Example usage for org.bouncycastle.cert.jcajce JcaX509v2CRLBuilder build

List of usage examples for org.bouncycastle.cert.jcajce JcaX509v2CRLBuilder build

  1. HOME
  2. Java
  3. org.bouncycastle
  4. org.bouncycastle.cert.jcajce.*
  5. JcaX509v2CRLBuilder
  6. build

Introduction

In this page you can find the example usage for org.bouncycastle.cert.jcajce JcaX509v2CRLBuilder build.

Prototype

public X509CRLHolder build(ContentSigner signer)

Source Link

Document

Generate an X.509 CRL, based on the current issuer and subject using the passed in signer.

Usage

From source file:de.carne.certmgr.store.provider.bouncycastle.BouncyCastleStoreProvider.java

License:Open Source License

@Override
public X509CRL generateAndSignCRL(X509CRL currentCRL, X509CRLParams crlParams,
        Map<BigInteger, RevokeReason> revokeSerials, KeyPair issuerKey, X509Certificate issuerCRT)
        throws IOException, GeneralSecurityException {
    Date lastUpdate = Date
            .from(crlParams.getLastUpdate().atStartOfDay().atZone(ZoneId.systemDefault()).toInstant());
    JcaX509v2CRLBuilder crlBuilder = new JcaX509v2CRLBuilder(issuerCRT.getSubjectX500Principal(), lastUpdate);
    LocalDate nextUpdateParam = crlParams.getNextUpdate();

    if (nextUpdateParam != null) {
        crlBuilder.setNextUpdate(/*www .  j  a  va2s  .c  om*/
                Date.from(nextUpdateParam.atStartOfDay().atZone(ZoneId.systemDefault()).toInstant()));
    }

    CRLNumber crlNumber;

    if (currentCRL != null) {
        X509CRLHolder crlHolder = new X509CRLHolder(currentCRL.getEncoded());
        ASN1Integer currentSerial = (ASN1Integer) crlHolder.getExtension(Extension.cRLNumber).getParsedValue();

        crlNumber = new CRLNumber(currentSerial.getValue().add(BigInteger.ONE));
    } else {
        crlNumber = new CRLNumber(BigInteger.ONE);
    }
    for (Map.Entry<BigInteger, RevokeReason> revokeListEntry : revokeSerials.entrySet()) {
        crlBuilder.addCRLEntry(revokeListEntry.getKey(), lastUpdate, revokeListEntry.getValue().value());
    }

    JcaX509ExtensionUtils extensionUtils = new JcaX509ExtensionUtils();

    crlBuilder.addExtension(Extension.authorityKeyIdentifier, false,
            extensionUtils.createAuthorityKeyIdentifier(issuerCRT.getPublicKey()));
    crlBuilder.addExtension(Extension.cRLNumber, false, crlNumber);

    ContentSigner crlSigner;

    try {
        crlSigner = new JcaContentSignerBuilder(crlParams.getSigAlg()).build(issuerKey.getPrivate());
    } catch (OperatorCreationException e) {
        throw new StoreProviderException(e.getMessage(), e);
    }
    return new JcaX509CRLConverter().getCRL(crlBuilder.build(crlSigner));
}