List of usage examples for org.bouncycastle.asn1.x509 X509Extensions CRLNumber
ASN1ObjectIdentifier CRLNumber
To view the source code for org.bouncycastle.asn1.x509 X509Extensions CRLNumber.
Click Source Link
From source file:be.fedict.eid.applet.service.signer.facets.XAdESXLSignatureFacet.java
License:Open Source License
private BigInteger getCrlNumber(X509CRL crl) { byte[] crlNumberExtensionValue = crl.getExtensionValue(X509Extensions.CRLNumber.getId()); if (null == crlNumberExtensionValue) { return null; }// www. j a va 2s .co m try { ASN1InputStream asn1InputStream = new ASN1InputStream(crlNumberExtensionValue); ASN1OctetString octetString = (ASN1OctetString) asn1InputStream.readObject(); byte[] octets = octetString.getOctets(); DERInteger integer = (DERInteger) new ASN1InputStream(octets).readObject(); BigInteger crlNumber = integer.getPositiveValue(); return crlNumber; } catch (IOException e) { throw new RuntimeException("I/O error: " + e.getMessage(), e); } }
From source file:chapter7.X509CRLExample.java
/** * * @param caCert//from w w w . j a v a2s . c o m * @param caKey * @param revokedSerialNumber * @return * @throws java.lang.Exception */ public static X509CRL createCRL(final X509Certificate caCert, final PrivateKey caKey, final BigInteger revokedSerialNumber) throws Exception { X509V2CRLGenerator crlGen = new X509V2CRLGenerator(); Date now = new Date(); crlGen.setIssuerDN(caCert.getSubjectX500Principal()); crlGen.setThisUpdate(now); crlGen.setNextUpdate(new Date(now.getTime() + 100000)); crlGen.setSignatureAlgorithm(CryptoDefs.Algorithm.SHA256withRSAEncryption.getName()); crlGen.addCRLEntry(revokedSerialNumber, now, CRLReason.PRIVILEGE_WITHDRAWN.ordinal()); crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert)); crlGen.addExtension(X509Extensions.CRLNumber, false, new CRLNumber(BigInteger.valueOf(1))); return crlGen.generateX509CRL(caKey, CryptoDefs.Provider.BC.getName()); }
From source file:cybervillains.ca.Generator.java
License:Open Source License
public static void main(String[] args) { File newCertsDir = new File(NEW_CERTS_DIR_NAME); newCertsDir.mkdirs();/*from w w w . j av a 2 s .co m*/ // Create a new, blank KeyStore Manager KeyStoreManager mgr = new KeyStoreManager(newCertsDir, "blank_crl.pem"); X509V2CRLGenerator crlGen = new X509V2CRLGenerator(); Date now = new Date(); X509Certificate caCrlCert = null; try { caCrlCert = mgr.getSigningCert(); PrivateKey caCrlPrivateKey = mgr.getSigningPrivateKey(); crlGen.setIssuerDN(mgr.getSigningCert().getSubjectX500Principal()); crlGen.setThisUpdate(now); crlGen.setNextUpdate(mgr.getSigningCert().getNotAfter()); crlGen.setSignatureAlgorithm(mgr.getSigningCert().getSigAlgName()); crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCrlCert)); crlGen.addExtension(X509Extensions.CRLNumber, false, new CRLNumber(BigInteger.ONE)); X509CRL crl = crlGen.generate(caCrlPrivateKey); // You have to manually convert this file to it's PEM equivalent using OpenSSL: // > openssl crl -inform der -in blank_crl.dec -out blank_crl.pem // Save the Certificate in Binary (DEC) format File certRevoc = new File(newCertsDir, "blank_crl.dec"); FileOutputStream cerOut = new FileOutputStream(certRevoc); byte[] buf = crl.getEncoded(); cerOut.write(buf); cerOut.flush(); cerOut.close(); // Convert the generated DEC to PEM using OpenSSL Process p = Runtime.getRuntime().exec(OPENSSL_CMD_DEC_TO_PEM); p.waitFor(); } catch (KeyStoreException e) { e.printStackTrace(); } catch (IOException e) { e.printStackTrace(); } catch (CertificateParsingException e) { e.printStackTrace(); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (UnrecoverableKeyException e) { e.printStackTrace(); } catch (InvalidKeyException e) { e.printStackTrace(); } catch (SignatureException e) { e.printStackTrace(); } catch (CRLException e) { e.printStackTrace(); } catch (InterruptedException e) { e.printStackTrace(); } }
From source file:eu.europa.ec.markt.dss.validation.crl.CRLCertificateVerifier.java
License:Open Source License
private BigInteger getCrlNumber(X509CRL crl) { byte[] crlNumberExtensionValue = crl.getExtensionValue(X509Extensions.CRLNumber.getId()); if (null == crlNumberExtensionValue) { return null; }//from ww w . j a v a2s . co m try { DEROctetString octetString = (DEROctetString) (new ASN1InputStream( new ByteArrayInputStream(crlNumberExtensionValue)).readObject()); byte[] octets = octetString.getOctets(); DERInteger integer = (DERInteger) new ASN1InputStream(octets).readObject(); BigInteger crlNumber = integer.getPositiveValue(); return crlNumber; } catch (IOException e) { throw new RuntimeException("IO error: " + e.getMessage(), e); } }
From source file:io.aos.crypto.spl07.X509CRLExample.java
License:Apache License
public static X509CRL createCRL(X509Certificate caCert, PrivateKey caKey, BigInteger revokedSerialNumber) throws Exception { X509V2CRLGenerator crlGen = new X509V2CRLGenerator(); Date now = new Date(); crlGen.setIssuerDN(caCert.getSubjectX500Principal()); crlGen.setThisUpdate(now);//from w ww .j a v a2 s.c om crlGen.setNextUpdate(new Date(now.getTime() + 100000)); crlGen.setSignatureAlgorithm("SHA256WithRSAEncryption"); crlGen.addCRLEntry(revokedSerialNumber, now, CRLReason.privilegeWithdrawn); crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert)); crlGen.addExtension(X509Extensions.CRLNumber, false, new CRLNumber(BigInteger.valueOf(1))); return crlGen.generateX509CRL(caKey, "BC"); }
From source file:org.apache.synapse.transport.certificatevalidation.CRLVerifierTest.java
License:Apache License
/** * Creates a fake CRL for the fake CA. The fake certificate with the given revokedSerialNumber will be marked * as Revoked in the returned CRL./* ww w. j av a2 s .c o m*/ * @param caCert the fake CA certificate. * @param caPrivateKey private key of the fake CA. * @param revokedSerialNumber the serial number of the fake peer certificate made to be marked as revoked. * @return the created fake CRL * @throws Exception */ public static X509CRL createCRL(X509Certificate caCert, PrivateKey caPrivateKey, BigInteger revokedSerialNumber) throws Exception { X509V2CRLGenerator crlGen = new X509V2CRLGenerator(); Date now = new Date(); crlGen.setIssuerDN(caCert.getSubjectX500Principal()); crlGen.setThisUpdate(now); crlGen.setNextUpdate(new Date(now.getTime() + TestConstants.NEXT_UPDATE_PERIOD)); crlGen.setSignatureAlgorithm("SHA256WithRSAEncryption"); crlGen.addCRLEntry(revokedSerialNumber, now, CRLReason.privilegeWithdrawn); crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert)); crlGen.addExtension(X509Extensions.CRLNumber, false, new CRLNumber(BigInteger.valueOf(1))); return crlGen.generateX509CRL(caPrivateKey, "BC"); }
From source file:org.candlepin.controller.CrlGeneratorTest.java
License:Open Source License
@Test public void crlNumberWithCert() throws Exception { X509V2CRLGenerator g = new X509V2CRLGenerator(); g.setIssuerDN(new X500Principal("CN=test, UID=" + UUID.randomUUID())); g.setThisUpdate(new Date()); g.setNextUpdate(Util.tomorrow()); g.setSignatureAlgorithm("SHA1withRSA"); g.addExtension(X509Extensions.CRLNumber, false, new CRLNumber(BigInteger.TEN)); X509CRL x509crl = g.generate(KP.getPrivate()); assertEquals(BigInteger.TEN, this.generator.getCRLNumber(x509crl)); }
From source file:org.candlepin.controller.CrlGeneratorTest.java
License:Open Source License
@Test public void emptyRevocationsReturnsUntouched() throws Exception { // there's gotta be a way to reduce to a set of mocks KeyPair kp = CrlGeneratorTest.generateKP(); X509V2CRLGenerator g = new X509V2CRLGenerator(); g.setIssuerDN(new X500Principal("CN=test, UID=" + UUID.randomUUID())); g.setThisUpdate(new Date()); g.setNextUpdate(Util.tomorrow()); g.setSignatureAlgorithm("SHA1withRSA"); g.addExtension(X509Extensions.CRLNumber, false, new CRLNumber(BigInteger.TEN)); X509CRL x509crl = g.generate(kp.getPrivate()); // now we need to remove one of those serials List<CertificateSerial> toremove = new ArrayList<CertificateSerial>() { {//from ww w .j a v a 2 s. co m add(stubCS(100L, new Date())); } }; X509CRL untouchedcrl = generator.removeEntries(x509crl, toremove); assertEquals(x509crl, untouchedcrl); }
From source file:org.candlepin.controller.CrlGeneratorTest.java
License:Open Source License
@Test @SuppressWarnings("serial") public void removeEntries() throws Exception { // there's gotta be a way to reduce to a set of mocks KeyPair kp = CrlGeneratorTest.generateKP(); X509V2CRLGenerator g = new X509V2CRLGenerator(); g.setIssuerDN(new X500Principal("CN=test, UID=" + UUID.randomUUID())); g.setThisUpdate(new Date()); g.setNextUpdate(Util.tomorrow()); g.setSignatureAlgorithm("SHA1withRSA"); g.addExtension(X509Extensions.CRLNumber, false, new CRLNumber(BigInteger.TEN)); X509CRL x509crl = g.generate(kp.getPrivate()); List<CertificateSerial> serials = getStubCSList(); List<X509CRLEntryWrapper> entries = Util.newList(); for (CertificateSerial serial : serials) { entries.add(new X509CRLEntryWrapper(serial.getSerial(), new Date())); serial.setCollected(true);/*from w w w .ja v a 2 s . c o m*/ } x509crl = pkiUtility.createX509CRL(entries, BigInteger.TEN); assertEquals(3, x509crl.getRevokedCertificates().size()); // now we need to remove one of those serials List<CertificateSerial> toremove = new ArrayList<CertificateSerial>() { { add(stubCS(100L, new Date())); } }; X509CRL updatedcrl = generator.removeEntries(x509crl, toremove); Set<? extends X509CRLEntry> revoked = updatedcrl.getRevokedCertificates(); assertEquals(2, revoked.size()); }
From source file:org.candlepin.controller.CrlGeneratorTest.java
License:Open Source License
@Test public void decodeValue() throws Exception { // there's gotta be a way to reduce to a set of mocks KeyPair kp = CrlGeneratorTest.generateKP(); X509V2CRLGenerator g = new X509V2CRLGenerator(); g.setIssuerDN(new X500Principal("CN=test, UID=" + UUID.randomUUID())); g.setThisUpdate(new Date()); g.setNextUpdate(Util.tomorrow()); g.setSignatureAlgorithm("SHA1withRSA"); g.addExtension(X509Extensions.CRLNumber, false, new CRLNumber(BigInteger.TEN)); X509CRL x509crl = g.generate(kp.getPrivate()); assertEquals("10", pkiUtility.decodeDERValue(x509crl.getExtensionValue(X509Extensions.CRLNumber.getId()))); }