コード例 #1
0
 protected static void addAdditionalStoresFromCRLDistributionPoint(
     CRLDistPoint crldp, ExtendedPKIXParameters pkixParams) throws AnnotatedException {
   if (crldp != null) {
     DistributionPoint dps[] = null;
     try {
       dps = crldp.getDistributionPoints();
     } catch (Exception e) {
       throw new AnnotatedException("Distribution points could not be read.", e);
     }
     for (int i = 0; i < dps.length; i++) {
       DistributionPointName dpn = dps[i].getDistributionPoint();
       // look for URIs in fullName
       if (dpn != null) {
         if (dpn.getType() == DistributionPointName.FULL_NAME) {
           GeneralName[] genNames = GeneralNames.getInstance(dpn.getName()).getNames();
           // look for an URI
           for (int j = 0; j < genNames.length; j++) {
             if (genNames[j].getTagNo() == GeneralName.uniformResourceIdentifier) {
               String location = DERIA5String.getInstance(genNames[j].getName()).getString();
               CertPathValidatorUtilities.addAdditionalStoreFromLocation(location, pkixParams);
             }
           }
         }
       }
     }
   }
 }
コード例 #2
0
  /** Tests the extension CRL Distribution Point on CRLs */
  @Test
  public void testCRLDistPointOnCRL() throws Exception {
    final String cdpURL = "http://www.ejbca.org/foo/bar.crl";
    X509CAInfo cainfo = (X509CAInfo) testx509ca.getCAInfo();
    X509CRL x509crl;
    byte[] cdpDER;

    cainfo.setUseCrlDistributionPointOnCrl(true);
    cainfo.setDefaultCRLDistPoint(cdpURL);
    caSession.editCA(roleMgmgToken, cainfo);
    publishingCrlSessionRemote.forceCRL(roleMgmgToken, testx509ca.getCAId());
    x509crl =
        CertTools.getCRLfromByteArray(crlStoreSession.getLastCRL(cainfo.getSubjectDN(), false));
    cdpDER = x509crl.getExtensionValue(Extension.issuingDistributionPoint.getId());
    assertNotNull("CRL has no distribution points", cdpDER);

    ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(cdpDER));
    ASN1OctetString octs = (ASN1OctetString) aIn.readObject();
    aIn = new ASN1InputStream(new ByteArrayInputStream(octs.getOctets()));
    IssuingDistributionPoint cdp =
        IssuingDistributionPoint.getInstance((ASN1Sequence) aIn.readObject());
    DistributionPointName distpoint = cdp.getDistributionPoint();

    assertEquals(
        "CRL distribution point is different",
        cdpURL,
        ((DERIA5String) ((GeneralNames) distpoint.getName()).getNames()[0].getName()).getString());

    cainfo.setUseCrlDistributionPointOnCrl(false);
    cainfo.setDefaultCRLDistPoint("");
    caSession.editCA(roleMgmgToken, cainfo);
    publishingCrlSessionRemote.forceCRL(roleMgmgToken, testx509ca.getCAId());
    x509crl =
        CertTools.getCRLfromByteArray(crlStoreSession.getLastCRL(cainfo.getSubjectDN(), false));
    assertNull(
        "CRL has distribution points",
        x509crl.getExtensionValue(Extension.cRLDistributionPoints.getId()));
  }