Example 26 with DistributionPointName
use of com.github.zhenwei.core.asn1.x509.DistributionPointName in project robovm by robovm.
the class CertPathValidatorUtilities method addAdditionalStoresFromCRLDistributionPoint.
// BEGIN android-removed
// protected static Collection findCertificates(X509AttributeCertStoreSelector certSelect,
// List certStores)
// throws AnnotatedException
// {
// Set certs = new HashSet();
// Iterator iter = certStores.iterator();
//
// while (iter.hasNext())
// {
// Object obj = iter.next();
//
// if (obj instanceof X509Store)
// {
// X509Store certStore = (X509Store)obj;
// try
// {
// certs.addAll(certStore.getMatches(certSelect));
// }
// catch (StoreException e)
// {
// throw new AnnotatedException(
// "Problem while picking certificates from X.509 store.", e);
// }
// }
// }
// return certs;
// }
// END android-removed
protected static void addAdditionalStoresFromCRLDistributionPoint(CRLDistPoint crldp, ExtendedPKIXParameters pkixParams) throws AnnotatedException {
if (crldp != null) {
DistributionPoint[] dps = null;
try {
dps = crldp.getDistributionPoints();
} catch (Exception e) {
throw new AnnotatedException("Distribution points could not be read.", e);
}
for (int i = 0; i < dps.length; i++) {
DistributionPointName dpn = dps[i].getDistributionPoint();
// look for URIs in fullName
if (dpn != null) {
if (dpn.getType() == DistributionPointName.FULL_NAME) {
GeneralName[] genNames = GeneralNames.getInstance(dpn.getName()).getNames();
// look for an URI
for (int j = 0; j < genNames.length; j++) {
if (genNames[j].getTagNo() == GeneralName.uniformResourceIdentifier) {
String location = DERIA5String.getInstance(genNames[j].getName()).getString();
CertPathValidatorUtilities.addAdditionalStoreFromLocation(location, pkixParams);
}
}
}
}
}
}
}
Also used :
DistributionPointName(org.bouncycastle.asn1.x509.DistributionPointName)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
GeneralSecurityException(java.security.GeneralSecurityException)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
ParseException(java.text.ParseException)
ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException)
CertStoreException(java.security.cert.CertStoreException)
CRLException(java.security.cert.CRLException)
CertificateParsingException(java.security.cert.CertificateParsingException)
StoreException(org.bouncycastle.util.StoreException)
IOException(java.io.IOException)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
Example 27 with DistributionPointName
use of com.github.zhenwei.core.asn1.x509.DistributionPointName in project robovm by robovm.
the class RFC3280CertPathUtilities method checkCRLs.
/**
* Checks a certificate if it is revoked.
*
* @param paramsPKIX PKIX parameters.
* @param cert Certificate to check if it is revoked.
* @param validDate The date when the certificate revocation status should be
* checked.
* @param sign The issuer certificate of the certificate <code>cert</code>.
* @param workingPublicKey The public key of the issuer certificate <code>sign</code>.
* @param certPathCerts The certificates of the certification path.
* @throws AnnotatedException if the certificate is revoked or the status cannot be checked
* or some error occurs.
*/
protected static void checkCRLs(ExtendedPKIXParameters paramsPKIX, X509Certificate cert, Date validDate, X509Certificate sign, PublicKey workingPublicKey, List certPathCerts) throws AnnotatedException {
AnnotatedException lastException = null;
CRLDistPoint crldp = null;
try {
crldp = CRLDistPoint.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.CRL_DISTRIBUTION_POINTS));
} catch (Exception e) {
throw new AnnotatedException("CRL distribution point extension could not be read.", e);
}
try {
CertPathValidatorUtilities.addAdditionalStoresFromCRLDistributionPoint(crldp, paramsPKIX);
} catch (AnnotatedException e) {
throw new AnnotatedException("No additional CRL locations could be decoded from CRL distribution point extension.", e);
}
CertStatus certStatus = new CertStatus();
ReasonsMask reasonsMask = new ReasonsMask();
boolean validCrlFound = false;
// for each distribution point
if (crldp != null) {
DistributionPoint[] dps = null;
try {
dps = crldp.getDistributionPoints();
} catch (Exception e) {
throw new AnnotatedException("Distribution points could not be read.", e);
}
if (dps != null) {
for (int i = 0; i < dps.length && certStatus.getCertStatus() == CertStatus.UNREVOKED && !reasonsMask.isAllReasons(); i++) {
ExtendedPKIXParameters paramsPKIXClone = (ExtendedPKIXParameters) paramsPKIX.clone();
try {
checkCRL(dps[i], paramsPKIXClone, cert, validDate, sign, workingPublicKey, certStatus, reasonsMask, certPathCerts);
validCrlFound = true;
} catch (AnnotatedException e) {
lastException = e;
}
}
}
}
if (certStatus.getCertStatus() == CertStatus.UNREVOKED && !reasonsMask.isAllReasons()) {
try {
/*
* assume a DP with both the reasons and the cRLIssuer fields
* omitted and a distribution point name of the certificate
* issuer.
*/
ASN1Primitive issuer = null;
try {
issuer = new ASN1InputStream(CertPathValidatorUtilities.getEncodedIssuerPrincipal(cert).getEncoded()).readObject();
} catch (Exception e) {
throw new AnnotatedException("Issuer from certificate for CRL could not be reencoded.", e);
}
DistributionPoint dp = new DistributionPoint(new DistributionPointName(0, new GeneralNames(new GeneralName(GeneralName.directoryName, issuer))), null, null);
ExtendedPKIXParameters paramsPKIXClone = (ExtendedPKIXParameters) paramsPKIX.clone();
checkCRL(dp, paramsPKIXClone, cert, validDate, sign, workingPublicKey, certStatus, reasonsMask, certPathCerts);
validCrlFound = true;
} catch (AnnotatedException e) {
lastException = e;
}
}
if (!validCrlFound) {
if (lastException instanceof AnnotatedException) {
throw lastException;
}
throw new AnnotatedException("No valid CRL found.", lastException);
}
if (certStatus.getCertStatus() != CertStatus.UNREVOKED) {
String message = "Certificate revocation after " + certStatus.getRevocationDate();
message += ", reason: " + crlReasons[certStatus.getCertStatus()];
throw new AnnotatedException(message);
}
if (!reasonsMask.isAllReasons() && certStatus.getCertStatus() == CertStatus.UNREVOKED) {
certStatus.setCertStatus(CertStatus.UNDETERMINED);
}
if (certStatus.getCertStatus() == CertStatus.UNDETERMINED) {
throw new AnnotatedException("Certificate status could not be determined.");
}
}
Also used :
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
DistributionPointName(org.bouncycastle.asn1.x509.DistributionPointName)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
GeneralSecurityException(java.security.GeneralSecurityException)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException)
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
CertPathBuilderException(java.security.cert.CertPathBuilderException)
IOException(java.io.IOException)
IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
ExtendedPKIXParameters(org.bouncycastle.x509.ExtendedPKIXParameters)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)
Example 28 with DistributionPointName
use of com.github.zhenwei.core.asn1.x509.DistributionPointName in project poi by apache.
the class PkiTestUtils method generateCertificate.
static X509Certificate generateCertificate(PublicKey subjectPublicKey, String subjectDn, Date notBefore, Date notAfter, X509Certificate issuerCertificate, PrivateKey issuerPrivateKey, boolean caFlag, int pathLength, String crlUri, String ocspUri, KeyUsage keyUsage) throws IOException, OperatorCreationException, CertificateException {
String signatureAlgorithm = "SHA1withRSA";
X500Name issuerName;
if (issuerCertificate != null) {
issuerName = new X509CertificateHolder(issuerCertificate.getEncoded()).getIssuer();
} else {
issuerName = new X500Name(subjectDn);
}
RSAPublicKey rsaPubKey = (RSAPublicKey) subjectPublicKey;
RSAKeyParameters rsaSpec = new RSAKeyParameters(false, rsaPubKey.getModulus(), rsaPubKey.getPublicExponent());
SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(rsaSpec);
DigestCalculator digestCalc = new JcaDigestCalculatorProviderBuilder().setProvider("BC").build().get(CertificateID.HASH_SHA1);
X509v3CertificateBuilder certificateGenerator = new X509v3CertificateBuilder(issuerName, new BigInteger(128, new SecureRandom()), notBefore, notAfter, new X500Name(subjectDn), subjectPublicKeyInfo);
X509ExtensionUtils exUtils = new X509ExtensionUtils(digestCalc);
SubjectKeyIdentifier subKeyId = exUtils.createSubjectKeyIdentifier(subjectPublicKeyInfo);
AuthorityKeyIdentifier autKeyId = (issuerCertificate != null) ? exUtils.createAuthorityKeyIdentifier(new X509CertificateHolder(issuerCertificate.getEncoded())) : exUtils.createAuthorityKeyIdentifier(subjectPublicKeyInfo);
certificateGenerator.addExtension(Extension.subjectKeyIdentifier, false, subKeyId);
certificateGenerator.addExtension(Extension.authorityKeyIdentifier, false, autKeyId);
if (caFlag) {
BasicConstraints bc;
if (-1 == pathLength) {
bc = new BasicConstraints(true);
} else {
bc = new BasicConstraints(pathLength);
}
certificateGenerator.addExtension(Extension.basicConstraints, false, bc);
}
if (null != crlUri) {
int uri = GeneralName.uniformResourceIdentifier;
DERIA5String crlUriDer = new DERIA5String(crlUri);
GeneralName gn = new GeneralName(uri, crlUriDer);
DERSequence gnDer = new DERSequence(gn);
GeneralNames gns = GeneralNames.getInstance(gnDer);
DistributionPointName dpn = new DistributionPointName(0, gns);
DistributionPoint distp = new DistributionPoint(dpn, null, null);
DERSequence distpDer = new DERSequence(distp);
certificateGenerator.addExtension(Extension.cRLDistributionPoints, false, distpDer);
}
if (null != ocspUri) {
int uri = GeneralName.uniformResourceIdentifier;
GeneralName ocspName = new GeneralName(uri, ocspUri);
AuthorityInformationAccess authorityInformationAccess = new AuthorityInformationAccess(X509ObjectIdentifiers.ocspAccessMethod, ocspName);
certificateGenerator.addExtension(Extension.authorityInfoAccess, false, authorityInformationAccess);
}
if (null != keyUsage) {
certificateGenerator.addExtension(Extension.keyUsage, true, keyUsage);
}
JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder(signatureAlgorithm);
signerBuilder.setProvider("BC");
X509CertificateHolder certHolder = certificateGenerator.build(signerBuilder.build(issuerPrivateKey));
// .getEncoded()));
return new JcaX509CertificateConverter().getCertificate(certHolder);
}
Also used :
AuthorityInformationAccess(org.bouncycastle.asn1.x509.AuthorityInformationAccess)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
DigestCalculator(org.bouncycastle.operator.DigestCalculator)
AuthorityKeyIdentifier(org.bouncycastle.asn1.x509.AuthorityKeyIdentifier)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
X500Name(org.bouncycastle.asn1.x500.X500Name)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
RSAKeyParameters(org.bouncycastle.crypto.params.RSAKeyParameters)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
DERSequence(org.bouncycastle.asn1.DERSequence)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
DistributionPointName(org.bouncycastle.asn1.x509.DistributionPointName)
SecureRandom(java.security.SecureRandom)
SubjectKeyIdentifier(org.bouncycastle.asn1.x509.SubjectKeyIdentifier)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
BigInteger(java.math.BigInteger)
JcaDigestCalculatorProviderBuilder(org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
X509ExtensionUtils(org.bouncycastle.cert.X509ExtensionUtils)
BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)
Example 29 with DistributionPointName
use of com.github.zhenwei.core.asn1.x509.DistributionPointName in project xipki by xipki.
the class X509Ca method generateCrl0.
private X509CRL generateCrl0(boolean deltaCrl, Date thisUpdate, Date nextUpdate, AuditEvent event, String msgId) throws OperationException {
X509CrlSignerEntryWrapper crlSigner = getCrlSigner();
if (crlSigner == null) {
throw new OperationException(ErrorCode.NOT_PERMITTED, "CRL generation is not allowed");
}
LOG.info(" START generateCrl: ca={}, deltaCRL={}, nextUpdate={}", caIdent, deltaCrl, nextUpdate);
event.addEventData(CaAuditConstants.NAME_crlType, deltaCrl ? "DELTA_CRL" : "FULL_CRL");
if (nextUpdate == null) {
event.addEventData(CaAuditConstants.NAME_nextUpdate, "null");
} else {
event.addEventData(CaAuditConstants.NAME_nextUpdate, DateUtil.toUtcTimeyyyyMMddhhmmss(nextUpdate));
if (nextUpdate.getTime() - thisUpdate.getTime() < 10 * 60 * MS_PER_SECOND) {
// less than 10 minutes
throw new OperationException(ErrorCode.CRL_FAILURE, "nextUpdate and thisUpdate are too close");
}
}
CrlControl crlControl = crlSigner.getCrlControl();
boolean successful = false;
try {
ConcurrentContentSigner tmpCrlSigner = crlSigner.getSigner();
CrlControl control = crlSigner.getCrlControl();
boolean directCrl;
X500Name crlIssuer;
if (tmpCrlSigner == null) {
directCrl = true;
crlIssuer = caInfo.getPublicCaInfo().getX500Subject();
} else {
directCrl = false;
crlIssuer = X500Name.getInstance(tmpCrlSigner.getCertificate().getSubjectX500Principal().getEncoded());
}
X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(crlIssuer, thisUpdate);
if (nextUpdate != null) {
crlBuilder.setNextUpdate(nextUpdate);
}
final int numEntries = 100;
Date notExpireAt;
if (control.isIncludeExpiredCerts()) {
notExpireAt = new Date(0);
} else {
// 10 minutes buffer
notExpireAt = new Date(thisUpdate.getTime() - 600L * MS_PER_SECOND);
}
long startId = 1;
// we have to cache the serial entries to sort them
List<CertRevInfoWithSerial> allRevInfos = new LinkedList<>();
List<CertRevInfoWithSerial> revInfos;
do {
if (deltaCrl) {
revInfos = certstore.getCertsForDeltaCrl(caIdent, startId, numEntries, control.isOnlyContainsCaCerts(), control.isOnlyContainsUserCerts());
} else {
revInfos = certstore.getRevokedCerts(caIdent, notExpireAt, startId, numEntries, control.isOnlyContainsCaCerts(), control.isOnlyContainsUserCerts());
}
allRevInfos.addAll(revInfos);
long maxId = 1;
for (CertRevInfoWithSerial revInfo : revInfos) {
if (revInfo.getId() > maxId) {
maxId = revInfo.getId();
}
}
// end for
startId = maxId + 1;
} while (// end do
revInfos.size() >= numEntries);
if (revInfos != null) {
// free the memory
revInfos.clear();
}
// sort the list by SerialNumber ASC
Collections.sort(allRevInfos);
boolean isFirstCrlEntry = true;
for (CertRevInfoWithSerial revInfo : allRevInfos) {
CrlReason reason = revInfo.getReason();
if (crlControl.isExcludeReason() && reason != CrlReason.REMOVE_FROM_CRL) {
reason = CrlReason.UNSPECIFIED;
}
Date revocationTime = revInfo.getRevocationTime();
Date invalidityTime = revInfo.getInvalidityTime();
switch(crlControl.getInvalidityDateMode()) {
case FORBIDDEN:
invalidityTime = null;
break;
case OPTIONAL:
break;
case REQUIRED:
if (invalidityTime == null) {
invalidityTime = revocationTime;
}
break;
default:
throw new RuntimeException("unknown TripleState: " + crlControl.getInvalidityDateMode());
}
BigInteger serial = revInfo.getSerial();
LOG.debug("added cert ca={} serial={} to CRL", caIdent, serial);
if (directCrl || !isFirstCrlEntry) {
if (invalidityTime != null) {
crlBuilder.addCRLEntry(serial, revocationTime, reason.getCode(), invalidityTime);
} else {
crlBuilder.addCRLEntry(serial, revocationTime, reason.getCode());
}
continue;
}
List<Extension> extensions = new ArrayList<>(3);
if (reason != CrlReason.UNSPECIFIED) {
Extension ext = createReasonExtension(reason.getCode());
extensions.add(ext);
}
if (invalidityTime != null) {
Extension ext = createInvalidityDateExtension(invalidityTime);
extensions.add(ext);
}
Extension ext = createCertificateIssuerExtension(caInfo.getPublicCaInfo().getX500Subject());
extensions.add(ext);
crlBuilder.addCRLEntry(serial, revocationTime, new Extensions(extensions.toArray(new Extension[0])));
isFirstCrlEntry = false;
}
// free the memory
allRevInfos.clear();
BigInteger crlNumber = caInfo.nextCrlNumber();
event.addEventData(CaAuditConstants.NAME_crlNumber, crlNumber);
boolean onlyUserCerts = crlControl.isOnlyContainsUserCerts();
boolean onlyCaCerts = crlControl.isOnlyContainsCaCerts();
if (onlyUserCerts && onlyCaCerts) {
throw new RuntimeException("should not reach here, onlyUserCerts and onlyCACerts are both true");
}
try {
// AuthorityKeyIdentifier
byte[] akiValues = directCrl ? caInfo.getPublicCaInfo().getSubjectKeyIdentifer() : crlSigner.getSubjectKeyIdentifier();
AuthorityKeyIdentifier aki = new AuthorityKeyIdentifier(akiValues);
crlBuilder.addExtension(Extension.authorityKeyIdentifier, false, aki);
// add extension CRL Number
crlBuilder.addExtension(Extension.cRLNumber, false, new ASN1Integer(crlNumber));
// IssuingDistributionPoint
if (onlyUserCerts || onlyCaCerts || !directCrl) {
IssuingDistributionPoint idp = new IssuingDistributionPoint(// distributionPoint,
(DistributionPointName) null, // onlyContainsUserCerts,
onlyUserCerts, // onlyContainsCACerts,
onlyCaCerts, // onlySomeReasons,
(ReasonFlags) null, // indirectCRL,
!directCrl, // onlyContainsAttributeCerts
false);
crlBuilder.addExtension(Extension.issuingDistributionPoint, true, idp);
}
// freshestCRL
List<String> deltaCrlUris = getCaInfo().getPublicCaInfo().getDeltaCrlUris();
if (control.getDeltaCrlIntervals() > 0 && CollectionUtil.isNonEmpty(deltaCrlUris)) {
CRLDistPoint cdp = CaUtil.createCrlDistributionPoints(deltaCrlUris, caInfo.getPublicCaInfo().getX500Subject(), crlIssuer);
crlBuilder.addExtension(Extension.freshestCRL, false, cdp);
}
} catch (CertIOException ex) {
LogUtil.error(LOG, ex, "crlBuilder.addExtension");
throw new OperationException(ErrorCode.INVALID_EXTENSION, ex);
}
addXipkiCertset(crlBuilder, deltaCrl, control, notExpireAt, onlyCaCerts, onlyUserCerts);
ConcurrentContentSigner concurrentSigner = (tmpCrlSigner == null) ? caInfo.getSigner(null) : tmpCrlSigner;
ConcurrentBagEntrySigner signer0;
try {
signer0 = concurrentSigner.borrowSigner();
} catch (NoIdleSignerException ex) {
throw new OperationException(ErrorCode.SYSTEM_FAILURE, "NoIdleSignerException: " + ex.getMessage());
}
X509CRLHolder crlHolder;
try {
crlHolder = crlBuilder.build(signer0.value());
} finally {
concurrentSigner.requiteSigner(signer0);
}
try {
X509CRL crl = X509Util.toX509Crl(crlHolder.toASN1Structure());
caInfo.getCaEntry().setNextCrlNumber(crlNumber.longValue() + 1);
caManager.commitNextCrlNo(caIdent, caInfo.getCaEntry().getNextCrlNumber());
publishCrl(crl);
successful = true;
LOG.info("SUCCESSFUL generateCrl: ca={}, crlNumber={}, thisUpdate={}", caIdent, crlNumber, crl.getThisUpdate());
if (!deltaCrl) {
// clean up the CRL
cleanupCrlsWithoutException(msgId);
}
return crl;
} catch (CRLException | CertificateException ex) {
throw new OperationException(ErrorCode.CRL_FAILURE, ex);
}
} finally {
if (!successful) {
LOG.info(" FAILED generateCrl: ca={}", caIdent);
}
}
}
Also used :
CrlControl(org.xipki.ca.server.mgmt.api.x509.CrlControl)
IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint)
X509CRL(java.security.cert.X509CRL)
ArrayList(java.util.ArrayList)
AuthorityKeyIdentifier(org.bouncycastle.asn1.x509.AuthorityKeyIdentifier)
CertificateException(java.security.cert.CertificateException)
X500Name(org.bouncycastle.asn1.x500.X500Name)
DERPrintableString(org.bouncycastle.asn1.DERPrintableString)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
Extensions(org.bouncycastle.asn1.x509.Extensions)
NoIdleSignerException(org.xipki.security.exception.NoIdleSignerException)
X509v2CRLBuilder(org.bouncycastle.cert.X509v2CRLBuilder)
CrlReason(org.xipki.security.CrlReason)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
CRLException(java.security.cert.CRLException)
OperationException(org.xipki.ca.api.OperationException)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
CertIOException(org.bouncycastle.cert.CertIOException)
ConcurrentBagEntrySigner(org.xipki.security.ConcurrentBagEntrySigner)
IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
Date(java.util.Date)
LinkedList(java.util.LinkedList)
Extension(org.bouncycastle.asn1.x509.Extension)
ConcurrentContentSigner(org.xipki.security.ConcurrentContentSigner)
X509CRLHolder(org.bouncycastle.cert.X509CRLHolder)
BigInteger(java.math.BigInteger)
Example 30 with DistributionPointName
use of com.github.zhenwei.core.asn1.x509.DistributionPointName in project xipki by xipki.
the class CaUtil method createCrlDistributionPoints.
public static CRLDistPoint createCrlDistributionPoints(List<String> crlUris, X500Name caSubject, X500Name crlSignerSubject) {
ParamUtil.requireNonEmpty("crlUris", crlUris);
int size = crlUris.size();
DistributionPoint[] points = new DistributionPoint[1];
GeneralName[] names = new GeneralName[size];
for (int i = 0; i < size; i++) {
names[i] = new GeneralName(GeneralName.uniformResourceIdentifier, crlUris.get(i));
}
// Distribution Point
GeneralNames gns = new GeneralNames(names);
DistributionPointName pointName = new DistributionPointName(gns);
GeneralNames crlIssuer = null;
if (crlSignerSubject != null && !crlSignerSubject.equals(caSubject)) {
GeneralName crlIssuerName = new GeneralName(crlSignerSubject);
crlIssuer = new GeneralNames(crlIssuerName);
}
points[0] = new DistributionPoint(pointName, null, crlIssuer);
return new CRLDistPoint(points);
}
Also used :
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
DistributionPointName(org.bouncycastle.asn1.x509.DistributionPointName)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
Aggregations
DistributionPointName (org.bouncycastle.asn1.x509.DistributionPointName)30
DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)29
GeneralName (org.bouncycastle.asn1.x509.GeneralName)29
CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)27
IOException (java.io.IOException)22
ArrayList (java.util.ArrayList)19
GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)19
DERIA5String (org.bouncycastle.asn1.DERIA5String)18
CertPathValidatorException (java.security.cert.CertPathValidatorException)16
GeneralSecurityException (java.security.GeneralSecurityException)13
CRLDistPoint (com.github.zhenwei.core.asn1.x509.CRLDistPoint)11
DistributionPoint (com.github.zhenwei.core.asn1.x509.DistributionPoint)11
DistributionPointName (com.github.zhenwei.core.asn1.x509.DistributionPointName)11
GeneralName (com.github.zhenwei.core.asn1.x509.GeneralName)11
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)11
ASN1Primitive (org.bouncycastle.asn1.ASN1Primitive)11
DEROctetString (org.bouncycastle.asn1.DEROctetString)11
CertPathBuilderException (java.security.cert.CertPathBuilderException)10
ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)9
CertStoreException (java.security.cert.CertStoreException)8
