/** * Gets a CRL from a certificate * @param certificate * @return the CRL or null if there's no CRL available * @throws CertificateException * @throws CRLException * @throws IOException */ public static CRL getCRL(X509Certificate certificate) throws CertificateException, CRLException, IOException { return CertificateUtil.getCRL(CertificateUtil.getCRLURL(certificate)); }
ASN1Primitive obj; try { obj = getExtensionValue(certificate, Extension.authorityInfoAccess.getId()); if (obj == null) { return null; if (SecurityIDs.ID_OCSP.equals(id.getId())) { ASN1Primitive description = (ASN1Primitive)AccessDescription.getObjectAt(1); String AccessLocation = getStringFromGeneralName(description); if (AccessLocation == null) { return "" ;
/** * Fetches a CRL for a specific certificate online (without further checking). * @param signCert the certificate * @param issuerCert its issuer * @return an X509CRL object */ public X509CRL getCRL(X509Certificate signCert, X509Certificate issuerCert) { if (issuerCert == null) issuerCert = signCert; try { // gets the URL from the certificate String crlurl = CertificateUtil.getCRLURL(signCert); if (crlurl == null) return null; LOGGER.info("Getting CRL from " + crlurl); CertificateFactory cf = CertificateFactory.getInstance("X.509"); // Creates the CRL return (X509CRL) cf.generateCRL(new URL(crlurl).openStream()); } catch(IOException e) { return null; } catch(GeneralSecurityException e) { return null; } }
/** * Gets the URL of the TSA if it's available on the certificate * @param certificate a certificate * @return a TSA URL * @throws IOException */ public static String getTSAURL(X509Certificate certificate) { byte der[] = certificate.getExtensionValue(SecurityIDs.ID_TSA); if(der == null) return null; ASN1Primitive asn1obj; try { asn1obj = ASN1Primitive.fromByteArray(der); DEROctetString octets = (DEROctetString)asn1obj; asn1obj = ASN1Primitive.fromByteArray(octets.getOctets()); ASN1Sequence asn1seq = ASN1Sequence.getInstance(asn1obj); return getStringFromGeneralName(asn1seq.getObjectAt(1).toASN1Primitive()); } catch (IOException e) { return null; } }
private OCSPResp getOcspResponse(X509Certificate checkCert, X509Certificate rootCert, String url) throws GeneralSecurityException, OCSPException, IOException, OperatorException { if (checkCert == null || rootCert == null) return null; if (url == null) { url = CertificateUtil.getOCSPURL(checkCert); } if (url == null) return null; LOGGER.info("Getting OCSP from " + url); OCSPReq request = generateOCSPRequest(rootCert, checkCert.getSerialNumber()); byte[] array = request.getEncoded(); URL urlt = new URL(url); HttpURLConnection con = (HttpURLConnection) urlt.openConnection(); con.setRequestProperty("Content-Type", "application/ocsp-request"); con.setRequestProperty("Accept", "application/ocsp-response"); con.setDoOutput(true); OutputStream out = con.getOutputStream(); DataOutputStream dataOut = new DataOutputStream(new BufferedOutputStream(out)); dataOut.write(array); dataOut.flush(); dataOut.close(); if (con.getResponseCode() / 100 != 2) { throw new IOException(MessageLocalization.getComposedMessage("invalid.http.response.1", con.getResponseCode())); } //Get Response InputStream in = (InputStream) con.getContent(); return new OCSPResp(StreamUtil.inputStreamToArray(in)); } }
ASN1Primitive obj; try { obj = getExtensionValue(certificate, Extension.cRLDistributionPoints.getId()); } catch (IOException e) { obj = null;
CRL crl; try { crl = CertificateUtil.getCRL(responderCert); } catch (Exception ignored) { crl = null;
ASN1Primitive obj; try { obj = getExtensionValue(certificate, Extension.authorityInfoAccess.getId()); if (obj == null) { return null; if (SecurityIDs.ID_OCSP.equals(id.getId())) { ASN1Primitive description = (ASN1Primitive)AccessDescription.getObjectAt(1); String AccessLocation = getStringFromGeneralName(description); if (AccessLocation == null) { return "" ;
/** * Fetches a CRL for a specific certificate online (without further checking). * @param signCert the certificate * @param issuerCert its issuer * @return an X509CRL object */ public X509CRL getCRL(X509Certificate signCert, X509Certificate issuerCert) { if (issuerCert == null) issuerCert = signCert; try { // gets the URL from the certificate String crlurl = CertificateUtil.getCRLURL(signCert); if (crlurl == null) return null; LOGGER.info("Getting CRL from " + crlurl); CertificateFactory cf = CertificateFactory.getInstance("X.509"); // Creates the CRL return (X509CRL) cf.generateCRL(new URL(crlurl).openStream()); } catch(IOException e) { return null; } catch(GeneralSecurityException e) { return null; } }
/** * Gets the URL of the TSA if it's available on the certificate * @param certificate a certificate * @return a TSA URL * @throws IOException */ public static String getTSAURL(X509Certificate certificate) { byte der[] = certificate.getExtensionValue(SecurityIDs.ID_TSA); if(der == null) return null; ASN1Primitive asn1obj; try { asn1obj = ASN1Primitive.fromByteArray(der); DEROctetString octets = (DEROctetString)asn1obj; asn1obj = ASN1Primitive.fromByteArray(octets.getOctets()); ASN1Sequence asn1seq = ASN1Sequence.getInstance(asn1obj); return getStringFromGeneralName(asn1seq.getObjectAt(1).toASN1Primitive()); } catch (IOException e) { return null; } }
private OCSPResp getOcspResponse(X509Certificate checkCert, X509Certificate rootCert, String url) throws GeneralSecurityException, OCSPException, IOException, OperatorException { if (checkCert == null || rootCert == null) return null; if (url == null) { url = CertificateUtil.getOCSPURL(checkCert); } if (url == null) return null; LOGGER.info("Getting OCSP from " + url); OCSPReq request = generateOCSPRequest(rootCert, checkCert.getSerialNumber()); byte[] array = request.getEncoded(); URL urlt = new URL(url); HttpURLConnection con = (HttpURLConnection) urlt.openConnection(); con.setRequestProperty("Content-Type", "application/ocsp-request"); con.setRequestProperty("Accept", "application/ocsp-response"); con.setDoOutput(true); OutputStream out = con.getOutputStream(); DataOutputStream dataOut = new DataOutputStream(new BufferedOutputStream(out)); dataOut.write(array); dataOut.flush(); dataOut.close(); if (con.getResponseCode() / 100 != 2) { throw new IOException(MessageLocalization.getComposedMessage("invalid.http.response.1", con.getResponseCode())); } //Get Response InputStream in = (InputStream) con.getContent(); return new OCSPResp(StreamUtil.inputStreamToArray(in)); } }
ASN1Primitive obj; try { obj = getExtensionValue(certificate, Extension.cRLDistributionPoints.getId()); } catch (IOException e) { obj = null;
CRL crl; try { crl = CertificateUtil.getCRL(responderCert); } catch (Exception ignored) { crl = null;
/** * Gets a CRL from a certificate * @param certificate * @return the CRL or null if there's no CRL available * @throws CertificateException * @throws CRLException * @throws IOException */ public static CRL getCRL(X509Certificate certificate) throws CertificateException, CRLException, IOException { return CertificateUtil.getCRL(CertificateUtil.getCRLURL(certificate)); }
/** * Creates a CrlClientOnline instance using a certificate chain. */ public CrlClientOnline(Certificate[] chain) { for (int i = 0; i < chain.length; i++) { X509Certificate cert = (X509Certificate)chain[i]; LOGGER.info("Checking certificate: " + cert.getSubjectDN()); try { addUrl(CertificateUtil.getCRLURL(cert)); } catch (CertificateParsingException e) { LOGGER.info("Skipped CRL url (certificate could not be parsed)"); } } }
/** * Creates a CrlClientOnline instance using a certificate chain. */ public CrlClientOnline(Certificate[] chain) { for (int i = 0; i < chain.length; i++) { X509Certificate cert = (X509Certificate)chain[i]; LOGGER.info("Checking certificate: " + cert.getSubjectDN()); try { addUrl(CertificateUtil.getCRLURL(cert)); } catch (CertificateParsingException e) { LOGGER.info("Skipped CRL url (certificate could not be parsed)"); } } }
try { if (url == null) url = CertificateUtil.getCRLURL(checkCert); if (url == null) throw new NullPointerException();
try { if (url == null) url = CertificateUtil.getCRLURL(checkCert); if (url == null) throw new NullPointerException();