Examples of CRL

java.security.cert.CRL
This class is an abstraction of certificate revocation lists (CRLs) that have different formats but important common uses. For example, all CRLs share the functionality of listing revoked certificates, and can be queried on whether or not they list a given certificate.
Specialized CRL types can be defined by subclassing off of this abstract class. @author Hemma Prafullchandra @version 1.14, 04/21/06 @see X509CRL @see CertificateFactory @since 1.2

Examples of java.security.cert.CRL

        {
            CertificateFactory cf = CertificateFactory.getInstance("X.509",
                "BC");
            while (it.hasNext())
            {
                CRL crl = cf.generateCRL(new ByteArrayInputStream((byte[])it
                    .next()));
                if (xselector.match(crl))
                {
                    crlSet.add(crl);
                }

View Full Code Here

Examples of java.security.cert.CRL

            if (crls.isEmpty())
              throw new CertPathValidatorException("no CRLs for issuer");
            boolean certOk = false;
            for (Iterator it = crls.iterator(); it.hasNext();)
              {
                CRL crl = (CRL) it.next();
                if (! (crl instanceof X509CRL))
                  continue;
                X509CRL xcrl = (X509CRL) crl;
                if (! checkCRL(xcrl, p, now, p[i], pubKey, certStores))
                  continue;
                if (xcrl.isRevoked(p[i - 1]))
                  throw new CertPathValidatorException("certificate is revoked");
                else
                  certOk = true;
              }
            if (! certOk)
              throw new CertPathValidatorException(
                  "certificate's validity could not be determined");
          }
      }
    rootNode.setReadOnly();
    // Now ensure that the first certificate in the chain was issued
    // by a trust anchor.
    Exception cause = null;
    Set anchors = ((PKIXParameters) params).getTrustAnchors();
    for (Iterator i = anchors.iterator(); i.hasNext();)
      {
        TrustAnchor anchor = (TrustAnchor) i.next();
        X509Certificate anchorCert = null;
        PublicKey anchorKey = null;
        if (anchor.getTrustedCert() != null)
          {
            anchorCert = anchor.getTrustedCert();
            anchorKey = anchorCert.getPublicKey();
          }
        else
          anchorKey = anchor.getCAPublicKey();
        if (anchorKey == null)
          continue;
        try
          {
            if (anchorCert != null)
              anchorCert.checkValidity(now);
            p[p.length - 1].verify(anchorKey);
            if (anchorCert != null && anchorCert.getBasicConstraints() >= 0
                && anchorCert.getBasicConstraints() < p.length)
              continue;


            if (((PKIXParameters) params).isRevocationEnabled())
              {
                X509CRLSelectorImpl selector = new X509CRLSelectorImpl();
                if (anchorCert != null)
                  try
                    {
                      selector.addIssuerName(anchorCert.getSubjectDN());
                    }
                  catch (IOException ioe)
                    {
                    }
                else
                  selector.addIssuerName(anchor.getCAName());
                List certStores = ((PKIXParameters) params).getCertStores();
                List crls = new LinkedList();
                for (Iterator it = certStores.iterator(); it.hasNext();)
                  {
                    CertStore cs = (CertStore) it.next();
                    try
                      {
                        Collection c = cs.getCRLs(selector);
                        crls.addAll(c);
                      }
                    catch (CertStoreException cse)
                      {
                      }
                  }
                if (crls.isEmpty())
                  continue;
                for (Iterator it = crls.iterator(); it.hasNext();)
                  {
                    CRL crl = (CRL) it.next();
                    if (! (crl instanceof X509CRL))
                      continue;
                    X509CRL xcrl = (X509CRL) crl;
                    try
                      {

View Full Code Here

Examples of java.security.cert.CRL

        val2 = ber.read();
        List crls = new LinkedList();
        while (val2 != BER.END_OF_SEQUENCE &&
               (val.getLength() > 0 && val.getLength() > count))
          {
            CRL crl = x509.generateCRL(new ByteArrayInputStream(val2.getEncoded()));
            if (Configuration.DEBUG)
              log.fine("    CRL: " + crl);
            crls.add(crl);
            count += val2.getEncodedLength();
            ber.skip(val2.getLength());

View Full Code Here

Examples of java.security.cert.CRL

            this.urlString = urlString;
        }


        public synchronized boolean checkCRL(X509Certificate cert)
            throws CertificateException {
            CRL crl = null;
            long now = System.currentTimeMillis();
            if (now - creationTime > 24 * 60 * 60 * 1000) {
                // Expire cache every 24 hours
                if (tempCRLFile != null && tempCRLFile.exists()) {
                    tempCRLFile.delete();
                }
                tempCRLFile = null;
                passedTest.clear();


                /*
                      Note:  if any certificate ever fails the check, we will
                      remember that fact.


                      This breaks with temporary "holds" that CRL's can issue.
                      Apparently a certificate can have a temporary "hold" on its
                      validity, but I'm not interested in supporting that.  If a "held"
                      certificate is suddenly "unheld", you're just going to need
                      to restart your JVM.
                    */
                // failedTest.clear();  <-- DO NOT UNCOMMENT!
            }


            BigInteger fingerprint = getFingerprint(cert);
            if (failedTest.contains(fingerprint)) {
                throw new CertificateException("Revoked by CRL (cached response)");
            }
            if (passedTest.contains(fingerprint)) {
                return true;
            }


            if (tempCRLFile == null) {
                try {
                    // log.info( "Trying to load CRL [" + urlString + "]" );
                    URL url = new URL(urlString);
                    File tempFile = File.createTempFile("crl", ".tmp");
                    tempFile.deleteOnExit();


                    OutputStream out = new FileOutputStream(tempFile);
                    out = new BufferedOutputStream(out);
                    InputStream in = new BufferedInputStream(url.openStream());
                    try {
                        Util.pipeStream(in, out);
                    }
                    catch (IOException ioe) {
                        // better luck next time
                        tempFile.delete();
                        throw ioe;
                    }
                    this.tempCRLFile = tempFile;
                    this.creationTime = System.currentTimeMillis();
                }
                catch (IOException ioe) {
                    // log.warn( "Cannot check CRL: " + e );
                }
            }


            if (tempCRLFile != null && tempCRLFile.exists()) {
                try {
                    InputStream in = new FileInputStream(tempCRLFile);
                    in = new BufferedInputStream(in);
                    synchronized (CF) {
                        crl = CF.generateCRL(in);
                    }
                    in.close();
                    if (crl.isRevoked(cert)) {
                        // log.warn( "Revoked by CRL [" + urlString + "]: " + name );
                        passedTest.remove(fingerprint);
                        failedTest.add(fingerprint);
                        throw new CertificateException("Revoked by CRL");
                    } else {

View Full Code Here

Examples of java.security.cert.CRL

     */
    public Collection engineGenerateCRLs(
        InputStream inStream) 
        throws CRLException
    {
        CRL     crl;
        List    crls = new ArrayList();


        while ((crl = engineGenerateCRL(inStream)) != null)
        {
            crls.add(crl);

View Full Code Here

Examples of java.security.cert.CRL

    }


    public Collection engineReadAll()
        throws StreamParsingException
    {
        CRL     crl;
        List certs = new ArrayList();


        while ((crl = (CRL)engineRead()) != null)
        {
            certs.add(crl);

View Full Code Here

Examples of java.security.cert.CRL

    }


    public Collection engineReadAll()
        throws StreamParsingException
    {
        CRL     crl;
        List certs = new ArrayList();


        while ((crl = (CRL)engineRead()) != null)
        {
            certs.add(crl);

View Full Code Here

Examples of java.security.cert.CRL

        {
            bIn = new ByteArrayInputStream(bytes);


            CertificateFactory  fact = CertificateFactory.getInstance("X.509", "BC");


            CRL cert = fact.generateCRL(bIn);


            // System.out.println(cert);
        }
        catch (Exception e)
        {

View Full Code Here

Examples of java.security.cert.CRL

        Certificate cert = cf.generateCertificate(new ByteArrayInputStream(PEMData.CERTIFICATE_1.getBytes("US-ASCII")));
        if (cert == null)
        {
            fail("PEM cert not read");
        }
        CRL crl = cf.generateCRL(new ByteArrayInputStream(PEMData.CRL_1.getBytes("US-ASCII")));
        if (crl == null)
        {
            fail("PEM crl not read");
        }
        Collection col = cf.generateCertificates(new ByteArrayInputStream(PEMData.CERTIFICATE_2.getBytes("US-ASCII")));

View Full Code Here

Examples of java.security.cert.CRL

     */
    public Collection engineGenerateCRLs(
        InputStream inStream) 
        throws CRLException
    {
        CRL     crl;
        List    crls = new ArrayList();


        while ((crl = engineGenerateCRL(inStream)) != null)
        {
            crls.add(crl);

View Full Code Here

0 1 2 3 4

TOP

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.