java.security.cert.X509CRL类的使用及代码示例
本文整理了Java中java.security.cert.X509CRL类的一些代码示例,展示了X509CRL类的具体用法。这些代码示例主要来源于Github/Stackoverflow/Maven等平台,是从一些精选项目中提取出来的代码,具有较强的参考意义,能在一定程度帮忙到你。X509CRL类的具体详情如下:
包路径:java.security.cert.X509CRL
类名称:X509CRL
X509CRL介绍
[英]Abstract base class for X.509 certificate revocation lists (CRL).
More information regarding CRL can be found in RFC 2459, "Internet X.509 Public Key Infrastructure Certificate and CRL Profile" at http://www.ietf.org/rfc/rfc2459.txt.
[中]X.509证书吊销列表(CRL)的抽象基类。
有关CRL的更多信息,请参见RFC 2459,“Internet X.509公钥基础设施证书和CRL配置文件”,网址为http://www.ietf.org/rfc/rfc2459.txt。
代码示例
代码示例来源:origin: robovm/robovm
/**
* Returns the hashcode of this CRL instance.
*
* @return the hashcode.
*/
public int hashCode() {
try {
int res = 0;
byte[] array = getEncoded();
for (int i=0; i<array.length; i++) {
res += array[i] & 0xFF;
}
return res;
} catch (CRLException e) {
return 0;
}
}代码示例来源:origin: robovm/robovm
crlist.getIssuerX500Principal().getName(
X500Principal.CANONICAL)))) {
return false;
byte[] bytes = crlist.getExtensionValue("2.5.29.20");
bytes = (byte[]) ASN1OctetString.getInstance().decode(bytes);
BigInteger crlNumber = new BigInteger((byte[])
ASN1Integer.getInstance().decode(bytes));
if ((minCRL != null) && (crlNumber.compareTo(minCRL) < 0)) {
return false;
if ((maxCRL != null) && (crlNumber.compareTo(maxCRL) > 0)) {
return false;
Date thisUp = crlist.getThisUpdate();
Date nextUp = crlist.getNextUpdate();
if ((thisUp == null) || (nextUp == null)) {
return false;
if ((dateAndTime < thisUp.getTime())
|| (dateAndTime > nextUp.getTime())) {
return false;代码示例来源:origin: robovm/robovm
/**
* Returns the CRL entry for the specified certificate.
*
* @param certificate
* the certificate to search a CRL entry for.
* @return the entry for the specified certificate, or {@code null} if not
* found.
*/
public X509CRLEntry getRevokedCertificate(X509Certificate certificate) {
if (certificate == null) {
throw new NullPointerException("certificate == null");
}
return getRevokedCertificate(certificate.getSerialNumber());
}代码示例来源:origin: robovm/robovm
/**
* Returns the issuer distinguished name of this CRL.
*
* @return the issuer distinguished name of this CRL.
*/
public X500Principal getIssuerX500Principal() {
try {
// TODO if there is no X.509 certificate provider installed
// should we try to access Harmony X509CRLImpl via classForName?
CertificateFactory factory = CertificateFactory
.getInstance("X.509");
X509CRL crl = (X509CRL) factory
.generateCRL(new ByteArrayInputStream(getEncoded()));
return crl.getIssuerX500Principal();
} catch (Exception e) {
throw new RuntimeException("Failed to get X500Principal issuer", e);
}
}代码示例来源:origin: org.apache.poi/poi-ooxml
} catch (CRLException e) {
throw new RuntimeException("CRL parse error: "
+ e.getMessage(), e);
String issuerName = crl.getIssuerDN().getName().replace(",", ", ");
crlIdentifier.setIssuer(issuerName);
Calendar cal = Calendar.getInstance(TimeZone.getTimeZone("Z"), Locale.ROOT);
cal.setTime(crl.getThisUpdate());
crlIdentifier.setIssueTime(cal);
crlIdentifier.setNumber(getCrlNumber(crl));
EncapsulatedPKIDataType encapsulatedPKIDataType = certificateValues.addNewEncapsulatedX509Certificate();
try {
encapsulatedPKIDataType.setByteArrayValue(certificate.getEncoded());
} catch (CertificateEncodingException e) {
throw new RuntimeException("certificate encoding error: " + e.getMessage(), e);代码示例来源:origin: org.wso2.transport.http/org.wso2.transport.http.netty
/**
* CRL has a validity period. We can reuse a downloaded CRL within that period.
* thisUpdate - (the time indicating that the CA knows this status is correct),
* nextUpdate - (the time that newer information will be available,
* implying that this information is the most accurate to date)
*/
public boolean isValid() {
Date today = new Date();
Date nextUpdate = crl.getNextUpdate();
return nextUpdate != null && nextUpdate.after(today);
}代码示例来源:origin: org.xipki/ca-server
Args.notNull(crl, "crl");
byte[] encodedExtnValue = crl.getExtensionValue(Extension.cRLNumber.getId());
Long crlNumber = null;
if (encodedExtnValue != null) {
byte[] extnValue = DEROctetString.getInstance(encodedExtnValue).getOctets();
crlNumber = ASN1Integer.getInstance(extnValue).getPositiveValue().longValue();
encodedExtnValue = crl.getExtensionValue(Extension.deltaCRLIndicator.getId());
Long baseCrlNumber = null;
if (encodedExtnValue != null) {
byte[] extnValue = DEROctetString.getInstance(encodedExtnValue).getOctets();
baseCrlNumber = ASN1Integer.getInstance(extnValue).getPositiveValue().longValue();
String b64Crl = Base64.encodeToString(crl.getEncoded());
ps.setInt(idx++, ca.getId());
setLong(ps, idx++, crlNumber);
Date date = crl.getThisUpdate();
ps.setLong(idx++, date.getTime() / 1000);
setDateSeconds(ps, idx++, crl.getNextUpdate());
setBoolean(ps, idx++, (baseCrlNumber != null));
setLong(ps, idx++, baseCrlNumber);代码示例来源:origin: ibinti/bugvm
crl_entry = crl.getRevokedCertificate(getSerialNumber(cert));
if (!getEncodedIssuerPrincipal(cert).equals(certIssuer))
else if (!getEncodedIssuerPrincipal(cert).equals(getIssuerPrincipal(crl)))
crl_entry = crl.getRevokedCertificate(getSerialNumber(cert));
if (!(validDate.getTime() < crl_entry.getRevocationDate().getTime())
|| reasonCode == null
|| reasonCode.getValue().intValue() == 0
|| reasonCode.getValue().intValue() == 1
|| reasonCode.getValue().intValue() == 2
|| reasonCode.getValue().intValue() == 8)代码示例来源:origin: ibinti/bugvm
.getIssuerPrincipal(completeCRL).getEncoded());
try
idp = completeCRL.getExtensionValue(ISSUING_DISTRIBUTION_POINT);
.add(BigInteger.valueOf(1)));代码示例来源:origin: com.itextpdf/itextpdf
/**
* Verifies a certificate against a single CRL.
* @param crl the Certificate Revocation List
* @param signCert a certificate that needs to be verified
* @param issuerCert its issuer
* @param signDate the sign date
* @return true if the verification succeeded
* @throws GeneralSecurityException
*/
public boolean verify(X509CRL crl, X509Certificate signCert, X509Certificate issuerCert, Date signDate) throws GeneralSecurityException {
if (crl == null || signDate == null)
return false;
// We only check CRLs valid on the signing date for which the issuer matches
if (crl.getIssuerX500Principal().equals(signCert.getIssuerX500Principal())
&& signDate.after(crl.getThisUpdate()) && signDate.before(crl.getNextUpdate())) {
// the signing certificate may not be revoked
if (isSignatureValid(crl, issuerCert) && crl.isRevoked(signCert)) {
throw new VerificationException(signCert, "The certificate has been revoked.");
}
return true;
}
return false;
}代码示例来源:origin: GluuFederation/oxAuth
private boolean validateCRL(X509CRL x509crl, X509Certificate certificate, X509Certificate issuerCertificate, Date validationDate) {
Principal subjectX500Principal = certificate.getSubjectX500Principal();
if (!x509crl.getIssuerX500Principal().equals(issuerCertificate.getSubjectX500Principal())) {
log.error("The CRL must be signed by the issuer '" + subjectX500Principal + "' but instead is signed by '"
+ x509crl.getIssuerX500Principal() + "'");
return false;
x509crl.verify(issuerCertificate.getPublicKey());
} catch (Exception ex) {
log.error("The signature verification for CRL cannot be performed", ex);
log.debug("CRL nextUpdate: " + x509crl.getThisUpdate());
log.debug("CRL thisUpdate: " + x509crl.getNextUpdate());
if (x509crl.getNextUpdate() != null && validationDate.after(x509crl.getNextUpdate())) {
log.error("CRL is too old");
return false;代码示例来源:origin: arhs/sd-dss
final Date thisUpdate = x509CRL.getThisUpdate();
if (!certificateToken.hasExpiredCertOnCRLExtension()) {
if (thisUpdate.before(certificateToken.getNotBefore()) || thisUpdate.after(certificateToken.getNotAfter())) {
if (bestX509UpdateDate == null || thisUpdate.after(bestX509UpdateDate)) {代码示例来源:origin: luisgoncalves/xades4j
if (!this.dnComparer.areEqual(crl.getIssuerX500Principal(), crlRef.issuerDN) ||
!crl.getThisUpdate().equals(crlRef.issueTime.getTime()))
continue;
if (crlNum != null && !crlRef.serialNumber.equals(crlNum))
continue;
if (Arrays.equals(md.digest(crl.getEncoded()), crlRef.digestValue))
throw new CompleteRevocRefsReferenceException(crl, ex.getMessage());代码示例来源:origin: apache/pdfbox
if (certificate.getSubjectX500Principal().equals(crl.getIssuerX500Principal()))
crl.verify(issuerCertificate.getPublicKey(), SecurityProvider.getProvider().getName());
CRLVerifier.checkRevocation(crl, certInfo.getCertificate(), signDate.getTime(), certInfo.getCrlUrl());
COSStream crlStream = writeDataToStream(crl.getEncoded());
crls.add(crlStream);
if (correspondingCRLs != null)
try
signatureHash = MessageDigest.getInstance("SHA-1").digest(crl.getSignature());
foundRevocationInformation.add(certInfo.getCertificate().getSerialNumber());代码示例来源:origin: apache/pdfbox
for (X509Certificate possibleCert : mergedCertSet)
if (crl.getIssuerX500Principal().equals(possibleCert.getSubjectX500Principal()))
"Certificate for " + crl.getIssuerX500Principal() +
"not found in certificate chain, so the CRL at " +
crlDistributionPointsURL + " could not be verified");
crl.verify(crlIssuerCert.getPublicKey(), SecurityProvider.getProvider().getName());
if (!crl.getIssuerX500Principal().equals(cert.getIssuerX500Principal()))代码示例来源:origin: be.fedict.jtrust/jtrust-lib
private boolean isCrlInValidationDate(X509CRL crl, Date validationDate) {
Date thisUpdate = crl.getThisUpdate();
LOG.debug("validation date: " + validationDate);
LOG.debug("CRL this update: " + thisUpdate);
if (thisUpdate.after(validationDate)) {
LOG.warn("CRL too young");
return false;
}
LOG.debug("CRL next update: " + crl.getNextUpdate());
if (validationDate.after(crl.getNextUpdate())) {
LOG.debug("CRL too old");
return false;
}
return true;
}
}代码示例来源:origin: org.jasig.cas/cas-server-support-x509
/**
* Determines whether the given CRL is expired by comparing the nextUpdate field
* with a given date.
*
* @param crl CRL to examine.
* @param reference Reference date for comparison.
*
* @return True if reference date is after CRL next update, false otherwise.
*/
public static boolean isExpired(final X509CRL crl, final Date reference) {
return reference.after(crl.getNextUpdate());
}代码示例来源:origin: puppetlabs/ssl-utils
Date nextUpdate = now.plusYears(5).toDate();
X509v2CRLBuilder builder =
new JcaX509v2CRLBuilder(crl.getIssuerX500Principal(), thisUpdate);
builder.setNextUpdate(nextUpdate);
crlNumber = (crlNumber == null) ? BigInteger.ZERO : crlNumber;
builder.addExtension(Extension.cRLNumber, false,
new CRLNumber(crlNumber.add(BigInteger.ONE)));
builder.addExtension(Extension.authorityKeyIdentifier, false,
new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(issuerPublicKey));代码示例来源:origin: apache/pdfbox
throws RevokedCertificateException
X509CRLEntry revokedCRLEntry = crl.getRevokedCertificate(cert);
if (revokedCRLEntry != null &&
revokedCRLEntry.getRevocationDate().compareTo(signDate) <= 0)代码示例来源:origin: se.vgregion.commons-util/commons-util-core-bc-composite-security
public static void verifyCertificateCRLs(X509Certificate cert) throws CertificateException {
try {
List<String> crlDistPoints = getCrlDistributionPoints(cert);
for (String crlDP : crlDistPoints) {
X509CRL crl = downloadCRL(crlDP);
if (crl.isRevoked(cert)) {
throw new CertificateException("The certificate is revoked by CRL: " + crlDP);
}
}
} catch (Exception ex) {
if (ex instanceof CertificateException) {
throw (CertificateException) ex;
} else {
throw new CertificateException("Can not verify CRL for certificate: " + cert.getSubjectX500Principal());
}
}
}内容来源于网络,如有侵权,请联系作者删除!
