本文整理匯總了Java中java.security.cert.CRL類的典型用法代碼示例。如果您正苦於以下問題:Java CRL類的具體用法?Java CRL怎麽用?Java CRL使用的例子?那麽, 這裏精選的類代碼示例或許可以為您提供幫助。
CRL類屬於java.security.cert包,在下文中一共展示了CRL類的15個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Java代碼示例。
示例1: checkCRL
import java.security.cert.CRL; //導入依賴的package包/類
private void checkCRL(X509Certificate[] chain) throws CertificateException {
String crl = option.getCrl();
crl = custom.getFullPath(crl);
File file = new File(crl);
if (!file.exists()) {
return;
}
CRL[] crls = KeyStoreUtil.createCRL(crl);
X509Certificate owner = CertificateUtil.findOwner(chain);
for (CRL c : crls) {
if (c.isRevoked(owner)) {
LOG.error("certificate revoked");
throw new CertificateException("certificate revoked");
}
}
}
示例2: readDERCRL
import java.security.cert.CRL; //導入依賴的package包/類
private CRL readDERCRL(
InputStream in)
throws IOException, CRLException
{
ASN1InputStream dIn = new ASN1InputStream(in);
ASN1Sequence seq = (ASN1Sequence)dIn.readObject();
if (seq.size() > 1
&& seq.getObjectAt(0) instanceof DERObjectIdentifier)
{
if (seq.getObjectAt(0).equals(PKCSObjectIdentifiers.signedData))
{
sData = new SignedData(ASN1Sequence.getInstance(
(ASN1TaggedObject)seq.getObjectAt(1), true)).getCRLs();
return getCRL();
}
}
return new X509CRLObject(CertificateList.getInstance(seq));
}
示例3: readDERCRL
import java.security.cert.CRL; //導入依賴的package包/類
private CRL readDERCRL(
ASN1InputStream aIn)
throws IOException, CRLException
{
ASN1Sequence seq = (ASN1Sequence)aIn.readObject();
if (seq.size() > 1
&& seq.getObjectAt(0) instanceof ASN1ObjectIdentifier)
{
if (seq.getObjectAt(0).equals(PKCSObjectIdentifiers.signedData))
{
sCrlData = SignedData.getInstance(ASN1Sequence.getInstance(
(ASN1TaggedObject)seq.getObjectAt(1), true)).getCRLs();
return getCRL();
}
}
return createCRL(
CertificateList.getInstance(seq));
}
示例4: storeContainsCRLs
import java.security.cert.CRL; //導入依賴的package包/類
/**
* Determine whether there are any CRL's in the {@link CertStore} that is to be used.
*
* @param certStore the cert store that will be used for validation
* @return true if the store contains at least 1 CRL instance, false otherwise
*/
protected boolean storeContainsCRLs(CertStore certStore) {
Collection<? extends CRL> crls = null;
try {
//Save some cycles and memory: Collection cert store allows null as specifier to return all.
//crls = certStore.getCRLs( new X509CRLSelector() );
crls = certStore.getCRLs(null);
} catch (CertStoreException e) {
log.error("Error examining cert store for CRL's, treating as if no CRL's present", e);
return false;
}
if (crls != null && !crls.isEmpty()) {
return true;
}
return false;
}
示例5: verifyCRL
import java.security.cert.CRL; //導入依賴的package包/類
private static String verifyCRL(KeyStore ks, CRL crl)
throws Exception {
X509CRLImpl xcrl = (X509CRLImpl)crl;
X500Principal issuer = xcrl.getIssuerX500Principal();
for (String s: e2i(ks.aliases())) {
Certificate cert = ks.getCertificate(s);
if (cert instanceof X509Certificate) {
X509Certificate xcert = (X509Certificate)cert;
if (xcert.getSubjectX500Principal().equals(issuer)) {
try {
((X509CRLImpl)crl).verify(cert.getPublicKey());
return s;
} catch (Exception e) {
}
}
}
}
return null;
}
示例6: printCRL
import java.security.cert.CRL; //導入依賴的package包/類
private void printCRL(CRL crl, PrintStream out)
throws Exception {
X509CRL xcrl = (X509CRL)crl;
if (rfc) {
out.println("-----BEGIN X509 CRL-----");
out.println(Base64.getMimeEncoder(64, CRLF).encodeToString(xcrl.getEncoded()));
out.println("-----END X509 CRL-----");
} else {
String s;
if (crl instanceof X509CRLImpl) {
X509CRLImpl x509crl = (X509CRLImpl) crl;
s = x509crl.toStringWithAlgName(withWeak("" + x509crl.getSigAlgId()));
} else {
s = crl.toString();
}
out.println(s);
}
}
示例7: getParameters
import java.security.cert.CRL; //導入依賴的package包/類
/**
* Return the initialization parameters for the TrustManager. Currently,
* only the default <code>PKIX</code> is supported.
*
* @param algorithm
* The algorithm to get parameters for.
* @param crlf
* The path to the CRL file.
* @param trustStore
* The configured TrustStore.
* @return The parameters including the CRLs and TrustStore.
*/
protected CertPathParameters getParameters(String algorithm, String crlf, KeyStore trustStore) throws Exception {
CertPathParameters params = null;
if ("PKIX".equalsIgnoreCase(algorithm)) {
PKIXBuilderParameters xparams = new PKIXBuilderParameters(trustStore, new X509CertSelector());
Collection<? extends CRL> crls = getCRLs(crlf);
CertStoreParameters csp = new CollectionCertStoreParameters(crls);
CertStore store = CertStore.getInstance("Collection", csp);
xparams.addCertStore(store);
xparams.setRevocationEnabled(true);
String trustLength = endpoint.getTrustMaxCertLength();
if (trustLength != null) {
try {
xparams.setMaxPathLength(Integer.parseInt(trustLength));
} catch (Exception ex) {
log.warn("Bad maxCertLength: " + trustLength);
}
}
params = xparams;
} else {
throw new CRLException("CRLs not supported for type: " + algorithm);
}
return params;
}
示例8: getCRLs
import java.security.cert.CRL; //導入依賴的package包/類
/**
* Load the collection of CRLs.
*
*/
protected Collection<? extends CRL> getCRLs(String crlf) throws IOException, CRLException, CertificateException {
Collection<? extends CRL> crls = null;
InputStream is = null;
try {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
is = ConfigFileLoader.getInputStream(crlf);
crls = cf.generateCRLs(is);
} catch (IOException iex) {
throw iex;
} catch (CRLException crle) {
throw crle;
} catch (CertificateException ce) {
throw ce;
} finally {
if (is != null) {
try {
is.close();
} catch (Exception ex) {
// Ignore
}
}
}
return crls;
}
示例9: setSignInfo
import java.security.cert.CRL; //導入依賴的package包/類
/**
* Sets the crypto information to sign.
* @param privKey the private key
* @param certChain the certificate chain
* @param crlList the certificate revocation list. It can be <CODE>null</CODE>
*/
public void setSignInfo(PrivateKey privKey, Certificate[] certChain, CRL[] crlList) {
try {
pkcs = new PdfPKCS7(privKey, certChain, crlList, hashAlgorithm, provider, PdfName.ADBE_PKCS7_SHA1.equals(get(PdfName.SUBFILTER)));
pkcs.setExternalDigest(externalDigest, externalRSAdata, digestEncryptionAlgorithm);
if (PdfName.ADBE_X509_RSA_SHA1.equals(get(PdfName.SUBFILTER))) {
ByteArrayOutputStream bout = new ByteArrayOutputStream();
for (int k = 0; k < certChain.length; ++k) {
bout.write(certChain[k].getEncoded());
}
bout.close();
setCert(bout.toByteArray());
setContents(pkcs.getEncodedPKCS1());
}
else
setContents(pkcs.getEncodedPKCS7());
name = PdfPKCS7.getSubjectFields(pkcs.getSigningCertificate()).getField("CN");
if (name != null)
put(PdfName.NAME, new PdfString(name, PdfObject.TEXT_UNICODE));
pkcs = new PdfPKCS7(privKey, certChain, crlList, hashAlgorithm, provider, PdfName.ADBE_PKCS7_SHA1.equals(get(PdfName.SUBFILTER)));
pkcs.setExternalDigest(externalDigest, externalRSAdata, digestEncryptionAlgorithm);
}
catch (Exception e) {
throw new ExceptionConverter(e);
}
}
示例10: verifyCertificate
import java.security.cert.CRL; //導入依賴的package包/類
/**
* Verifies a single certificate.
* @param cert the certificate to verify
* @param crls the certificate revocation list or <CODE>null</CODE>
* @param calendar the date or <CODE>null</CODE> for the current date
* @return a <CODE>String</CODE> with the error description or <CODE>null</CODE>
* if no error
*/
public static String verifyCertificate(X509Certificate cert, Collection crls, Calendar calendar) {
if (calendar == null)
calendar = new GregorianCalendar();
if (cert.hasUnsupportedCriticalExtension())
return "Has unsupported critical extension";
try {
cert.checkValidity(calendar.getTime());
}
catch (Exception e) {
return e.getMessage();
}
if (crls != null) {
for (Iterator it = crls.iterator(); it.hasNext();) {
if (((CRL)it.next()).isRevoked(cert))
return "Certificate revoked";
}
}
return null;
}
示例11: loadCRL
import java.security.cert.CRL; //導入依賴的package包/類
/**
* Loads certificate revocation list (CRL) from a file.
*
* Required for integrations to be able to override the mechanism used to
* load CRL in order to provide their own implementation.
*
* @param crlPath path of certificate revocation list file
* @return Collection of CRL's
* @throws Exception
*/
protected Collection<? extends CRL> loadCRL(String crlPath) throws Exception {
Collection<? extends CRL> crlList = null;
if (crlPath != null) {
InputStream in = null;
try {
in = new FileInputStream(crlPath); //assume it's a file
crlList = CertificateFactory.getInstance("X.509").generateCRLs(in);
} finally {
if (in != null) {
in.close();
}
}
}
return crlList;
}
示例12: loadCRL
import java.security.cert.CRL; //導入依賴的package包/類
public static Collection<? extends CRL> loadCRL(String crlPath) throws Exception
{
Collection<? extends CRL> crlList = null;
if (crlPath != null)
{
InputStream in = null;
try
{
in = Resource.newResource(crlPath).getInputStream();
crlList = CertificateFactory.getInstance("X.509").generateCRLs(in);
}
finally
{
if (in != null)
{
in.close();
}
}
}
return crlList;
}
示例13: readDERCRL
import java.security.cert.CRL; //導入依賴的package包/類
private CRL readDERCRL(
InputStream in)
throws IOException, CRLException
{
ASN1InputStream dIn = new ASN1InputStream(in);
ASN1Sequence seq = (ASN1Sequence)dIn.readObject();
if (seq.size() > 1
&& seq.getObjectAt(0) instanceof ASN1ObjectIdentifier)
{
if (seq.getObjectAt(0).equals(PKCSObjectIdentifiers.signedData))
{
sData = new SignedData(ASN1Sequence.getInstance(
(ASN1TaggedObject)seq.getObjectAt(1), true)).getCRLs();
return getCRL();
}
}
return new X509CRLObject(CertificateList.getInstance(seq));
}
示例14: match
import java.security.cert.CRL; //導入依賴的package包/類
public boolean match(CRL crl)
{
if (!(crl instanceof X509CRL))
return false;
try
{
Principal p = ((X509CRL) crl).getIssuerDN();
X500DistinguishedName thisName = null;
if (p instanceof X500DistinguishedName)
thisName = (X500DistinguishedName) p;
else if (p instanceof X500Principal)
thisName = new X500DistinguishedName(((X500Principal) p).getEncoded());
else
thisName = new X500DistinguishedName(p.getName());
for (Iterator it = issuerNames.iterator(); it.hasNext(); )
{
X500DistinguishedName name = (X500DistinguishedName) it.next();
if (thisName.equals(name))
return true;
}
}
catch (Exception x)
{
}
return false;
}
示例15: test_generateCRLsLjava_io_InputStream
import java.security.cert.CRL; //導入依賴的package包/類
/**
* @tests java.security.cert.CertificateFactory#generateCRLs(java.io.InputStream)
*/
@TestTargetNew(
level = TestLevel.PARTIAL_COMPLETE,
notes = "Verifies IOException.",
method = "generateCRLs",
args = {java.io.InputStream.class}
)
public void test_generateCRLsLjava_io_InputStream() throws Exception {
CertificateFactory fact = CertificateFactory.getInstance("X.509");
for (int i = 0; i < CRLCOLLECTION_URLS.length; i++) {
URL certUrl = new URL(BASE_URL + CRLCOLLECTION_URLS[i]);
try {
InputStream is = certUrl.openStream();
Collection<? extends CRL> crls = fact.generateCRLs(is);
assertTrue("The CRLs in \"" + certUrl.toExternalForm()
+ "\" were not parsed correctly", crls != null
&& crls.size() > 0);
} catch (IOException e) {
// the certificate could not be found, skip it
}
}
}