List of usage examples for java.security.cert X509CRL getThisUpdate
public abstract Date getThisUpdate();
From source file:MainClass.java
public static void main(String[] args) throws Exception { CertificateFactory cf = CertificateFactory.getInstance("X.509"); FileInputStream in = new FileInputStream(args[0]); X509CRL crl = (X509CRL) cf.generateCRL(in); System.out.println("type = " + crl.getType()); System.out.println("version = " + crl.getVersion()); System.out.println("issuer = " + crl.getIssuerDN().getName()); System.out.println("signing algorithm = " + crl.getSigAlgName()); System.out.println("this update = " + crl.getThisUpdate()); System.out.println("next update = " + crl.getNextUpdate()); in.close();// www . ja v a2 s . c o m }
From source file:mitm.common.security.crl.CRLUtils.java
/** * Returns 0 if crl and otherCRL have similar validity (ie no one is newer than the other), * > 0 if crl is newer than otherCRL and < 0 if crl is older than otherCRL *//* w w w. jav a2 s . c o m*/ public static int compare(X509CRL crl, X509CRL otherCRL) throws IOException, MissingDateException { BigInteger crlNumber = X509CRLInspector.getCRLNumber(crl); BigInteger otherCRLNumber = X509CRLInspector.getCRLNumber(crl); Date thisUpdate = crl.getThisUpdate(); Date otherThisUpdate = otherCRL.getThisUpdate(); if (thisUpdate == null || otherThisUpdate == null) { throw new MissingDateException("One of the CRLs has a missing thisUpdate."); } int cmp; if (crlNumber != null && otherCRLNumber != null) { cmp = crlNumber.compareTo(otherCRLNumber); if (cmp > 0) { if (thisUpdate.before(otherThisUpdate)) { logger.warn("According to CRL numbers a new CRL is found but thisUpdate is older."); } logger.debug("The CRL number is bigger and is therefore more recent."); } else if (cmp == 0) { /* * same CRL number but thisUpdate can be newer */ cmp = thisUpdate.compareTo(otherThisUpdate); if (cmp > 0) { logger.debug("The CRL numbers are equal but thisUpdate is newer."); } } else { if (thisUpdate.after(otherThisUpdate)) { logger.warn("According to CRL numbers this not a new CRL but thisUpdate is newer."); } } } else { /* * no CRL number so compare thisUpdate */ cmp = thisUpdate.compareTo(otherThisUpdate); if (cmp > 0) { logger.debug("A more recent CRL is found."); } } return cmp; }
From source file:be.fedict.trust.crl.CrlTrustLinker.java
/** * Checks the integrity of the given X509 CRL. * /*from w w w .ja v a2 s .com*/ * @param x509crl * the X509 CRL to verify the integrity. * @param issuerCertificate * the assumed issuer of the given X509 CRL. * @param validationDate * the validate date. * @return <code>true</code> if integrity is OK, <code>false</code> * otherwise. */ public static boolean checkCrlIntegrity(X509CRL x509crl, X509Certificate issuerCertificate, Date validationDate) { if (false == x509crl.getIssuerX500Principal().equals(issuerCertificate.getSubjectX500Principal())) { return false; } try { x509crl.verify(issuerCertificate.getPublicKey()); } catch (Exception e) { return false; } Date thisUpdate = x509crl.getThisUpdate(); LOG.debug("validation date: " + validationDate); LOG.debug("CRL this update: " + thisUpdate); if (thisUpdate.after(validationDate)) { LOG.warn("CRL too young"); return false; } LOG.debug("CRL next update: " + x509crl.getNextUpdate()); if (validationDate.after(x509crl.getNextUpdate())) { LOG.debug("CRL too old"); return false; } // assert cRLSign KeyUsage bit if (null == issuerCertificate.getKeyUsage()) { LOG.debug("No KeyUsage extension for CRL issuing certificate"); return false; } if (false == issuerCertificate.getKeyUsage()[6]) { LOG.debug("cRLSign bit not set for CRL issuing certificate"); return false; } return true; }
From source file:mitm.common.security.crl.GenerateTestCRLs.java
@Test public void testGenerateCACRLNoNextUpdate() throws Exception { X509CRLBuilder crlGenerator = createX509CRLBuilder(); Date thisDate = TestUtils.parseDate("30-Nov-2007 11:38:35 GMT"); crlGenerator.setThisUpdate(thisDate); crlGenerator.setSignatureAlgorithm("SHA256WithRSAEncryption"); X509Certificate certificate = TestUtils .loadCertificate("test/resources/testdata/certificates/" + "valid_certificate_mitm_test_ca.cer"); assertNotNull(certificate);//from w ww .j av a2 s .co m crlGenerator.addCRLEntry(certificate.getSerialNumber(), thisDate, CRLReason.privilegeWithdrawn); X509CRL crl = crlGenerator.generateCRL(new KeyAndCertificateImpl(caPrivateKey, caCertificate)); assertEquals("EMAILADDRESS=ca@example.com, CN=MITM Test CA, L=Amsterdam, ST=NH, C=NL", crl.getIssuerX500Principal().toString()); assertEquals(thisDate, crl.getThisUpdate()); assertEquals(null, crl.getNextUpdate()); assertEquals(1, crl.getRevokedCertificates().size()); assertTrue(crl.isRevoked(certificate)); File crlFile = new File("test/tmp/test-generate-ca-no-next-update.crl"); FileOutputStream fos = new FileOutputStream(crlFile); IOUtils.write(crl.getEncoded(), fos); fos.close(); }
From source file:mitm.common.security.crl.GenerateTestCRLs.java
@Test public void testGenerateCACRL() throws Exception { X509CRLBuilder crlGenerator = createX509CRLBuilder(); Date thisDate = TestUtils.parseDate("30-Nov-2007 11:38:35 GMT"); Date nextDate = TestUtils.parseDate("30-Nov-2027 11:38:35 GMT"); crlGenerator.setThisUpdate(thisDate); crlGenerator.setNextUpdate(nextDate); crlGenerator.setSignatureAlgorithm("SHA256WithRSAEncryption"); X509Certificate certificate = TestUtils .loadCertificate("test/resources/testdata/certificates/" + "valid_certificate_mitm_test_ca.cer"); assertNotNull(certificate);//from w ww. j ava 2 s . co m crlGenerator.addCRLEntry(certificate.getSerialNumber(), thisDate, CRLReason.privilegeWithdrawn); X509CRL crl = crlGenerator.generateCRL(new KeyAndCertificateImpl(caPrivateKey, caCertificate)); assertEquals("EMAILADDRESS=ca@example.com, CN=MITM Test CA, L=Amsterdam, ST=NH, C=NL", crl.getIssuerX500Principal().toString()); assertEquals(thisDate, crl.getThisUpdate()); assertEquals(nextDate, crl.getNextUpdate()); assertEquals(1, crl.getRevokedCertificates().size()); assertTrue(crl.isRevoked(certificate)); File crlFile = new File("test/tmp/test-generate-ca.crl"); FileOutputStream fos = new FileOutputStream(crlFile); IOUtils.write(crl.getEncoded(), fos); fos.close(); }
From source file:mitm.common.security.crl.GenerateTestCRLs.java
@Test public void testGenerateCACRLThisUpdateInFarFuture() throws Exception { X509CRLBuilder crlGenerator = createX509CRLBuilder(); Date thisDate = TestUtils.parseDate("30-Nov-2030 11:38:35 GMT"); Date nextDate = TestUtils.parseDate("30-Nov-2040 11:38:35 GMT"); crlGenerator.setThisUpdate(thisDate); crlGenerator.setNextUpdate(nextDate); crlGenerator.setSignatureAlgorithm("SHA256WithRSAEncryption"); X509Certificate certificate = TestUtils .loadCertificate("test/resources/testdata/certificates/" + "valid_certificate_mitm_test_ca.cer"); assertNotNull(certificate);/* w w w .j av a 2s . c o m*/ Date revocationDate = TestUtils.parseDate("30-Nov-2006 11:38:35 GMT"); crlGenerator.addCRLEntry(certificate.getSerialNumber(), revocationDate, CRLReason.keyCompromise); X509CRL crl = crlGenerator.generateCRL(new KeyAndCertificateImpl(caPrivateKey, caCertificate)); assertEquals("EMAILADDRESS=ca@example.com, CN=MITM Test CA, L=Amsterdam, ST=NH, C=NL", crl.getIssuerX500Principal().toString()); assertEquals(thisDate, crl.getThisUpdate()); assertEquals(nextDate, crl.getNextUpdate()); assertEquals(1, crl.getRevokedCertificates().size()); assertTrue(crl.isRevoked(certificate)); File crlFile = new File("test/tmp/testgeneratecacrlthisupdateinfarfuture.crl"); FileOutputStream fos = new FileOutputStream(crlFile); IOUtils.write(crl.getEncoded(), fos); fos.close(); }
From source file:mitm.common.security.crl.GenerateTestCRLs.java
@Test public void testGenerateRootEmptyCRL() throws Exception { X509CRLBuilder crlGenerator = createX509CRLBuilder(); Date thisDate = TestUtils.parseDate("30-Nov-2007 11:38:35 GMT"); Date nextDate = TestUtils.parseDate("30-Nov-2027 11:38:35 GMT"); crlGenerator.setThisUpdate(thisDate); crlGenerator.setNextUpdate(nextDate); crlGenerator.setSignatureAlgorithm("SHA256WithRSAEncryption"); X509CRL crl = crlGenerator.generateCRL(new KeyAndCertificateImpl(rootPrivateKey, rootCertificate)); assertEquals("EMAILADDRESS=root@example.com, CN=MITM Test Root, L=Amsterdam, ST=NH, C=NL", crl.getIssuerX500Principal().toString()); assertEquals(thisDate, crl.getThisUpdate()); assertEquals(nextDate, crl.getNextUpdate()); assertNull(crl.getRevokedCertificates()); assertFalse(crl.isRevoked(caCertificate)); File crlFile = new File("test/tmp/test-generate-root-empty.crl"); FileOutputStream fos = new FileOutputStream(crlFile); IOUtils.write(crl.getEncoded(), fos); fos.close();// w ww .j ava2 s .com }
From source file:mitm.common.security.crl.GenerateTestCRLs.java
@Test public void testGenerateRootRevokedCRL() throws Exception { X509CRLBuilder crlGenerator = createX509CRLBuilder(); Date thisDate = TestUtils.parseDate("30-Nov-2007 11:38:35 GMT"); Date nextDate = TestUtils.parseDate("30-Nov-2027 11:38:35 GMT"); crlGenerator.setThisUpdate(thisDate); crlGenerator.setNextUpdate(nextDate); crlGenerator.setSignatureAlgorithm("SHA256WithRSAEncryption"); crlGenerator.addCRLEntry(caCertificate.getSerialNumber(), thisDate, CRLReason.cACompromise); X509CRL crl = crlGenerator.generateCRL(new KeyAndCertificateImpl(rootPrivateKey, rootCertificate)); assertEquals("EMAILADDRESS=root@example.com, CN=MITM Test Root, L=Amsterdam, ST=NH, C=NL", crl.getIssuerX500Principal().toString()); assertEquals(thisDate, crl.getThisUpdate()); assertEquals(nextDate, crl.getNextUpdate()); assertEquals(1, crl.getRevokedCertificates().size()); assertTrue(crl.isRevoked(caCertificate)); File crlFile = new File("test/tmp/test-generate-root-ca-revoked.crl"); FileOutputStream fos = new FileOutputStream(crlFile); IOUtils.write(crl.getEncoded(), fos); fos.close();//from www . j a v a 2 s . c o m }
From source file:mitm.common.security.crl.GenerateTestCRLs.java
@Test public void testGenerateCACRLSignedByIncorrectKey() throws Exception { X509CRLBuilder crlGenerator = createX509CRLBuilder(); Date thisDate = TestUtils.parseDate("30-Nov-2007 11:38:35 GMT"); Date nextDate = TestUtils.parseDate("30-Nov-2027 11:38:35 GMT"); crlGenerator.setThisUpdate(thisDate); crlGenerator.setNextUpdate(nextDate); crlGenerator.setSignatureAlgorithm("SHA256WithRSAEncryption"); X509Certificate certificate = TestUtils .loadCertificate("test/resources/testdata/certificates/" + "valid_certificate_mitm_test_ca.cer"); assertNotNull(certificate);/*from ww w . ja v a 2 s . com*/ crlGenerator.addCRLEntry(certificate.getSerialNumber(), thisDate, CRLReason.privilegeWithdrawn); String encodedPrivateKey = "30820276020100300d06092a864886f70d0101010500048202603082025c" + "02010002818100a9fee3017954c99b248d1486830c71b2e0ea3f9b7a2763" + "1bed8a731f5bd7e1edf856bc3fb7c63dedbeb5bb0de474e7792b3aa7e7b2" + "274c03a47c7d89b1935eaef172c6395f2322f1ed9e61ae46d716b4b4394c" + "1a802db05a2d7c3d1d41a3e8afc65ff8dada7414744f1ee1540e50ee7fb8" + "db437b20c5ee33a82b9d575cfbc951020301000102818004f84ab2b45562" + "3f82e60cff91bd3f65b765a1ce6dd7d0f1f413e421ba91a92d47e161478b" + "9be41b9b43bce03f199bdad304b7fbf21d6bff7f439477fe150ce38c312f" + "c015f3c89291aaa42c4c106f623dfd9f76acad2f1c77b590f038ffbb25f9" + "14b6f7ead769808ddd0e2d648442620b50518d9b7fb132b2fa1fa3e9d628" + "41024100e69ab3765120d0e0ba5dc21bf384b2f553211b4b1902175454c6" + "2f1b0f8ad385d78490539308c9fd5145ae36cc2a6d364fdd97d83d9b6623" + "a987db239e716055024100bcb77acf1e9829ab5b2c9a5e73d343db857474" + "a529ba52ca256655eb7d760e85d3c68eec9500e3db0494c8f77cb8058593" + "6e52a9290149367392d74ecdc3510d024100bd15723b7cb024b56ffabad3" + "c26c3774f2b1bdb8690c0ee7060feec6088b737f56450b368be4740332e5" + "a8c0a3cdd1f8eba9adfd101ee0b43329036584604075024055465b9a27ea" + "fe394e33b375a6c4fa4ec1d943b4364cd9883aaa297d05ee48d5b4426ee6" + "fcd5b02091cb619c63a10bedb6170e071e5e5464e4889ffe1e007a290240" + "7b60d23994a2ec38db909678446ed56d32455bf684141b9ee0aec68b2025" + "1d4d94fd2beebf02074559b811ae1130d2e2aa3bec2e9bccb06969104856" + "00c70759"; PrivateKey privateKey = decodePrivateKey(encodedPrivateKey); // sign not by the caPrivateKey but by some other key X509CRL crl = crlGenerator.generateCRL(new KeyAndCertificateImpl(privateKey, caCertificate)); assertEquals("EMAILADDRESS=ca@example.com, CN=MITM Test CA, L=Amsterdam, ST=NH, C=NL", crl.getIssuerX500Principal().toString()); assertEquals(thisDate, crl.getThisUpdate()); assertEquals(nextDate, crl.getNextUpdate()); assertEquals(1, crl.getRevokedCertificates().size()); assertTrue(crl.isRevoked(certificate)); File crlFile = new File("test/tmp/test-generate-ca-signed-incorrect-key.crl"); FileOutputStream fos = new FileOutputStream(crlFile); IOUtils.write(crl.getEncoded(), fos); fos.close(); }
From source file:eu.europa.ec.markt.dss.signature.cades.CAdESProfileC.java
/** * Create a reference to a X509CRL// w w w . j a v a2 s .c o m * * @param crl * @return * @throws NoSuchAlgorithmException * @throws CRLException */ private CrlValidatedID makeCrlValidatedID(X509CRL crl) throws NoSuchAlgorithmException, CRLException { MessageDigest sha1digest = MessageDigest.getInstance(X509ObjectIdentifiers.id_SHA1.getId(), new BouncyCastleProvider()); OtherHash hash = new OtherHash(sha1digest.digest(crl.getEncoded())); BigInteger crlnumber; CrlIdentifier crlid; if (crl.getExtensionValue("2.5.29.20") != null) { crlnumber = new DERInteger(crl.getExtensionValue("2.5.29.20")).getPositiveValue(); crlid = new CrlIdentifier(new X500Name(crl.getIssuerX500Principal().getName()), new DERUTCTime(crl.getThisUpdate()), crlnumber); } else { crlid = new CrlIdentifier(new X500Name(crl.getIssuerX500Principal().getName()), new DERUTCTime(crl.getThisUpdate())); } CrlValidatedID crlvid = new CrlValidatedID(hash, crlid); return crlvid; }