List of usage examples for org.bouncycastle.asn1.x509 IssuingDistributionPoint IssuingDistributionPoint
private IssuingDistributionPoint(ASN1Sequence seq)
From source file:org.cesecore.certificates.crl.CrlCreateSessionCRLTest.java
License:Open Source License
/** * Tests the extension CRL Distribution Point on CRLs *//*from w w w. j a v a 2 s .c o m*/ @Test public void testCRLDistPointOnCRL() throws Exception { final String cdpURL = "http://www.ejbca.org/foo/bar.crl"; X509CAInfo cainfo = (X509CAInfo) testx509ca.getCAInfo(); X509CRL x509crl; byte[] cdpDER; cainfo.setUseCrlDistributionPointOnCrl(true); cainfo.setDefaultCRLDistPoint(cdpURL); caSession.editCA(roleMgmgToken, cainfo); crlCreateSession.forceCRL(roleMgmgToken, testx509ca.getCAId()); x509crl = CertTools.getCRLfromByteArray(crlStoreSession.getLastCRL(cainfo.getSubjectDN(), false)); cdpDER = x509crl.getExtensionValue(X509Extensions.IssuingDistributionPoint.getId()); assertNotNull("CRL has no distribution points", cdpDER); ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(cdpDER)); ASN1OctetString octs = (ASN1OctetString) aIn.readObject(); aIn = new ASN1InputStream(new ByteArrayInputStream(octs.getOctets())); IssuingDistributionPoint cdp = new IssuingDistributionPoint((ASN1Sequence) aIn.readObject()); DistributionPointName distpoint = cdp.getDistributionPoint(); assertEquals("CRL distribution point is different", cdpURL, ((DERIA5String) ((GeneralNames) distpoint.getName()).getNames()[0].getName()).getString()); cainfo.setUseCrlDistributionPointOnCrl(false); cainfo.setDefaultCRLDistPoint(""); caSession.editCA(roleMgmgToken, cainfo); crlCreateSession.forceCRL(roleMgmgToken, testx509ca.getCAId()); x509crl = CertTools.getCRLfromByteArray(crlStoreSession.getLastCRL(cainfo.getSubjectDN(), false)); assertNull("CRL has distribution points", x509crl.getExtensionValue(X509Extensions.CRLDistributionPoints.getId())); }
From source file:org.ejbca.core.ejb.ca.crl.CreateCRLSessionTest.java
License:Open Source License
/** * Tests the extension CRL Distribution Point on CRLs * /* w w w . ja v a 2 s. c o m*/ * @throws Exception * error */ public void test06CRLDistPointOnCRL() throws Exception { log.trace(">test06CRLDistPointOnCRL()"); final String cdpURL = "http://www.ejbca.org/foo/bar.crl"; X509CAInfo cainfo = (X509CAInfo) ca.getCAInfo(); X509CRL x509crl; byte[] cdpDER; cainfo.setUseCrlDistributionPointOnCrl(true); cainfo.setDefaultCRLDistPoint(cdpURL); caAdminSession.editCA(admin, cainfo); ca = caSession.getCA(admin, caid); crlCreateSession.run(admin, ca); x509crl = CertTools.getCRLfromByteArray(crlSession.getLastCRL(admin, cainfo.getSubjectDN(), false)); cdpDER = x509crl.getExtensionValue(X509Extensions.IssuingDistributionPoint.getId()); assertNotNull("CRL has no distribution points", cdpDER); ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(cdpDER)); ASN1OctetString octs = (ASN1OctetString) aIn.readObject(); aIn = new ASN1InputStream(new ByteArrayInputStream(octs.getOctets())); IssuingDistributionPoint cdp = new IssuingDistributionPoint((ASN1Sequence) aIn.readObject()); DistributionPointName distpoint = cdp.getDistributionPoint(); assertEquals("CRL distribution point is different", cdpURL, ((DERIA5String) ((GeneralNames) distpoint.getName()).getNames()[0].getName()).getString()); cainfo.setUseCrlDistributionPointOnCrl(false); cainfo.setDefaultCRLDistPoint(""); caAdminSession.editCA(admin, cainfo); ca = caSession.getCA(admin, caid); crlCreateSession.run(admin, ca); x509crl = CertTools.getCRLfromByteArray(crlSession.getLastCRL(admin, cainfo.getSubjectDN(), false)); assertNull("CRL has distribution points", x509crl.getExtensionValue(X509Extensions.CRLDistributionPoints.getId())); log.trace("<test06CRLDistPointOnCRL()"); }
From source file:org.glite.security.util.FileCRLChecker.java
License:Apache License
/** * Checks the issuerDistributionPoint extension, whether it contains unsupported information. * /*w ww. j av a2s .c o m*/ * @throws CertificateException thrown in case there is problems with the certificate handling. * @throws IOException thrown in case the extension parsing fails. */ private void checkIssuinDistributionPoint() throws CertificateException, IOException { byte extensionBytes[] = m_crl.getExtensionValue(X509Extensions.IssuingDistributionPoint.toString()); ASN1Object object = ASN1Object.fromByteArray(extensionBytes); if (!(object instanceof DEROctetString)) { throw new CertificateException( "Invalid data in IssuingDistributionPoint extension, not DEROctetString"); } DEROctetString string = (DEROctetString) object; object = ASN1Object.fromByteArray(string.getOctets()); if (!(object instanceof ASN1Sequence)) { throw new CertificateException("Invalid data in IssuingDistributionPoint extension, not ASN1Sequence"); } IssuingDistributionPoint issuingDistributionPoint = new IssuingDistributionPoint((ASN1Sequence) object); if (issuingDistributionPoint.onlyContainsAttributeCerts()) { throw new CertificateException("CRL only contains attribute certs, not useful for authentication."); } if (issuingDistributionPoint.getOnlySomeReasons() != null) { throw new CertificateException( "CRL only contains some reasons of revocations, can't trust the certificates without other complementing CRL(s), which is not supported."); } }