List of usage examples for org.bouncycastle.x509 X509V2CRLGenerator addCRL
public void addCRL(X509CRL other) throws CRLException
From source file:org.qipki.crypto.x509.X509GeneratorImpl.java
License:Open Source License
@Override public X509CRL updateX509CRL(X509Certificate caCertificate, PrivateKey caPrivateKey, X509Certificate revokedCertificate, RevocationReason reason, X509CRL previousCRL, BigInteger lastCRLNumber) { try {//from w w w. j a va 2 s .c om X509V2CRLGenerator crlGen = new X509V2CRLGenerator(); crlGen.setIssuerDN(caCertificate.getSubjectX500Principal()); DateTime skewedNow = new DateTime().minus(Time.CLOCK_SKEW); crlGen.setThisUpdate(skewedNow.toDate()); crlGen.setNextUpdate(skewedNow.plusHours(12).toDate()); crlGen.setSignatureAlgorithm(SignatureAlgorithm.SHA256withRSA.jcaString()); crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCertificate)); crlGen.addExtension(X509Extensions.CRLNumber, false, new CRLNumber(lastCRLNumber)); crlGen.addCRL(previousCRL); crlGen.addCRLEntry(revokedCertificate.getSerialNumber(), skewedNow.toDate(), reason.reason()); return crlGen.generate(caPrivateKey, BouncyCastleProvider.PROVIDER_NAME); } catch (GeneralSecurityException ex) { throw new CryptoFailure("Unable to update CRL", ex); } }