Example 1 with RevokedCertificate
use of org.mozilla.jss.netscape.security.x509.RevokedCertificate in project jss by dogtagpki.
the class EnumerationZeroTest method buildCrl.
/**
* Build a CRL using JSS
* @param useZero whether or not to try creating a CRLEntry with the reason set to "unspecified"
* @return an X509CRL object
* @throws Exception if anything goes wrong
*/
public static X509CRL buildCrl(boolean useZero) throws Exception {
KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");
generator.initialize(2048);
KeyPair kp = generator.generateKeyPair();
List<RevokedCertificate> revokedCerts = new ArrayList<>();
for (int i = 0; i <= 10; i++) {
// 7 is an unused value in the enumeration
if (i == 7 || (i == 0 && !useZero)) {
continue;
}
CRLReasonExtension reasonExt = new CRLReasonExtension(RevocationReason.fromInt(i));
outputExtension(reasonExt);
CRLExtensions entryExtensions = new CRLExtensions();
entryExtensions.add(reasonExt);
revokedCerts.add(new RevokedCertImpl(BigInteger.valueOf(i), new Date(), entryExtensions));
}
CRLExtensions crlExtensions = new CRLExtensions();
crlExtensions.add(new CRLNumberExtension(BigInteger.ONE));
crlExtensions.add(buildAuthorityKeyIdentifier((RSAPublicKey) kp.getPublic()));
X500Name issuer = new X500Name("CN=Test");
Date now = new Date();
Calendar calendar = Calendar.getInstance();
calendar.add(Calendar.DAY_OF_MONTH, 365);
Date until = calendar.getTime();
X509CRLImpl crlImpl = new X509CRLImpl(issuer, now, until, revokedCerts.toArray(new RevokedCertificate[] {}), crlExtensions);
crlImpl.sign(kp.getPrivate(), "SHA256withRSA");
CertificateFactory cf = CertificateFactory.getInstance("X.509");
byte[] data = crlImpl.getEncoded();
return (X509CRL) cf.generateCRL(new ByteArrayInputStream(data));
}
Also used :
KeyPair(java.security.KeyPair)
X509CRL(java.security.cert.X509CRL)
Calendar(java.util.Calendar)
ArrayList(java.util.ArrayList)
RevokedCertificate(org.mozilla.jss.netscape.security.x509.RevokedCertificate)
KeyPairGenerator(java.security.KeyPairGenerator)
X500Name(org.mozilla.jss.netscape.security.x509.X500Name)
CertificateFactory(java.security.cert.CertificateFactory)
Date(java.util.Date)
RevokedCertImpl(org.mozilla.jss.netscape.security.x509.RevokedCertImpl)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
ByteArrayInputStream(java.io.ByteArrayInputStream)
CRLReasonExtension(org.mozilla.jss.netscape.security.x509.CRLReasonExtension)
CRLNumberExtension(org.mozilla.jss.netscape.security.x509.CRLNumberExtension)
X509CRLImpl(org.mozilla.jss.netscape.security.x509.X509CRLImpl)
CRLExtensions(org.mozilla.jss.netscape.security.x509.CRLExtensions)
Example 2 with RevokedCertificate
use of org.mozilla.jss.netscape.security.x509.RevokedCertificate in project jss by dogtagpki.
the class CrlPrettyPrint method toString.
public String toString(Locale clientLocale, long crlSize, long pageStart, long pageSize) {
// get I18N resources
ResourceBundle resource = ResourceBundle.getBundle(PrettyPrintResources.class.getName());
DateFormat dateFormater = DateFormat.getDateTimeInstance(DateFormat.FULL, DateFormat.FULL, clientLocale);
// get timezone and timezone ID
String tz = " ";
String tzid = " ";
StringBuffer sb = new StringBuffer();
try {
sb.append(pp.indent(4) + resource.getString(PrettyPrintResources.TOKEN_CRL) + "\n");
sb.append(pp.indent(8) + resource.getString(PrettyPrintResources.TOKEN_DATA) + "\n");
sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_VERSION) + " v");
sb.append((mCRL.getVersion() + 1) + "\n");
sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_SIGALG) + mCRL.getSigAlgName() + " - " + mCRL.getSigAlgOID() + "\n");
sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_ISSUER) + mCRL.getIssuerDN().toString() + "\n");
// Format thisUpdate
String thisUpdate = dateFormater.format(mCRL.getThisUpdate());
// get timezone and timezone ID
if (TimeZone.getDefault() != null) {
tz = TimeZone.getDefault().getDisplayName(TimeZone.getDefault().inDaylightTime(mCRL.getThisUpdate()), TimeZone.SHORT, clientLocale);
tzid = TimeZone.getDefault().getID();
}
// Specify ThisUpdate
if (tz.equals(tzid) || tzid.equals(CUSTOM_LOCALE)) {
// Do NOT append timezone ID
sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_THIS_UPDATE) + thisUpdate + "\n");
} else {
// Append timezone ID
sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_THIS_UPDATE) + thisUpdate + " " + tzid + "\n");
}
// Check for presence of NextUpdate
if (mCRL.getNextUpdate() != null) {
// Format nextUpdate
String nextUpdate = dateFormater.format(mCRL.getNextUpdate());
// re-get timezone (just in case it is different . . .)
if (TimeZone.getDefault() != null) {
tz = TimeZone.getDefault().getDisplayName(TimeZone.getDefault().inDaylightTime(mCRL.getNextUpdate()), TimeZone.SHORT, clientLocale);
}
// Specify NextUpdate
if (tz.equals(tzid) || tzid.equals(CUSTOM_LOCALE)) {
// Do NOT append timezone ID
sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_NEXT_UPDATE) + nextUpdate + "\n");
} else {
// Append timezone ID
sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_NEXT_UPDATE) + nextUpdate + " " + tzid + "\n");
}
}
if (crlSize > 0 && pageStart == 0 && pageSize == 0) {
sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_REVOKED_CERTIFICATES) + crlSize + "\n");
} else if ((crlSize == 0 && pageStart == 0 && pageSize == 0) || (crlSize > 0 && pageStart > 0 && pageSize > 0)) {
sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_REVOKED_CERTIFICATES));
if (crlSize > 0 && pageStart > 0 && pageSize > 0) {
long upperLimit = (pageStart + pageSize - 1 > crlSize) ? crlSize : pageStart + pageSize - 1;
sb.append("" + pageStart + "-" + upperLimit + " of " + crlSize);
}
sb.append("\n");
Set<RevokedCertificate> revokedCerts = mCRL.getRevokedCertificates();
if (revokedCerts != null) {
Iterator<RevokedCertificate> i = revokedCerts.iterator();
long l = 1;
while ((i.hasNext()) && ((crlSize == 0) || (pageStart + pageSize > l))) {
RevokedCertificate revokedCert = i.next();
if ((crlSize == 0) || ((pageStart <= l) && (pageStart + pageSize > l))) {
sb.append(pp.indent(16) + resource.getString(PrettyPrintResources.TOKEN_SERIAL) + "0x" + revokedCert.getSerialNumber().toString(16).toUpperCase() + "\n");
String revocationDate = dateFormater.format(revokedCert.getRevocationDate());
// (just in case it is different . . .)
if (TimeZone.getDefault() != null) {
tz = TimeZone.getDefault().getDisplayName(TimeZone.getDefault().inDaylightTime(revokedCert.getRevocationDate()), TimeZone.SHORT, clientLocale);
}
// Specify revocationDate
if (tz.equals(tzid) || tzid.equals(CUSTOM_LOCALE)) {
// Do NOT append timezone ID
sb.append(pp.indent(16) + resource.getString(PrettyPrintResources.TOKEN_REVOCATION_DATE) + revocationDate + "\n");
} else {
// Append timezone ID
sb.append(pp.indent(16) + resource.getString(PrettyPrintResources.TOKEN_REVOCATION_DATE) + revocationDate + " " + tzid + "\n");
}
if (revokedCert.hasExtensions()) {
sb.append(pp.indent(16) + resource.getString(PrettyPrintResources.TOKEN_EXTENSIONS) + "\n");
CRLExtensions crlExtensions = revokedCert.getExtensions();
if (crlExtensions != null) {
for (int k = 0; k < crlExtensions.size(); k++) {
Extension ext = crlExtensions.elementAt(k);
ExtPrettyPrint extpp = new ExtPrettyPrint(ext, 20);
sb.append(extpp.toString());
}
}
}
}
l++;
}
}
}
CRLExtensions crlExtensions = mCRL.getExtensions();
if (crlExtensions != null) {
sb.append(pp.indent(8) + resource.getString(PrettyPrintResources.TOKEN_EXTENSIONS) + "\n");
for (int k = 0; k < crlExtensions.size(); k++) {
Extension ext = crlExtensions.elementAt(k);
ExtPrettyPrint extpp = new ExtPrettyPrint(ext, 12);
sb.append(extpp.toString());
}
}
// take care of signature
sb.append(pp.indent(8) + resource.getString(PrettyPrintResources.TOKEN_SIGNATURE) + "\n");
// XXX I18N Algorithm Name ?
sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_ALGORITHM) + mCRL.getSigAlgName() + " - " + mCRL.getSigAlgOID() + "\n");
sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_SIGNATURE) + "\n");
sb.append(pp.toHexString(mCRL.getSignature(), 16, 16));
} catch (Exception e) {
sb.append("\n\n" + pp.indent(4) + resource.getString(PrettyPrintResources.TOKEN_DECODING_ERROR) + "\n\n");
e.printStackTrace();
}
return sb.toString();
}
Also used :
Set(java.util.Set)
RevokedCertificate(org.mozilla.jss.netscape.security.x509.RevokedCertificate)
Extension(org.mozilla.jss.netscape.security.x509.Extension)
DateFormat(java.text.DateFormat)
Iterator(java.util.Iterator)
ResourceBundle(java.util.ResourceBundle)
CRLExtensions(org.mozilla.jss.netscape.security.x509.CRLExtensions)
Aggregations
CRLExtensions (org.mozilla.jss.netscape.security.x509.CRLExtensions)2
RevokedCertificate (org.mozilla.jss.netscape.security.x509.RevokedCertificate)2
ByteArrayInputStream (java.io.ByteArrayInputStream)1
KeyPair (java.security.KeyPair)1
KeyPairGenerator (java.security.KeyPairGenerator)1
CertificateFactory (java.security.cert.CertificateFactory)1
X509CRL (java.security.cert.X509CRL)1
RSAPublicKey (java.security.interfaces.RSAPublicKey)1
DateFormat (java.text.DateFormat)1
ArrayList (java.util.ArrayList)1
Calendar (java.util.Calendar)1
Date (java.util.Date)1
Iterator (java.util.Iterator)1
ResourceBundle (java.util.ResourceBundle)1
Set (java.util.Set)1
CRLNumberExtension (org.mozilla.jss.netscape.security.x509.CRLNumberExtension)1
CRLReasonExtension (org.mozilla.jss.netscape.security.x509.CRLReasonExtension)1
Extension (org.mozilla.jss.netscape.security.x509.Extension)1
RevokedCertImpl (org.mozilla.jss.netscape.security.x509.RevokedCertImpl)1
X500Name (org.mozilla.jss.netscape.security.x509.X500Name)1
