Example 1 with X509CRLEntryWrapper
use of org.candlepin.pki.X509CRLEntryWrapper in project candlepin by candlepin.
the class CrlFileUtil method initializeCRLFile.
/**
* Initializes a new CRL at the specified location
*
* @param file
* The file to initialize
*
* @throws IOException
* If an IO error occurs while initializing the CRL file
*/
public void initializeCRLFile(File file, Collection<BigInteger> revoke) throws IOException {
FileOutputStream output = null;
List<X509CRLEntryWrapper> entries = new LinkedList<>();
for (BigInteger serial : revoke) {
entries.add(new X509CRLEntryWrapper(serial, new Date()));
}
X509CRL crl = this.pkiUtility.createX509CRL(entries, BigInteger.ONE);
try {
output = new FileOutputStream(file);
this.pkiUtility.writePemEncoded(crl, output);
} finally {
IOUtils.closeQuietly(output);
}
}
Also used :
X509CRL(java.security.cert.X509CRL)
X509CRLEntryWrapper(org.candlepin.pki.X509CRLEntryWrapper)
FileOutputStream(java.io.FileOutputStream)
BigInteger(java.math.BigInteger)
LinkedList(java.util.LinkedList)
Date(java.util.Date)
Example 2 with X509CRLEntryWrapper
use of org.candlepin.pki.X509CRLEntryWrapper in project candlepin by candlepin.
the class BouncyCastlePKIUtility method createX509CRL.
@Override
public X509CRL createX509CRL(List<X509CRLEntryWrapper> entries, BigInteger crlNumber) {
try {
X509Certificate caCert = reader.getCACert();
X509v2CRLBuilder generator = new X509v2CRLBuilder(X500Name.getInstance(caCert.getIssuerX500Principal().getEncoded()), new Date());
generator.setNextUpdate(Util.addDaysToDt(config.getInt(ConfigProperties.CRL_NEXT_UPDATE_DELTA)));
// add all the CRL entries.
for (X509CRLEntryWrapper entry : entries) {
generator.addCRLEntry(entry.getSerialNumber(), entry.getRevocationDate(), CRLReason.privilegeWithdrawn);
}
log.info("Completed adding CRL numbers to the certificate.");
JcaX509ExtensionUtils extentionUtil = new JcaX509ExtensionUtils();
AuthorityKeyIdentifier aki = extentionUtil.createAuthorityKeyIdentifier(caCert);
generator.addExtension(Extension.authorityKeyIdentifier, false, aki.getEncoded());
generator.addExtension(Extension.cRLNumber, false, new CRLNumber(crlNumber));
JcaContentSignerBuilder builder = new JcaContentSignerBuilder(SIGNATURE_ALGO).setProvider(BC_PROVIDER);
ContentSigner signer;
try {
signer = builder.build(reader.getCaKey());
} catch (OperatorCreationException e) {
throw new IOException(e);
}
return new JcaX509CRLConverter().getCRL(generator.build(signer));
} catch (Exception e) {
throw new RuntimeException(e);
}
}
Also used :
JcaX509ExtensionUtils(org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils)
X509CRLEntryWrapper(org.candlepin.pki.X509CRLEntryWrapper)
CRLNumber(org.bouncycastle.asn1.x509.CRLNumber)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
ContentSigner(org.bouncycastle.operator.ContentSigner)
AuthorityKeyIdentifier(org.bouncycastle.asn1.x509.AuthorityKeyIdentifier)
IOException(java.io.IOException)
X509Certificate(java.security.cert.X509Certificate)
Date(java.util.Date)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
GeneralSecurityException(java.security.GeneralSecurityException)
IOException(java.io.IOException)
JcaX509CRLConverter(org.bouncycastle.cert.jcajce.JcaX509CRLConverter)
X509v2CRLBuilder(org.bouncycastle.cert.X509v2CRLBuilder)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
Aggregations
Date (java.util.Date)2
X509CRLEntryWrapper (org.candlepin.pki.X509CRLEntryWrapper)2
FileOutputStream (java.io.FileOutputStream)1
IOException (java.io.IOException)1
BigInteger (java.math.BigInteger)1
GeneralSecurityException (java.security.GeneralSecurityException)1
X509CRL (java.security.cert.X509CRL)1
X509Certificate (java.security.cert.X509Certificate)1
LinkedList (java.util.LinkedList)1
AuthorityKeyIdentifier (org.bouncycastle.asn1.x509.AuthorityKeyIdentifier)1
CRLNumber (org.bouncycastle.asn1.x509.CRLNumber)1
X509v2CRLBuilder (org.bouncycastle.cert.X509v2CRLBuilder)1
JcaX509CRLConverter (org.bouncycastle.cert.jcajce.JcaX509CRLConverter)1
JcaX509ExtensionUtils (org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils)1
ContentSigner (org.bouncycastle.operator.ContentSigner)1
OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)1
JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)1
