Example usage for java.security.cert CertificateFactory generateCRL

List of usage examples for java.security.cert CertificateFactory generateCRL

  1. HOME
  2. Java
  3. java
  4. java.security.cert.*
  5. CertificateFactory
  6. generateCRL

Introduction

In this page you can find the example usage for java.security.cert CertificateFactory generateCRL.

Prototype

public final CRL generateCRL(InputStream inStream) throws CRLException

Source Link

Document

Generates a certificate revocation list (CRL) object and initializes it with the data read from the input stream inStream .

Usage

From source file:org.wso2.carbon.identity.certificateauthority.crl.CrlTools.java

/**
 * returns a crl from a crl byte array/* w  ww  . j  av  a 2 s. c  o  m*/
 *
 * @param crl byte array of the crl
 * @return x509CRL object
 * @throws CRLException
 * @throws CertificateException
 */
public static X509CRL getCRLfromByteArray(byte[] crl) throws CRLException, CertificateException {
    log.trace(">getCRLfromByteArray");
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    X509CRL x509crl = (X509CRL) cf.generateCRL(new ByteArrayInputStream(crl));
    log.trace("<getCRLfromByteArray");

    return x509crl;
}

From source file:org.xdi.oxauth.cert.validation.CRLCertificateVerifier.java

public X509CRL requestCRL(String url)
        throws IOException, MalformedURLException, CertificateException, CRLException {
    HttpURLConnection con = (HttpURLConnection) new URL(url).openConnection();
    try {//  ww w  . ja  va  2  s  .  c o m
        con.setUseCaches(false);

        InputStream in = new BoundedInputStream(con.getInputStream(), maxCrlSize);
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            X509CRL crl = (X509CRL) certificateFactory.generateCRL(in);
            log.debug("CRL size: " + crl.getEncoded().length + " bytes");

            return crl;
        } finally {
            IOUtils.closeQuietly(in);
        }
    } catch (IOException ex) {
        log.error("Failed to download CRL from '" + url + "'", ex);
    } finally {
        if (con != null) {
            con.disconnect();
        }
    }

    return null;
}

From source file:test.integ.be.fedict.trust.XKMSRevocationTest.java

@Test
public void testValidateNonRepudiationEIDCertificateReturnRevocationDataThenValidateHistorically()
        throws Exception {
    LOG.debug("validate eID non repudiation certificate and return revocation data.");

    // setup//from   w  w  w. j  av a 2s .c o m
    Date validationDate = new Date();

    /*
     * Operate: validate non repudiation and return used revocation data
     */
    client.validate(TrustServiceDomains.BELGIAN_EID_NON_REPUDIATION_TRUST_DOMAIN, signCertificateChain, true);

    // verify
    RevocationValuesType revocationValues = client.getRevocationValues();
    assertNotNull(revocationValues);
    assertNotNull(revocationValues.getOCSPValues());
    assertNotNull(revocationValues.getCRLValues());
    assertEquals(1, revocationValues.getOCSPValues().getEncapsulatedOCSPValue().size());
    assertEquals(1, revocationValues.getCRLValues().getEncapsulatedCRLValue().size());

    // verify OCSP response revocation data
    EncapsulatedPKIDataType ocspData = revocationValues.getOCSPValues().getEncapsulatedOCSPValue().get(0);
    OCSPResp ocspResp = new OCSPResp(ocspData.getValue());
    assertNotNull(ocspResp);
    assertEquals(OCSPResponseStatus.SUCCESSFUL, ocspResp.getStatus());
    BasicOCSPResp basicOCSPResp = (BasicOCSPResp) ocspResp.getResponseObject();
    assertNotNull(basicOCSPResp);
    assertEquals(1, basicOCSPResp.getResponses().length);
    for (SingleResp singleResp : basicOCSPResp.getResponses()) {
        assertNull(singleResp.getCertStatus());
    }

    // verify CRL revocation data
    EncapsulatedPKIDataType crlData = revocationValues.getCRLValues().getEncapsulatedCRLValue().get(0);
    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");
    ByteArrayInputStream bais = new ByteArrayInputStream(crlData.getValue());
    X509CRL crl = (X509CRL) certificateFactory.generateCRL(bais);
    assertNotNull(crl);

    /*
     * Operate: historical validation of non repudiation with just returned
     * used revocation data (indirect, use list of ocsp resonses and crls )
     */
    client.validate(TrustServiceDomains.BELGIAN_EID_NON_REPUDIATION_TRUST_DOMAIN, signCertificateChain,
            validationDate, revocationValues);

    /*
     * Operate: historical validation of non repudiation with just returned
     * used revocation data (direct, append the RevocationValuesType object
     * returned by earlier call)
     */
    client.validate(TrustServiceDomains.BELGIAN_EID_NON_REPUDIATION_TRUST_DOMAIN, signCertificateChain,
            validationDate, Collections.singletonList(ocspResp), Collections.singletonList(crl));

    // setup
    Calendar calendar = Calendar.getInstance();
    calendar.setTime(validationDate);
    calendar.add(Calendar.YEAR, -1);

    /*
     * Operate: historical validation of non repudiation with just returned
     * used revocation data and year old validation date
     */
    try {
        client.validate(TrustServiceDomains.BELGIAN_EID_NON_REPUDIATION_TRUST_DOMAIN, signCertificateChain,
                calendar.getTime(), Collections.singletonList(ocspResp), Collections.singletonList(crl));
        fail();
    } catch (ValidationFailedException e) {
        // expected
        assertEquals(TrustLinkerResultReason.INVALID_VALIDITY_INTERVAL, e.getReasons().get(0));
    }
}

From source file:tools.pki.gbay.crypto.keys.validation.CertificateRevocationList.java

/**
 * Read PEM or DER incuded CRL from byte array
 * @param crlbyte// w ww  .  j  a  v  a 2  s .  c om
 * @return CRL
 * @throws CRLException
 * @throws CertificateException
 */
public static X509CRL fromByteArray(byte[] crlbyte) throws CRLException, CertificateException {
    CertificateFactory factory = null;
    factory = CertificateFactory.getInstance("X509");
    if (org.apache.commons.codec.binary.Base64.isBase64(crlbyte))
        return (X509CRL) factory.generateCRL(new Base64InputStream(new ByteArrayInputStream(crlbyte)));
    else
        return (X509CRL) factory.generateCRL(new ByteArrayInputStream(crlbyte));
}

From source file:tools.pki.gbay.crypto.keys.validation.CertificateRevocationList.java

/**
 * Open CRL file//from  ww  w . ja  v a2s .  c om
 * @param address Address of a PEM or DER encoded CRL
 * @return CRL
 * @throws CertificateException
 * @throws IOException
 * @throws CRLException
 */
public static X509CRL openCRLFile(String address) throws CertificateException, IOException, CRLException {
    CertificateFactory cf = CertificateFactory.getInstance("X509");
    InputStream in = new FileInputStream(address);
    byte[] data = IOUtils.toByteArray(in);

    X509CRL crl = null;
    if (org.apache.commons.codec.binary.Base64.isBase64(data)) {
        crl = (X509CRL) cf.generateCRL(new Base64InputStream(new ByteArrayInputStream(data)));
    } else {
        crl = (X509CRL) cf.generateCRL(new ByteArrayInputStream(data));
    }
    return crl;

}

From source file:tools.pki.gbay.crypto.keys.validation.CertificateRevocationList.java

/**
 * Open a CRL (PEM or DER)//from  w  ww . ja  v  a  2s.  c om
 * @param data byte array of CRL
 * @return CRL
 * @throws CertificateException
 * @throws IOException
 * @throws CRLException
 */
public static X509CRL openCRLByte(byte[] data) throws CertificateException, IOException, CRLException {
    CertificateFactory cf = CertificateFactory.getInstance("X509");
    if (org.apache.commons.codec.binary.Base64.isBase64(data)) {
        log.info("Your CRL is BASE64 encoded, we decode and then open");
        return (X509CRL) cf.generateCRL(new Base64InputStream(new ByteArrayInputStream(data)));
    } else {
        log.info("Openning DER encoded CRL...");

        return (X509CRL) cf.generateCRL(new ByteArrayInputStream(data));
    }
}