Search in sources :

Example 1 with CRLNumberExtension

use of sun.security.x509.CRLNumberExtension in project jdk8u_jdk by JetBrains.

the class X509CRLSelector method match.

/**
     * Decides whether a {@code CRL} should be selected.
     *
     * @param crl the {@code CRL} to be checked
     * @return {@code true} if the {@code CRL} should be selected,
     *         {@code false} otherwise
     */
public boolean match(CRL crl) {
    if (!(crl instanceof X509CRL)) {
        return false;
    }
    X509CRL xcrl = (X509CRL) crl;
    /* match on issuer name */
    if (issuerNames != null) {
        X500Principal issuer = xcrl.getIssuerX500Principal();
        Iterator<X500Principal> i = issuerX500Principals.iterator();
        boolean found = false;
        while (!found && i.hasNext()) {
            if (i.next().equals(issuer)) {
                found = true;
            }
        }
        if (!found) {
            if (debug != null) {
                debug.println("X509CRLSelector.match: issuer DNs " + "don't match");
            }
            return false;
        }
    }
    if ((minCRL != null) || (maxCRL != null)) {
        /* Get CRL number extension from CRL */
        byte[] crlNumExtVal = xcrl.getExtensionValue("2.5.29.20");
        if (crlNumExtVal == null) {
            if (debug != null) {
                debug.println("X509CRLSelector.match: no CRLNumber");
            }
        }
        BigInteger crlNum;
        try {
            DerInputStream in = new DerInputStream(crlNumExtVal);
            byte[] encoded = in.getOctetString();
            CRLNumberExtension crlNumExt = new CRLNumberExtension(Boolean.FALSE, encoded);
            crlNum = crlNumExt.get(CRLNumberExtension.NUMBER);
        } catch (IOException ex) {
            if (debug != null) {
                debug.println("X509CRLSelector.match: exception in " + "decoding CRL number");
            }
            return false;
        }
        /* match on minCRLNumber */
        if (minCRL != null) {
            if (crlNum.compareTo(minCRL) < 0) {
                if (debug != null) {
                    debug.println("X509CRLSelector.match: CRLNumber too small");
                }
                return false;
            }
        }
        /* match on maxCRLNumber */
        if (maxCRL != null) {
            if (crlNum.compareTo(maxCRL) > 0) {
                if (debug != null) {
                    debug.println("X509CRLSelector.match: CRLNumber too large");
                }
                return false;
            }
        }
    }
    /* match on dateAndTime */
    if (dateAndTime != null) {
        Date crlThisUpdate = xcrl.getThisUpdate();
        Date nextUpdate = xcrl.getNextUpdate();
        if (nextUpdate == null) {
            if (debug != null) {
                debug.println("X509CRLSelector.match: nextUpdate null");
            }
            return false;
        }
        Date nowPlusSkew = dateAndTime;
        Date nowMinusSkew = dateAndTime;
        if (skew > 0) {
            nowPlusSkew = new Date(dateAndTime.getTime() + skew);
            nowMinusSkew = new Date(dateAndTime.getTime() - skew);
        }
        //     nextUpdate + MAX_CLOCK_SKEW ]
        if (nowMinusSkew.after(nextUpdate) || nowPlusSkew.before(crlThisUpdate)) {
            if (debug != null) {
                debug.println("X509CRLSelector.match: update out-of-range");
            }
            return false;
        }
    }
    return true;
}
Also used : X500Principal(javax.security.auth.x500.X500Principal) BigInteger(java.math.BigInteger) DerInputStream(sun.security.util.DerInputStream) IOException(java.io.IOException) CRLNumberExtension(sun.security.x509.CRLNumberExtension)

Aggregations

IOException (java.io.IOException)1 BigInteger (java.math.BigInteger)1 X500Principal (javax.security.auth.x500.X500Principal)1 DerInputStream (sun.security.util.DerInputStream)1 CRLNumberExtension (sun.security.x509.CRLNumberExtension)1