Package org.bouncycastle.cert

Examples of org.bouncycastle.cert.X509v2CRLBuilder

674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
      KeyStore store = openKeyStore(caKeystoreFile, caKeystorePassword);
      PrivateKey caPrivateKey = (PrivateKey) store.getKey(CA_ALIAS, caKeystorePassword.toCharArray());
      X509Certificate caCert = (X509Certificate) store.getCertificate(CA_ALIAS);

      X500Name issuerDN = new X500Name(PrincipalUtil.getIssuerX509Principal(caCert).getName());
      X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(issuerDN, new Date());

      // build and sign CRL with CA private key
      ContentSigner signer = new JcaContentSignerBuilder(SIGNING_ALGORITHM).setProvider(BC).build(caPrivateKey);
      X509CRLHolder crl = crlBuilder.build(signer);

      File tmpFile = new File(caRevocationList.getParentFile(), Long.toHexString(System.currentTimeMillis()) + ".tmp");
      FileOutputStream fos = null;
      try {
        fos = new FileOutputStream(tmpFile);
View Full Code Here
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
   */
  public static boolean revoke(X509Certificate cert, RevocationReason reason,
       File caRevocationList, PrivateKey caPrivateKey, X509Log x509log) {
    try {
      X500Name issuerDN = new X500Name(PrincipalUtil.getIssuerX509Principal(cert).getName());
      X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(issuerDN, new Date());
      if (caRevocationList.exists()) {
        byte [] data = FileUtils.readContent(caRevocationList);
        X509CRLHolder crl = new X509CRLHolder(data);
        crlBuilder.addCRL(crl);
      }
      crlBuilder.addCRLEntry(cert.getSerialNumber(), new Date(), reason.ordinal());

      // build and sign CRL with CA private key
      ContentSigner signer = new JcaContentSignerBuilder("SHA1WithRSA").setProvider(BC).build(caPrivateKey);
      X509CRLHolder crl = crlBuilder.build(signer);

      File tmpFile = new File(caRevocationList.getParentFile(), Long.toHexString(System.currentTimeMillis()) + ".tmp");
      FileOutputStream fos = null;
      try {
        fos = new FileOutputStream(tmpFile);
View Full Code Here
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
    public static X509CRL generateCrl(X509Certificate issuer, PrivateKey issuerPrivateKey)
    throws CertificateEncodingException, IOException, CRLException, OperatorCreationException {
       
        X509CertificateHolder holder = new X509CertificateHolder(issuer.getEncoded());
        X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(holder.getIssuer(), new Date());
        crlBuilder.setNextUpdate(new Date(new Date().getTime() + 100000));
        JcaContentSignerBuilder contentBuilder = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC");

        CRLNumber crlNumber = new CRLNumber(new BigInteger("1234"));
       
        crlBuilder.addExtension(Extension.cRLNumber, false, crlNumber);
        X509CRLHolder x509Crl = crlBuilder.build(contentBuilder.build(issuerPrivateKey));
        return new JcaX509CRLConverter().setProvider("BC").getCRL(x509Crl);
    }
View Full Code Here
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
  public CRLResponse generate(final CRLRequest request) {
    try {
      Date now = new Date();
      BouncyCastleCRLRequest bcRequest = new BouncyCastleCRLRequest(request);

      X509v2CRLBuilder builder = new X509v2CRLBuilder(bcRequest.getIssuerX500Name(), now);
      builder.setNextUpdate(bcRequest.getNextUpdate());

      X509Certificate certificate = bcRequest.getIssuerCertificate();
      AuthorityKeyIdentifier authorityKeyIdentifier = new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(certificate);
      builder.addExtension(X509Extension.authorityKeyIdentifier, false, authorityKeyIdentifier);

      builder.addExtension(X509Extension.cRLNumber, false, new CRLNumber(bcRequest.getNumber()));

      if (bcRequest.getOldCrl() != null) {
        X509CRLHolder current = new X509CRLHolder(bcRequest.getOldCrl());
        builder.addCRL(current);
      }

      PrivateKey privateKey = bcRequest.getIssuerPrivateKey();
      JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder(bcRequest.getSignAlgorithm());
      contentSignerBuilder.setProvider(BouncyCastleProviderHelper.PROVIDER_NAME);
      ContentSigner contentSigner = contentSignerBuilder.build(privateKey);

      for (CRLEntry entry : bcRequest.getEntries()) {
        builder.addCRLEntry(entry.getSerialNumber(), entry.getDate(), entry.getReason().getCode());
      }

      X509CRLHolder crlh = builder.build(contentSigner);

      JcaX509CRLConverter crlConverter = new JcaX509CRLConverter();
      crlConverter.setProvider(BouncyCastleProviderHelper.PROVIDER_NAME);
      X509CRL crl = crlConverter.getCRL(crlh);
View Full Code Here
TOP

Related Classes of org.bouncycastle.cert.X509v2CRLBuilder

  • br.net.woodstock.rockframework.security.cert.impl.BouncyCastleCRLGenerator
  • com.gitblit.utils.X509Utils
  • org.apache.poi.poifs.crypt.PkiTestUtils
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.