java.security.cert.X509CRL.isRevoked()方法的使用及代码示例
本文整理了Java中java.security.cert.X509CRL.isRevoked()方法的一些代码示例,展示了X509CRL.isRevoked()的具体用法。这些代码示例主要来源于Github/Stackoverflow/Maven等平台,是从一些精选项目中提取出来的代码,具有较强的参考意义,能在一定程度帮忙到你。X509CRL.isRevoked()方法的具体详情如下:
包路径:java.security.cert.X509CRL
类名称:X509CRL
方法名:isRevoked
X509CRL.isRevoked介绍
暂无
代码示例
代码示例来源:origin: org.eclipse.neoscada.core/org.eclipse.scada.sec.authz.signature
public boolean isRevoked ( final X509Certificate cert )
{
for ( final X509CRL crl : this.crls )
{
if ( crl.isRevoked ( cert ) )
{
return true;
}
}
return false;
}代码示例来源:origin: wso2/wso2-synapse
private RevocationStatus getRevocationStatus(X509CRL x509CRL, X509Certificate peerCert) {
if (x509CRL.isRevoked(peerCert)) {
return RevocationStatus.REVOKED;
} else {
return RevocationStatus.GOOD;
}
}代码示例来源:origin: de.dentrassi.eclipse.neoscada.core/org.eclipse.scada.sec.authz.signature
public boolean isRevoked ( final X509Certificate cert )
{
for ( final X509CRL crl : this.crls )
{
if ( crl.isRevoked ( cert ) )
{
return true;
}
}
return false;
}代码示例来源:origin: org.wso2.transport.http/org.wso2.transport.http.netty
private RevocationStatus getRevocationStatus(X509CRL x509CRL, X509Certificate peerCert) {
if (x509CRL.isRevoked(peerCert)) {
return RevocationStatus.REVOKED;
} else {
return RevocationStatus.GOOD;
}
}代码示例来源:origin: org.jsslutils/jsslutils
@Override
public boolean isRevoked(Certificate cert) {
X509CRL crl = this.crl;
if (crl != null) {
return crl.isRevoked(cert);
} else {
return false;
}
}代码示例来源:origin: puppetlabs/certificate-authority
/**
* Given a certificate revocation list and certificate,
* test if the certificate has been revoked.
*
* Note that if the certificate and CRL have different issuers,
* {@code false} will be returned even if the certificate's
* serial number is on the CRL (i.e. previously revoked).
*
* @param crl The certificate revocation list to check
* @param certificate The certificate to check
* @return {@code true} if the certificate is on the revocation list,
{@code false} otherwise.
* @see #revoke
* @see #generateCRL
*/
public static boolean isRevoked(X509CRL crl, X509Certificate certificate) {
return crl.isRevoked(certificate);
}代码示例来源:origin: puppetlabs/ssl-utils
/**
* Given a certificate revocation list and certificate,
* test if the certificate has been revoked.
*
* Note that if the certificate and CRL have different issuers,
* {@code false} will be returned even if the certificate's
* serial number is on the CRL (i.e. previously revoked).
*
* @param crl The certificate revocation list to check
* @param certificate The certificate to check
* @return {@code true} if the certificate is on the revocation list,
{@code false} otherwise.
* @see #revoke
* @see #generateCRL
*/
public static boolean isRevoked(X509CRL crl, X509Certificate certificate) {
return crl.isRevoked(certificate);
}代码示例来源:origin: io.apigee.trireme/trireme-kernel
private void checkCRL(X509Certificate[] certs)
throws CertificateException
{
for (X509Certificate cert : certs) {
for (X509CRL crl : crls) {
if (crl.isRevoked(cert)) {
throw new CertificateException("Certificate not trusted per the CRL");
}
}
}
}代码示例来源:origin: se.vgregion.commons-util/commons-util-core-bc-composite-security
public static void verifyCertificateCRLs(X509Certificate cert) throws CertificateException {
try {
List<String> crlDistPoints = getCrlDistributionPoints(cert);
for (String crlDP : crlDistPoints) {
X509CRL crl = downloadCRL(crlDP);
if (crl.isRevoked(cert)) {
throw new CertificateException("The certificate is revoked by CRL: " + crlDP);
}
}
} catch (Exception ex) {
if (ex instanceof CertificateException) {
throw (CertificateException) ex;
} else {
throw new CertificateException("Can not verify CRL for certificate: " + cert.getSubjectX500Principal());
}
}
}代码示例来源:origin: OPCFoundation/UA-Java-Legacy
private boolean isRevoked(Cert cert) {
Set<X509CRL> crls = store.getRevocationLists();
for(X509CRL crl : crls){
if(crl.isRevoked(cert.getCertificate())){
return true;
}
}
return false;
}代码示例来源:origin: org.demoiselle.signer/signature-core
@Override
public void validate(X509Certificate x509) throws CertificateValidatorException {
Collection<ICPBR_CRL> crls = crlRepository.getX509CRL(x509);
if (crls == null || crls.isEmpty()) {
throw new CertificateValidatorException("Não foi possível verificar se o certificado está Revogado. Nenhuma lista válida foi encontrada.");
}
for (ICPBR_CRL icpbr_crl : crls) {
if (icpbr_crl.getCRL().isRevoked(x509)) {
throw new CertificateValidatorException("Certificado Revogado");
}
}
}
}代码示例来源:origin: demoiselle/certificate
@Override
public void validate(X509Certificate x509) throws CertificateValidatorException {
Collection<ICPBR_CRL> crls = crlRepository.getX509CRL(x509);
if (crls == null || crls.isEmpty()) {
throw new CertificateValidatorException("Não foi possível verificar se o certificado está Revogado. Nenhuma lista válida foi encontrada.");
}
for (ICPBR_CRL icpbr_crl : crls) {
if (icpbr_crl.getCRL().isRevoked(x509)) {
throw new CertificateValidatorException("Certificado Revogado");
}
}
}
}代码示例来源:origin: igniterealtime/Spark
/**
* Check if given certificate is revoked looking on it's CRL (if exist).
* @param cert which is validated
* @return true if certificate is revoked, false if it isn't or CRL cannot be accessed (because it might not exist).
*/
public boolean checkRevocation(X509Certificate cert) {
boolean revoked = false;
try {
SparkTrustManager man = new SparkTrustManager();
Collection<X509CRL> crls = man.loadCRL(new X509Certificate[] { cert });
CertificateFactory cf = CertificateFactory.getInstance("X.509");
for (X509CRL crl : crls) {
if (crl.isRevoked(cert)) {
revoked = true;
break;
}
}
} catch (CRLException | CertificateException | IOException | InvalidAlgorithmParameterException
| NoSuchAlgorithmException | CertStoreException e) {
Log.warning("Cannot check validity", e);
}
return revoked;
}代码示例来源:origin: com.itextpdf/itextpdf
/**
* Verifies a certificate against a single CRL.
* @param crl the Certificate Revocation List
* @param signCert a certificate that needs to be verified
* @param issuerCert its issuer
* @param signDate the sign date
* @return true if the verification succeeded
* @throws GeneralSecurityException
*/
public boolean verify(X509CRL crl, X509Certificate signCert, X509Certificate issuerCert, Date signDate) throws GeneralSecurityException {
if (crl == null || signDate == null)
return false;
// We only check CRLs valid on the signing date for which the issuer matches
if (crl.getIssuerX500Principal().equals(signCert.getIssuerX500Principal())
&& signDate.after(crl.getThisUpdate()) && signDate.before(crl.getNextUpdate())) {
// the signing certificate may not be revoked
if (isSignatureValid(crl, issuerCert) && crl.isRevoked(signCert)) {
throw new VerificationException(signCert, "The certificate has been revoked.");
}
return true;
}
return false;
}代码示例来源:origin: com.itextpdf/sign
/**
* Verifies a certificate against a single CRL.
* @param crl the Certificate Revocation List
* @param signCert a certificate that needs to be verified
* @param issuerCert its issuer
* @param signDate the sign date
* @return true if the verification succeeded
* @throws GeneralSecurityException
*/
public boolean verify(X509CRL crl, X509Certificate signCert, X509Certificate issuerCert, Date signDate) throws GeneralSecurityException {
if (crl == null || signDate == SignUtils.UNDEFINED_TIMESTAMP_DATE)
return false;
// We only check CRLs valid on the signing date for which the issuer matches
if (crl.getIssuerX500Principal().equals(signCert.getIssuerX500Principal())
&& signDate.after(crl.getThisUpdate()) && signDate.before(crl.getNextUpdate())) {
// the signing certificate may not be revoked
if (isSignatureValid(crl, issuerCert) && crl.isRevoked(signCert)) {
throw new VerificationException(signCert, "The certificate has been revoked.");
}
return true;
}
return false;
}代码示例来源:origin: itext/itext7
/**
* Verifies a certificate against a single CRL.
* @param crl the Certificate Revocation List
* @param signCert a certificate that needs to be verified
* @param issuerCert its issuer
* @param signDate the sign date
* @return true if the verification succeeded
* @throws GeneralSecurityException
*/
public boolean verify(X509CRL crl, X509Certificate signCert, X509Certificate issuerCert, Date signDate) throws GeneralSecurityException {
if (crl == null || signDate == SignUtils.UNDEFINED_TIMESTAMP_DATE)
return false;
// We only check CRLs valid on the signing date for which the issuer matches
if (crl.getIssuerX500Principal().equals(signCert.getIssuerX500Principal())
&& signDate.after(crl.getThisUpdate()) && signDate.before(crl.getNextUpdate())) {
// the signing certificate may not be revoked
if (isSignatureValid(crl, issuerCert) && crl.isRevoked(signCert)) {
throw new VerificationException(signCert, "The certificate has been revoked.");
}
return true;
}
return false;
}代码示例来源:origin: com.itextpdf/itextg
/**
* Verifies a certificate against a single CRL.
* @param crl the Certificate Revocation List
* @param signCert a certificate that needs to be verified
* @param issuerCert its issuer
* @param signDate the sign date
* @return true if the verification succeeded
* @throws GeneralSecurityException
*/
public boolean verify(X509CRL crl, X509Certificate signCert, X509Certificate issuerCert, Date signDate) throws GeneralSecurityException {
if (crl == null || signDate == null)
return false;
// We only check CRLs valid on the signing date for which the issuer matches
if (crl.getIssuerX500Principal().equals(signCert.getIssuerX500Principal())
&& signDate.after(crl.getThisUpdate()) && signDate.before(crl.getNextUpdate())) {
// the signing certificate may not be revoked
if (isSignatureValid(crl, issuerCert) && crl.isRevoked(signCert)) {
throw new VerificationException(signCert, "The certificate has been revoked.");
}
return true;
}
return false;
}代码示例来源:origin: org.icepdf.os/icepdf-core
/**
* Extracts the CRL distribution points from the certificate (if available)
* and checks the certificate revocation status against the CRLs coming from
* the distribution points. Supports HTTP, HTTPS, FTP and LDAP based URLs.
*
* @param cert the certificate to be checked for revocation
* @throws CertificateVerificationException if the certificate is revoked
*/
public static void verifyCertificateCRLs(X509Certificate cert)
throws CertificateVerificationException, RevocationVerificationException {
try {
List<String> crlDistPoints = getCrlDistributionPoints(cert);
for (String crlDP : crlDistPoints) {
X509CRL crl = downloadCRL(crlDP);
if (crl.isRevoked(cert)) {
throw new RevocationVerificationException(
"The certificate is revoked by CRL: " + crlDP);
}
}
} catch (Exception ex) {
if (ex instanceof CertificateVerificationException) {
throw (CertificateVerificationException) ex;
} else {
throw new CertificateVerificationException(
"Can not verify CRL for certificate: " +
cert.getSubjectX500Principal());
}
}
}代码示例来源:origin: igniterealtime/Spark
loadCRL(chain);
for (X509CRL crl : crlCollection) {
if (crl.isRevoked(chain[0])) {
throw new CertificateException("Certificate is revoked");代码示例来源:origin: org.demoiselle.signer/core
@Override
public void validate(X509Certificate x509) throws CertificateValidatorCRLException, CertificateRevocationException {
if (x509 != null){
Collection<ICPBR_CRL> crls = null;
try {
crls = crlRepository.getX509CRL(x509);
} catch (Exception e) {
throw new CertificateValidatorCRLException(e.getMessage());
}
if (crls == null || crls.isEmpty()) {
throw new CertificateValidatorCRLException(coreMessagesBundle.getString("error.validate.on.crl"));
}
for (ICPBR_CRL icpbr_crl : crls) {
if (icpbr_crl.getCRL().isRevoked(x509)) {
throw new CertificateRevocationException(coreMessagesBundle.getString("error.certificate.repelead"));
}
}
}else{
throw new CertificateValidatorCRLException(coreMessagesBundle.getString("error.invalid.certificate"));
}
}
}内容来源于网络,如有侵权,请联系作者删除!
