List of usage examples for java.security.cert CertPath equals
public boolean equals(Object other)
From source file:mitm.common.security.crl.CRLStoreMaintainerImpl.java
private boolean internalAddX509CRL(X509CRL newCRL, CertPath newCRLCertPath) throws CRLStoreException, CloseableIteratorException, IOException { /*/*from ww w . j av a 2 s .c o m*/ * Find all CRLs that have the same issuer. Note that this does not mean that the CRL is * issued by the same issuer, only that they have the same issuer X500 subject. We should * build a path check if they really have the same issuer. */ CloseableIterator<X509CRL> crlIterator = getCRLsWithSameIssuer(newCRL); boolean added = false; try { IssuingDistributionPoint newIDP = X509CRLInspector.getIssuingDistributionPoint(newCRL); boolean isDeltaCRL = X509CRLInspector.isDeltaCRL(newCRL); BigInteger crlNumber = X509CRLInspector.getCRLNumber(newCRL); /* * true if the CRL is completely new (ie. there is no CRL which is newer or older) */ boolean isNewCRL = true; while (crlIterator.hasNext()) { try { X509CRL oldCRL = crlIterator.next(); if (oldCRL == null) { logger.warn("CRL is null"); continue; } if (checktrust) { /* * We should check if the new CRL has the same issuer as the old CRL and not just * equal issuer subject. */ CertPath oldCRLCertPath = getCRLCertPath(oldCRL); if (oldCRLCertPath == null) { /* * Because the old CRL is not trusted there is no reliable way to detect whether * the new CRL supersedes the old CRL. */ logger.debug("Old CRL is not trusted. Skip old CRL."); continue; } /* * Compare the certificate paths to make sure they are equal */ if (!oldCRLCertPath.equals(newCRLCertPath)) { logger.debug( "new CRL has a different issuer than old CRL even though subjects are equal."); continue; } } IssuingDistributionPoint oldIDP = X509CRLInspector.getIssuingDistributionPoint(oldCRL); if (isSameIDP(newIDP, oldIDP)) { /* * either both CRLs must be delta CRLs or both are not delta CRLs and * either both have a CRLNumber or both do not have a CRLNumber */ if (isDeltaCRL == X509CRLInspector.isDeltaCRL(oldCRL) && ((crlNumber != null) == (X509CRLInspector.getCRLNumber(oldCRL) != null))) { try { if (CRLUtils.isNewer(newCRL, oldCRL)) { logger.info("Replacing " + X509CRLInspector.toString(oldCRL) + " with " + X509CRLInspector.toString(newCRL)); crlStore.replace(oldCRL, newCRL); added = true; /* the CRL is a replacement so it's not a new CRL */ isNewCRL = false; } else { logger.debug("The CRL is older than the CRL in the store."); /* A newer version of the CRL is present so it's not a new CRL */ isNewCRL = false; } } catch (MissingDateException e) { logger.error("Error reading CRL. Skipping CRL.", e); continue; } } } } catch (IOException e) { logger.error("Error reading CRL. Skipping CRL.", e); continue; } catch (CloseableIteratorException e) { logger.error("Error reading CRL. Skipping CRL.", e); continue; } } if (isNewCRL) { crlStore.addCRL(newCRL); added = true; } return added; } finally { crlIterator.close(); } }