예제 #1
0
  /**
   * Reads the value of the <code>CRLDistributionPoints</code> extension field of the certificate.
   *
   * @return List of CRL distribution points or null if extension is not defined.
   */
  public List<DistributionPoint> readCRLDistributionPoints() {
    final ASN1Encodable data = read(ExtensionType.CRLDistributionPoints);
    if (data == null) {
      return null;
    }

    final ASN1Sequence sequence = ASN1Sequence.getInstance(data);
    final List<DistributionPoint> list = new ArrayList<>(sequence.size());
    for (int i = 0; i < sequence.size(); i++) {
      list.add(DistributionPoint.getInstance(sequence.getObjectAt(i)));
    }
    return list;
  }
 /**
  * @return a list of URLs in String format with present freshest CRL extensions or an empty List
  */
 public static List<String> extractFreshestCrlDistributionPoints(final X509CRL crl) {
   final List<String> freshestCdpUrls = new ArrayList<String>();
   final byte[] extensionValue = crl.getExtensionValue(Extension.freshestCRL.getId());
   if (extensionValue != null) {
     final ASN1OctetString asn1OctetString =
         getAsn1ObjectFromBytes(extensionValue, ASN1OctetString.class);
     if (asn1OctetString != null) {
       final ASN1Sequence asn1Sequence =
           getAsn1ObjectFromBytes(asn1OctetString.getOctets(), ASN1Sequence.class);
       if (asn1Sequence != null) {
         final CRLDistPoint cdp = CRLDistPoint.getInstance(asn1Sequence);
         for (final DistributionPoint distributionPoint : cdp.getDistributionPoints()) {
           freshestCdpUrls.add(
               ((DERIA5String)
                       ((GeneralNames) distributionPoint.getDistributionPoint().getName())
                           .getNames()[0].getName())
                   .getString());
         }
       }
     }
   }
   return freshestCdpUrls;
 }
 /**
  * Add the CRL issuers from the cRLIssuer field of the distribution point or from the certificate
  * if not given to the issuer criterion of the <code>selector</code>.
  *
  * <p>The <code>issuerPrincipals</code> are a collection with a single <code>X500Principal</code>
  * for <code>X509Certificate</code>s. For {@link X509AttributeCertificate}s the issuer may contain
  * more than one <code>X500Principal</code>.
  *
  * @param dp The distribution point.
  * @param issuerPrincipals The issuers of the certificate or attribute certificate which contains
  *     the distribution point.
  * @param selector The CRL selector.
  * @param pkixParams The PKIX parameters containing the cert stores.
  * @throws AnnotatedException if an exception occurs while processing.
  * @throws ClassCastException if <code>issuerPrincipals</code> does not contain only <code>
  *     X500Principal</code>s.
  */
 protected static void getCRLIssuersFromDistributionPoint(
     DistributionPoint dp,
     Collection issuerPrincipals,
     X509CRLSelector selector,
     ExtendedPKIXParameters pkixParams)
     throws AnnotatedException {
   List issuers = new ArrayList();
   // indirect CRL
   if (dp.getCRLIssuer() != null) {
     GeneralName genNames[] = dp.getCRLIssuer().getNames();
     // look for a DN
     for (int j = 0; j < genNames.length; j++) {
       if (genNames[j].getTagNo() == GeneralName.directoryName) {
         try {
           issuers.add(new X500Principal(genNames[j].getName().toASN1Primitive().getEncoded()));
         } catch (IOException e) {
           throw new AnnotatedException(
               "CRL issuer information from distribution point cannot be decoded.", e);
         }
       }
     }
   } else {
     /*
      * certificate issuer is CRL issuer, distributionPoint field MUST be
      * present.
      */
     if (dp.getDistributionPoint() == null) {
       throw new AnnotatedException(
           "CRL issuer is omitted from distribution point but no distributionPoint field present.");
     }
     // add and check issuer principals
     for (Iterator it = issuerPrincipals.iterator(); it.hasNext(); ) {
       issuers.add((X500Principal) it.next());
     }
   }
   // TODO: is not found although this should correctly add the rel name. selector of Sun is buggy
   // here or PKI test case is invalid
   // distributionPoint
   //        if (dp.getDistributionPoint() != null)
   //        {
   //            // look for nameRelativeToCRLIssuer
   //            if (dp.getDistributionPoint().getType() ==
   // DistributionPointName.NAME_RELATIVE_TO_CRL_ISSUER)
   //            {
   //                // append fragment to issuer, only one
   //                // issuer can be there, if this is given
   //                if (issuers.size() != 1)
   //                {
   //                    throw new AnnotatedException(
   //                        "nameRelativeToCRLIssuer field is given but more than one CRL issuer
   // is given.");
   //                }
   //                ASN1Encodable relName = dp.getDistributionPoint().getName();
   //                Iterator it = issuers.iterator();
   //                List issuersTemp = new ArrayList(issuers.size());
   //                while (it.hasNext())
   //                {
   //                    Enumeration e = null;
   //                    try
   //                    {
   //                        e = ASN1Sequence.getInstance(
   //                            new ASN1InputStream(((X500Principal) it.next())
   //                                .getEncoded()).readObject()).getObjects();
   //                    }
   //                    catch (IOException ex)
   //                    {
   //                        throw new AnnotatedException(
   //                            "Cannot decode CRL issuer information.", ex);
   //                    }
   //                    ASN1EncodableVector v = new ASN1EncodableVector();
   //                    while (e.hasMoreElements())
   //                    {
   //                        v.add((ASN1Encodable) e.nextElement());
   //                    }
   //                    v.add(relName);
   //                    issuersTemp.add(new X500Principal(new DERSequence(v)
   //                        .getDEREncoded()));
   //                }
   //                issuers.clear();
   //                issuers.addAll(issuersTemp);
   //            }
   //        }
   Iterator it = issuers.iterator();
   while (it.hasNext()) {
     try {
       selector.addIssuerName(((X500Principal) it.next()).getEncoded());
     } catch (IOException ex) {
       throw new AnnotatedException("Cannot decode CRL issuer information.", ex);
     }
   }
 }