Examples with RevokedEntry org.kse.gui.dialogs.sign.RevokedEntry used on opensource projects

Search in sources :

Example 1 with RevokedEntry

use of org.kse.gui.dialogs.sign.RevokedEntry in project keystore-explorer by kaikramer.

the class SignCrlAction method signCrl.

private X509CRL signCrl(BigInteger number, Date effectiveDate, Date nextUpdate, X509Certificate caCert, PrivateKey caPrivateKey, String signatureAlgorithm, Map<BigInteger, RevokedEntry> mapRevokedCertificate, String provider) throws NoSuchAlgorithmException, OperatorCreationException, CRLException, IOException {
    X509v2CRLBuilder crlGen = new JcaX509v2CRLBuilder(caCert.getSubjectX500Principal(), effectiveDate);
    crlGen.setNextUpdate(nextUpdate);
    if (mapRevokedCertificate != null) {
        Iterator<Map.Entry<BigInteger, RevokedEntry>> it = mapRevokedCertificate.entrySet().iterator();
        while (it.hasNext()) {
            Map.Entry<BigInteger, RevokedEntry> pair = it.next();
            RevokedEntry entry = pair.getValue();
            crlGen.addCRLEntry(entry.getUserCertificateSerial(), entry.getRevocationDate(), entry.getReason());
        }
    }
    JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils();
    crlGen.addExtension(Extension.authorityKeyIdentifier, false, extUtils.createAuthorityKeyIdentifier(caCert.getPublicKey()));
    crlGen.addExtension(Extension.cRLNumber, false, new CRLNumber(number));
    X509CRLHolder crl = crlGen.build(new JcaContentSignerBuilder(signatureAlgorithm).setProvider(provider).build(caPrivateKey));
    return new JcaX509CRLConverter().setProvider(BOUNCY_CASTLE.jce()).getCRL(crl);
}
Also used : JcaX509ExtensionUtils(org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils) CRLNumber(org.bouncycastle.asn1.x509.CRLNumber) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) JcaX509v2CRLBuilder(org.bouncycastle.cert.jcajce.JcaX509v2CRLBuilder) RevokedEntry(org.kse.gui.dialogs.sign.RevokedEntry) RevokedEntry(org.kse.gui.dialogs.sign.RevokedEntry) JcaX509CRLConverter(org.bouncycastle.cert.jcajce.JcaX509CRLConverter) X509CRLHolder(org.bouncycastle.cert.X509CRLHolder) BigInteger(java.math.BigInteger) X509v2CRLBuilder(org.bouncycastle.cert.X509v2CRLBuilder) JcaX509v2CRLBuilder(org.bouncycastle.cert.jcajce.JcaX509v2CRLBuilder) Map(java.util.Map)

Example 2 with RevokedEntry

use of org.kse.gui.dialogs.sign.RevokedEntry in project keystore-explorer by kaikramer.

the class SignCrlAction method doAction.

@Override
protected void doAction() {
    try {
        KeyStoreHistory history = kseFrame.getActiveKeyStoreHistory();
        KeyStoreState currentState = history.getCurrentState();
        String alias = kseFrame.getSelectedEntryAlias();
        Password password = getEntryPassword(alias, currentState);
        if (password == null) {
            return;
        }
        KeyStore keyStore = currentState.getKeyStore();
        String provider = BOUNCY_CASTLE.jce();
        if (history.getExplicitProvider() != null) {
            provider = history.getExplicitProvider().getName();
        }
        PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, password.toCharArray());
        X509Certificate[] certs = X509CertUtil.orderX509CertChain(X509CertUtil.convertCertificates(keyStore.getCertificateChain(alias)));
        KeyPairType keyPairType = KeyPairUtil.getKeyPairType(privateKey);
        File filePrevious = getFilePrevious(certs[0], history);
        X509CRL x509CRL = loadPreviousCrl(filePrevious, certs[0]);
        DSignCrl dSignCrl = new DSignCrl(frame, kseFrame, keyPairType, privateKey, certs[0], x509CRL);
        dSignCrl.setLocationRelativeTo(frame);
        dSignCrl.setVisible(true);
        Date effectiveDate = dSignCrl.getEffectiveDate();
        if (effectiveDate != null) {
            Date nextUpdate = dSignCrl.getNextUpdate();
            BigInteger crlNumber = dSignCrl.getCrlNumber();
            String signatureAlgorithm = dSignCrl.getSignatureType().jce();
            Map<BigInteger, RevokedEntry> mapRevoked = dSignCrl.getMapRevokedEntry();
            x509CRL = signCrl(crlNumber, effectiveDate, nextUpdate, certs[0], privateKey, signatureAlgorithm, mapRevoked, provider);
            String newFileName = X509CertUtil.getShortName(certs[0]).toLowerCase();
            DExportCrl dExportCrl = new DExportCrl(frame, newFileName);
            dExportCrl.setLocationRelativeTo(frame);
            dExportCrl.setVisible(true);
            if (dExportCrl.exportSelected()) {
                // export CRL .db
                exportFile(x509CRL, filePrevious, false);
                // export file .crl
                exportFile(x509CRL, dExportCrl.getExportFile(), dExportCrl.pemEncode());
                JOptionPane.showMessageDialog(frame, res.getString("SignCrlAction.SignCrlSuccessful.message"), res.getString("SignCrlAction.SignCrl.Title"), JOptionPane.INFORMATION_MESSAGE);
            }
        }
    } catch (Exception ex) {
        DError.displayError(frame, ex);
    }
}
Also used : KeyStoreState(org.kse.utilities.history.KeyStoreState) KeyStoreHistory(org.kse.utilities.history.KeyStoreHistory) PrivateKey(java.security.PrivateKey) X509CRL(java.security.cert.X509CRL) DExportCrl(org.kse.gui.dialogs.importexport.DExportCrl) RevokedEntry(org.kse.gui.dialogs.sign.RevokedEntry) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate) Date(java.util.Date) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) CryptoException(org.kse.crypto.CryptoException) SignatureException(java.security.SignatureException) IOException(java.io.IOException) FileNotFoundException(java.io.FileNotFoundException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) CRLException(java.security.cert.CRLException) NoSuchProviderException(java.security.NoSuchProviderException) BigInteger(java.math.BigInteger) KeyPairType(org.kse.crypto.keypair.KeyPairType) DSignCrl(org.kse.gui.dialogs.sign.DSignCrl) File(java.io.File) Password(org.kse.crypto.Password)

Aggregations

BigInteger (java.math.BigInteger)2 RevokedEntry (org.kse.gui.dialogs.sign.RevokedEntry)2 File (java.io.File)1 FileNotFoundException (java.io.FileNotFoundException)1 IOException (java.io.IOException)1 InvalidKeyException (java.security.InvalidKeyException)1 KeyStore (java.security.KeyStore)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 NoSuchProviderException (java.security.NoSuchProviderException)1 PrivateKey (java.security.PrivateKey)1 SignatureException (java.security.SignatureException)1 CRLException (java.security.cert.CRLException)1 X509CRL (java.security.cert.X509CRL)1 X509Certificate (java.security.cert.X509Certificate)1 Date (java.util.Date)1 Map (java.util.Map)1 CRLNumber (org.bouncycastle.asn1.x509.CRLNumber)1 X509CRLHolder (org.bouncycastle.cert.X509CRLHolder)1 X509v2CRLBuilder (org.bouncycastle.cert.X509v2CRLBuilder)1 JcaX509CRLConverter (org.bouncycastle.cert.jcajce.JcaX509CRLConverter)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial