protected static void addAdditionalStoresFromCRLDistributionPoint(
CRLDistPoint crldp, ExtendedPKIXParameters pkixParams) throws AnnotatedException {
if (crldp != null) {
DistributionPoint dps[] = null;
try {
dps = crldp.getDistributionPoints();
} catch (Exception e) {
throw new AnnotatedException("Distribution points could not be read.", e);
}
for (int i = 0; i < dps.length; i++) {
DistributionPointName dpn = dps[i].getDistributionPoint();
// look for URIs in fullName
if (dpn != null) {
if (dpn.getType() == DistributionPointName.FULL_NAME) {
GeneralName[] genNames = GeneralNames.getInstance(dpn.getName()).getNames();
// look for an URI
for (int j = 0; j < genNames.length; j++) {
if (genNames[j].getTagNo() == GeneralName.uniformResourceIdentifier) {
String location = DERIA5String.getInstance(genNames[j].getName()).getString();
CertPathValidatorUtilities.addAdditionalStoreFromLocation(location, pkixParams);
}
}
}
}
}
}
}
/**
* Checks whether the given certificate is on this CRL.
*
* @param cert the certificate to check for.
* @return true if the given certificate is on this CRL, false otherwise.
*/
public boolean isRevoked(Certificate cert) {
if (!cert.getType().equals("X.509")) {
throw new RuntimeException("X.509 CRL used with non X.509 Cert");
}
TBSCertList.CRLEntry[] certs = c.getRevokedCertificates();
X500Name caName = c.getIssuer();
if (certs != null) {
BigInteger serial = ((X509Certificate) cert).getSerialNumber();
for (int i = 0; i < certs.length; i++) {
if (isIndirect && certs[i].hasExtensions()) {
Extension currentCaName =
certs[i].getExtensions().getExtension(Extension.certificateIssuer);
if (currentCaName != null) {
caName =
X500Name.getInstance(
GeneralNames.getInstance(currentCaName.getParsedValue())
.getNames()[0]
.getName());
}
}
if (certs[i].getUserCertificate().getValue().equals(serial)) {
X500Name issuer;
try {
issuer =
org.bouncycastle.asn1.x509.Certificate.getInstance(cert.getEncoded()).getIssuer();
} catch (CertificateEncodingException e) {
throw new RuntimeException("Cannot process certificate");
}
if (!caName.equals(issuer)) {
return false;
}
return true;
}
}
}
return false;
}
private Set loadCRLEntries() {
Set entrySet = new HashSet();
Enumeration certs = c.getRevokedCertificateEnumeration();
X500Name previousCertificateIssuer = c.getIssuer();
while (certs.hasMoreElements()) {
TBSCertList.CRLEntry entry = (TBSCertList.CRLEntry) certs.nextElement();
X509CRLEntryObject crlEntry =
new X509CRLEntryObject(entry, isIndirect, previousCertificateIssuer);
entrySet.add(crlEntry);
if (isIndirect && entry.hasExtensions()) {
Extension currentCaName = entry.getExtensions().getExtension(Extension.certificateIssuer);
if (currentCaName != null) {
previousCertificateIssuer =
X500Name.getInstance(
GeneralNames.getInstance(currentCaName.getParsedValue()).getNames()[0].getName());
}
}
}
return entrySet;
}
public X509CRLEntry getRevokedCertificate(BigInteger serialNumber) {
Enumeration certs = c.getRevokedCertificateEnumeration();
X500Name previousCertificateIssuer = c.getIssuer();
while (certs.hasMoreElements()) {
TBSCertList.CRLEntry entry = (TBSCertList.CRLEntry) certs.nextElement();
if (serialNumber.equals(entry.getUserCertificate().getValue())) {
return new X509CRLEntryObject(entry, isIndirect, previousCertificateIssuer);
}
if (isIndirect && entry.hasExtensions()) {
Extension currentCaName = entry.getExtensions().getExtension(Extension.certificateIssuer);
if (currentCaName != null) {
previousCertificateIssuer =
X500Name.getInstance(
GeneralNames.getInstance(currentCaName.getParsedValue()).getNames()[0].getName());
}
}
}
return null;
}
/**
* Reads the value of the SubjectAlternativeName extension field of the certificate.
*
* @return Collection of subject alternative names or null if the certificate does not define this
* extension field. Note that an empty collection of names is different from a null return
* value; in the former case the field is defined but empty, whereas in the latter the field
* is not defined on the certificate.
*/
public GeneralNames readSubjectAlternativeName() {
return GeneralNames.getInstance(read(ExtensionType.SubjectAlternativeName));
}
/**
* Reads the value of the <code>IssuerAlternativeName</code> extension field of the certificate.
*
* @return Collection of issuer alternative names or null if the certificate does not define this
* extension field. Note that an empty collection of names is different from a null return
* value; in the former case the field is defined but empty, whereas in the latter the field
* is not defined on the certificate.
*/
public GeneralNames readIssuerAlternativeName() {
return GeneralNames.getInstance(read(ExtensionType.IssuerAlternativeName));
}