/** * Add the CRLEntry objects contained in a previous CRL. * * @param other the X509CRL to source the other entries from. */ public void addCRL(X509CRL other) throws CRLException { Set revocations = other.getRevokedCertificates(); if (revocations != null) { Iterator it = revocations.iterator(); while (it.hasNext()) { X509CRLEntry entry = (X509CRLEntry)it.next(); ASN1InputStream aIn = new ASN1InputStream(entry.getEncoded()); try { tbsGen.addCRLEntry(ASN1Sequence.getInstance(aIn.readObject())); } catch (IOException e) { throw new CRLException("exception processing encoding of CRL: " + e.toString()); } } } }
/** {@inheritDoc} */ @Override public void check(final X509Certificate cert) throws GeneralSecurityException { if (cert == null) { throw new IllegalArgumentException("Certificate cannot be null."); } logger.debug("Evaluating certificate revocation status for {}", CertUtils.toString(cert)); final X509CRL crl = getCRL(cert); if (crl == null) { logger.warn("CRL data is not available for {}", CertUtils.toString(cert)); this.unavailableCRLPolicy.apply(null); return; } if (CertUtils.isExpired(crl)) { logger.warn("CRL data expired on ", crl.getNextUpdate()); this.expiredCRLPolicy.apply(crl); } final X509CRLEntry entry = crl.getRevokedCertificate(cert); if (entry != null) { throw new RevokedCertificateException(entry); } }
/** * This static method is the default implementation of the * getRevocationReason method in X509CRLEntry. */ public static CRLReason getRevocationReason(X509CRLEntry crlEntry) { try { byte[] ext = crlEntry.getExtensionValue("2.5.29.21"); if (ext == null) { return null; } DerValue val = new DerValue(ext); byte[] data = val.getOctetString(); CRLReasonCodeExtension rcExt = new CRLReasonCodeExtension(Boolean.FALSE, data); return rcExt.getReasonCode(); } catch (IOException ioe) { return null; } }
@Override public X509CRLEntry getRevokedCertificate(X509Certificate certificate) { if (certificate instanceof OpenSSLX509Certificate) { OpenSSLX509Certificate osslCert = (OpenSSLX509Certificate) certificate; final long x509RevokedRef = NativeCrypto.X509_CRL_get0_by_cert(mContext, osslCert.getContext()); if (x509RevokedRef == 0) { return null; } return new OpenSSLX509CRLEntry(NativeCrypto.X509_REVOKED_dup(x509RevokedRef)); } return getRevokedCertificate(certificate.getSerialNumber()); }
/** * Load the RevokedCertsTableModel with an array of X.509 CRL entries. * * @param revokedCerts The X.509 CRL entries */ public void load(X509CRLEntry[] revokedCerts) { // Create one table row for each revoked certificate m_data = new Object[revokedCerts.length][getColumnCount()]; // Iterate through the sorted revoked certificates populating the table model int iCnt = 0; for (X509CRLEntry x509CrlEntry : revokedCerts) { int col = 0; // Populate the serial number column m_data[iCnt][col++] = x509CrlEntry.getSerialNumber(); // Populate the modified date column m_data[iCnt][col++] = x509CrlEntry.getRevocationDate(); iCnt++; } fireTableDataChanged(); }
private void crlEntrySelection() { int row = jtRevokedCerts.getSelectedRow(); if (row != -1) { BigInteger serialNumber = (BigInteger) jtRevokedCerts.getValueAt(row, 0); Set<?> revokedCertsSet = crl.getRevokedCertificates(); X509CRLEntry x509CrlEntry = null; for (Iterator<?> itr = revokedCertsSet.iterator(); itr.hasNext();) { X509CRLEntry entry = (X509CRLEntry) itr.next(); if (serialNumber.equals(entry.getSerialNumber())) { x509CrlEntry = entry; break; } } if (x509CrlEntry.hasExtensions()) { jbCrlEntryExtensions.setEnabled(true); return; } } jbCrlEntryExtensions.setEnabled(false); }
private void displayCrlEntryExtensions() { int row = jtRevokedCerts.getSelectedRow(); if (row != -1) { BigInteger serialNumber = (BigInteger) jtRevokedCerts.getValueAt(row, 0); Set<?> revokedCertsSet = crl.getRevokedCertificates(); X509CRLEntry x509CrlEntry = null; for (Iterator<?> itr = revokedCertsSet.iterator(); itr.hasNext();) { X509CRLEntry entry = (X509CRLEntry) itr.next(); if (serialNumber.equals(entry.getSerialNumber())) { x509CrlEntry = entry; break; } } if (x509CrlEntry.hasExtensions()) { DViewExtensions dViewExtensions = new DViewExtensions(this, res.getString("DViewCrl.EntryExtensions.Title"), x509CrlEntry); dViewExtensions.setLocationRelativeTo(this); dViewExtensions.setVisible(true); } } }
/** * Method searches for CRL entry with specified serial number. * The method will search only certificate issued by CRL's issuer. * @see java.security.cert.X509CRL#getRevokedCertificate(BigInteger) * method documentation for more info */ public X509CRLEntry getRevokedCertificate(BigInteger serialNumber) { if (!entriesRetrieved) { retrieveEntries(); } if (entries == null) { return null; } for (int i=0; i<nonIndirectEntriesSize; i++) { X509CRLEntry entry = (X509CRLEntry) entries.get(i); if (serialNumber.equals(entry.getSerialNumber())) { return entry; } } return null; }
/** * @param certificateToken * the {@code CertificateToken} which is managed by this CRL. */ private void setRevocationStatus(final CertificateToken certificateToken) { final CertificateToken issuerToken = certificateToken.getIssuerToken(); if (!issuerToken.equals(crlValidity.getIssuerToken())) { if (!crlValidity.isSignatureIntact()) { throw new DSSException(crlValidity.getSignatureInvalidityReason()); } throw new DSSException("The CRLToken is not signed by the same issuer as the CertificateToken to be verified!"); } final BigInteger serialNumber = certificateToken.getSerialNumber(); X509CRLEntry crlEntry = CRLUtils.getRevocationInfo(crlValidity, serialNumber); status = null == crlEntry; if (!status) { revocationDate = crlEntry.getRevocationDate(); CRLReason revocationReason = crlEntry.getRevocationReason(); if (revocationReason != null) { reason = CRLReasonEnum.fromInt(revocationReason.ordinal()).name(); } } }
public X509CRLEntry getRevokedCertificate(BigInteger serialNumber) { TBSCertList.CRLEntry[] certs = c.getRevokedCertificates(); if ( certs != null ) { for ( int i = 0; i < certs.length; i++ ) { if ( certs[i].getUserCertificate().getValue().equals(serialNumber) ) { return new X509CRLEntryObject(certs[i]); } } } return null; }
public void indirectCRLTest() throws Exception { CertificateFactory cf = CertificateFactory.getInstance("X.509", "BC"); ByteArrayInputStream in = new ByteArrayInputStream(inDirectCrl); X509CRL crl = (X509CRL) cf.generateCRL(in); Set set = crl.getRevokedCertificates(); Iterator it = set.iterator(); while (it.hasNext()) { if (((X509CRLEntry)it.next()).getCertificateIssuer() == null) { fail("certificate issuer CRL entry extension is null"); } } }
public void directCRLTest() throws Exception { CertificateFactory cf = CertificateFactory.getInstance("X.509", "BC"); ByteArrayInputStream in = new ByteArrayInputStream(directCRL); X509CRL crl = (X509CRL) cf.generateCRL(in); Set set = crl.getRevokedCertificates(); Iterator it = set.iterator(); while (it.hasNext()) { if (((X509CRLEntry)it.next()).getCertificateIssuer() != null) { fail("certificate issuer CRL entry extension is not null"); } } }
/** * Method searches for CRL entry with specified serial number. * The method will search only certificate issued by CRL's issuer. * @see X509CRL#getRevokedCertificate(BigInteger) * method documentation for more info */ public X509CRLEntry getRevokedCertificate(BigInteger serialNumber) { if (!entriesRetrieved) { retrieveEntries(); } if (entries == null) { return null; } for (int i=0; i<nonIndirectEntriesSize; i++) { X509CRLEntry entry = (X509CRLEntry) entries.get(i); if (serialNumber.equals(entry.getSerialNumber())) { return entry; } } return null; }
/** * Method searches for CRL entry with specified serial number. * The method will search only certificate issued by CRL's issuer. * @see java.security.cert.X509CRL#getRevokedCertificate(BigInteger) * method documentation for more info */ public X509CRLEntry getRevokedCertificate(BigInteger serialNumber) { if (!entriesRetrieved) { retirieveEntries(); } if (entries == null) { return null; } for (int i=0; i<nonIndirectEntriesSize; i++) { X509CRLEntry entry = (X509CRLEntry) entries.get(i); if (serialNumber.equals(entry.getSerialNumber())) { return entry; } } return null; }
