private void checkCRL(X509Certificate[] chain) throws CertificateException { String crl = option.getCrl(); crl = custom.getFullPath(crl); File file = new File(crl); if (!file.exists()) { return; } CRL[] crls = KeyStoreUtil.createCRL(crl); X509Certificate owner = CertificateUtil.findOwner(chain); for (CRL c : crls) { if (c.isRevoked(owner)) { LOG.error("certificate revoked"); throw new CertificateException("certificate revoked"); } } }
try { String white = option.getCheckCNWhiteFile(); white = custom.getFullPath(white); fis = new FileInputStream(white); reader = new InputStreamReader(fis, StandardCharsets.UTF_8);
public static SSLContext createSSLContext(SSLOption option, SSLCustom custom) { try { String keyStoreName = custom.getFullPath(option.getKeyStore()); KeyManager[] keymanager; if (keyStoreName != null && new File(keyStoreName).exists()) { String trustStoreName = custom.getFullPath(option.getTrustStore()); TrustManager[] trustManager; if (trustStoreName != null && new File(trustStoreName).exists()) {
private static TCPSSLOptions buildTCPSSLOptions(SSLOption sslOption, SSLCustom sslCustom, TCPSSLOptions httpClientOptions) { httpClientOptions.setSsl(true); if (isFileExists(sslCustom.getFullPath(sslOption.getKeyStore()))) { if (STORE_PKCS12.equalsIgnoreCase(sslOption.getKeyStoreType())) { PfxOptions keyPfxOptions = new PfxOptions(); keyPfxOptions.setPath(sslCustom.getFullPath(sslOption.getKeyStore())); keyPfxOptions.setPassword(new String(sslCustom.decode(sslOption.getKeyStoreValue().toCharArray()))); httpClientOptions.setPfxKeyCertOptions(keyPfxOptions); } else if (STORE_JKS.equalsIgnoreCase(sslOption.getKeyStoreType())) { JksOptions keyJksOptions = new JksOptions(); keyJksOptions.setPath(sslCustom.getFullPath(sslOption.getKeyStore())); keyJksOptions.setPassword(new String(sslCustom.decode(sslOption.getKeyStoreValue().toCharArray()))); httpClientOptions.setKeyStoreOptions(keyJksOptions); if (isFileExists(sslCustom.getFullPath(sslOption.getTrustStore()))) { if (STORE_PKCS12.equalsIgnoreCase(sslOption.getTrustStoreType())) { PfxOptions trustPfxOptions = new PfxOptions(); trustPfxOptions.setPath(sslCustom.getFullPath(sslOption.getTrustStore())); trustPfxOptions .setPassword(new String(sslCustom.decode(sslOption.getTrustStoreValue().toCharArray()))); } else if (STORE_JKS.equalsIgnoreCase(sslOption.getTrustStoreType())) { JksOptions trustJksOptions = new JksOptions(); trustJksOptions.setPath(sslCustom.getFullPath(sslOption.getTrustStore())); trustJksOptions .setPassword(new String(sslCustom.decode(sslOption.getTrustStoreValue().toCharArray()))); if (isFileExists(sslCustom.getFullPath(sslOption.getCrl()))) { httpClientOptions.addCrlPath(sslCustom.getFullPath(sslOption.getCrl()));