class CRLchecker { private X509CRL crl; private JSPhandler handler; public CRLchecker(JSPhandler handler) throws NamingException, CertificateException, CRLException, IOException { this.handler = handler; refresh(); } private void refresh() throws NamingException, CertificateException, CRLException, IOException { Hashtable env = new Hashtable(); env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(Context.PROVIDER_URL, handler.CRLURL); env.put(Context.REFERRAL, "follow"); env.put(Context.SECURITY_AUTHENTICATION, "simple"); if (handler.LDAPuser != null) env.put(Context.SECURITY_PRINCIPAL, handler.LDAPuser); if (handler.LDAPpasswd != null) env.put(Context.SECURITY_CREDENTIALS, handler.LDAPpasswd); DirContext ctx = new InitialDirContext(env); Attributes avals = ctx.getAttributes(""); Attribute aval = avals.get( "certificateRevocationList"); byte[] val = (byte[])aval.get(); InputStream inStream = new ByteArrayInputStream(val); CertificateFactory cf = CertificateFactory.getInstance("X.509"); crl = (X509CRL)cf.generateCRL(inStream); inStream.close(); } public long getNextUpdate() throws NamingException, CertificateException, CRLException, IOException { refresh(); if (crl == null) throw new NamingException( "CRLchecker.getNextUpdate ERROR null CRL"); Date nextUpdate = crl.getNextUpdate(); if (nextUpdate != null) return nextUpdate.getTime(); else return 7 * 24 * 3600 * 1000; } public void check(X509Certificate cert) throws javax.servlet.ServletException { if (crl == null) throw new javax.servlet.ServletException( "CRLchecker.check ERROR null CRL"); X509CRLEntry xce = crl.getRevokedCertificate( cert.getSerialNumber()); if (xce != null) throw new javax.servlet.ServletException( "CRLchecker.check revoked certificate"); } }