
the class AMCRLStore method getCRLDPExt.
/**
* It checks whether the certificate has CRLDistributionPointsExtension
* or not. If there is, it returns the extension.
*
* @param certificate
*/
private CRLDistributionPointsExtension getCRLDPExt(X509Certificate certificate) {
CRLDistributionPointsExtension dpExt = null;
try {
X509CertImpl certImpl = new X509CertImpl(certificate.getEncoded());
dpExt = certImpl.getCRLDistributionPointsExtension();
} catch (Exception e) {
debug.error("Error finding CRL distribution Point configured: ", e);
}
return dpExt;
}
Also used :
CRLDistributionPointsExtension(sun.security.x509.CRLDistributionPointsExtension)
X509CertImpl(sun.security.x509.X509CertImpl)
LdapException(org.forgerock.opendj.ldap.LdapException)
GeneralSecurityException(java.security.GeneralSecurityException)
IOException(java.io.IOException)
LocalizedIllegalArgumentException(org.forgerock.i18n.LocalizedIllegalArgumentException)
Example 3 with CRLDistributionPointsExtension
use of sun.security.x509.CRLDistributionPointsExtension in project OpenAM by OpenRock.
the class AMCRLStore method getCRL.
/**
* Checks certificate and returns corresponding stored CRL in ldap store
*
* @param certificate
*/
public X509CRL getCRL(X509Certificate certificate) throws IOException {
SearchResultEntry crlEntry = null;
X509CRL crl = null;
if (storeParam.isDoCRLCaching()) {
if (debug.messageEnabled()) {
debug.message("AMCRLStore.getCRL: Trying to get CRL from cache");
}
crl = getCRLFromCache(certificate);
}
try (Connection ldc = getConnection()) {
if (ldc == null) {
return null;
}
if (crl == null) {
if (debug.messageEnabled()) {
debug.message("AMCRLStore.getCRL: crl is null");
}
if (mCrlAttrName == null) {
crlEntry = getLdapEntry(ldc, CERTIFICATE_REVOCATION_LIST, CERTIFICATE_REVOCATION_LIST_BINARY);
} else {
crlEntry = getLdapEntry(ldc, mCrlAttrName);
}
crl = getCRLFromEntry(crlEntry);
}
if (storeParam.isDoUpdateCRLs() && needCRLUpdate(crl)) {
if (debug.messageEnabled()) {
debug.message("AMCRLStore.getCRL: need CRL update");
}
X509CRL tmpcrl = null;
IssuingDistributionPointExtension crlIDPExt = null;
try {
if (crl != null) {
crlIDPExt = getCRLIDPExt(crl);
}
} catch (Exception e) {
debug.message("AMCRLStore.getCRL: crlIDPExt is null");
}
CRLDistributionPointsExtension crlDPExt = null;
try {
crlDPExt = getCRLDPExt(certificate);
} catch (Exception e) {
debug.message("AMCRLStore.getCRL: crlDPExt is null");
}
if ((tmpcrl == null) && (crlIDPExt != null)) {
tmpcrl = getUpdateCRLFromCrlIDP(crlIDPExt);
}
if ((tmpcrl == null) && (crlDPExt != null)) {
tmpcrl = getUpdateCRLFromCrlDP(crlDPExt);
}
if (tmpcrl != null) {
if (crlEntry == null) {
crlEntry = getLdapEntry(ldc);
}
if (debug.messageEnabled()) {
debug.message("AMCRLStore.getCRL: new crl = " + tmpcrl);
}
if (crlEntry != null) {
updateCRL(ldc, crlEntry.getName().toString(), tmpcrl.getEncoded());
}
}
crl = tmpcrl;
}
if (storeParam.isDoCRLCaching()) {
if (debug.messageEnabled()) {
debug.message("AMCRLStore.getCRL: Updating CRL cache");
}
updateCRLCache(certificate, crl);
}
} catch (Exception e) {
debug.error("AMCRLStore.getCRL: Error in getting CRL : ", e);
}
return crl;
}
Also used :
IssuingDistributionPointExtension(com.iplanet.security.x509.IssuingDistributionPointExtension)
X509CRL(java.security.cert.X509CRL)
CRLDistributionPointsExtension(sun.security.x509.CRLDistributionPointsExtension)
HttpURLConnection(java.net.HttpURLConnection)
Connection(org.forgerock.opendj.ldap.Connection)
LdapException(org.forgerock.opendj.ldap.LdapException)
GeneralSecurityException(java.security.GeneralSecurityException)
IOException(java.io.IOException)
LocalizedIllegalArgumentException(org.forgerock.i18n.LocalizedIllegalArgumentException)
SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)
Example 4 with CRLDistributionPointsExtension
use of sun.security.x509.CRLDistributionPointsExtension in project OpenAM by OpenRock.
the class AMCRLStore method getUpdateCRLFromCrlDP.
/**
* It updates CRL under the dn in the directory server.
* It retrieves CRL distribution points from the parameter
* CRLDistributionPointsExtension dpExt.
*
* @param dpExt
*/
private synchronized X509CRL getUpdateCRLFromCrlDP(CRLDistributionPointsExtension dpExt) {
// Get CRL Distribution points
if (dpExt == null) {
return null;
}
List dps = null;
try {
dps = (List) dpExt.get(CRLDistributionPointsExtension.POINTS);
} catch (IOException ioex) {
if (debug.warningEnabled()) {
debug.warning("AMCRLStore.getUpdateCRLFromCrlDP: ", ioex);
}
}
if (dps == null || dps.isEmpty()) {
return null;
}
for (Object dp1 : dps) {
DistributionPoint dp = (DistributionPoint) dp1;
GeneralNames gName = dp.getFullName();
if (debug.messageEnabled()) {
debug.message("AMCRLStore.getUpdateCRLFromCrlDP: DP = " + gName);
}
byte[] Crls = getCRLsFromGeneralNames(gName);
if (Crls != null && Crls.length > 0) {
try {
return (X509CRL) cf.generateCRL(new ByteArrayInputStream(Crls));
} catch (Exception ex) {
if (debug.warningEnabled()) {
debug.warning("AMCRLStore.getUpdateCRLFromCrlDP: " + "Error in generating X509CRL", ex);
}
}
}
}
return null;
}
Also used :
X509CRL(java.security.cert.X509CRL)
GeneralNames(sun.security.x509.GeneralNames)
ByteArrayInputStream(java.io.ByteArrayInputStream)
List(java.util.List)
IOException(java.io.IOException)
DistributionPoint(sun.security.x509.DistributionPoint)
LdapException(org.forgerock.opendj.ldap.LdapException)
GeneralSecurityException(java.security.GeneralSecurityException)
IOException(java.io.IOException)
LocalizedIllegalArgumentException(org.forgerock.i18n.LocalizedIllegalArgumentException)
Example 5 with CRLDistributionPointsExtension
use of sun.security.x509.CRLDistributionPointsExtension in project OpenAM by OpenRock.
the class AMCRLStore method getUpdateCRLFromCrlIDP.
/**
* It updates CRL under the dn in the directory server.
* It retrieves CRL distribution points from the parameter
* CRLDistributionPointsExtension dpExt.
*
* @param idpExt
*/
private synchronized X509CRL getUpdateCRLFromCrlIDP(IssuingDistributionPointExtension idpExt) {
GeneralNames gName = idpExt.getFullName();
if (gName == null) {
return null;
}
if (debug.messageEnabled()) {
debug.message("AMCRLStore.getUpdateCRLFromCrlIDP: gName = " + gName);
}
byte[] Crls = getCRLsFromGeneralNames(gName);
X509CRL crl = null;
if (Crls != null) {
try {
crl = (X509CRL) cf.generateCRL(new ByteArrayInputStream(Crls));
} catch (Exception e) {
debug.error("Error in generating X509CRL" + e.toString());
}
}
return crl;
}
Also used :
X509CRL(java.security.cert.X509CRL)
GeneralNames(sun.security.x509.GeneralNames)
ByteArrayInputStream(java.io.ByteArrayInputStream)
LdapException(org.forgerock.opendj.ldap.LdapException)
GeneralSecurityException(java.security.GeneralSecurityException)
IOException(java.io.IOException)
LocalizedIllegalArgumentException(org.forgerock.i18n.LocalizedIllegalArgumentException)
Aggregations
IOException (java.io.IOException)5
GeneralSecurityException (java.security.GeneralSecurityException)4
LocalizedIllegalArgumentException (org.forgerock.i18n.LocalizedIllegalArgumentException)4
LdapException (org.forgerock.opendj.ldap.LdapException)4
ByteArrayInputStream (java.io.ByteArrayInputStream)3
X509CRL (java.security.cert.X509CRL)3
CRLDistributionPointsExtension (sun.security.x509.CRLDistributionPointsExtension)3
GeneralNames (sun.security.x509.GeneralNames)2
IssuingDistributionPointExtension (com.iplanet.security.x509.IssuingDistributionPointExtension)1
HttpURLConnection (java.net.HttpURLConnection)1
CertificateFactory (java.security.cert.CertificateFactory)1
X509Certificate (java.security.cert.X509Certificate)1
List (java.util.List)1
Connection (org.forgerock.opendj.ldap.Connection)1
SearchResultEntry (org.forgerock.opendj.ldap.responses.SearchResultEntry)1
DerValue (sun.security.util.DerValue)1
DistributionPoint (sun.security.x509.DistributionPoint)1
URIName (sun.security.x509.URIName)1
X509CertImpl (sun.security.x509.X509CertImpl)1
