Search in sources :

Example 1 with X509CRLEntryWrapper

use of org.candlepin.pki.X509CRLEntryWrapper in project candlepin by candlepin.

the class CrlFileUtil method initializeCRLFile.

/**
 * Initializes a new CRL at the specified location
 *
 * @param file
 *  The file to initialize
 *
 * @throws IOException
 *  If an IO error occurs while initializing the CRL file
 */
public void initializeCRLFile(File file, Collection<BigInteger> revoke) throws IOException {
    FileOutputStream output = null;
    List<X509CRLEntryWrapper> entries = new LinkedList<>();
    for (BigInteger serial : revoke) {
        entries.add(new X509CRLEntryWrapper(serial, new Date()));
    }
    X509CRL crl = this.pkiUtility.createX509CRL(entries, BigInteger.ONE);
    try {
        output = new FileOutputStream(file);
        this.pkiUtility.writePemEncoded(crl, output);
    } finally {
        IOUtils.closeQuietly(output);
    }
}
Also used : X509CRL(java.security.cert.X509CRL) X509CRLEntryWrapper(org.candlepin.pki.X509CRLEntryWrapper) FileOutputStream(java.io.FileOutputStream) BigInteger(java.math.BigInteger) LinkedList(java.util.LinkedList) Date(java.util.Date)

Example 2 with X509CRLEntryWrapper

use of org.candlepin.pki.X509CRLEntryWrapper in project candlepin by candlepin.

the class BouncyCastlePKIUtility method createX509CRL.

@Override
public X509CRL createX509CRL(List<X509CRLEntryWrapper> entries, BigInteger crlNumber) {
    try {
        X509Certificate caCert = reader.getCACert();
        X509v2CRLBuilder generator = new X509v2CRLBuilder(X500Name.getInstance(caCert.getIssuerX500Principal().getEncoded()), new Date());
        generator.setNextUpdate(Util.addDaysToDt(config.getInt(ConfigProperties.CRL_NEXT_UPDATE_DELTA)));
        // add all the CRL entries.
        for (X509CRLEntryWrapper entry : entries) {
            generator.addCRLEntry(entry.getSerialNumber(), entry.getRevocationDate(), CRLReason.privilegeWithdrawn);
        }
        log.info("Completed adding CRL numbers to the certificate.");
        JcaX509ExtensionUtils extentionUtil = new JcaX509ExtensionUtils();
        AuthorityKeyIdentifier aki = extentionUtil.createAuthorityKeyIdentifier(caCert);
        generator.addExtension(Extension.authorityKeyIdentifier, false, aki.getEncoded());
        generator.addExtension(Extension.cRLNumber, false, new CRLNumber(crlNumber));
        JcaContentSignerBuilder builder = new JcaContentSignerBuilder(SIGNATURE_ALGO).setProvider(BC_PROVIDER);
        ContentSigner signer;
        try {
            signer = builder.build(reader.getCaKey());
        } catch (OperatorCreationException e) {
            throw new IOException(e);
        }
        return new JcaX509CRLConverter().getCRL(generator.build(signer));
    } catch (Exception e) {
        throw new RuntimeException(e);
    }
}
Also used : JcaX509ExtensionUtils(org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils) X509CRLEntryWrapper(org.candlepin.pki.X509CRLEntryWrapper) CRLNumber(org.bouncycastle.asn1.x509.CRLNumber) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ContentSigner(org.bouncycastle.operator.ContentSigner) AuthorityKeyIdentifier(org.bouncycastle.asn1.x509.AuthorityKeyIdentifier) IOException(java.io.IOException) X509Certificate(java.security.cert.X509Certificate) Date(java.util.Date) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) GeneralSecurityException(java.security.GeneralSecurityException) IOException(java.io.IOException) JcaX509CRLConverter(org.bouncycastle.cert.jcajce.JcaX509CRLConverter) X509v2CRLBuilder(org.bouncycastle.cert.X509v2CRLBuilder) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)

Aggregations

Date (java.util.Date)2 X509CRLEntryWrapper (org.candlepin.pki.X509CRLEntryWrapper)2 FileOutputStream (java.io.FileOutputStream)1 IOException (java.io.IOException)1 BigInteger (java.math.BigInteger)1 GeneralSecurityException (java.security.GeneralSecurityException)1 X509CRL (java.security.cert.X509CRL)1 X509Certificate (java.security.cert.X509Certificate)1 LinkedList (java.util.LinkedList)1 AuthorityKeyIdentifier (org.bouncycastle.asn1.x509.AuthorityKeyIdentifier)1 CRLNumber (org.bouncycastle.asn1.x509.CRLNumber)1 X509v2CRLBuilder (org.bouncycastle.cert.X509v2CRLBuilder)1 JcaX509CRLConverter (org.bouncycastle.cert.jcajce.JcaX509CRLConverter)1 JcaX509ExtensionUtils (org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils)1 ContentSigner (org.bouncycastle.operator.ContentSigner)1 OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)1 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)1