List of usage examples for org.bouncycastle.asn1.x509 CRLReason cACompromise
int cACompromise
To view the source code for org.bouncycastle.asn1.x509 CRLReason cACompromise.
Click Source Link
From source file:mitm.common.security.crl.GenerateTestCRLs.java
License:Open Source License
@Test public void testGenerateRootRevokedCRL() throws Exception { X509CRLBuilder crlGenerator = createX509CRLBuilder(); Date thisDate = TestUtils.parseDate("30-Nov-2007 11:38:35 GMT"); Date nextDate = TestUtils.parseDate("30-Nov-2027 11:38:35 GMT"); crlGenerator.setThisUpdate(thisDate); crlGenerator.setNextUpdate(nextDate); crlGenerator.setSignatureAlgorithm("SHA256WithRSAEncryption"); crlGenerator.addCRLEntry(caCertificate.getSerialNumber(), thisDate, CRLReason.cACompromise); X509CRL crl = crlGenerator.generateCRL(new KeyAndCertificateImpl(rootPrivateKey, rootCertificate)); assertEquals("EMAILADDRESS=root@example.com, CN=MITM Test Root, L=Amsterdam, ST=NH, C=NL", crl.getIssuerX500Principal().toString()); assertEquals(thisDate, crl.getThisUpdate()); assertEquals(nextDate, crl.getNextUpdate()); assertEquals(1, crl.getRevokedCertificates().size()); assertTrue(crl.isRevoked(caCertificate)); File crlFile = new File("test/tmp/test-generate-root-ca-revoked.crl"); FileOutputStream fos = new FileOutputStream(crlFile); IOUtils.write(crl.getEncoded(), fos); fos.close();/* w w w. j av a2s .c o m*/ }
From source file:mitm.common.security.crl.X509CRLBuilderImplTest.java
License:Open Source License
@Test public void testGenerateCRL() throws Exception { X509CRLBuilder builder = securityFactory.createX509CRLBuilder(); Date thisDate = TestUtils.parseDate("30-Nov-2007 11:38:35 GMT"); Date nextDate = TestUtils.parseDate("30-Nov-2027 11:38:35 GMT"); builder.setThisUpdate(thisDate);/*from ww w.j av a2s . co m*/ builder.setNextUpdate(nextDate); builder.setSignatureAlgorithm("SHA256WithRSAEncryption"); builder.addCRLEntry(caCertificate.getSerialNumber(), thisDate, CRLReason.cACompromise); KeyAndCertificate issuer = new KeyAndCertificateImpl(rootPrivateKey, rootCertificate); X509CRL crl = builder.generateCRL(issuer); assertEquals("EMAILADDRESS=root@example.com, CN=MITM Test Root, L=Amsterdam, ST=NH, C=NL", crl.getIssuerX500Principal().toString()); assertEquals(thisDate, crl.getThisUpdate()); assertEquals(nextDate, crl.getNextUpdate()); assertEquals(1, crl.getRevokedCertificates().size()); assertTrue(crl.isRevoked(caCertificate)); crl.verify(issuer.getCertificate().getPublicKey()); /* * Check if the generated CRL is compatible with JCE X509CRL */ CertificateFactory fac = CertificateFactory.getInstance("X.509"); X509CRL jceCRL = (X509CRL) fac.generateCRL(new ByteArrayInputStream(crl.getEncoded())); assertTrue(jceCRL.isRevoked(caCertificate)); jceCRL.verify(issuer.getCertificate().getPublicKey()); }
From source file:net.maritimecloud.identityregistry.utils.CertificateUtil.java
License:Apache License
public int getCRLReasonFromString(String certReason) { int reason = CRLReason.unspecified; if ("unspecified".equals(certReason)) { reason = CRLReason.unspecified; } else if ("keycompromise".equals(certReason)) { reason = CRLReason.keyCompromise; } else if ("cacompromise".equals(certReason)) { reason = CRLReason.cACompromise; } else if ("affiliationchanged".equals(certReason)) { reason = CRLReason.affiliationChanged; } else if ("superseded".equals(certReason)) { reason = CRLReason.superseded; } else if ("cessationofoperation".equals(certReason)) { reason = CRLReason.cessationOfOperation; } else if ("certificateHold".equals(certReason)) { reason = CRLReason.certificateHold; } else if ("removefromcrl".equals(certReason)) { reason = CRLReason.removeFromCRL; } else if ("privilegewithdrawn".equals(certReason)) { reason = CRLReason.privilegeWithdrawn; } else if ("aacompromise".equals(certReason)) { reason = CRLReason.aACompromise; }//from w w w.j ava 2s . c o m return reason; }
From source file:net.maritimecloud.pki.Revocation.java
License:Apache License
/** * Returns the int value associated with a revocation status * * @param certReason The string representation of the status. Should be lowercase with no spaces or underscore * @return The int value associated with the revocation status *//*from www .j a va 2 s . com*/ public static int getCRLReasonFromString(String certReason) { int reason = CRLReason.unspecified; if ("unspecified".equals(certReason)) { reason = CRLReason.unspecified; } else if ("keycompromise".equals(certReason)) { reason = CRLReason.keyCompromise; } else if ("cacompromise".equals(certReason)) { reason = CRLReason.cACompromise; } else if ("affiliationchanged".equals(certReason)) { reason = CRLReason.affiliationChanged; } else if ("superseded".equals(certReason)) { reason = CRLReason.superseded; } else if ("cessationofoperation".equals(certReason)) { reason = CRLReason.cessationOfOperation; } else if ("certificatehold".equals(certReason)) { reason = CRLReason.certificateHold; } else if ("removefromcrl".equals(certReason)) { reason = CRLReason.removeFromCRL; } else if ("privilegewithdrawn".equals(certReason)) { reason = CRLReason.privilegeWithdrawn; } else if ("aacompromise".equals(certReason)) { reason = CRLReason.aACompromise; } return reason; }
From source file:net.sf.keystore_explorer.crypto.x509.X509Ext.java
License:Open Source License
private String getReasonCodeStringValue(byte[] value) throws IOException { // @formatter:off /*//from w w w . ja va 2 s . c o m * ReasonCode ::= { CRLReason } * * CRLReason ::= ASN1Enumerated { unspecified (0), keyCompromise (1), * cACompromise (2), affiliationChanged (3), superseded (4), * cessationOfOperation (5), certificateHold (6), removeFromCRL (8), * privilegeWithdrawn (9), aACompromise (10) } */ // @formatter:on StringBuilder sb = new StringBuilder(); CRLReason crlReason = CRLReason.getInstance(value); long crlReasonLong = crlReason.getValue().longValue(); if (crlReasonLong == CRLReason.unspecified) { sb.append(res.getString("UnspecifiedCrlReason")); } else if (crlReasonLong == CRLReason.keyCompromise) { sb.append(res.getString("KeyCompromiseCrlReason")); } else if (crlReasonLong == CRLReason.cACompromise) { sb.append(res.getString("CaCompromiseCrlReason")); } else if (crlReasonLong == CRLReason.affiliationChanged) { sb.append(res.getString("AffiliationChangedCrlReason")); } else if (crlReasonLong == CRLReason.superseded) { sb.append(res.getString("SupersededCrlReason")); } else if (crlReasonLong == CRLReason.cessationOfOperation) { sb.append(res.getString("CessationOfOperationCrlReason")); } else if (crlReasonLong == CRLReason.certificateHold) { sb.append(res.getString("CertificateHoldCrlReason")); } else if (crlReasonLong == CRLReason.removeFromCRL) { sb.append(res.getString("RemoveFromCrlCrlReason")); } else if (crlReasonLong == CRLReason.privilegeWithdrawn) { sb.append(res.getString("PrivilegeWithdrawnCrlReason")); } else // CRLReason.aACompromise { sb.append(res.getString("AaCompromiseCrlReason")); } sb.append(NEWLINE); return sb.toString(); }
From source file:org.apache.zookeeper.server.quorum.QuorumSSLTest.java
License:Apache License
private void buildCRL(X509Certificate x509Certificate, String crlPath) throws Exception { X509v2CRLBuilder builder = new JcaX509v2CRLBuilder(x509Certificate.getIssuerX500Principal(), certStartTime); builder.addCRLEntry(x509Certificate.getSerialNumber(), certStartTime, CRLReason.cACompromise); builder.setNextUpdate(certEndTime);/*from www. j a v a 2 s.c o m*/ builder.addExtension(Extension.authorityKeyIdentifier, false, new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(rootCertificate)); builder.addExtension(Extension.cRLNumber, false, new CRLNumber(new BigInteger("1000"))); X509CRLHolder cRLHolder = builder.build(contentSigner); PemWriter pemWriter = new PemWriter(new FileWriter(crlPath)); pemWriter.writeObject(new MiscPEMGenerator(cRLHolder)); pemWriter.flush(); pemWriter.close(); }
From source file:org.ejbca.ui.cmpclient.commands.RevocationRequestCommand.java
License:Open Source License
private CRLReason getCRLReason(String revreason) { if (revreason == null) return CRLReason.lookup(CRLReason.unspecified); if (StringUtils.equalsIgnoreCase(revreason, REVOCATION_REASON_UNSPECIFIED)) return CRLReason.lookup(CRLReason.unspecified); if (StringUtils.equalsIgnoreCase(revreason, REVOCATION_REASON_KEYCOMPROMISE)) return CRLReason.lookup(CRLReason.keyCompromise); if (StringUtils.equalsIgnoreCase(revreason, REVOCATION_REASON_CACOMPROMISE)) return CRLReason.lookup(CRLReason.cACompromise); if (StringUtils.equalsIgnoreCase(revreason, REVOCATION_REASON_AFFILIATIONCHANGED)) return CRLReason.lookup(CRLReason.affiliationChanged); if (StringUtils.equalsIgnoreCase(revreason, REVOCATION_REASON_SUPERSEDED)) return CRLReason.lookup(CRLReason.superseded); if (StringUtils.equalsIgnoreCase(revreason, REVOCATION_REASON_CESSATIONOFOPERATION)) return CRLReason.lookup(CRLReason.cessationOfOperation); if (StringUtils.equalsIgnoreCase(revreason, REVOCATION_REASON_CERTIFICATEHOLD)) return CRLReason.lookup(CRLReason.certificateHold); return CRLReason.lookup(CRLReason.unspecified); }
From source file:org.qipki.crypto.x509.RevocationReason.java
License:Open Source License
public static RevocationReason valueOf(int reason) { switch (reason) { case CRLReason.unspecified: return unspecified; case CRLReason.keyCompromise: return keyCompromise; case CRLReason.cACompromise: return cACompromise; case CRLReason.affiliationChanged: return affiliationChanged; case CRLReason.superseded: return superseded; case CRLReason.cessationOfOperation: return cessationOfOperation; case CRLReason.certificateHold: return certificateHold; case CRLReason.removeFromCRL: return removeFromCRL; case CRLReason.privilegeWithdrawn: return privilegeWithdrawn; case CRLReason.aACompromise: return aACompromise; default:/* ww w . j a va2 s . c om*/ throw new IllegalArgumentException("Unknown revocation reason: " + reason); } }