List of usage examples for org.bouncycastle.asn1.x509 CertificateList getThisUpdate
public Time getThisUpdate()
From source file:org.candlepin.util.X509CRLStreamWriter.java
License:Open Source License
protected void writeToEmptyCrl(OutputStream out) throws IOException { ASN1InputStream asn1in = null; try {/*from w w w . j av a 2 s. c o m*/ asn1in = new ASN1InputStream(crlIn); DERSequence certListSeq = (DERSequence) asn1in.readObject(); CertificateList certList = new CertificateList(certListSeq); X509CRLHolder oldCrl = new X509CRLHolder(certList); X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(oldCrl.getIssuer(), new Date()); crlBuilder.addCRL(oldCrl); Date now = new Date(); Date oldNextUpdate = certList.getNextUpdate().getDate(); Date oldThisUpdate = certList.getThisUpdate().getDate(); Date nextUpdate = new Date(now.getTime() + (oldNextUpdate.getTime() - oldThisUpdate.getTime())); crlBuilder.setNextUpdate(nextUpdate); for (Object o : oldCrl.getExtensionOIDs()) { ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) o; X509Extension ext = oldCrl.getExtension(oid); if (oid.equals(X509Extension.cRLNumber)) { DEROctetString octet = (DEROctetString) ext.getValue().getDERObject(); DERInteger currentNumber = (DERInteger) DERTaggedObject.fromByteArray(octet.getOctets()); DERInteger nextNumber = new DERInteger(currentNumber.getValue().add(BigInteger.ONE)); crlBuilder.addExtension(oid, ext.isCritical(), nextNumber); } else if (oid.equals(X509Extension.authorityKeyIdentifier)) { crlBuilder.addExtension(oid, ext.isCritical(), new AuthorityKeyIdentifierStructure(ext.getValue().getDEREncoded())); } } for (DERSequence entry : newEntries) { // XXX: This is all a bit messy considering the user already passed in the serial, date // and reason. BigInteger serial = ((DERInteger) entry.getObjectAt(0)).getValue(); Date revokeDate = ((Time) entry.getObjectAt(1)).getDate(); int reason = CRLReason.unspecified; if (entry.size() == 3) { X509Extensions extensions = (X509Extensions) entry.getObjectAt(2); X509Extension reasonExt = extensions.getExtension(X509Extension.reasonCode); if (reasonExt != null) { reason = ((DEREnumerated) reasonExt.getParsedValue()).getValue().intValue(); } } crlBuilder.addCRLEntry(serial, revokeDate, reason); } RSAKeyParameters keyParams = new RSAKeyParameters(true, key.getModulus(), key.getPrivateExponent()); signingAlg = oldCrl.toASN1Structure().getSignatureAlgorithm(); digestAlg = new DefaultDigestAlgorithmIdentifierFinder().find(signingAlg); ContentSigner s; try { s = new BcRSAContentSignerBuilder(signingAlg, digestAlg).build(keyParams); X509CRLHolder newCrl = crlBuilder.build(s); out.write(newCrl.getEncoded()); } catch (OperatorCreationException e) { throw new IOException("Could not sign CRL", e); } } finally { IOUtils.closeQuietly(asn1in); } }
From source file:org.xipki.ca.server.impl.X509CA.java
License:Open Source License
/** * * @param crlNumber/*from www .j av a 2 s . c om*/ * @return * @throws OperationException */ public CertificateList getCRL(final BigInteger crlNumber) throws OperationException { LOG.info(" START getCurrentCRL: ca={}, crlNumber={}", caInfo.getName(), crlNumber); boolean successfull = false; try { byte[] encodedCrl = certstore.getEncodedCRL(caInfo.getCertificate(), crlNumber); if (encodedCrl == null) { return null; } try { CertificateList crl = CertificateList.getInstance(encodedCrl); successfull = true; LOG.info("SUCCESSFUL getCurrentCRL: ca={}, thisUpdate={}", caInfo.getName(), crl.getThisUpdate().getTime()); return crl; } catch (RuntimeException e) { throw new OperationException(ErrorCode.SYSTEM_FAILURE, e.getClass().getName() + ": " + e.getMessage()); } } finally { if (successfull == false) { LOG.info(" FAILED getCurrentCRL: ca={}", caInfo.getName()); } } }
From source file:org.xipki.commons.security.shell.CrlInfoCmd.java
License:Open Source License
@Override protected Object doExecute() throws Exception { CertificateList crl = CertificateList.getInstance(IoUtil.read(inFile)); if (crlNumber != null && crlNumber) { ASN1Encodable asn1 = crl.getTBSCertList().getExtensions().getExtensionParsedValue(Extension.cRLNumber); if (asn1 == null) { return "null"; }//w w w .j a va 2 s. c o m return getNumber(ASN1Integer.getInstance(asn1).getPositiveValue()); } else if (issuer != null && issuer) { return crl.getIssuer().toString(); } else if (thisUpdate != null && thisUpdate) { return toUtcTimeyyyyMMddhhmmssZ(crl.getThisUpdate().getDate()); } else if (nextUpdate != null && nextUpdate) { return crl.getNextUpdate() == null ? "null" : toUtcTimeyyyyMMddhhmmssZ(crl.getNextUpdate().getDate()); } return null; }
From source file:org.xipki.pki.ca.server.impl.X509Ca.java
License:Open Source License
public CertificateList getBcCrl(final BigInteger crlNumber) throws OperationException { String caName = getCaName();//from w ww . j ava 2 s .co m LOG.info(" START getCrl: ca={}, crlNumber={}", caName, crlNumber); boolean successful = false; try { byte[] encodedCrl = certstore.getEncodedCrl(caInfo.getCertificate(), crlNumber); if (encodedCrl == null) { return null; } try { CertificateList crl = CertificateList.getInstance(encodedCrl); successful = true; if (LOG.isInfoEnabled()) { LOG.info("SUCCESSFUL getCrl: ca={}, thisUpdate={}", caName, crl.getThisUpdate().getTime()); } return crl; } catch (RuntimeException ex) { throw new OperationException(ErrorCode.SYSTEM_FAILURE, ex); } } finally { if (!successful) { LOG.info(" FAILED getCrl: ca={}", caName); } } }