Examples with X509CRLHolder org.bouncycastle.cert.X509CRLHolder used on opensource projects

Search in sources :

Example 26 with X509CRLHolder

use of org.bouncycastle.cert.X509CRLHolder in project candlepin by candlepin.

the class X509CRLEntryStreamTest method testCRLwithoutUpdateTime.

@Test
public void testCRLwithoutUpdateTime() throws Exception {
    X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(issuer, new Date());
    AuthorityKeyIdentifier identifier = new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(keyPair.getPublic());
    crlBuilder.addExtension(Extension.authorityKeyIdentifier, false, identifier);
    crlBuilder.addExtension(Extension.cRLNumber, false, new CRLNumber(new BigInteger("127")));
    crlBuilder.addCRLEntry(new BigInteger("100"), new Date(), CRLReason.unspecified);
    X509CRLHolder holder = crlBuilder.build(signer);
    File noUpdateTimeCrl = new File(folder.getRoot(), "test.crl");
    FileUtils.writeByteArrayToFile(noUpdateTimeCrl, holder.getEncoded());
    X509CRLEntryStream stream = new X509CRLEntryStream(noUpdateTimeCrl);
    try {
        Set<BigInteger> streamedSerials = new HashSet<>();
        while (stream.hasNext()) {
            streamedSerials.add(getSerial(stream.next()));
        }
        assertEquals(1, streamedSerials.size());
        assertTrue(streamedSerials.contains(new BigInteger("100")));
    } finally {
        stream.close();
    }
}
Also used : JcaX509ExtensionUtils(org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils) CRLNumber(org.bouncycastle.asn1.x509.CRLNumber) X509CRLHolder(org.bouncycastle.cert.X509CRLHolder) BigInteger(java.math.BigInteger) X509v2CRLBuilder(org.bouncycastle.cert.X509v2CRLBuilder) AuthorityKeyIdentifier(org.bouncycastle.asn1.x509.AuthorityKeyIdentifier) File(java.io.File) Date(java.util.Date) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 27 with X509CRLHolder

use of org.bouncycastle.cert.X509CRLHolder in project wildfly by wildfly.

the class CertificateRevocationListTestBase method prepareCrlFiles.

private static void prepareCrlFiles(X509Certificate intermediateIssuerCertificate, SelfSignedX509CertificateAndSigningKey issuerSelfSignedX509CertificateAndSigningKey, X509Certificate revoked, File crlFile) throws Exception {
    // Used for all CRLs
    Calendar calendar = Calendar.getInstance();
    Date currentDate = calendar.getTime();
    calendar.add(Calendar.YEAR, 1);
    Date nextYear = calendar.getTime();
    calendar.add(Calendar.YEAR, -1);
    calendar.add(Calendar.SECOND, -30);
    Date revokeDate = calendar.getTime();
    X509v2CRLBuilder caBlankCrlBuilder = new X509v2CRLBuilder(convertSunStyleToBCStyle(intermediateIssuerCertificate.getIssuerDN()), currentDate);
    caBlankCrlBuilder.addCRLEntry(revoked.getSerialNumber(), currentDate, CRLReason.unspecified);
    X509CRLHolder caBlankCrlHolder = caBlankCrlBuilder.setNextUpdate(nextYear).build(new JcaContentSignerBuilder("SHA256withRSA").setProvider("BC").build(issuerSelfSignedX509CertificateAndSigningKey.getSigningKey()));
    PemWriter caBlankCrlOutput = new PemWriter(new OutputStreamWriter(new FileOutputStream(crlFile)));
    caBlankCrlOutput.writeObject(new MiscPEMGenerator(caBlankCrlHolder));
    caBlankCrlOutput.close();
}
Also used : MiscPEMGenerator(org.bouncycastle.openssl.MiscPEMGenerator) PemWriter(org.bouncycastle.util.io.pem.PemWriter) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) Calendar(java.util.Calendar) FileOutputStream(java.io.FileOutputStream) X509CRLHolder(org.bouncycastle.cert.X509CRLHolder) X509v2CRLBuilder(org.bouncycastle.cert.X509v2CRLBuilder) OutputStreamWriter(java.io.OutputStreamWriter) Date(java.util.Date)

Example 28 with X509CRLHolder

use of org.bouncycastle.cert.X509CRLHolder in project wildfly by wildfly.

the class OcspTestBase method prepareCrlFiles.

private static void prepareCrlFiles(X509Certificate intermediateIssuerCertificate, SelfSignedX509CertificateAndSigningKey issuerSelfSignedX509CertificateAndSigningKey) throws Exception {
    // Used for all CRLs
    Calendar calendar = Calendar.getInstance();
    Date currentDate = calendar.getTime();
    calendar.add(Calendar.YEAR, 1);
    Date nextYear = calendar.getTime();
    calendar.add(Calendar.YEAR, -1);
    calendar.add(Calendar.SECOND, -30);
    // Creates the CRL for ca/crl/blank.pem
    X509v2CRLBuilder caBlankCrlBuilder = new X509v2CRLBuilder(convertSunStyleToBCStyle(intermediateIssuerCertificate.getIssuerDN()), currentDate);
    X509CRLHolder caBlankCrlHolder = caBlankCrlBuilder.setNextUpdate(nextYear).build(new JcaContentSignerBuilder("SHA256withRSA").setProvider("BC").build(issuerSelfSignedX509CertificateAndSigningKey.getSigningKey()));
    PemWriter caBlankCrlOutput = new PemWriter(new OutputStreamWriter(new FileOutputStream(CA_BLANK_PEM_CRL)));
    caBlankCrlOutput.writeObject(new MiscPEMGenerator(caBlankCrlHolder));
    caBlankCrlOutput.close();
}
Also used : MiscPEMGenerator(org.bouncycastle.openssl.MiscPEMGenerator) PemWriter(org.bouncycastle.util.io.pem.PemWriter) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) Calendar(java.util.Calendar) FileOutputStream(java.io.FileOutputStream) X509CRLHolder(org.bouncycastle.cert.X509CRLHolder) X509v2CRLBuilder(org.bouncycastle.cert.X509v2CRLBuilder) OutputStreamWriter(java.io.OutputStreamWriter) Date(java.util.Date)

Example 29 with X509CRLHolder

use of org.bouncycastle.cert.X509CRLHolder in project zookeeper by apache.

the class QuorumSSLTest method buildCRL.

private void buildCRL(X509Certificate x509Certificate, String crlPath) throws Exception {
    X509v2CRLBuilder builder = new JcaX509v2CRLBuilder(x509Certificate.getIssuerX500Principal(), certStartTime);
    builder.addCRLEntry(x509Certificate.getSerialNumber(), certStartTime, CRLReason.cACompromise);
    builder.setNextUpdate(certEndTime);
    builder.addExtension(Extension.authorityKeyIdentifier, false, new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(rootCertificate));
    builder.addExtension(Extension.cRLNumber, false, new CRLNumber(new BigInteger("1000")));
    X509CRLHolder cRLHolder = builder.build(contentSigner);
    PemWriter pemWriter = new PemWriter(new FileWriter(crlPath));
    pemWriter.writeObject(new MiscPEMGenerator(cRLHolder));
    pemWriter.flush();
    pemWriter.close();
}
Also used : MiscPEMGenerator(org.bouncycastle.openssl.MiscPEMGenerator) JcaX509ExtensionUtils(org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils) PemWriter(org.bouncycastle.util.io.pem.PemWriter) CRLNumber(org.bouncycastle.asn1.x509.CRLNumber) FileWriter(java.io.FileWriter) X509CRLHolder(org.bouncycastle.cert.X509CRLHolder) BigInteger(java.math.BigInteger) JcaX509v2CRLBuilder(org.bouncycastle.cert.jcajce.JcaX509v2CRLBuilder) X509v2CRLBuilder(org.bouncycastle.cert.X509v2CRLBuilder) JcaX509v2CRLBuilder(org.bouncycastle.cert.jcajce.JcaX509v2CRLBuilder)

Example 30 with X509CRLHolder

use of org.bouncycastle.cert.X509CRLHolder in project qpid-broker-j by apache.

the class TlsResourceBuilder method createCertificateRevocationList.

static X509CRL createCertificateRevocationList(final KeyCertificatePair ca, X509Certificate... certificate) throws CRLException {
    try {
        final X500Name issuerName = X500Name.getInstance(RFC4519Style.INSTANCE, ca.getCertificate().getSubjectX500Principal().getEncoded());
        final Instant nextUpdate = Instant.now().plus(10, ChronoUnit.DAYS);
        final Date now = new Date();
        final X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(issuerName, now);
        crlBuilder.setNextUpdate(new Date(nextUpdate.toEpochMilli()));
        for (X509Certificate c : certificate) {
            crlBuilder.addCRLEntry(c.getSerialNumber(), now, CRLReason.privilegeWithdrawn);
        }
        crlBuilder.addExtension(createAuthorityKeyExtension(ca.getCertificate().getPublicKey()));
        crlBuilder.addExtension(Extension.cRLNumber, false, new CRLNumber(generateSerialNumber()));
        final ContentSigner contentSigner = createContentSigner(ca.getPrivateKey());
        final X509CRLHolder crl = crlBuilder.build(contentSigner);
        return new JcaX509CRLConverter().getCRL(crl);
    } catch (OperatorException | IOException | CertificateException e) {
        throw new CRLException(e);
    }
}
Also used : CRLNumber(org.bouncycastle.asn1.x509.CRLNumber) Instant(java.time.Instant) ContentSigner(org.bouncycastle.operator.ContentSigner) CertificateException(java.security.cert.CertificateException) X500Name(org.bouncycastle.asn1.x500.X500Name) IOException(java.io.IOException) Date(java.util.Date) X509Certificate(java.security.cert.X509Certificate) JcaX509CRLConverter(org.bouncycastle.cert.jcajce.JcaX509CRLConverter) X509CRLHolder(org.bouncycastle.cert.X509CRLHolder) X509v2CRLBuilder(org.bouncycastle.cert.X509v2CRLBuilder) CRLException(java.security.cert.CRLException) OperatorException(org.bouncycastle.operator.OperatorException)

Aggregations

X509CRLHolder (org.bouncycastle.cert.X509CRLHolder)32 X509v2CRLBuilder (org.bouncycastle.cert.X509v2CRLBuilder)22 Date (java.util.Date)20 File (java.io.File)15 BigInteger (java.math.BigInteger)15 FileOutputStream (java.io.FileOutputStream)14 Test (org.junit.Test)13 BufferedOutputStream (java.io.BufferedOutputStream)10 OutputStream (java.io.OutputStream)10 X509CRL (java.security.cert.X509CRL)9 HashSet (java.util.HashSet)9 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)9 CRLNumber (org.bouncycastle.asn1.x509.CRLNumber)8 IOException (java.io.IOException)7 ContentSigner (org.bouncycastle.operator.ContentSigner)7 X509CRLEntry (java.security.cert.X509CRLEntry)6 JcaX509CRLConverter (org.bouncycastle.cert.jcajce.JcaX509CRLConverter)6 JcaX509ExtensionUtils (org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils)6 ASN1Integer (org.bouncycastle.asn1.ASN1Integer)5 X500Name (org.bouncycastle.asn1.x500.X500Name)5
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial