Beispiel #1
0
 public X509CRLEntry getRevokedCertificate(X509Certificate cert) {
   if (revokedMap.isEmpty()) {
     return null;
   }
   X509IssuerSerial issuerSerial = new X509IssuerSerial(cert);
   return revokedMap.get(issuerSerial);
 }
Beispiel #2
0
  public X509CRLEntry getRevokedCertificate(BigInteger serialNumber) {
    if (revokedMap.isEmpty()) {
      return null;
    }

    X509IssuerSerial issuerSerial = new X509IssuerSerial(getIssuerX500Principal(), serialNumber);
    return revokedMap.get(issuerSerial);
  }
Beispiel #3
0
 public boolean isRevoked(Certificate cert) {
   if (revokedMap.isEmpty() || (!(cert instanceof X509Certificate))) {
     return false;
   }
   X509Certificate xcert = (X509Certificate) cert;
   X509IssuerSerial issuerSerial = new X509IssuerSerial(xcert);
   return revokedMap.containsKey(issuerSerial);
 }
Beispiel #4
0
 public static void notEmpty(Map map, String message) {
   if (map == null || map.isEmpty()) {
     throw new IllegalArgumentException(message);
   }
 }
Beispiel #5
0
  private void parse(DerValue val) throws CRLException, IOException {

    if (readOnly) {
      throw new CRLException("cannot over-write existing CRL");
    }

    if (val.getData() == null || val.tag != DerValue.tag_Sequence) {
      throw new CRLException("Invalid DER-encoded CRL data");
    }

    signedCRL = val.toByteArray();
    DerValue seq[] = new DerValue[3];

    seq[0] = val.data.getDerValue();
    seq[1] = val.data.getDerValue();
    seq[2] = val.data.getDerValue();

    if (val.data.available() != 0) {
      throw new CRLException("signed overrun, bytes = " + val.data.available());
    }

    if (seq[0].tag != DerValue.tag_Sequence) {
      throw new CRLException("signed CRL fields invalid");
    }

    sigAlgId = AlgorithmId.parse(seq[1]);
    signature = seq[2].getBitString();

    if (seq[1].data.available() != 0) {
      throw new CRLException("AlgorithmId field overrun");
    }

    if (seq[2].data.available() != 0) {
      throw new CRLException("Signature field overrun");
    }

    tbsCertList = seq[0].toByteArray();

    DerInputStream derStrm = seq[0].data;
    DerValue tmp;
    byte nextByte;

    version = 0;

    nextByte = (byte) derStrm.peekByte();
    if (nextByte == DerValue.tag_Integer) {
      version = derStrm.getInteger();
      if (version != 1) {

        throw new CRLException("Invalid version");
      }
    }
    tmp = derStrm.getDerValue();

    AlgorithmId tmpId = AlgorithmId.parse(tmp);

    if (!tmpId.equals(sigAlgId)) {
      throw new CRLException("Signature algorithm mismatch");
    }
    infoSigAlgId = tmpId;

    issuer = new X500Name(derStrm);
    if (issuer.isEmpty()) {
      throw new CRLException("Empty issuer DN not allowed in X509CRLs");
    }

    nextByte = (byte) derStrm.peekByte();
    if (nextByte == DerValue.tag_UtcTime) {
      thisUpdate = derStrm.getUTCTime();
    } else if (nextByte == DerValue.tag_GeneralizedTime) {
      thisUpdate = derStrm.getGeneralizedTime();
    } else {
      throw new CRLException("Invalid encoding for thisUpdate" + " (tag=" + nextByte + ")");
    }

    if (derStrm.available() == 0) {
      return;
    }

    nextByte = (byte) derStrm.peekByte();
    if (nextByte == DerValue.tag_UtcTime) {
      nextUpdate = derStrm.getUTCTime();
    } else if (nextByte == DerValue.tag_GeneralizedTime) {
      nextUpdate = derStrm.getGeneralizedTime();
    }

    if (derStrm.available() == 0) {
      return;
    }

    nextByte = (byte) derStrm.peekByte();
    if ((nextByte == DerValue.tag_SequenceOf) && (!((nextByte & 0x0c0) == 0x080))) {
      DerValue[] badCerts = derStrm.getSequence(4);

      X500Principal crlIssuer = getIssuerX500Principal();
      X500Principal badCertIssuer = crlIssuer;
      for (int i = 0; i < badCerts.length; i++) {
        X509CRLEntryImpl entry = new X509CRLEntryImpl(badCerts[i]);
        badCertIssuer = getCertIssuer(entry, badCertIssuer);
        entry.setCertificateIssuer(crlIssuer, badCertIssuer);
        X509IssuerSerial issuerSerial =
            new X509IssuerSerial(badCertIssuer, entry.getSerialNumber());
        revokedMap.put(issuerSerial, entry);
        revokedList.add(entry);
      }
    }

    if (derStrm.available() == 0) {
      return;
    }

    tmp = derStrm.getDerValue();
    if (tmp.isConstructed() && tmp.isContextSpecific((byte) 0)) {
      extensions = new CRLExtensions(tmp.data);
    }
    readOnly = true;
  }