Package org.keycloak.utils
Class CRLUtils
- java.lang.Object
-
- org.keycloak.utils.CRLUtils
-
public final class CRLUtils extends Object
- Since:
- 10/31/2016
- Version:
- $Revision: 1 $
- Author:
- Peter Nalyvayko
-
-
Constructor Summary
Constructors Constructor Description CRLUtils()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static void
check(X509Certificate[] certs, X509CRL crl, org.keycloak.models.KeycloakSession session)
Check the signature on CRL and check if 1st certificate from the chain ((The actual certificate from the client)) is valid and not available on CRL.static List<String>
getCRLDistributionPoints(X509Certificate cert)
Retrieves a list of CRL distribution points from CRLDP v3 certificate extension See CRL validation
-
-
-
Method Detail
-
getCRLDistributionPoints
public static List<String> getCRLDistributionPoints(X509Certificate cert) throws IOException
Retrieves a list of CRL distribution points from CRLDP v3 certificate extension See CRL validation- Parameters:
cert
-- Returns:
- Throws:
IOException
-
check
public static void check(X509Certificate[] certs, X509CRL crl, org.keycloak.models.KeycloakSession session) throws GeneralSecurityException
Check the signature on CRL and check if 1st certificate from the chain ((The actual certificate from the client)) is valid and not available on CRL.- Parameters:
certs
- The 1st certificate is the actual certificate of the user. The other certificates represents the certificate chaincrl
- Given CRL- Throws:
GeneralSecurityException
- if some error in validation happens. Typically certificate not valid, or CRL signature not valid
-
-