Examples with X509CRLHolder org.bouncycastle.cert.X509CRLHolder used on opensource projects

Search in sources :

Example 1 with X509CRLHolder

use of org.bouncycastle.cert.X509CRLHolder in project poi by apache.

the class PkiTestUtils method generateCrl.

public static X509CRL generateCrl(X509Certificate issuer, PrivateKey issuerPrivateKey) throws CertificateEncodingException, IOException, CRLException, OperatorCreationException {
    X509CertificateHolder holder = new X509CertificateHolder(issuer.getEncoded());
    X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(holder.getIssuer(), new Date());
    crlBuilder.setNextUpdate(new Date(new Date().getTime() + 100000));
    JcaContentSignerBuilder contentBuilder = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC");
    CRLNumber crlNumber = new CRLNumber(new BigInteger("1234"));
    crlBuilder.addExtension(Extension.cRLNumber, false, crlNumber);
    X509CRLHolder x509Crl = crlBuilder.build(contentBuilder.build(issuerPrivateKey));
    return new JcaX509CRLConverter().setProvider("BC").getCRL(x509Crl);
}
Also used : JcaX509CRLConverter(org.bouncycastle.cert.jcajce.JcaX509CRLConverter) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) CRLNumber(org.bouncycastle.asn1.x509.CRLNumber) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) X509CRLHolder(org.bouncycastle.cert.X509CRLHolder) BigInteger(java.math.BigInteger) X509v2CRLBuilder(org.bouncycastle.cert.X509v2CRLBuilder) Date(java.util.Date)

Example 2 with X509CRLHolder

use of org.bouncycastle.cert.X509CRLHolder in project robovm by robovm.

the class CMSUtils method getCRLsFromStore.

static List getCRLsFromStore(Store crlStore) throws CMSException {
    List certs = new ArrayList();
    try {
        for (Iterator it = crlStore.getMatches(null).iterator(); it.hasNext(); ) {
            X509CRLHolder c = (X509CRLHolder) it.next();
            certs.add(c.toASN1Structure());
        }
        return certs;
    } catch (ClassCastException e) {
        throw new CMSException("error processing certs", e);
    }
}
Also used : ArrayList(java.util.ArrayList) Iterator(java.util.Iterator) X509CRLHolder(org.bouncycastle.cert.X509CRLHolder) ArrayList(java.util.ArrayList) CertificateList(org.bouncycastle.asn1.x509.CertificateList) List(java.util.List)

Example 3 with X509CRLHolder

use of org.bouncycastle.cert.X509CRLHolder in project xipki by xipki.

the class CaEmulator method getCrl.

public synchronized CertificateList getCrl(X500Name issuer, BigInteger serialNumber) throws Exception {
    if (crl != null) {
        return crl;
    }
    Date thisUpdate = new Date();
    X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(caSubject, thisUpdate);
    Date nextUpdate = new Date(thisUpdate.getTime() + 30 * DAY_IN_MS);
    crlBuilder.setNextUpdate(nextUpdate);
    Date caStartTime = caCert.getTBSCertificate().getStartDate().getDate();
    Date revocationTime = new Date(caStartTime.getTime() + 1);
    if (revocationTime.after(thisUpdate)) {
        revocationTime = caStartTime;
    }
    crlBuilder.addCRLEntry(BigInteger.valueOf(2), revocationTime, CRLReason.keyCompromise);
    crlBuilder.addExtension(Extension.cRLNumber, false, new ASN1Integer(crlNumber.getAndAdd(1)));
    String signatureAlgorithm = ScepUtil.getSignatureAlgorithm(caKey, ScepHashAlgo.SHA256);
    ContentSigner contentSigner = new JcaContentSignerBuilder(signatureAlgorithm).build(caKey);
    X509CRLHolder crl = crlBuilder.build(contentSigner);
    return crl.toASN1Structure();
}
Also used : JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ContentSigner(org.bouncycastle.operator.ContentSigner) X509CRLHolder(org.bouncycastle.cert.X509CRLHolder) X509v2CRLBuilder(org.bouncycastle.cert.X509v2CRLBuilder) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) Date(java.util.Date)

Example 4 with X509CRLHolder

use of org.bouncycastle.cert.X509CRLHolder in project candlepin by candlepin.

the class X509CRLStreamWriterTest method testSignatureKeyChange.

@Test
public void testSignatureKeyChange() throws Exception {
    KeyPair differentKeyPair = generator.generateKeyPair();
    ContentSigner otherSigner = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(BC_PROVIDER).build(differentKeyPair.getPrivate());
    X509v2CRLBuilder crlBuilder = createCRLBuilder();
    X509CRLHolder holder = crlBuilder.build(otherSigner);
    File crlToChange = writeCRL(holder);
    X509CRLStreamWriter stream = new X509CRLStreamWriter(crlToChange, (RSAPrivateKey) keyPair.getPrivate(), (RSAPublicKey) keyPair.getPublic());
    stream.preScan(crlToChange).lock();
    OutputStream o = new BufferedOutputStream(new FileOutputStream(outfile));
    stream.write(o);
    o.close();
    // No SignatureException should be thrown
    readCRL();
}
Also used : KeyPair(java.security.KeyPair) PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) BufferedOutputStream(java.io.BufferedOutputStream) OutputStream(java.io.OutputStream) FileOutputStream(java.io.FileOutputStream) FileOutputStream(java.io.FileOutputStream) ContentSigner(org.bouncycastle.operator.ContentSigner) X509CRLHolder(org.bouncycastle.cert.X509CRLHolder) X509v2CRLBuilder(org.bouncycastle.cert.X509v2CRLBuilder) File(java.io.File) BufferedOutputStream(java.io.BufferedOutputStream) Test(org.junit.Test)

Example 5 with X509CRLHolder

use of org.bouncycastle.cert.X509CRLHolder in project candlepin by candlepin.

the class X509CRLStreamWriterTest method testDeleteEntryFromCRL.

@Test
public void testDeleteEntryFromCRL() throws Exception {
    X509v2CRLBuilder crlBuilder = createCRLBuilder();
    crlBuilder.addCRLEntry(new BigInteger("101"), new Date(), CRLReason.unspecified);
    X509CRLHolder holder = crlBuilder.build(signer);
    File crlToChange = writeCRL(holder);
    CRLEntryValidator validator = new CRLEntryValidator() {

        @Override
        public boolean shouldDelete(CRLEntry entry) {
            return entry.getUserCertificate().getValue().equals(new BigInteger("101"));
        }
    };
    X509CRLStreamWriter stream = new X509CRLStreamWriter(crlToChange, (RSAPrivateKey) keyPair.getPrivate(), (RSAPublicKey) keyPair.getPublic());
    stream.add(new BigInteger("9000"), new Date(), 0);
    stream.preScan(crlToChange, validator).lock();
    OutputStream o = new BufferedOutputStream(new FileOutputStream(outfile));
    stream.write(o);
    o.close();
    X509CRL changedCrl = readCRL();
    Set<BigInteger> discoveredSerials = new HashSet<>();
    for (X509CRLEntry entry : changedCrl.getRevokedCertificates()) {
        discoveredSerials.add(entry.getSerialNumber());
    }
    Set<BigInteger> expected = new HashSet<>();
    expected.add(new BigInteger("100"));
    expected.add(new BigInteger("9000"));
    assertEquals(expected, discoveredSerials);
}
Also used : X509CRL(java.security.cert.X509CRL) BufferedOutputStream(java.io.BufferedOutputStream) OutputStream(java.io.OutputStream) FileOutputStream(java.io.FileOutputStream) X509CRLEntry(java.security.cert.X509CRLEntry) CRLEntry(org.bouncycastle.asn1.x509.TBSCertList.CRLEntry) Date(java.util.Date) X509CRLEntry(java.security.cert.X509CRLEntry) FileOutputStream(java.io.FileOutputStream) X509CRLHolder(org.bouncycastle.cert.X509CRLHolder) BigInteger(java.math.BigInteger) X509v2CRLBuilder(org.bouncycastle.cert.X509v2CRLBuilder) File(java.io.File) BufferedOutputStream(java.io.BufferedOutputStream) HashSet(java.util.HashSet) Test(org.junit.Test)

Aggregations

X509CRLHolder (org.bouncycastle.cert.X509CRLHolder)32 X509v2CRLBuilder (org.bouncycastle.cert.X509v2CRLBuilder)22 Date (java.util.Date)20 File (java.io.File)15 BigInteger (java.math.BigInteger)15 FileOutputStream (java.io.FileOutputStream)14 Test (org.junit.Test)13 BufferedOutputStream (java.io.BufferedOutputStream)10 OutputStream (java.io.OutputStream)10 X509CRL (java.security.cert.X509CRL)9 HashSet (java.util.HashSet)9 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)9 CRLNumber (org.bouncycastle.asn1.x509.CRLNumber)8 IOException (java.io.IOException)7 ContentSigner (org.bouncycastle.operator.ContentSigner)7 X509CRLEntry (java.security.cert.X509CRLEntry)6 JcaX509CRLConverter (org.bouncycastle.cert.jcajce.JcaX509CRLConverter)6 JcaX509ExtensionUtils (org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils)6 ASN1Integer (org.bouncycastle.asn1.ASN1Integer)5 X500Name (org.bouncycastle.asn1.x500.X500Name)5
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial