protected static void addAdditionalStoresFromCRLDistributionPoint(
     CRLDistPoint crldp, ExtendedPKIXParameters pkixParams) throws AnnotatedException {
   if (crldp != null) {
     DistributionPoint dps[] = null;
     try {
       dps = crldp.getDistributionPoints();
     } catch (Exception e) {
       throw new AnnotatedException("Distribution points could not be read.", e);
     }
     for (int i = 0; i < dps.length; i++) {
       DistributionPointName dpn = dps[i].getDistributionPoint();
       // look for URIs in fullName
       if (dpn != null) {
         if (dpn.getType() == DistributionPointName.FULL_NAME) {
           GeneralName[] genNames = GeneralNames.getInstance(dpn.getName()).getNames();
           // look for an URI
           for (int j = 0; j < genNames.length; j++) {
             if (genNames[j].getTagNo() == GeneralName.uniformResourceIdentifier) {
               String location = DERIA5String.getInstance(genNames[j].getName()).getString();
               CertPathValidatorUtilities.addAdditionalStoreFromLocation(location, pkixParams);
             }
           }
         }
       }
     }
   }
 }
예제 #2
0
  /**
   * Checks whether the given certificate is on this CRL.
   *
   * @param cert the certificate to check for.
   * @return true if the given certificate is on this CRL, false otherwise.
   */
  public boolean isRevoked(Certificate cert) {
    if (!cert.getType().equals("X.509")) {
      throw new RuntimeException("X.509 CRL used with non X.509 Cert");
    }

    TBSCertList.CRLEntry[] certs = c.getRevokedCertificates();

    X500Name caName = c.getIssuer();

    if (certs != null) {
      BigInteger serial = ((X509Certificate) cert).getSerialNumber();

      for (int i = 0; i < certs.length; i++) {
        if (isIndirect && certs[i].hasExtensions()) {
          Extension currentCaName =
              certs[i].getExtensions().getExtension(Extension.certificateIssuer);

          if (currentCaName != null) {
            caName =
                X500Name.getInstance(
                    GeneralNames.getInstance(currentCaName.getParsedValue())
                        .getNames()[0]
                        .getName());
          }
        }

        if (certs[i].getUserCertificate().getValue().equals(serial)) {
          X500Name issuer;

          try {
            issuer =
                org.bouncycastle.asn1.x509.Certificate.getInstance(cert.getEncoded()).getIssuer();
          } catch (CertificateEncodingException e) {
            throw new RuntimeException("Cannot process certificate");
          }

          if (!caName.equals(issuer)) {
            return false;
          }

          return true;
        }
      }
    }

    return false;
  }
예제 #3
0
  private Set loadCRLEntries() {
    Set entrySet = new HashSet();
    Enumeration certs = c.getRevokedCertificateEnumeration();

    X500Name previousCertificateIssuer = c.getIssuer();
    while (certs.hasMoreElements()) {
      TBSCertList.CRLEntry entry = (TBSCertList.CRLEntry) certs.nextElement();
      X509CRLEntryObject crlEntry =
          new X509CRLEntryObject(entry, isIndirect, previousCertificateIssuer);
      entrySet.add(crlEntry);
      if (isIndirect && entry.hasExtensions()) {
        Extension currentCaName = entry.getExtensions().getExtension(Extension.certificateIssuer);

        if (currentCaName != null) {
          previousCertificateIssuer =
              X500Name.getInstance(
                  GeneralNames.getInstance(currentCaName.getParsedValue()).getNames()[0].getName());
        }
      }
    }

    return entrySet;
  }
예제 #4
0
  public X509CRLEntry getRevokedCertificate(BigInteger serialNumber) {
    Enumeration certs = c.getRevokedCertificateEnumeration();

    X500Name previousCertificateIssuer = c.getIssuer();
    while (certs.hasMoreElements()) {
      TBSCertList.CRLEntry entry = (TBSCertList.CRLEntry) certs.nextElement();

      if (serialNumber.equals(entry.getUserCertificate().getValue())) {
        return new X509CRLEntryObject(entry, isIndirect, previousCertificateIssuer);
      }

      if (isIndirect && entry.hasExtensions()) {
        Extension currentCaName = entry.getExtensions().getExtension(Extension.certificateIssuer);

        if (currentCaName != null) {
          previousCertificateIssuer =
              X500Name.getInstance(
                  GeneralNames.getInstance(currentCaName.getParsedValue()).getNames()[0].getName());
        }
      }
    }

    return null;
  }
예제 #5
0
 /**
  * Reads the value of the SubjectAlternativeName extension field of the certificate.
  *
  * @return Collection of subject alternative names or null if the certificate does not define this
  *     extension field. Note that an empty collection of names is different from a null return
  *     value; in the former case the field is defined but empty, whereas in the latter the field
  *     is not defined on the certificate.
  */
 public GeneralNames readSubjectAlternativeName() {
   return GeneralNames.getInstance(read(ExtensionType.SubjectAlternativeName));
 }
예제 #6
0
 /**
  * Reads the value of the <code>IssuerAlternativeName</code> extension field of the certificate.
  *
  * @return Collection of issuer alternative names or null if the certificate does not define this
  *     extension field. Note that an empty collection of names is different from a null return
  *     value; in the former case the field is defined but empty, whereas in the latter the field
  *     is not defined on the certificate.
  */
 public GeneralNames readIssuerAlternativeName() {
   return GeneralNames.getInstance(read(ExtensionType.IssuerAlternativeName));
 }