Java 类java.security.cert.X509CRL 实例源码
项目:springboot-shiro-cas-mybatis
文件:CRLDistributionPointRevocationCheckerTests.java
/**
* Creates a new test instance with given parameters.
*
* @param checker Revocation checker instance.
* @param expiredCRLPolicy Policy instance for handling expired CRL data.
* @param certFiles File names of certificates to check.
* @param crlFile File name of CRL file to serve out.
* @param expected Expected result of check; null to indicate expected success.
*/
public CRLDistributionPointRevocationCheckerTests(
final CRLDistributionPointRevocationChecker checker,
final RevocationPolicy<X509CRL> expiredCRLPolicy,
final String[] certFiles,
final String crlFile,
final GeneralSecurityException expected) throws Exception {
super(certFiles, expected);
final File file = new File(System.getProperty("java.io.tmpdir"), "ca.crl");
if (file.exists()) {
file.delete();
}
final OutputStream out = new FileOutputStream(file);
IOUtils.copy(new ClassPathResource(crlFile).getInputStream(), out);
this.checker = checker;
this.checker.setExpiredCRLPolicy(expiredCRLPolicy);
this.webServer = new MockWebServer(8085, new FileSystemResource(file), "text/plain");
logger.debug("Web server listening on port 8085 serving file {}", crlFile);
}
项目:springboot-shiro-cas-mybatis
文件:CRLDistributionPointRevocationChecker.java
@Override
protected boolean addCRL(final Object id, final X509CRL crl) {
try {
if (crl == null) {
logger.debug("No CRL was passed. Removing {} from cache...", id);
return this.crlCache.remove(id);
}
this.crlCache.put(new Element(id, crl.getEncoded()));
return this.crlCache.get(id) != null;
} catch (final Exception e) {
logger.warn("Failed to add the crl entry [{}] to the cache", crl);
throw new RuntimeException(e);
}
}
项目:BiglyBT
文件:PrincipalUtil.java
/**
* return the issuer of the given CRL as an X509PrincipalObject.
*/
public static X509Principal getIssuerX509Principal(
X509CRL crl)
throws CRLException
{
try
{
ByteArrayInputStream bIn = new ByteArrayInputStream(
crl.getTBSCertList());
ASN1InputStream aIn = new ASN1InputStream(bIn);
TBSCertList tbsCertList = new TBSCertList(
(ASN1Sequence)aIn.readObject());
return new X509Principal(tbsCertList.getIssuer());
}
catch (IOException e)
{
throw new CRLException(e.toString());
}
}
项目:springboot-shiro-cas-mybatis
文件:CRLDistributionPointRevocationCheckerTests.java
/**
* Creates a new test instance with given parameters.
*
* @param checker Revocation checker instance.
* @param expiredCRLPolicy Policy instance for handling expired CRL data.
* @param certFiles File names of certificates to check.
* @param crlFile File name of CRL file to serve out.
* @param expected Expected result of check; null to indicate expected success.
*/
public CRLDistributionPointRevocationCheckerTests(
final CRLDistributionPointRevocationChecker checker,
final RevocationPolicy<X509CRL> expiredCRLPolicy,
final String[] certFiles,
final String crlFile,
final GeneralSecurityException expected) throws Exception {
super(certFiles, expected);
final File file = new File(System.getProperty("java.io.tmpdir"), "ca.crl");
if (file.exists()) {
file.delete();
}
final OutputStream out = new FileOutputStream(file);
IOUtils.copy(new ClassPathResource(crlFile).getInputStream(), out);
this.checker = checker;
this.checker.setExpiredCRLPolicy(expiredCRLPolicy);
this.checker.init();
this.webServer = new MockWebServer(8085, new FileSystemResource(file), "text/plain");
logger.debug("Web server listening on port 8085 serving file {}", crlFile);
}
项目:springboot-shiro-cas-mybatis
文件:ResourceCRLRevocationCheckerTests.java
/**
* Creates a new test instance with given parameters.
*
* @param checker Revocation checker instance.
* @param expiredCRLPolicy Policy instance for handling expired CRL data.
* @param certFiles File names of certificates to check.
* @param expected Expected result of check; null to indicate expected success.
*/
public ResourceCRLRevocationCheckerTests(
final ResourceCRLRevocationChecker checker,
final RevocationPolicy<X509CRL> expiredCRLPolicy,
final String[] certFiles,
final GeneralSecurityException expected) {
super(certFiles, expected);
this.checker = checker;
this.checker.setExpiredCRLPolicy(expiredCRLPolicy);
try {
this.checker.init();
} catch (final Exception e) {
throw new RuntimeException("ResourceCRLRevocationChecker initialization failed", e);
}
}
项目:openjdk-jdk10
文件:Main.java
private void printCRL(CRL crl, PrintStream out)
throws Exception {
X509CRL xcrl = (X509CRL)crl;
if (rfc) {
out.println("-----BEGIN X509 CRL-----");
out.println(Base64.getMimeEncoder(64, CRLF).encodeToString(xcrl.getEncoded()));
out.println("-----END X509 CRL-----");
} else {
String s;
if (crl instanceof X509CRLImpl) {
X509CRLImpl x509crl = (X509CRLImpl) crl;
s = x509crl.toStringWithAlgName(withWeak("" + x509crl.getSigAlgId()));
} else {
s = crl.toString();
}
out.println(s);
}
}
项目:cas-server-4.2.1
文件:ResourceCRLFetcher.java
@Override
public X509CRL fetch(final Object crl) throws Exception {
final Set<X509CRL> results = fetch(Collections.singleton(crl));
if (!results.isEmpty()) {
return results.iterator().next();
}
logger.warn("Unable to fetch {}", crl);
return null;
}
项目:cas-server-4.2.1
文件:ThresholdExpiredCRLRevocationPolicy.java
/**
* {@inheritDoc}
* The CRL next update time is compared against the current time with the threshold
* applied and rejected if and only if the next update time is in the past.
*
* @param crl CRL instance to evaluate.
*
* @throws GeneralSecurityException On expired CRL data. Check the exception type for exact details
*
* @see org.jasig.cas.adaptors.x509.authentication.handler.support.RevocationPolicy#apply(java.lang.Object)
*/
@Override
public void apply(final X509CRL crl) throws GeneralSecurityException {
final Calendar cutoff = Calendar.getInstance();
if (CertUtils.isExpired(crl, cutoff.getTime())) {
cutoff.add(Calendar.SECOND, -this.threshold);
if (CertUtils.isExpired(crl, cutoff.getTime())) {
throw new ExpiredCRLException(crl.toString(), cutoff.getTime(), this.threshold);
}
logger.info(String.format("CRL expired on %s but is within threshold period, %s seconds.",
crl.getNextUpdate(), this.threshold));
}
}
项目:springboot-shiro-cas-mybatis
文件:ThresholdExpiredCRLRevocationPolicyTests.java
/**
* Creates a new test instance with given parameters.
*
* @param policy Policy to test.
* @param crl CRL instance to apply policy to.
* @param expected Expected result of policy application; null to indicate expected success.
*/
public ThresholdExpiredCRLRevocationPolicyTests(
final ThresholdExpiredCRLRevocationPolicy policy,
final X509CRL crl,
final GeneralSecurityException expected) {
this.policy = policy;
this.expected = expected;
this.crl = crl;
}
项目:springboot-shiro-cas-mybatis
文件:ResourceCRLRevocationCheckerTests.java
/**
* Creates a new test instance with given parameters.
*
* @param checker Revocation checker instance.
* @param expiredCRLPolicy Policy instance for handling expired CRL data.
* @param certFiles File names of certificates to check.
* @param expected Expected result of check; null to indicate expected success.
*/
public ResourceCRLRevocationCheckerTests(
final ResourceCRLRevocationChecker checker,
final RevocationPolicy<X509CRL> expiredCRLPolicy,
final String[] certFiles,
final GeneralSecurityException expected) {
super(certFiles, expected);
this.checker = checker;
this.checker.setExpiredCRLPolicy(expiredCRLPolicy);
try {
this.checker.afterPropertiesSet();
} catch (final Exception e) {
throw new RuntimeException("ResourceCRLRevocationChecker initialization failed", e);
}
}
项目:cas-5.1.0
文件:CRLDistributionPointRevocationChecker.java
@Override
protected boolean addCRL(final Object id, final X509CRL crl) {
try {
if (crl == null) {
LOGGER.debug("No CRL was passed. Removing [{}] from cache...", id);
return this.crlCache.remove(id);
}
this.crlCache.put(new Element(id, crl.getEncoded()));
return this.crlCache.get(id) != null;
} catch (final Exception e) {
LOGGER.warn("Failed to add the crl entry [{}] to the cache", crl);
throw Throwables.propagate(e);
}
}
项目:cas-server-4.2.1
文件:ResourceCRLRevocationCheckerTests.java
/**
* Creates a new test instance with given parameters.
*
* @param checker Revocation checker instance.
* @param expiredCRLPolicy Policy instance for handling expired CRL data.
* @param certFiles File names of certificates to check.
* @param expected Expected result of check; null to indicate expected success.
*/
public ResourceCRLRevocationCheckerTests(
final ResourceCRLRevocationChecker checker,
final RevocationPolicy<X509CRL> expiredCRLPolicy,
final String[] certFiles,
final GeneralSecurityException expected) {
super(certFiles, expected);
this.checker = checker;
this.checker.setExpiredCRLPolicy(expiredCRLPolicy);
try {
this.checker.init();
} catch (final Exception e) {
throw new RuntimeException("ResourceCRLRevocationChecker initialization failed", e);
}
}
项目:BiglyBT
文件:PEMReader.java
/**
* Reads in a X509CRL.
*
* @return the X509Certificate
* @throws IOException if an I/O error occured
*/
private X509CRL readCRL(
String endMarker)
throws IOException
{
ByteArrayInputStream bIn = new ByteArrayInputStream(readBytes(endMarker));
try
{
CertificateFactory certFact
= CertificateFactory.getInstance("X.509", provider);
return (X509CRL)certFact.generateCRL(bIn);
}
catch (Exception e)
{
throw new IOException("problem parsing cert: " + e.toString());
}
}
项目:OpenJSharp
文件:X509CRLImpl.java
/**
* Extract the issuer X500Principal from an X509CRL. Parses the encoded
* form of the CRL to preserve the principal's ASN.1 encoding.
*
* Called by java.security.cert.X509CRL.getIssuerX500Principal().
*/
public static X500Principal getIssuerX500Principal(X509CRL crl) {
try {
byte[] encoded = crl.getEncoded();
DerInputStream derIn = new DerInputStream(encoded);
DerValue tbsCert = derIn.getSequence(3)[0];
DerInputStream tbsIn = tbsCert.data;
DerValue tmp;
// skip version number if present
byte nextByte = (byte)tbsIn.peekByte();
if (nextByte == DerValue.tag_Integer) {
tmp = tbsIn.getDerValue();
}
tmp = tbsIn.getDerValue(); // skip signature
tmp = tbsIn.getDerValue(); // issuer
byte[] principalBytes = tmp.toByteArray();
return new X500Principal(principalBytes);
} catch (Exception e) {
throw new RuntimeException("Could not parse issuer", e);
}
}
项目:openjdk-jdk10
文件:GenerationTests.java
static void test_create_signature_x509_crt_crl() throws Exception {
System.out.println("* Generating signature-x509-crt-crl.xml");
List<Object> xds = new ArrayList<>();
CertificateFactory cf = CertificateFactory.getInstance("X.509");
xds.add(signingCert);
FileInputStream fis = new FileInputStream(CRL);
X509CRL crl = (X509CRL) cf.generateCRL(fis);
fis.close();
xds.add(crl);
KeyInfo crt_crl = kifac.newKeyInfo(Collections.singletonList
(kifac.newX509Data(xds)));
test_create_signature_external(dsaSha1, crt_crl, signingKey,
new X509KeySelector(ks), false);
System.out.println();
}
项目:ipack
文件:X509V2CRLGenerator.java
/**
* Add the CRLEntry objects contained in a previous CRL.
*
* @param other the X509CRL to source the other entries from.
*/
public void addCRL(X509CRL other)
throws CRLException
{
Set revocations = other.getRevokedCertificates();
if (revocations != null)
{
Iterator it = revocations.iterator();
while (it.hasNext())
{
X509CRLEntry entry = (X509CRLEntry)it.next();
ASN1InputStream aIn = new ASN1InputStream(entry.getEncoded());
try
{
tbsGen.addCRLEntry(ASN1Sequence.getInstance(aIn.readObject()));
}
catch (IOException e)
{
throw new CRLException("exception processing encoding of CRL: " + e.toString());
}
}
}
}
项目:jdk8u-jdk
文件:X509CRLImpl.java
/**
* Extract the issuer X500Principal from an X509CRL. Parses the encoded
* form of the CRL to preserve the principal's ASN.1 encoding.
*
* Called by java.security.cert.X509CRL.getIssuerX500Principal().
*/
public static X500Principal getIssuerX500Principal(X509CRL crl) {
try {
byte[] encoded = crl.getEncoded();
DerInputStream derIn = new DerInputStream(encoded);
DerValue tbsCert = derIn.getSequence(3)[0];
DerInputStream tbsIn = tbsCert.data;
DerValue tmp;
// skip version number if present
byte nextByte = (byte)tbsIn.peekByte();
if (nextByte == DerValue.tag_Integer) {
tmp = tbsIn.getDerValue();
}
tmp = tbsIn.getDerValue(); // skip signature
tmp = tbsIn.getDerValue(); // issuer
byte[] principalBytes = tmp.toByteArray();
return new X500Principal(principalBytes);
} catch (Exception e) {
throw new RuntimeException("Could not parse issuer", e);
}
}
项目:cas-server-4.2.1
文件:CRLDistributionPointRevocationChecker.java
@Override
protected boolean addCRL(final Object id, final X509CRL crl) {
try {
if (crl == null) {
logger.debug("No CRL was passed. Removing {} from cache...", id);
return this.crlCache.remove(id);
}
this.crlCache.put(new Element(id, crl.getEncoded()));
return this.crlCache.get(id) != null;
} catch (final Exception e) {
logger.warn("Failed to add the crl entry [{}] to the cache", crl);
throw new RuntimeException(e);
}
}
项目:ipack
文件:X509V2CRLGenerator.java
/**
* generate an X509 CRL, based on the current issuer and subject
* using the default provider and an user defined SecureRandom object as
* source of randomness.
* <p>
* <b>Note:</b> this differs from the deprecated method in that the default provider is
* used - not "BC".
* </p>
*/
public X509CRL generate(
PrivateKey key,
SecureRandom random)
throws CRLException, IllegalStateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException
{
TBSCertList tbsCrl = generateCertList();
byte[] signature;
try
{
signature = X509Util.calculateSignature(sigOID, signatureAlgorithm, key, random, tbsCrl);
}
catch (IOException e)
{
throw new ExtCRLException("cannot generate CRL encoding", e);
}
return generateJcaObject(tbsCrl, signature);
}
项目:cas4.0.x-server-wechat
文件:AbstractCRLRevocationChecker.java
/** {@inheritDoc} */
@Override
public void check(final X509Certificate cert) throws GeneralSecurityException {
if (cert == null) {
throw new IllegalArgumentException("Certificate cannot be null.");
}
logger.debug("Evaluating certificate revocation status for {}", CertUtils.toString(cert));
final X509CRL crl = getCRL(cert);
if (crl == null) {
logger.warn("CRL data is not available for {}", CertUtils.toString(cert));
this.unavailableCRLPolicy.apply(null);
return;
}
if (CertUtils.isExpired(crl)) {
logger.warn("CRL data expired on ", crl.getNextUpdate());
this.expiredCRLPolicy.apply(crl);
}
final X509CRLEntry entry = crl.getRevokedCertificate(cert);
if (entry != null) {
throw new RevokedCertificateException(entry);
}
}
项目:cas4.0.x-server-wechat
文件:ResourceCRLRevocationCheckerTests.java
/**
* Creates a new test instance with given parameters.
*
* @param checker Revocation checker instance.
* @param expiredCRLPolicy Policy instance for handling expired CRL data.
* @param certFiles File names of certificates to check.
* @param expected Expected result of check; null to indicate expected success.
*/
public ResourceCRLRevocationCheckerTests(
final ResourceCRLRevocationChecker checker,
final RevocationPolicy<X509CRL> expiredCRLPolicy,
final String[] certFiles,
final GeneralSecurityException expected) {
super(certFiles, expected);
this.checker = checker;
this.checker.setExpiredCRLPolicy(expiredCRLPolicy);
try {
this.checker.afterPropertiesSet();
} catch (final Exception e) {
throw new RuntimeException("ResourceCRLRevocationChecker initialization failed", e);
}
}
项目:ipack
文件:RFC3280CertPathUtilities.java
protected static PublicKey processCRLG(
X509CRL crl,
Set keys)
throws AnnotatedException
{
Exception lastException = null;
for (Iterator it = keys.iterator(); it.hasNext();)
{
PublicKey key = (PublicKey)it.next();
try
{
crl.verify(key);
return key;
}
catch (Exception e)
{
lastException = e;
}
}
throw new AnnotatedException("Cannot verify CRL.", lastException);
}
项目:openjdk-jdk10
文件:CertUtils.java
/**
* Read a bunch of CRLs from files and create a CertStore from them.
*
* @param relPath relative path containing CRLs (must end in file.separator)
* @param fileNames an array of <code>String</code>s that are file names
* @return the <code>CertStore</code> created
* @throws Exception on error
*/
public static CertStore createCRLStore(String relPath, String [] fileNames)
throws Exception {
Set<X509CRL> crls = new HashSet<X509CRL>();
for (int i = 0; i < fileNames.length; i++) {
crls.add(getCRLFromFile(relPath + fileNames[i]));
}
return CertStore.getInstance("Collection",
new CollectionCertStoreParameters(crls));
}
项目:OpenJSharp
文件:URICertStore.java
/**
* Checks if the specified X509CRL matches the criteria specified in the
* CRLSelector.
*/
private static Collection<X509CRL> getMatchingCRLs
(X509CRL crl, CRLSelector selector) {
if (selector == null || (crl != null && selector.match(crl))) {
return Collections.singletonList(crl);
} else {
return Collections.emptyList();
}
}
项目:openjdk-jdk10
文件:CertUtils.java
/**
* Get a DER-encoded X.509 CRL from a file.
*
* @param crlFilePath path to file containing DER-encoded CRL
* @return the X509CRL
* @throws CertificateException if the crl type is not supported
* @throws CRLException if the crl cannot be parsed
* @throws IOException if the file cannot be opened
*/
public static X509CRL getCRLFromFile(String crlFilePath)
throws CertificateException, CRLException, IOException {
File crlFile = new File(System.getProperty("test.src", "."),
crlFilePath);
try (FileInputStream fis = new FileInputStream(crlFile)) {
return (X509CRL)
CertificateFactory.getInstance("X.509").generateCRL(fis);
}
}
项目:springboot-shiro-cas-mybatis
文件:AbstractCRLRevocationChecker.java
/**
* Gets the first fetched CRL for the given certificate.
*
* @param cert Certificate for which the CRL of the issuing CA should be retrieved.
*
* @return CRL for given cert, or null
*/
public final X509CRL getCRL(final X509Certificate cert) {
final Collection<X509CRL> list = getCRLs(cert);
if (list != null && !list.isEmpty()) {
return list.iterator().next();
}
logger.debug("No CRL could be found for {}", CertUtils.toString(cert));
return null;
}
项目:springboot-shiro-cas-mybatis
文件:LdaptiveResourceCRLFetcher.java
@Override
protected X509CRL fetchInternal(final Object r) throws Exception {
if (r.toString().toLowerCase().startsWith("ldap")) {
return fetchCRLFromLdap(r);
}
return super.fetchInternal(r);
}
项目:lams
文件:CertPathPKIXTrustEvaluator.java
/**
* Add CRL's from the specified collection to the list of certs and CRL's being collected
* for the CertStore.
*
* @param storeMaterial list of certs and CRL's to be updated.
* @param crls collection of CRL's to be processed
* @param now current date/time
*/
protected void addCRLsToStoreMaterial(List<Object> storeMaterial, Collection<X509CRL> crls, Date now) {
for (X509CRL crl : crls) {
boolean isEmpty = crl.getRevokedCertificates() == null || crl.getRevokedCertificates().isEmpty();
boolean isExpired = crl.getNextUpdate().before(now);
if (!isEmpty || options.isProcessEmptyCRLs()) {
if (!isExpired || options.isProcessExpiredCRLs()) {
storeMaterial.add(crl);
if (log.isTraceEnabled()) {
log.trace("Added X509CRL to cert store from issuer {} dated {}",
x500DNHandler.getName(crl.getIssuerX500Principal()), crl.getThisUpdate());
if (isEmpty) {
log.trace("X509CRL added to cert store from issuer {} dated {} was empty",
x500DNHandler.getName(crl.getIssuerX500Principal()), crl.getThisUpdate());
}
}
if (isExpired) {
log.warn("Using X509CRL from issuer {} with a nextUpdate in the past: {}",
x500DNHandler.getName(crl.getIssuerX500Principal()), crl.getNextUpdate());
}
} else {
if (log.isTraceEnabled()) {
log.trace("Expired X509CRL not added to cert store, from issuer {} nextUpdate {}",
x500DNHandler.getName(crl.getIssuerX500Principal()), crl.getNextUpdate());
}
}
} else {
if (log.isTraceEnabled()) {
log.trace("Empty X509CRL not added to cert store, from issuer {} dated {}",
x500DNHandler.getName(crl.getIssuerX500Principal()), crl.getThisUpdate());
}
}
}
}
项目:springboot-shiro-cas-mybatis
文件:ResourceCRLFetcher.java
@Override
public final Set<X509CRL> fetch(final Set<? extends Object> crls) throws Exception {
final Set<X509CRL> results = new HashSet<>();
for (final Object r : crls) {
logger.debug("Fetching CRL data from {}", r);
final X509CRL crl = fetchInternal(r);
if (crl != null) {
results.add(crl);
}
}
return results;
}
项目:xitk
文件:X509Util.java
public static X509CRL parseCrl(InputStream crlStream)
throws CertificateException, CRLException {
ParamUtil.requireNonNull("crlStream", crlStream);
X509CRL crl = (X509CRL) getCertFactory().generateCRL(crlStream);
if (crl == null) {
throw new CRLException("the given one is not a valid X.509 CRL");
}
return crl;
}
项目:springboot-shiro-cas-mybatis
文件:ThresholdExpiredCRLRevocationPolicyTests.java
/**
* Creates a new test instance with given parameters.
*
* @param policy Policy to test.
* @param crl CRL instance to apply policy to.
* @param expected Expected result of policy application; null to indicate expected success.
*/
public ThresholdExpiredCRLRevocationPolicyTests(
final ThresholdExpiredCRLRevocationPolicy policy,
final X509CRL crl,
final GeneralSecurityException expected) {
this.policy = policy;
this.expected = expected;
this.crl = crl;
}
项目:jdk8u-jdk
文件:PKCS7.java
/**
* Returns the X.509 crls listed in this PKCS7 block.
* @return a clone of the array of X.509 crls or null if none
* are specified for the content type.
*/
public X509CRL[] getCRLs() {
if (crls != null)
return crls.clone();
else
return null;
}
项目:OpenJSharp
文件:Main.java
/**
* Returns CRLs described in a X509Certificate's CRLDistributionPoints
* Extension. Only those containing a general name of type URI are read.
*/
public static List<CRL> readCRLsFromCert(X509Certificate cert)
throws Exception {
List<CRL> crls = new ArrayList<>();
CRLDistributionPointsExtension ext =
X509CertImpl.toImpl(cert).getCRLDistributionPointsExtension();
if (ext == null) return crls;
List<DistributionPoint> distPoints =
ext.get(CRLDistributionPointsExtension.POINTS);
for (DistributionPoint o: distPoints) {
GeneralNames names = o.getFullName();
if (names != null) {
for (GeneralName name: names.names()) {
if (name.getType() == GeneralNameInterface.NAME_URI) {
URIName uriName = (URIName)name.getName();
for (CRL crl: loadCRLs(uriName.getName())) {
if (crl instanceof X509CRL) {
crls.add((X509CRL)crl);
}
}
break; // Different name should point to same CRL
}
}
}
}
return crls;
}
项目:springboot-shiro-cas-mybatis
文件:ResourceCRLRevocationChecker.java
/**
* Add fetched crls to the map.
*
* @param results the results
*/
private void addCrls(final Set<X509CRL> results) {
final Iterator<X509CRL> it = results.iterator();
while (it.hasNext()) {
final X509CRL entry = it.next();
addCRL(entry.getIssuerX500Principal(), entry);
}
}
项目:lams
文件:KeyInfoHelper.java
/**
* Builds an {@link org.opensaml.xml.signature.X509CRL} XMLObject from
* a native Java {@link java.security.cert.X509CRL}.
*
* @param crl the Java {@link java.security.cert.X509CRL} to convert
* @return a {@link org.opensaml.xml.signature.X509CRL} XMLObject
* @throws CRLException thrown when there is an error converting the Java
* CRL representation to the XMLObject representation
*/
public static org.opensaml.xml.signature.X509CRL buildX509CRL(X509CRL crl) throws CRLException {
org.opensaml.xml.signature.X509CRL xmlCRL =
(org.opensaml.xml.signature.X509CRL) Configuration.getBuilderFactory()
.getBuilder(org.opensaml.xml.signature.X509CRL.DEFAULT_ELEMENT_NAME)
.buildObject(org.opensaml.xml.signature.X509CRL.DEFAULT_ELEMENT_NAME);
xmlCRL.setValue(Base64.encodeBytes(crl.getEncoded()));
return xmlCRL;
}
项目:springboot-shiro-cas-mybatis
文件:AbstractCRLRevocationChecker.java
/**
* Gets the first fetched CRL for the given certificate.
*
* @param cert Certificate for which the CRL of the issuing CA should be retrieved.
*
* @return CRL for given cert, or null
*/
public final X509CRL getCRL(final X509Certificate cert) {
final Collection<X509CRL> list = getCRLs(cert);
if (list != null && !list.isEmpty()) {
return list.iterator().next();
}
logger.debug("No CRL could be found for {}", CertUtils.toString(cert));
return null;
}
项目:springboot-shiro-cas-mybatis
文件:ResourceCRLFetcher.java
@Override
public X509CRL fetch(final Object crl) throws Exception {
final Set<X509CRL> results = fetch(Collections.singleton(crl));
if (results.size() > 0) {
return results.iterator().next();
}
logger.warn("Unable to fetch {}", crl);
return null;
}
项目:BiglyBT
文件:X509V2CRLGenerator.java
/**
* generate an X509 certificate, based on the current issuer and subject
* using the passed in provider for the signing.
*/
public X509CRL generateX509CRL(
PrivateKey key,
String provider)
throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException
{
return generateX509CRL(key, provider, null);
}
项目:cas-5.1.0
文件:CRLDistributionPointRevocationChecker.java
public CRLDistributionPointRevocationChecker(final boolean checkAll, final RevocationPolicy<Void> unavailableCRLPolicy,
final RevocationPolicy<X509CRL> expiredCRLPolicy, final Cache crlCache,
final CRLFetcher fetcher, final boolean throwOnFetchFailure) {
super(checkAll, unavailableCRLPolicy, expiredCRLPolicy);
this.crlCache = crlCache;
this.fetcher = fetcher;
this.throwOnFetchFailure = throwOnFetchFailure;
}
项目:cas-server-4.2.1
文件:AbstractCRLRevocationChecker.java
/**
* Gets the first fetched CRL for the given certificate.
*
* @param cert Certificate for which the CRL of the issuing CA should be retrieved.
*
* @return CRL for given cert, or null
*/
public final X509CRL getCRL(final X509Certificate cert) {
final Collection<X509CRL> list = getCRLs(cert);
if (list != null && !list.isEmpty()) {
return list.iterator().next();
}
logger.debug("No CRL could be found for {}", CertUtils.toString(cert));
return null;
}