| package org.bouncycastle.jce.provider; |
| |
| import java.security.cert.CertStore; |
| import java.security.cert.CertStoreException; |
| import java.security.cert.PKIXParameters; |
| import java.security.cert.X509CRL; |
| import java.security.cert.X509Certificate; |
| import java.util.Collection; |
| import java.util.Date; |
| import java.util.HashSet; |
| import java.util.Iterator; |
| import java.util.List; |
| import java.util.Set; |
| |
| import org.bouncycastle.util.StoreException; |
| import org.bouncycastle.x509.ExtendedPKIXParameters; |
| import org.bouncycastle.x509.X509CRLStoreSelector; |
| import org.bouncycastle.x509.X509Store; |
| |
| public class PKIXCRLUtil |
| { |
| public Set findCRLs(X509CRLStoreSelector crlselect, ExtendedPKIXParameters paramsPKIX, Date currentDate) |
| throws AnnotatedException |
| { |
| Set initialSet = new HashSet(); |
| |
| // get complete CRL(s) |
| try |
| { |
| initialSet.addAll(findCRLs(crlselect, paramsPKIX.getAdditionalStores())); |
| initialSet.addAll(findCRLs(crlselect, paramsPKIX.getStores())); |
| initialSet.addAll(findCRLs(crlselect, paramsPKIX.getCertStores())); |
| } |
| catch (AnnotatedException e) |
| { |
| throw new AnnotatedException("Exception obtaining complete CRLs.", e); |
| } |
| |
| Set finalSet = new HashSet(); |
| Date validityDate = currentDate; |
| |
| if (paramsPKIX.getDate() != null) |
| { |
| validityDate = paramsPKIX.getDate(); |
| } |
| |
| // based on RFC 5280 6.3.3 |
| for (Iterator it = initialSet.iterator(); it.hasNext();) |
| { |
| X509CRL crl = (X509CRL)it.next(); |
| |
| if (crl.getNextUpdate().after(validityDate)) |
| { |
| X509Certificate cert = crlselect.getCertificateChecking(); |
| |
| if (cert != null) |
| { |
| if (crl.getThisUpdate().before(cert.getNotAfter())) |
| { |
| finalSet.add(crl); |
| } |
| } |
| else |
| { |
| finalSet.add(crl); |
| } |
| } |
| } |
| |
| return finalSet; |
| } |
| |
| public Set findCRLs(X509CRLStoreSelector crlselect, PKIXParameters paramsPKIX) |
| throws AnnotatedException |
| { |
| Set completeSet = new HashSet(); |
| |
| // get complete CRL(s) |
| try |
| { |
| completeSet.addAll(findCRLs(crlselect, paramsPKIX.getCertStores())); |
| } |
| catch (AnnotatedException e) |
| { |
| throw new AnnotatedException("Exception obtaining complete CRLs.", e); |
| } |
| |
| return completeSet; |
| } |
| |
| /** |
| * Return a Collection of all CRLs found in the X509Store's that are |
| * matching the crlSelect criteriums. |
| * |
| * @param crlSelect a {@link X509CRLStoreSelector} object that will be used |
| * to select the CRLs |
| * @param crlStores a List containing only |
| * {@link org.bouncycastle.x509.X509Store X509Store} objects. |
| * These are used to search for CRLs |
| * |
| * @return a Collection of all found {@link java.security.cert.X509CRL X509CRL} objects. May be |
| * empty but never <code>null</code>. |
| */ |
| private final Collection findCRLs(X509CRLStoreSelector crlSelect, |
| List crlStores) throws AnnotatedException |
| { |
| Set crls = new HashSet(); |
| Iterator iter = crlStores.iterator(); |
| |
| AnnotatedException lastException = null; |
| boolean foundValidStore = false; |
| |
| while (iter.hasNext()) |
| { |
| Object obj = iter.next(); |
| |
| if (obj instanceof X509Store) |
| { |
| X509Store store = (X509Store)obj; |
| |
| try |
| { |
| crls.addAll(store.getMatches(crlSelect)); |
| foundValidStore = true; |
| } |
| catch (StoreException e) |
| { |
| lastException = new AnnotatedException( |
| "Exception searching in X.509 CRL store.", e); |
| } |
| } |
| else |
| { |
| CertStore store = (CertStore)obj; |
| |
| try |
| { |
| crls.addAll(store.getCRLs(crlSelect)); |
| foundValidStore = true; |
| } |
| catch (CertStoreException e) |
| { |
| lastException = new AnnotatedException( |
| "Exception searching in X.509 CRL store.", e); |
| } |
| } |
| } |
| if (!foundValidStore && lastException != null) |
| { |
| throw lastException; |
| } |
| return crls; |
| } |
| |
| } |
