/** * Convert an {@link org.opensaml.xml.signature.X509CRL} into a native Java representation. * * @param xmlCRL object to extract the CRL from * * @return a native Java {@link java.security.cert.X509CRL} object * * @throws CRLException thrown if there is a problem converting the * CRL data into {@link java.security.cert.X509CRL}s */ public static X509CRL getCRL(org.opensaml.xml.signature.X509CRL xmlCRL) throws CRLException { if (xmlCRL == null || xmlCRL.getValue() == null) { return null; } Collection<X509CRL> crls = X509Util.decodeCRLs(Base64.decode(xmlCRL.getValue())); return crls.iterator().next(); }
/** * Parses the CRLs from the validation info configuration. * * @param configChildren children of the validation info element * @param builder validation info build */ protected void parseCRLs(Map<QName, List<Element>> configChildren, BeanDefinitionBuilder builder) { List<Element> crlElems = configChildren.get(new QName(SecurityNamespaceHandler.NAMESPACE, "CRL")); if (crlElems == null || crlElems.isEmpty()) { return; } log.debug("Parsing PKIX validation info CRLs"); ArrayList<X509CRL> crls = new ArrayList<X509CRL>(); byte[] encodedCRL; Collection<X509CRL> decodedCRLs; for (Element crlElem : crlElems) { encodedCRL = getEncodedCRL(DatatypeHelper.safeTrimOrNullString(crlElem.getTextContent())); if (encodedCRL == null) { continue; } try { decodedCRLs = X509Util.decodeCRLs(encodedCRL); crls.addAll(decodedCRLs); } catch (CRLException e) { throw new FatalBeanException("Unable to create PKIX validation info, unable to parse CRLs", e); } } builder.addPropertyValue("crls", crls); }
/** * Convert an {@link org.opensaml.xml.signature.X509CRL} into a native Java representation. * * @param xmlCRL object to extract the CRL from * * @return a native Java {@link java.security.cert.X509CRL} object * * @throws CRLException thrown if there is a problem converting the * CRL data into {@link java.security.cert.X509CRL}s */ public static X509CRL getCRL(org.opensaml.xml.signature.X509CRL xmlCRL) throws CRLException { if (xmlCRL == null || xmlCRL.getValue() == null) { return null; } Collection<X509CRL> crls = X509Util.decodeCRLs(Base64.decode(xmlCRL.getValue())); return crls.iterator().next(); }
/** * Parses the CRLs from the credential configuration. * * @param configChildren children of the credential element * @param builder credential build */ protected void parseCRLs(Map<QName, List<Element>> configChildren, BeanDefinitionBuilder builder) { List<Element> crlElems = configChildren.get(new QName(SecurityNamespaceHandler.NAMESPACE, "CRL")); if (crlElems == null || crlElems.isEmpty()) { return; } log.debug("Parsing x509 credential CRLs"); ArrayList<X509CRL> crls = new ArrayList<X509CRL>(); byte[] encodedCRL; Collection<X509CRL> decodedCRLs; for (Element crlElem : crlElems) { encodedCRL = getEncodedCRL(DatatypeHelper.safeTrimOrNullString(crlElem.getTextContent())); if (encodedCRL == null) { continue; } try { decodedCRLs = X509Util.decodeCRLs(encodedCRL); crls.addAll(decodedCRLs); } catch (CRLException e) { throw new FatalBeanException("Unable to create X509 credential, unable to parse CRLs", e); } } builder.addPropertyValue("crls", crls); }
/** * Decodes CRLS in DER or PKCS#7 format. If in PKCS#7 format only the CRLs are decode, the rest of the content is * ignored. * * @param crls encoded CRLs * * @return decoded CRLs * * @throws CRLException thrown if the CRLs can not be decoded * * @since 1.2 */ public static Collection<X509CRL> decodeCRLs(File crls) throws CRLException{ if(!crls.exists()){ throw new CRLException("CRL file " + crls.getAbsolutePath() + " does not exist"); } if(!crls.canRead()){ throw new CRLException("CRL file " + crls.getAbsolutePath() + " is not readable"); } try{ return decodeCRLs(DatatypeHelper.fileToByteArray(crls)); }catch(IOException e){ throw new CRLException("Error reading CRL file " + crls.getAbsolutePath(), e); } }
/** * Decodes CRLS in DER or PKCS#7 format. If in PKCS#7 format only the CRLs are decode, the rest of the content is * ignored. * * @param crls encoded CRLs * * @return decoded CRLs * * @throws CRLException thrown if the CRLs can not be decoded * * @since 1.2 */ public static Collection<X509CRL> decodeCRLs(File crls) throws CRLException{ if(!crls.exists()){ throw new CRLException("CRL file " + crls.getAbsolutePath() + " does not exist"); } if(!crls.canRead()){ throw new CRLException("CRL file " + crls.getAbsolutePath() + " is not readable"); } try{ return decodeCRLs(DatatypeHelper.fileToByteArray(crls)); }catch(IOException e){ throw new CRLException("Error reading CRL file " + crls.getAbsolutePath(), e); } }