1 package org.bouncycastle.jce.provider; 2 3 import java.security.cert.CertStore; 4 import java.security.cert.CertStoreException; 5 import java.security.cert.PKIXParameters; 6 import java.security.cert.X509CRL; 7 import java.security.cert.X509Certificate; 8 import java.util.Collection; 9 import java.util.Date; 10 import java.util.HashSet; 11 import java.util.Iterator; 12 import java.util.List; 13 import java.util.Set; 14 15 import org.bouncycastle.util.StoreException; 16 import org.bouncycastle.x509.ExtendedPKIXParameters; 17 import org.bouncycastle.x509.X509CRLStoreSelector; 18 // BEGIN android-removed 19 // import org.bouncycastle.x509.X509Store; 20 // END android-removed 21 22 public class PKIXCRLUtil 23 { 24 public Set findCRLs(X509CRLStoreSelector crlselect, ExtendedPKIXParameters paramsPKIX, Date currentDate) 25 throws AnnotatedException 26 { 27 Set initialSet = new HashSet(); 28 29 // get complete CRL(s) 30 try 31 { 32 initialSet.addAll(findCRLs(crlselect, paramsPKIX.getAdditionalStores())); 33 initialSet.addAll(findCRLs(crlselect, paramsPKIX.getStores())); 34 initialSet.addAll(findCRLs(crlselect, paramsPKIX.getCertStores())); 35 } 36 catch (AnnotatedException e) 37 { 38 throw new AnnotatedException("Exception obtaining complete CRLs.", e); 39 } 40 41 Set finalSet = new HashSet(); 42 Date validityDate = currentDate; 43 44 if (paramsPKIX.getDate() != null) 45 { 46 validityDate = paramsPKIX.getDate(); 47 } 48 49 // based on RFC 5280 6.3.3 50 for (Iterator it = initialSet.iterator(); it.hasNext();) 51 { 52 X509CRL crl = (X509CRL)it.next(); 53 54 if (crl.getNextUpdate().after(validityDate)) 55 { 56 X509Certificate cert = crlselect.getCertificateChecking(); 57 58 if (cert != null) 59 { 60 if (crl.getThisUpdate().before(cert.getNotAfter())) 61 { 62 finalSet.add(crl); 63 } 64 } 65 else 66 { 67 finalSet.add(crl); 68 } 69 } 70 } 71 72 return finalSet; 73 } 74 75 public Set findCRLs(X509CRLStoreSelector crlselect, PKIXParameters paramsPKIX) 76 throws AnnotatedException 77 { 78 Set completeSet = new HashSet(); 79 80 // get complete CRL(s) 81 try 82 { 83 completeSet.addAll(findCRLs(crlselect, paramsPKIX.getCertStores())); 84 } 85 catch (AnnotatedException e) 86 { 87 throw new AnnotatedException("Exception obtaining complete CRLs.", e); 88 } 89 90 return completeSet; 91 } 92 93 /** 94 * Return a Collection of all CRLs found in the X509Store's that are 95 * matching the crlSelect criteriums. 96 * 97 * @param crlSelect a {@link X509CRLStoreSelector} object that will be used 98 * to select the CRLs 99 * @param crlStores a List containing only 100 * {@link org.bouncycastle.x509.X509Store X509Store} objects. 101 * These are used to search for CRLs 102 * 103 * @return a Collection of all found {@link java.security.cert.X509CRL X509CRL} objects. May be 104 * empty but never <code>null</code>. 105 */ 106 private final Collection findCRLs(X509CRLStoreSelector crlSelect, 107 List crlStores) throws AnnotatedException 108 { 109 Set crls = new HashSet(); 110 Iterator iter = crlStores.iterator(); 111 112 AnnotatedException lastException = null; 113 boolean foundValidStore = false; 114 115 while (iter.hasNext()) 116 { 117 Object obj = iter.next(); 118 119 // BEGIN android-removed 120 // if (obj instanceof X509Store) 121 // { 122 // X509Store store = (X509Store)obj; 123 // 124 // try 125 // { 126 // crls.addAll(store.getMatches(crlSelect)); 127 // foundValidStore = true; 128 // } 129 // catch (StoreException e) 130 // { 131 // lastException = new AnnotatedException( 132 // "Exception searching in X.509 CRL store.", e); 133 // } 134 // } 135 // else 136 // END android-removed 137 { 138 CertStore store = (CertStore)obj; 139 140 try 141 { 142 crls.addAll(store.getCRLs(crlSelect)); 143 foundValidStore = true; 144 } 145 catch (CertStoreException e) 146 { 147 lastException = new AnnotatedException( 148 "Exception searching in X.509 CRL store.", e); 149 } 150 } 151 } 152 if (!foundValidStore && lastException != null) 153 { 154 throw lastException; 155 } 156 return crls; 157 } 158 159 } 160
