Example usage for org.bouncycastle.x509 X509V2CRLGenerator generate

Introduction

In this page you can find the example usage for org.bouncycastle.x509 X509V2CRLGenerator generate.

Prototype

public X509CRL generate(PrivateKey key) throws CRLException, IllegalStateException, NoSuchAlgorithmException,
        SignatureException, InvalidKeyException 

Source Link

Document

generate an X509 CRL, based on the current issuer and subject using the default provider.

Usage

From source file:cybervillains.ca.Generator.java

License:Open Source License

public static void main(String[] args) {
    File newCertsDir = new File(NEW_CERTS_DIR_NAME);
    newCertsDir.mkdirs();//  w w w. ja  v a2s  .co  m

    // Create a new, blank KeyStore Manager
    KeyStoreManager mgr = new KeyStoreManager(newCertsDir, "blank_crl.pem");

    X509V2CRLGenerator crlGen = new X509V2CRLGenerator();
    Date now = new Date();
    X509Certificate caCrlCert = null;
    try {
        caCrlCert = mgr.getSigningCert();
        PrivateKey caCrlPrivateKey = mgr.getSigningPrivateKey();

        crlGen.setIssuerDN(mgr.getSigningCert().getSubjectX500Principal());
        crlGen.setThisUpdate(now);
        crlGen.setNextUpdate(mgr.getSigningCert().getNotAfter());
        crlGen.setSignatureAlgorithm(mgr.getSigningCert().getSigAlgName());

        crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false,
                new AuthorityKeyIdentifierStructure(caCrlCert));
        crlGen.addExtension(X509Extensions.CRLNumber, false, new CRLNumber(BigInteger.ONE));

        X509CRL crl = crlGen.generate(caCrlPrivateKey);

        // You have to manually convert this file to it's PEM equivalent using OpenSSL:
        // > openssl crl -inform der -in blank_crl.dec -out blank_crl.pem

        // Save the Certificate in Binary (DEC) format
        File certRevoc = new File(newCertsDir, "blank_crl.dec");
        FileOutputStream cerOut = new FileOutputStream(certRevoc);
        byte[] buf = crl.getEncoded();
        cerOut.write(buf);
        cerOut.flush();
        cerOut.close();

        // Convert the generated DEC to PEM using OpenSSL
        Process p = Runtime.getRuntime().exec(OPENSSL_CMD_DEC_TO_PEM);
        p.waitFor();
    } catch (KeyStoreException e) {
        e.printStackTrace();
    } catch (IOException e) {
        e.printStackTrace();
    } catch (CertificateParsingException e) {
        e.printStackTrace();
    } catch (NoSuchAlgorithmException e) {
        e.printStackTrace();
    } catch (UnrecoverableKeyException e) {
        e.printStackTrace();
    } catch (InvalidKeyException e) {
        e.printStackTrace();
    } catch (SignatureException e) {
        e.printStackTrace();
    } catch (CRLException e) {
        e.printStackTrace();
    } catch (InterruptedException e) {
        e.printStackTrace();
    }
}

---

From source file:org.candlepin.controller.CrlGeneratorTest.java

License:Open Source License

@Test
public void crlNumberWithCert() throws Exception {
    X509V2CRLGenerator g = new X509V2CRLGenerator();
    g.setIssuerDN(new X500Principal("CN=test, UID=" + UUID.randomUUID()));
    g.setThisUpdate(new Date());
    g.setNextUpdate(Util.tomorrow());
    g.setSignatureAlgorithm("SHA1withRSA");
    g.addExtension(X509Extensions.CRLNumber, false, new CRLNumber(BigInteger.TEN));

    X509CRL x509crl = g.generate(KP.getPrivate());
    assertEquals(BigInteger.TEN, this.generator.getCRLNumber(x509crl));
}

---

From source file:org.candlepin.controller.CrlGeneratorTest.java

License:Open Source License

@Test
public void emptyRevocationsReturnsUntouched() throws Exception {
    // there's gotta be a way to reduce to a set of mocks

    KeyPair kp = CrlGeneratorTest.generateKP();
    X509V2CRLGenerator g = new X509V2CRLGenerator();
    g.setIssuerDN(new X500Principal("CN=test, UID=" + UUID.randomUUID()));
    g.setThisUpdate(new Date());
    g.setNextUpdate(Util.tomorrow());
    g.setSignatureAlgorithm("SHA1withRSA");
    g.addExtension(X509Extensions.CRLNumber, false, new CRLNumber(BigInteger.TEN));
    X509CRL x509crl = g.generate(kp.getPrivate());

    // now we need to remove one of those serials
    List<CertificateSerial> toremove = new ArrayList<CertificateSerial>() {
        {//from  ww  w .j  a  va2s.com
            add(stubCS(100L, new Date()));
        }
    };

    X509CRL untouchedcrl = generator.removeEntries(x509crl, toremove);
    assertEquals(x509crl, untouchedcrl);
}

---

From source file:org.candlepin.controller.CrlGeneratorTest.java

License:Open Source License

@Test
@SuppressWarnings("serial")
public void removeEntries() throws Exception {
    // there's gotta be a way to reduce to a set of mocks

    KeyPair kp = CrlGeneratorTest.generateKP();
    X509V2CRLGenerator g = new X509V2CRLGenerator();
    g.setIssuerDN(new X500Principal("CN=test, UID=" + UUID.randomUUID()));
    g.setThisUpdate(new Date());
    g.setNextUpdate(Util.tomorrow());
    g.setSignatureAlgorithm("SHA1withRSA");
    g.addExtension(X509Extensions.CRLNumber, false, new CRLNumber(BigInteger.TEN));
    X509CRL x509crl = g.generate(kp.getPrivate());

    List<CertificateSerial> serials = getStubCSList();
    List<X509CRLEntryWrapper> entries = Util.newList();
    for (CertificateSerial serial : serials) {
        entries.add(new X509CRLEntryWrapper(serial.getSerial(), new Date()));
        serial.setCollected(true);//  w  ww .  ja  v a 2  s . com
    }

    x509crl = pkiUtility.createX509CRL(entries, BigInteger.TEN);
    assertEquals(3, x509crl.getRevokedCertificates().size());

    // now we need to remove one of those serials
    List<CertificateSerial> toremove = new ArrayList<CertificateSerial>() {
        {
            add(stubCS(100L, new Date()));
        }
    };

    X509CRL updatedcrl = generator.removeEntries(x509crl, toremove);
    Set<? extends X509CRLEntry> revoked = updatedcrl.getRevokedCertificates();
    assertEquals(2, revoked.size());
}

---

From source file:org.candlepin.controller.CrlGeneratorTest.java

License:Open Source License

@Test
public void decodeValue() throws Exception {
    // there's gotta be a way to reduce to a set of mocks
    KeyPair kp = CrlGeneratorTest.generateKP();
    X509V2CRLGenerator g = new X509V2CRLGenerator();
    g.setIssuerDN(new X500Principal("CN=test, UID=" + UUID.randomUUID()));
    g.setThisUpdate(new Date());
    g.setNextUpdate(Util.tomorrow());
    g.setSignatureAlgorithm("SHA1withRSA");
    g.addExtension(X509Extensions.CRLNumber, false, new CRLNumber(BigInteger.TEN));

    X509CRL x509crl = g.generate(kp.getPrivate());

    assertEquals("10", pkiUtility.decodeDERValue(x509crl.getExtensionValue(X509Extensions.CRLNumber.getId())));
}

---

From source file:org.candlepin.pki.impl.BouncyCastlePKIUtility.java

License:Open Source License

@Override
public X509CRL createX509CRL(List<X509CRLEntryWrapper> entries, BigInteger crlNumber) {

    try {/* w  w w. j  a v  a2 s  .c o  m*/
        X509Certificate caCert = reader.getCACert();
        X509V2CRLGenerator generator = new X509V2CRLGenerator();
        generator.setIssuerDN(caCert.getIssuerX500Principal());
        generator.setThisUpdate(new Date());
        generator.setNextUpdate(Util.tomorrow());
        generator.setSignatureAlgorithm(SIGNATURE_ALGO);
        // add all the CRL entries.
        for (X509CRLEntryWrapper entry : entries) {
            generator.addCRLEntry(entry.getSerialNumber(), entry.getRevocationDate(),
                    CRLReason.privilegeWithdrawn);
        }
        log.info("Completed adding CRL numbers to the certificate.");
        generator.addExtension(X509Extensions.AuthorityKeyIdentifier, false,
                new AuthorityKeyIdentifierStructure(caCert));
        generator.addExtension(X509Extensions.CRLNumber, false, new CRLNumber(crlNumber));
        return generator.generate(reader.getCaKey());
    } catch (Exception e) {
        throw new RuntimeException(e);
    }
}

---

From source file:org.krakenapps.ca.util.CrlBuilder.java

License:Apache License

public static byte[] getCrl(X509Certificate caCert, PrivateKey caPrivateKey, List<RevokedCertificate> revokes)
        throws Exception {
    X509V2CRLGenerator generator = new X509V2CRLGenerator();
    generator.setIssuerDN(caCert.getIssuerX500Principal());

    generator.setThisUpdate(new Date());
    generator.setSignatureAlgorithm(caCert.getSigAlgName());

    for (RevokedCertificate r : revokes) {
        BigInteger serial = new BigInteger(r.getSerial());
        generator.addCRLEntry(serial, r.getRevocationDate(), r.getReason().ordinal());
    }/*from  w w w  . ja v a  2s.c om*/

    X509CRL crl = generator.generate(caPrivateKey);
    return crl.getEncoded();
}

---

From source file:test.be.fedict.eid.applet.PkiTestUtils.java

License:Open Source License

public static X509CRL generateCrl(X509Certificate issuer, PrivateKey issuerPrivateKey)
        throws InvalidKeyException, CRLException, IllegalStateException, NoSuchAlgorithmException,
        SignatureException {// w w  w  .  j  a v a 2s .  c  om
    X509V2CRLGenerator crlGenerator = new X509V2CRLGenerator();
    crlGenerator.setIssuerDN(issuer.getSubjectX500Principal());
    Date now = new Date();
    crlGenerator.setThisUpdate(now);
    crlGenerator.setNextUpdate(new Date(now.getTime() + 100000));
    crlGenerator.setSignatureAlgorithm("SHA1withRSA");
    crlGenerator.addExtension(X509Extensions.CRLNumber, false, new CRLNumber(new BigInteger("1234")));
    X509CRL x509Crl = crlGenerator.generate(issuerPrivateKey);
    return x509Crl;
}

---

From source file:test.integ.be.fedict.trust.util.TestUtils.java

License:Open Source License

public static X509CRL generateCrl(int crlNumber, PrivateKey issuerPrivateKey, X509Certificate issuerCertificate,
        DateTime thisUpdate, DateTime nextUpdate, List<BigInteger> revokedCertificateSerialNumbers)
        throws InvalidKeyException, CRLException, IllegalStateException, NoSuchAlgorithmException,
        SignatureException, CertificateParsingException {

    X509V2CRLGenerator crlGenerator = getCrlGenerator(crlNumber, issuerCertificate, thisUpdate, nextUpdate,
            revokedCertificateSerialNumbers);
    return crlGenerator.generate(issuerPrivateKey);
}

---

From source file:test.integ.be.fedict.trust.util.TestUtils.java

License:Open Source License

public static X509CRL generateCrl(PrivateKey issuerPrivateKey, X509Certificate issuerCertificate,
        DateTime thisUpdate, DateTime nextUpdate, List<String> deltaCrlUris, boolean deltaCrl,
        List<RevokedCertificate> revokedCertificates, String signatureAlgorithm)
        throws InvalidKeyException, CRLException, IllegalStateException, NoSuchAlgorithmException,
        SignatureException, CertificateParsingException {

    X509V2CRLGenerator crlGenerator = new X509V2CRLGenerator();
    crlGenerator.setThisUpdate(thisUpdate.toDate());
    crlGenerator.setNextUpdate(nextUpdate.toDate());
    crlGenerator.setSignatureAlgorithm(signatureAlgorithm);
    crlGenerator.setIssuerDN(issuerCertificate.getSubjectX500Principal());

    for (RevokedCertificate revokedCertificate : revokedCertificates) {
        crlGenerator.addCRLEntry(revokedCertificate.serialNumber, revokedCertificate.revocationDate.toDate(),
                CRLReason.privilegeWithdrawn);
    }//from  ww  w .ja v  a  2 s  .c  om

    crlGenerator.addExtension(X509Extensions.AuthorityKeyIdentifier, false,
            new AuthorityKeyIdentifierStructure(issuerCertificate));
    crlGenerator.addExtension(X509Extensions.CRLNumber, false, new CRLNumber(BigInteger.ONE));

    if (null != deltaCrlUris && !deltaCrlUris.isEmpty()) {
        DistributionPoint[] deltaCrlDps = new DistributionPoint[deltaCrlUris.size()];
        for (int i = 0; i < deltaCrlUris.size(); i++) {
            deltaCrlDps[i] = getDistributionPoint(deltaCrlUris.get(i));
        }
        CRLDistPoint crlDistPoint = new CRLDistPoint(deltaCrlDps);
        crlGenerator.addExtension(X509Extensions.FreshestCRL, false, crlDistPoint);
    }

    if (deltaCrl) {
        crlGenerator.addExtension(X509Extensions.DeltaCRLIndicator, true, new CRLNumber(BigInteger.ONE));
    }

    return crlGenerator.generate(issuerPrivateKey);
}

---

• «
• 1
• 2
• »