List of usage examples for org.bouncycastle.x509 X509V2CRLGenerator generate
public X509CRL generate(PrivateKey key) throws CRLException, IllegalStateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException
From source file:cybervillains.ca.Generator.java
License:Open Source License
public static void main(String[] args) { File newCertsDir = new File(NEW_CERTS_DIR_NAME); newCertsDir.mkdirs();// w w w. ja v a2s .co m // Create a new, blank KeyStore Manager KeyStoreManager mgr = new KeyStoreManager(newCertsDir, "blank_crl.pem"); X509V2CRLGenerator crlGen = new X509V2CRLGenerator(); Date now = new Date(); X509Certificate caCrlCert = null; try { caCrlCert = mgr.getSigningCert(); PrivateKey caCrlPrivateKey = mgr.getSigningPrivateKey(); crlGen.setIssuerDN(mgr.getSigningCert().getSubjectX500Principal()); crlGen.setThisUpdate(now); crlGen.setNextUpdate(mgr.getSigningCert().getNotAfter()); crlGen.setSignatureAlgorithm(mgr.getSigningCert().getSigAlgName()); crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCrlCert)); crlGen.addExtension(X509Extensions.CRLNumber, false, new CRLNumber(BigInteger.ONE)); X509CRL crl = crlGen.generate(caCrlPrivateKey); // You have to manually convert this file to it's PEM equivalent using OpenSSL: // > openssl crl -inform der -in blank_crl.dec -out blank_crl.pem // Save the Certificate in Binary (DEC) format File certRevoc = new File(newCertsDir, "blank_crl.dec"); FileOutputStream cerOut = new FileOutputStream(certRevoc); byte[] buf = crl.getEncoded(); cerOut.write(buf); cerOut.flush(); cerOut.close(); // Convert the generated DEC to PEM using OpenSSL Process p = Runtime.getRuntime().exec(OPENSSL_CMD_DEC_TO_PEM); p.waitFor(); } catch (KeyStoreException e) { e.printStackTrace(); } catch (IOException e) { e.printStackTrace(); } catch (CertificateParsingException e) { e.printStackTrace(); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (UnrecoverableKeyException e) { e.printStackTrace(); } catch (InvalidKeyException e) { e.printStackTrace(); } catch (SignatureException e) { e.printStackTrace(); } catch (CRLException e) { e.printStackTrace(); } catch (InterruptedException e) { e.printStackTrace(); } }
From source file:org.candlepin.controller.CrlGeneratorTest.java
License:Open Source License
@Test public void crlNumberWithCert() throws Exception { X509V2CRLGenerator g = new X509V2CRLGenerator(); g.setIssuerDN(new X500Principal("CN=test, UID=" + UUID.randomUUID())); g.setThisUpdate(new Date()); g.setNextUpdate(Util.tomorrow()); g.setSignatureAlgorithm("SHA1withRSA"); g.addExtension(X509Extensions.CRLNumber, false, new CRLNumber(BigInteger.TEN)); X509CRL x509crl = g.generate(KP.getPrivate()); assertEquals(BigInteger.TEN, this.generator.getCRLNumber(x509crl)); }
From source file:org.candlepin.controller.CrlGeneratorTest.java
License:Open Source License
@Test public void emptyRevocationsReturnsUntouched() throws Exception { // there's gotta be a way to reduce to a set of mocks KeyPair kp = CrlGeneratorTest.generateKP(); X509V2CRLGenerator g = new X509V2CRLGenerator(); g.setIssuerDN(new X500Principal("CN=test, UID=" + UUID.randomUUID())); g.setThisUpdate(new Date()); g.setNextUpdate(Util.tomorrow()); g.setSignatureAlgorithm("SHA1withRSA"); g.addExtension(X509Extensions.CRLNumber, false, new CRLNumber(BigInteger.TEN)); X509CRL x509crl = g.generate(kp.getPrivate()); // now we need to remove one of those serials List<CertificateSerial> toremove = new ArrayList<CertificateSerial>() { {//from ww w .j a va2s.com add(stubCS(100L, new Date())); } }; X509CRL untouchedcrl = generator.removeEntries(x509crl, toremove); assertEquals(x509crl, untouchedcrl); }
From source file:org.candlepin.controller.CrlGeneratorTest.java
License:Open Source License
@Test @SuppressWarnings("serial") public void removeEntries() throws Exception { // there's gotta be a way to reduce to a set of mocks KeyPair kp = CrlGeneratorTest.generateKP(); X509V2CRLGenerator g = new X509V2CRLGenerator(); g.setIssuerDN(new X500Principal("CN=test, UID=" + UUID.randomUUID())); g.setThisUpdate(new Date()); g.setNextUpdate(Util.tomorrow()); g.setSignatureAlgorithm("SHA1withRSA"); g.addExtension(X509Extensions.CRLNumber, false, new CRLNumber(BigInteger.TEN)); X509CRL x509crl = g.generate(kp.getPrivate()); List<CertificateSerial> serials = getStubCSList(); List<X509CRLEntryWrapper> entries = Util.newList(); for (CertificateSerial serial : serials) { entries.add(new X509CRLEntryWrapper(serial.getSerial(), new Date())); serial.setCollected(true);// w ww . ja v a 2 s . com } x509crl = pkiUtility.createX509CRL(entries, BigInteger.TEN); assertEquals(3, x509crl.getRevokedCertificates().size()); // now we need to remove one of those serials List<CertificateSerial> toremove = new ArrayList<CertificateSerial>() { { add(stubCS(100L, new Date())); } }; X509CRL updatedcrl = generator.removeEntries(x509crl, toremove); Set<? extends X509CRLEntry> revoked = updatedcrl.getRevokedCertificates(); assertEquals(2, revoked.size()); }
From source file:org.candlepin.controller.CrlGeneratorTest.java
License:Open Source License
@Test public void decodeValue() throws Exception { // there's gotta be a way to reduce to a set of mocks KeyPair kp = CrlGeneratorTest.generateKP(); X509V2CRLGenerator g = new X509V2CRLGenerator(); g.setIssuerDN(new X500Principal("CN=test, UID=" + UUID.randomUUID())); g.setThisUpdate(new Date()); g.setNextUpdate(Util.tomorrow()); g.setSignatureAlgorithm("SHA1withRSA"); g.addExtension(X509Extensions.CRLNumber, false, new CRLNumber(BigInteger.TEN)); X509CRL x509crl = g.generate(kp.getPrivate()); assertEquals("10", pkiUtility.decodeDERValue(x509crl.getExtensionValue(X509Extensions.CRLNumber.getId()))); }
From source file:org.candlepin.pki.impl.BouncyCastlePKIUtility.java
License:Open Source License
@Override public X509CRL createX509CRL(List<X509CRLEntryWrapper> entries, BigInteger crlNumber) { try {/* w w w. j a v a2 s .c o m*/ X509Certificate caCert = reader.getCACert(); X509V2CRLGenerator generator = new X509V2CRLGenerator(); generator.setIssuerDN(caCert.getIssuerX500Principal()); generator.setThisUpdate(new Date()); generator.setNextUpdate(Util.tomorrow()); generator.setSignatureAlgorithm(SIGNATURE_ALGO); // add all the CRL entries. for (X509CRLEntryWrapper entry : entries) { generator.addCRLEntry(entry.getSerialNumber(), entry.getRevocationDate(), CRLReason.privilegeWithdrawn); } log.info("Completed adding CRL numbers to the certificate."); generator.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert)); generator.addExtension(X509Extensions.CRLNumber, false, new CRLNumber(crlNumber)); return generator.generate(reader.getCaKey()); } catch (Exception e) { throw new RuntimeException(e); } }
From source file:org.krakenapps.ca.util.CrlBuilder.java
License:Apache License
public static byte[] getCrl(X509Certificate caCert, PrivateKey caPrivateKey, List<RevokedCertificate> revokes) throws Exception { X509V2CRLGenerator generator = new X509V2CRLGenerator(); generator.setIssuerDN(caCert.getIssuerX500Principal()); generator.setThisUpdate(new Date()); generator.setSignatureAlgorithm(caCert.getSigAlgName()); for (RevokedCertificate r : revokes) { BigInteger serial = new BigInteger(r.getSerial()); generator.addCRLEntry(serial, r.getRevocationDate(), r.getReason().ordinal()); }/*from w w w . ja v a 2s.c om*/ X509CRL crl = generator.generate(caPrivateKey); return crl.getEncoded(); }
From source file:test.be.fedict.eid.applet.PkiTestUtils.java
License:Open Source License
public static X509CRL generateCrl(X509Certificate issuer, PrivateKey issuerPrivateKey) throws InvalidKeyException, CRLException, IllegalStateException, NoSuchAlgorithmException, SignatureException {// w w w . j a v a 2s . c om X509V2CRLGenerator crlGenerator = new X509V2CRLGenerator(); crlGenerator.setIssuerDN(issuer.getSubjectX500Principal()); Date now = new Date(); crlGenerator.setThisUpdate(now); crlGenerator.setNextUpdate(new Date(now.getTime() + 100000)); crlGenerator.setSignatureAlgorithm("SHA1withRSA"); crlGenerator.addExtension(X509Extensions.CRLNumber, false, new CRLNumber(new BigInteger("1234"))); X509CRL x509Crl = crlGenerator.generate(issuerPrivateKey); return x509Crl; }
From source file:test.integ.be.fedict.trust.util.TestUtils.java
License:Open Source License
public static X509CRL generateCrl(int crlNumber, PrivateKey issuerPrivateKey, X509Certificate issuerCertificate, DateTime thisUpdate, DateTime nextUpdate, List<BigInteger> revokedCertificateSerialNumbers) throws InvalidKeyException, CRLException, IllegalStateException, NoSuchAlgorithmException, SignatureException, CertificateParsingException { X509V2CRLGenerator crlGenerator = getCrlGenerator(crlNumber, issuerCertificate, thisUpdate, nextUpdate, revokedCertificateSerialNumbers); return crlGenerator.generate(issuerPrivateKey); }
From source file:test.integ.be.fedict.trust.util.TestUtils.java
License:Open Source License
public static X509CRL generateCrl(PrivateKey issuerPrivateKey, X509Certificate issuerCertificate, DateTime thisUpdate, DateTime nextUpdate, List<String> deltaCrlUris, boolean deltaCrl, List<RevokedCertificate> revokedCertificates, String signatureAlgorithm) throws InvalidKeyException, CRLException, IllegalStateException, NoSuchAlgorithmException, SignatureException, CertificateParsingException { X509V2CRLGenerator crlGenerator = new X509V2CRLGenerator(); crlGenerator.setThisUpdate(thisUpdate.toDate()); crlGenerator.setNextUpdate(nextUpdate.toDate()); crlGenerator.setSignatureAlgorithm(signatureAlgorithm); crlGenerator.setIssuerDN(issuerCertificate.getSubjectX500Principal()); for (RevokedCertificate revokedCertificate : revokedCertificates) { crlGenerator.addCRLEntry(revokedCertificate.serialNumber, revokedCertificate.revocationDate.toDate(), CRLReason.privilegeWithdrawn); }//from ww w .ja v a 2 s .c om crlGenerator.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(issuerCertificate)); crlGenerator.addExtension(X509Extensions.CRLNumber, false, new CRLNumber(BigInteger.ONE)); if (null != deltaCrlUris && !deltaCrlUris.isEmpty()) { DistributionPoint[] deltaCrlDps = new DistributionPoint[deltaCrlUris.size()]; for (int i = 0; i < deltaCrlUris.size(); i++) { deltaCrlDps[i] = getDistributionPoint(deltaCrlUris.get(i)); } CRLDistPoint crlDistPoint = new CRLDistPoint(deltaCrlDps); crlGenerator.addExtension(X509Extensions.FreshestCRL, false, crlDistPoint); } if (deltaCrl) { crlGenerator.addExtension(X509Extensions.DeltaCRLIndicator, true, new CRLNumber(BigInteger.ONE)); } return crlGenerator.generate(issuerPrivateKey); }