/** * Indicates if this certificate has an CRL extension expiredCertOnCRL. * * @return */ public boolean hasExpiredCertOnCRLExtension() { final byte[] extensionValue = x509Certificate.getExtensionValue(OID.id_ce_expiredCertsOnCRL.getId()); if (extensionValue != null) { try { final ASN1Primitive derObject = DSSASN1Utils.toASN1Primitive(extensionValue); if (derObject instanceof DEROctetString) { final boolean derOctetStringNull = DSSASN1Utils.isDEROctetStringNull((DEROctetString) derObject); return derOctetStringNull; } } catch (Exception e) { LOG.debug("Exception when processing 'id_ce_expiredCertsOnCRL'", e); } } return false; }
/** * Indicates if the revocation data should be checked for an OCSP signing certificate.<br> * http://www.ietf.org/rfc/rfc2560.txt?number=2560<br> * A CA may specify that an OCSP client can trust a responder for the lifetime of the responder's certificate. The CA * does so by including the extension id-pkix-ocsp-nocheck. This SHOULD be a non-critical extension. The value of the * extension should be NULL. * * @return */ public boolean hasIdPkixOcspNoCheckExtension() { final byte[] extensionValue = x509Certificate.getExtensionValue(OID.id_pkix_ocsp_no_check.getId()); if (extensionValue != null) { try { final ASN1Primitive derObject = DSSASN1Utils.toASN1Primitive(extensionValue); if (derObject instanceof DEROctetString) { final boolean derOctetStringNull = DSSASN1Utils.isDEROctetStringNull((DEROctetString) derObject); return derOctetStringNull; } } catch (Exception e) { LOG.debug("Exception when processing 'id_pkix_ocsp_no_check'", e); } } return false; }