public boolean isRevoked ( final X509Certificate cert ) { for ( final X509CRL crl : this.crls ) { if ( crl.isRevoked ( cert ) ) { return true; } } return false; }
private RevocationStatus getRevocationStatus(X509CRL x509CRL, X509Certificate peerCert) { if (x509CRL.isRevoked(peerCert)) { return RevocationStatus.REVOKED; } else { return RevocationStatus.GOOD; } }
public boolean isRevoked ( final X509Certificate cert ) { for ( final X509CRL crl : this.crls ) { if ( crl.isRevoked ( cert ) ) { return true; } } return false; }
private RevocationStatus getRevocationStatus(X509CRL x509CRL, X509Certificate peerCert) { if (x509CRL.isRevoked(peerCert)) { return RevocationStatus.REVOKED; } else { return RevocationStatus.GOOD; } }
@Override public boolean isRevoked(Certificate cert) { X509CRL crl = this.crl; if (crl != null) { return crl.isRevoked(cert); } else { return false; } }
/** * Given a certificate revocation list and certificate, * test if the certificate has been revoked. * * Note that if the certificate and CRL have different issuers, * {@code false} will be returned even if the certificate's * serial number is on the CRL (i.e. previously revoked). * * @param crl The certificate revocation list to check * @param certificate The certificate to check * @return {@code true} if the certificate is on the revocation list, {@code false} otherwise. * @see #revoke * @see #generateCRL */ public static boolean isRevoked(X509CRL crl, X509Certificate certificate) { return crl.isRevoked(certificate); }
/** * Given a certificate revocation list and certificate, * test if the certificate has been revoked. * * Note that if the certificate and CRL have different issuers, * {@code false} will be returned even if the certificate's * serial number is on the CRL (i.e. previously revoked). * * @param crl The certificate revocation list to check * @param certificate The certificate to check * @return {@code true} if the certificate is on the revocation list, {@code false} otherwise. * @see #revoke * @see #generateCRL */ public static boolean isRevoked(X509CRL crl, X509Certificate certificate) { return crl.isRevoked(certificate); }
private void checkCRL(X509Certificate[] certs) throws CertificateException { for (X509Certificate cert : certs) { for (X509CRL crl : crls) { if (crl.isRevoked(cert)) { throw new CertificateException("Certificate not trusted per the CRL"); } } } }
public static void verifyCertificateCRLs(X509Certificate cert) throws CertificateException { try { List<String> crlDistPoints = getCrlDistributionPoints(cert); for (String crlDP : crlDistPoints) { X509CRL crl = downloadCRL(crlDP); if (crl.isRevoked(cert)) { throw new CertificateException("The certificate is revoked by CRL: " + crlDP); } } } catch (Exception ex) { if (ex instanceof CertificateException) { throw (CertificateException) ex; } else { throw new CertificateException("Can not verify CRL for certificate: " + cert.getSubjectX500Principal()); } } }
private boolean isRevoked(Cert cert) { Set<X509CRL> crls = store.getRevocationLists(); for(X509CRL crl : crls){ if(crl.isRevoked(cert.getCertificate())){ return true; } } return false; }
@Override public void validate(X509Certificate x509) throws CertificateValidatorException { Collection<ICPBR_CRL> crls = crlRepository.getX509CRL(x509); if (crls == null || crls.isEmpty()) { throw new CertificateValidatorException("Não foi possível verificar se o certificado está Revogado. Nenhuma lista válida foi encontrada."); } for (ICPBR_CRL icpbr_crl : crls) { if (icpbr_crl.getCRL().isRevoked(x509)) { throw new CertificateValidatorException("Certificado Revogado"); } } } }
@Override public void validate(X509Certificate x509) throws CertificateValidatorException { Collection<ICPBR_CRL> crls = crlRepository.getX509CRL(x509); if (crls == null || crls.isEmpty()) { throw new CertificateValidatorException("Não foi possível verificar se o certificado está Revogado. Nenhuma lista válida foi encontrada."); } for (ICPBR_CRL icpbr_crl : crls) { if (icpbr_crl.getCRL().isRevoked(x509)) { throw new CertificateValidatorException("Certificado Revogado"); } } } }
/** * Check if given certificate is revoked looking on it's CRL (if exist). * @param cert which is validated * @return true if certificate is revoked, false if it isn't or CRL cannot be accessed (because it might not exist). */ public boolean checkRevocation(X509Certificate cert) { boolean revoked = false; try { SparkTrustManager man = new SparkTrustManager(); Collection<X509CRL> crls = man.loadCRL(new X509Certificate[] { cert }); CertificateFactory cf = CertificateFactory.getInstance("X.509"); for (X509CRL crl : crls) { if (crl.isRevoked(cert)) { revoked = true; break; } } } catch (CRLException | CertificateException | IOException | InvalidAlgorithmParameterException | NoSuchAlgorithmException | CertStoreException e) { Log.warning("Cannot check validity", e); } return revoked; }
/** * Verifies a certificate against a single CRL. * @param crl the Certificate Revocation List * @param signCert a certificate that needs to be verified * @param issuerCert its issuer * @param signDate the sign date * @return true if the verification succeeded * @throws GeneralSecurityException */ public boolean verify(X509CRL crl, X509Certificate signCert, X509Certificate issuerCert, Date signDate) throws GeneralSecurityException { if (crl == null || signDate == null) return false; // We only check CRLs valid on the signing date for which the issuer matches if (crl.getIssuerX500Principal().equals(signCert.getIssuerX500Principal()) && signDate.after(crl.getThisUpdate()) && signDate.before(crl.getNextUpdate())) { // the signing certificate may not be revoked if (isSignatureValid(crl, issuerCert) && crl.isRevoked(signCert)) { throw new VerificationException(signCert, "The certificate has been revoked."); } return true; } return false; }
/** * Verifies a certificate against a single CRL. * @param crl the Certificate Revocation List * @param signCert a certificate that needs to be verified * @param issuerCert its issuer * @param signDate the sign date * @return true if the verification succeeded * @throws GeneralSecurityException */ public boolean verify(X509CRL crl, X509Certificate signCert, X509Certificate issuerCert, Date signDate) throws GeneralSecurityException { if (crl == null || signDate == SignUtils.UNDEFINED_TIMESTAMP_DATE) return false; // We only check CRLs valid on the signing date for which the issuer matches if (crl.getIssuerX500Principal().equals(signCert.getIssuerX500Principal()) && signDate.after(crl.getThisUpdate()) && signDate.before(crl.getNextUpdate())) { // the signing certificate may not be revoked if (isSignatureValid(crl, issuerCert) && crl.isRevoked(signCert)) { throw new VerificationException(signCert, "The certificate has been revoked."); } return true; } return false; }
/** * Verifies a certificate against a single CRL. * @param crl the Certificate Revocation List * @param signCert a certificate that needs to be verified * @param issuerCert its issuer * @param signDate the sign date * @return true if the verification succeeded * @throws GeneralSecurityException */ public boolean verify(X509CRL crl, X509Certificate signCert, X509Certificate issuerCert, Date signDate) throws GeneralSecurityException { if (crl == null || signDate == SignUtils.UNDEFINED_TIMESTAMP_DATE) return false; // We only check CRLs valid on the signing date for which the issuer matches if (crl.getIssuerX500Principal().equals(signCert.getIssuerX500Principal()) && signDate.after(crl.getThisUpdate()) && signDate.before(crl.getNextUpdate())) { // the signing certificate may not be revoked if (isSignatureValid(crl, issuerCert) && crl.isRevoked(signCert)) { throw new VerificationException(signCert, "The certificate has been revoked."); } return true; } return false; }
/** * Verifies a certificate against a single CRL. * @param crl the Certificate Revocation List * @param signCert a certificate that needs to be verified * @param issuerCert its issuer * @param signDate the sign date * @return true if the verification succeeded * @throws GeneralSecurityException */ public boolean verify(X509CRL crl, X509Certificate signCert, X509Certificate issuerCert, Date signDate) throws GeneralSecurityException { if (crl == null || signDate == null) return false; // We only check CRLs valid on the signing date for which the issuer matches if (crl.getIssuerX500Principal().equals(signCert.getIssuerX500Principal()) && signDate.after(crl.getThisUpdate()) && signDate.before(crl.getNextUpdate())) { // the signing certificate may not be revoked if (isSignatureValid(crl, issuerCert) && crl.isRevoked(signCert)) { throw new VerificationException(signCert, "The certificate has been revoked."); } return true; } return false; }
/** * Extracts the CRL distribution points from the certificate (if available) * and checks the certificate revocation status against the CRLs coming from * the distribution points. Supports HTTP, HTTPS, FTP and LDAP based URLs. * * @param cert the certificate to be checked for revocation * @throws CertificateVerificationException if the certificate is revoked */ public static void verifyCertificateCRLs(X509Certificate cert) throws CertificateVerificationException, RevocationVerificationException { try { List<String> crlDistPoints = getCrlDistributionPoints(cert); for (String crlDP : crlDistPoints) { X509CRL crl = downloadCRL(crlDP); if (crl.isRevoked(cert)) { throw new RevocationVerificationException( "The certificate is revoked by CRL: " + crlDP); } } } catch (Exception ex) { if (ex instanceof CertificateVerificationException) { throw (CertificateVerificationException) ex; } else { throw new CertificateVerificationException( "Can not verify CRL for certificate: " + cert.getSubjectX500Principal()); } } }
loadCRL(chain); for (X509CRL crl : crlCollection) { if (crl.isRevoked(chain[0])) { throw new CertificateException("Certificate is revoked");
@Override public void validate(X509Certificate x509) throws CertificateValidatorCRLException, CertificateRevocationException { if (x509 != null){ Collection<ICPBR_CRL> crls = null; try { crls = crlRepository.getX509CRL(x509); } catch (Exception e) { throw new CertificateValidatorCRLException(e.getMessage()); } if (crls == null || crls.isEmpty()) { throw new CertificateValidatorCRLException(coreMessagesBundle.getString("error.validate.on.crl")); } for (ICPBR_CRL icpbr_crl : crls) { if (icpbr_crl.getCRL().isRevoked(x509)) { throw new CertificateRevocationException(coreMessagesBundle.getString("error.certificate.repelead")); } } }else{ throw new CertificateValidatorCRLException(coreMessagesBundle.getString("error.invalid.certificate")); } } }