List of usage examples for org.bouncycastle.cert X509v2CRLBuilder addExtension
public X509v2CRLBuilder addExtension(ASN1ObjectIdentifier oid, boolean isCritical, byte[] encodedValue) throws CertIOException
From source file:be.fedict.trust.test.PKITestUtils.java
License:Open Source License
public static X509CRL generateCrl(PrivateKey issuerPrivateKey, X509Certificate issuerCertificate, DateTime thisUpdate, DateTime nextUpdate, List<String> deltaCrlUris, boolean deltaCrl, List<RevokedCertificate> revokedCertificates, String signatureAlgorithm, long numberOfRevokedCertificates) throws InvalidKeyException, CRLException, IllegalStateException, NoSuchAlgorithmException, SignatureException, CertificateException, IOException, OperatorCreationException { X500Name issuerName = new X500Name(issuerCertificate.getSubjectX500Principal().toString()); X509v2CRLBuilder x509v2crlBuilder = new X509v2CRLBuilder(issuerName, thisUpdate.toDate()); x509v2crlBuilder.setNextUpdate(nextUpdate.toDate()); for (RevokedCertificate revokedCertificate : revokedCertificates) { x509v2crlBuilder.addCRLEntry(revokedCertificate.serialNumber, revokedCertificate.revocationDate.toDate(), CRLReason.privilegeWithdrawn); }/*from w w w . j av a 2 s . c om*/ if (-1 != numberOfRevokedCertificates) { SecureRandom secureRandom = new SecureRandom(); while (numberOfRevokedCertificates-- > 0) { BigInteger serialNumber = new BigInteger(128, secureRandom); Date revocationDate = new Date(); x509v2crlBuilder.addCRLEntry(serialNumber, revocationDate, CRLReason.privilegeWithdrawn); } } JcaX509ExtensionUtils extensionUtils = new JcaX509ExtensionUtils(); x509v2crlBuilder.addExtension(Extension.authorityKeyIdentifier, false, extensionUtils.createAuthorityKeyIdentifier(issuerCertificate)); x509v2crlBuilder.addExtension(Extension.cRLNumber, false, new CRLNumber(BigInteger.ONE)); if (null != deltaCrlUris && !deltaCrlUris.isEmpty()) { DistributionPoint[] deltaCrlDps = new DistributionPoint[deltaCrlUris.size()]; for (int i = 0; i < deltaCrlUris.size(); i++) { deltaCrlDps[i] = getDistributionPoint(deltaCrlUris.get(i)); } CRLDistPoint crlDistPoint = new CRLDistPoint((DistributionPoint[]) deltaCrlDps); x509v2crlBuilder.addExtension(Extension.freshestCRL, false, crlDistPoint); } if (deltaCrl) { x509v2crlBuilder.addExtension(Extension.deltaCRLIndicator, true, new CRLNumber(BigInteger.ONE)); } AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(signatureAlgorithm); AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId); AsymmetricKeyParameter asymmetricKeyParameter = PrivateKeyFactory.createKey(issuerPrivateKey.getEncoded()); ContentSigner contentSigner = new BcRSAContentSignerBuilder(sigAlgId, digAlgId) .build(asymmetricKeyParameter); X509CRLHolder x509crlHolder = x509v2crlBuilder.build(contentSigner); byte[] crlValue = x509crlHolder.getEncoded(); CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); X509CRL crl = (X509CRL) certificateFactory.generateCRL(new ByteArrayInputStream(crlValue)); return crl; }
From source file:eu.europa.esig.dss.test.gen.CRLGenerator.java
License:Open Source License
public X509CRL generateCRL(X509Certificate certToRevoke, MockPrivateKeyEntry issuerEntry, Date dateOfRevoke, int reason) throws Exception { Date now = new Date(); X500Name x500nameIssuer = new JcaX509CertificateHolder(issuerEntry.getCertificate().getCertificate()) .getSubject();/* w ww . j a va 2 s . c o m*/ X509v2CRLBuilder crlGen = new X509v2CRLBuilder(x500nameIssuer, now); crlGen.setNextUpdate(new Date(now.getTime() + (60 * 60 * 1000))); crlGen.addCRLEntry(certToRevoke.getSerialNumber(), dateOfRevoke, reason); JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils(); crlGen.addExtension(Extension.authorityKeyIdentifier, false, extUtils.createAuthorityKeyIdentifier(issuerEntry.getCertificate().getPublicKey())); X509CRLHolder crlHolder = crlGen .build(new JcaContentSignerBuilder(issuerEntry.getCertificate().getCertificate().getSigAlgName()) .setProvider(BouncyCastleProvider.PROVIDER_NAME).build(issuerEntry.getPrivateKey())); JcaX509CRLConverter converter = new JcaX509CRLConverter(); return converter.getCRL(crlHolder); }
From source file:net.ripe.rpki.commons.crypto.crl.X509CrlBuilder.java
License:BSD License
private X509v2CRLBuilder createCrlGenerator() throws CertIOException { X509v2CRLBuilder generator = new X509v2CRLBuilder(X500Name.getInstance(issuerDN.getEncoded()), thisUpdateTime.toDate());/*from w w w . j a v a 2s . c o m*/ generator.setNextUpdate(nextUpdateTime.toDate()); generator.addExtension(X509Extension.authorityKeyIdentifier, false, authorityKeyIdentifier); generator.addExtension(X509Extension.cRLNumber, false, crlNumber); for (X509Crl.Entry entry : entries.values()) { generator.addCRLEntry(entry.getSerialNumber(), entry.getRevocationDateTime().toDate(), 0); } return generator; }
From source file:org.apache.hadoop.security.ssl.KeyStoreTestUtil.java
License:Apache License
public static X509CRL generateCRL(X509Certificate caCert, PrivateKey caPrivateKey, String signAlgorith, X509CRL existingCRL, BigInteger serialNumberToRevoke) throws GeneralSecurityException { LocalDate currentTime = LocalDate.now(); Date nowDate = Date.from(currentTime.atStartOfDay(ZoneId.systemDefault()).toInstant()); LocalDate nextUpdate = currentTime.plus(1, ChronoUnit.WEEKS); Date nextUpdateDate = Date.from(nextUpdate.atStartOfDay(ZoneId.systemDefault()).toInstant()); X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(new X500Name(caCert.getSubjectX500Principal().getName()), nowDate);//w ww . jav a 2s. c om crlBuilder.setNextUpdate(nextUpdateDate); if (existingCRL != null) { crlBuilder.addCRL(new JcaX509CRLHolder(existingCRL)); } if (serialNumberToRevoke != null) { crlBuilder.addCRLEntry(serialNumberToRevoke, nowDate, CRLReason.privilegeWithdrawn); } JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils(); try { crlBuilder.addExtension(Extension.authorityKeyIdentifier, false, extUtils.createAuthorityKeyIdentifier(caCert.getPublicKey())); crlBuilder.addExtension(Extension.cRLNumber, false, new CRLNumber(BigInteger.ONE)); X509CRLHolder crlHolder = crlBuilder .build(new JcaContentSignerBuilder(signAlgorith).setProvider("BC").build(caPrivateKey)); return new JcaX509CRLConverter().setProvider("BC").getCRL(crlHolder); } catch (CertIOException | OperatorCreationException ex) { throw new GeneralSecurityException(ex); } }
From source file:org.apache.poi.poifs.crypt.PkiTestUtils.java
License:Apache License
public static X509CRL generateCrl(X509Certificate issuer, PrivateKey issuerPrivateKey) throws CertificateEncodingException, IOException, CRLException, OperatorCreationException { X509CertificateHolder holder = new X509CertificateHolder(issuer.getEncoded()); X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(holder.getIssuer(), new Date()); crlBuilder.setNextUpdate(new Date(new Date().getTime() + 100000)); JcaContentSignerBuilder contentBuilder = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC"); CRLNumber crlNumber = new CRLNumber(new BigInteger("1234")); crlBuilder.addExtension(Extension.cRLNumber, false, crlNumber); X509CRLHolder x509Crl = crlBuilder.build(contentBuilder.build(issuerPrivateKey)); return new JcaX509CRLConverter().setProvider("BC").getCRL(x509Crl); }
From source file:org.apache.zookeeper.server.quorum.QuorumSSLTest.java
License:Apache License
private void buildCRL(X509Certificate x509Certificate, String crlPath) throws Exception { X509v2CRLBuilder builder = new JcaX509v2CRLBuilder(x509Certificate.getIssuerX500Principal(), certStartTime); builder.addCRLEntry(x509Certificate.getSerialNumber(), certStartTime, CRLReason.cACompromise); builder.setNextUpdate(certEndTime);/*w w w . j a v a2 s . co m*/ builder.addExtension(Extension.authorityKeyIdentifier, false, new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(rootCertificate)); builder.addExtension(Extension.cRLNumber, false, new CRLNumber(new BigInteger("1000"))); X509CRLHolder cRLHolder = builder.build(contentSigner); PemWriter pemWriter = new PemWriter(new FileWriter(crlPath)); pemWriter.writeObject(new MiscPEMGenerator(cRLHolder)); pemWriter.flush(); pemWriter.close(); }
From source file:org.candlepin.CRLBenchmark.java
License:Open Source License
@Setup(Level.Trial) public void buildMassiveCRL() throws Exception { X500Name issuer = new X500Name("CN=Test Issuer"); KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA"); generator.initialize(2048);//from www .jav a2s .c om KeyPair keyPair = generator.generateKeyPair(); Provider bc = new BouncyCastleProvider(); ContentSigner signer = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(bc) .build(keyPair.getPrivate()); X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(issuer, new Date()); crlBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(keyPair.getPublic())); /* With a CRL number of 127, incrementing it should cause the number of bytes in the length * portion of the TLV to increase by one.*/ crlBuilder.addExtension(X509Extension.cRLNumber, false, new CRLNumber(new BigInteger("127"))); for (int i = 0; i < 2000000; i++) { crlBuilder.addCRLEntry(new BigInteger(String.valueOf(i)), new Date(), CRLReason.unspecified); } X509CRLHolder holder = crlBuilder.build(signer); X509CRL crl = new JcaX509CRLConverter().setProvider(bc).getCRL(holder); crlFile = File.createTempFile("crl", ".der"); System.out.println("\nWrote test crl to " + crlFile.getAbsolutePath()); FileUtils.writeByteArrayToFile(crlFile, crl.getEncoded()); }
From source file:org.candlepin.CRLWriteBenchmark.java
License:Open Source License
@Setup(Level.Trial) public void buildMassiveCRL() throws Exception { issuer = new X500Name("CN=Test Issuer"); KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA"); generator.initialize(2048);//from www . j ava2 s .c om KeyPair keyPair = generator.generateKeyPair(); bc = new BouncyCastleProvider(); signer = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(bc).build(keyPair.getPrivate()); X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(issuer, new Date()); crlBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(keyPair.getPublic())); /* With a CRL number of 127, incrementing it should cause the number of bytes in the length * portion of the TLV to increase by one.*/ crlBuilder.addExtension(X509Extension.cRLNumber, false, new CRLNumber(new BigInteger("127"))); for (int i = 0; i < 2000000; i++) { crlBuilder.addCRLEntry(new BigInteger(String.valueOf(i)), new Date(), CRLReason.unspecified); } X509CRLHolder holder = crlBuilder.build(signer); X509CRL crl = new JcaX509CRLConverter().setProvider(bc).getCRL(holder); crlFile = File.createTempFile("crl", ".der"); System.out.println("\nWrote test crl to " + crlFile.getAbsolutePath()); FileUtils.writeByteArrayToFile(crlFile, crl.getEncoded()); }
From source file:org.candlepin.util.X509CRLEntryStreamTest.java
License:Open Source License
@Test public void testIterateOverEmptyCrl() throws Exception { X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(issuer, new Date()); crlBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(keyPair.getPublic())); crlBuilder.addExtension(X509Extension.cRLNumber, false, new CRLNumber(new BigInteger("127"))); X509CRLHolder holder = crlBuilder.build(signer); File noUpdateTimeCrl = new File(folder.getRoot(), "test.crl"); FileUtils.writeByteArrayToFile(noUpdateTimeCrl, holder.getEncoded()); X509CRLEntryStream stream = new X509CRLEntryStream(noUpdateTimeCrl); try {//from w w w . j a v a 2s . co m Set<BigInteger> streamedSerials = new HashSet<BigInteger>(); while (stream.hasNext()) { streamedSerials.add(stream.next().getSerialNumber()); } assertEquals(0, streamedSerials.size()); } finally { stream.close(); } }
From source file:org.candlepin.util.X509CRLEntryStreamTest.java
License:Open Source License
@Test public void testCRLwithoutUpdateTime() throws Exception { X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(issuer, new Date()); crlBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(keyPair.getPublic())); crlBuilder.addExtension(X509Extension.cRLNumber, false, new CRLNumber(new BigInteger("127"))); crlBuilder.addCRLEntry(new BigInteger("100"), new Date(), CRLReason.unspecified); X509CRLHolder holder = crlBuilder.build(signer); File noUpdateTimeCrl = new File(folder.getRoot(), "test.crl"); FileUtils.writeByteArrayToFile(noUpdateTimeCrl, holder.getEncoded()); X509CRLEntryStream stream = new X509CRLEntryStream(noUpdateTimeCrl); try {// w ww .j a v a 2 s. co m Set<BigInteger> streamedSerials = new HashSet<BigInteger>(); while (stream.hasNext()) { streamedSerials.add(stream.next().getSerialNumber()); } assertEquals(1, streamedSerials.size()); assertTrue(streamedSerials.contains(new BigInteger("100"))); } finally { stream.close(); } }