Package org.bouncycastle.x509

Examples of org.bouncycastle.x509.X509V2CRLGenerator

820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
        }
        Date thisUpdate = new Date();
        Date nextUpdate = new Date();

        nextUpdate.setTime(nextUpdate.getTime() + crlPeriod);
        X509V2CRLGenerator crlgen = new X509V2CRLGenerator();
        crlgen.setThisUpdate(thisUpdate);
        crlgen.setNextUpdate(nextUpdate);
        crlgen.setSignatureAlgorithm(sigAlg);
        // Make DNs
        X509Certificate cacert = (X509Certificate)getCACertificate();
        if (cacert == null) {
          // This is an initial root CA, since no CA-certificate exists
          // (I don't think we can ever get here!!!)
            X509NameEntryConverter converter = null;
            if (getUsePrintableStringSubjectDN()) {
              converter = new PrintableStringEntryConverter();
            } else {
              converter = new X509DefaultEntryConverter();
            }

            X509Name caname = CertTools.stringToBcX509Name(getSubjectDN(), converter, getUseLdapDNOrder());
            crlgen.setIssuerDN(caname);
        } else {
          crlgen.setIssuerDN(cacert.getSubjectX500Principal());
        }
        if (certs != null) {           
            Iterator<RevokedCertInfo> it = certs.iterator();
            while( it.hasNext() ) {
                RevokedCertInfo certinfo = (RevokedCertInfo)it.next();
                crlgen.addCRLEntry(certinfo.getUserCertificate(), certinfo.getRevocationDate(), certinfo.getReason());
            }
        }

        // Authority key identifier
        if (getUseAuthorityKeyIdentifier() == true) {
            SubjectPublicKeyInfo apki = new SubjectPublicKeyInfo((ASN1Sequence)new ASN1InputStream(
                new ByteArrayInputStream(getCAToken().getPublicKey(SecConst.CAKEYPURPOSE_CRLSIGN).getEncoded())).readObject());
            AuthorityKeyIdentifier aki = new AuthorityKeyIdentifier(apki);
            crlgen.addExtension(X509Extensions.AuthorityKeyIdentifier.getId(), getAuthorityKeyIdentifierCritical(), aki);
        }
        // CRLNumber extension
        if (getUseCRLNumber() == true) {
            CRLNumber crlnum = new CRLNumber(BigInteger.valueOf(crlnumber));
            crlgen.addExtension(X509Extensions.CRLNumber.getId()this.getCRLNumberCritical(), crlnum);
        }

        if (isDeltaCRL) {
          // DeltaCRLIndicator extension
          CRLNumber basecrlnum = new CRLNumber(BigInteger.valueOf(basecrlnumber));
          crlgen.addExtension(X509Extensions.DeltaCRLIndicator.getId(), true, basecrlnum);         
        }
      // CRL Distribution point URI and Freshest CRL DP
        if(getUseCrlDistributionPointOnCrl()) {
            String crldistpoint = getDefaultCRLDistPoint();
            List<DistributionPoint> distpoints = generateDistributionPoints(crldistpoint);

            if (distpoints.size() > 0) {
                IssuingDistributionPoint idp =
                    new IssuingDistributionPoint(distpoints.get(0).getDistributionPoint(),
                                                 false, false, null, false, false);

                // According to the RFC, IDP must be a critical extension.
                // Nonetheless, at the moment, Mozilla is not able to correctly
                // handle the IDP extension and discards the CRL if it is critical.
                crlgen.addExtension(X509Extensions.IssuingDistributionPoint.getId(),
                                    getCrlDistributionPointOnCrlCritical(), idp);
            }

            if (!isDeltaCRL) {
                String crlFreshestDP = getCADefinedFreshestCRL();
                List<DistributionPoint> freshestDistPoints = generateDistributionPoints(crlFreshestDP);
                if (freshestDistPoints.size() > 0) {
                    CRLDistPoint ext = new CRLDistPoint((DistributionPoint[])freshestDistPoints.toArray(new DistributionPoint[freshestDistPoints.size()]));

                    // According to the RFC, the Freshest CRL extension on a
                    // CRL must not be marked as critical. Therefore it is
                    // hardcoded as not critical and is independent of
                    // getCrlDistributionPointOnCrlCritical().
                    crlgen.addExtension(X509Extensions.FreshestCRL.getId(),
                                        false, ext);
                }

            }
      }

        X509CRL crl;
        crl = crlgen.generate(getCAToken().getPrivateKey(SecConst.CAKEYPURPOSE_CRLSIGN),getCAToken().getProvider());
        // Verify before sending back
        crl.verify(getCAToken().getPublicKey(SecConst.CAKEYPURPOSE_CRLSIGN));

        return crl;       
    }   
View Full Code Here
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
        X509Certificate caCert,
        PrivateKey      caKey,
        BigInteger      serialNumber)
        throws Exception
    {
        X509V2CRLGenerator   crlGen = new X509V2CRLGenerator();
        Date                 now = new Date();
        BigInteger           revokedSerialNumber = BigInteger.valueOf(2);
       
        crlGen.setIssuerDN(PrincipalUtil.getSubjectX509Principal(caCert));
       
        crlGen.setThisUpdate(now);
        crlGen.setNextUpdate(new Date(now.getTime() + 100000));
        crlGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
       
        crlGen.addCRLEntry(serialNumber, now, CRLReason.privilegeWithdrawn);
       
        crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert));
        crlGen.addExtension(X509Extensions.CRLNumber, false, new CRLNumber(BigInteger.valueOf(1)));
       
        return crlGen.generateX509CRL(caKey, "BC");
    }
View Full Code Here
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
    public void checkCRLCreation()
    {
        try
        {
            KeyPairGenerator     kpGen = KeyPairGenerator.getInstance("RSA", "BC");
            X509V2CRLGenerator   crlGen = new X509V2CRLGenerator();
            Date                 now = new Date();
            KeyPair              pair = kpGen.generateKeyPair();
           
            crlGen.setIssuerDN(new X500Principal("CN=Test CA"));
           
            crlGen.setThisUpdate(now);
            crlGen.setNextUpdate(new Date(now.getTime() + 100000));
            crlGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
           
            crlGen.addCRLEntry(BigInteger.ONE, now, CRLReason.privilegeWithdrawn);
           
            crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(pair.getPublic()));
           
            X509CRL    crl = crlGen.generateX509CRL(pair.getPrivate(), "BC");
           
            if (!crl.getIssuerX500Principal().equals(new X500Principal("CN=Test CA")))
            {
                fail("failed CRL issuer test");
            }
View Full Code Here
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
    public void checkCRLCreation1()
        throws Exception
    {
        KeyPairGenerator     kpGen = KeyPairGenerator.getInstance("RSA", "BC");
        X509V2CRLGenerator   crlGen = new X509V2CRLGenerator();
        Date                 now = new Date();
        KeyPair              pair = kpGen.generateKeyPair();
       
        crlGen.setIssuerDN(new X500Principal("CN=Test CA"));
       
        crlGen.setThisUpdate(now);
        crlGen.setNextUpdate(new Date(now.getTime() + 100000));
        crlGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
       
        crlGen.addCRLEntry(BigInteger.ONE, now, CRLReason.privilegeWithdrawn);
       
        crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(pair.getPublic()));
       
        X509CRL    crl = crlGen.generate(pair.getPrivate(), "BC");
       
        if (!crl.getIssuerX500Principal().equals(new X500Principal("CN=Test CA")))
        {
            fail("failed CRL issuer test");
        }
View Full Code Here
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
   
    public void checkCRLCreation2()
        throws Exception
    {
        KeyPairGenerator     kpGen = KeyPairGenerator.getInstance("RSA", "BC");
        X509V2CRLGenerator   crlGen = new X509V2CRLGenerator();
        Date                 now = new Date();
        KeyPair              pair = kpGen.generateKeyPair();
       
        crlGen.setIssuerDN(new X500Principal("CN=Test CA"));
       
        crlGen.setThisUpdate(now);
        crlGen.setNextUpdate(new Date(now.getTime() + 100000));
        crlGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
       
        Vector extOids = new Vector();
        Vector extValues = new Vector();
       
        CRLReason crlReason = new CRLReason(CRLReason.privilegeWithdrawn);
       
        try
        {
            extOids.addElement(X509Extensions.ReasonCode);
            extValues.addElement(new X509Extension(false, new DEROctetString(crlReason.getEncoded())));
        }
        catch (IOException e)
        {
            throw new IllegalArgumentException("error encoding reason: " + e);
        }
       
        X509Extensions entryExtensions = new X509Extensions(extOids, extValues);
       
        crlGen.addCRLEntry(BigInteger.ONE, now, entryExtensions);
       
        crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(pair.getPublic()));
       
        X509CRL    crl = crlGen.generate(pair.getPrivate(), "BC");
       
        if (!crl.getIssuerX500Principal().equals(new X500Principal("CN=Test CA")))
        {
            fail("failed CRL issuer test");
        }
View Full Code Here
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
   
    public void checkCRLCreation3()
        throws Exception
    {
        KeyPairGenerator     kpGen = KeyPairGenerator.getInstance("RSA", "BC");
        X509V2CRLGenerator   crlGen = new X509V2CRLGenerator();
        Date                 now = new Date();
        KeyPair              pair = kpGen.generateKeyPair();
       
        crlGen.setIssuerDN(new X500Principal("CN=Test CA"));
       
        crlGen.setThisUpdate(now);
        crlGen.setNextUpdate(new Date(now.getTime() + 100000));
        crlGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
       
        Vector extOids = new Vector();
        Vector extValues = new Vector();
       
        CRLReason crlReason = new CRLReason(CRLReason.privilegeWithdrawn);
       
        try
        {
            extOids.addElement(X509Extensions.ReasonCode);
            extValues.addElement(new X509Extension(false, new DEROctetString(crlReason.getEncoded())));
        }
        catch (IOException e)
        {
            throw new IllegalArgumentException("error encoding reason: " + e);
        }
       
        X509Extensions entryExtensions = new X509Extensions(extOids, extValues);
       
        crlGen.addCRLEntry(BigInteger.ONE, now, entryExtensions);
       
        crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(pair.getPublic()));
       
        X509CRL    crl = crlGen.generate(pair.getPrivate(), "BC");
       
        if (!crl.getIssuerX500Principal().equals(new X500Principal("CN=Test CA")))
        {
            fail("failed CRL issuer test");
        }
       
        byte[] authExt = crl.getExtensionValue(X509Extensions.AuthorityKeyIdentifier.getId());
       
        if (authExt == null)
        {
            fail("failed to find CRL extension");
        }
       
        AuthorityKeyIdentifier authId = new AuthorityKeyIdentifierStructure(authExt);
       
        X509CRLEntry entry = crl.getRevokedCertificate(BigInteger.ONE);
       
        if (entry == null)
        {
            fail("failed to find CRL entry");
        }
       
        if (!entry.getSerialNumber().equals(BigInteger.ONE))
        {
            fail("CRL cert serial number does not match");
        }
       
        if (!entry.hasExtensions())
        {
            fail("CRL entry extension not found");
        }
   
        byte[]  ext = entry.getExtensionValue(X509Extensions.ReasonCode.getId());
   
        if (ext != null)
        {
            DEREnumerated   reasonCode = (DEREnumerated)X509ExtensionUtil.fromExtensionValue(ext);
                                                                      
            if (reasonCode.getValue().intValue() != CRLReason.privilegeWithdrawn)
            {
                fail("CRL entry reasonCode wrong");
            }
        }
        else
        {
            fail("CRL entry reasonCode not found");
        }
       
        //
        // check loading of existing CRL
        //
        crlGen = new X509V2CRLGenerator();
        now = new Date();
       
        crlGen.setIssuerDN(new X500Principal("CN=Test CA"));
       
        crlGen.setThisUpdate(now);
        crlGen.setNextUpdate(new Date(now.getTime() + 100000));
        crlGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
       
        crlGen.addCRL(crl);
       
        crlGen.addCRLEntry(BigInteger.valueOf(2), now, entryExtensions);
       
        crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(pair.getPublic()));
       
        X509CRL    newCrl = crlGen.generate(pair.getPrivate(), "BC");
       
        int     count = 0;
        boolean oneFound = false;
        boolean twoFound = false;
       
View Full Code Here
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
    @Test
    public void decodeValue() throws Exception {
        // there's gotta be a way to reduce to a set of mocks
        KeyPair kp = CrlGeneratorTest.generateKP();
        X509V2CRLGenerator g = new X509V2CRLGenerator();
        g.setIssuerDN(new X500Principal("CN=test, UID=" + UUID.randomUUID()));
        g.setThisUpdate(new Date());
        g.setNextUpdate(Util.tomorrow());
        g.setSignatureAlgorithm("SHA1withRSA");
        g.addExtension(X509Extensions.CRLNumber, false,
            new CRLNumber(BigInteger.TEN));

        X509CRL x509crl = g.generate(kp.getPrivate());

        assertEquals("10", pkiUtility.decodeDERValue(x509crl.getExtensionValue(
            X509Extensions.CRLNumber.getId())));
    }
View Full Code Here
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
        assertEquals(BigInteger.ZERO, generator.getCRLNumber(null));
    }

    @Test
    public void crlNumberWithCert() throws Exception {
        X509V2CRLGenerator g = new X509V2CRLGenerator();
        g.setIssuerDN(new X500Principal("CN=test, UID=" + UUID.randomUUID()));
        g.setThisUpdate(new Date());
        g.setNextUpdate(Util.tomorrow());
        g.setSignatureAlgorithm("SHA1withRSA");
        g.addExtension(X509Extensions.CRLNumber, false,
            new CRLNumber(BigInteger.TEN));

        X509CRL x509crl = g.generate(KP.getPrivate());
        assertEquals(BigInteger.TEN, this.generator.getCRLNumber(x509crl));
    }
View Full Code Here
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
    @Test
    public void emptyRevocationsReturnsUntouched() throws Exception {
        // there's gotta be a way to reduce to a set of mocks

        KeyPair kp = CrlGeneratorTest.generateKP();
        X509V2CRLGenerator g = new X509V2CRLGenerator();
        g.setIssuerDN(new X500Principal("CN=test, UID=" + UUID.randomUUID()));
        g.setThisUpdate(new Date());
        g.setNextUpdate(Util.tomorrow());
        g.setSignatureAlgorithm("SHA1withRSA");
        g.addExtension(X509Extensions.CRLNumber, false,
            new CRLNumber(BigInteger.TEN));
        X509CRL x509crl = g.generate(kp.getPrivate());

        // now we need to remove one of those serials
        List<CertificateSerial> toremove = new ArrayList<CertificateSerial>() {
            {
                add(stubCS(100L, new Date()));
View Full Code Here
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
    @SuppressWarnings("serial")
    public void removeEntries() throws Exception {
        // there's gotta be a way to reduce to a set of mocks

        KeyPair kp = CrlGeneratorTest.generateKP();
        X509V2CRLGenerator g = new X509V2CRLGenerator();
        g.setIssuerDN(new X500Principal("CN=test, UID=" + UUID.randomUUID()));
        g.setThisUpdate(new Date());
        g.setNextUpdate(Util.tomorrow());
        g.setSignatureAlgorithm("SHA1withRSA");
        g.addExtension(X509Extensions.CRLNumber, false,
            new CRLNumber(BigInteger.TEN));
        X509CRL x509crl = g.generate(kp.getPrivate());

        List<CertificateSerial> serials = getStubCSList();
        List<X509CRLEntryWrapper> entries = Util.newList();
        for (CertificateSerial serial : serials) {
            entries.add(new X509CRLEntryWrapper(serial.getSerial(),
View Full Code Here
TOP

Related Classes of org.bouncycastle.x509.X509V2CRLGenerator

  • org.bouncycastle.asn1.ASN1EncodableVector
  • org.bouncycastle.asn1.ASN1GeneralizedTime
  • org.bouncycastle.asn1.ASN1InputStream
  • org.bouncycastle.asn1.ASN1Integer
  • org.bouncycastle.asn1.ASN1ObjectIdentifier
  • org.bouncycastle.asn1.ASN1Primitive
  • org.bouncycastle.asn1.ASN1Sequence
  • org.bouncycastle.asn1.DERBitString
  • org.bouncycastle.asn1.DERGeneralizedTime
  • org.bouncycastle.asn1.DERInteger
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.