KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC");
X509V2CRLGenerator crlGen = new X509V2CRLGenerator();
Date now = new Date();
KeyPair pair = kpGen.generateKeyPair();
crlGen.setIssuerDN(new X500Principal("CN=Test CA"));
crlGen.setThisUpdate(now);
crlGen.setNextUpdate(new Date(now.getTime() + 100000));
crlGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
Vector extOids = new Vector();
Vector extValues = new Vector();
CRLReason crlReason = new CRLReason(CRLReason.privilegeWithdrawn);
try
{
extOids.addElement(X509Extensions.ReasonCode);
extValues.addElement(new X509Extension(false, new DEROctetString(crlReason.getEncoded())));
}
catch (IOException e)
{
throw new IllegalArgumentException("error encoding reason: " + e);
}
X509Extensions entryExtensions = new X509Extensions(extOids, extValues);
crlGen.addCRLEntry(BigInteger.ONE, now, entryExtensions);
crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(pair.getPublic()));
X509CRL crl = crlGen.generate(pair.getPrivate(), "BC");
if (!crl.getIssuerX500Principal().equals(new X500Principal("CN=Test CA")))
{
fail("failed CRL issuer test");
}
byte[] authExt = crl.getExtensionValue(X509Extensions.AuthorityKeyIdentifier.getId());
if (authExt == null)
{
fail("failed to find CRL extension");
}
AuthorityKeyIdentifier authId = new AuthorityKeyIdentifierStructure(authExt);
X509CRLEntry entry = crl.getRevokedCertificate(BigInteger.ONE);
if (entry == null)
{
fail("failed to find CRL entry");
}
if (!entry.getSerialNumber().equals(BigInteger.ONE))
{
fail("CRL cert serial number does not match");
}
if (!entry.hasExtensions())
{
fail("CRL entry extension not found");
}
byte[] ext = entry.getExtensionValue(X509Extensions.ReasonCode.getId());
if (ext != null)
{
DEREnumerated reasonCode = (DEREnumerated)X509ExtensionUtil.fromExtensionValue(ext);
if (reasonCode.getValue().intValue() != CRLReason.privilegeWithdrawn)
{
fail("CRL entry reasonCode wrong");
}
}
else
{
fail("CRL entry reasonCode not found");
}
//
// check loading of existing CRL
//
crlGen = new X509V2CRLGenerator();
now = new Date();
crlGen.setIssuerDN(new X500Principal("CN=Test CA"));
crlGen.setThisUpdate(now);
crlGen.setNextUpdate(new Date(now.getTime() + 100000));
crlGen.setSignatureAlgorithm("SHA256WithRSAEncryption");