use of org.candlepin.pki.X509CRLEntryWrapper in project candlepin by candlepin.
the class CrlFileUtil method initializeCRLFile.
/**
* Initializes a new CRL at the specified location
*
* @param file
* The file to initialize
*
* @throws IOException
* If an IO error occurs while initializing the CRL file
*/
public void initializeCRLFile(File file, Collection<BigInteger> revoke) throws IOException {
FileOutputStream output = null;
List<X509CRLEntryWrapper> entries = new LinkedList<>();
for (BigInteger serial : revoke) {
entries.add(new X509CRLEntryWrapper(serial, new Date()));
}
X509CRL crl = this.pkiUtility.createX509CRL(entries, BigInteger.ONE);
try {
output = new FileOutputStream(file);
this.pkiUtility.writePemEncoded(crl, output);
} finally {
IOUtils.closeQuietly(output);
}
}
use of org.candlepin.pki.X509CRLEntryWrapper in project candlepin by candlepin.
the class BouncyCastlePKIUtility method createX509CRL.
@Override
public X509CRL createX509CRL(List<X509CRLEntryWrapper> entries, BigInteger crlNumber) {
try {
X509Certificate caCert = reader.getCACert();
X509v2CRLBuilder generator = new X509v2CRLBuilder(X500Name.getInstance(caCert.getIssuerX500Principal().getEncoded()), new Date());
generator.setNextUpdate(Util.addDaysToDt(config.getInt(ConfigProperties.CRL_NEXT_UPDATE_DELTA)));
// add all the CRL entries.
for (X509CRLEntryWrapper entry : entries) {
generator.addCRLEntry(entry.getSerialNumber(), entry.getRevocationDate(), CRLReason.privilegeWithdrawn);
}
log.info("Completed adding CRL numbers to the certificate.");
JcaX509ExtensionUtils extentionUtil = new JcaX509ExtensionUtils();
AuthorityKeyIdentifier aki = extentionUtil.createAuthorityKeyIdentifier(caCert);
generator.addExtension(Extension.authorityKeyIdentifier, false, aki.getEncoded());
generator.addExtension(Extension.cRLNumber, false, new CRLNumber(crlNumber));
JcaContentSignerBuilder builder = new JcaContentSignerBuilder(SIGNATURE_ALGO).setProvider(BC_PROVIDER);
ContentSigner signer;
try {
signer = builder.build(reader.getCaKey());
} catch (OperatorCreationException e) {
throw new IOException(e);
}
return new JcaX509CRLConverter().getCRL(generator.build(signer));
} catch (Exception e) {
throw new RuntimeException(e);
}
}
Aggregations