Example usage for org.bouncycastle.x509 X509V2CRLGenerator generateX509CRL

List of usage examples for org.bouncycastle.x509 X509V2CRLGenerator generateX509CRL

  1. HOME
  2. Java
  3. org.bouncycastle
  4. org.bouncycastle.x509.*
  5. X509V2CRLGenerator
  6. generateX509CRL

Introduction

In this page you can find the example usage for org.bouncycastle.x509 X509V2CRLGenerator generateX509CRL.

Prototype

public X509CRL generateX509CRL(PrivateKey key, String provider)
        throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException

Source Link

Document

generate an X509 certificate, based on the current issuer and subject using the passed in provider for the signing.

Usage

From source file:chapter7.X509CRLExample.java

/**
 *
 * @param caCert/*www  . j ava 2 s.c o m*/
 * @param caKey
 * @param revokedSerialNumber
 * @return
 * @throws java.lang.Exception
 */
public static X509CRL createCRL(final X509Certificate caCert, final PrivateKey caKey,
        final BigInteger revokedSerialNumber) throws Exception {
    X509V2CRLGenerator crlGen = new X509V2CRLGenerator();
    Date now = new Date();

    crlGen.setIssuerDN(caCert.getSubjectX500Principal());

    crlGen.setThisUpdate(now);
    crlGen.setNextUpdate(new Date(now.getTime() + 100000));
    crlGen.setSignatureAlgorithm(CryptoDefs.Algorithm.SHA256withRSAEncryption.getName());

    crlGen.addCRLEntry(revokedSerialNumber, now, CRLReason.PRIVILEGE_WITHDRAWN.ordinal());

    crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false,
            new AuthorityKeyIdentifierStructure(caCert));
    crlGen.addExtension(X509Extensions.CRLNumber, false, new CRLNumber(BigInteger.valueOf(1)));

    return crlGen.generateX509CRL(caKey, CryptoDefs.Provider.BC.getName());
}

From source file:io.aos.crypto.spl07.X509CRLExample.java

License:Apache License

public static X509CRL createCRL(X509Certificate caCert, PrivateKey caKey, BigInteger revokedSerialNumber)
        throws Exception {
    X509V2CRLGenerator crlGen = new X509V2CRLGenerator();
    Date now = new Date();

    crlGen.setIssuerDN(caCert.getSubjectX500Principal());

    crlGen.setThisUpdate(now);// www .  j  ava  2s. c o  m
    crlGen.setNextUpdate(new Date(now.getTime() + 100000));
    crlGen.setSignatureAlgorithm("SHA256WithRSAEncryption");

    crlGen.addCRLEntry(revokedSerialNumber, now, CRLReason.privilegeWithdrawn);

    crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false,
            new AuthorityKeyIdentifierStructure(caCert));
    crlGen.addExtension(X509Extensions.CRLNumber, false, new CRLNumber(BigInteger.valueOf(1)));

    return crlGen.generateX509CRL(caKey, "BC");
}

From source file:org.apache.synapse.transport.certificatevalidation.CRLVerifierTest.java

License:Apache License

/**
 * Creates a fake CRL for the fake CA. The fake certificate with the given revokedSerialNumber will be marked
 * as Revoked in the returned CRL./*w  w w  . j a  v a  2 s .  co m*/
 * @param caCert the fake CA certificate.
 * @param caPrivateKey private key of the fake CA.
 * @param revokedSerialNumber the serial number of the fake peer certificate made to be marked as revoked.
 * @return the created fake CRL
 * @throws Exception
 */
public static X509CRL createCRL(X509Certificate caCert, PrivateKey caPrivateKey, BigInteger revokedSerialNumber)
        throws Exception {

    X509V2CRLGenerator crlGen = new X509V2CRLGenerator();
    Date now = new Date();
    crlGen.setIssuerDN(caCert.getSubjectX500Principal());
    crlGen.setThisUpdate(now);
    crlGen.setNextUpdate(new Date(now.getTime() + TestConstants.NEXT_UPDATE_PERIOD));
    crlGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
    crlGen.addCRLEntry(revokedSerialNumber, now, CRLReason.privilegeWithdrawn);
    crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false,
            new AuthorityKeyIdentifierStructure(caCert));
    crlGen.addExtension(X509Extensions.CRLNumber, false, new CRLNumber(BigInteger.valueOf(1)));

    return crlGen.generateX509CRL(caPrivateKey, "BC");
}

From source file:org.wso2.carbon.identity.certificateauthority.crl.CrlFactory.java

License:Open Source License

/**
 * @param caCert              Certoficate authority's certificate
 * @param caKey               CA private key
 * @param revokedCertificates list of revoked certificates
 * @param crlNumber           unique number of the crl
 * @param baseCrlNumber       base crl number
 * @param isDeltaCrl          whether the crl is a delta crl or a full crl
 * @return returns the X509 Crl//from   w w  w. j  a  va2s  .com
 * @throws Exception
 */
private X509CRL createCRL(X509Certificate caCert, PrivateKey caKey, RevokedCertificate[] revokedCertificates,
        int crlNumber, int baseCrlNumber, boolean isDeltaCrl) throws Exception {
    X509V2CRLGenerator crlGen = new X509V2CRLGenerator();
    Date now = new Date();
    CertificateDAO certificateDAO = new CertificateDAO();
    RevocationDAO revocationDAO = new RevocationDAO();
    crlGen.setIssuerDN(caCert.getSubjectX500Principal());
    crlGen.setThisUpdate(now);
    crlGen.setNextUpdate(new Date(now.getTime() + CRL_UPDATE_TIME));
    crlGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
    for (RevokedCertificate cert : revokedCertificates) {
        BigInteger serialNo = new BigInteger(cert.getSerialNo());
        crlGen.addCRLEntry(serialNo, cert.getRevokedDate(), cert.getReason());
    }
    crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false,
            new AuthorityKeyIdentifierStructure(caCert));
    crlGen.addExtension(X509Extensions.CRLNumber, false, new CRLNumber(BigInteger.valueOf(crlNumber)));
    if (isDeltaCrl) {
        crlGen.addExtension(X509Extensions.DeltaCRLIndicator, true,
                new CRLNumber(BigInteger.valueOf(baseCrlNumber)));
    }
    return crlGen.generateX509CRL(caKey, "BC");
}