List of usage examples for java.security.cert CRLException CRLException
public CRLException(Throwable cause)
From source file:mitm.djigzo.web.pages.crl.CRLImport.java
public void onValidateFromUpload(UploadedFile file) throws NoSuchProviderException { /*/*from w w w . j a v a 2 s.c o m*/ * We need to check if the uploaded file is really a certificate file. */ try { Collection<X509CRL> crls; try { crls = CRLUtils.readX509CRLs(file.getStream()); } catch (CertificateException e) { throw new CRLException(e); } catch (SecurityFactoryFactoryException e) { throw new CRLException(e); } if (crls.size() == 0) { form.recordError("The uploaded file does not contain valid CRLs."); } } catch (CRLException e) { logger.error("Error validating uploaded file.", e); form.recordError("The uploaded file is not a valid CRL file."); } }
From source file:mitm.common.security.crl.X509CRLBuilderImpl.java
@Override public X509CRL generateCRL(KeyAndCertificate issuer) throws CRLException { Check.notNull(issuer, "issuer"); Check.notNull(issuer.getCertificate(), "issuer#certificate"); Check.notNull(thisUpdate, "thisUpdate"); try {/*from www. java 2 s . c o m*/ X509v2CRLBuilder builder = new X509v2CRLBuilder( X500PrincipalUtils.toX500Name(issuer.getCertificate().getSubjectX500Principal()), thisUpdate); if (CollectionUtils.isNotEmpty(crls)) { for (X509CRL crl : crls) { builder.addCRL(new X509CRLHolder(crl.getEncoded())); } } if (CollectionUtils.isNotEmpty(entries)) { for (Entry entry : entries) { builder.addCRLEntry(entry.serialNumber, entry.revocationDate, entry.reason); } } if (nextUpdate != null) { builder.setNextUpdate(nextUpdate); } return getX509CRL(builder.build(getContentSigner(issuer.getPrivateKey()))); } catch (IllegalStateException e) { throw new CRLException(e); } catch (IOException e) { throw new CRLException(e); } catch (OperatorCreationException e) { throw new CRLException(e); } }
From source file:mitm.common.security.crl.PKITSTest.java
private static void addCRL(File crlFile, X509CRLStoreExt crlStore) throws CRLException { try {/* w ww . j a v a 2 s .co m*/ X509CRL crl = TestUtils.loadX509CRL(crlFile); crlStore.addCRL(crl); } catch (CRLStoreException e) { throw new CRLException(e); } catch (CertificateException e) { throw new CRLException(e); } catch (NoSuchProviderException e) { throw new CRLException(e); } catch (SecurityFactoryFactoryException e) { throw new CRLException(e); } catch (FileNotFoundException e) { throw new CRLException(e); } }
From source file:mitm.common.security.crl.HTTPCRLDownloadHandler.java
private Collection<? extends CRL> downloadCRLs(URI uri, TaskScheduler watchdog) throws IOException, HttpException, CRLException, FileNotFoundException { Collection<? extends CRL> crls = null; HttpClient httpClient = new HttpClient(); HttpConnectionManagerParams params = httpClient.getHttpConnectionManager().getParams(); params.setConnectionTimeout((int) downloadParameters.getConnectTimeout()); params.setSoTimeout((int) downloadParameters.getReadTimeout()); if (proxyInjector != null) { try {//w w w .j ava2 s.com proxyInjector.setProxy(httpClient); } catch (ProxyException e) { throw new IOException(e); } } HttpMethod getMethod = new GetMethod(uri.toString()); getMethod.setFollowRedirects(true); getMethod.setRequestHeader("User-Agent", NetUtils.HTTP_USER_AGENT); /* * Add watchdog that will interrupt the thread on timeout. we want the abort to fire first so add 50% */ Task threadWatchdogTask = new ThreadInterruptTimeoutTask(Thread.currentThread(), watchdog.getName()); watchdog.addTask(threadWatchdogTask, (long) (downloadParameters.getTotalTimeout() * 1.5)); /* * Add watchdog that will abort the HTTPMethod on timeout. we want to close the input first so add 20% */ Task httpMethodAbortTimeoutTask = new HTTPMethodAbortTimeoutTask(getMethod, watchdog.getName()); watchdog.addTask(httpMethodAbortTimeoutTask, (long) (downloadParameters.getTotalTimeout() * 1.2)); try { logger.debug("Setting up a connection to: " + uri); int statusCode = 0; try { statusCode = httpClient.executeMethod(getMethod); } catch (IllegalArgumentException e) { /* * HttpClient can throw IllegalArgumentException when the host is not set */ throw new CRLException(e); } if (statusCode != HttpStatus.SC_OK) { throw new IOException("Error getting CRL. Message: " + getMethod.getStatusLine()); } InputStream urlStream = getMethod.getResponseBodyAsStream(); if (urlStream == null) { throw new IOException("Response body is null."); } /* * add a timeout watchdog on the input */ Task inputWatchdogTask = new InputStreamTimeoutTask(urlStream, watchdog.getName()); watchdog.addTask(inputWatchdogTask, downloadParameters.getTotalTimeout()); /* * we want to set a max on the number of bytes to download. We do not want * a rogue server to provide us with a 1 TB CRL. */ InputStream limitInputStream = new SizeLimitedInputStream(urlStream, downloadParameters.getMaxBytes()); ReadableOutputStreamBuffer output = new ReadableOutputStreamBuffer(memThreshold); try { IOUtils.copy(limitInputStream, output); if (threadWatchdogTask.hasRun() || httpMethodAbortTimeoutTask.hasRun() || inputWatchdogTask.hasRun()) { /* a timeout has occurred */ throw new IOException(TIMEOUT_ERROR + uri); } try { InputStream input = output.getInputStream(); try { crls = CRLUtils.readCRLs(input); } finally { IOUtils.closeQuietly(input); } if (crls == null || crls.size() == 0) { logger.debug("No CRLs found in the downloaded stream."); } } catch (CertificateException e) { throw new CRLException(e); } catch (NoSuchProviderException e) { throw new CRLException(e); } catch (SecurityFactoryFactoryException e) { throw new CRLException(e); } } finally { /* * we need to close ReadableOutputStreamBuffer to prevent temp file leak */ IOUtils.closeQuietly(output); } } finally { getMethod.releaseConnection(); } return crls; }
From source file:org.opensaml.xml.security.x509.X509Util.java
/** * Decodes CRLS in DER or PKCS#7 format. If in PKCS#7 format only the CRLs are decode, the rest of the content is * ignored./*from w ww . jav a2s. c o m*/ * * @param crls encoded CRLs * * @return decoded CRLs * * @throws CRLException thrown if the CRLs can not be decoded */ @SuppressWarnings("unchecked") public static Collection<X509CRL> decodeCRLs(byte[] crls) throws CRLException { try { CertificateFactory cf = CertificateFactory.getInstance("X.509"); return (Collection<X509CRL>) cf.generateCRLs(new ByteArrayInputStream(crls)); } catch (GeneralSecurityException e) { throw new CRLException("Unable to decode X.509 certificates"); } }
From source file:org.viafirma.nucleo.validacion.CRLUtil.java
/** * Se conecta a la url indicada y se descarga las crls. No se esta usando * *******************!!! En desarrollo, no funciona * /*from w w w .j a v a 2s . co m*/ * @param hostURL * @return * @throws CRLException * No se ha podido recuperar el listado * @throws CertificateParsingException */ @SuppressWarnings("unchecked") private InputStream getIoCrlFromFNMTLDAP(X509Certificate certificadoX509) throws CRLException, CertificateParsingException { // ************************ // recupero las propiedades para realizar la busqueda en LDAP. // EJ :[CN=CRL1, OU=FNMT Clase 2 CA, O=FNMT, C=ES] {2.5.4.11=FNMT Clase // 2 CA, 2.5.4.10=FNMT, 2.5.4.6=ES, 2.5.4.3=CRL1} Map<String, String> propiedades = new HashMap<String, String>(); try { log.debug("Recuperando puntos de distribucin CRL del certificado FNMT: " + certificadoX509.getIssuerDN()); // recupero la extensin OID 2.5.29.31 ( id-ce-cRLDistributionPoinds // segun el RFC 3280 seccin 4.2.1.14) byte[] val1 = certificadoX509.getExtensionValue(OID_CRLS); if (val1 == null) { log.debug(" El certificado NO tiene punto de distribucin de CRL "); } else { ASN1InputStream oAsnInStream = new ASN1InputStream(new ByteArrayInputStream(val1)); DERObject derObj = oAsnInStream.readObject(); DEROctetString dos = (DEROctetString) derObj; byte[] val2 = dos.getOctets(); ASN1InputStream oAsnInStream2 = new ASN1InputStream(new ByteArrayInputStream(val2)); DERObject derObj2 = oAsnInStream2.readObject(); X509Handler.getCurrentInstance().readPropiedadesOid(OID_CRLS, derObj2, propiedades); } } catch (Exception e) { e.printStackTrace(); throw new CertificateParsingException(e.toString()); } // comprobamos la configuracin if (isSomeFNMTValorNull()) { throw new CRLException( "Para el acceso a las CRLs de la FNMT es necesario las credenciales. Indique el parametro de configuracin :" + Constantes.CONEXION_LDAP_CRL_FNMT); } String CN = "CN=" + propiedades.get(FNMT_CN_IDENTIFICADOR) + "," + certificadoX509.getIssuerDN(); log.debug("Buscando en el LDAP " + CN); // ********************************************** // Nos conectamos al LDAP para recuperar la CRLs. Properties env = new Properties(); env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(Context.PROVIDER_URL, fnmtLDAPHostURL); env.put(Context.SECURITY_AUTHENTICATION, "simple"); env.put(Context.SECURITY_PRINCIPAL, fnmtPrincipal); env.put(Context.SECURITY_CREDENTIALS, fnmtCredencial); env.put(Context.REFERRAL, "follow"); try { DirContext ctx = new InitialDirContext(env); SearchControls searchControls = new SearchControls(); searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE); NamingEnumeration namings = (ctx.search(CN, "(objectclass=*)", searchControls)); log.debug("Se ha logrado conectar al LDAP"); if (namings.hasMore()) { log.debug("Recuperando el contenido de la CRLs"); // recupero el resultado SearchResult resultado = ((SearchResult) namings.next()); // recupero todos los atributos del resultado Attributes avals = resultado.getAttributes(); // recupero los bytes. byte[] bytes; if ((avals.get("certificateRevocationList;binary")) != null) { log.debug("Atributos deben estar en binario"); Attribute atributo = (avals.get("certificateRevocationList;binary")); bytes = ((byte[]) atributo.get()); } else { log.debug("Atributos en exadecimal En Hexadecimal"); Attribute atributo = (avals.get("certificateRevocationList")); bytes = ((byte[]) atributo.get()); log.debug("Por implementar"); } if (bytes != null) { ByteArrayInputStream io = new ByteArrayInputStream(bytes); return io; } } } catch (NamingException e) { log.error("No se puede conectar al LDAP!!", e); } return null; }