本文整理汇总了Java中java.security.cert.CRLException类的典型用法代码示例。如果您正苦于以下问题:Java CRLException类的具体用法?Java CRLException怎么用?Java CRLException使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
CRLException类属于java.security.cert包,在下文中一共展示了CRLException类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: verify
import java.security.cert.CRLException; //导入依赖的package包/类
/**
* Verifies that this CRL was signed using the
* private key that corresponds to the given public key,
* and that the signature verification was computed by
* the given provider. Note that the specified Provider object
* does not have to be registered in the provider list.
*
* @param key the PublicKey used to carry out the verification.
* @param sigProvider the signature provider.
*
* @exception NoSuchAlgorithmException on unsupported signature
* algorithms.
* @exception InvalidKeyException on incorrect key.
* @exception SignatureException on signature errors.
* @exception CRLException on encoding errors.
*/
public synchronized void verify(PublicKey key, Provider sigProvider)
throws CRLException, NoSuchAlgorithmException, InvalidKeyException,
SignatureException {
if (signedCRL == null) {
throw new CRLException("Uninitialized CRL");
}
Signature sigVerf = null;
if (sigProvider == null) {
sigVerf = Signature.getInstance(sigAlgId.getName());
} else {
sigVerf = Signature.getInstance(sigAlgId.getName(), sigProvider);
}
sigVerf.initVerify(key);
if (tbsCertList == null) {
throw new CRLException("Uninitialized CRL");
}
sigVerf.update(tbsCertList, 0, tbsCertList.length);
if (!sigVerf.verify(signature)) {
throw new SignatureException("Signature does not match.");
}
verifiedPublicKey = key;
}
示例2: parseExtension
import java.security.cert.CRLException; //导入依赖的package包/类
private void parseExtension(Extension ext) throws CRLException {
try {
Class<?> extClass = OIDMap.getClass(ext.getExtensionId());
if (extClass == null) { // Unsupported extension
if (ext.isCritical())
unsupportedCritExt = true;
if (map.put(ext.getExtensionId().toString(), ext) != null)
throw new CRLException("Duplicate extensions not allowed");
return;
}
Constructor<?> cons = extClass.getConstructor(PARAMS);
Object[] passed = new Object[] {Boolean.valueOf(ext.isCritical()),
ext.getExtensionValue()};
CertAttrSet<?> crlExt = (CertAttrSet<?>)cons.newInstance(passed);
if (map.put(crlExt.getName(), (Extension)crlExt) != null) {
throw new CRLException("Duplicate extensions not allowed");
}
} catch (InvocationTargetException invk) {
throw new CRLException(invk.getTargetException().getMessage());
} catch (Exception e) {
throw new CRLException(e.toString());
}
}
示例3: fetchCRLFromLdap
import java.security.cert.CRLException; //导入依赖的package包/类
/**
* Downloads a CRL from given LDAP url.
*
* @param r the resource that is the ldap url.
* @return the x 509 cRL
* @throws IOException the exception thrown if resources cant be fetched
* @throws CRLException the exception thrown if resources cant be fetched
* @throws CertificateException if connection to ldap fails, or attribute to get the revocation list is unavailable
*/
protected X509CRL fetchCRLFromLdap(final Object r) throws CertificateException, IOException, CRLException {
try {
final String ldapURL = r.toString();
LOGGER.debug("Fetching CRL from ldap [{}]", ldapURL);
final Response<SearchResult> result = performLdapSearch(ldapURL);
if (result.getResultCode() == ResultCode.SUCCESS) {
final LdapEntry entry = result.getResult().getEntry();
final LdapAttribute attribute = entry.getAttribute(this.certificateAttribute);
if (attribute.isBinary()) {
LOGGER.debug("Located entry [{}]. Retrieving first attribute [{}]", entry, attribute);
return fetchX509CRLFromAttribute(attribute);
}
LOGGER.warn("Found certificate attribute [{}] but it is not marked as a binary attribute", this.certificateAttribute);
}
LOGGER.debug("Failed to execute the search [{}]", result);
throw new CertificateException("Failed to establish a connection ldap and search.");
} catch (final LdapException e) {
LOGGER.error(e.getMessage(), e);
throw new CertificateException(e.getMessage());
}
}
示例4: getParameters
import java.security.cert.CRLException; //导入依赖的package包/类
/**
* Return the initialization parameters for the TrustManager. Currently,
* only the default <code>PKIX</code> is supported.
*
* @param algorithm
* The algorithm to get parameters for.
* @param crlf
* The path to the CRL file.
* @param trustStore
* The configured TrustStore.
* @return The parameters including the CRLs and TrustStore.
*/
protected CertPathParameters getParameters(String algorithm, String crlf, KeyStore trustStore) throws Exception {
CertPathParameters params = null;
if ("PKIX".equalsIgnoreCase(algorithm)) {
PKIXBuilderParameters xparams = new PKIXBuilderParameters(trustStore, new X509CertSelector());
Collection<? extends CRL> crls = getCRLs(crlf);
CertStoreParameters csp = new CollectionCertStoreParameters(crls);
CertStore store = CertStore.getInstance("Collection", csp);
xparams.addCertStore(store);
xparams.setRevocationEnabled(true);
String trustLength = endpoint.getTrustMaxCertLength();
if (trustLength != null) {
try {
xparams.setMaxPathLength(Integer.parseInt(trustLength));
} catch (Exception ex) {
log.warn("Bad maxCertLength: " + trustLength);
}
}
params = xparams;
} else {
throw new CRLException("CRLs not supported for type: " + algorithm);
}
return params;
}
示例5: addCRL
import java.security.cert.CRLException; //导入依赖的package包/类
/**
* Add the CRLEntry objects contained in a previous CRL.
*
* @param other the X509CRL to source the other entries from.
*/
public void addCRL(X509CRL other)
throws CRLException
{
Set revocations = other.getRevokedCertificates();
if (revocations != null)
{
Iterator it = revocations.iterator();
while (it.hasNext())
{
X509CRLEntry entry = (X509CRLEntry)it.next();
ASN1InputStream aIn = new ASN1InputStream(entry.getEncoded());
try
{
tbsGen.addCRLEntry(ASN1Sequence.getInstance(aIn.readObject()));
}
catch (IOException e)
{
throw new CRLException("exception processing encoding of CRL: " + e.toString());
}
}
}
}
示例6: generate
import java.security.cert.CRLException; //导入依赖的package包/类
/**
* generate an X509 CRL, based on the current issuer and subject,
* using the passed in provider for the signing.
*/
public X509CRL generate(
PrivateKey key,
String provider,
SecureRandom random)
throws CRLException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException
{
TBSCertList tbsCrl = generateCertList();
byte[] signature;
try
{
signature = X509Util.calculateSignature(sigOID, signatureAlgorithm, provider, key, random, tbsCrl);
}
catch (IOException e)
{
throw new ExtCRLException("cannot generate CRL encoding", e);
}
return generateJcaObject(tbsCrl, signature);
}
示例7: compareTo
import java.security.cert.CRLException; //导入依赖的package包/类
@Override
public int compareTo(X509CRLEntryImpl that) {
int compSerial = getSerialNumber().compareTo(that.getSerialNumber());
if (compSerial != 0) {
return compSerial;
}
try {
byte[] thisEncoded = this.getEncoded0();
byte[] thatEncoded = that.getEncoded0();
for (int i=0; i<thisEncoded.length && i<thatEncoded.length; i++) {
int a = thisEncoded[i] & 0xff;
int b = thatEncoded[i] & 0xff;
if (a != b) return a-b;
}
return thisEncoded.length -thatEncoded.length;
} catch (CRLException ce) {
return -1;
}
}
示例8: convertHolders
import java.security.cert.CRLException; //导入依赖的package包/类
private CollectionCertStoreParameters convertHolders(JcaX509CertificateConverter certificateConverter, JcaX509CRLConverter crlConverter)
throws CertificateException, CRLException
{
List jcaObjs = new ArrayList(certs.size() + crls.size());
for (Iterator it = certs.iterator(); it.hasNext();)
{
jcaObjs.add(certificateConverter.getCertificate((X509CertificateHolder)it.next()));
}
for (Iterator it = crls.iterator(); it.hasNext();)
{
jcaObjs.add(crlConverter.getCRL((X509CRLHolder)it.next()));
}
return new CollectionCertStoreParameters(jcaObjs);
}
示例9: X509CRLObject
import java.security.cert.CRLException; //导入依赖的package包/类
public X509CRLObject(
CertificateList c)
throws CRLException
{
this.c = c;
try
{
this.sigAlgName = X509SignatureUtil.getSignatureName(c.getSignatureAlgorithm());
if (c.getSignatureAlgorithm().getParameters() != null)
{
this.sigAlgParams = ((ASN1Encodable)c.getSignatureAlgorithm().getParameters()).toASN1Primitive().getEncoded(ASN1Encoding.DER);
}
else
{
this.sigAlgParams = null;
}
this.isIndirect = isIndirectCRL(this);
}
catch (Exception e)
{
throw new CRLException("CRL contents invalid: " + e);
}
}
示例10: verify
import java.security.cert.CRLException; //导入依赖的package包/类
public void verify(PublicKey key, String sigProvider)
throws CRLException, NoSuchAlgorithmException,
InvalidKeyException, NoSuchProviderException, SignatureException
{
if (!c.getSignatureAlgorithm().equals(c.getTBSCertList().getSignature()))
{
throw new CRLException("Signature algorithm on CertificateList does not match TBSCertList.");
}
Signature sig;
if (sigProvider != null)
{
sig = Signature.getInstance(getSigAlgName(), sigProvider);
}
else
{
sig = Signature.getInstance(getSigAlgName());
}
sig.initVerify(key);
sig.update(this.getTBSCertList());
if (!sig.verify(this.getSignature()))
{
throw new SignatureException("CRL does not verify with supplied public key.");
}
}
示例11: readDERCRL
import java.security.cert.CRLException; //导入依赖的package包/类
private CRL readDERCRL(
InputStream in)
throws IOException, CRLException
{
ASN1InputStream dIn = new ASN1InputStream(in);
ASN1Sequence seq = (ASN1Sequence)dIn.readObject();
if (seq.size() > 1
&& seq.getObjectAt(0) instanceof DERObjectIdentifier)
{
if (seq.getObjectAt(0).equals(PKCSObjectIdentifiers.signedData))
{
sData = new SignedData(ASN1Sequence.getInstance(
(ASN1TaggedObject)seq.getObjectAt(1), true)).getCRLs();
return getCRL();
}
}
return new X509CRLObject(CertificateList.getInstance(seq));
}
示例12: readDERCRL
import java.security.cert.CRLException; //导入依赖的package包/类
private CRL readDERCRL(
ASN1InputStream aIn)
throws IOException, CRLException
{
ASN1Sequence seq = (ASN1Sequence)aIn.readObject();
if (seq.size() > 1
&& seq.getObjectAt(0) instanceof ASN1ObjectIdentifier)
{
if (seq.getObjectAt(0).equals(PKCSObjectIdentifiers.signedData))
{
sCrlData = SignedData.getInstance(ASN1Sequence.getInstance(
(ASN1TaggedObject)seq.getObjectAt(1), true)).getCRLs();
return getCRL();
}
}
return createCRL(
CertificateList.getInstance(seq));
}
示例13: getIssuerX509Principal
import java.security.cert.CRLException; //导入依赖的package包/类
/**
* return the issuer of the given CRL as an X509PrincipalObject.
*/
public static X509Principal getIssuerX509Principal(
X509CRL crl)
throws CRLException
{
try
{
ByteArrayInputStream bIn = new ByteArrayInputStream(
crl.getTBSCertList());
ASN1InputStream aIn = new ASN1InputStream(bIn);
TBSCertList tbsCertList = new TBSCertList(
(ASN1Sequence)aIn.readObject());
return new X509Principal(tbsCertList.getIssuer());
}
catch (IOException e)
{
throw new CRLException(e.toString());
}
}
示例14: decodeCRLs
import java.security.cert.CRLException; //导入依赖的package包/类
/**
* Decodes CRLS in DER or PKCS#7 format. If in PKCS#7 format only the CRLs are decode, the rest of the content is
* ignored.
*
* @param crls encoded CRLs
*
* @return decoded CRLs
*
* @throws CRLException thrown if the CRLs can not be decoded
*
* @since 1.2
*/
public static Collection<X509CRL> decodeCRLs(File crls) throws CRLException{
if(!crls.exists()){
throw new CRLException("CRL file " + crls.getAbsolutePath() + " does not exist");
}
if(!crls.canRead()){
throw new CRLException("CRL file " + crls.getAbsolutePath() + " is not readable");
}
try{
return decodeCRLs(DatatypeHelper.fileToByteArray(crls));
}catch(IOException e){
throw new CRLException("Error reading CRL file " + crls.getAbsolutePath(), e);
}
}
示例15: getCRLs
import java.security.cert.CRLException; //导入依赖的package包/类
/**
* Get a list of the Java {@link java.security.cert.X509CRL}s within the given {@link KeyInfo}.
*
* @param keyInfo the {@link KeyInfo} to extract the CRL's from
*
* @return a list of Java {@link java.security.cert.X509CRL}s
*
* @throws CRLException thrown if there is a problem converting the
* CRL data into {@link java.security.cert.X509CRL}s
*/
public static List<X509CRL> getCRLs(KeyInfo keyInfo) throws CRLException {
List<X509CRL> crlList = new LinkedList<X509CRL>();
if (keyInfo == null) {
return crlList;
}
List<X509Data> x509Datas = keyInfo.getX509Datas();
for (X509Data x509Data : x509Datas) {
if (x509Data != null) {
crlList.addAll(getCRLs(x509Data));
}
}
return crlList;
}