Example usage for org.bouncycastle.cert.jcajce JcaX509v2CRLBuilder addCRLEntry

List of usage examples for org.bouncycastle.cert.jcajce JcaX509v2CRLBuilder addCRLEntry

  1. HOME
  2. Java
  3. org.bouncycastle
  4. org.bouncycastle.cert.jcajce.*
  5. JcaX509v2CRLBuilder
  6. addCRLEntry

Introduction

In this page you can find the example usage for org.bouncycastle.cert.jcajce JcaX509v2CRLBuilder addCRLEntry.

Prototype

public X509v2CRLBuilder addCRLEntry(BigInteger userCertificateSerial, Date revocationDate, int reason)

Source Link

Document

Add a CRL entry with the just reasonCode extension.

Usage

From source file:de.carne.certmgr.store.provider.bouncycastle.BouncyCastleStoreProvider.java

License:Open Source License

@Override
public X509CRL generateAndSignCRL(X509CRL currentCRL, X509CRLParams crlParams,
        Map<BigInteger, RevokeReason> revokeSerials, KeyPair issuerKey, X509Certificate issuerCRT)
        throws IOException, GeneralSecurityException {
    Date lastUpdate = Date
            .from(crlParams.getLastUpdate().atStartOfDay().atZone(ZoneId.systemDefault()).toInstant());
    JcaX509v2CRLBuilder crlBuilder = new JcaX509v2CRLBuilder(issuerCRT.getSubjectX500Principal(), lastUpdate);
    LocalDate nextUpdateParam = crlParams.getNextUpdate();

    if (nextUpdateParam != null) {
        crlBuilder.setNextUpdate(//from   www  .  ja va 2  s  .c  o m
                Date.from(nextUpdateParam.atStartOfDay().atZone(ZoneId.systemDefault()).toInstant()));
    }

    CRLNumber crlNumber;

    if (currentCRL != null) {
        X509CRLHolder crlHolder = new X509CRLHolder(currentCRL.getEncoded());
        ASN1Integer currentSerial = (ASN1Integer) crlHolder.getExtension(Extension.cRLNumber).getParsedValue();

        crlNumber = new CRLNumber(currentSerial.getValue().add(BigInteger.ONE));
    } else {
        crlNumber = new CRLNumber(BigInteger.ONE);
    }
    for (Map.Entry<BigInteger, RevokeReason> revokeListEntry : revokeSerials.entrySet()) {
        crlBuilder.addCRLEntry(revokeListEntry.getKey(), lastUpdate, revokeListEntry.getValue().value());
    }

    JcaX509ExtensionUtils extensionUtils = new JcaX509ExtensionUtils();

    crlBuilder.addExtension(Extension.authorityKeyIdentifier, false,
            extensionUtils.createAuthorityKeyIdentifier(issuerCRT.getPublicKey()));
    crlBuilder.addExtension(Extension.cRLNumber, false, crlNumber);

    ContentSigner crlSigner;

    try {
        crlSigner = new JcaContentSignerBuilder(crlParams.getSigAlg()).build(issuerKey.getPrivate());
    } catch (OperatorCreationException e) {
        throw new StoreProviderException(e.getMessage(), e);
    }
    return new JcaX509CRLConverter().getCRL(crlBuilder.build(crlSigner));
}