protected static void addAdditionalStoresFromCRLDistributionPoint( CRLDistPoint crldp, ExtendedPKIXParameters pkixParams) throws AnnotatedException { if (crldp != null) { DistributionPoint dps[] = null; try { dps = crldp.getDistributionPoints(); } catch (Exception e) { throw new AnnotatedException("Distribution points could not be read.", e); } for (int i = 0; i < dps.length; i++) { DistributionPointName dpn = dps[i].getDistributionPoint(); // look for URIs in fullName if (dpn != null) { if (dpn.getType() == DistributionPointName.FULL_NAME) { GeneralName[] genNames = GeneralNames.getInstance(dpn.getName()).getNames(); // look for an URI for (int j = 0; j < genNames.length; j++) { if (genNames[j].getTagNo() == GeneralName.uniformResourceIdentifier) { String location = DERIA5String.getInstance(genNames[j].getName()).getString(); CertPathValidatorUtilities.addAdditionalStoreFromLocation(location, pkixParams); } } } } } } }
/** Tests the extension CRL Distribution Point on CRLs */ @Test public void testCRLDistPointOnCRL() throws Exception { final String cdpURL = "http://www.ejbca.org/foo/bar.crl"; X509CAInfo cainfo = (X509CAInfo) testx509ca.getCAInfo(); X509CRL x509crl; byte[] cdpDER; cainfo.setUseCrlDistributionPointOnCrl(true); cainfo.setDefaultCRLDistPoint(cdpURL); caSession.editCA(roleMgmgToken, cainfo); publishingCrlSessionRemote.forceCRL(roleMgmgToken, testx509ca.getCAId()); x509crl = CertTools.getCRLfromByteArray(crlStoreSession.getLastCRL(cainfo.getSubjectDN(), false)); cdpDER = x509crl.getExtensionValue(Extension.issuingDistributionPoint.getId()); assertNotNull("CRL has no distribution points", cdpDER); ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(cdpDER)); ASN1OctetString octs = (ASN1OctetString) aIn.readObject(); aIn = new ASN1InputStream(new ByteArrayInputStream(octs.getOctets())); IssuingDistributionPoint cdp = IssuingDistributionPoint.getInstance((ASN1Sequence) aIn.readObject()); DistributionPointName distpoint = cdp.getDistributionPoint(); assertEquals( "CRL distribution point is different", cdpURL, ((DERIA5String) ((GeneralNames) distpoint.getName()).getNames()[0].getName()).getString()); cainfo.setUseCrlDistributionPointOnCrl(false); cainfo.setDefaultCRLDistPoint(""); caSession.editCA(roleMgmgToken, cainfo); publishingCrlSessionRemote.forceCRL(roleMgmgToken, testx509ca.getCAId()); x509crl = CertTools.getCRLfromByteArray(crlStoreSession.getLastCRL(cainfo.getSubjectDN(), false)); assertNull( "CRL has distribution points", x509crl.getExtensionValue(Extension.cRLDistributionPoints.getId())); }