Google Git
Sign in
apache / harmony-jdktools / b09018f64514b5d4f3073817901645b486b70332 / . / modules / jdktools / src / main / java / org / apache / harmony / tools / keytool / CRLManager.java
blob: 19c70d5d49989e79fd2d0229240e22c17b1dd39f [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package org.apache.harmony.tools.keytool;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Iterator;
/**
* Class for managing Certificate Revocation Lists (CRLs).
*/
public class CRLManager {
/**
* Checks if the certificate given in the file is contained in the CRL which
* is stored in the file. If the file name is not given, stdin is used.
* File with CRL and the checked certificate file are specified in param.
*
* @return true if found at least one revoked certificate
* @param param
* @throws IOException
* @throws CRLException
* @throws NoSuchProviderException
* @throws CertificateException
* @throws FileNotFoundException
* @throws NoSuchAlgorithmException
*/
static boolean checkRevoked(KeytoolParameters param)
throws FileNotFoundException, CertificateException,
NoSuchProviderException, CRLException, IOException,
NoSuchAlgorithmException {
String provider = param.getProvider();
String certProvider = (param.getCertProvider() != null) ? param
.getCertProvider() : provider;
String mdProvider = (param.getMdProvider() != null) ? param
.getMdProvider() : provider;
// firstly, get CRLs from the file
Collection crls = CertReader.readCRLs(param.getCrlFile(), certProvider);
// quit, if couldn't read anything
if (crls.isEmpty()) {
throw new CRLException("Failed to generate a CRL from the input. ");
}
// secondly, get certificates from another file
Collection certs = CertReader.readCerts(param.getFileName(), false,
param.getProvider());
if (certs.isEmpty()) {
throw new CertificateException(
"Failed to generate a certificate from the input. ");
}
boolean foundRevoked = false;
// search in the CRLs for revocations of the certificates
Iterator crlIter = crls.iterator();
while (crlIter.hasNext()) {
X509CRL crl = (X509CRL) crlIter.next();
Iterator certIter = certs.iterator();
while (certIter.hasNext()) {
X509Certificate cert = (X509Certificate) certIter.next();
X509CRLEntry entry = crl.getRevokedCertificate(cert);
if (entry != null) {
System.out.println("The certificate ...");
KeyStoreCertPrinter.printX509CertDetailed(cert, mdProvider);
System.out.println("... is revoked on "
+ entry.getRevocationDate() + "\n");
foundRevoked = true;
continue;
}
}
}
if (certs.size() == 1 && !foundRevoked) {
System.out.println("The certificate ...");
KeyStoreCertPrinter.printX509CertDetailed((X509Certificate) certs
.iterator().next(), mdProvider);
System.out.println("... is not found in CRLs given");
} else if (!foundRevoked) {
System.out.println("The certificates are not found in CRLs given");
}
return foundRevoked;
}
}