revokedCRLEntry.getRevocationDate().compareTo(signDate) <= 0) crlDistributionPointsURL + " on " + revokedCRLEntry.getRevocationDate(), revokedCRLEntry.getRevocationDate()); crlDistributionPointsURL + " on " + revokedCRLEntry.getRevocationDate());
revokedCRLEntry.getRevocationDate().compareTo(signDate) <= 0) crlDistributionPointsURL + " on " + revokedCRLEntry.getRevocationDate(), revokedCRLEntry.getRevocationDate()); crlDistributionPointsURL + " on " + revokedCRLEntry.getRevocationDate());
/** * Load the RevokedCertsTableModel with an array of X.509 CRL entries. * * @param revokedCerts * The X.509 CRL entries */ public void load(X509CRLEntry[] revokedCerts) { TreeMap<BigInteger, X509CRLEntry> sortedRevokedCerts = new TreeMap<>(); for (int i = 0; i < revokedCerts.length; i++) { sortedRevokedCerts.put(revokedCerts[i].getSerialNumber(), revokedCerts[i]); } data = new Object[sortedRevokedCerts.size()][2]; int i = 0; for (Iterator<?> itr = sortedRevokedCerts.entrySet().iterator(); itr.hasNext(); i++) { X509CRLEntry x509CrlEntry = (X509CRLEntry) ((Map.Entry) itr.next()).getValue(); data[i][0] = x509CrlEntry.getSerialNumber(); data[i][1] = x509CrlEntry.getRevocationDate(); } fireTableDataChanged(); }
/** * Instantiates a new revoked certificate exception. * * @param entry the entry */ public RevokedCertificateException(final X509CRLEntry entry) { this(entry.getRevocationDate(), entry.getSerialNumber(), getReasonFromX509Entry(entry)); }
/** * Instantiates a new revoked certificate exception. * * @param entry the entry */ public RevokedCertificateException(final X509CRLEntry entry) { this(DateTimeUtils.zonedDateTimeOf(entry.getRevocationDate()), entry.getSerialNumber(), getReasonFromX509Entry(entry)); }
log.debug("CRL status is valid for '" + subjectX500Principal + "'"); status.setValidity(CertificateValidity.VALID); } else if (crlEntry.getRevocationDate().after(validationDate)) { log.warn("CRL revocation time after the validation date, the certificate '" + subjectX500Principal + "' was valid at " + validationDate); status.setRevocationObjectIssuingTime(x509crl.getThisUpdate()); status.setValidity(CertificateValidity.VALID); } else { log.info("CRL for certificate '" + subjectX500Principal + "' is revoked since " + crlEntry.getRevocationDate()); status.setRevocationObjectIssuingTime(x509crl.getThisUpdate()); status.setRevocationDate(crlEntry.getRevocationDate()); status.setValidity(CertificateValidity.REVOKED);
Date revocationDate = revokedCertificate.getRevocationDate();
Date revocationDate = revokedCertificate.getRevocationDate();
+ childCertificate.getSubjectX500Principal()); return TrustLinkerResult.TRUSTED; } else if (crlEntry.getRevocationDate().after(validationDate)) { LOG.debug("CRL OK for: " + childCertificate.getSubjectX500Principal() + " at " + crlEntry.getRevocationDate()); if (crlEntry.hasExtensions()) { LOG.debug("critical extensions: "
/** * @param certificateToken the {@code CertificateToken} which is managed by this CRL. */ private void setRevocationStatus(final CertificateToken certificateToken) { final CertificateToken issuerToken = certificateToken.getIssuerToken(); if (!issuerToken.equals(crlValidity.issuerToken)) { if (!crlValidity.signatureIntact) { throw new DSSException(crlValidity.signatureInvalidityReason); } throw new DSSException("The CRLToken is not signed by the same issuer as the CertificateToken to be verified!"); } final BigInteger serialNumber = certificateToken.getSerialNumber(); final X509CRL x509crl = crlValidity.x509CRL; final X509CRLEntry crlEntry = x509crl.getRevokedCertificate(serialNumber); status = null == crlEntry; if (!status) { revocationDate = crlEntry.getRevocationDate(); final String revocationReason = DSSRevocationUtils.getRevocationReason(crlEntry); reason = revocationReason; } }
@Test public void retrieveRevocationInfo() throws IOException { try (InputStream fis = CRLParserTest.class.getResourceAsStream("/LTGRCA.crl"); BufferedInputStream is = new BufferedInputStream(fis)) { BigInteger serialNumber = new BigInteger("5203"); X509CRLEntry entry = parser.retrieveRevocationInfo(fis, serialNumber); assertNotNull(entry); assertNotNull(entry.getRevocationDate()); assertNotNull(entry.getRevocationReason()); assertNotNull(entry.getSerialNumber()); assertEquals(serialNumber, entry.getSerialNumber()); } }
if (!(validDate.getTime() < crl_entry.getRevocationDate().getTime()) || reasonCode == null || reasonCode.getValue().intValue() == 0 certStatus.setRevocationDate(crl_entry.getRevocationDate());
if (!(validDate.getTime() < crl_entry.getRevocationDate().getTime()) || reasonCode == null || reasonCode.getValue().intValue() == 0 certStatus.setRevocationDate(crl_entry.getRevocationDate());
if (!(validDate.getTime() < crl_entry.getRevocationDate().getTime()) || reasonCode == null || reasonCode.getValue().intValue() == 0 certStatus.setRevocationDate(crl_entry.getRevocationDate());
if (!(validDate.getTime() < crl_entry.getRevocationDate().getTime()) || reasonCode == null || reasonCode.getValue().intValue() == 0 certStatus.setRevocationDate(crl_entry.getRevocationDate());
if (!(validDate.getTime() < crl_entry.getRevocationDate().getTime()) || reasonCode == null || reasonCode.getValue().intValue() == 0 || reasonCode.getValue().intValue() == 1 certStatus.setRevocationDate(crl_entry.getRevocationDate());
@Test public void retrieveRevocationInfoMediumLastEntry() throws IOException { try (InputStream fis = CRLParserTest.class.getResourceAsStream("/http___crl.globalsign.com_gs_gspersonalsign2sha2g2.crl")) { BigInteger serialNumber = new BigInteger("288350169419475868349393264025423631520"); X509CRLEntry entry = parser.retrieveRevocationInfo(fis, serialNumber); assertNotNull(entry); assertNotNull(entry.getRevocationDate()); assertNull(entry.getRevocationReason()); assertNotNull(entry.getSerialNumber()); assertEquals(serialNumber, entry.getSerialNumber()); } }
@Test public void retrieveRevocationInfoMedium() throws IOException { try (InputStream fis = CRLParserTest.class.getResourceAsStream("/http___crl.globalsign.com_gs_gspersonalsign2sha2g2.crl")) { BigInteger serialNumber = new BigInteger("288350169419475868349393253038503091234"); X509CRLEntry entry = parser.retrieveRevocationInfo(fis, serialNumber); assertNotNull(entry); assertNotNull(entry.getRevocationDate()); assertNull(entry.getRevocationReason()); assertNotNull(entry.getSerialNumber()); assertEquals(serialNumber, entry.getSerialNumber()); } }
@Test public void retrieveRevocation() throws Exception { try (InputStream is = AbstractTestCRLUtils.class.getResourceAsStream("/http___crl.globalsign.com_gs_gspersonalsign2sha2g2.crl"); InputStream isCer = AbstractTestCRLUtils.class.getResourceAsStream("/citizen_ca.cer")) { CertificateToken certificateToken = loadCert(isCer); CRLValidity validity = CRLUtils.isValidCRL(is, certificateToken); BigInteger serialNumber = new BigInteger("288350169419475868349393253038503091234"); X509CRLEntry entry = CRLUtils.getRevocationInfo(validity, serialNumber); assertNotNull(entry); assertNotNull(entry.getRevocationDate()); assertNull(entry.getRevocationReason()); assertNotNull(entry.getSerialNumber()); assertEquals(serialNumber, entry.getSerialNumber()); serialNumber = new BigInteger("288350169419475868349393264025423631520"); entry = CRLUtils.getRevocationInfo(validity, serialNumber); assertNotNull(entry); assertNotNull(entry.getRevocationDate()); assertNull(entry.getRevocationReason()); assertNotNull(entry.getSerialNumber()); assertEquals(serialNumber, entry.getSerialNumber()); serialNumber = new BigInteger("111111111111111111111111111"); entry = CRLUtils.getRevocationInfo(validity, serialNumber); assertNull(entry); } }
/** * @param certificateToken * the {@code CertificateToken} which is managed by this CRL. */ private void setRevocationStatus(final CertificateToken certificateToken) { final X500Principal issuerToken = certificateToken.getIssuerX500Principal(); CertificateToken crlSigner = crlValidity.getIssuerToken(); X500Principal crlSignerSubject = null; if (crlSigner != null) { crlSignerSubject = crlSigner.getSubjectX500Principal(); } if (!DSSUtils.x500PrincipalAreEquals(issuerToken, crlSignerSubject)) { if (!crlValidity.isSignatureIntact()) { throw new DSSException(crlValidity.getSignatureInvalidityReason()); } throw new DSSException("The CRLToken is not signed by the same issuer as the CertificateToken to be verified!"); } final BigInteger serialNumber = certificateToken.getSerialNumber(); X509CRLEntry crlEntry = CRLUtils.getRevocationInfo(crlValidity, serialNumber); status = null == crlEntry; if (!status) { revocationDate = crlEntry.getRevocationDate(); CRLReason revocationReason = crlEntry.getRevocationReason(); if (revocationReason != null) { reason = CRLReasonEnum.fromInt(revocationReason.ordinal()); } } }