List of usage examples for org.bouncycastle.cert.jcajce JcaX509CRLConverter setProvider
public JcaX509CRLConverter setProvider(String providerName)
From source file:mitm.common.security.cms.AbstractCMSSignedDataAdapterImpl.java
License:Open Source License
@Override public List<X509CRL> getCRLs(String provider) throws NoSuchAlgorithmException, NoSuchProviderException, CMSException { List<X509CRL> crls = new LinkedList<X509CRL>(); Store store = getCRLStore();/*from w w w . j a v a 2 s. c o m*/ if (store != null) { Collection<?> holders = store.getMatches(null); JcaX509CRLConverter converter = new JcaX509CRLConverter(); converter.setProvider(provider); for (Object holder : holders) { if (holder instanceof X509CRLHolder) { try { crls.add(converter.getCRL((X509CRLHolder) holder)); } catch (CRLException e) { if (logger.isDebugEnabled()) { logger.warn("CRL is not valid.", e); } else { logger.warn("CRL is not valid."); } } } else { logger.warn("object not an X509CRLHolder"); } } } return crls; }
From source file:mitm.common.security.crl.X509CRLBuilderImpl.java
License:Open Source License
private X509CRL getX509CRL(X509CRLHolder holder) throws CRLException { JcaX509CRLConverter converter = new JcaX509CRLConverter(); converter.setProvider(crlProvider); return converter.getCRL(holder); }
From source file:net.maritimecloud.identityregistry.utils.CertificateUtil.java
License:Apache License
/** * Creates a Certificate Revocation List (CRL) for the certificate serialnumbers given. * /*from ww w. j a v a 2 s . c o m*/ * @param revokedCerts List of the serialnumbers that should be revoked. * @return a X509 certificate */ public X509CRL generateCRL(List<net.maritimecloud.identityregistry.model.database.Certificate> revokedCerts) { Date now = new Date(); Calendar cal = Calendar.getInstance(); cal.setTime(now); cal.add(Calendar.DATE, 7); X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(new X500Name(MCIDREG_CERT_X500_NAME), now); crlBuilder.setNextUpdate(new Date(now.getTime() + 24 * 60 * 60 * 1000 * 7)); // The next CRL is next week (dummy value) for (net.maritimecloud.identityregistry.model.database.Certificate cert : revokedCerts) { String certReason = cert.getRevokeReason().toLowerCase(); int reason = getCRLReasonFromString(certReason); crlBuilder.addCRLEntry(cert.getSerialNumber(), cert.getRevokedAt(), reason); } //crlBuilder.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert)); //crlBuilder.addExtension(X509Extensions.CRLNumber, false, new CRLNumber(BigInteger.valueOf(1))); PrivateKeyEntry keyEntry = getSigningCertEntry(); JcaContentSignerBuilder signBuilder = new JcaContentSignerBuilder(SIGNER_ALGORITHM); signBuilder.setProvider(BC_PROVIDER_NAME); ContentSigner signer; try { signer = signBuilder.build(keyEntry.getPrivateKey()); } catch (OperatorCreationException e1) { // TODO Auto-generated catch block e1.printStackTrace(); return null; } X509CRLHolder cRLHolder = crlBuilder.build(signer); JcaX509CRLConverter converter = new JcaX509CRLConverter(); converter.setProvider(BC_PROVIDER_NAME); X509CRL crl = null; try { crl = converter.getCRL(cRLHolder); } catch (CRLException e) { // TODO Auto-generated catch block e.printStackTrace(); } return crl; }
From source file:net.maritimecloud.identityregistry.utils.CertificateUtil.java
License:Apache License
/** * Creates a Certificate Revocation List (CRL) for the certificate serialnumbers given. * * @param revokedCerts List of the serialnumbers that should be revoked. *///from w w w .j av a 2 s . c om public void generateRootCACRL(String signName, List<net.maritimecloud.identityregistry.model.database.Certificate> revokedCerts, PrivateKeyEntry keyEntry, String outputCaCrlPath) { Date now = new Date(); Calendar cal = Calendar.getInstance(); cal.setTime(now); cal.add(Calendar.YEAR, 1); X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(new X500Name(signName), now); crlBuilder.setNextUpdate(cal.getTime()); // The next CRL is next year (dummy value) if (revokedCerts != null) { for (net.maritimecloud.identityregistry.model.database.Certificate cert : revokedCerts) { String certReason = cert.getRevokeReason().toLowerCase(); int reason = getCRLReasonFromString(certReason); crlBuilder.addCRLEntry(cert.getSerialNumber(), cert.getRevokedAt(), reason); } } //crlBuilder.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert)); //crlBuilder.addExtension(X509Extensions.CRLNumber, false, new CRLNumber(BigInteger.valueOf(1))); JcaContentSignerBuilder signBuilder = new JcaContentSignerBuilder(SIGNER_ALGORITHM); signBuilder.setProvider(BC_PROVIDER_NAME); ContentSigner signer; try { signer = signBuilder.build(keyEntry.getPrivateKey()); } catch (OperatorCreationException e1) { // TODO Auto-generated catch block e1.printStackTrace(); return; } X509CRLHolder cRLHolder = crlBuilder.build(signer); JcaX509CRLConverter converter = new JcaX509CRLConverter(); converter.setProvider(BC_PROVIDER_NAME); X509CRL crl; try { crl = converter.getCRL(cRLHolder); } catch (CRLException e) { throw new RuntimeException(e.getMessage(), e); } String pemCrl; try { pemCrl = CertificateUtil.getPemFromEncoded("X509 CRL", crl.getEncoded()); } catch (CRLException e) { log.warn("unable to generate RootCACRL", e); return; } try { BufferedWriter writer = new BufferedWriter(new FileWriter(outputCaCrlPath)); writer.write(pemCrl); writer.close(); } catch (IOException e) { e.printStackTrace(); } }
From source file:net.maritimecloud.pki.Revocation.java
License:Apache License
/** * Creates a Certificate RevocationInfo List (CRL) for the certificate serialnumbers given. * * @param revokedCerts List of the serialnumbers that should be revoked. * @param keyEntry Private key to sign the CRL * @return a CRL//from www . java2 s .com */ public static X509CRL generateCRL(List<RevocationInfo> revokedCerts, KeyStore.PrivateKeyEntry keyEntry) { Date now = new Date(); Calendar cal = Calendar.getInstance(); cal.setTime(now); cal.add(Calendar.DATE, 7); String signCertX500Name; try { signCertX500Name = new JcaX509CertificateHolder((X509Certificate) keyEntry.getCertificate()) .getSubject().toString(); } catch (CertificateEncodingException e) { e.printStackTrace(); return null; } X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(new X500Name(signCertX500Name), now); crlBuilder.setNextUpdate(new Date(now.getTime() + 24 * 60 * 60 * 1000 * 7)); // The next CRL is next week (dummy value) for (RevocationInfo cert : revokedCerts) { crlBuilder.addCRLEntry(cert.getSerialNumber(), cert.getRevokedAt(), cert.getRevokeReason().ordinal()); } //crlBuilder.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert)); //crlBuilder.addExtension(X509Extensions.CRLNumber, false, new CRLNumber(BigInteger.valueOf(1))); JcaContentSignerBuilder signBuilder = new JcaContentSignerBuilder(SIGNER_ALGORITHM); signBuilder.setProvider(BC_PROVIDER_NAME); ContentSigner signer; try { signer = signBuilder.build(keyEntry.getPrivateKey()); } catch (OperatorCreationException e1) { // TODO Auto-generated catch block e1.printStackTrace(); return null; } X509CRLHolder cRLHolder = crlBuilder.build(signer); JcaX509CRLConverter converter = new JcaX509CRLConverter(); converter.setProvider(BC_PROVIDER_NAME); X509CRL crl = null; try { crl = converter.getCRL(cRLHolder); } catch (CRLException e) { // TODO Auto-generated catch block e.printStackTrace(); } return crl; }
From source file:net.maritimecloud.pki.Revocation.java
License:Apache License
/** * Creates a Certificate RevocationInfo List (CRL) for the certificate serialnumbers given. * * @param signName DN name of the signing certificate * @param revokedCerts List of the serialnumbers that should be revoked. * @param keyEntry Private key to sign the CRL * @param outputCaCrlPath Where to place the CRL *///from ww w. ja v a2 s . co m public static void generateRootCACRL(String signName, List<RevocationInfo> revokedCerts, KeyStore.PrivateKeyEntry keyEntry, String outputCaCrlPath) { Date now = new Date(); Calendar cal = Calendar.getInstance(); cal.setTime(now); cal.add(Calendar.YEAR, 1); X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(new X500Name(signName), now); crlBuilder.setNextUpdate(cal.getTime()); // The next CRL is next year (dummy value) if (revokedCerts != null) { for (RevocationInfo cert : revokedCerts) { crlBuilder.addCRLEntry(cert.getSerialNumber(), cert.getRevokedAt(), cert.getRevokeReason().ordinal()); } } //crlBuilder.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert)); //crlBuilder.addExtension(X509Extensions.CRLNumber, false, new CRLNumber(BigInteger.valueOf(1))); JcaContentSignerBuilder signBuilder = new JcaContentSignerBuilder(SIGNER_ALGORITHM); signBuilder.setProvider(BC_PROVIDER_NAME); ContentSigner signer; try { signer = signBuilder.build(keyEntry.getPrivateKey()); } catch (OperatorCreationException e1) { // TODO Auto-generated catch block e1.printStackTrace(); return; } X509CRLHolder cRLHolder = crlBuilder.build(signer); JcaX509CRLConverter converter = new JcaX509CRLConverter(); converter.setProvider(BC_PROVIDER_NAME); X509CRL crl; try { crl = converter.getCRL(cRLHolder); } catch (CRLException e) { throw new RuntimeException(e.getMessage(), e); } String pemCrl; try { pemCrl = getPemFromEncoded("X509 CRL", crl.getEncoded()); } catch (CRLException e) { //log.warn("unable to generate RootCACRL", e); return; } try { BufferedWriter writer = new BufferedWriter(new FileWriter(outputCaCrlPath)); writer.write(pemCrl); writer.close(); } catch (IOException e) { e.printStackTrace(); } }
From source file:org.eclipse.milo.opcua.stack.core.util.CertificateValidationUtilTest.java
License:Open Source License
private X509CRL generateCrl(X509Certificate ca, PrivateKey caPrivateKey, X509Certificate... revoked) throws Exception { X509v2CRLBuilder builder = new X509v2CRLBuilder(new X500Name(ca.getSubjectDN().getName()), new Date()); for (X509Certificate certificate : revoked) { builder.addCRLEntry(certificate.getSerialNumber(), new Date(), CRLReason.privilegeWithdrawn); }/*from w ww .ja v a 2s .c o m*/ JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder("SHA256WithRSAEncryption"); contentSignerBuilder.setProvider("BC"); X509CRLHolder crlHolder = builder.build(contentSignerBuilder.build(caPrivateKey)); JcaX509CRLConverter converter = new JcaX509CRLConverter(); converter.setProvider("BC"); return converter.getCRL(crlHolder); }