List of usage examples for org.bouncycastle.asn1.x509 X509Extensions CRLNumber
ASN1ObjectIdentifier CRLNumber
To view the source code for org.bouncycastle.asn1.x509 X509Extensions CRLNumber.
Click Source Link
From source file:test.be.fedict.eid.applet.PkiTestUtils.java
License:Open Source License
public static X509CRL generateCrl(X509Certificate issuer, PrivateKey issuerPrivateKey) throws InvalidKeyException, CRLException, IllegalStateException, NoSuchAlgorithmException, SignatureException {//from w w w .ja v a 2 s .c o m X509V2CRLGenerator crlGenerator = new X509V2CRLGenerator(); crlGenerator.setIssuerDN(issuer.getSubjectX500Principal()); Date now = new Date(); crlGenerator.setThisUpdate(now); crlGenerator.setNextUpdate(new Date(now.getTime() + 100000)); crlGenerator.setSignatureAlgorithm("SHA1withRSA"); crlGenerator.addExtension(X509Extensions.CRLNumber, false, new CRLNumber(new BigInteger("1234"))); X509CRL x509Crl = crlGenerator.generate(issuerPrivateKey); return x509Crl; }
From source file:test.integ.be.fedict.trust.util.TestUtils.java
License:Open Source License
public static X509V2CRLGenerator getCrlGenerator(int crlNumber, X509Certificate issuerCertificate, DateTime thisUpdate, DateTime nextUpdate, List<BigInteger> revokedCertificateSerialNumbers) throws CertificateParsingException { X509V2CRLGenerator crlGenerator = new X509V2CRLGenerator(); crlGenerator.setThisUpdate(thisUpdate.toDate()); crlGenerator.setNextUpdate(nextUpdate.toDate()); crlGenerator.setSignatureAlgorithm("SHA1withRSA"); crlGenerator.setIssuerDN(issuerCertificate.getSubjectX500Principal()); List<RevokedCertificate> revokedCertificates = new LinkedList<RevokedCertificate>(); for (BigInteger revokedCertificateSerialNumber : revokedCertificateSerialNumbers) { revokedCertificates.add(new RevokedCertificate(revokedCertificateSerialNumber, thisUpdate)); }/* w ww . j a v a 2 s .c o m*/ for (RevokedCertificate revokedCertificate : revokedCertificates) { crlGenerator.addCRLEntry(revokedCertificate.serialNumber, revokedCertificate.revocationDate.toDate(), CRLReason.privilegeWithdrawn); } crlGenerator.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(issuerCertificate)); crlGenerator.addExtension(X509Extensions.CRLNumber, false, new CRLNumber(new BigInteger(Integer.toString(crlNumber)))); return crlGenerator; }
From source file:test.integ.be.fedict.trust.util.TestUtils.java
License:Open Source License
public static X509CRL generateCrl(PrivateKey issuerPrivateKey, X509Certificate issuerCertificate, DateTime thisUpdate, DateTime nextUpdate, List<String> deltaCrlUris, boolean deltaCrl, List<RevokedCertificate> revokedCertificates, String signatureAlgorithm) throws InvalidKeyException, CRLException, IllegalStateException, NoSuchAlgorithmException, SignatureException, CertificateParsingException { X509V2CRLGenerator crlGenerator = new X509V2CRLGenerator(); crlGenerator.setThisUpdate(thisUpdate.toDate()); crlGenerator.setNextUpdate(nextUpdate.toDate()); crlGenerator.setSignatureAlgorithm(signatureAlgorithm); crlGenerator.setIssuerDN(issuerCertificate.getSubjectX500Principal()); for (RevokedCertificate revokedCertificate : revokedCertificates) { crlGenerator.addCRLEntry(revokedCertificate.serialNumber, revokedCertificate.revocationDate.toDate(), CRLReason.privilegeWithdrawn); }//from w ww .j a v a 2 s . co m crlGenerator.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(issuerCertificate)); crlGenerator.addExtension(X509Extensions.CRLNumber, false, new CRLNumber(BigInteger.ONE)); if (null != deltaCrlUris && !deltaCrlUris.isEmpty()) { DistributionPoint[] deltaCrlDps = new DistributionPoint[deltaCrlUris.size()]; for (int i = 0; i < deltaCrlUris.size(); i++) { deltaCrlDps[i] = getDistributionPoint(deltaCrlUris.get(i)); } CRLDistPoint crlDistPoint = new CRLDistPoint(deltaCrlDps); crlGenerator.addExtension(X509Extensions.FreshestCRL, false, crlDistPoint); } if (deltaCrl) { crlGenerator.addExtension(X509Extensions.DeltaCRLIndicator, true, new CRLNumber(BigInteger.ONE)); } return crlGenerator.generate(issuerPrivateKey); }
From source file:test.unit.be.fedict.eid.tsl.TrustTestUtils.java
License:Open Source License
public static X509CRL generateCrl(PrivateKey issuerPrivateKey, X509Certificate issuerCertificate, DateTime thisUpdate, DateTime nextUpdate, List<RevokedCertificate> revokedCertificates) throws InvalidKeyException, CRLException, IllegalStateException, NoSuchAlgorithmException, SignatureException, CertificateParsingException { X509V2CRLGenerator crlGenerator = new X509V2CRLGenerator(); crlGenerator.setThisUpdate(thisUpdate.toDate()); crlGenerator.setNextUpdate(nextUpdate.toDate()); crlGenerator.setSignatureAlgorithm("SHA1withRSA"); crlGenerator.setIssuerDN(issuerCertificate.getSubjectX500Principal()); for (RevokedCertificate revokedCertificate : revokedCertificates) { crlGenerator.addCRLEntry(revokedCertificate.serialNumber, revokedCertificate.revocationDate.toDate(), CRLReason.privilegeWithdrawn); }//from ww w. j a v a2 s . c om crlGenerator.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(issuerCertificate)); crlGenerator.addExtension(X509Extensions.CRLNumber, false, new CRLNumber(BigInteger.ONE)); X509CRL x509Crl = crlGenerator.generate(issuerPrivateKey); return x509Crl; }
From source file:test.unit.be.fedict.trust.TrustTestUtils.java
License:Open Source License
public static X509CRL generateCrl(PrivateKey issuerPrivateKey, X509Certificate issuerCertificate, DateTime thisUpdate, DateTime nextUpdate, List<String> deltaCrlUris, boolean deltaCrl, List<RevokedCertificate> revokedCertificates, String signatureAlgorithm) throws InvalidKeyException, CRLException, IllegalStateException, NoSuchAlgorithmException, SignatureException, CertificateParsingException { X509V2CRLGenerator crlGenerator = new X509V2CRLGenerator(); crlGenerator.setThisUpdate(thisUpdate.toDate()); crlGenerator.setNextUpdate(nextUpdate.toDate()); crlGenerator.setSignatureAlgorithm(signatureAlgorithm); crlGenerator.setIssuerDN(issuerCertificate.getSubjectX500Principal()); for (RevokedCertificate revokedCertificate : revokedCertificates) { crlGenerator.addCRLEntry(revokedCertificate.serialNumber, revokedCertificate.revocationDate.toDate(), CRLReason.privilegeWithdrawn); }//from www .java 2 s .c om crlGenerator.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(issuerCertificate)); crlGenerator.addExtension(X509Extensions.CRLNumber, false, new CRLNumber(BigInteger.ONE)); if (null != deltaCrlUris && !deltaCrlUris.isEmpty()) { DistributionPoint[] deltaCrlDps = new DistributionPoint[deltaCrlUris.size()]; for (int i = 0; i < deltaCrlUris.size(); i++) { deltaCrlDps[i] = getDistributionPoint(deltaCrlUris.get(i)); } CRLDistPoint crlDistPoint = new CRLDistPoint((DistributionPoint[]) deltaCrlDps); crlGenerator.addExtension(X509Extensions.FreshestCRL, false, crlDistPoint); } if (deltaCrl) { crlGenerator.addExtension(X509Extensions.DeltaCRLIndicator, true, new CRLNumber(BigInteger.ONE)); } X509CRL x509Crl = crlGenerator.generate(issuerPrivateKey); return x509Crl; }