Examples of java.security.cert.X509CRL

java.security.cert.X509CRL

etf.org/rfc/rfc3280.txt">RFC 3280: Internet X.509 Public Key Infrastructure Certificate and CRL Profile.

The ASN.1 definition of {@code tbsCertList} is:

 TBSCertList  ::=  SEQUENCE  { version                 Version OPTIONAL, -- if present, must be v2 signature               AlgorithmIdentifier, issuer                  Name, thisUpdate              ChoiceOfTime, nextUpdate              ChoiceOfTime OPTIONAL, revokedCertificates     SEQUENCE OF SEQUENCE  { userCertificate         CertificateSerialNumber, revocationDate          ChoiceOfTime, crlEntryExtensions      Extensions OPTIONAL -- if present, must be v2 }  OPTIONAL, crlExtensions           [0]  EXPLICIT Extensions OPTIONAL -- if present, must be v2 }

CRLs are instantiated using a certificate factory. The following is an example of how to instantiate an X.509 CRL:

 {@code}try (InputStream inStream = new FileInputStream("fileName-of-crl"))  CertificateFactory cf = CertificateFactory.getInstance("X.509"); X509CRL crl = (X509CRL)cf.generateCRL(inStream); } }

@author Hemma Prafullchandra @see CRL @see CertificateFactory @see X509Extension

    public void directCRLTest()
        throws Exception
    {
        CertificateFactory cf = CertificateFactory.getInstance("X.509", "BC");
        ByteArrayInputStream in = new ByteArrayInputStream(directCRL);
        X509CRL crl = (X509CRL) cf.generateCRL(in);
        Set set = crl.getRevokedCertificates();
        Iterator it = set.iterator();
        while (it.hasNext())
        {
            if (((X509CRLEntry)it.next()).getCertificateIssuer() != null)
            {

View Full Code Here

                .generateCertificate(new ByteArrayInputStream(
                        CertPathTest.interCertBin));
        X509Certificate finalCert = (X509Certificate)cf
                .generateCertificate(new ByteArrayInputStream(
                        CertPathTest.finalCertBin));
        X509CRL rootCrl = (X509CRL)cf.generateCRL(new ByteArrayInputStream(
                CertPathTest.rootCrlBin));
        X509CRL interCrl = (X509CRL)cf
                .generateCRL(new ByteArrayInputStream(
                        CertPathTest.interCrlBin));


        // Testing CollectionCertStore generation from List
        List certList = new ArrayList();

View Full Code Here

        parser = X509StreamParser.getInstance("CRL", "BC");


        parser.init(new ByteArrayInputStream(CertPathTest.rootCrlBin));




        X509CRL rootCrl = (X509CRL)parser.read();


        parser = X509StreamParser.getInstance("AttributeCertificate", "BC");


        parser.init(new ByteArrayInputStream(attrCert));

View Full Code Here

                .generateCertificate(new ByteArrayInputStream(
                        CertPathTest.interCertBin));
        X509Certificate finalCert = (X509Certificate)cf
                .generateCertificate(new ByteArrayInputStream(
                        CertPathTest.finalCertBin));
        X509CRL rootCrl = (X509CRL)cf.generateCRL(new ByteArrayInputStream(
                CertPathTest.rootCrlBin));
        X509CRL interCrl = (X509CRL)cf
                .generateCRL(new ByteArrayInputStream(
                        CertPathTest.interCrlBin));


        // Testing CollectionCertStore generation from List
        List list = new ArrayList();

View Full Code Here

        if (!certs.next().equals(rootCert))
        {
            fail("reverse root ordering wrong");
        }


        X509CRL rootCrl = (X509CRL)cf.generateCRL(new ByteArrayInputStream(
                CertPathTest.rootCrlBin));
        X509CRL interCrl = (X509CRL)cf
                .generateCRL(new ByteArrayInputStream(
                        CertPathTest.interCrlBin));


        list = new ArrayList();
        list.add(finalCert);

View Full Code Here

                .generateCertificate(new ByteArrayInputStream(
                        CertPathTest.interCertBin));
        X509Certificate finalCert = (X509Certificate)cf
                .generateCertificate(new ByteArrayInputStream(
                        CertPathTest.finalCertBin));
        X509CRL rootCrl = (X509CRL)cf.generateCRL(new ByteArrayInputStream(
                CertPathTest.rootCrlBin));
        X509CRL interCrl = (X509CRL)cf
                .generateCRL(new ByteArrayInputStream(
                        CertPathTest.interCrlBin));


        // Testing CollectionCertStore generation from List
        List list = new ArrayList();

View Full Code Here


            // initialise CertStore
        X509Certificate rootCert = (X509Certificate)cf.generateCertificate(new ByteArrayInputStream(CertPathTest.rootCertBin));
        X509Certificate interCert = (X509Certificate)cf.generateCertificate(new ByteArrayInputStream(CertPathTest.interCertBin));
        X509Certificate finalCert = (X509Certificate)cf.generateCertificate(new ByteArrayInputStream(CertPathTest.finalCertBin));
        X509CRL rootCrl = (X509CRL)cf.generateCRL(new ByteArrayInputStream(CertPathTest.rootCrlBin));
        X509CRL interCrl = (X509CRL)cf.generateCRL(new ByteArrayInputStream(CertPathTest.interCrlBin));
        List list = new ArrayList();
        list.add(rootCert);
        list.add(interCert);
        list.add(finalCert);
        list.add(rootCrl);

View Full Code Here

        
        crlGen.addCRLEntry(BigInteger.ONE, now, CRLReason.privilegeWithdrawn);
        
        crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(pair.getPublic()));
        
        X509CRL    crl = crlGen.generate(pair.getPrivate(), "BC");
        
        if (!crl.getIssuerX500Principal().equals(new X500Principal("CN=Test CA")))
        {
            fail("failed CRL issuer test");
        }
        
        byte[] authExt = crl.getExtensionValue(X509Extensions.AuthorityKeyIdentifier.getId());
        
        if (authExt == null)
        {
            fail("failed to find CRL extension");
        }
        
        AuthorityKeyIdentifier authId = new AuthorityKeyIdentifierStructure(authExt);
        
        X509CRLEntry entry = crl.getRevokedCertificate(BigInteger.ONE);
        
        if (entry == null)
        {
            fail("failed to find CRL entry");
        }

View Full Code Here

        
        crlGen.addCRLEntry(BigInteger.ONE, now, entryExtensions);
        
        crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(pair.getPublic()));
        
        X509CRL    crl = crlGen.generate(pair.getPrivate(), "BC");
        
        if (!crl.getIssuerX500Principal().equals(new X500Principal("CN=Test CA")))
        {
            fail("failed CRL issuer test");
        }
        
        byte[] authExt = crl.getExtensionValue(X509Extensions.AuthorityKeyIdentifier.getId());
        
        if (authExt == null)
        {
            fail("failed to find CRL extension");
        }
        
        AuthorityKeyIdentifier authId = new AuthorityKeyIdentifierStructure(authExt);
        
        X509CRLEntry entry = crl.getRevokedCertificate(BigInteger.ONE);
        
        if (entry == null)
        {
            fail("failed to find CRL entry");
        }

View Full Code Here

        
        crlGen.addCRLEntry(BigInteger.ONE, now, entryExtensions);
        
        crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(pair.getPublic()));
        
        X509CRL    crl = crlGen.generate(pair.getPrivate(), "BC");
        
        if (!crl.getIssuerX500Principal().equals(new X500Principal("CN=Test CA")))
        {
            fail("failed CRL issuer test");
        }
        
        byte[] authExt = crl.getExtensionValue(X509Extensions.AuthorityKeyIdentifier.getId());
        
        if (authExt == null)
        {
            fail("failed to find CRL extension");
        }
        
        AuthorityKeyIdentifier authId = new AuthorityKeyIdentifierStructure(authExt);
        
        X509CRLEntry entry = crl.getRevokedCertificate(BigInteger.ONE);
        
        if (entry == null)
        {
            fail("failed to find CRL entry");
        }
        
        if (!entry.getSerialNumber().equals(BigInteger.ONE))
        {
            fail("CRL cert serial number does not match");
        }
        
        if (!entry.hasExtensions())
        {
            fail("CRL entry extension not found");
        }
    
        byte[]  ext = entry.getExtensionValue(X509Extensions.ReasonCode.getId());
    
        if (ext != null)
        {
            DEREnumerated   reasonCode = (DEREnumerated)X509ExtensionUtil.fromExtensionValue(ext);
                                                                       
            if (reasonCode.getValue().intValue() != CRLReason.privilegeWithdrawn)
            {
                fail("CRL entry reasonCode wrong");
            }
        }
        else
        {
            fail("CRL entry reasonCode not found");
        }
        
        //
        // check loading of existing CRL
        //
        crlGen = new X509V2CRLGenerator();
        now = new Date();
        
        crlGen.setIssuerDN(new X500Principal("CN=Test CA"));
        
        crlGen.setThisUpdate(now);
        crlGen.setNextUpdate(new Date(now.getTime() + 100000));
        crlGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
        
        crlGen.addCRL(crl);
        
        crlGen.addCRLEntry(BigInteger.valueOf(2), now, entryExtensions);
        
        crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(pair.getPublic()));
        
        X509CRL    newCrl = crlGen.generate(pair.getPrivate(), "BC");
        
        int     count = 0;
        boolean oneFound = false;
        boolean twoFound = false;
        
        Iterator it = newCrl.getRevokedCertificates().iterator();
        while (it.hasNext())
        {
            X509CRLEntry crlEnt = (X509CRLEntry)it.next();


            if (crlEnt.getSerialNumber().intValue() == 1)
            {
                oneFound = true;
            }
            else if (crlEnt.getSerialNumber().intValue() == 2)
            {
                twoFound = true;
            }
            
            count++;
        }
        
        if (count != 2)
        {
            fail("wrong number of CRLs found");
        }


        if (!oneFound || !twoFound)
        {
            fail("wrong CRLs found in copied list");
        }


        //
        // check factory read back
        //
        CertificateFactory cFact = CertificateFactory.getInstance("X.509", "BC");


        X509CRL readCrl = (X509CRL)cFact.generateCRL(new ByteArrayInputStream(newCrl.getEncoded()));


        if (readCrl == null)
        {
            fail("crl not returned!");
        }

View Full Code Here

0 1 2 3 4 5 6 7 8 9

TOP

Related Classes of java.security.cert.X509CRL

br.net.woodstock.rockframework.security.cert.impl.BouncyCastleCRLGenerator

br.net.woodstock.rockframework.security.cert.impl.CRLCertificateValidator

br.net.woodstock.rockframework.security.cert.impl.CRLCertificateVerifier

CertUtils

com.gitblit.GitblitTrustManager

com.gitblit.utils.X509Utils

com.itextpdf.text.pdf.PdfPKCS7

com.itextpdf.text.pdf.security.LtvVerifier

com.itextpdf.text.pdf.security.PdfPKCS7

de.innovationgate.webgate.api.WGDatabase

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.