it.trento.comune.j4sign.verification

Class X509CertRL

java.lang.Object

it.trento.comune.j4sign.verification.X509CertRL

public class X509CertRL
extends java.lang.Object

Represents the set of CRL downloaded in the system. It allows to control revokation in CRL

Rappresenta il set di CRL caricate nel sistema. Fornisce i metodi per il controllo di revoca dei certificati

Author:

Francesco Cendron, Roberto Resoli

Field Summary

Fields

Modifier and Type	Field and Description
private java.lang.String	auth
private CertificationAuthorities	certAuths
private java.io.File	crlDir
private java.lang.String	CRLerror
private static java.util.HashMap	crls
private boolean	debug
private java.util.logging.Logger	log
private java.lang.String	message
private java.lang.String	reasonCode
private boolean	useProxy
private java.security.cert.X509Certificate	userCert

Constructor Summary

Constructors

Constructor and Description
X509CertRL(CertificationAuthorities certAuths, java.io.File crlDir) Constructor used in CertificationAuthorities Costruttore utilizzato dalla classe CertificationAuthorities

Method Summary

Methods

Modifier and Type	Method and Description
int	check(java.security.cert.X509CRL crl, java.security.cert.X509Certificate caCert, java.util.Date date) Checks validity of CRL of the specified CA at the specified date Controlla la validita' di una CRL rispetto ad una specifica CA ed ad una data prefissata
java.security.cert.X509CRL	download(java.lang.String crlDP, java.security.Principal issuer) Downloads CRL issued by given CA from specified URL Scarica la CRL dall'URL specificato ed emessa dalla CA specificata
java.security.cert.X509CRL	download(java.security.cert.X509Certificate userCert) Downloads CRL of the given certificate Scarica la CRL relativa al certificato in oggetto
private byte[]	getBytesFromPath(java.lang.String fileName)
static java.security.cert.X509Certificate	getCertificatesFromFile(java.lang.String filePath) Returns certificate present in a file at the given filePath.
private static java.lang.String	getCommonName(java.security.cert.X509Certificate userCert) Returns Common Name (string) of the given certificate Restituisce il CN del certificato in oggetto
java.security.cert.X509CRL	getCRL(javax.security.auth.x500.X500Principal p)
java.lang.String[]	getCrlDistributionPoint(java.security.cert.X509Certificate certificate)
java.net.URL[]	getCrlDistributionPointOLD(java.security.cert.X509Certificate certificate) Return CRL Distribution Points (DP) of the specified cert in an array of URL Restituisce i CRL DP del certificato specificato in un array di URL
java.lang.String	getCRLerror()
private static org.bouncycastle.asn1.DERObject	getExtensionValue(java.security.cert.X509Certificate cert, java.lang.String oid) Returns DERObject extension if the certificate corresponding to given OID Restituisce un estensione DERObject dal certificato, corrispoendente all'OID
java.lang.String	getMessage() Return the possible error message of the last CRL verification
java.lang.String	getReasonCode()
private static java.lang.String	getStringFromGeneralNames(org.bouncycastle.asn1.DERObject names)
private boolean	initHTTPS()
boolean	isNotRevoked(java.lang.String filePath, boolean forceCRLUpdate) Controls if the signed file at the specified filePath is revoked at the current date.
boolean	isNotRevoked(java.security.cert.X509Certificate userCert, boolean forceCRLUpdate) Controls if the given certificate is revoked at the current date.
boolean	isNotRevoked(java.security.cert.X509Certificate userCert, java.util.Date date, boolean forceCRLUpdate) Controls if the given certificate is revoked at the specified date.
private java.security.cert.X509CRL	loadCRL(java.security.cert.X509Certificate userCert)
private java.security.cert.X509CRL	parse(byte[] crlEnc)
void	resetCRLerror()
private java.security.cert.X509CRL	ricercaCrlByLDAP(java.lang.String dp, java.security.Principal CADName)
private java.security.cert.X509CRL	ricercaCrlByProxyHTTP(java.net.URL dp)
void	setDebug(boolean debug) Activate or discactivate debug messages Attiva o disattiva i messaggi di debug
boolean	setUseproxy(boolean proxy, java.lang.String user, java.lang.String password, java.lang.String proxyHost, java.lang.String proxyPort) Set proxy connection parameters to download CRL Imposta i parametri di connessione con il proxy verso Internet per lo scarico delle CRL
private void	storeCRL(java.security.cert.X509CRL crl)
boolean	update(java.security.cert.X509Certificate userCert, java.util.Date date, boolean forceUpdate) Updates CRL if not present in cache or if present but expired or if download is forced (flag forceUpdate set to true) Aggiorna la CRL se non e' presente nella cache oppure se e' presente ma e' scaduta oppure se e' stato impostato il download ad ogni verifica tramite il flag forceUpdate.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

log

private java.util.logging.Logger log

crls

private static java.util.HashMap crls

userCert

private java.security.cert.X509Certificate userCert

CRLerror

private java.lang.String CRLerror

debug

private boolean debug

useProxy

private boolean useProxy

certAuths

private CertificationAuthorities certAuths

auth

private java.lang.String auth

message

private java.lang.String message

reasonCode

private java.lang.String reasonCode

crlDir

private java.io.File crlDir

Constructor Detail

X509CertRL

public X509CertRL(CertificationAuthorities certAuths,
          java.io.File crlDir)

Constructor used in CertificationAuthorities
Costruttore utilizzato dalla classe CertificationAuthorities

Parameters:

certAuths - reference to CertificationAuthorities used to verify signature in CRL

Method Detail

getCRL

public java.security.cert.X509CRL getCRL(javax.security.auth.x500.X500Principal p)

isNotRevoked

public boolean isNotRevoked(java.lang.String filePath,
                   boolean forceCRLUpdate)

Controls if the signed file at the specified filePath is revoked at the current date.

Effettua il controllo di revoca sulla firma contenuta nel file in filePath, rispetto alla data corrente

Parameters:

filePath - filePath

Returns:

true if certificate is not revoked

isNotRevoked

public boolean isNotRevoked(java.security.cert.X509Certificate userCert,
                   boolean forceCRLUpdate)

Controls if the given certificate is revoked at the current date.

Effettua il controllo di revoca sulla firma contenuta nel certificato userCert, rispetto alla data corrente

Parameters:

userCert - certificate to verify

Returns:

true if certificate is not revoked

isNotRevoked

public boolean isNotRevoked(java.security.cert.X509Certificate userCert,
                   java.util.Date date,
                   boolean forceCRLUpdate)

Controls if the given certificate is revoked at the specified date. Effettua il controllo di revoca sulla firma contenuta nel certificato userCert, rispetto alla data corrente

Parameters:

userCert - certificate to verify

date - Date

Returns:

true if certificate is not revoked

update

public boolean update(java.security.cert.X509Certificate userCert,
             java.util.Date date,
             boolean forceUpdate)
               throws java.security.cert.CertificateException,
                      java.security.GeneralSecurityException

Updates CRL if not present in cache or if present but expired or if download is forced (flag forceUpdate set to true)

Aggiorna la CRL se non e' presente nella cache oppure se e' presente ma e' scaduta oppure se e' stato impostato il download ad ogni verifica tramite il flag forceUpdate.

Parameters:

userCert - certificate whose CRL is checked

date - ckecks the validity of CRL according to this date

forceUpdate - if true, it forces CRL download even if CRL in cache is not expired

Returns:

true if updating is successfully completed or if CRL in cache is not expired and download is not forced

Throws:

java.security.cert.CertificateException - if any error occurs during certificate parsing

java.security.GeneralSecurityException

check

public int check(java.security.cert.X509CRL crl,
        java.security.cert.X509Certificate caCert,
        java.util.Date date)
          throws java.security.cert.CertificateException

Checks validity of CRL of the specified CA at the specified date

Controlla la validita' di una CRL rispetto ad una specifica CA ed ad una data prefissata

Parameters:

crl - CRL to check

caCert - CA certificate that should have signed CRL

date - ckecks the validity of CRL according to this date

Returns:

int: 0 CRL is valid, else use getMessage() to check error message

Throws:

java.security.cert.CertificateException - if any error occurs during DN parsing

getCrlDistributionPoint

public java.lang.String[] getCrlDistributionPoint(java.security.cert.X509Certificate certificate)
                                           throws java.security.cert.CertificateParsingException

Throws:

java.security.cert.CertificateParsingException

getCrlDistributionPointOLD

public java.net.URL[] getCrlDistributionPointOLD(java.security.cert.X509Certificate certificate)
                                          throws java.security.cert.CertificateParsingException

Return CRL Distribution Points (DP) of the specified cert in an array of URL Restituisce i CRL DP del certificato specificato in un array di URL

Parameters:

certificate - extracts DP from this certificate

Returns:

URL []: URL array

Throws:

java.security.cert.CertificateParsingException

getExtensionValue

private static org.bouncycastle.asn1.DERObject getExtensionValue(java.security.cert.X509Certificate cert,
                                                java.lang.String oid)
                                                          throws java.io.IOException

Returns DERObject extension if the certificate corresponding to given OID

Restituisce un estensione DERObject dal certificato, corrispoendente all'OID

Parameters:

cert - certificate

oid - String

Returns:

l'estensione

Throws:

java.io.IOException

getStringFromGeneralNames

private static java.lang.String getStringFromGeneralNames(org.bouncycastle.asn1.DERObject names)

download

public java.security.cert.X509CRL download(java.security.cert.X509Certificate userCert)
                                    throws java.security.cert.CertificateParsingException

Downloads CRL of the given certificate

Scarica la CRL relativa al certificato in oggetto

Parameters:

userCert - certificate

Returns:

la CRL relativa al certificato

Throws:

java.security.cert.CertificateParsingException

getCommonName

private static java.lang.String getCommonName(java.security.cert.X509Certificate userCert)

Returns Common Name (string) of the given certificate

Restituisce il CN del certificato in oggetto

Parameters:

userCert - X509Certificate

Returns:

String

download

public java.security.cert.X509CRL download(java.lang.String crlDP,
                                  java.security.Principal issuer)
                                    throws java.security.cert.CertificateException,
                                           java.net.MalformedURLException

Downloads CRL issued by given CA from specified URL

Scarica la CRL dall'URL specificato ed emessa dalla CA specificata

Parameters:

crlDP - Distribution Point

issuer - DN of the CRL signer, if LDAP protocol is used

Returns:

CRL the given certificate

Throws:

java.security.cert.CertificateException - error during certificate parsing

java.net.MalformedURLException

ricercaCrlByLDAP

private java.security.cert.X509CRL ricercaCrlByLDAP(java.lang.String dp,
                                          java.security.Principal CADName)

ricercaCrlByProxyHTTP

private java.security.cert.X509CRL ricercaCrlByProxyHTTP(java.net.URL dp)

initHTTPS

private boolean initHTTPS()

setDebug

public void setDebug(boolean debug)

Activate or discactivate debug messages

Attiva o disattiva i messaggi di debug

Parameters:

debug - if true, it shows debug messages

setUseproxy

public boolean setUseproxy(boolean proxy,
                  java.lang.String user,
                  java.lang.String password,
                  java.lang.String proxyHost,
                  java.lang.String proxyPort)

Set proxy connection parameters to download CRL

Imposta i parametri di connessione con il proxy verso Internet per lo scarico delle CRL

Parameters:

proxy - true is proxy is used

user - proxy authenticated user

password - password

proxyHost - proxy

proxyPort - proxy port

Returns:

true se l'impostazione del collegamento col proxy e' terminata correttamente

parse

private java.security.cert.X509CRL parse(byte[] crlEnc)
                                  throws java.security.GeneralSecurityException

Throws:

java.security.GeneralSecurityException

getMessage

public java.lang.String getMessage()

Return the possible error message of the last CRL verification

Returns:

description of the last CRL verification error

getCertificatesFromFile

public static java.security.cert.X509Certificate getCertificatesFromFile(java.lang.String filePath)

Returns certificate present in a file at the given filePath.
This can be coded base64 or DER

Restituisce il certificato contenuto nel file specificato nel filePath. Distingue tra codifica base64 e DER.

Parameters:

filePath - String

Returns:

certificate

getReasonCode

public java.lang.String getReasonCode()

getCRLerror

public java.lang.String getCRLerror()

resetCRLerror

public void resetCRLerror()

storeCRL

private void storeCRL(java.security.cert.X509CRL crl)

loadCRL

private java.security.cert.X509CRL loadCRL(java.security.cert.X509Certificate userCert)

getBytesFromPath

private byte[] getBytesFromPath(java.lang.String fileName)
                         throws java.io.IOException

Throws:

java.io.IOException