org.ccnx.ccn.impl.security.crypto.util.MinimalCRLGenerator Class Reference
Helper wrapper around BouncyCastle's CRL support.
More...
List of all members.
Public Member Functions |
| MinimalCRLGenerator (String issuerName, Date thisUpdate, Date nextUpdate) |
| Constructor for X509CRLGenerator.
|
| MinimalCRLGenerator (X509Name issuerName, Date thisUpdate, Date nextUpdate) |
| MinimalCRLGenerator (String issuerName, long duration) |
| Same as above, only sets thisUpdate to now and nextUpdate to now+duration.
|
| MinimalCRLGenerator (X509Name issuerName, long duration) |
void | addExtension (String oid, boolean critical, byte[] encodedValue) |
| Add an extension to the CRL.
|
void | addRevokedCertificate (BigInteger serialNumber, Date revocationTime, int reason) |
| Reason codes listed above.
|
void | addRevokedCertificate (BigInteger serialNumber, Date revocationTime, String reason) throws InvalidParameterException |
| Add a certificate to a CRL.
|
X509CRL | sign (String hashAlgorithm, PrivateKey signingKey, String provider) throws InvalidKeyException, SignatureException, NoSuchProviderException, CRLException, IllegalStateException, NoSuchAlgorithmException |
| If the digestAlgorithm is null, SHA-1 is used.
|
Static Public Member Functions |
static int | reasonToReasonCode (String reason) |
static String | reasonCodeToReason (int code) |
Static Public Attributes |
static final int | REASON_UNSPECIFIED = 0 |
| Reason codes.
|
static final int | REASON_KEY_COMPROMISE = 1 |
static final int | REASON_CA_COMPROMISE = 2 |
static final int | REASON_AFFILIATION_CHANGED = 4 |
static final int | REASON_SUPERSEDED = 5 |
static final int | REASON_CESSATION_OF_OPERATION = 6 |
static final int | REASON_CERTIFICATE_HOLD = 7 |
static final int | REASON_REMOVE_FROM_CRL = 8 |
static final String[] | REASONS |
static final int | REASON_CODES [] |
static final int | DEFAULT_DURATION = (int)(1000 * 60 * 60 * 24 * 365.25/12) |
| One month (avg), in milliseconds.
|
Protected Attributes |
X509V2CRLGenerator | _crlGenerator = new X509V2CRLGenerator() |
Date | _thisUpdate = null |
Date | _nextUpdate = null |
Static Protected Attributes |
static final String | DEFAULT_HASH = "SHA1" |
Detailed Description
Helper wrapper around BouncyCastle's CRL support.
BouncyCastle's CRL support is a bit dodgy; as it relies on the verifier being able to inherit algorithm parameters (e.g. DSA params) for the signer key, if any, from the CA certificate.
Constructor & Destructor Documentation
org.ccnx.ccn.impl.security.crypto.util.MinimalCRLGenerator.MinimalCRLGenerator |
( |
String |
issuerName, |
|
|
Date |
thisUpdate, |
|
|
Date |
nextUpdate | |
|
) |
| | |
Constructor for X509CRLGenerator.
- Parameters:
-
| issuerName | Issuer's name in X.500 format (C=US,...) |
| thisUpdate | date of issuance of this CRL. If null, filled in with "now". |
| nextUpdate | date of expiration of this CRL. |
| extensions | currently pass through a BouncyCastle X509Extensions object to constructor. No easy way to map this back into java X509Extensions.... |
org.ccnx.ccn.impl.security.crypto.util.MinimalCRLGenerator.MinimalCRLGenerator |
( |
String |
issuerName, |
|
|
long |
duration | |
|
) |
| | |
Same as above, only sets thisUpdate to now and nextUpdate to now+duration.
- Parameters:
-
| duration | length of validity in milliseconds. If <= 0, defaults to DEFAULT_DURATION. |
Member Function Documentation
void org.ccnx.ccn.impl.security.crypto.util.MinimalCRLGenerator.addRevokedCertificate |
( |
BigInteger |
serialNumber, |
|
|
Date |
revocationTime, |
|
|
String |
reason | |
|
) |
| | throws InvalidParameterException |
Add a certificate to a CRL.
- Parameters:
-
| serialNumber | |
| revocationTime | |
| reason | must be one of the entries in the REASONS array, or null or "" for REASON_UNSPECIFIED. |
X509CRL org.ccnx.ccn.impl.security.crypto.util.MinimalCRLGenerator.sign |
( |
String |
hashAlgorithm, |
|
|
PrivateKey |
signingKey, |
|
|
String |
provider | |
|
) |
| | throws InvalidKeyException, SignatureException, NoSuchProviderException, CRLException, IllegalStateException, NoSuchAlgorithmException |
If the digestAlgorithm is null, SHA-1 is used.
- Returns:
- the DER-encoded signed CRL.
Member Data Documentation
final int org.ccnx.ccn.impl.security.crypto.util.MinimalCRLGenerator.REASON_CODES[] [static] |
Initial value: {REASON_UNSPECIFIED, REASON_KEY_COMPROMISE,
REASON_CA_COMPROMISE, REASON_AFFILIATION_CHANGED, REASON_SUPERSEDED,
REASON_CESSATION_OF_OPERATION, REASON_CERTIFICATE_HOLD, REASON_REMOVE_FROM_CRL
}
final String [] org.ccnx.ccn.impl.security.crypto.util.MinimalCRLGenerator.REASONS [static] |
Initial value: {"unspecified", "key_compromise",
"ca_compromise", "extra_space", "affiliation_changed",
"superseded", "cessation_of_operation", "certificate_hold",
"remove_from_crl"}
The documentation for this class was generated from the following file:
- src/org/ccnx/ccn/impl/security/crypto/util/MinimalCRLGenerator.java