/** * Base constructor. * * @param crl CRL to be used a the source for the holder creation. * @throws CRLException if there is a problem extracting the CRL information. */ public JcaX509CRLHolder(X509CRL crl) throws CRLException { super(CertificateList.getInstance(crl.getEncoded())); } }
public static CertificateList getInstance( Object obj) { if (obj instanceof CertificateList) { return (CertificateList)obj; } else if (obj != null) { return new CertificateList(ASN1Sequence.getInstance(obj)); } return null; }
/** * Return the ASN.1 encoding of this holder's CRL. * * @return a DER encoded byte array. * @throws IOException if an encoding cannot be generated. */ public byte[] getEncoded() throws IOException { return x509CRL.getEncoded(); }
/** * Return a collection of X509CRLEntryHolder objects, giving the details of the * revoked certificates that appear on this CRL. * * @return the revoked certificates as a collection of X509CRLEntryHolder objects. */ public Collection getRevokedCertificates() { TBSCertList.CRLEntry[] entries = x509CRL.getRevokedCertificates(); List l = new ArrayList(entries.length); GeneralNames currentCA = issuerName; for (Enumeration en = x509CRL.getRevokedCertificateEnumeration(); en.hasMoreElements();) { TBSCertList.CRLEntry entry = (TBSCertList.CRLEntry)en.nextElement(); X509CRLEntryHolder crlEntry = new X509CRLEntryHolder(entry, isIndirect, currentCA); l.add(crlEntry); currentCA = crlEntry.getCertificateIssuer(); } return l; }
/** * Validate the signature on the CRL. * * @param verifierProvider a ContentVerifierProvider that can generate a verifier for the signature. * @return true if the signature is valid, false otherwise. * @throws CertException if the signature cannot be processed or is inappropriate. */ public boolean isSignatureValid(ContentVerifierProvider verifierProvider) throws CertException { TBSCertList tbsCRL = x509CRL.getTBSCertList(); if (!CertUtils.isAlgIdEqual(tbsCRL.getSignature(), x509CRL.getSignatureAlgorithm())) { throw new CertException("signature invalid - algorithm identifier mismatch"); } ContentVerifier verifier; try { verifier = verifierProvider.get((tbsCRL.getSignature())); OutputStream sOut = verifier.getOutputStream(); DEROutputStream dOut = new DEROutputStream(sOut); dOut.writeObject(tbsCRL); sOut.close(); } catch (Exception e) { throw new CertException("unable to process signature: " + e.getMessage(), e); } return verifier.verify(x509CRL.getSignature().getOctets()); }
public byte[] getTBSCertList() throws CRLException { try { return c.getTBSCertList().getEncoded("DER"); } catch (IOException e) { throw new CRLException(e.toString()); } }
private void doVerify(PublicKey key, Signature sig) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, SignatureException { if (!c.getSignatureAlgorithm().equals(c.getTBSCertList().getSignature())) { throw new CRLException("Signature algorithm on CertificateList does not match TBSCertList."); } sig.initVerify(key); sig.update(this.getTBSCertList()); if (!sig.verify(this.getSignature())) { throw new SignatureException("CRL does not verify with supplied public key."); } }
/** * Create a X509CRLHolder from the passed in ASN.1 structure. * * @param x509CRL an ASN.1 CertificateList structure. */ public X509CRLHolder(CertificateList x509CRL) { this.x509CRL = x509CRL; this.extensions = x509CRL.getTBSCertList().getExtensions(); this.isIndirect = isIndirectCRL(extensions); this.issuerName = new GeneralNames(new GeneralName(x509CRL.getIssuer())); }
public X500Principal getIssuerX500Principal() { try { return new X500Principal(c.getIssuer().getEncoded()); } catch (IOException e) { throw new IllegalStateException("can't encode issuer DN"); } }
private Set loadCRLEntries() { Set entrySet = new HashSet(); Enumeration certs = c.getRevokedCertificateEnumeration(); X500Name previousCertificateIssuer = null; // the issuer while (certs.hasMoreElements()) { TBSCertList.CRLEntry entry = (TBSCertList.CRLEntry)certs.nextElement(); X509CRLEntryObject crlEntry = new X509CRLEntryObject(entry, isIndirect, previousCertificateIssuer); entrySet.add(crlEntry); if (isIndirect && entry.hasExtensions()) { Extension currentCaName = entry.getExtensions().getExtension(Extension.certificateIssuer); if (currentCaName != null) { previousCertificateIssuer = X500Name.getInstance(GeneralNames.getInstance(currentCaName.getParsedValue()).getNames()[0].getName()); } } } return entrySet; }
Enumeration certs = c.getRevokedCertificateEnumeration(); X500Name caName = c.getIssuer();
TBSCertList.CRLEntry[] certs = c.getRevokedCertificates(); X500Name caName = c.getIssuer();
public String getSigAlgOID() { return c.getSignatureAlgorithm().getAlgorithm().getId(); }
public byte[] getSignature() { return c.getSignature().getOctets(); }
public boolean equals( Object o) { if (o == this) { return true; } if (!(o instanceof X509CRLHolder)) { return false; } X509CRLHolder other = (X509CRLHolder)o; return this.x509CRL.equals(other.x509CRL); }
/** * Validate the signature on the CRL. * * @param verifierProvider a ContentVerifierProvider that can generate a verifier for the signature. * @return true if the signature is valid, false otherwise. * @throws CertException if the signature cannot be processed or is inappropriate. */ public boolean isSignatureValid(ContentVerifierProvider verifierProvider) throws CertException { TBSCertList tbsCRL = x509CRL.getTBSCertList(); if (!CertUtils.isAlgIdEqual(tbsCRL.getSignature(), x509CRL.getSignatureAlgorithm())) { throw new CertException("signature invalid - algorithm identifier mismatch"); } ContentVerifier verifier; try { verifier = verifierProvider.get((tbsCRL.getSignature())); OutputStream sOut = verifier.getOutputStream(); DEROutputStream dOut = new DEROutputStream(sOut); dOut.writeObject(tbsCRL); sOut.close(); } catch (Exception e) { throw new CertException("unable to process signature: " + e.getMessage(), e); } return verifier.verify(x509CRL.getSignature().getOctets()); }
public byte[] getTBSCertList() throws CRLException { try { return c.getTBSCertList().getEncoded("DER"); } catch (IOException e) { throw new CRLException(e.toString()); } }
private void doVerify(PublicKey key, Signature sig) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, SignatureException { if (!c.getSignatureAlgorithm().equals(c.getTBSCertList().getSignature())) { throw new CRLException("Signature algorithm on CertificateList does not match TBSCertList."); } sig.initVerify(key); sig.update(this.getTBSCertList()); if (!sig.verify(this.getSignature())) { throw new SignatureException("CRL does not verify with supplied public key."); } }
private void init(CertificateList x509CRL) { this.x509CRL = x509CRL; this.extensions = x509CRL.getTBSCertList().getExtensions(); this.isIndirect = isIndirectCRL(extensions); this.issuerName = new GeneralNames(new GeneralName(x509CRL.getIssuer())); }
/** * Return the issuer of this holder's CRL. * * @return the CRL issuer. */ public X500Name getIssuer() { return X500Name.getInstance(x509CRL.getIssuer()); }