예제 #1
0
 public boolean isValid(Certificate cert) {
   try {
     cert.verify(authorityCertificate.getPublicKey());
   } catch (Exception e) {
     return false;
   }
   return !crl.isRevoked(cert);
 }
    public synchronized boolean checkCRL(X509Certificate cert) throws CertificateException {
      CRL crl = null;
      long now = System.currentTimeMillis();
      if (now - creationTime > 24 * 60 * 60 * 1000) {
        // Expire cache every 24 hours
        if (tempCRLFile != null && tempCRLFile.exists()) {
          tempCRLFile.delete();
        }
        tempCRLFile = null;
        passedTest.clear();

        /*
          Note:  if any certificate ever fails the check, we will
          remember that fact.

          This breaks with temporary "holds" that CRL's can issue.
          Apparently a certificate can have a temporary "hold" on its
          validity, but I'm not interested in supporting that.  If a "held"
          certificate is suddenly "unheld", you're just going to need
          to restart your JVM.
        */
        // failedTest.clear();  <-- DO NOT UNCOMMENT!
      }

      BigInteger fingerprint = getFingerprint(cert);
      if (failedTest.contains(fingerprint)) {
        throw new CertificateException("Revoked by CRL (cached response)");
      }
      if (passedTest.contains(fingerprint)) {
        return true;
      }

      if (tempCRLFile == null) {
        try {
          // log.info( "Trying to load CRL [" + urlString + "]" );
          URL url = new URL(urlString);
          File tempFile = File.createTempFile("crl", ".tmp");
          tempFile.deleteOnExit();

          OutputStream out = new FileOutputStream(tempFile);
          out = new BufferedOutputStream(out);
          InputStream in = new BufferedInputStream(url.openStream());
          try {
            Util.pipeStream(in, out);
          } catch (IOException ioe) {
            // better luck next time
            tempFile.delete();
            throw ioe;
          }
          this.tempCRLFile = tempFile;
          this.creationTime = System.currentTimeMillis();
        } catch (IOException ioe) {
          // log.warn( "Cannot check CRL: " + e );
        }
      }

      if (tempCRLFile != null && tempCRLFile.exists()) {
        try {
          InputStream in = new FileInputStream(tempCRLFile);
          in = new BufferedInputStream(in);
          synchronized (CF) {
            crl = CF.generateCRL(in);
          }
          in.close();
          if (crl.isRevoked(cert)) {
            // log.warn( "Revoked by CRL [" + urlString + "]: " + name );
            passedTest.remove(fingerprint);
            failedTest.add(fingerprint);
            throw new CertificateException("Revoked by CRL");
          } else {
            passedTest.add(fingerprint);
          }
        } catch (IOException ioe) {
          // couldn't load CRL that's supposed to be stored in Temp file.
          // log.warn(  );
        } catch (CRLException crle) {
          // something is wrong with the CRL
          // log.warn(  );
        }
      }
      return crl != null;
    }