Example usage for org.bouncycastle.x509 X509V2CRLGenerator addCRL

List of usage examples for org.bouncycastle.x509 X509V2CRLGenerator addCRL

  1. HOME
  2. Java
  3. org.bouncycastle
  4. org.bouncycastle.x509.*
  5. X509V2CRLGenerator
  6. addCRL

Introduction

In this page you can find the example usage for org.bouncycastle.x509 X509V2CRLGenerator addCRL.

Prototype

public void addCRL(X509CRL other) throws CRLException

Source Link

Document

Add the CRLEntry objects contained in a previous CRL.

Usage

From source file:org.qipki.crypto.x509.X509GeneratorImpl.java

License:Open Source License

@Override
public X509CRL updateX509CRL(X509Certificate caCertificate, PrivateKey caPrivateKey,
        X509Certificate revokedCertificate, RevocationReason reason, X509CRL previousCRL,
        BigInteger lastCRLNumber) {
    try {//from  w w  w.  j  a  va  2 s .c om
        X509V2CRLGenerator crlGen = new X509V2CRLGenerator();
        crlGen.setIssuerDN(caCertificate.getSubjectX500Principal());
        DateTime skewedNow = new DateTime().minus(Time.CLOCK_SKEW);
        crlGen.setThisUpdate(skewedNow.toDate());
        crlGen.setNextUpdate(skewedNow.plusHours(12).toDate());
        crlGen.setSignatureAlgorithm(SignatureAlgorithm.SHA256withRSA.jcaString());
        crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false,
                new AuthorityKeyIdentifierStructure(caCertificate));
        crlGen.addExtension(X509Extensions.CRLNumber, false, new CRLNumber(lastCRLNumber));
        crlGen.addCRL(previousCRL);
        crlGen.addCRLEntry(revokedCertificate.getSerialNumber(), skewedNow.toDate(), reason.reason());
        return crlGen.generate(caPrivateKey, BouncyCastleProvider.PROVIDER_NAME);
    } catch (GeneralSecurityException ex) {
        throw new CryptoFailure("Unable to update CRL", ex);
    }
}