Java 类java.security.cert.CRLException 实例源码

项目:openjdk-jdk10    文件:X509CRLImpl.java   
/**
 * Verifies that this CRL was signed using the
 * private key that corresponds to the given public key,
 * and that the signature verification was computed by
 * the given provider. Note that the specified Provider object
 * does not have to be registered in the provider list.
 *
 * @param key the PublicKey used to carry out the verification.
 * @param sigProvider the signature provider.
 *
 * @exception NoSuchAlgorithmException on unsupported signature
 * algorithms.
 * @exception InvalidKeyException on incorrect key.
 * @exception SignatureException on signature errors.
 * @exception CRLException on encoding errors.
 */
public synchronized void verify(PublicKey key, Provider sigProvider)
        throws CRLException, NoSuchAlgorithmException, InvalidKeyException,
        SignatureException {

    if (signedCRL == null) {
        throw new CRLException("Uninitialized CRL");
    }
    Signature sigVerf = null;
    if (sigProvider == null) {
        sigVerf = Signature.getInstance(sigAlgId.getName());
    } else {
        sigVerf = Signature.getInstance(sigAlgId.getName(), sigProvider);
    }
    sigVerf.initVerify(key);

    if (tbsCertList == null) {
        throw new CRLException("Uninitialized CRL");
    }

    sigVerf.update(tbsCertList, 0, tbsCertList.length);

    if (!sigVerf.verify(signature)) {
        throw new SignatureException("Signature does not match.");
    }
    verifiedPublicKey = key;
}
项目:openjdk-jdk10    文件:CRLExtensions.java   
private void parseExtension(Extension ext) throws CRLException {
    try {
        Class<?> extClass = OIDMap.getClass(ext.getExtensionId());
        if (extClass == null) {   // Unsupported extension
            if (ext.isCritical())
                unsupportedCritExt = true;
            if (map.put(ext.getExtensionId().toString(), ext) != null)
                throw new CRLException("Duplicate extensions not allowed");
            return;
        }
        Constructor<?> cons = extClass.getConstructor(PARAMS);
        Object[] passed = new Object[] {Boolean.valueOf(ext.isCritical()),
                                        ext.getExtensionValue()};
        CertAttrSet<?> crlExt = (CertAttrSet<?>)cons.newInstance(passed);
        if (map.put(crlExt.getName(), (Extension)crlExt) != null) {
            throw new CRLException("Duplicate extensions not allowed");
        }
    } catch (InvocationTargetException invk) {
        throw new CRLException(invk.getTargetException().getMessage());
    } catch (Exception e) {
        throw new CRLException(e.toString());
    }
}
项目:cas-5.1.0    文件:LdaptiveResourceCRLFetcher.java   
/**
 * Downloads a CRL from given LDAP url.
 *
 * @param r the resource that is the ldap url.
 * @return the x 509 cRL
 * @throws IOException          the exception thrown if resources cant be fetched
 * @throws CRLException         the exception thrown if resources cant be fetched
 * @throws CertificateException if connection to ldap fails, or attribute to get the revocation list is unavailable
 */
protected X509CRL fetchCRLFromLdap(final Object r) throws CertificateException, IOException, CRLException {
    try {
        final String ldapURL = r.toString();
        LOGGER.debug("Fetching CRL from ldap [{}]", ldapURL);

        final Response<SearchResult> result = performLdapSearch(ldapURL);
        if (result.getResultCode() == ResultCode.SUCCESS) {
            final LdapEntry entry = result.getResult().getEntry();
            final LdapAttribute attribute = entry.getAttribute(this.certificateAttribute);

            if (attribute.isBinary()) {
                LOGGER.debug("Located entry [{}]. Retrieving first attribute [{}]", entry, attribute);
                return fetchX509CRLFromAttribute(attribute);
            }
            LOGGER.warn("Found certificate attribute [{}] but it is not marked as a binary attribute", this.certificateAttribute);
        }

        LOGGER.debug("Failed to execute the search [{}]", result);
        throw new CertificateException("Failed to establish a connection ldap and search.");

    } catch (final LdapException e) {
        LOGGER.error(e.getMessage(), e);
        throw new CertificateException(e.getMessage());
    }
}
项目:lazycat    文件:JSSESocketFactory.java   
/**
 * Return the initialization parameters for the TrustManager. Currently,
 * only the default <code>PKIX</code> is supported.
 *
 * @param algorithm
 *            The algorithm to get parameters for.
 * @param crlf
 *            The path to the CRL file.
 * @param trustStore
 *            The configured TrustStore.
 * @return The parameters including the CRLs and TrustStore.
 */
protected CertPathParameters getParameters(String algorithm, String crlf, KeyStore trustStore) throws Exception {
    CertPathParameters params = null;
    if ("PKIX".equalsIgnoreCase(algorithm)) {
        PKIXBuilderParameters xparams = new PKIXBuilderParameters(trustStore, new X509CertSelector());
        Collection<? extends CRL> crls = getCRLs(crlf);
        CertStoreParameters csp = new CollectionCertStoreParameters(crls);
        CertStore store = CertStore.getInstance("Collection", csp);
        xparams.addCertStore(store);
        xparams.setRevocationEnabled(true);
        String trustLength = endpoint.getTrustMaxCertLength();
        if (trustLength != null) {
            try {
                xparams.setMaxPathLength(Integer.parseInt(trustLength));
            } catch (Exception ex) {
                log.warn("Bad maxCertLength: " + trustLength);
            }
        }

        params = xparams;
    } else {
        throw new CRLException("CRLs not supported for type: " + algorithm);
    }
    return params;
}
项目:ipack    文件:X509V2CRLGenerator.java   
/**
 * Add the CRLEntry objects contained in a previous CRL.
 * 
 * @param other the X509CRL to source the other entries from. 
 */
public void addCRL(X509CRL other)
    throws CRLException
{
    Set revocations = other.getRevokedCertificates();

    if (revocations != null)
    {
        Iterator it = revocations.iterator();
        while (it.hasNext())
        {
            X509CRLEntry entry = (X509CRLEntry)it.next();

            ASN1InputStream aIn = new ASN1InputStream(entry.getEncoded());

            try
            {
                tbsGen.addCRLEntry(ASN1Sequence.getInstance(aIn.readObject()));
            }
            catch (IOException e)
            {
                throw new CRLException("exception processing encoding of CRL: " + e.toString());
            }
        }
    }
}
项目:ipack    文件:X509V2CRLGenerator.java   
/**
 * generate an X509 CRL, based on the current issuer and subject,
 * using the passed in provider for the signing.
 */
public X509CRL generate(
    PrivateKey      key,
    String          provider,
    SecureRandom    random)
    throws CRLException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException
{
    TBSCertList tbsCrl = generateCertList();
    byte[] signature;

    try
    {
        signature = X509Util.calculateSignature(sigOID, signatureAlgorithm, provider, key, random, tbsCrl);
    }
    catch (IOException e)
    {
        throw new ExtCRLException("cannot generate CRL encoding", e);
    }

    return generateJcaObject(tbsCrl, signature);
}
项目:openjdk-jdk10    文件:X509CRLEntryImpl.java   
@Override
public int compareTo(X509CRLEntryImpl that) {
    int compSerial = getSerialNumber().compareTo(that.getSerialNumber());
    if (compSerial != 0) {
        return compSerial;
    }
    try {
        byte[] thisEncoded = this.getEncoded0();
        byte[] thatEncoded = that.getEncoded0();
        for (int i=0; i<thisEncoded.length && i<thatEncoded.length; i++) {
            int a = thisEncoded[i] & 0xff;
            int b = thatEncoded[i] & 0xff;
            if (a != b) return a-b;
        }
        return thisEncoded.length -thatEncoded.length;
    } catch (CRLException ce) {
        return -1;
    }
}
项目:ipack    文件:JcaCertStoreBuilder.java   
private CollectionCertStoreParameters convertHolders(JcaX509CertificateConverter certificateConverter, JcaX509CRLConverter crlConverter)
    throws CertificateException, CRLException
{
    List jcaObjs = new ArrayList(certs.size() + crls.size());

    for (Iterator it = certs.iterator(); it.hasNext();)
    {
        jcaObjs.add(certificateConverter.getCertificate((X509CertificateHolder)it.next()));
    }

    for (Iterator it = crls.iterator(); it.hasNext();)
    {
        jcaObjs.add(crlConverter.getCRL((X509CRLHolder)it.next()));
    }

    return new CollectionCertStoreParameters(jcaObjs);
}
项目:ipack    文件:X509CRLObject.java   
public X509CRLObject(
    CertificateList c)
    throws CRLException
{
    this.c = c;

    try
    {
        this.sigAlgName = X509SignatureUtil.getSignatureName(c.getSignatureAlgorithm());

        if (c.getSignatureAlgorithm().getParameters() != null)
        {
            this.sigAlgParams = ((ASN1Encodable)c.getSignatureAlgorithm().getParameters()).toASN1Primitive().getEncoded(ASN1Encoding.DER);
        }
        else
        {
            this.sigAlgParams = null;
        }

        this.isIndirect = isIndirectCRL(this);
    }
    catch (Exception e)
    {
        throw new CRLException("CRL contents invalid: " + e);
    }
}
项目:ipack    文件:X509CRLObject.java   
public void verify(PublicKey key, String sigProvider)
    throws CRLException, NoSuchAlgorithmException,
        InvalidKeyException, NoSuchProviderException, SignatureException
{
    if (!c.getSignatureAlgorithm().equals(c.getTBSCertList().getSignature()))
    {
        throw new CRLException("Signature algorithm on CertificateList does not match TBSCertList.");
    }

    Signature sig;

    if (sigProvider != null)
    {
        sig = Signature.getInstance(getSigAlgName(), sigProvider);
    }
    else
    {
        sig = Signature.getInstance(getSigAlgName());
    }

    sig.initVerify(key);
    sig.update(this.getTBSCertList());

    if (!sig.verify(this.getSignature()))
    {
        throw new SignatureException("CRL does not verify with supplied public key.");
    }
}
项目:ipack    文件:X509CRLParser.java   
private CRL readDERCRL(
    InputStream in)
    throws IOException, CRLException
{
    ASN1InputStream dIn = new ASN1InputStream(in);
    ASN1Sequence seq = (ASN1Sequence)dIn.readObject();

    if (seq.size() > 1
            && seq.getObjectAt(0) instanceof DERObjectIdentifier)
    {
        if (seq.getObjectAt(0).equals(PKCSObjectIdentifiers.signedData))
        {
            sData = new SignedData(ASN1Sequence.getInstance(
                            (ASN1TaggedObject)seq.getObjectAt(1), true)).getCRLs();

            return getCRL();
        }
    }

    return new X509CRLObject(CertificateList.getInstance(seq));
}
项目:ipack    文件:CertificateFactory.java   
private CRL readDERCRL(
    ASN1InputStream aIn)
    throws IOException, CRLException
{
    ASN1Sequence seq = (ASN1Sequence)aIn.readObject();

    if (seq.size() > 1
            && seq.getObjectAt(0) instanceof ASN1ObjectIdentifier)
    {
        if (seq.getObjectAt(0).equals(PKCSObjectIdentifiers.signedData))
        {
            sCrlData = SignedData.getInstance(ASN1Sequence.getInstance(
                (ASN1TaggedObject)seq.getObjectAt(1), true)).getCRLs();

            return getCRL();
        }
    }

    return createCRL(
                 CertificateList.getInstance(seq));
}
项目:openjdk-jdk10    文件:X509CRLImpl.java   
/**
 * Verifies that this CRL was signed using the
 * private key that corresponds to the given public key,
 * and that the signature verification was computed by
 * the given provider.
 *
 * @param key the PublicKey used to carry out the verification.
 * @param sigProvider the name of the signature provider.
 *
 * @exception NoSuchAlgorithmException on unsupported signature
 * algorithms.
 * @exception InvalidKeyException on incorrect key.
 * @exception NoSuchProviderException on incorrect provider.
 * @exception SignatureException on signature errors.
 * @exception CRLException on encoding errors.
 */
public synchronized void verify(PublicKey key, String sigProvider)
        throws CRLException, NoSuchAlgorithmException, InvalidKeyException,
        NoSuchProviderException, SignatureException {

    if (sigProvider == null) {
        sigProvider = "";
    }
    if ((verifiedPublicKey != null) && verifiedPublicKey.equals(key)) {
        // this CRL has already been successfully verified using
        // this public key. Make sure providers match, too.
        if (sigProvider.equals(verifiedProvider)) {
            return;
        }
    }
    if (signedCRL == null) {
        throw new CRLException("Uninitialized CRL");
    }
    Signature   sigVerf = null;
    if (sigProvider.length() == 0) {
        sigVerf = Signature.getInstance(sigAlgId.getName());
    } else {
        sigVerf = Signature.getInstance(sigAlgId.getName(), sigProvider);
    }
    sigVerf.initVerify(key);

    if (tbsCertList == null) {
        throw new CRLException("Uninitialized CRL");
    }

    sigVerf.update(tbsCertList, 0, tbsCertList.length);

    if (!sigVerf.verify(signature)) {
        throw new SignatureException("Signature does not match.");
    }
    verifiedPublicKey = key;
    verifiedProvider = sigProvider;
}
项目:BiglyBT    文件:PrincipalUtil.java   
/**
 * return the issuer of the given CRL as an X509PrincipalObject.
 */
public static X509Principal getIssuerX509Principal(
    X509CRL crl)
    throws CRLException
{
    try
    {
        ByteArrayInputStream    bIn = new ByteArrayInputStream(
            crl.getTBSCertList());
        ASN1InputStream         aIn = new ASN1InputStream(bIn);
        TBSCertList tbsCertList = new TBSCertList(
                                        (ASN1Sequence)aIn.readObject());

        return new X509Principal(tbsCertList.getIssuer());
    }
    catch (IOException e)
    {
        throw new CRLException(e.toString());
    }
}
项目:lams    文件:X509Util.java   
/**
 * Decodes CRLS in DER or PKCS#7 format. If in PKCS#7 format only the CRLs are decode, the rest of the content is
 * ignored.
 * 
 * @param crls encoded CRLs
 * 
 * @return decoded CRLs
 * 
 * @throws CRLException thrown if the CRLs can not be decoded
 * 
 * @since 1.2
 */
public static Collection<X509CRL> decodeCRLs(File crls) throws CRLException{
    if(!crls.exists()){
        throw new CRLException("CRL file " + crls.getAbsolutePath() + " does not exist");
    }

    if(!crls.canRead()){
        throw new CRLException("CRL file " + crls.getAbsolutePath() + " is not readable");
    }

    try{
        return decodeCRLs(DatatypeHelper.fileToByteArray(crls));
    }catch(IOException e){
        throw new CRLException("Error reading CRL file " + crls.getAbsolutePath(), e);
    }
}
项目:lams    文件:KeyInfoHelper.java   
/**
 * Get a list of the Java {@link java.security.cert.X509CRL}s within the given {@link KeyInfo}.
 * 
 * @param keyInfo the {@link KeyInfo} to extract the CRL's from
 * 
 * @return a list of Java {@link java.security.cert.X509CRL}s
 * 
 * @throws CRLException thrown if there is a problem converting the 
 *          CRL data into {@link java.security.cert.X509CRL}s
 */
public static List<X509CRL> getCRLs(KeyInfo keyInfo) throws CRLException {
    List<X509CRL> crlList = new LinkedList<X509CRL>();

    if (keyInfo == null) {
        return crlList;
    }

    List<X509Data> x509Datas = keyInfo.getX509Datas();
    for (X509Data x509Data : x509Datas) {
        if (x509Data != null) {
            crlList.addAll(getCRLs(x509Data));
        }
    }

    return crlList;
}
项目:lams    文件:KeyInfoHelper.java   
/**
 * Get a list of the Java {@link java.security.cert.X509CRL}s within the given {@link X509Data}.
 * 
 * @param x509Data {@link X509Data} to extract the CRLs from
 * 
 * @return a list of Java {@link java.security.cert.X509CRL}s
 * 
 * @throws CRLException thrown if there is a problem converting the 
 *          CRL data into {@link java.security.cert.X509CRL}s
 */
public static List<X509CRL> getCRLs(X509Data x509Data) throws CRLException {
    List<X509CRL> crlList = new LinkedList<X509CRL>();

    if (x509Data == null) {
        return crlList;
    }

    for (org.opensaml.xml.signature.X509CRL xmlCRL : x509Data.getX509CRLs()) {
        if (xmlCRL != null && xmlCRL.getValue() != null) {
            X509CRL newCRL = getCRL(xmlCRL);
            crlList.add(newCRL);
        }
    }

    return crlList;
}
项目:lams    文件:JSSESocketFactory.java   
/**
 * Return the initialization parameters for the TrustManager.
 * Currently, only the default <code>PKIX</code> is supported.
 * 
 * @param algorithm The algorithm to get parameters for.
 * @param crlf The path to the CRL file.
 * @param trustStore The configured TrustStore.
 * @return The parameters including the CRLs and TrustStore.
 */
protected CertPathParameters getParameters(String algorithm, 
                                            String crlf, 
                                            KeyStore trustStore)
    throws Exception {
    CertPathParameters params = null;
    if("PKIX".equalsIgnoreCase(algorithm)) {
        PKIXBuilderParameters xparams = new PKIXBuilderParameters(trustStore, 
                                                                 new X509CertSelector());
        Collection crls = getCRLs(crlf);
        CertStoreParameters csp = new CollectionCertStoreParameters(crls);
        CertStore store = CertStore.getInstance("Collection", csp);
        xparams.addCertStore(store);
        xparams.setRevocationEnabled(true);
        xparams.setMaxPathLength(listener.getSslTrustMaxCertLength());

        params = xparams;
    } else {
        throw new CRLException("CRLs not supported for type: "+algorithm);
    }
    return params;
}
项目:OpenJSharp    文件:CRLExtensions.java   
private void parseExtension(Extension ext) throws CRLException {
    try {
        Class<?> extClass = OIDMap.getClass(ext.getExtensionId());
        if (extClass == null) {   // Unsupported extension
            if (ext.isCritical())
                unsupportedCritExt = true;
            if (map.put(ext.getExtensionId().toString(), ext) != null)
                throw new CRLException("Duplicate extensions not allowed");
            return;
        }
        Constructor<?> cons = extClass.getConstructor(PARAMS);
        Object[] passed = new Object[] {Boolean.valueOf(ext.isCritical()),
                                        ext.getExtensionValue()};
        CertAttrSet<?> crlExt = (CertAttrSet<?>)cons.newInstance(passed);
        if (map.put(crlExt.getName(), (Extension)crlExt) != null) {
            throw new CRLException("Duplicate extensions not allowed");
        }
    } catch (InvocationTargetException invk) {
        throw new CRLException(invk.getTargetException().getMessage());
    } catch (Exception e) {
        throw new CRLException(e.toString());
    }
}
项目:openjdk-jdk10    文件:CertUtils.java   
/**
 * Get a DER-encoded X.509 CRL from a file.
 *
 * @param crlFilePath path to file containing DER-encoded CRL
 * @return the X509CRL
 * @throws CertificateException if the crl type is not supported
 * @throws CRLException if the crl cannot be parsed
 * @throws IOException if the file cannot be opened
 */
public static X509CRL getCRLFromFile(String crlFilePath)
    throws CertificateException, CRLException, IOException {
    File crlFile = new File(System.getProperty("test.src", "."),
                            crlFilePath);
    try (FileInputStream fis = new FileInputStream(crlFile)) {
        return (X509CRL)
            CertificateFactory.getInstance("X.509").generateCRL(fis);
    }
}
项目:springboot-shiro-cas-mybatis    文件:MockX509CRL.java   
/**
 * @see java.security.cert.X509CRL#verify(java.security.PublicKey, java.lang.String)
 */
@Override
public void verify(final PublicKey key, final String sigProvider) throws CRLException,
NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException,
SignatureException {
    // Do nothing to indicate valid signature
}
项目:jdk8u-jdk    文件:X509CRLImpl.java   
/**
 * Unmarshals an X.509 CRL from an DER value.
 *
 * @param val a DER value holding at least one CRL
 * @exception CRLException on parsing errors.
 */
public X509CRLImpl(DerValue val) throws CRLException {
    try {
        parse(val);
    } catch (IOException e) {
        signedCRL = null;
        throw new CRLException("Parsing error: " + e.getMessage());
    }
}
项目:springboot-shiro-cas-mybatis    文件:MockX509CRL.java   
/**
 * @see java.security.cert.X509CRL#verify(java.security.PublicKey, java.lang.String)
 */
@Override
public void verify(final PublicKey key, final String sigProvider) throws CRLException,
NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException,
SignatureException {
    // Do nothing to indicate valid signature
}
项目:openjdk-jdk10    文件:AlgorithmChecker.java   
/**
 * Check the signature algorithm with the specified public key.
 *
 * @param key the public key to verify the CRL signature
 * @param crl the target CRL
 * @param variant is the Validator variants of the operation. A null value
 *                passed will set it to Validator.GENERIC.
 */
static void check(PublicKey key, X509CRL crl, String variant)
                    throws CertPathValidatorException {

    X509CRLImpl x509CRLImpl = null;
    try {
        x509CRLImpl = X509CRLImpl.toImpl(crl);
    } catch (CRLException ce) {
        throw new CertPathValidatorException(ce);
    }

    AlgorithmId algorithmId = x509CRLImpl.getSigAlgId();
    check(key, algorithmId, variant);
}
项目:apache-tomcat-7.0.73-with-comment    文件:JSSESocketFactory.java   
/**
 * Return the initialization parameters for the TrustManager.
 * Currently, only the default <code>PKIX</code> is supported.
 *
 * @param algorithm The algorithm to get parameters for.
 * @param crlf The path to the CRL file.
 * @param trustStore The configured TrustStore.
 * @return The parameters including the CRLs and TrustStore.
 */
protected CertPathParameters getParameters(String algorithm,
                                            String crlf,
                                            KeyStore trustStore)
    throws Exception {
    CertPathParameters params = null;
    if("PKIX".equalsIgnoreCase(algorithm)) {
        PKIXBuilderParameters xparams =
            new PKIXBuilderParameters(trustStore, new X509CertSelector());
        Collection<? extends CRL> crls = getCRLs(crlf);
        CertStoreParameters csp = new CollectionCertStoreParameters(crls);
        CertStore store = CertStore.getInstance("Collection", csp);
        xparams.addCertStore(store);
        xparams.setRevocationEnabled(true);
        String trustLength = endpoint.getTrustMaxCertLength();
        if(trustLength != null) {
            try {
                xparams.setMaxPathLength(Integer.parseInt(trustLength));
            } catch(Exception ex) {
                log.warn("Bad maxCertLength: "+trustLength);
            }
        }

        params = xparams;
    } else {
        throw new CRLException("CRLs not supported for type: "+algorithm);
    }
    return params;
}
项目:cas-5.1.0    文件:LdaptiveResourceCRLFetcher.java   
@Override
public X509CRL fetch(final Resource crl) throws IOException, CRLException, CertificateException {
    if (LdapUtils.isLdapConnectionUrl(crl.toString())) {
        return fetchCRLFromLdap(crl);
    }
    return super.fetch(crl);
}
项目:cas-5.1.0    文件:LdaptiveResourceCRLFetcher.java   
@Override
public X509CRL fetch(final URI crl) throws IOException, CRLException, CertificateException {
    if (LdapUtils.isLdapConnectionUrl(crl)) {
        return fetchCRLFromLdap(crl);
    }
    return super.fetch(crl);
}
项目:cas-5.1.0    文件:LdaptiveResourceCRLFetcher.java   
@Override
public X509CRL fetch(final URL crl) throws IOException, CRLException, CertificateException {
    if (LdapUtils.isLdapConnectionUrl(crl)) {
        return fetchCRLFromLdap(crl);
    }
    return super.fetch(crl);
}
项目:cas-5.1.0    文件:ResourceCRLFetcher.java   
@Override
public Collection<X509CRL> fetch(final Collection<Resource> crls) throws IOException, CRLException, CertificateException {
    final Set<X509CRL> results = new HashSet<>();
    for (final Resource r : crls) {
        LOGGER.debug("Fetching CRL data from [{}]", r);
        try(InputStream ins = r.getInputStream()) {
            final X509CRL crl = (X509CRL) CertUtils.getCertificateFactory().generateCRL(ins);
            if (crl != null) {
                results.add(crl);
            }
        }
    }
    return results;
}
项目:OpenJSharp    文件:X509CRLEntryImpl.java   
/**
 * Encodes the revoked certificate to an output stream.
 *
 * @param outStrm an output stream to which the encoded revoked
 * certificate is written.
 * @exception CRLException on encoding errors.
 */
public void encode(DerOutputStream outStrm) throws CRLException {
    try {
        if (revokedCert == null) {
            DerOutputStream tmp = new DerOutputStream();
            // sequence { serialNumber, revocationDate, extensions }
            serialNumber.encode(tmp);

            if (revocationDate.getTime() < YR_2050) {
                tmp.putUTCTime(revocationDate);
            } else {
                tmp.putGeneralizedTime(revocationDate);
            }

            if (extensions != null)
                extensions.encode(tmp, isExplicit);

            DerOutputStream seq = new DerOutputStream();
            seq.write(DerValue.tag_Sequence, tmp);

            revokedCert = seq.toByteArray();
        }
        outStrm.write(revokedCert);
    } catch (IOException e) {
         throw new CRLException("Encoding error: " + e.toString());
    }
}
项目:cas-5.1.0    文件:MockX509CRL.java   
/**
 * @see java.security.cert.X509CRL#verify(java.security.PublicKey)
 */
@Override
public void verify(final PublicKey key) throws CRLException,
NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException,
SignatureException {
    // Do nothing to indicate valid signature
}
项目:openjdk-jdk10    文件:X509CRLImpl.java   
/**
 * Unmarshals an X.509 CRL from an input stream. Only one CRL
 * is expected at the end of the input stream.
 *
 * @param inStrm an input stream holding at least one CRL
 * @exception CRLException on parsing errors.
 */
public X509CRLImpl(InputStream inStrm) throws CRLException {
    try {
        parse(new DerValue(inStrm));
    } catch (IOException e) {
        signedCRL = null;
        throw new CRLException("Parsing error: " + e.getMessage());
    }
}
项目:ipack    文件:X509V2CRLGenerator.java   
/**
 * generate an X509 certificate, based on the current issuer and subject
 * using the passed in provider for the signing.
 */
public X509CRL generate(
    PrivateKey      key,
    String          provider)
    throws CRLException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException
{
    return generate(key, provider, null);
}
项目:jdk8u-jdk    文件:AlgorithmChecker.java   
/**
 * Check the signature algorithm with the specified public key.
 *
 * @param key the public key to verify the CRL signature
 * @param crl the target CRL
 */
static void check(PublicKey key, X509CRL crl)
                    throws CertPathValidatorException {

    X509CRLImpl x509CRLImpl = null;
    try {
        x509CRLImpl = X509CRLImpl.toImpl(crl);
    } catch (CRLException ce) {
        throw new CertPathValidatorException(ce);
    }

    AlgorithmId algorithmId = x509CRLImpl.getSigAlgId();
    check(key, algorithmId);
}
项目:ipack    文件:X509CRLObject.java   
public byte[] getEncoded()
    throws CRLException
{
    try
    {
        return c.getEncoded(ASN1Encoding.DER);
    }
    catch (IOException e)
    {
        throw new CRLException(e.toString());
    }
}
项目:ipack    文件:X509CRLObject.java   
public byte[] getTBSCertList()
    throws CRLException
{
    try
    {
        return c.getTBSCertList().getEncoded("DER");
    }
    catch (IOException e)
    {
        throw new CRLException(e.toString());
    }
}
项目:openjdk-jdk10    文件:X509CRLEntryImpl.java   
/**
 * Unmarshals a revoked certificate from its encoded form.
 *
 * @param revokedCert the encoded bytes.
 * @exception CRLException on parsing errors.
 */
public X509CRLEntryImpl(byte[] revokedCert) throws CRLException {
    try {
        parse(new DerValue(revokedCert));
    } catch (IOException e) {
        this.revokedCert = null;
        throw new CRLException("Parsing error: " + e.toString());
    }
}
项目:ipack    文件:X509CRLParser.java   
private CRL readPEMCRL(
    InputStream  in)
    throws IOException, CRLException
{
    ASN1Sequence seq = PEM_PARSER.readPEMObject(in);

    if (seq != null)
    {
        return new X509CRLObject(CertificateList.getInstance(seq));
    }

    return null;
}
项目:ipack    文件:CertificateFactory.java   
private CRL readPEMCRL(
    InputStream in)
    throws IOException, CRLException
{
    ASN1Sequence seq = PEM_CRL_PARSER.readPEMObject(in);

    if (seq != null)
    {
        return createCRL(
                        CertificateList.getInstance(seq));
    }

    return null;
}
项目:ipack    文件:CertificateFactory.java   
private CRL getCRL()
    throws CRLException
{
    if (sCrlData == null || sCrlDataObjectCount >= sCrlData.size())
    {
        return null;
    }

    return createCRL(
                        CertificateList.getInstance(
                            sCrlData.getObjectAt(sCrlDataObjectCount++)));
}