Example usage for org.bouncycastle.cert X509CRLHolder getExtension

List of usage examples for org.bouncycastle.cert X509CRLHolder getExtension

  1. HOME
  2. Java
  3. org.bouncycastle
  4. org.bouncycastle.cert.*
  5. X509CRLHolder
  6. getExtension

Introduction

In this page you can find the example usage for org.bouncycastle.cert X509CRLHolder getExtension.

Prototype

public Extension getExtension(ASN1ObjectIdentifier oid)

Source Link

Document

Look up the extension associated with the passed in OID.

Usage

From source file:de.carne.certmgr.store.provider.bouncycastle.BouncyCastleStoreProvider.java

License:Open Source License

@Override
public X509CRL generateAndSignCRL(X509CRL currentCRL, X509CRLParams crlParams,
        Map<BigInteger, RevokeReason> revokeSerials, KeyPair issuerKey, X509Certificate issuerCRT)
        throws IOException, GeneralSecurityException {
    Date lastUpdate = Date
            .from(crlParams.getLastUpdate().atStartOfDay().atZone(ZoneId.systemDefault()).toInstant());
    JcaX509v2CRLBuilder crlBuilder = new JcaX509v2CRLBuilder(issuerCRT.getSubjectX500Principal(), lastUpdate);
    LocalDate nextUpdateParam = crlParams.getNextUpdate();

    if (nextUpdateParam != null) {
        crlBuilder.setNextUpdate(/*  w  w  w  .  j  a  va2  s .  c o m*/
                Date.from(nextUpdateParam.atStartOfDay().atZone(ZoneId.systemDefault()).toInstant()));
    }

    CRLNumber crlNumber;

    if (currentCRL != null) {
        X509CRLHolder crlHolder = new X509CRLHolder(currentCRL.getEncoded());
        ASN1Integer currentSerial = (ASN1Integer) crlHolder.getExtension(Extension.cRLNumber).getParsedValue();

        crlNumber = new CRLNumber(currentSerial.getValue().add(BigInteger.ONE));
    } else {
        crlNumber = new CRLNumber(BigInteger.ONE);
    }
    for (Map.Entry<BigInteger, RevokeReason> revokeListEntry : revokeSerials.entrySet()) {
        crlBuilder.addCRLEntry(revokeListEntry.getKey(), lastUpdate, revokeListEntry.getValue().value());
    }

    JcaX509ExtensionUtils extensionUtils = new JcaX509ExtensionUtils();

    crlBuilder.addExtension(Extension.authorityKeyIdentifier, false,
            extensionUtils.createAuthorityKeyIdentifier(issuerCRT.getPublicKey()));
    crlBuilder.addExtension(Extension.cRLNumber, false, crlNumber);

    ContentSigner crlSigner;

    try {
        crlSigner = new JcaContentSignerBuilder(crlParams.getSigAlg()).build(issuerKey.getPrivate());
    } catch (OperatorCreationException e) {
        throw new StoreProviderException(e.getMessage(), e);
    }
    return new JcaX509CRLConverter().getCRL(crlBuilder.build(crlSigner));
}

From source file:org.candlepin.util.X509CRLStreamWriter.java

License:Open Source License

protected void writeToEmptyCrl(OutputStream out) throws IOException {
    ASN1InputStream asn1in = null;
    try {//  w  ww. jav  a  2s.  c o  m
        asn1in = new ASN1InputStream(crlIn);
        DERSequence certListSeq = (DERSequence) asn1in.readObject();
        CertificateList certList = new CertificateList(certListSeq);
        X509CRLHolder oldCrl = new X509CRLHolder(certList);

        X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(oldCrl.getIssuer(), new Date());
        crlBuilder.addCRL(oldCrl);

        Date now = new Date();
        Date oldNextUpdate = certList.getNextUpdate().getDate();
        Date oldThisUpdate = certList.getThisUpdate().getDate();

        Date nextUpdate = new Date(now.getTime() + (oldNextUpdate.getTime() - oldThisUpdate.getTime()));
        crlBuilder.setNextUpdate(nextUpdate);

        for (Object o : oldCrl.getExtensionOIDs()) {
            ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) o;
            X509Extension ext = oldCrl.getExtension(oid);

            if (oid.equals(X509Extension.cRLNumber)) {
                DEROctetString octet = (DEROctetString) ext.getValue().getDERObject();
                DERInteger currentNumber = (DERInteger) DERTaggedObject.fromByteArray(octet.getOctets());
                DERInteger nextNumber = new DERInteger(currentNumber.getValue().add(BigInteger.ONE));

                crlBuilder.addExtension(oid, ext.isCritical(), nextNumber);
            } else if (oid.equals(X509Extension.authorityKeyIdentifier)) {
                crlBuilder.addExtension(oid, ext.isCritical(),
                        new AuthorityKeyIdentifierStructure(ext.getValue().getDEREncoded()));
            }
        }

        for (DERSequence entry : newEntries) {
            // XXX: This is all a bit messy considering the user already passed in the serial, date
            // and reason.
            BigInteger serial = ((DERInteger) entry.getObjectAt(0)).getValue();
            Date revokeDate = ((Time) entry.getObjectAt(1)).getDate();
            int reason = CRLReason.unspecified;
            if (entry.size() == 3) {
                X509Extensions extensions = (X509Extensions) entry.getObjectAt(2);
                X509Extension reasonExt = extensions.getExtension(X509Extension.reasonCode);

                if (reasonExt != null) {
                    reason = ((DEREnumerated) reasonExt.getParsedValue()).getValue().intValue();
                }
            }
            crlBuilder.addCRLEntry(serial, revokeDate, reason);
        }

        RSAKeyParameters keyParams = new RSAKeyParameters(true, key.getModulus(), key.getPrivateExponent());

        signingAlg = oldCrl.toASN1Structure().getSignatureAlgorithm();
        digestAlg = new DefaultDigestAlgorithmIdentifierFinder().find(signingAlg);

        ContentSigner s;
        try {
            s = new BcRSAContentSignerBuilder(signingAlg, digestAlg).build(keyParams);
            X509CRLHolder newCrl = crlBuilder.build(s);
            out.write(newCrl.getEncoded());
        } catch (OperatorCreationException e) {
            throw new IOException("Could not sign CRL", e);
        }
    } finally {
        IOUtils.closeQuietly(asn1in);
    }
}