Class CRLUtils


  • public final class CRLUtils
    extends Object
    Since:
    10/31/2016
    Version:
    $Revision: 1 $
    Author:
    Peter Nalyvayko
    • Constructor Detail

      • CRLUtils

        public CRLUtils()
    • Method Detail

      • check

        public static void check​(X509Certificate[] certs,
                                 X509CRL crl,
                                 KeycloakSession session)
                          throws GeneralSecurityException
        Check the signature on CRL and check if 1st certificate from the chain ((The actual certificate from the client)) is valid and not available on CRL.
        Parameters:
        certs - The 1st certificate is the actual certificate of the user. The other certificates represents the certificate chain
        crl - Given CRL
        Throws:
        GeneralSecurityException - if some error in validation happens. Typically certificate not valid, or CRL signature not valid