org.keycloak.utils

Class CRLUtils

java.lang.Object

org.keycloak.utils.CRLUtils

public final class CRLUtils
extends Object

Since:

10/31/2016

Version:

$Revision: 1 $

Author:

Peter Nalyvayko

Constructor Summary

Constructors

Constructor and Description
CRLUtils()

Method Summary

Modifier and Type	Method and Description
static void	check(X509Certificate[] certs, X509CRL crl, KeycloakSession session) Check the signature on CRL and check if 1st certificate from the chain ((The actual certificate from the client)) is valid and not available on CRL.
static List<String>	getCRLDistributionPoints(X509Certificate cert) Retrieves a list of CRL distribution points from CRLDP v3 certificate extension See CRL validation

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CRLUtils

public CRLUtils()

Method Detail

getCRLDistributionPoints

public static List<String> getCRLDistributionPoints(X509Certificate cert)
                                             throws IOException

Retrieves a list of CRL distribution points from CRLDP v3 certificate extension See CRL validation

Parameters:

cert -

Returns:

Throws:

IOException

check

public static void check(X509Certificate[] certs,
                         X509CRL crl,
                         KeycloakSession session)
                  throws GeneralSecurityException

Check the signature on CRL and check if 1st certificate from the chain ((The actual certificate from the client)) is valid and not available on CRL.

Parameters:

certs - The 1st certificate is the actual certificate of the user. The other certificates represents the certificate chain

crl - Given CRL

Throws:

GeneralSecurityException - if some error in validation happens. Typically certificate not valid, or CRL signature not valid