1 package org.bouncycastle.x509; 2 3 import org.bouncycastle.jce.cert.CertStore; 4 import org.bouncycastle.jce.cert.CertStoreException; 5 import java.security.cert.X509CRL; 6 import java.security.cert.X509Certificate; 7 import java.util.Collection; 8 import java.util.Date; 9 import java.util.HashSet; 10 import java.util.Iterator; 11 import java.util.List; 12 import java.util.Set; 13 14 import org.bouncycastle.jcajce.PKIXCRLStore; 15 import org.bouncycastle.jcajce.PKIXCRLStoreSelector; 16 import org.bouncycastle.jce.provider.AnnotatedException; 17 import org.bouncycastle.util.Store; 18 import org.bouncycastle.util.StoreException; 19 20 class PKIXCRLUtil 21 { findCRLs(PKIXCRLStoreSelector crlselect, Date validityDate, List certStores, List pkixCrlStores)22 public Set findCRLs(PKIXCRLStoreSelector crlselect, Date validityDate, List certStores, List pkixCrlStores) 23 throws AnnotatedException 24 { 25 Set initialSet = new HashSet(); 26 27 // get complete CRL(s) 28 try 29 { 30 initialSet.addAll(findCRLs(crlselect, pkixCrlStores)); 31 initialSet.addAll(findCRLs(crlselect, certStores)); 32 } 33 catch (AnnotatedException e) 34 { 35 throw new AnnotatedException("Exception obtaining complete CRLs.", e); 36 } 37 38 Set finalSet = new HashSet(); 39 40 // based on RFC 5280 6.3.3 41 for (Iterator it = initialSet.iterator(); it.hasNext();) 42 { 43 X509CRL crl = (X509CRL)it.next(); 44 45 if (crl.getNextUpdate().after(validityDate)) 46 { 47 X509Certificate cert = crlselect.getCertificateChecking(); 48 49 if (cert != null) 50 { 51 if (crl.getThisUpdate().before(cert.getNotAfter())) 52 { 53 finalSet.add(crl); 54 } 55 } 56 else 57 { 58 finalSet.add(crl); 59 } 60 } 61 } 62 63 return finalSet; 64 } 65 66 /** 67 * Return a Collection of all CRLs found in the X509Store's that are 68 * matching the crlSelect criteriums. 69 * 70 * @param crlSelect a {@link org.bouncycastle.jcajce.PKIXCRLStoreSelector} object that will be used 71 * to select the CRLs 72 * @param crlStores a List containing only 73 * {@link Store} objects. 74 * These are used to search for CRLs 75 * 76 * @return a Collection of all found {@link java.security.cert.X509CRL X509CRL} objects. May be 77 * empty but never <code>null</code>. 78 */ findCRLs(PKIXCRLStoreSelector crlSelect, List crlStores)79 private final Collection findCRLs(PKIXCRLStoreSelector crlSelect, 80 List crlStores) throws AnnotatedException 81 { 82 Set crls = new HashSet(); 83 Iterator iter = crlStores.iterator(); 84 85 AnnotatedException lastException = null; 86 boolean foundValidStore = false; 87 88 while (iter.hasNext()) 89 { 90 Object obj = iter.next(); 91 92 if (obj instanceof Store) 93 { 94 Store store = (Store)obj; 95 96 try 97 { 98 crls.addAll(store.getMatches(crlSelect)); 99 foundValidStore = true; 100 } 101 catch (StoreException e) 102 { 103 lastException = new AnnotatedException( 104 "Exception searching in X.509 CRL store.", e); 105 } 106 } 107 else 108 { 109 CertStore store = (CertStore)obj; 110 111 try 112 { 113 crls.addAll(PKIXCRLStoreSelector.getCRLs(crlSelect, store)); 114 foundValidStore = true; 115 } 116 catch (CertStoreException e) 117 { 118 lastException = new AnnotatedException( 119 "Exception searching in X.509 CRL store.", e); 120 } 121 } 122 } 123 if (!foundValidStore && lastException != null) 124 { 125 throw lastException; 126 } 127 return crls; 128 } 129 130 } 131