@Override public final CRLToken getRevocationToken(final CertificateToken certificateToken, final CertificateToken issuerToken) { if (certificateToken == null) { throw new NullPointerException(); } final CRLToken validCRLToken = validCRLTokenList.get(certificateToken); if (validCRLToken != null) { validCRLToken.setOrigin(RevocationOrigin.SIGNATURE); return validCRLToken; } if (issuerToken == null) { return null; } final CRLValidity bestCRLValidity = getBestCrlValidity(certificateToken, issuerToken); if (bestCRLValidity == null) { return null; } final CRLToken crlToken = new CRLToken(certificateToken, bestCRLValidity); crlToken.setOrigin(RevocationOrigin.SIGNATURE); validCRLTokenList.put(certificateToken, crlToken); return crlToken; }
@Override public String toString(String indentStr) { StringBuilder out = new StringBuilder(); out.append(indentStr).append("CRLToken[\n"); indentStr += "\t"; out.append(indentStr).append("Production time: ").append(productionDate == null ? "?" : DSSUtils.formatInternal(productionDate)).append('\n'); out.append(indentStr).append("Signature algorithm: ").append(signatureAlgorithm == null ? "?" : signatureAlgorithm).append('\n'); out.append(indentStr).append("Status: ").append(getStatus()).append('\n'); out.append(indentStr).append("Issuer's certificate: ").append(getIssuerX500Principal()).append('\n'); indentStr = indentStr.substring(1); out.append(indentStr).append(']'); return out.toString(); }
/** * The constructor to be used with the certificate which is managed by the * CRL and the {@code CRLValidity}. * * @param certificateToken * the {@code CertificateToken} which is managed by this CRL. * @param crlValidity * {@code CRLValidity} containing the information about the * validity of the CRL */ public CRLToken(final CertificateToken certificateToken, final CRLValidity crlValidity) { if (crlValidity == null) { throw new NullPointerException(); } this.crlValidity = crlValidity; copyCommonValuesFromCRL(); setRevocationStatus(certificateToken); LOG.debug("+CRLToken"); }
@Test public void testOK() throws IOException { FileDocument doc = new FileDocument("src/test/resources/crl/belgium2.crl"); FileDocument caCert = new FileDocument("src/test/resources/belgiumrs2.crt"); FileDocument tsaCert = new FileDocument("src/test/resources/TSA_BE.cer"); try (InputStream crlStream = doc.openStream()) { CRLValidity crlValidity = CRLUtils.isValidCRL(crlStream, DSSUtils.loadCertificate(caCert.openStream())); assertNotNull(crlValidity); assertTrue(crlValidity.isSignatureIntact()); assertTrue(crlValidity.isCrlSignKeyUsage()); assertTrue(crlValidity.isIssuerX509PrincipalMatches()); CRLToken crl = new CRLToken(DSSUtils.loadCertificate(tsaCert.openStream()), crlValidity); assertNotNull(crl); assertNotNull(crl.getAbbreviation()); assertNotNull(crl.getCreationDate()); assertNotNull(crl.getCrlValidity()); assertNotNull(crl.getDSSId()); assertNotNull(crl.getIssuerX500Principal()); assertNotNull(crl.getPublicKeyOfTheSigner()); assertNotNull(crl.getOrigin()); assertNotNull(crl.toString()); assertEquals(crlValidity.getExpiredCertsOnCRL(), crl.getExpiredCertsOnCRL()); assertNull(crl.getCertHash()); assertNull(crl.getArchiveCutOff()); } }
if (storedValidity.getNextUpdate().after(new Date())) { LOG.debug("CRL in cache"); final CRLToken crlToken = new CRLToken(certificateToken, storedValidity); crlToken.setSourceURL(crlUrl); if (crlToken.isValid()) { return crlToken; if ((crlToken != null) && crlToken.isValid()) { if (storedValidity == null) { LOG.info("CRL '{}' not in cache", crlUrl); insertCrlInDb(key, crlToken.getCrlValidity()); } else { LOG.debug("CRL '{}' expired", crlUrl); updateCrlInDb(key, crlToken.getCrlValidity());
final CRLToken crlToken = new CRLToken(certificateToken, crlValidity); crlToken.setSourceURL(dataAndUrl.urlString); crlToken.setAvailable(true); return crlToken; } catch (Exception e) {
@Test(expected = DSSException.class) public void wrongCRLIssuer() throws IOException { FileDocument doc = new FileDocument("src/test/resources/crl/belgium2.crl"); FileDocument tsaCert = new FileDocument("src/test/resources/TSA_BE.cer"); try (InputStream crlStream = doc.openStream()) { CRLValidity crlValidity = CRLUtils.isValidCRL(crlStream, DSSUtils.loadCertificate(tsaCert.openStream())); assertNotNull(crlValidity); assertFalse(crlValidity.isSignatureIntact()); assertFalse(crlValidity.isCrlSignKeyUsage()); assertFalse(crlValidity.isIssuerX509PrincipalMatches()); new CRLToken(DSSUtils.loadCertificate(tsaCert.openStream()), crlValidity); } }
/** * This method returns the DSS abbreviation of the CRLToken. It is used for * debugging purpose. * * @return the DSS abbreviation of the CRLToken */ @Override public String getAbbreviation() { return "CRLToken[" + (productionDate == null ? "?" : DSSUtils.formatInternal(productionDate)) + ", signedBy=" + getIssuerX500Principal() + "]"; }
@Test(expected = DSSException.class) public void wrongCertIssuer() throws IOException { FileDocument doc = new FileDocument("src/test/resources/crl/belgium2.crl"); FileDocument caCert = new FileDocument("src/test/resources/belgiumrs2.crt"); try (InputStream crlStream = doc.openStream()) { CRLValidity crlValidity = CRLUtils.isValidCRL(crlStream, DSSUtils.loadCertificate(caCert.openStream())); assertNotNull(crlValidity); assertTrue(crlValidity.isSignatureIntact()); assertTrue(crlValidity.isCrlSignKeyUsage()); assertTrue(crlValidity.isIssuerX509PrincipalMatches()); new CRLToken(DSSUtils.loadCertificate(caCert.openStream()), crlValidity); } }