Example usage for java.security.cert X509CRL verify

List of usage examples for java.security.cert X509CRL verify

  1. HOME
  2. Java
  3. java
  4. java.security.cert.*
  5. X509CRL
  6. verify

Introduction

In this page you can find the example usage for java.security.cert X509CRL verify.

Prototype

public void verify(PublicKey key, Provider sigProvider)
        throws CRLException, NoSuchAlgorithmException, InvalidKeyException, SignatureException

Source Link

Document

Verifies that this CRL was signed using the private key that corresponds to the given public key.

Usage

From source file:mitm.common.security.crl.CRLLocator.java

private boolean acceptCRL(X509Certificate issuer, X509CRL crl) throws NoSuchProviderException {
    boolean accept = false;

    try {/*from w  w w  .  j  a va  2 s. co m*/
        /* 
         * make sure the CRL is signed by the issuer.
         */
        crl.verify(issuer.getPublicKey(), securityFactory.getNonSensitiveProvider());

        accept = true;
    } catch (InvalidKeyException e) {
        logger.error("CRL could not be verified.", e);
        accept = false;
    } catch (CRLException e) {
        logger.error("CRL could not be verified.", e);
        accept = false;
    } catch (NoSuchAlgorithmException e) {
        logger.error("CRL could not be verified.", e);
        accept = false;
    } catch (SignatureException e) {
        /*
         * This can happen if a CRL is found that is not issued by the issuer. The CRL
         * is found because the subject is equal to the issuer but it is not really 
         * issued by the issuer. Can happen for example if you have multiple CAs with
         * the same subject
         */
        if (logger.isDebugEnabled()) {
            logger.error("CRL could not be verified. Hash not correct", e);
        } else {
            logger.error("CRL could not be verified. Hash not correct. Message: "
                    + ExceptionUtils.getRootCauseMessage(e));
        }
        accept = false;
    }

    return accept;
}

From source file:mitm.common.security.crl.PKIXRevocationChecker.java

private boolean acceptCRL(X509Certificate targetCertificate, X509CRL crl, PublicKey issuerPublicKey, Date now) {
    boolean accept = false;

    try {//from w  ww. j a va2 s  .c  o  m
        /* make sure the CRL is signed by the issuer. */
        crl.verify(issuerPublicKey, securityFactory.getNonSensitiveProvider());

        try {
            if (preFilter(targetCertificate, crl)) {
                accept = true;
            }
        } catch (IOException e) {
            logger.error("IO Error pre-filtering the CRL and certificate.", e);
        }
    } catch (SignatureException e) {
        LogUtils.logWarnStackTraceOnDebug(logger, "CRL could not be verified. Hash not correct", e);
        accept = false;
    } catch (Exception e) {
        LogUtils.logErrorStackTraceOnDebug(logger, "CRL could not be verified.", e);
        accept = false;
    }

    return accept;
}

From source file:org.candlepin.util.X509CRLStreamWriterTest.java

private X509CRL readCRL(PublicKey signatureKey) throws Exception {
    // We could return a X509CRLHolder but that class isn't as fully featured as the built in
    // X509CRL.//from  ww w  . ja  v a 2s .c  o  m
    InputStream changedStream = new BufferedInputStream(new FileInputStream(outfile));
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    X509CRL changedCrl = (X509CRL) cf.generateCRL(changedStream);
    changedCrl.verify(signatureKey, BC.PROVIDER_NAME);

    return changedCrl;
}