18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25 package sun.security.provider.certpath;
26
27 import java.io.InputStream;
28 import java.io.IOException;
29 import java.io.OutputStream;
30 import java.net.URI;
31 import java.net.URL;
32 import java.net.HttpURLConnection;
33 import java.security.cert.CertificateException;
34 import java.security.cert.CertPathValidatorException;
35 import java.security.cert.CertPathValidatorException.BasicReason;
36 import java.security.cert.CRLReason;
37 import java.security.cert.Extension;
38 import java.security.cert.X509Certificate;
39 import java.util.Arrays;
40 import java.util.Collections;
41 import java.util.Date;
42 import java.util.List;
43 import java.util.Map;
44
45 import sun.security.action.GetIntegerAction;
46 import sun.security.util.Debug;
47 import sun.security.x509.AccessDescription;
48 import sun.security.x509.AuthorityInfoAccessExtension;
49 import sun.security.x509.GeneralName;
50 import sun.security.x509.GeneralNameInterface;
51 import sun.security.x509.PKIXExtensions;
52 import sun.security.x509.URIName;
53 import sun.security.x509.X509CertImpl;
54
55 /**
56 * This is a class that checks the revocation status of a certificate(s) using
57 * OCSP. It is not a PKIXCertPathChecker and therefore can be used outside of
147 */
148 public static RevocationStatus check(X509Certificate cert,
149 X509Certificate issuerCert,
150 URI responderURI,
151 X509Certificate responderCert,
152 Date date)
153 throws IOException, CertPathValidatorException
154 {
155 return check(cert, issuerCert, responderURI, responderCert, date,
156 Collections.<Extension>emptyList());
157 }
158
159 // Called by com.sun.deploy.security.TrustDecider
160 public static RevocationStatus check(X509Certificate cert,
161 X509Certificate issuerCert,
162 URI responderURI,
163 X509Certificate responderCert,
164 Date date, List<Extension> extensions)
165 throws IOException, CertPathValidatorException
166 {
167 CertId certId = null;
168 try {
169 X509CertImpl certImpl = X509CertImpl.toImpl(cert);
170 certId = new CertId(issuerCert, certImpl.getSerialNumberObject());
171 } catch (CertificateException | IOException e) {
172 throw new CertPathValidatorException
173 ("Exception while encoding OCSPRequest", e);
174 }
175 OCSPResponse ocspResponse = check(Collections.singletonList(certId),
176 responderURI, new OCSPResponse.IssuerInfo(issuerCert),
177 responderCert, date, extensions);
178 return (RevocationStatus) ocspResponse.getSingleResponse(certId);
179 }
180
181 /**
182 * Checks the revocation status of a list of certificates using OCSP.
183 *
184 * @param certIds the CertIds to be checked
185 * @param responderURI the URI of the OCSP responder
186 * @param issuerInfo the issuer's certificate and/or subject and public key
187 * @param responderCert the OCSP responder's certificate
188 * @param date the time the validity of the OCSP responder's certificate
189 * should be checked against. If null, the current time is used.
190 * @param extensions zero or more OCSP extensions to be included in the
191 * request. If no extensions are requested, an empty {@code List} must
192 * be used. A {@code null} value is not allowed.
193 * @return the OCSPResponse
194 * @throws IOException if there is an exception connecting to or
195 * communicating with the OCSP responder
196 * @throws CertPathValidatorException if an exception occurs while
|
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25 package sun.security.provider.certpath;
26
27 import java.io.InputStream;
28 import java.io.IOException;
29 import java.io.OutputStream;
30 import java.net.URI;
31 import java.net.URL;
32 import java.net.HttpURLConnection;
33 import java.security.cert.CertificateException;
34 import java.security.cert.CertPathValidatorException;
35 import java.security.cert.CertPathValidatorException.BasicReason;
36 import java.security.cert.CRLReason;
37 import java.security.cert.Extension;
38 import java.security.cert.TrustAnchor;
39 import java.security.cert.X509Certificate;
40 import java.util.Arrays;
41 import java.util.Collections;
42 import java.util.Date;
43 import java.util.List;
44 import java.util.Map;
45
46 import sun.security.action.GetIntegerAction;
47 import sun.security.util.Debug;
48 import sun.security.x509.AccessDescription;
49 import sun.security.x509.AuthorityInfoAccessExtension;
50 import sun.security.x509.GeneralName;
51 import sun.security.x509.GeneralNameInterface;
52 import sun.security.x509.PKIXExtensions;
53 import sun.security.x509.URIName;
54 import sun.security.x509.X509CertImpl;
55
56 /**
57 * This is a class that checks the revocation status of a certificate(s) using
58 * OCSP. It is not a PKIXCertPathChecker and therefore can be used outside of
148 */
149 public static RevocationStatus check(X509Certificate cert,
150 X509Certificate issuerCert,
151 URI responderURI,
152 X509Certificate responderCert,
153 Date date)
154 throws IOException, CertPathValidatorException
155 {
156 return check(cert, issuerCert, responderURI, responderCert, date,
157 Collections.<Extension>emptyList());
158 }
159
160 // Called by com.sun.deploy.security.TrustDecider
161 public static RevocationStatus check(X509Certificate cert,
162 X509Certificate issuerCert,
163 URI responderURI,
164 X509Certificate responderCert,
165 Date date, List<Extension> extensions)
166 throws IOException, CertPathValidatorException
167 {
168 return check(cert, responderURI, null, issuerCert, responderCert, date, extensions);
169 }
170
171 public static RevocationStatus check(X509Certificate cert,
172 URI responderURI, TrustAnchor anchor, X509Certificate issuerCert,
173 X509Certificate responderCert, Date date,
174 List<Extension> extensions)
175 throws IOException, CertPathValidatorException
176 {
177 CertId certId = null;
178 try {
179 X509CertImpl certImpl = X509CertImpl.toImpl(cert);
180 certId = new CertId(issuerCert, certImpl.getSerialNumberObject());
181 } catch (CertificateException | IOException e) {
182 throw new CertPathValidatorException
183 ("Exception while encoding OCSPRequest", e);
184 }
185 OCSPResponse ocspResponse = check(Collections.singletonList(certId),
186 responderURI, new OCSPResponse.IssuerInfo(anchor, issuerCert),
187 responderCert, date, extensions);
188 return (RevocationStatus) ocspResponse.getSingleResponse(certId);
189 }
190
191 /**
192 * Checks the revocation status of a list of certificates using OCSP.
193 *
194 * @param certIds the CertIds to be checked
195 * @param responderURI the URI of the OCSP responder
196 * @param issuerInfo the issuer's certificate and/or subject and public key
197 * @param responderCert the OCSP responder's certificate
198 * @param date the time the validity of the OCSP responder's certificate
199 * should be checked against. If null, the current time is used.
200 * @param extensions zero or more OCSP extensions to be included in the
201 * request. If no extensions are requested, an empty {@code List} must
202 * be used. A {@code null} value is not allowed.
203 * @return the OCSPResponse
204 * @throws IOException if there is an exception connecting to or
205 * communicating with the OCSP responder
206 * @throws CertPathValidatorException if an exception occurs while
|