List of usage examples for java.security.cert X509CRL getEncoded
public abstract byte[] getEncoded() throws CRLException;
From source file:com.aqnote.shared.cryptology.cert.io.PKCSTransformer.java
public static String getCRLFileB64(X509CRL x509CRL) throws Exception { return Base64.encodeBase64String(x509CRL.getEncoded()); }
From source file:mitm.common.security.crl.X509CRLInspector.java
/** * Calculates the thumbprint of the CRL using the given digest algorithm. * @throws CRLException // w w w. ja v a2 s .c o m * @throws NoSuchProviderException * @throws NoSuchAlgorithmException */ public static String getThumbprint(X509CRL crl, Digest digest) throws NoSuchAlgorithmException, NoSuchProviderException, CRLException { return getThumbprint(crl.getEncoded(), digest); }
From source file:be.fedict.eid.dss.spi.utils.XAdESUtils.java
public static void checkReference(X509CRL crl, CompleteRevocationRefsType completeRevocationRefs) throws XAdESValidationException { byte[] encodedCRL; try {/* ww w . j a v a 2 s. co m*/ encodedCRL = crl.getEncoded(); } catch (CRLException e) { throw new XAdESValidationException("CRL encoding error: " + e.getMessage(), e); } CRLRefsType crlRefs = completeRevocationRefs.getCRLRefs(); if (null == crlRefs) { throw new XAdESValidationException("missing CRLRefs"); } for (CRLRefType crlRef : crlRefs.getCRLRef()) { DigestAlgAndValueType digestAlgAndValue = crlRef.getDigestAlgAndValue(); String xmlDigestAlgo = digestAlgAndValue.getDigestMethod().getAlgorithm(); MessageDigest messageDigest; try { messageDigest = MessageDigest.getInstance(getDigestAlgo(xmlDigestAlgo)); } catch (NoSuchAlgorithmException e) { throw new XAdESValidationException("message digest algo error: " + e.getMessage(), e); } byte[] expectedDigestValue = messageDigest.digest(encodedCRL); byte[] refDigestValue = digestAlgAndValue.getDigestValue(); if (Arrays.equals(expectedDigestValue, refDigestValue)) { return; } } throw new XAdESValidationException("CRL not referenced"); }
From source file:be.fedict.trust.crl.OnlineCrlRepository.java
private X509CRL getCrl(URI crlUri) throws IOException, CertificateException, CRLException, NoSuchProviderException, NoSuchParserException, StreamParsingException { HttpClient httpClient = new HttpClient(); if (null != this.networkConfig) { httpClient.getHostConfiguration().setProxy(this.networkConfig.getProxyHost(), this.networkConfig.getProxyPort()); }/*ww w.j ava 2s . c om*/ if (null != this.credentials) { HttpState httpState = httpClient.getState(); this.credentials.init(httpState); } String downloadUrl = crlUri.toURL().toString(); LOG.debug("downloading CRL from: " + downloadUrl); GetMethod getMethod = new GetMethod(downloadUrl); getMethod.addRequestHeader("User-Agent", "jTrust CRL Client"); int statusCode = httpClient.executeMethod(getMethod); if (HttpURLConnection.HTTP_OK != statusCode) { LOG.debug("HTTP status code: " + statusCode); return null; } CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC"); X509CRL crl = (X509CRL) certificateFactory.generateCRL(getMethod.getResponseBodyAsStream()); LOG.debug("CRL size: " + crl.getEncoded().length + " bytes"); return crl; }
From source file:net.maritimecloud.identityregistry.controllers.CertificateController.java
/** * Returns info about the device identified by the given ID * //from w w w . ja v a2s.c o m * @return a reply... */ @RequestMapping(value = "/api/certificates/crl", method = RequestMethod.GET, produces = "application/x-pem-file;charset=UTF-8") @ResponseBody public ResponseEntity<?> getCRL() { List<Certificate> revokedCerts = this.certificateService.listRevokedCertificate(); X509CRL crl = certUtil.generateCRL(revokedCerts); try { String pemCrl = CertificateUtil.getPemFromEncoded("X509 CRL", crl.getEncoded()); return new ResponseEntity<>(pemCrl, HttpStatus.OK); } catch (CRLException e) { log.error("Unable to get Pem from bytes", e); return new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR); } }
From source file:mitm.common.security.crl.X509CRLBuilderImpl.java
@Override public X509CRL generateCRL(KeyAndCertificate issuer) throws CRLException { Check.notNull(issuer, "issuer"); Check.notNull(issuer.getCertificate(), "issuer#certificate"); Check.notNull(thisUpdate, "thisUpdate"); try {//from ww w .j a va 2 s . c o m X509v2CRLBuilder builder = new X509v2CRLBuilder( X500PrincipalUtils.toX500Name(issuer.getCertificate().getSubjectX500Principal()), thisUpdate); if (CollectionUtils.isNotEmpty(crls)) { for (X509CRL crl : crls) { builder.addCRL(new X509CRLHolder(crl.getEncoded())); } } if (CollectionUtils.isNotEmpty(entries)) { for (Entry entry : entries) { builder.addCRLEntry(entry.serialNumber, entry.revocationDate, entry.reason); } } if (nextUpdate != null) { builder.setNextUpdate(nextUpdate); } return getX509CRL(builder.build(getContentSigner(issuer.getPrivateKey()))); } catch (IllegalStateException e) { throw new CRLException(e); } catch (IOException e) { throw new CRLException(e); } catch (OperatorCreationException e) { throw new CRLException(e); } }
From source file:at.gv.egiz.pdfas.lib.impl.signing.pdfbox.LTVEnabledPADESPDFBOXSigner.java
/** * Adds the "CRLs" dictionary to DSS dictionary as specified in <a href= * "http://www.etsi.org/deliver/etsi_ts%5C102700_102799%5C10277804%5C01.01.02_60%5Cts_10277804v010102p.pdf">PAdES * ETSI TS 102 778-4 v1.1.2, Annex A, "LTV extensions"</a>. * * @param pdDocument// w ww. java 2s. c o m * The pdf document (required; must not be {@code null}). * @param dssDictionary * The DSS dictionary (required; must not be {@code null}). * @param crls * The CRLs (required; must not be {@code null}). * @throws IOException * In case there was an error adding a pdf stream to the document. * @throws CRLException * In case there was an error encoding CRL data. */ private void addDSSCRLs(PDDocument pdDocument, COSDictionary dssDictionary, Iterable<X509CRL> crls) throws IOException, CRLException { final COSName COSNAME_CRLS = COSName.getPDFName("CRLs"); COSArray crlsArray = (COSArray) Objects.requireNonNull(dssDictionary).getDictionaryObject(COSNAME_CRLS); if (crlsArray == null) { log.trace("Adding new DSS/CRLs dictionary."); // add "CRLs" array // "An array of (indirect references to) streams, each containing a BER-encoded Certificate Revocation List (CRL) (see RFC 5280 [7])." crlsArray = new COSArray(); dssDictionary.setItem(COSNAME_CRLS, crlsArray); } crlsArray.setNeedToBeUpdate(true); for (X509CRL crl : crls) { try (InputStream in = new ByteArrayInputStream(crl.getEncoded())) { PDStream pdStream = new PDStream(pdDocument, in); pdStream.addCompression(); crlsArray.add(pdStream); } } }
From source file:eu.europa.esig.dss.DSSUtils.java
public static byte[] getEncoded(X509CRL x509CRL) { try {//from w w w . ja v a 2s. co m final byte[] encoded = x509CRL.getEncoded(); return encoded; } catch (CRLException e) { throw new DSSException(e); } }
From source file:eu.europa.ec.markt.dss.validation.crl.JdbcCacheCRLSource.java
@Override public X509CRL findCrl(X509Certificate certificate, X509Certificate issuerCertificate) throws IOException { OnlineCRLSource source = new OnlineCRLSource(); String crlUrl = source.getCrlUri(certificate); if (crlUrl != null) { try {/*from w w w . j av a 2s. c o m*/ MessageDigest digest = MessageDigest.getInstance(DigestAlgorithm.SHA1.getName()); String key = Hex.encodeHexString(digest.digest(crlUrl.getBytes())); List<CachedCRL> crls = getJdbcTemplate().query("SELECT * FROM CACHED_CRL WHERE ID = ?", new Object[] { key }, new RowMapper<CachedCRL>() { @Override public CachedCRL mapRow(ResultSet rs, int rowNum) throws SQLException { CachedCRL cached = new CachedCRL(); cached.setKey(rs.getString("ID")); cached.setCrl(rs.getBytes("DATA")); return cached; } }); if (crls.size() == 0) { LOG.info("CRL not in cache"); X509CRL originalCRL = cachedSource.findCrl(certificate, issuerCertificate); if (originalCRL != null) { getJdbcTemplate().update("INSERT INTO CACHED_CRL (ID, DATA) VALUES (?,?) ", key, originalCRL.getEncoded()); return originalCRL; } else { return null; } } CachedCRL crl = crls.get(0); CertificateFactory factory = CertificateFactory.getInstance("X509"); X509CRL x509crl = (X509CRL) factory.generateCRL(new ByteArrayInputStream(crl.getCrl())); if (x509crl.getNextUpdate().after(new Date())) { LOG.fine("CRL in cache"); return x509crl; } else { LOG.info("CRL expired"); X509CRL originalCRL = cachedSource.findCrl(certificate, issuerCertificate); getJdbcTemplate().update("UPDATE CACHED_CRL SET DATA = ? WHERE ID = ? ", originalCRL.getEncoded(), key); return originalCRL; } } catch (NoSuchAlgorithmException e) { LOG.info("Cannot instantiate digest for algorithm SHA1 !?"); } catch (CRLException e) { LOG.info("Cannot serialize CRL"); } catch (CertificateException e) { LOG.info("Cannot instanciate X509 Factory"); } } return null; }