Example 1 with JcaX509v2CRLBuilder
use of org.bouncycastle.cert.jcajce.JcaX509v2CRLBuilder in project certmgr by hdecarne.
the class X509CRLHelper method generateCRL.
/**
* Generate a CRL object.
*
* @param currentCRL The current CRL object in case of an update (may be {@code null}).
* @param lastUpdate The last update timestamp to set.
* @param nextUpdate The next update timestamp to set (may be {@code null}).
* @param revokeEntries The revoked entries.
* @param issuerDN The CRL issuer's DN.
* @param issuerKey The CRL issuer's key pair.
* @param signatureAlgorithm The signature algorithm to use for signing.
* @return The generated CRL object.
* @throws IOException if an error occurs during generation.
*/
public static X509CRL generateCRL(@Nullable X509CRL currentCRL, Date lastUpdate, @Nullable Date nextUpdate, Map<BigInteger, ReasonFlag> revokeEntries, X500Principal issuerDN, KeyPair issuerKey, SignatureAlgorithm signatureAlgorithm) throws IOException {
LOG.info("CRL generation ''{0}'' started...", issuerDN);
// Initialize CRL builder
JcaX509v2CRLBuilder crlBuilder = new JcaX509v2CRLBuilder(issuerDN, lastUpdate);
if (nextUpdate != null) {
crlBuilder.setNextUpdate(nextUpdate);
}
for (Map.Entry<BigInteger, ReasonFlag> revokeEntry : revokeEntries.entrySet()) {
crlBuilder.addCRLEntry(revokeEntry.getKey(), lastUpdate, revokeEntry.getValue().value());
}
X509CRL crl;
try {
// Add extensions
JcaX509ExtensionUtils extensionUtils = new JcaX509ExtensionUtils();
crlBuilder.addExtension(Extension.authorityKeyIdentifier, false, extensionUtils.createAuthorityKeyIdentifier(issuerKey.getPublic()));
BigInteger nextCRLNumber = getNextCRLNumber(currentCRL);
crlBuilder.addExtension(Extension.cRLNumber, false, new CRLNumber(nextCRLNumber));
// Sign and create CRL object
ContentSigner crlSigner = new JcaContentSignerBuilder(signatureAlgorithm.algorithm()).build(issuerKey.getPrivate());
crl = new JcaX509CRLConverter().getCRL(crlBuilder.build(crlSigner));
} catch (GeneralSecurityException | OperatorCreationException e) {
throw new CertProviderException(e);
}
LOG.info("CRT generation ''{0}'' done", issuerDN);
return crl;
}
Also used :
JcaX509ExtensionUtils(org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils)
X509CRL(java.security.cert.X509CRL)
CRLNumber(org.bouncycastle.asn1.x509.CRLNumber)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
GeneralSecurityException(java.security.GeneralSecurityException)
ContentSigner(org.bouncycastle.operator.ContentSigner)
JcaX509v2CRLBuilder(org.bouncycastle.cert.jcajce.JcaX509v2CRLBuilder)
CertProviderException(de.carne.certmgr.certs.CertProviderException)
JcaX509CRLConverter(org.bouncycastle.cert.jcajce.JcaX509CRLConverter)
BigInteger(java.math.BigInteger)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
Map(java.util.Map)
Aggregations
CertProviderException (de.carne.certmgr.certs.CertProviderException)1
BigInteger (java.math.BigInteger)1
GeneralSecurityException (java.security.GeneralSecurityException)1
X509CRL (java.security.cert.X509CRL)1
Map (java.util.Map)1
CRLNumber (org.bouncycastle.asn1.x509.CRLNumber)1
JcaX509CRLConverter (org.bouncycastle.cert.jcajce.JcaX509CRLConverter)1
JcaX509ExtensionUtils (org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils)1
JcaX509v2CRLBuilder (org.bouncycastle.cert.jcajce.JcaX509v2CRLBuilder)1
ContentSigner (org.bouncycastle.operator.ContentSigner)1
OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)1
JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)1
