PKIXCRLUtil.java revision e6bf3e8dfa2804891a82075cb469b736321b4827
1package org.bouncycastle.jce.provider; 2 3import java.security.cert.CertStore; 4import java.security.cert.CertStoreException; 5import java.security.cert.PKIXParameters; 6import java.security.cert.X509CRL; 7import java.security.cert.X509Certificate; 8import java.util.Collection; 9import java.util.Date; 10import java.util.HashSet; 11import java.util.Iterator; 12import java.util.List; 13import java.util.Set; 14 15import org.bouncycastle.util.StoreException; 16import org.bouncycastle.x509.ExtendedPKIXParameters; 17import org.bouncycastle.x509.X509CRLStoreSelector; 18import org.bouncycastle.x509.X509Store; 19 20public class PKIXCRLUtil 21{ 22 public Set findCRLs(X509CRLStoreSelector crlselect, ExtendedPKIXParameters paramsPKIX, Date currentDate) 23 throws AnnotatedException 24 { 25 Set initialSet = new HashSet(); 26 27 // get complete CRL(s) 28 try 29 { 30 initialSet.addAll(findCRLs(crlselect, paramsPKIX.getAdditionalStores())); 31 initialSet.addAll(findCRLs(crlselect, paramsPKIX.getStores())); 32 initialSet.addAll(findCRLs(crlselect, paramsPKIX.getCertStores())); 33 } 34 catch (AnnotatedException e) 35 { 36 throw new AnnotatedException("Exception obtaining complete CRLs.", e); 37 } 38 39 Set finalSet = new HashSet(); 40 Date validityDate = currentDate; 41 42 if (paramsPKIX.getDate() != null) 43 { 44 validityDate = paramsPKIX.getDate(); 45 } 46 47 // based on RFC 5280 6.3.3 48 for (Iterator it = initialSet.iterator(); it.hasNext();) 49 { 50 X509CRL crl = (X509CRL)it.next(); 51 52 if (crl.getNextUpdate().after(validityDate)) 53 { 54 X509Certificate cert = crlselect.getCertificateChecking(); 55 56 if (cert != null) 57 { 58 if (crl.getThisUpdate().before(cert.getNotAfter())) 59 { 60 finalSet.add(crl); 61 } 62 } 63 else 64 { 65 finalSet.add(crl); 66 } 67 } 68 } 69 70 return finalSet; 71 } 72 73 public Set findCRLs(X509CRLStoreSelector crlselect, PKIXParameters paramsPKIX) 74 throws AnnotatedException 75 { 76 Set completeSet = new HashSet(); 77 78 // get complete CRL(s) 79 try 80 { 81 completeSet.addAll(findCRLs(crlselect, paramsPKIX.getCertStores())); 82 } 83 catch (AnnotatedException e) 84 { 85 throw new AnnotatedException("Exception obtaining complete CRLs.", e); 86 } 87 88 return completeSet; 89 } 90 91/** 92 * Return a Collection of all CRLs found in the X509Store's that are 93 * matching the crlSelect criteriums. 94 * 95 * @param crlSelect a {@link X509CRLStoreSelector} object that will be used 96 * to select the CRLs 97 * @param crlStores a List containing only 98 * {@link org.bouncycastle.x509.X509Store X509Store} objects. 99 * These are used to search for CRLs 100 * 101 * @return a Collection of all found {@link java.security.cert.X509CRL X509CRL} objects. May be 102 * empty but never <code>null</code>. 103 */ 104 private final Collection findCRLs(X509CRLStoreSelector crlSelect, 105 List crlStores) throws AnnotatedException 106 { 107 Set crls = new HashSet(); 108 Iterator iter = crlStores.iterator(); 109 110 AnnotatedException lastException = null; 111 boolean foundValidStore = false; 112 113 while (iter.hasNext()) 114 { 115 Object obj = iter.next(); 116 117 if (obj instanceof X509Store) 118 { 119 X509Store store = (X509Store)obj; 120 121 try 122 { 123 crls.addAll(store.getMatches(crlSelect)); 124 foundValidStore = true; 125 } 126 catch (StoreException e) 127 { 128 lastException = new AnnotatedException( 129 "Exception searching in X.509 CRL store.", e); 130 } 131 } 132 else 133 { 134 CertStore store = (CertStore)obj; 135 136 try 137 { 138 crls.addAll(store.getCRLs(crlSelect)); 139 foundValidStore = true; 140 } 141 catch (CertStoreException e) 142 { 143 lastException = new AnnotatedException( 144 "Exception searching in X.509 CRL store.", e); 145 } 146 } 147 } 148 if (!foundValidStore && lastException != null) 149 { 150 throw lastException; 151 } 152 return crls; 153 } 154 155} 156