Example #1
1
  public static void main(String[] args) throws Exception {

    // Generate 20 serial numbers with dup and a special order
    int count = 20;
    BigInteger[] serials = new BigInteger[count];
    for (int i = 0; i < count; i++) {
      serials[i] = BigInteger.valueOf(i * 7 % 10);
    }

    // Generates a CRL
    X509CRLEntry[] badCerts = new X509CRLEntry[count];
    for (int i = 0; i < count; i++) {
      badCerts[i] =
          new X509CRLEntryImpl(serials[i], new Date(System.currentTimeMillis() + i * 1000));
    }
    X500Name owner = new X500Name("CN=CA");
    X509CRLImpl crl = new X509CRLImpl(owner, new Date(), new Date(), badCerts);
    KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
    crl.sign(kpg.genKeyPair().getPrivate(), "SHA1withRSA");
    byte[] data = crl.getEncodedInternal();

    // Check the encoding
    checkData(crl, data, serials);

    // Load a CRL from raw data
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    X509CRLImpl crl2 = (X509CRLImpl) cf.generateCRL(new ByteArrayInputStream(data));

    // Check the encoding again
    data = crl2.getEncodedInternal();
    checkData(crl2, data, serials);
  }
 private X509CRL decode(byte[] encoded) throws CertificateException, IOException, CRLException {
   InputStream inStream = new ByteArrayInputStream(encoded);
   CertificateFactory cf = CertificateFactory.getInstance("X.509"); // $NON-NLS-1$
   X509CRL crl = (X509CRL) cf.generateCRL(inStream);
   inStream.close();
   return crl;
 }
Example #3
0
  /**
   * Reads in a X509CRL.
   *
   * @return the X509Certificate
   * @throws IOException if an I/O error occured
   */
  private X509CRL readCRL(String endMarker) throws IOException {
    ByteArrayInputStream bIn = new ByteArrayInputStream(readBytes(endMarker));

    try {
      CertificateFactory certFact = CertificateFactory.getInstance("X.509", provider);

      return (X509CRL) certFact.generateCRL(bIn);
    } catch (Exception e) {
      throw new PEMException("problem parsing cert: " + e.toString(), e);
    }
  }
Example #4
0
 /**
  * Gets a list of X509CRL objects from a Document Security Store.
  *
  * @return a list of CRLs
  * @throws GeneralSecurityException
  * @throws IOException
  */
 public List<X509CRL> getCRLsFromDSS() throws GeneralSecurityException, IOException {
   List<X509CRL> crls = new ArrayList<X509CRL>();
   if (dss == null) return crls;
   PdfArray crlarray = dss.getAsArray(PdfName.CRLS);
   if (crlarray == null) return crls;
   CertificateFactory cf = CertificateFactory.getInstance("X.509");
   for (int i = 0; i < crlarray.size(); i++) {
     PRStream stream = (PRStream) crlarray.getAsStream(i);
     X509CRL crl =
         (X509CRL) cf.generateCRL(new ByteArrayInputStream(PdfReader.getStreamBytes(stream)));
     crls.add(crl);
   }
   return crls;
 }
Example #5
0
 @JSFunction
 public X509CRL makeCRL(String fileName) {
   try {
     FileInputStream crlFile = new FileInputStream(fileName);
     try {
       CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
       return (X509CRL) certFactory.generateCRL(crlFile);
     } catch (CertificateException e) {
       throw new EvaluatorException("Error opening trust store: " + e);
     } catch (CRLException e) {
       throw new EvaluatorException("Error opening trust store: " + e);
     } finally {
       crlFile.close();
     }
   } catch (IOException ioe) {
     throw new EvaluatorException("I/O error reading trust store: " + ioe);
   }
 }
Example #6
0
  private void checkCircProcessing() throws Exception {
    CertificateFactory cf = CertificateFactory.getInstance("X.509", "BC");

    X509Certificate caCert =
        (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(circCA));
    X509Certificate crlCaCert =
        (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(circCRLCA));
    X509CRL crl = (X509CRL) cf.generateCRL(new ByteArrayInputStream(circCRL));

    List list = new ArrayList();

    list.add(caCert);
    list.add(crlCaCert);
    list.add(crl);

    CertStoreParameters ccsp = new CollectionCertStoreParameters(list);
    CertStore store = CertStore.getInstance("Collection", ccsp);

    Date validDate = new Date(crl.getThisUpdate().getTime() + 60 * 60 * 1000);

    // validating path
    List certchain = new ArrayList();

    certchain.add(crlCaCert);
    CertPath cp = CertificateFactory.getInstance("X.509", "BC").generateCertPath(certchain);

    Set trust = new HashSet();
    trust.add(new TrustAnchor(caCert, null));

    CertPathValidator cpv = CertPathValidator.getInstance("PKIX", "BC");
    // PKIXParameters param = new PKIXParameters(trust);

    PKIXBuilderParameters param = new PKIXBuilderParameters(trust, null);
    X509CertSelector certSelector = new X509CertSelector();
    certSelector.setCertificate(crlCaCert);
    param.setTargetCertConstraints(certSelector);
    param.addCertStore(store);
    param.setRevocationEnabled(true);
    param.setDate(validDate);

    PKIXCertPathValidatorResult result = (PKIXCertPathValidatorResult) cpv.validate(cp, param);
  }
Example #7
0
  /**
   * Reads in a X509CRL.
   *
   * @return the X509CRL
   * @throws IOException if an I/O error occured
   */
  private static X509CRL readCRL(BufferedReader in, String endMarker) throws IOException {
    String line;
    StringBuffer buf = new StringBuffer();

    while ((line = in.readLine()) != null) {
      if (line.indexOf(endMarker) != -1) {
        break;
      }
      buf.append(line.trim());
    }

    if (line == null) {
      throw new IOException(endMarker + " not found");
    }

    try {
      CertificateFactory certFact = CertificateFactory.getInstance("X.509");
      ByteArrayInputStream bIn = new ByteArrayInputStream(Base64.decode(buf.toString()));
      return (X509CRL) certFact.generateCRL(bIn);
    } catch (Exception e) {
      throw new IOException("problem parsing cert: " + e.toString());
    }
  }
Example #8
0
  public void performTest() throws Exception {
    CertificateFactory cf = CertificateFactory.getInstance("X.509", "BC");

    // initialise CertStore
    X509Certificate rootCert =
        (X509Certificate)
            cf.generateCertificate(new ByteArrayInputStream(CertPathTest.rootCertBin));
    X509Certificate interCert =
        (X509Certificate)
            cf.generateCertificate(new ByteArrayInputStream(CertPathTest.interCertBin));
    X509Certificate finalCert =
        (X509Certificate)
            cf.generateCertificate(new ByteArrayInputStream(CertPathTest.finalCertBin));
    X509CRL rootCrl = (X509CRL) cf.generateCRL(new ByteArrayInputStream(CertPathTest.rootCrlBin));
    X509CRL interCrl = (X509CRL) cf.generateCRL(new ByteArrayInputStream(CertPathTest.interCrlBin));
    List list = new ArrayList();
    list.add(rootCert);
    list.add(interCert);
    list.add(finalCert);
    list.add(rootCrl);
    list.add(interCrl);
    CollectionCertStoreParameters ccsp = new CollectionCertStoreParameters(list);
    CertStore store = CertStore.getInstance("Collection", ccsp, "BC");
    Date validDate = new Date(rootCrl.getThisUpdate().getTime() + 60 * 60 * 1000);
    // validating path
    List certchain = new ArrayList();
    certchain.add(finalCert);
    certchain.add(interCert);
    CertPath cp = CertificateFactory.getInstance("X.509", "BC").generateCertPath(certchain);
    Set trust = new HashSet();
    trust.add(new TrustAnchor(rootCert, null));

    CertPathValidator cpv = CertPathValidator.getInstance("PKIX", "BC");
    PKIXParameters param = new PKIXParameters(trust);
    param.addCertStore(store);
    param.setDate(validDate);
    MyChecker checker = new MyChecker();
    param.addCertPathChecker(checker);

    PKIXCertPathValidatorResult result = (PKIXCertPathValidatorResult) cpv.validate(cp, param);
    PolicyNode policyTree = result.getPolicyTree();
    PublicKey subjectPublicKey = result.getPublicKey();

    if (checker.getCount() != 2) {
      fail("checker not evaluated for each certificate");
    }

    if (!subjectPublicKey.equals(finalCert.getPublicKey())) {
      fail("wrong public key returned");
    }

    //
    // invalid path containing a valid one test
    //
    try {
      // initialise CertStore
      rootCert =
          (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(AC_RAIZ_ICPBRASIL));
      interCert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(AC_PR));
      finalCert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(schefer));

      list = new ArrayList();
      list.add(rootCert);
      list.add(interCert);
      list.add(finalCert);

      ccsp = new CollectionCertStoreParameters(list);
      store = CertStore.getInstance("Collection", ccsp);
      validDate = new Date(finalCert.getNotBefore().getTime() + 60 * 60 * 1000);

      // validating path
      certchain = new ArrayList();
      certchain.add(finalCert);
      certchain.add(interCert);
      cp = CertificateFactory.getInstance("X.509", "BC").generateCertPath(certchain);
      trust = new HashSet();
      trust.add(new TrustAnchor(rootCert, null));

      cpv = CertPathValidator.getInstance("PKIX", "BC");
      param = new PKIXParameters(trust);
      param.addCertStore(store);
      param.setRevocationEnabled(false);
      param.setDate(validDate);

      result = (PKIXCertPathValidatorResult) cpv.validate(cp, param);
      policyTree = result.getPolicyTree();
      subjectPublicKey = result.getPublicKey();

      fail("Invalid path validated");
    } catch (Exception e) {
      if (!(e instanceof CertPathValidatorException
          && e.getMessage().startsWith("Could not validate certificate signature."))) {
        fail("unexpected exception", e);
      }
    }

    checkCircProcessing();
    checkPolicyProcessingAtDomainMatch();
    validateWithExtendedKeyUsage();
    testEmptyPath();
  }
Example #9
0
  /**
   * Parse an encoded PKCS#7 SignedData object. The ASN.1 format of this object is:
   *
   * <pre>
   * SignedData ::= SEQUENCE {
   *   version           Version, -- always 1 for PKCS7 v1.5
   *   digestAlgorithms  DigestAlgorithmIdentifiers,
   *   contentInfo       ContentInfo,
   *   certificates  [0] IMPLICIT ExtendedCertificatesAndCertificates OPTIONAL,
   *   crls          [1] IMPLICIT CertificateRevocationLists OPTIONAL,
   *   signerInfos       SignerInfos }
   *
   * Version ::= INTEGER
   *
   * DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier
   *
   * DigestAlgorithmIdentifier ::= AlgorithmIdentifier
   *
   * ContentInfo ::= SEQUENCE {
   *   contentType   ContentType,
   *   content   [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL }
   *
   * ContentType ::= OBJECT IDENTIFIER
   *
   * ExtendedCertificatesAndCertificates ::=
   *   SET OF ExtendedCertificatesAndCertificate
   *
   * ExtendedCertificatesAndCertificate ::= CHOICE {
   *   certificate             Certificate, -- from X.509
   *   extendedCertificate [0] IMPLICIT ExtendedCertificate }
   *
   * CertificateRevocationLists ::= SET OF CertificateRevocationList
   *   -- from X.509
   *
   * SignerInfos ::= SET OF SignerInfo
   *
   * SignerInfo ::= SEQUENCE {
   *   version                       Version, -- always 1 for PKCS7 v1.5
   *   issuerAndSerialNumber         IssuerAndSerialNumber,
   *   digestAlgorithm               DigestAlgorithmIdentifier,
   *   authenticatedAttributes   [0] IMPLICIT Attributes OPTIONAL,
   *   digestEncryptionAlgorithm     DigestEncryptionAlgorithmIdentifier,
   *   encryptedDigest               EncryptedDigest,
   *   unauthenticatedAttributes [1] IMPLICIT Attributes OPTIONAL }
   *
   * EncryptedDigest ::= OCTET STRING
   * </pre>
   *
   * <p>(Readers who are confused as to why it takes 40 levels of indirection to specify "data with
   * a signature", rest assured that the present author is as confused as you are).
   */
  public PKCS7SignedData(BERReader ber) throws CRLException, CertificateException, IOException {
    CertificateFactory x509 = CertificateFactory.getInstance("X509");
    DERValue val = ber.read();
    if (!val.isConstructed()) throw new BEREncodingException("malformed ContentInfo");

    val = ber.read();
    if (val.getTag() != BER.OBJECT_IDENTIFIER)
      throw new BEREncodingException("malformed ContentType");

    if (!PKCS7_SIGNED_DATA.equals(val.getValue()))
      throw new BEREncodingException("content is not SignedData");

    val = ber.read();
    if (val.getTag() != 0) throw new BEREncodingException("malformed Content");

    val = ber.read();
    if (!val.isConstructed()) throw new BEREncodingException("malformed SignedData");

    if (Configuration.DEBUG) log.fine("SignedData: " + val);

    val = ber.read();
    if (val.getTag() != BER.INTEGER) throw new BEREncodingException("expecting Version");
    version = (BigInteger) val.getValue();
    if (Configuration.DEBUG) log.fine("  Version: " + version);

    digestAlgorithms = new HashSet();
    val = ber.read();
    if (!val.isConstructed())
      throw new BEREncodingException("malformed DigestAlgorithmIdentifiers");
    if (Configuration.DEBUG) log.fine("  DigestAlgorithmIdentifiers: " + val);
    int count = 0;
    DERValue val2 = ber.read();
    while (val2 != BER.END_OF_SEQUENCE && (val.getLength() > 0 && val.getLength() > count)) {
      if (!val2.isConstructed()) throw new BEREncodingException("malformed AlgorithmIdentifier");
      if (Configuration.DEBUG) log.fine("    AlgorithmIdentifier: " + val2);
      count += val2.getEncodedLength();
      val2 = ber.read();
      if (val2.getTag() != BER.OBJECT_IDENTIFIER)
        throw new BEREncodingException("malformed AlgorithmIdentifier");
      if (Configuration.DEBUG) log.fine("      digestAlgorithmIdentifiers OID: " + val2.getValue());
      List algId = new ArrayList(2);
      algId.add(val2.getValue());
      val2 = ber.read();
      if (val2 != BER.END_OF_SEQUENCE) {
        count += val2.getEncodedLength();
        if (val2.getTag() == BER.NULL) algId.add(null);
        else algId.add(val2.getEncoded());

        if (val2.isConstructed()) ber.skip(val2.getLength());

        if (BERValue.isIndefinite(val)) val2 = ber.read();
      } else algId.add(null);

      if (Configuration.DEBUG) {
        log.fine("      digestAlgorithmIdentifiers params: ");
        log.fine(
            Util.dumpString((byte[]) algId.get(1), "      digestAlgorithmIdentifiers params: "));
      }
      digestAlgorithms.add(algId);
    }

    val = ber.read();
    if (!val.isConstructed()) throw new BEREncodingException("malformed ContentInfo");
    if (Configuration.DEBUG) log.fine("  ContentInfo: " + val);
    val2 = ber.read();
    if (val2.getTag() != BER.OBJECT_IDENTIFIER)
      throw new BEREncodingException("malformed ContentType");

    contentType = (OID) val2.getValue();
    if (Configuration.DEBUG) log.fine("    ContentType OID: " + contentType);
    if (BERValue.isIndefinite(val)
        || (val.getLength() > 0 && val.getLength() > val2.getEncodedLength())) {
      val2 = ber.read();
      if (val2 != BER.END_OF_SEQUENCE) {
        content = val2.getEncoded();
        if (BERValue.isIndefinite(val)) val2 = ber.read();
      }
    }
    if (Configuration.DEBUG) {
      log.fine("    Content: ");
      log.fine(Util.dumpString(content, "    Content: "));
    }
    val = ber.read();
    if (val.getTag() == 0) {
      if (!val.isConstructed())
        throw new BEREncodingException("malformed ExtendedCertificatesAndCertificates");
      if (Configuration.DEBUG) log.fine("  ExtendedCertificatesAndCertificates: " + val);
      count = 0;
      val2 = ber.read();
      List certs = new LinkedList();
      while (val2 != BER.END_OF_SEQUENCE && (val.getLength() > 0 && val.getLength() > count)) {
        Certificate cert = x509.generateCertificate(new ByteArrayInputStream(val2.getEncoded()));
        if (Configuration.DEBUG) log.fine("    Certificate: " + cert);
        certs.add(cert);
        count += val2.getEncodedLength();
        ber.skip(val2.getLength());
        if (BERValue.isIndefinite(val) || val.getLength() > count) val2 = ber.read();
      }
      certificates = (Certificate[]) certs.toArray(new Certificate[certs.size()]);
      val = ber.read();
    }

    if (val.getTag() == 1) {
      if (!val.isConstructed())
        throw new BEREncodingException("malformed CertificateRevocationLists");
      if (Configuration.DEBUG) log.fine("  CertificateRevocationLists: " + val);
      count = 0;
      val2 = ber.read();
      List crls = new LinkedList();
      while (val2 != BER.END_OF_SEQUENCE && (val.getLength() > 0 && val.getLength() > count)) {
        CRL crl = x509.generateCRL(new ByteArrayInputStream(val2.getEncoded()));
        if (Configuration.DEBUG) log.fine("    CRL: " + crl);
        crls.add(crl);
        count += val2.getEncodedLength();
        ber.skip(val2.getLength());
        if (BERValue.isIndefinite(val) || val.getLength() > count) val2 = ber.read();
      }
      this.crls = (CRL[]) crls.toArray(new CRL[crls.size()]);
      val = ber.read();
    }

    signerInfos = new HashSet();
    if (!val.isConstructed()) throw new BEREncodingException("malformed SignerInfos");
    if (Configuration.DEBUG) log.fine("  SignerInfos: " + val);

    // FIXME read this more carefully.
    // Since we are just reading a file (probably) we just read until we
    // reach the end.
    while (true) {
      int i = ber.peek();
      if (i == 0 || i == -1) break;
      signerInfos.add(new SignerInfo(ber));
    }
  }
    public synchronized boolean checkCRL(X509Certificate cert) throws CertificateException {
      CRL crl = null;
      long now = System.currentTimeMillis();
      if (now - creationTime > 24 * 60 * 60 * 1000) {
        // Expire cache every 24 hours
        if (tempCRLFile != null && tempCRLFile.exists()) {
          tempCRLFile.delete();
        }
        tempCRLFile = null;
        passedTest.clear();

        /*
          Note:  if any certificate ever fails the check, we will
          remember that fact.

          This breaks with temporary "holds" that CRL's can issue.
          Apparently a certificate can have a temporary "hold" on its
          validity, but I'm not interested in supporting that.  If a "held"
          certificate is suddenly "unheld", you're just going to need
          to restart your JVM.
        */
        // failedTest.clear();  <-- DO NOT UNCOMMENT!
      }

      BigInteger fingerprint = getFingerprint(cert);
      if (failedTest.contains(fingerprint)) {
        throw new CertificateException("Revoked by CRL (cached response)");
      }
      if (passedTest.contains(fingerprint)) {
        return true;
      }

      if (tempCRLFile == null) {
        try {
          // log.info( "Trying to load CRL [" + urlString + "]" );
          URL url = new URL(urlString);
          File tempFile = File.createTempFile("crl", ".tmp");
          tempFile.deleteOnExit();

          OutputStream out = new FileOutputStream(tempFile);
          out = new BufferedOutputStream(out);
          InputStream in = new BufferedInputStream(url.openStream());
          try {
            Util.pipeStream(in, out);
          } catch (IOException ioe) {
            // better luck next time
            tempFile.delete();
            throw ioe;
          }
          this.tempCRLFile = tempFile;
          this.creationTime = System.currentTimeMillis();
        } catch (IOException ioe) {
          // log.warn( "Cannot check CRL: " + e );
        }
      }

      if (tempCRLFile != null && tempCRLFile.exists()) {
        try {
          InputStream in = new FileInputStream(tempCRLFile);
          in = new BufferedInputStream(in);
          synchronized (CF) {
            crl = CF.generateCRL(in);
          }
          in.close();
          if (crl.isRevoked(cert)) {
            // log.warn( "Revoked by CRL [" + urlString + "]: " + name );
            passedTest.remove(fingerprint);
            failedTest.add(fingerprint);
            throw new CertificateException("Revoked by CRL");
          } else {
            passedTest.add(fingerprint);
          }
        } catch (IOException ioe) {
          // couldn't load CRL that's supposed to be stored in Temp file.
          // log.warn(  );
        } catch (CRLException crle) {
          // something is wrong with the CRL
          // log.warn(  );
        }
      }
      return crl != null;
    }
 private void loadCrl(String crlFilename) throws IOException, CRLException {
   InputStream is = load(crlFilename);
   crl = factory.generateCRL(is);
 }
Example #12
0
  @JRubyMethod(name = "initialize", rest = true, frame = true)
  public IRubyObject _initialize(IRubyObject[] args, Block block) {
    extensions = new ArrayList<IRubyObject>();
    if (org.jruby.runtime.Arity.checkArgumentCount(getRuntime(), args, 0, 1) == 0) {
      version = getRuntime().getNil();
      issuer = getRuntime().getNil();
      last_update = getRuntime().getNil();
      next_update = getRuntime().getNil();
      revoked = getRuntime().newArray();
      return this;
    }

    ByteArrayInputStream bis = new ByteArrayInputStream(args[0].convertToString().getBytes());
    try {
      // SunJCE throws java.security.cert.CRLException: Invalid encoding of
      // AuthorityKeyIdentifierExtension.
      // FIXME: use BC for now.
      CertificateFactory cf = OpenSSLReal.getX509CertificateFactoryBC();
      crl = (java.security.cert.X509CRL) cf.generateCRL(bis);
    } catch (GeneralSecurityException gse) {
      throw newX509CRLError(getRuntime(), gse.getMessage());
    }

    byte[] crl_bytes = args[0].convertToString().getBytes();
    // Parse PEM if we ever get passed some PEM contents
    try {
      StringReader in = new StringReader(args[0].toString());
      byte[] bytes = OpenSSLReal.getFormatHandler().readPEMToDER(in);
      if (bytes != null) crl_bytes = bytes;
      in.close();
    } catch (Exception e) {
      // this is not PEM encoded, let's use the default argument
    }

    try {
      crl_v = new ASN1InputStream(new ByteArrayInputStream(crl_bytes)).readObject();
    } catch (IOException ioe) {
      throw newX509CRLError(getRuntime(), ioe.getMessage());
    }

    DEREncodable v0 = ((DERSequence) (((DERSequence) crl_v).getObjectAt(0))).getObjectAt(0);
    if (v0 instanceof DERInteger) {
      set_version(getRuntime().newFixnum(((DERInteger) v0).getValue().intValue()));
    } else {
      set_version(getRuntime().newFixnum(2));
    }
    set_last_update(RubyTime.newTime(getRuntime(), crl.getThisUpdate().getTime()));
    set_next_update(RubyTime.newTime(getRuntime(), crl.getNextUpdate().getTime()));
    RubyString name = RubyString.newString(getRuntime(), crl.getIssuerX500Principal().getEncoded());
    set_issuer(Utils.newRubyInstance(getRuntime(), "OpenSSL::X509::Name", name));

    revoked = getRuntime().newArray();

    DERSequence seqa = (DERSequence) ((DERSequence) crl_v).getObjectAt(0);
    DERObject maybe_ext = (DERObject) seqa.getObjectAt(seqa.size() - 1);
    if (maybe_ext instanceof DERTaggedObject && ((DERTaggedObject) maybe_ext).getTagNo() == 0) {
      DERSequence exts = (DERSequence) ((DERTaggedObject) maybe_ext).getObject();
      for (int i = 0; i < exts.size(); i++) {
        DERSequence seq2 = (DERSequence) exts.getObjectAt(i);
        boolean critical = false;
        String oid = ((DERObjectIdentifier) seq2.getObjectAt(0)).getId();
        if (seq2.getObjectAt(1) == DERBoolean.TRUE) {
          critical = true;
        }
        byte[] value = crl.getExtensionValue(oid);
        IRubyObject mASN1 = getRuntime().getClassFromPath("OpenSSL::ASN1");
        IRubyObject rValue = null;
        try {
          rValue =
              ASN1.decode(
                  mASN1,
                  ASN1.decode(mASN1, RubyString.newString(getRuntime(), value))
                      .callMethod(getRuntime().getCurrentContext(), "value"));
        } catch (Exception e) {
          rValue = RubyString.newString(getRuntime(), value);
        }
        X509Extensions.Extension ext1 =
            (X509Extensions.Extension)
                Utils.newRubyInstance(getRuntime(), "OpenSSL::X509::Extension");
        ext1.setRealOid(ext1.getObjectIdentifier(oid));
        ext1.setRealValue(rValue);
        ext1.setRealCritical(critical);
        add_extension(ext1);
      }
    }

    changed = false;
    return this;
  }
Example #13
0
 /**
  * Build Java CRL from base64 encoding.
  *
  * @param base64CRL base64-encoded CRL
  * @return a native Java X509 CRL
  * @throws CertificateException thrown if there is an error constructing certificate
  * @throws CRLException thrown if there is an error constructing CRL
  */
 public static java.security.cert.X509CRL buildJavaX509CRL(String base64CRL)
     throws CertificateException, CRLException {
   CertificateFactory cf = CertificateFactory.getInstance("X.509");
   ByteArrayInputStream input = new ByteArrayInputStream(Base64.decode(base64CRL));
   return (java.security.cert.X509CRL) cf.generateCRL(input);
 }