@Override public final CRLToken getRevocationToken(final CertificateToken certificateToken, final CertificateToken issuerToken) { if (certificateToken == null) { throw new NullPointerException(); } final CRLToken validCRLToken = validCRLTokenList.get(certificateToken); if (validCRLToken != null) { validCRLToken.setOrigin(RevocationOrigin.SIGNATURE); return validCRLToken; } if (issuerToken == null) { return null; } final CRLValidity bestCRLValidity = getBestCrlValidity(certificateToken, issuerToken); if (bestCRLValidity == null) { return null; } final CRLToken crlToken = new CRLToken(certificateToken, bestCRLValidity); crlToken.setOrigin(RevocationOrigin.SIGNATURE); validCRLTokenList.put(certificateToken, crlToken); return crlToken; }
final CRLToken crlToken = new CRLToken(certificateToken, crlValidity); crlToken.setSourceURL(dataAndUrl.urlString); crlToken.setAvailable(true);
if (storedValidity.getNextUpdate().after(new Date())) { LOG.debug("CRL in cache"); final CRLToken crlToken = new CRLToken(certificateToken, storedValidity); crlToken.setSourceURL(crlUrl); if (crlToken.isValid()) {
@Test(expected = DSSException.class) public void wrongCRLIssuer() throws IOException { FileDocument doc = new FileDocument("src/test/resources/crl/belgium2.crl"); FileDocument tsaCert = new FileDocument("src/test/resources/TSA_BE.cer"); try (InputStream crlStream = doc.openStream()) { CRLValidity crlValidity = CRLUtils.isValidCRL(crlStream, DSSUtils.loadCertificate(tsaCert.openStream())); assertNotNull(crlValidity); assertFalse(crlValidity.isSignatureIntact()); assertFalse(crlValidity.isCrlSignKeyUsage()); assertFalse(crlValidity.isIssuerX509PrincipalMatches()); new CRLToken(DSSUtils.loadCertificate(tsaCert.openStream()), crlValidity); } }
@Test(expected = DSSException.class) public void wrongCertIssuer() throws IOException { FileDocument doc = new FileDocument("src/test/resources/crl/belgium2.crl"); FileDocument caCert = new FileDocument("src/test/resources/belgiumrs2.crt"); try (InputStream crlStream = doc.openStream()) { CRLValidity crlValidity = CRLUtils.isValidCRL(crlStream, DSSUtils.loadCertificate(caCert.openStream())); assertNotNull(crlValidity); assertTrue(crlValidity.isSignatureIntact()); assertTrue(crlValidity.isCrlSignKeyUsage()); assertTrue(crlValidity.isIssuerX509PrincipalMatches()); new CRLToken(DSSUtils.loadCertificate(caCert.openStream()), crlValidity); } }
@Test public void testOK() throws IOException { FileDocument doc = new FileDocument("src/test/resources/crl/belgium2.crl"); FileDocument caCert = new FileDocument("src/test/resources/belgiumrs2.crt"); FileDocument tsaCert = new FileDocument("src/test/resources/TSA_BE.cer"); try (InputStream crlStream = doc.openStream()) { CRLValidity crlValidity = CRLUtils.isValidCRL(crlStream, DSSUtils.loadCertificate(caCert.openStream())); assertNotNull(crlValidity); assertTrue(crlValidity.isSignatureIntact()); assertTrue(crlValidity.isCrlSignKeyUsage()); assertTrue(crlValidity.isIssuerX509PrincipalMatches()); CRLToken crl = new CRLToken(DSSUtils.loadCertificate(tsaCert.openStream()), crlValidity); assertNotNull(crl); assertNotNull(crl.getAbbreviation()); assertNotNull(crl.getCreationDate()); assertNotNull(crl.getCrlValidity()); assertNotNull(crl.getDSSId()); assertNotNull(crl.getIssuerX500Principal()); assertNotNull(crl.getPublicKeyOfTheSigner()); assertNotNull(crl.getOrigin()); assertNotNull(crl.toString()); assertEquals(crlValidity.getExpiredCertsOnCRL(), crl.getExpiredCertsOnCRL()); assertNull(crl.getCertHash()); assertNull(crl.getArchiveCutOff()); } }