revokedCRLEntry.getRevocationDate().compareTo(signDate) <= 0) crlDistributionPointsURL + " on " + revokedCRLEntry.getRevocationDate(), revokedCRLEntry.getRevocationDate()); crlDistributionPointsURL + " on " + revokedCRLEntry.getRevocationDate());
X509CRLEntry entry = (X509CRLEntry) entries.get(i); if (serialN.equals(entry.getSerialNumber())) { X500Principal iss = entry.getCertificateIssuer(); if (serialN.equals(entry.getSerialNumber())) { return entry;
/** * Returns the hashcode of this instance. * * @return the hashcode of this instance. */ public int hashCode() { int res = 0; try { byte[] array = getEncoded(); for (int i=0; i<array.length; i++) { res += array[i] & 0xFF; } } catch (CRLException e) { } return res; }
X500Principal certIssuer = crl_entry.getCertificateIssuer(); if (crl_entry.hasExtensions()) if (!(validDate.getTime() < crl_entry.getRevocationDate().getTime()) || reasonCode == null || reasonCode.getValue().intValue() == 0 certStatus.setRevocationDate(crl_entry.getRevocationDate());
+ childCertificate.getSubjectX500Principal()); return TrustLinkerResult.TRUSTED; } else if (crlEntry.getRevocationDate().after(validationDate)) { LOG.debug("CRL OK for: " + childCertificate.getSubjectX500Principal() + " at " + crlEntry.getRevocationDate()); if (crlEntry.hasExtensions()) { LOG.debug("critical extensions: " + crlEntry.getCriticalExtensionOIDs()); LOG.debug("non-critical extensions: " + crlEntry.getNonCriticalExtensionOIDs()); byte[] reasonCodeExtension = crlEntry .getExtensionValue(Extension.reasonCode.getId()); if (null != reasonCodeExtension) { try { TrustLinkerResultReason.INVALID_REVOCATION_STATUS, "certificate suspended by CRL=" + crlEntry.getSerialNumber()); "certificate revoked by CRL=" + crlEntry.getSerialNumber());
if (crl_entry.hasExtensions()) if (!validDate.before(crl_entry.getRevocationDate())) new Object[] {new TrustedInput(crl_entry.getRevocationDate()),ls}); throw new CertPathReviewerException(msg); new Object[] {new TrustedInput(crl_entry.getRevocationDate()),ls}); addNotification(msg,index);
@Test public void retrieveRevocationInfo() throws IOException { try (InputStream fis = CRLParserTest.class.getResourceAsStream("/LTGRCA.crl"); BufferedInputStream is = new BufferedInputStream(fis)) { BigInteger serialNumber = new BigInteger("5203"); X509CRLEntry entry = parser.retrieveRevocationInfo(fis, serialNumber); assertNotNull(entry); assertNotNull(entry.getRevocationDate()); assertNotNull(entry.getRevocationReason()); assertNotNull(entry.getSerialNumber()); assertEquals(serialNumber, entry.getSerialNumber()); } }
for (X509CRLEntry revokedCertificate : revokedCertificates) { X500Principal certificateIssuer = revokedCertificate .getCertificateIssuer(); String issuerName; if (null == certificateIssuer) { issuerName = certificateIssuer.toString(); BigInteger serialNumber = revokedCertificate.getSerialNumber(); Date revocationDate = revokedCertificate.getRevocationDate();
/** * Instantiates a new revoked certificate exception. * * @param entry the entry */ public RevokedCertificateException(final X509CRLEntry entry) { this(entry.getRevocationDate(), entry.getSerialNumber(), getReasonFromX509Entry(entry)); }
private void crlEntrySelection() { int row = jtRevokedCerts.getSelectedRow(); if (row != -1) { BigInteger serialNumber = (BigInteger) jtRevokedCerts.getValueAt(row, 0); Set<?> revokedCertsSet = crl.getRevokedCertificates(); X509CRLEntry x509CrlEntry = null; for (Iterator<?> itr = revokedCertsSet.iterator(); itr.hasNext();) { X509CRLEntry entry = (X509CRLEntry) itr.next(); if (serialNumber.equals(entry.getSerialNumber())) { x509CrlEntry = entry; break; } } if (x509CrlEntry.hasExtensions()) { jbCrlEntryExtensions.setEnabled(true); return; } } jbCrlEntryExtensions.setEnabled(false); }
/** * Cache the hashCode value - calculating it with the standard method. * @return calculated hashCode. */ public int hashCode() { if (!isHashValueSet) { hashValue = super.hashCode(); isHashValueSet = true; } return hashValue; }
/** * Get reason from the x509 entry. * @param entry the entry * @return reason or null */ private static Reason getReasonFromX509Entry(final X509CRLEntry entry) { if (entry.hasExtensions()) { try { final int code = Integer.parseInt( new String(entry.getExtensionValue(CRL_REASON_OID), "ASCII")); if (code < Reason.values().length) { return Reason.fromCode(code); } } catch (final Exception e) { LOGGER.trace("An exception occurred when resolving extension value: {}", e.getMessage()); } } return null; }
/** * @param certificateToken * the {@code CertificateToken} which is managed by this CRL. */ private void setRevocationStatus(final CertificateToken certificateToken) { final X500Principal issuerToken = certificateToken.getIssuerX500Principal(); CertificateToken crlSigner = crlValidity.getIssuerToken(); X500Principal crlSignerSubject = null; if (crlSigner != null) { crlSignerSubject = crlSigner.getSubjectX500Principal(); } if (!DSSUtils.x500PrincipalAreEquals(issuerToken, crlSignerSubject)) { if (!crlValidity.isSignatureIntact()) { throw new DSSException(crlValidity.getSignatureInvalidityReason()); } throw new DSSException("The CRLToken is not signed by the same issuer as the CertificateToken to be verified!"); } final BigInteger serialNumber = certificateToken.getSerialNumber(); X509CRLEntry crlEntry = CRLUtils.getRevocationInfo(crlValidity, serialNumber); status = null == crlEntry; if (!status) { revocationDate = crlEntry.getRevocationDate(); CRLReason revocationReason = crlEntry.getRevocationReason(); if (revocationReason != null) { reason = CRLReasonEnum.fromInt(revocationReason.ordinal()); } } }
/** * Method searches for CRL entry with specified serial number. * The method will search only certificate issued by CRL's issuer. * @see java.security.cert.X509CRL#getRevokedCertificate(BigInteger) * method documentation for more info */ public X509CRLEntry getRevokedCertificate(BigInteger serialNumber) { if (!entriesRetrieved) { retrieveEntries(); } if (entries == null) { return null; } for (int i=0; i<nonIndirectEntriesSize; i++) { X509CRLEntry entry = (X509CRLEntry) entries.get(i); if (serialNumber.equals(entry.getSerialNumber())) { return entry; } } return null; }
/** * This method returns the reason of the revocation of the certificate extracted from the given CRL. * * @param crlEntry An object for a revoked certificate in a CRL (Certificate Revocation List). * @return * @throws DSSException */ public static String getRevocationReason(final X509CRLEntry crlEntry) throws DSSException { final String reasonId = Extension.reasonCode.getId(); final byte[] extensionBytes = crlEntry.getExtensionValue(reasonId); try { final ASN1Primitive asn1Primitive = X509ExtensionUtil.fromExtensionValue(extensionBytes); final ASN1Enumerated asn1Enumerated = ASN1Enumerated.getInstance(asn1Primitive); final CRLReason reason = CRLReason.getInstance(asn1Enumerated); return reason.toString(); } catch (IOException e) { throw new DSSException(e); } }
X500Principal certIssuer = crl_entry.getCertificateIssuer(); if (crl_entry.hasExtensions()) if (!(validDate.getTime() < crl_entry.getRevocationDate().getTime()) || reasonCode == null || reasonCode.getValue().intValue() == 0 certStatus.setRevocationDate(crl_entry.getRevocationDate());
if (crl_entry.hasExtensions()) if (!validDate.before(crl_entry.getRevocationDate())) new Object[] {new TrustedInput(crl_entry.getRevocationDate()),ls}); throw new CertPathReviewerException(msg); new Object[] {new TrustedInput(crl_entry.getRevocationDate()),ls}); addNotification(msg,index);
@Test public void retrieveRevocationInfoMedium() throws IOException { try (InputStream fis = CRLParserTest.class.getResourceAsStream("/http___crl.globalsign.com_gs_gspersonalsign2sha2g2.crl")) { BigInteger serialNumber = new BigInteger("288350169419475868349393253038503091234"); X509CRLEntry entry = parser.retrieveRevocationInfo(fis, serialNumber); assertNotNull(entry); assertNotNull(entry.getRevocationDate()); assertNull(entry.getRevocationReason()); assertNotNull(entry.getSerialNumber()); assertEquals(serialNumber, entry.getSerialNumber()); } }
for (X509CRLEntry revokedCertificate : revokedCertificates) { X500Principal certificateIssuer = revokedCertificate .getCertificateIssuer(); String issuerName; if (null == certificateIssuer) { issuerName = certificateIssuer.toString(); BigInteger serialNumber = revokedCertificate.getSerialNumber(); Date revocationDate = revokedCertificate.getRevocationDate();
/** * Instantiates a new revoked certificate exception. * * @param entry the entry */ public RevokedCertificateException(final X509CRLEntry entry) { this(DateTimeUtils.zonedDateTimeOf(entry.getRevocationDate()), entry.getSerialNumber(), getReasonFromX509Entry(entry)); }