Example usage for java.security.cert X509CRLSelector setMinCRLNumber

List of usage examples for java.security.cert X509CRLSelector setMinCRLNumber

Introduction

In this page you can find the example usage for java.security.cert X509CRLSelector setMinCRLNumber.

Prototype

public void setMinCRLNumber(BigInteger minCRL) 

Source Link

Document

Sets the minCRLNumber criterion.

Usage

From source file:mitm.common.security.crl.PKIXRevocationChecker.java

private DeltaCRLStatus getDeltaCRLStatus(X509Certificate targetCertificate, X509CRL deltaCRL,
        PublicKey issuerPublicKey, Date now) throws NoSuchProviderException {
    DeltaCRLStatus status = DeltaCRLStatus.UNKNOWN;

    BigInteger baseCRLNumber;/*  w w  w  . j  a  v a 2  s .  c o  m*/

    try {
        baseCRLNumber = X509CRLInspector.getDeltaIndicator(deltaCRL);
    } catch (IOException e) {
        logger.error("Error getting base CRL number", e);

        return DeltaCRLStatus.UNKNOWN;
    }

    X509CRLSelector crlSelector = new X509CRLSelector();

    /* We need to find a valid base CRL with the same issuer as the delta CRL */
    crlSelector.addIssuer(deltaCRL.getIssuerX500Principal());

    /*
     * we need to find a baseCRL with at least a CRL number specified by the DeltaCRLIndicator in 
     * the delta CRL
     */
    crlSelector.setMinCRLNumber(baseCRLNumber);

    BigInteger deltaCRLNumber = null;

    try {
        deltaCRLNumber = X509CRLInspector.getCRLNumber(deltaCRL);
    } catch (IOException e) {
        logger.error("Error getting CRLNumber extension from the delta CRL.", e);
    }

    if (deltaCRLNumber != null) {
        /*
         * the base CRL we need to find should have a  CRL number less than the delta CRL
         * otherwise it cannot be a base for this delta CRL
         */
        crlSelector.setMaxCRLNumber(deltaCRLNumber.subtract(BigInteger.valueOf(1)));

        List<X509CRL> crls = findCRLs(targetCertificate, crlSelector, issuerPublicKey, now);

        for (X509CRL baseCRL : crls) {
            try {
                if (checkDeltaCRL_6_3_3_b(targetCertificate, deltaCRL, baseCRL)) {
                    status = DeltaCRLStatus.OK;
                    break;
                }
            } catch (IOException e) {
                logger.error("Error executing checkDeltaCRL_6_3_3_b.", e);
                continue;
            }

            if (hasUnsupportedCriticalExtensions(baseCRL)) {
                logger.warn("The base CRL has unsupported critical extensions.");

                status = DeltaCRLStatus.UNSUPPORTED_CRITICAL_EXTENSION;

                continue;
            }
        }
    }

    return status;
}