Package net.maritimeconnectivity.pki

Class CRLVerifier

java.lang.Object

net.maritimeconnectivity.pki.CRLVerifier

public final class CRLVerifier
extends Object

Class that contains functions for retrieving and verifying certificate revocation lists

Method Summary

Modifier and Type	Method	Description
static X509CRL	downloadCRL(String crlURL)	Downloads CRL from given URL.
static X509CRL	downloadCRLFromLDAP(String ldapURL)	Downloads a CRL from given LDAP url, e.g.
static X509CRL	downloadCRLFromWeb(String crlURL)	Downloads a CRL from given HTTP/HTTPS/FTP URL, e.g.
static List<String>	getCrlDistributionPoints(X509Certificate cert)	Extracts all CRL distribution point URLs from the "CRL Distribution Point" extension in a X.509 certificate.
static X509CRL	loadCRLFromFile(String path)	Load a CRL from given file
static RevocationInfo	verifyCertificateCRL(X509Certificate cert)	Extracts the CRL distribution points from the certificate (if available) and checks the certificate revocation status against the CRLs coming from the distribution points.
static RevocationInfo	verifyCertificateCRL(X509Certificate cert, X509CRL crl)	Verifies the revocation status of a certificate against a CRL

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

verifyCertificateCRL

public static RevocationInfo verifyCertificateCRL(X509Certificate cert)

Extracts the CRL distribution points from the certificate (if available) and checks the certificate revocation status against the CRLs coming from the distribution points. Supports HTTP, HTTPS, FTP and LDAP based URLs.

Parameters:

cert - Certificate to verify

Returns:

a RevocationInfo object with the validation result

verifyCertificateCRL

public static RevocationInfo verifyCertificateCRL(X509Certificate cert,
                                                  X509CRL crl)

Verifies the revocation status of a certificate against a CRL

Parameters:

cert - The certificate to verify

crl - The CRL to use for verifying

Returns:

a RevocationInfo object with the validation result

downloadCRL

public static X509CRL downloadCRL(String crlURL)
                           throws IOException,
                                  CertificateException,
                                  NamingException,
                                  CRLException

Downloads CRL from given URL. Supports http, https, ftp and ldap based URLs.

Parameters:

crlURL - The URL for downloading the CRL

Returns:

a CRL

Throws:

IOException - if a connection cannot be opened based on the given URL

CertificateException - if the retrieved CRL cannot be instantiated as a Java object

NamingException - if downloading CRL from ldap fails

CRLException - if the retrieved CRL cannot be instantiated as a Java object

downloadCRLFromLDAP

public static X509CRL downloadCRLFromLDAP(String ldapURL)
                                   throws NamingException,
                                          CertificateException,
                                          CRLException

Downloads a CRL from given LDAP url, e.g. ldap://ldap.infonotary.com/dc=identity-ca,dc=infonotary,dc=com

Parameters:

ldapURL - The URL for downloading the CRL from a ldap server

Returns:

a CRL

Throws:

NamingException - if downloading CRL from ldap fails

CertificateException - if a CertificateFactory cannot be instantiated

CRLException - if the retrieved CRL cannot be instantiated as a Java object

downloadCRLFromWeb

public static X509CRL downloadCRLFromWeb(String crlURL)
                                  throws IOException,
                                         CRLException,
                                         CertificateException

Downloads a CRL from given HTTP/HTTPS/FTP URL, e.g. http://crl.infonotary.com/crl/identity-ca.crl

Parameters:

crlURL - The URL for downloading the CRL

Returns:

a CRL

Throws:

IOException - if a connection cannot be opened based on the given URL

CertificateException - if a CertificateFactory cannot be instantiated

CRLException - if the retrieved CRL cannot be instantiated as a Java object

loadCRLFromFile

public static X509CRL loadCRLFromFile(String path)
                               throws IOException,
                                      CRLException,
                                      CertificateException

Load a CRL from given file

Parameters:

path - The path of the file that contains the CRL

Returns:

a CRL

Throws:

IOException - if the file cannot be opened

CRLException - if the loaded CRL cannot be instantiated as a Java object

CertificateException - if a CertificateFactory cannot be instantiated

getCrlDistributionPoints

public static List<String> getCrlDistributionPoints(X509Certificate cert)
                                             throws IOException

Extracts all CRL distribution point URLs from the "CRL Distribution Point" extension in a X.509 certificate. If CRL distribution point extension is unavailable, returns an empty list.

Parameters:

cert - The certificate that should be used for extracting the distribution points

Returns:

a list CRL distribution points

Throws:

IOException - if the given certificate cannot be read