List of usage examples for java.security.cert X509CRL getIssuerX500Principal
public X500Principal getIssuerX500Principal()
From source file:Main.java
protected static X500Principal getIssuerPrincipal(X509CRL crl) { return crl.getIssuerX500Principal(); }
From source file:mitm.common.security.crl.X509CRLInspector.java
/** * Returns the issuer DN in a friendly format * @param certificate/*from ww w. j a v a 2s . com*/ * @return */ public static String getIssuerFriendly(X509CRL crl) { return X500PrincipalInspector.getFriendly(crl.getIssuerX500Principal()); }
From source file:mitm.common.security.crl.X509CRLInspector.java
/** * Returns the issuer DN in a canonical RFC2253 format * @param certificate//from w w w. j a v a 2s . c om * @return */ public static String getIssuerCanonical(X509CRL crl) { return X500PrincipalInspector.getCanonical(crl.getIssuerX500Principal()); }
From source file:be.fedict.trust.crl.CrlTrustLinker.java
/** * Checks the integrity of the given X509 CRL. * //from w w w . ja v a 2 s . c om * @param x509crl * the X509 CRL to verify the integrity. * @param issuerCertificate * the assumed issuer of the given X509 CRL. * @param validationDate * the validate date. * @return <code>true</code> if integrity is OK, <code>false</code> * otherwise. */ public static boolean checkCrlIntegrity(X509CRL x509crl, X509Certificate issuerCertificate, Date validationDate) { if (false == x509crl.getIssuerX500Principal().equals(issuerCertificate.getSubjectX500Principal())) { return false; } try { x509crl.verify(issuerCertificate.getPublicKey()); } catch (Exception e) { return false; } Date thisUpdate = x509crl.getThisUpdate(); LOG.debug("validation date: " + validationDate); LOG.debug("CRL this update: " + thisUpdate); if (thisUpdate.after(validationDate)) { LOG.warn("CRL too young"); return false; } LOG.debug("CRL next update: " + x509crl.getNextUpdate()); if (validationDate.after(x509crl.getNextUpdate())) { LOG.debug("CRL too old"); return false; } // assert cRLSign KeyUsage bit if (null == issuerCertificate.getKeyUsage()) { LOG.debug("No KeyUsage extension for CRL issuing certificate"); return false; } if (false == issuerCertificate.getKeyUsage()[6]) { LOG.debug("cRLSign bit not set for CRL issuing certificate"); return false; } return true; }
From source file:be.fedict.trust.crl.OfflineCrlRepository.java
/** * {@inheritDoc}//w ww.j ava2 s. co m */ public X509CRL findCrl(URI crlUri, X509Certificate issuerCertificate, Date validationDate) { for (X509CRL crl : this.crls) { if (crl.getIssuerX500Principal().equals(issuerCertificate.getSubjectX500Principal())) { LOG.debug("CRL found for issuer " + issuerCertificate.getSubjectX500Principal().toString()); return crl; } } LOG.debug("CRL not found for issuer " + issuerCertificate.getSubjectX500Principal().toString()); return null; }
From source file:org.jasig.cas.adaptors.x509.authentication.handler.support.ResourceCRLRevocationChecker.java
/** * Adds the given CRL to the collection of CRLs held by this class. * * @param crl The crl to add/*from w ww .j av a 2 s .c o m*/ */ protected void addCrl(final X509CRL crl) { final X500Principal issuer = crl.getIssuerX500Principal(); this.log.debug("Adding CRL for issuer " + issuer); this.crlIssuerMap.put(issuer, crl); }
From source file:mitm.common.security.crl.CRLStoreMaintainerImpl.java
private CloseableIterator<X509CRL> getCRLsWithSameIssuer(X509CRL crl) throws CRLStoreException { Check.notNull(crl, "crl"); X509CRLSelector crlSelector = new X509CRLSelector(); crlSelector.setIssuers(Collections.singletonList(crl.getIssuerX500Principal())); CloseableIterator<X509CRL> iterator = crlStore.getCRLIterator(crlSelector); return iterator; }
From source file:mitm.common.security.crl.GenerateTestCRLs.java
@Test public void testGenerateCACRLNoNextUpdate() throws Exception { X509CRLBuilder crlGenerator = createX509CRLBuilder(); Date thisDate = TestUtils.parseDate("30-Nov-2007 11:38:35 GMT"); crlGenerator.setThisUpdate(thisDate); crlGenerator.setSignatureAlgorithm("SHA256WithRSAEncryption"); X509Certificate certificate = TestUtils .loadCertificate("test/resources/testdata/certificates/" + "valid_certificate_mitm_test_ca.cer"); assertNotNull(certificate);/*w w w . j a va2s.com*/ crlGenerator.addCRLEntry(certificate.getSerialNumber(), thisDate, CRLReason.privilegeWithdrawn); X509CRL crl = crlGenerator.generateCRL(new KeyAndCertificateImpl(caPrivateKey, caCertificate)); assertEquals("EMAILADDRESS=ca@example.com, CN=MITM Test CA, L=Amsterdam, ST=NH, C=NL", crl.getIssuerX500Principal().toString()); assertEquals(thisDate, crl.getThisUpdate()); assertEquals(null, crl.getNextUpdate()); assertEquals(1, crl.getRevokedCertificates().size()); assertTrue(crl.isRevoked(certificate)); File crlFile = new File("test/tmp/test-generate-ca-no-next-update.crl"); FileOutputStream fos = new FileOutputStream(crlFile); IOUtils.write(crl.getEncoded(), fos); fos.close(); }
From source file:mitm.common.security.crl.GenerateTestCRLs.java
@Test public void testGenerateCACRL() throws Exception { X509CRLBuilder crlGenerator = createX509CRLBuilder(); Date thisDate = TestUtils.parseDate("30-Nov-2007 11:38:35 GMT"); Date nextDate = TestUtils.parseDate("30-Nov-2027 11:38:35 GMT"); crlGenerator.setThisUpdate(thisDate); crlGenerator.setNextUpdate(nextDate); crlGenerator.setSignatureAlgorithm("SHA256WithRSAEncryption"); X509Certificate certificate = TestUtils .loadCertificate("test/resources/testdata/certificates/" + "valid_certificate_mitm_test_ca.cer"); assertNotNull(certificate);/*from w w w .j av a2s. c o m*/ crlGenerator.addCRLEntry(certificate.getSerialNumber(), thisDate, CRLReason.privilegeWithdrawn); X509CRL crl = crlGenerator.generateCRL(new KeyAndCertificateImpl(caPrivateKey, caCertificate)); assertEquals("EMAILADDRESS=ca@example.com, CN=MITM Test CA, L=Amsterdam, ST=NH, C=NL", crl.getIssuerX500Principal().toString()); assertEquals(thisDate, crl.getThisUpdate()); assertEquals(nextDate, crl.getNextUpdate()); assertEquals(1, crl.getRevokedCertificates().size()); assertTrue(crl.isRevoked(certificate)); File crlFile = new File("test/tmp/test-generate-ca.crl"); FileOutputStream fos = new FileOutputStream(crlFile); IOUtils.write(crl.getEncoded(), fos); fos.close(); }
From source file:mitm.common.security.crl.GenerateTestCRLs.java
@Test public void testGenerateCACRLThisUpdateInFarFuture() throws Exception { X509CRLBuilder crlGenerator = createX509CRLBuilder(); Date thisDate = TestUtils.parseDate("30-Nov-2030 11:38:35 GMT"); Date nextDate = TestUtils.parseDate("30-Nov-2040 11:38:35 GMT"); crlGenerator.setThisUpdate(thisDate); crlGenerator.setNextUpdate(nextDate); crlGenerator.setSignatureAlgorithm("SHA256WithRSAEncryption"); X509Certificate certificate = TestUtils .loadCertificate("test/resources/testdata/certificates/" + "valid_certificate_mitm_test_ca.cer"); assertNotNull(certificate);//from ww w .j av a 2s . c o m Date revocationDate = TestUtils.parseDate("30-Nov-2006 11:38:35 GMT"); crlGenerator.addCRLEntry(certificate.getSerialNumber(), revocationDate, CRLReason.keyCompromise); X509CRL crl = crlGenerator.generateCRL(new KeyAndCertificateImpl(caPrivateKey, caCertificate)); assertEquals("EMAILADDRESS=ca@example.com, CN=MITM Test CA, L=Amsterdam, ST=NH, C=NL", crl.getIssuerX500Principal().toString()); assertEquals(thisDate, crl.getThisUpdate()); assertEquals(nextDate, crl.getNextUpdate()); assertEquals(1, crl.getRevokedCertificates().size()); assertTrue(crl.isRevoked(certificate)); File crlFile = new File("test/tmp/testgeneratecacrlthisupdateinfarfuture.crl"); FileOutputStream fos = new FileOutputStream(crlFile); IOUtils.write(crl.getEncoded(), fos); fos.close(); }