Example 31 with X509CRLHolder
use of org.bouncycastle.cert.X509CRLHolder in project jruby-openssl by jruby.
the class X509CRL method getSignatureAlgorithm.
private String getSignatureAlgorithm(final Ruby runtime, final String def) {
final X509CRLHolder crlHolder = getCRLHolder(true);
if (crlHolder == null)
return def;
ASN1ObjectIdentifier algId = crlHolder.toASN1Structure().getSignatureAlgorithm().getAlgorithm();
// ASN1ObjectIdentifier algId = ASN1.toObjectID( getCRL().getSigAlgOID(), true );
String algName;
if (algId != null) {
algName = ASN1.o2a(runtime, algId, true);
} else
algName = null;
// }
return algName == null ? def : algName;
}
Also used :
X509CRLHolder(org.bouncycastle.cert.X509CRLHolder)
RubyString(org.jruby.RubyString)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 32 with X509CRLHolder
use of org.bouncycastle.cert.X509CRLHolder in project wso2-synapse by wso2.
the class CRLVerifierTest method createCRL.
/**
* Creates a fake CRL for the fake CA. The fake certificate with the given revokedSerialNumber will be marked
* as Revoked in the returned CRL.
* @param caCert the fake CA certificate.
* @param caPrivateKey private key of the fake CA.
* @param revokedSerialNumber the serial number of the fake peer certificate made to be marked as revoked.
* @return the created fake CRL
* @throws Exception
*/
public static X509CRL createCRL(X509Certificate caCert, PrivateKey caPrivateKey, BigInteger revokedSerialNumber) throws Exception {
JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils();
Date now = new Date();
X500Name issuer = X500Name.getInstance(PrincipalUtil.getIssuerX509Principal(caCert).getEncoded());
X509v2CRLBuilder builder = new X509v2CRLBuilder(issuer, new Date());
builder.addCRLEntry(revokedSerialNumber, new Date(), 0);
builder.setNextUpdate(new Date(now.getTime() + TestConstants.NEXT_UPDATE_PERIOD));
builder.addExtension(Extension.cRLDistributionPoints, false, extUtils.createAuthorityKeyIdentifier(caCert));
builder.addExtension(Extension.cRLNumber, false, new CRLNumber(BigInteger.valueOf(1)));
JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder("SHA256WithRSAEncryption");
contentSignerBuilder.setProvider(CryptoConstants.BOUNCY_CASTLE_PROVIDER);
X509CRLHolder cRLHolder = builder.build(contentSignerBuilder.build(caPrivateKey));
JcaX509CRLConverter converter = new JcaX509CRLConverter();
converter.setProvider(CryptoConstants.BOUNCY_CASTLE_PROVIDER);
return converter.getCRL(cRLHolder);
}
Also used :
JcaX509ExtensionUtils(org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils)
JcaX509CRLConverter(org.bouncycastle.cert.jcajce.JcaX509CRLConverter)
CRLNumber(org.bouncycastle.asn1.x509.CRLNumber)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
X509CRLHolder(org.bouncycastle.cert.X509CRLHolder)
X509v2CRLBuilder(org.bouncycastle.cert.X509v2CRLBuilder)
X500Name(org.bouncycastle.asn1.x500.X500Name)
Date(java.util.Date)
Aggregations
X509CRLHolder (org.bouncycastle.cert.X509CRLHolder)32
X509v2CRLBuilder (org.bouncycastle.cert.X509v2CRLBuilder)22
Date (java.util.Date)20
File (java.io.File)15
BigInteger (java.math.BigInteger)15
FileOutputStream (java.io.FileOutputStream)14
Test (org.junit.Test)13
BufferedOutputStream (java.io.BufferedOutputStream)10
OutputStream (java.io.OutputStream)10
X509CRL (java.security.cert.X509CRL)9
HashSet (java.util.HashSet)9
JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)9
CRLNumber (org.bouncycastle.asn1.x509.CRLNumber)8
IOException (java.io.IOException)7
ContentSigner (org.bouncycastle.operator.ContentSigner)7
X509CRLEntry (java.security.cert.X509CRLEntry)6
JcaX509CRLConverter (org.bouncycastle.cert.jcajce.JcaX509CRLConverter)6
JcaX509ExtensionUtils (org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils)6
ASN1Integer (org.bouncycastle.asn1.ASN1Integer)5
X500Name (org.bouncycastle.asn1.x500.X500Name)5
