/**
* Reads the value of the <code>CRLDistributionPoints</code> extension field of the certificate.
*
* @return List of CRL distribution points or null if extension is not defined.
*/
public List<DistributionPoint> readCRLDistributionPoints() {
final ASN1Encodable data = read(ExtensionType.CRLDistributionPoints);
if (data == null) {
return null;
}
final ASN1Sequence sequence = ASN1Sequence.getInstance(data);
final List<DistributionPoint> list = new ArrayList<>(sequence.size());
for (int i = 0; i < sequence.size(); i++) {
list.add(DistributionPoint.getInstance(sequence.getObjectAt(i)));
}
return list;
}
/**
* @return a list of URLs in String format with present freshest CRL extensions or an empty List
*/
public static List<String> extractFreshestCrlDistributionPoints(final X509CRL crl) {
final List<String> freshestCdpUrls = new ArrayList<String>();
final byte[] extensionValue = crl.getExtensionValue(Extension.freshestCRL.getId());
if (extensionValue != null) {
final ASN1OctetString asn1OctetString =
getAsn1ObjectFromBytes(extensionValue, ASN1OctetString.class);
if (asn1OctetString != null) {
final ASN1Sequence asn1Sequence =
getAsn1ObjectFromBytes(asn1OctetString.getOctets(), ASN1Sequence.class);
if (asn1Sequence != null) {
final CRLDistPoint cdp = CRLDistPoint.getInstance(asn1Sequence);
for (final DistributionPoint distributionPoint : cdp.getDistributionPoints()) {
freshestCdpUrls.add(
((DERIA5String)
((GeneralNames) distributionPoint.getDistributionPoint().getName())
.getNames()[0].getName())
.getString());
}
}
}
}
return freshestCdpUrls;
}
/**
* Add the CRL issuers from the cRLIssuer field of the distribution point or from the certificate
* if not given to the issuer criterion of the <code>selector</code>.
*
* <p>The <code>issuerPrincipals</code> are a collection with a single <code>X500Principal</code>
* for <code>X509Certificate</code>s. For {@link X509AttributeCertificate}s the issuer may contain
* more than one <code>X500Principal</code>.
*
* @param dp The distribution point.
* @param issuerPrincipals The issuers of the certificate or attribute certificate which contains
* the distribution point.
* @param selector The CRL selector.
* @param pkixParams The PKIX parameters containing the cert stores.
* @throws AnnotatedException if an exception occurs while processing.
* @throws ClassCastException if <code>issuerPrincipals</code> does not contain only <code>
* X500Principal</code>s.
*/
protected static void getCRLIssuersFromDistributionPoint(
DistributionPoint dp,
Collection issuerPrincipals,
X509CRLSelector selector,
ExtendedPKIXParameters pkixParams)
throws AnnotatedException {
List issuers = new ArrayList();
// indirect CRL
if (dp.getCRLIssuer() != null) {
GeneralName genNames[] = dp.getCRLIssuer().getNames();
// look for a DN
for (int j = 0; j < genNames.length; j++) {
if (genNames[j].getTagNo() == GeneralName.directoryName) {
try {
issuers.add(new X500Principal(genNames[j].getName().toASN1Primitive().getEncoded()));
} catch (IOException e) {
throw new AnnotatedException(
"CRL issuer information from distribution point cannot be decoded.", e);
}
}
}
} else {
/*
* certificate issuer is CRL issuer, distributionPoint field MUST be
* present.
*/
if (dp.getDistributionPoint() == null) {
throw new AnnotatedException(
"CRL issuer is omitted from distribution point but no distributionPoint field present.");
}
// add and check issuer principals
for (Iterator it = issuerPrincipals.iterator(); it.hasNext(); ) {
issuers.add((X500Principal) it.next());
}
}
// TODO: is not found although this should correctly add the rel name. selector of Sun is buggy
// here or PKI test case is invalid
// distributionPoint
// if (dp.getDistributionPoint() != null)
// {
// // look for nameRelativeToCRLIssuer
// if (dp.getDistributionPoint().getType() ==
// DistributionPointName.NAME_RELATIVE_TO_CRL_ISSUER)
// {
// // append fragment to issuer, only one
// // issuer can be there, if this is given
// if (issuers.size() != 1)
// {
// throw new AnnotatedException(
// "nameRelativeToCRLIssuer field is given but more than one CRL issuer
// is given.");
// }
// ASN1Encodable relName = dp.getDistributionPoint().getName();
// Iterator it = issuers.iterator();
// List issuersTemp = new ArrayList(issuers.size());
// while (it.hasNext())
// {
// Enumeration e = null;
// try
// {
// e = ASN1Sequence.getInstance(
// new ASN1InputStream(((X500Principal) it.next())
// .getEncoded()).readObject()).getObjects();
// }
// catch (IOException ex)
// {
// throw new AnnotatedException(
// "Cannot decode CRL issuer information.", ex);
// }
// ASN1EncodableVector v = new ASN1EncodableVector();
// while (e.hasMoreElements())
// {
// v.add((ASN1Encodable) e.nextElement());
// }
// v.add(relName);
// issuersTemp.add(new X500Principal(new DERSequence(v)
// .getDEREncoded()));
// }
// issuers.clear();
// issuers.addAll(issuersTemp);
// }
// }
Iterator it = issuers.iterator();
while (it.hasNext()) {
try {
selector.addIssuerName(((X500Principal) it.next()).getEncoded());
} catch (IOException ex) {
throw new AnnotatedException("Cannot decode CRL issuer information.", ex);
}
}
}