List of usage examples for java.security.cert X509CRLEntry getSerialNumber
public abstract BigInteger getSerialNumber();
From source file:MainClass.java
public static void main(String[] args) throws Exception { CertificateFactory cf = CertificateFactory.getInstance("X.509"); FileInputStream in = new FileInputStream(args[0]); X509CRL crl = (X509CRL) cf.generateCRL(in); Set s = crl.getRevokedCertificates(); if (s != null && s.isEmpty() == false) { Iterator t = s.iterator(); while (t.hasNext()) { X509CRLEntry entry = (X509CRLEntry) t.next(); System.out.println("serial number = " + entry.getSerialNumber().toString(16)); System.out.println("revocation date = " + entry.getRevocationDate()); System.out.println("extensions = " + entry.hasExtensions()); }/*www. j av a 2s .c o m*/ } in.close(); }
From source file:mitm.common.security.crl.X509CRLEntryInspector.java
/** * Returns the serial number of the entry as a hex string. If serial number is * missing (should never occur) an empty string is returned. *//*from w w w. j a v a 2s .c o m*/ public static String getSerialNumberHex(X509CRLEntry crlEntry) { return BigIntegerUtils.hexEncode(crlEntry.getSerialNumber(), ""); }
From source file:be.fedict.trust.service.dao.bean.CertificateAuthorityDAOBean.java
public void updateRevokedCertificates(Set<X509CRLEntry> revokedCertificates, BigInteger crlNumber, X500Principal crlIssuer, Map<String, RevokedCertificateEntity> revokedCertificatesMap) { LOG.debug("Update " + revokedCertificates.size() + " revoked certificates (crlNumber=" + crlNumber + ")"); for (X509CRLEntry revokedCertificate : revokedCertificates) { X500Principal certificateIssuer = revokedCertificate.getCertificateIssuer(); String issuerName;/*w w w . jav a 2 s . co m*/ if (null == certificateIssuer) { issuerName = crlIssuer.toString(); } else { issuerName = certificateIssuer.toString(); } BigInteger serialNumber = revokedCertificate.getSerialNumber(); Date revocationDate = revokedCertificate.getRevocationDate(); // lookup RevokedCertificateEntity revokedCertificateEntity = revokedCertificatesMap.get(serialNumber.toString()); if (null != revokedCertificateEntity) { // already exists, update revocationDate and crl number revokedCertificateEntity.setRevocationDate(revocationDate); revokedCertificateEntity.setCrlNumber(crlNumber); } else { // don't exist yet, add this.entityManager .persist(new RevokedCertificateEntity(issuerName, serialNumber, revocationDate, crlNumber)); } } }
From source file:be.fedict.trust.service.dao.bean.CertificateAuthorityDAOBean.java
@TransactionAttribute(TransactionAttributeType.REQUIRES_NEW) public void updateRevokedCertificates(Set<X509CRLEntry> revokedCertificates, BigInteger crlNumber, X500Principal crlIssuer) { LOG.debug("Update " + revokedCertificates.size() + " revoked certificates (crlNumber=" + crlNumber + ")"); for (X509CRLEntry revokedCertificate : revokedCertificates) { X500Principal certificateIssuer = revokedCertificate.getCertificateIssuer(); String issuerName;//from w ww . j av a 2 s . c o m if (null == certificateIssuer) { issuerName = crlIssuer.toString(); } else { issuerName = certificateIssuer.toString(); } BigInteger serialNumber = revokedCertificate.getSerialNumber(); Date revocationDate = revokedCertificate.getRevocationDate(); // lookup RevokedCertificateEntity revokedCertificateEntity = this.entityManager.find( RevokedCertificateEntity.class, new RevokedCertificatePK(issuerName, serialNumber.toString())); if (null != revokedCertificateEntity) { // already exists, update revocationDate and crl number revokedCertificateEntity.setRevocationDate(revocationDate); revokedCertificateEntity.setCrlNumber(crlNumber); } else { // don't exist yet, add this.entityManager .persist(new RevokedCertificateEntity(issuerName, serialNumber, revocationDate, crlNumber)); } } }
From source file:be.fedict.trust.crl.CrlTrustLinker.java
private TrustLinkerResult processCrl(URI crlUri, X509Certificate childCertificate, X509Certificate certificate, Date validationDate, RevocationData revocationData, BigInteger baseCrlNumber) { LOG.debug("CRL URI: " + crlUri); X509CRL x509crl = this.crlRepository.findCrl(crlUri, certificate, validationDate); if (null == x509crl) { return null; }// w w w. j a v a2 s . co m // check CRL integrity boolean crlIntegrityResult = checkCrlIntegrity(x509crl, certificate, validationDate); if (false == crlIntegrityResult) { return null; } // check CRL signature TrustLinkerResult trustResult = TrustValidator.checkSignatureAlgorithm(x509crl.getSigAlgName()); if (!trustResult.isValid()) { return trustResult; } // we don't support indirect CRLs if (isIndirectCRL(x509crl)) { LOG.debug("indirect CRL detected"); return null; } LOG.debug("CRL number: " + getCrlNumber(x509crl)); // check delta CRL indicator against completeCrlNuber if (null != baseCrlNumber) { BigInteger crlNumber = getDeltaCrlIndicator(x509crl); if (!baseCrlNumber.equals(crlNumber)) { LOG.error("Delta CRL indicator (" + crlNumber + ") not equals base CRL number(" + baseCrlNumber + ")"); return null; } } // fill up revocation data if not null with this valid CRL if (null != revocationData) { try { revocationData.getCrlRevocationData().add(new CRLRevocationData(x509crl.getEncoded())); } catch (CRLException e) { LOG.error("CRLException: " + e.getMessage(), e); throw new RuntimeException("CRLException : " + e.getMessage(), e); } } boolean revoked = true; X509CRLEntry crlEntry = x509crl.getRevokedCertificate(childCertificate.getSerialNumber()); if (null == crlEntry) { LOG.debug("CRL OK for: " + childCertificate.getSubjectX500Principal()); revoked = false; } else if (crlEntry.getRevocationDate().after(validationDate)) { LOG.debug("CRL OK for: " + childCertificate.getSubjectX500Principal() + " at " + validationDate); revoked = false; } if (null != x509crl.getExtensionValue(X509Extensions.DeltaCRLIndicator.getId())) { // Delta CRL if (!revoked) return null; } else { // Base CRL, look for delta's List<URI> deltaCrlUris = getDeltaCrlUris(x509crl); if (null != deltaCrlUris) { for (URI deltaCrlUri : deltaCrlUris) { LOG.debug("delta CRL: " + deltaCrlUri.toString()); TrustLinkerResult result = processCrl(deltaCrlUri, childCertificate, certificate, validationDate, revocationData, getCrlNumber(x509crl)); if (null != result) return result; } } } if (!revoked) return new TrustLinkerResult(true); return new TrustLinkerResult(false, TrustLinkerResultReason.INVALID_REVOCATION_STATUS, "certificate revoked by CRL=" + crlEntry.getSerialNumber()); }
From source file:org.candlepin.CRLBenchmark.java
@Benchmark
@Fork(value = 1, jvmArgsAppend = { "-Xloggc:gc_in_memory.log", "-verbose:gc", "-XX:+PrintGCDetails",
"-XX:+PrintGCTimeStamps" })
public void inMemory() {
InputStream stream = null;// w ww . ja v a 2s. co m
try {
List<BigInteger> l = new LinkedList<BigInteger>();
stream = new BufferedInputStream(new FileInputStream(crlFile));
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509CRL crl = (X509CRL) cf.generateCRL(stream);
for (X509CRLEntry entry : crl.getRevokedCertificates()) {
l.add(entry.getSerialNumber());
}
if (!"1999999".equals(l.get(1999999).toString())) {
throw new RuntimeException("CRL list read in is incorrect");
} else {
System.out.println("Read " + l.size() + " entries");
}
} catch (Exception e) {
e.printStackTrace();
} finally {
if (stream != null) {
try {
stream.close();
} catch (IOException e) {
e.printStackTrace();
}
}
}
}
From source file:org.candlepin.util.X509CRLEntryStreamTest.java
@Test public void testIterateOverSerials() throws Exception { InputStream referenceStream = new FileInputStream(derFile); CertificateFactory cf = CertificateFactory.getInstance("X.509"); X509CRL referenceCrl = (X509CRL) cf.generateCRL(referenceStream); Set<BigInteger> referenceSerials = new HashSet<BigInteger>(); for (X509CRLEntry entry : referenceCrl.getRevokedCertificates()) { referenceSerials.add(entry.getSerialNumber()); }// w w w . j a va 2 s. c om X509CRLEntryStream stream = new X509CRLEntryStream(derFile); try { Set<BigInteger> streamedSerials = new HashSet<BigInteger>(); while (stream.hasNext()) { streamedSerials.add(stream.next().getSerialNumber()); } assertEquals(referenceSerials, streamedSerials); } finally { referenceStream.close(); stream.close(); } }
From source file:org.candlepin.util.X509CRLEntryStreamTest.java
@Test public void testPemReadThroughBase64Stream() throws Exception { /* NB: Base64InputStream only takes base64. The "-----BEGIN X509 CRL-----" and * corresponding footer must be removed. Luckily in Base64InputStream stops the * minute it sees a padding character and our test file has some padding. Thus, * we don't need to worry about removing the footer. If the Base64 file didn't * require padding, I'm not sure what happens so the footer should be removed * somehow for real uses *///from www. j av a 2 s . co m InputStream referenceStream = new BufferedInputStream(new FileInputStream(pemFile)); byte[] header = "-----BEGIN X509 CRL-----".getBytes("ASCII"); Streams.readFully(referenceStream, header); referenceStream = new Base64InputStream(referenceStream); CertificateFactory cf = CertificateFactory.getInstance("X.509"); X509CRL referenceCrl = (X509CRL) cf.generateCRL(referenceStream); Set<BigInteger> referenceSerials = new HashSet<BigInteger>(); for (X509CRLEntry entry : referenceCrl.getRevokedCertificates()) { referenceSerials.add(entry.getSerialNumber()); } X509CRLEntryStream stream = new X509CRLEntryStream(derFile); try { Set<BigInteger> streamedSerials = new HashSet<BigInteger>(); while (stream.hasNext()) { streamedSerials.add(stream.next().getSerialNumber()); } assertEquals(referenceSerials, streamedSerials); } finally { referenceStream.close(); stream.close(); } }
From source file:org.candlepin.util.X509CRLStreamWriterTest.java
@Test public void testHandlesExtensions() throws Exception { File crlToChange = writeCRL(createCRL()); X509CRLStreamWriter stream = new X509CRLStreamWriter(crlToChange, (RSAPrivateKey) keyPair.getPrivate(), (RSAPublicKey) keyPair.getPublic()); stream.preScan(crlToChange).lock();/*w w w .ja v a 2 s . c om*/ OutputStream o = new BufferedOutputStream(new FileOutputStream(outfile)); stream.write(o); o.close(); X509CRL changedCrl = readCRL(); Set<BigInteger> discoveredSerials = new HashSet<BigInteger>(); for (X509CRLEntry entry : changedCrl.getRevokedCertificates()) { discoveredSerials.add(entry.getSerialNumber()); } Set<BigInteger> expected = new HashSet<BigInteger>(); expected.add(new BigInteger("100")); assertEquals(expected, discoveredSerials); }
From source file:org.candlepin.util.X509CRLStreamWriterTest.java
@Test public void testAddEntryToCRL() throws Exception { File crlToChange = writeCRL(createCRL()); File outfile = new File(folder.getRoot(), "new.crl"); X509CRLStreamWriter stream = new X509CRLStreamWriter(crlToChange, (RSAPrivateKey) keyPair.getPrivate(), (RSAPublicKey) keyPair.getPublic()); Set<BigInteger> expected = new HashSet<BigInteger>(); expected.add(new BigInteger("100")); // Add enough items to cause the number of length bytes to change Set<BigInteger> newSerials = new HashSet<BigInteger>(Arrays.asList(new BigInteger("2358215310"), new BigInteger("7231352433"), new BigInteger("8233181205"), new BigInteger("1455615868"), new BigInteger("4323487764"), new BigInteger("6673256679"))); for (BigInteger i : newSerials) { stream.add(i, new Date(), CRLReason.privilegeWithdrawn); expected.add(i);/*from w ww.j ava 2s .com*/ } stream.preScan(crlToChange).lock(); OutputStream o = new BufferedOutputStream(new FileOutputStream(outfile)); stream.write(o); o.close(); X509CRL changedCrl = readCRL(); Set<BigInteger> discoveredSerials = new HashSet<BigInteger>(); for (X509CRLEntry entry : changedCrl.getRevokedCertificates()) { discoveredSerials.add(entry.getSerialNumber()); } assertEquals(expected, discoveredSerials); }