List of usage examples for org.bouncycastle.cert.jcajce JcaX509CRLConverter JcaX509CRLConverter
public JcaX509CRLConverter()
From source file:com.aqnote.shared.cryptology.cert.main.AQCRLMain.java
License:Open Source License
public static void createCRL() throws CertException { try {/*from w w w .j a v a 2 s. c om*/ X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(X500NameUtil.createRootCaPrincipal(), new Date()); crlBuilder.setNextUpdate(new Date(System.currentTimeMillis() + DateConstant.ONE_YEAR)); X509CRLHolder crlHolder = crlBuilder.build(new JcaContentSignerBuilder(SHA256_RSA) .setProvider(JCE_PROVIDER).build(CaCertLoader.getRootCaKeyPair(USER_CERT_PASSWD).getPrivate())); X509CRL crl = new JcaX509CRLConverter().setProvider(JCE_PROVIDER).getCRL(crlHolder); FileOutputStream fostream = new FileOutputStream(CRL_FILE); PKCSWriter.storeCRLFile(crl, fostream); ASN1Dump.dumpAsString(crlHolder.toASN1Structure()); } catch (OperatorCreationException e) { throw new CertException(e); } catch (IOException e) { throw new CertException(e); } catch (InvalidKeyException e) { throw new CertException(e); } catch (CRLException e) { throw new CertException(e); } catch (NoSuchAlgorithmException e) { throw new CertException(e); } catch (NoSuchProviderException e) { throw new CertException(e); } catch (SignatureException e) { throw new CertException(e); } catch (Exception e) { throw new CertException(e); } return; }
From source file:com.aqnote.shared.encrypt.cert.main.bc.AQCRLCreator.java
License:Open Source License
public static void createNewCRL() throws CertException { try {// ww w.j a v a2 s . c o m X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(X500NameUtil.createRootPrincipal(), new Date()); crlBuilder.setNextUpdate(new Date(System.currentTimeMillis() + DateConstant.ONE_YEAR)); X509CRLHolder crlHolder = crlBuilder.build(new JcaContentSignerBuilder(SHA256_RSA) .setProvider(JCE_PROVIDER).build(CaCertLoader.getCaKeyPair().getPrivate())); X509CRL crl = new JcaX509CRLConverter().setProvider(JCE_PROVIDER).getCRL(crlHolder); FileOutputStream fostream = new FileOutputStream(MAD_CRL_FILE); PKCSWriter.storeCRLFile(crl, fostream); ASN1Dump.dumpAsString(crlHolder.toASN1Structure()); } catch (OperatorCreationException e) { throw new CertException(e); } catch (IOException e) { throw new CertException(e); } catch (InvalidKeyException e) { throw new CertException(e); } catch (CRLException e) { throw new CertException(e); } catch (NoSuchAlgorithmException e) { throw new CertException(e); } catch (NoSuchProviderException e) { throw new CertException(e); } catch (SignatureException e) { throw new CertException(e); } catch (Exception e) { throw new CertException(e); } return; }
From source file:de.carne.certmgr.store.provider.bouncycastle.BouncyCastleStoreProvider.java
License:Open Source License
@Override public X509CRL generateAndSignCRL(X509CRL currentCRL, X509CRLParams crlParams, Map<BigInteger, RevokeReason> revokeSerials, KeyPair issuerKey, X509Certificate issuerCRT) throws IOException, GeneralSecurityException { Date lastUpdate = Date .from(crlParams.getLastUpdate().atStartOfDay().atZone(ZoneId.systemDefault()).toInstant()); JcaX509v2CRLBuilder crlBuilder = new JcaX509v2CRLBuilder(issuerCRT.getSubjectX500Principal(), lastUpdate); LocalDate nextUpdateParam = crlParams.getNextUpdate(); if (nextUpdateParam != null) { crlBuilder.setNextUpdate(/*w ww . ja v a 2s. co m*/ Date.from(nextUpdateParam.atStartOfDay().atZone(ZoneId.systemDefault()).toInstant())); } CRLNumber crlNumber; if (currentCRL != null) { X509CRLHolder crlHolder = new X509CRLHolder(currentCRL.getEncoded()); ASN1Integer currentSerial = (ASN1Integer) crlHolder.getExtension(Extension.cRLNumber).getParsedValue(); crlNumber = new CRLNumber(currentSerial.getValue().add(BigInteger.ONE)); } else { crlNumber = new CRLNumber(BigInteger.ONE); } for (Map.Entry<BigInteger, RevokeReason> revokeListEntry : revokeSerials.entrySet()) { crlBuilder.addCRLEntry(revokeListEntry.getKey(), lastUpdate, revokeListEntry.getValue().value()); } JcaX509ExtensionUtils extensionUtils = new JcaX509ExtensionUtils(); crlBuilder.addExtension(Extension.authorityKeyIdentifier, false, extensionUtils.createAuthorityKeyIdentifier(issuerCRT.getPublicKey())); crlBuilder.addExtension(Extension.cRLNumber, false, crlNumber); ContentSigner crlSigner; try { crlSigner = new JcaContentSignerBuilder(crlParams.getSigAlg()).build(issuerKey.getPrivate()); } catch (OperatorCreationException e) { throw new StoreProviderException(e.getMessage(), e); } return new JcaX509CRLConverter().getCRL(crlBuilder.build(crlSigner)); }
From source file:de.carne.certmgr.store.provider.bouncycastle.BouncyCastleStoreProvider.java
License:Open Source License
private X509CRL crlFromPEMObject(Object pemObject) throws IOException { X509CRL crl;/* www. j av a 2 s . c o m*/ try { X509CRLHolder crlHolder = (X509CRLHolder) pemObject; JcaX509CRLConverter converter = new JcaX509CRLConverter(); crl = converter.getCRL(crlHolder); } catch (Exception e) { throw new IOException(e.getLocalizedMessage(), e); } return crl; }
From source file:eu.europa.ec.markt.dss.DSSUtils.java
License:Open Source License
public static X509CRL toX509CRL(final X509CRLHolder x509CRLHolder) { try {/*from w ww. ja v a2 s .co m*/ final JcaX509CRLConverter jcaX509CRLConverter = new JcaX509CRLConverter(); final X509CRL x509CRL = jcaX509CRLConverter.getCRL(x509CRLHolder); return x509CRL; } catch (CRLException e) { throw new DSSException(e); } }
From source file:eu.europa.esig.dss.DSSUtils.java
License:Open Source License
public static X509CRL toX509CRL(final X509CRLHolder x509CRLHolder) { try {/* www . j ava2 s. com*/ final JcaX509CRLConverter jcaX509CRLConverter = new JcaX509CRLConverter(); final X509CRL x509CRL = jcaX509CRLConverter.getCRL(x509CRLHolder); return x509CRL; } catch (CRLException e) { throw new DSSException(e); } }
From source file:eu.europa.esig.dss.test.gen.CRLGenerator.java
License:Open Source License
public X509CRL generateCRL(X509Certificate certToRevoke, MockPrivateKeyEntry issuerEntry, Date dateOfRevoke, int reason) throws Exception { Date now = new Date(); X500Name x500nameIssuer = new JcaX509CertificateHolder(issuerEntry.getCertificate().getCertificate()) .getSubject();/*from w w w .j a va2s. c o m*/ X509v2CRLBuilder crlGen = new X509v2CRLBuilder(x500nameIssuer, now); crlGen.setNextUpdate(new Date(now.getTime() + (60 * 60 * 1000))); crlGen.addCRLEntry(certToRevoke.getSerialNumber(), dateOfRevoke, reason); JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils(); crlGen.addExtension(Extension.authorityKeyIdentifier, false, extUtils.createAuthorityKeyIdentifier(issuerEntry.getCertificate().getPublicKey())); X509CRLHolder crlHolder = crlGen .build(new JcaContentSignerBuilder(issuerEntry.getCertificate().getCertificate().getSigAlgName()) .setProvider(BouncyCastleProvider.PROVIDER_NAME).build(issuerEntry.getPrivateKey())); JcaX509CRLConverter converter = new JcaX509CRLConverter(); return converter.getCRL(crlHolder); }
From source file:mitm.common.security.cms.AbstractCMSSignedDataAdapterImpl.java
License:Open Source License
@Override public List<X509CRL> getCRLs(String provider) throws NoSuchAlgorithmException, NoSuchProviderException, CMSException { List<X509CRL> crls = new LinkedList<X509CRL>(); Store store = getCRLStore();// w w w .j a va 2 s .c om if (store != null) { Collection<?> holders = store.getMatches(null); JcaX509CRLConverter converter = new JcaX509CRLConverter(); converter.setProvider(provider); for (Object holder : holders) { if (holder instanceof X509CRLHolder) { try { crls.add(converter.getCRL((X509CRLHolder) holder)); } catch (CRLException e) { if (logger.isDebugEnabled()) { logger.warn("CRL is not valid.", e); } else { logger.warn("CRL is not valid."); } } } else { logger.warn("object not an X509CRLHolder"); } } } return crls; }
From source file:mitm.common.security.crl.X509CRLBuilderImpl.java
License:Open Source License
private X509CRL getX509CRL(X509CRLHolder holder) throws CRLException { JcaX509CRLConverter converter = new JcaX509CRLConverter(); converter.setProvider(crlProvider);/*from ww w . j a v a2 s . c o m*/ return converter.getCRL(holder); }
From source file:net.maritimecloud.identityregistry.utils.CertificateUtil.java
License:Apache License
/** * Creates a Certificate Revocation List (CRL) for the certificate serialnumbers given. * /*from w ww. j av a 2 s .c o m*/ * @param revokedCerts List of the serialnumbers that should be revoked. * @return a X509 certificate */ public X509CRL generateCRL(List<net.maritimecloud.identityregistry.model.database.Certificate> revokedCerts) { Date now = new Date(); Calendar cal = Calendar.getInstance(); cal.setTime(now); cal.add(Calendar.DATE, 7); X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(new X500Name(MCIDREG_CERT_X500_NAME), now); crlBuilder.setNextUpdate(new Date(now.getTime() + 24 * 60 * 60 * 1000 * 7)); // The next CRL is next week (dummy value) for (net.maritimecloud.identityregistry.model.database.Certificate cert : revokedCerts) { String certReason = cert.getRevokeReason().toLowerCase(); int reason = getCRLReasonFromString(certReason); crlBuilder.addCRLEntry(cert.getSerialNumber(), cert.getRevokedAt(), reason); } //crlBuilder.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert)); //crlBuilder.addExtension(X509Extensions.CRLNumber, false, new CRLNumber(BigInteger.valueOf(1))); PrivateKeyEntry keyEntry = getSigningCertEntry(); JcaContentSignerBuilder signBuilder = new JcaContentSignerBuilder(SIGNER_ALGORITHM); signBuilder.setProvider(BC_PROVIDER_NAME); ContentSigner signer; try { signer = signBuilder.build(keyEntry.getPrivateKey()); } catch (OperatorCreationException e1) { // TODO Auto-generated catch block e1.printStackTrace(); return null; } X509CRLHolder cRLHolder = crlBuilder.build(signer); JcaX509CRLConverter converter = new JcaX509CRLConverter(); converter.setProvider(BC_PROVIDER_NAME); X509CRL crl = null; try { crl = converter.getCRL(cRLHolder); } catch (CRLException e) { // TODO Auto-generated catch block e.printStackTrace(); } return crl; }