java.security.cert.CRL Java Examples
The following examples show how to use
java.security.cert.CRL.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: Main.java From openjdk-jdk8u with GNU General Public License v2.0 | 6 votes |
|
private void printCRL(CRL crl, PrintStream out)
throws Exception {
X509CRL xcrl = (X509CRL)crl;
if (rfc) {
out.println("-----BEGIN X509 CRL-----");
out.println(Base64.getMimeEncoder(64, CRLF).encodeToString(xcrl.getEncoded()));
out.println("-----END X509 CRL-----");
} else {
String s;
if (crl instanceof X509CRLImpl) {
X509CRLImpl x509crl = (X509CRLImpl) crl;
s = x509crl.toStringWithAlgName(withWeak("" + x509crl.getSigAlgId()));
} else {
s = crl.toString();
}
out.println(s);
}
}
Example #2
| Source File: Main.java From Bytecoder with Apache License 2.0 | 6 votes |
|
private static String verifyCRL(KeyStore ks, CRL crl)
throws Exception {
X509CRLImpl xcrl = (X509CRLImpl)crl;
X500Principal issuer = xcrl.getIssuerX500Principal();
for (String s: e2i(ks.aliases())) {
Certificate cert = ks.getCertificate(s);
if (cert instanceof X509Certificate) {
X509Certificate xcert = (X509Certificate)cert;
if (xcert.getSubjectX500Principal().equals(issuer)) {
try {
((X509CRLImpl)crl).verify(cert.getPublicKey());
return s;
} catch (Exception e) {
}
}
}
}
return null;
}
Example #3
| Source File: Main.java From openjdk-jdk9 with GNU General Public License v2.0 | 6 votes |
|
private static String verifyCRL(KeyStore ks, CRL crl)
throws Exception {
X509CRLImpl xcrl = (X509CRLImpl)crl;
X500Principal issuer = xcrl.getIssuerX500Principal();
for (String s: e2i(ks.aliases())) {
Certificate cert = ks.getCertificate(s);
if (cert instanceof X509Certificate) {
X509Certificate xcert = (X509Certificate)cert;
if (xcert.getSubjectX500Principal().equals(issuer)) {
try {
((X509CRLImpl)crl).verify(cert.getPublicKey());
return s;
} catch (Exception e) {
}
}
}
}
return null;
}
Example #4
| Source File: X509CRLSelector2Test.java From j2objc with Apache License 2.0 | 6 votes |
|
/**
* setMinCRLNumber(BigInteger minCRL) method testing. Tests if CRLs with any
* crl number value match the selector in the case of null crlNumber
* criteria, if specified minCRL value matches the selector, and if CRL with
* inappropriate crlNumber value does not match the selector.
*/
public void testSetMinCRLNumberLjava_math_BigInteger() {
X509CRLSelector selector = new X509CRLSelector();
BigInteger minCRL = new BigInteger("10000");
CRL crl = new TestCRL(minCRL);
selector.setMinCRLNumber(null);
assertTrue("Any CRL should match in the case of null minCRLNumber.",
selector.match(crl));
selector.setMinCRLNumber(minCRL);
assertTrue("The CRL should match the selection criteria.", selector
.match(crl));
selector.setMinCRLNumber(new BigInteger("10001"));
assertFalse("The CRL should not match the selection criteria.",
selector.match(crl));
}
Example #5
| Source File: Main.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 6 votes |
|
private static String verifyCRL(KeyStore ks, CRL crl)
throws Exception {
X509CRLImpl xcrl = (X509CRLImpl)crl;
X500Principal issuer = xcrl.getIssuerX500Principal();
for (String s: e2i(ks.aliases())) {
Certificate cert = ks.getCertificate(s);
if (cert instanceof X509Certificate) {
X509Certificate xcert = (X509Certificate)cert;
if (xcert.getSubjectX500Principal().equals(issuer)) {
try {
((X509CRLImpl)crl).verify(cert.getPublicKey());
return s;
} catch (Exception e) {
}
}
}
}
return null;
}
Example #6
| Source File: PKIXCRLStoreSelector.java From ripple-lib-java with ISC License | 6 votes |
|
public static Collection<? extends CRL> getCRLs(final PKIXCRLStoreSelector selector, CertStore certStore)
throws CertStoreException
{
return certStore.getCRLs(new CRLSelector()
{
public boolean match(CRL crl)
{
return selector.match(crl);
}
public Object clone()
{
return this;
}
});
}
Example #7
| Source File: Main.java From Bytecoder with Apache License 2.0 | 6 votes |
|
private void printCRL(CRL crl, PrintStream out)
throws Exception {
X509CRL xcrl = (X509CRL)crl;
if (rfc) {
out.println("-----BEGIN X509 CRL-----");
out.println(Base64.getMimeEncoder(64, CRLF).encodeToString(xcrl.getEncoded()));
out.println("-----END X509 CRL-----");
} else {
String s;
if (crl instanceof X509CRLImpl) {
X509CRLImpl x509crl = (X509CRLImpl) crl;
s = x509crl.toStringWithAlgName(withWeak("" + x509crl.getSigAlgId()));
} else {
s = crl.toString();
}
out.println(s);
}
}
Example #8
| Source File: Main.java From jdk8u_jdk with GNU General Public License v2.0 | 6 votes |
|
private static String verifyCRL(KeyStore ks, CRL crl)
throws Exception {
X509CRLImpl xcrl = (X509CRLImpl)crl;
X500Principal issuer = xcrl.getIssuerX500Principal();
for (String s: e2i(ks.aliases())) {
Certificate cert = ks.getCertificate(s);
if (cert instanceof X509Certificate) {
X509Certificate xcert = (X509Certificate)cert;
if (xcert.getSubjectX500Principal().equals(issuer)) {
try {
((X509CRLImpl)crl).verify(cert.getPublicKey());
return s;
} catch (Exception e) {
}
}
}
}
return null;
}
Example #9
| Source File: Main.java From jdk8u_jdk with GNU General Public License v2.0 | 6 votes |
|
private void printCRL(CRL crl, PrintStream out)
throws Exception {
X509CRL xcrl = (X509CRL)crl;
if (rfc) {
out.println("-----BEGIN X509 CRL-----");
out.println(Base64.getMimeEncoder(64, CRLF).encodeToString(xcrl.getEncoded()));
out.println("-----END X509 CRL-----");
} else {
String s;
if (crl instanceof X509CRLImpl) {
X509CRLImpl x509crl = (X509CRLImpl) crl;
s = x509crl.toStringWithAlgName(withWeak("" + x509crl.getSigAlgId()));
} else {
s = crl.toString();
}
out.println(s);
}
}
Example #10
| Source File: Main.java From openjdk-jdk8u with GNU General Public License v2.0 | 6 votes |
|
private static String verifyCRL(KeyStore ks, CRL crl)
throws Exception {
X509CRLImpl xcrl = (X509CRLImpl)crl;
X500Principal issuer = xcrl.getIssuerX500Principal();
for (String s: e2i(ks.aliases())) {
Certificate cert = ks.getCertificate(s);
if (cert instanceof X509Certificate) {
X509Certificate xcert = (X509Certificate)cert;
if (xcert.getSubjectX500Principal().equals(issuer)) {
try {
((X509CRLImpl)crl).verify(cert.getPublicKey());
return s;
} catch (Exception e) {
}
}
}
}
return null;
}
Example #11
| Source File: CertificateFactory.java From ripple-lib-java with ISC License | 6 votes |
|
private CRL readDERCRL(
ASN1InputStream aIn)
throws IOException, CRLException
{
ASN1Sequence seq = (ASN1Sequence)aIn.readObject();
if (seq.size() > 1
&& seq.getObjectAt(0) instanceof ASN1ObjectIdentifier)
{
if (seq.getObjectAt(0).equals(PKCSObjectIdentifiers.signedData))
{
sCrlData = SignedData.getInstance(ASN1Sequence.getInstance(
(ASN1TaggedObject)seq.getObjectAt(1), true)).getCRLs();
return getCRL();
}
}
return createCRL(
CertificateList.getInstance(seq));
}
Example #12
| Source File: Main.java From jdk8u-jdk with GNU General Public License v2.0 | 6 votes |
|
private static String verifyCRL(KeyStore ks, CRL crl)
throws Exception {
X509CRLImpl xcrl = (X509CRLImpl)crl;
X500Principal issuer = xcrl.getIssuerX500Principal();
for (String s: e2i(ks.aliases())) {
Certificate cert = ks.getCertificate(s);
if (cert instanceof X509Certificate) {
X509Certificate xcert = (X509Certificate)cert;
if (xcert.getSubjectX500Principal().equals(issuer)) {
try {
((X509CRLImpl)crl).verify(cert.getPublicKey());
return s;
} catch (Exception e) {
}
}
}
}
return null;
}
Example #13
| Source File: Main.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 6 votes |
|
private void printCRL(CRL crl, PrintStream out)
throws Exception {
X509CRL xcrl = (X509CRL)crl;
if (rfc) {
out.println("-----BEGIN X509 CRL-----");
out.println(Base64.getMimeEncoder(64, CRLF).encodeToString(xcrl.getEncoded()));
out.println("-----END X509 CRL-----");
} else {
String s;
if (crl instanceof X509CRLImpl) {
X509CRLImpl x509crl = (X509CRLImpl) crl;
s = x509crl.toStringWithAlgName(withWeak("" + x509crl.getSigAlgId()));
} else {
s = crl.toString();
}
out.println(s);
}
}
Example #14
| Source File: AbstractTrustStore.java From qpid-broker-j with Apache License 2.0 | 6 votes |
|
/**
* Load the collection of CRLs.
*/
private Collection<? extends CRL> getCRLs(String crlUrl)
{
Collection<? extends CRL> crls = Collections.emptyList();
if (crlUrl != null)
{
try (InputStream is = getUrlFromString(crlUrl).openStream())
{
crls = SSLUtil.getCertificateFactory().generateCRLs(is);
}
catch (IOException | CRLException e)
{
throw new IllegalConfigurationException("Unable to load certificate revocation list '" + crlUrl +
"' for truststore '" + getName() + "' :" + e, e);
}
}
return crls;
}
Example #15
| Source File: PdfSigGenericPKCS.java From itext2 with GNU Lesser General Public License v3.0 | 6 votes |
|
/**
* Sets the crypto information to sign.
* @param privKey the private key
* @param certChain the certificate chain
* @param crlList the certificate revocation list. It can be <CODE>null</CODE>
*/
public void setSignInfo(PrivateKey privKey, Certificate[] certChain, CRL[] crlList) {
try {
pkcs = new PdfPKCS7(privKey, certChain, crlList, hashAlgorithm, provider, PdfName.ADBE_PKCS7_SHA1.equals(get(PdfName.SUBFILTER)));
pkcs.setExternalDigest(externalDigest, externalRSAdata, digestEncryptionAlgorithm);
if (PdfName.ADBE_X509_RSA_SHA1.equals(get(PdfName.SUBFILTER))) {
ByteArrayOutputStream bout = new ByteArrayOutputStream();
for (int k = 0; k < certChain.length; ++k) {
bout.write(certChain[k].getEncoded());
}
bout.close();
setCert(bout.toByteArray());
setContents(pkcs.getEncodedPKCS1());
}
else
setContents(pkcs.getEncodedPKCS7());
name = PdfPKCS7.getSubjectFields(pkcs.getSigningCertificate()).getField("CN");
if (name != null)
put(PdfName.NAME, new PdfString(name, PdfObject.TEXT_UNICODE));
pkcs = new PdfPKCS7(privKey, certChain, crlList, hashAlgorithm, provider, PdfName.ADBE_PKCS7_SHA1.equals(get(PdfName.SUBFILTER)));
pkcs.setExternalDigest(externalDigest, externalRSAdata, digestEncryptionAlgorithm);
}
catch (Exception e) {
throw new ExceptionConverter(e);
}
}
Example #16
| Source File: X509CRLParser.java From ripple-lib-java with ISC License | 6 votes |
|
private CRL readDERCRL(
InputStream in)
throws IOException, CRLException
{
ASN1InputStream dIn = new ASN1InputStream(in);
ASN1Sequence seq = (ASN1Sequence)dIn.readObject();
if (seq.size() > 1
&& seq.getObjectAt(0) instanceof ASN1ObjectIdentifier)
{
if (seq.getObjectAt(0).equals(PKCSObjectIdentifiers.signedData))
{
sData = new SignedData(ASN1Sequence.getInstance(
(ASN1TaggedObject)seq.getObjectAt(1), true)).getCRLs();
return getCRL();
}
}
return new X509CRLObject(CertificateList.getInstance(seq));
}
Example #17
| Source File: Main.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 6 votes |
|
private static String verifyCRL(KeyStore ks, CRL crl)
throws Exception {
X509CRLImpl xcrl = (X509CRLImpl)crl;
X500Principal issuer = xcrl.getIssuerX500Principal();
for (String s: e2i(ks.aliases())) {
Certificate cert = ks.getCertificate(s);
if (cert instanceof X509Certificate) {
X509Certificate xcert = (X509Certificate)cert;
if (xcert.getSubjectX500Principal().equals(issuer)) {
try {
((X509CRLImpl)crl).verify(cert.getPublicKey());
return s;
} catch (Exception e) {
}
}
}
}
return null;
}
Example #18
| Source File: Main.java From hottub with GNU General Public License v2.0 | 6 votes |
|
private static String verifyCRL(KeyStore ks, CRL crl)
throws Exception {
X509CRLImpl xcrl = (X509CRLImpl)crl;
X500Principal issuer = xcrl.getIssuerX500Principal();
for (String s: e2i(ks.aliases())) {
Certificate cert = ks.getCertificate(s);
if (cert instanceof X509Certificate) {
X509Certificate xcert = (X509Certificate)cert;
if (xcert.getSubjectX500Principal().equals(issuer)) {
try {
((X509CRLImpl)crl).verify(cert.getPublicKey());
return s;
} catch (Exception e) {
}
}
}
}
return null;
}
Example #19
| Source File: SSLUtils.java From ssltest with Apache License 2.0 | 6 votes |
|
/**
* Return the initialization parameters for the TrustManager.
* Currently, only the default <code>PKIX</code> is supported.
*
* @param algorithm The algorithm to get parameters for.
* @param crlFilename The path to the CRL file.
* @param maxCertificateChainLength Optional maximum cert chain length.
* @param trustStore The configured TrustStore.
*
* @return The parameters including the TrustStore and any CRLs.
*
* @throws InvalidAlgorithmParameterException
* @throws KeyStoreException
* @throws IOException
* @throws CertificateException
* @throws CRLException
* @throws NoSuchAlgorithmException
*/
protected static CertPathParameters getParameters(String algorithm,
String crlFilename,
Integer maxCertificateChainLength,
KeyStore trustStore)
throws KeyStoreException, InvalidAlgorithmParameterException, CRLException, CertificateException, IOException, NoSuchAlgorithmException
{
CertPathParameters params = null;
if("PKIX".equalsIgnoreCase(algorithm)) {
PKIXBuilderParameters xparams =
new PKIXBuilderParameters(trustStore, new X509CertSelector());
Collection<? extends CRL> crls = getCRLs(crlFilename);
CertStoreParameters csp = new CollectionCertStoreParameters(crls);
CertStore store = CertStore.getInstance("Collection", csp);
xparams.addCertStore(store);
xparams.setRevocationEnabled(true);
if(maxCertificateChainLength != null)
xparams.setMaxPathLength(maxCertificateChainLength.intValue());
params = xparams;
} else {
throw new CRLException("CRLs not supported for type: " + algorithm);
}
return params;
}
Example #20
| Source File: TrustManagerExt.java From servicecomb-java-chassis with Apache License 2.0 | 6 votes |
|
private void checkCRL(X509Certificate[] chain) throws CertificateException {
String crl = option.getCrl();
crl = custom.getFullPath(crl);
File file = new File(crl);
if (!file.exists()) {
return;
}
CRL[] crls = KeyStoreUtil.createCRL(crl);
X509Certificate owner = CertificateUtil.findOwner(chain);
for (CRL c : crls) {
if (c.isRevoked(owner)) {
LOG.error("certificate revoked");
throw new CertificateException("certificate revoked");
}
}
}
Example #21
| Source File: SSLUtilBase.java From Tomcat8-Source-Read with MIT License | 6 votes |
|
/**
* Return the initialization parameters for the TrustManager.
* Currently, only the default <code>PKIX</code> is supported.
*
* @param crlf The path to the CRL file.
* @param trustStore The configured TrustStore.
* @param revocationEnabled Should the JSSE provider perform revocation
* checks? Ignored if {@code crlf} is non-null.
* Configuration of revocation checks are expected
* to be via proprietary JSSE provider methods.
* @return The parameters including the CRLs and TrustStore.
* @throws Exception An error occurred
*/
protected CertPathParameters getParameters(String crlf, KeyStore trustStore,
boolean revocationEnabled) throws Exception {
PKIXBuilderParameters xparams =
new PKIXBuilderParameters(trustStore, new X509CertSelector());
if (crlf != null && crlf.length() > 0) {
Collection<? extends CRL> crls = getCRLs(crlf);
CertStoreParameters csp = new CollectionCertStoreParameters(crls);
CertStore store = CertStore.getInstance("Collection", csp);
xparams.addCertStore(store);
xparams.setRevocationEnabled(true);
} else {
xparams.setRevocationEnabled(revocationEnabled);
}
xparams.setMaxPathLength(sslHostConfig.getCertificateVerificationDepth());
return xparams;
}
Example #22
| Source File: X509CRLParser.java From RipplePower with Apache License 2.0 | 6 votes |
|
private CRL readDERCRL(
InputStream in)
throws IOException, CRLException
{
ASN1InputStream dIn = new ASN1InputStream(in);
ASN1Sequence seq = (ASN1Sequence)dIn.readObject();
if (seq.size() > 1
&& seq.getObjectAt(0) instanceof ASN1ObjectIdentifier)
{
if (seq.getObjectAt(0).equals(PKCSObjectIdentifiers.signedData))
{
sData = new SignedData(ASN1Sequence.getInstance(
(ASN1TaggedObject)seq.getObjectAt(1), true)).getCRLs();
return getCRL();
}
}
return new X509CRLObject(CertificateList.getInstance(seq));
}
Example #23
| Source File: Main.java From hottub with GNU General Public License v2.0 | 5 votes |
|
private void doPrintCRL(String src, PrintStream out)
throws Exception {
for (CRL crl: loadCRLs(src)) {
printCRL(crl, out);
String issuer = null;
if (caks != null) {
issuer = verifyCRL(caks, crl);
if (issuer != null) {
out.printf(rb.getString(
"verified.by.s.in.s"), issuer, "cacerts");
out.println();
}
}
if (issuer == null && keyStore != null) {
issuer = verifyCRL(keyStore, crl);
if (issuer != null) {
out.printf(rb.getString(
"verified.by.s.in.s"), issuer, "keystore");
out.println();
}
}
if (issuer == null) {
out.println(rb.getString
("STAR"));
out.println(rb.getString
("warning.not.verified.make.sure.keystore.is.correct"));
out.println(rb.getString
("STARNN"));
}
}
}
Example #24
| Source File: Main.java From jdk8u_jdk with GNU General Public License v2.0 | 5 votes |
|
/**
* Returns CRLs described in a X509Certificate's CRLDistributionPoints
* Extension. Only those containing a general name of type URI are read.
*/
public static List<CRL> readCRLsFromCert(X509Certificate cert)
throws Exception {
List<CRL> crls = new ArrayList<>();
CRLDistributionPointsExtension ext =
X509CertImpl.toImpl(cert).getCRLDistributionPointsExtension();
if (ext == null) return crls;
List<DistributionPoint> distPoints =
ext.get(CRLDistributionPointsExtension.POINTS);
for (DistributionPoint o: distPoints) {
GeneralNames names = o.getFullName();
if (names != null) {
for (GeneralName name: names.names()) {
if (name.getType() == GeneralNameInterface.NAME_URI) {
URIName uriName = (URIName)name.getName();
for (CRL crl: loadCRLs(uriName.getName())) {
if (crl instanceof X509CRL) {
crls.add((X509CRL)crl);
}
}
break; // Different name should point to same CRL
}
}
}
}
return crls;
}
Example #25
| Source File: Main.java From hottub with GNU General Public License v2.0 | 5 votes |
|
private void printCRL(CRL crl, PrintStream out)
throws Exception {
if (rfc) {
X509CRL xcrl = (X509CRL)crl;
out.println("-----BEGIN X509 CRL-----");
out.println(Base64.getMimeEncoder(64, CRLF).encodeToString(xcrl.getEncoded()));
out.println("-----END X509 CRL-----");
} else {
out.println(crl.toString());
}
}
Example #26
| Source File: Main.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 5 votes |
|
/**
* Returns CRLs described in a X509Certificate's CRLDistributionPoints
* Extension. Only those containing a general name of type URI are read.
*/
public static List<CRL> readCRLsFromCert(X509Certificate cert)
throws Exception {
List<CRL> crls = new ArrayList<>();
CRLDistributionPointsExtension ext =
X509CertImpl.toImpl(cert).getCRLDistributionPointsExtension();
if (ext == null) return crls;
List<DistributionPoint> distPoints =
ext.get(CRLDistributionPointsExtension.POINTS);
for (DistributionPoint o: distPoints) {
GeneralNames names = o.getFullName();
if (names != null) {
for (GeneralName name: names.names()) {
if (name.getType() == GeneralNameInterface.NAME_URI) {
URIName uriName = (URIName)name.getName();
for (CRL crl: loadCRLs(uriName.getName())) {
if (crl instanceof X509CRL) {
crls.add((X509CRL)crl);
}
}
break; // Different name should point to same CRL
}
}
}
}
return crls;
}
Example #27
| Source File: Main.java From hottub with GNU General Public License v2.0 | 5 votes |
|
/**
* Returns CRLs described in a X509Certificate's CRLDistributionPoints
* Extension. Only those containing a general name of type URI are read.
*/
public static List<CRL> readCRLsFromCert(X509Certificate cert)
throws Exception {
List<CRL> crls = new ArrayList<>();
CRLDistributionPointsExtension ext =
X509CertImpl.toImpl(cert).getCRLDistributionPointsExtension();
if (ext == null) return crls;
List<DistributionPoint> distPoints =
ext.get(CRLDistributionPointsExtension.POINTS);
for (DistributionPoint o: distPoints) {
GeneralNames names = o.getFullName();
if (names != null) {
for (GeneralName name: names.names()) {
if (name.getType() == GeneralNameInterface.NAME_URI) {
URIName uriName = (URIName)name.getName();
for (CRL crl: loadCRLs(uriName.getName())) {
if (crl instanceof X509CRL) {
crls.add((X509CRL)crl);
}
}
break; // Different name should point to same CRL
}
}
}
}
return crls;
}
Example #28
| Source File: Main.java From openjdk-8-source with GNU General Public License v2.0 | 5 votes |
|
/**
* Returns CRLs described in a X509Certificate's CRLDistributionPoints
* Extension. Only those containing a general name of type URI are read.
*/
public static List<CRL> readCRLsFromCert(X509Certificate cert)
throws Exception {
List<CRL> crls = new ArrayList<>();
CRLDistributionPointsExtension ext =
X509CertImpl.toImpl(cert).getCRLDistributionPointsExtension();
if (ext == null) return crls;
List<DistributionPoint> distPoints =
ext.get(CRLDistributionPointsExtension.POINTS);
for (DistributionPoint o: distPoints) {
GeneralNames names = o.getFullName();
if (names != null) {
for (GeneralName name: names.names()) {
if (name.getType() == GeneralNameInterface.NAME_URI) {
URIName uriName = (URIName)name.getName();
for (CRL crl: loadCRLs(uriName.getName())) {
if (crl instanceof X509CRL) {
crls.add((X509CRL)crl);
}
}
break; // Different name should point to same CRL
}
}
}
}
return crls;
}
Example #29
| Source File: Main.java From Bytecoder with Apache License 2.0 | 5 votes |
|
/**
* Returns CRLs described in a X509Certificate's CRLDistributionPoints
* Extension. Only those containing a general name of type URI are read.
*/
public static List<CRL> readCRLsFromCert(X509Certificate cert)
throws Exception {
List<CRL> crls = new ArrayList<>();
CRLDistributionPointsExtension ext =
X509CertImpl.toImpl(cert).getCRLDistributionPointsExtension();
if (ext == null) return crls;
List<DistributionPoint> distPoints =
ext.get(CRLDistributionPointsExtension.POINTS);
for (DistributionPoint o: distPoints) {
GeneralNames names = o.getFullName();
if (names != null) {
for (GeneralName name: names.names()) {
if (name.getType() == GeneralNameInterface.NAME_URI) {
URIName uriName = (URIName)name.getName();
for (CRL crl: loadCRLs(uriName.getName())) {
if (crl instanceof X509CRL) {
crls.add((X509CRL)crl);
}
}
break; // Different name should point to same CRL
}
}
}
}
return crls;
}
Example #30
| Source File: Main.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 5 votes |
|
/**
* Returns CRLs described in a X509Certificate's CRLDistributionPoints
* Extension. Only those containing a general name of type URI are read.
*/
public static List<CRL> readCRLsFromCert(X509Certificate cert)
throws Exception {
List<CRL> crls = new ArrayList<>();
CRLDistributionPointsExtension ext =
X509CertImpl.toImpl(cert).getCRLDistributionPointsExtension();
if (ext == null) return crls;
List<DistributionPoint> distPoints =
ext.get(CRLDistributionPointsExtension.POINTS);
for (DistributionPoint o: distPoints) {
GeneralNames names = o.getFullName();
if (names != null) {
for (GeneralName name: names.names()) {
if (name.getType() == GeneralNameInterface.NAME_URI) {
URIName uriName = (URIName)name.getName();
for (CRL crl: loadCRLs(uriName.getName())) {
if (crl instanceof X509CRL) {
crls.add((X509CRL)crl);
}
}
break; // Different name should point to same CRL
}
}
}
}
return crls;
}
