Example 1 with RevokedCertImpl
use of org.mozilla.jss.netscape.security.x509.RevokedCertImpl in project jss by dogtagpki.
the class EnumerationZeroTest method buildCrl.
/**
* Build a CRL using JSS
* @param useZero whether or not to try creating a CRLEntry with the reason set to "unspecified"
* @return an X509CRL object
* @throws Exception if anything goes wrong
*/
public static X509CRL buildCrl(boolean useZero) throws Exception {
KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");
generator.initialize(2048);
KeyPair kp = generator.generateKeyPair();
List<RevokedCertificate> revokedCerts = new ArrayList<>();
for (int i = 0; i <= 10; i++) {
// 7 is an unused value in the enumeration
if (i == 7 || (i == 0 && !useZero)) {
continue;
}
CRLReasonExtension reasonExt = new CRLReasonExtension(RevocationReason.fromInt(i));
outputExtension(reasonExt);
CRLExtensions entryExtensions = new CRLExtensions();
entryExtensions.add(reasonExt);
revokedCerts.add(new RevokedCertImpl(BigInteger.valueOf(i), new Date(), entryExtensions));
}
CRLExtensions crlExtensions = new CRLExtensions();
crlExtensions.add(new CRLNumberExtension(BigInteger.ONE));
crlExtensions.add(buildAuthorityKeyIdentifier((RSAPublicKey) kp.getPublic()));
X500Name issuer = new X500Name("CN=Test");
Date now = new Date();
Calendar calendar = Calendar.getInstance();
calendar.add(Calendar.DAY_OF_MONTH, 365);
Date until = calendar.getTime();
X509CRLImpl crlImpl = new X509CRLImpl(issuer, now, until, revokedCerts.toArray(new RevokedCertificate[] {}), crlExtensions);
crlImpl.sign(kp.getPrivate(), "SHA256withRSA");
CertificateFactory cf = CertificateFactory.getInstance("X.509");
byte[] data = crlImpl.getEncoded();
return (X509CRL) cf.generateCRL(new ByteArrayInputStream(data));
}
Also used :
KeyPair(java.security.KeyPair)
X509CRL(java.security.cert.X509CRL)
Calendar(java.util.Calendar)
ArrayList(java.util.ArrayList)
RevokedCertificate(org.mozilla.jss.netscape.security.x509.RevokedCertificate)
KeyPairGenerator(java.security.KeyPairGenerator)
X500Name(org.mozilla.jss.netscape.security.x509.X500Name)
CertificateFactory(java.security.cert.CertificateFactory)
Date(java.util.Date)
RevokedCertImpl(org.mozilla.jss.netscape.security.x509.RevokedCertImpl)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
ByteArrayInputStream(java.io.ByteArrayInputStream)
CRLReasonExtension(org.mozilla.jss.netscape.security.x509.CRLReasonExtension)
CRLNumberExtension(org.mozilla.jss.netscape.security.x509.CRLNumberExtension)
X509CRLImpl(org.mozilla.jss.netscape.security.x509.X509CRLImpl)
CRLExtensions(org.mozilla.jss.netscape.security.x509.CRLExtensions)
Aggregations
ByteArrayInputStream (java.io.ByteArrayInputStream)1
KeyPair (java.security.KeyPair)1
KeyPairGenerator (java.security.KeyPairGenerator)1
CertificateFactory (java.security.cert.CertificateFactory)1
X509CRL (java.security.cert.X509CRL)1
RSAPublicKey (java.security.interfaces.RSAPublicKey)1
ArrayList (java.util.ArrayList)1
Calendar (java.util.Calendar)1
Date (java.util.Date)1
CRLExtensions (org.mozilla.jss.netscape.security.x509.CRLExtensions)1
CRLNumberExtension (org.mozilla.jss.netscape.security.x509.CRLNumberExtension)1
CRLReasonExtension (org.mozilla.jss.netscape.security.x509.CRLReasonExtension)1
RevokedCertImpl (org.mozilla.jss.netscape.security.x509.RevokedCertImpl)1
RevokedCertificate (org.mozilla.jss.netscape.security.x509.RevokedCertificate)1
X500Name (org.mozilla.jss.netscape.security.x509.X500Name)1
X509CRLImpl (org.mozilla.jss.netscape.security.x509.X509CRLImpl)1
