Search in sources :

Example 1 with RevokedCertificate

use of org.mozilla.jss.netscape.security.x509.RevokedCertificate in project jss by dogtagpki.

the class EnumerationZeroTest method buildCrl.

/**
 * Build a CRL using JSS
 * @param useZero whether or not to try creating a CRLEntry with the reason set to "unspecified"
 * @return an X509CRL object
 * @throws Exception if anything goes wrong
 */
public static X509CRL buildCrl(boolean useZero) throws Exception {
    KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");
    generator.initialize(2048);
    KeyPair kp = generator.generateKeyPair();
    List<RevokedCertificate> revokedCerts = new ArrayList<>();
    for (int i = 0; i <= 10; i++) {
        // 7 is an unused value in the enumeration
        if (i == 7 || (i == 0 && !useZero)) {
            continue;
        }
        CRLReasonExtension reasonExt = new CRLReasonExtension(RevocationReason.fromInt(i));
        outputExtension(reasonExt);
        CRLExtensions entryExtensions = new CRLExtensions();
        entryExtensions.add(reasonExt);
        revokedCerts.add(new RevokedCertImpl(BigInteger.valueOf(i), new Date(), entryExtensions));
    }
    CRLExtensions crlExtensions = new CRLExtensions();
    crlExtensions.add(new CRLNumberExtension(BigInteger.ONE));
    crlExtensions.add(buildAuthorityKeyIdentifier((RSAPublicKey) kp.getPublic()));
    X500Name issuer = new X500Name("CN=Test");
    Date now = new Date();
    Calendar calendar = Calendar.getInstance();
    calendar.add(Calendar.DAY_OF_MONTH, 365);
    Date until = calendar.getTime();
    X509CRLImpl crlImpl = new X509CRLImpl(issuer, now, until, revokedCerts.toArray(new RevokedCertificate[] {}), crlExtensions);
    crlImpl.sign(kp.getPrivate(), "SHA256withRSA");
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    byte[] data = crlImpl.getEncoded();
    return (X509CRL) cf.generateCRL(new ByteArrayInputStream(data));
}
Also used : KeyPair(java.security.KeyPair) X509CRL(java.security.cert.X509CRL) Calendar(java.util.Calendar) ArrayList(java.util.ArrayList) RevokedCertificate(org.mozilla.jss.netscape.security.x509.RevokedCertificate) KeyPairGenerator(java.security.KeyPairGenerator) X500Name(org.mozilla.jss.netscape.security.x509.X500Name) CertificateFactory(java.security.cert.CertificateFactory) Date(java.util.Date) RevokedCertImpl(org.mozilla.jss.netscape.security.x509.RevokedCertImpl) RSAPublicKey(java.security.interfaces.RSAPublicKey) ByteArrayInputStream(java.io.ByteArrayInputStream) CRLReasonExtension(org.mozilla.jss.netscape.security.x509.CRLReasonExtension) CRLNumberExtension(org.mozilla.jss.netscape.security.x509.CRLNumberExtension) X509CRLImpl(org.mozilla.jss.netscape.security.x509.X509CRLImpl) CRLExtensions(org.mozilla.jss.netscape.security.x509.CRLExtensions)

Example 2 with RevokedCertificate

use of org.mozilla.jss.netscape.security.x509.RevokedCertificate in project jss by dogtagpki.

the class CrlPrettyPrint method toString.

public String toString(Locale clientLocale, long crlSize, long pageStart, long pageSize) {
    // get I18N resources
    ResourceBundle resource = ResourceBundle.getBundle(PrettyPrintResources.class.getName());
    DateFormat dateFormater = DateFormat.getDateTimeInstance(DateFormat.FULL, DateFormat.FULL, clientLocale);
    // get timezone and timezone ID
    String tz = " ";
    String tzid = " ";
    StringBuffer sb = new StringBuffer();
    try {
        sb.append(pp.indent(4) + resource.getString(PrettyPrintResources.TOKEN_CRL) + "\n");
        sb.append(pp.indent(8) + resource.getString(PrettyPrintResources.TOKEN_DATA) + "\n");
        sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_VERSION) + " v");
        sb.append((mCRL.getVersion() + 1) + "\n");
        sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_SIGALG) + mCRL.getSigAlgName() + " - " + mCRL.getSigAlgOID() + "\n");
        sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_ISSUER) + mCRL.getIssuerDN().toString() + "\n");
        // Format thisUpdate
        String thisUpdate = dateFormater.format(mCRL.getThisUpdate());
        // get timezone and timezone ID
        if (TimeZone.getDefault() != null) {
            tz = TimeZone.getDefault().getDisplayName(TimeZone.getDefault().inDaylightTime(mCRL.getThisUpdate()), TimeZone.SHORT, clientLocale);
            tzid = TimeZone.getDefault().getID();
        }
        // Specify ThisUpdate
        if (tz.equals(tzid) || tzid.equals(CUSTOM_LOCALE)) {
            // Do NOT append timezone ID
            sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_THIS_UPDATE) + thisUpdate + "\n");
        } else {
            // Append timezone ID
            sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_THIS_UPDATE) + thisUpdate + " " + tzid + "\n");
        }
        // Check for presence of NextUpdate
        if (mCRL.getNextUpdate() != null) {
            // Format nextUpdate
            String nextUpdate = dateFormater.format(mCRL.getNextUpdate());
            // re-get timezone (just in case it is different . . .)
            if (TimeZone.getDefault() != null) {
                tz = TimeZone.getDefault().getDisplayName(TimeZone.getDefault().inDaylightTime(mCRL.getNextUpdate()), TimeZone.SHORT, clientLocale);
            }
            // Specify NextUpdate
            if (tz.equals(tzid) || tzid.equals(CUSTOM_LOCALE)) {
                // Do NOT append timezone ID
                sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_NEXT_UPDATE) + nextUpdate + "\n");
            } else {
                // Append timezone ID
                sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_NEXT_UPDATE) + nextUpdate + " " + tzid + "\n");
            }
        }
        if (crlSize > 0 && pageStart == 0 && pageSize == 0) {
            sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_REVOKED_CERTIFICATES) + crlSize + "\n");
        } else if ((crlSize == 0 && pageStart == 0 && pageSize == 0) || (crlSize > 0 && pageStart > 0 && pageSize > 0)) {
            sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_REVOKED_CERTIFICATES));
            if (crlSize > 0 && pageStart > 0 && pageSize > 0) {
                long upperLimit = (pageStart + pageSize - 1 > crlSize) ? crlSize : pageStart + pageSize - 1;
                sb.append("" + pageStart + "-" + upperLimit + " of " + crlSize);
            }
            sb.append("\n");
            Set<RevokedCertificate> revokedCerts = mCRL.getRevokedCertificates();
            if (revokedCerts != null) {
                Iterator<RevokedCertificate> i = revokedCerts.iterator();
                long l = 1;
                while ((i.hasNext()) && ((crlSize == 0) || (pageStart + pageSize > l))) {
                    RevokedCertificate revokedCert = i.next();
                    if ((crlSize == 0) || ((pageStart <= l) && (pageStart + pageSize > l))) {
                        sb.append(pp.indent(16) + resource.getString(PrettyPrintResources.TOKEN_SERIAL) + "0x" + revokedCert.getSerialNumber().toString(16).toUpperCase() + "\n");
                        String revocationDate = dateFormater.format(revokedCert.getRevocationDate());
                        // (just in case it is different . . .)
                        if (TimeZone.getDefault() != null) {
                            tz = TimeZone.getDefault().getDisplayName(TimeZone.getDefault().inDaylightTime(revokedCert.getRevocationDate()), TimeZone.SHORT, clientLocale);
                        }
                        // Specify revocationDate
                        if (tz.equals(tzid) || tzid.equals(CUSTOM_LOCALE)) {
                            // Do NOT append timezone ID
                            sb.append(pp.indent(16) + resource.getString(PrettyPrintResources.TOKEN_REVOCATION_DATE) + revocationDate + "\n");
                        } else {
                            // Append timezone ID
                            sb.append(pp.indent(16) + resource.getString(PrettyPrintResources.TOKEN_REVOCATION_DATE) + revocationDate + " " + tzid + "\n");
                        }
                        if (revokedCert.hasExtensions()) {
                            sb.append(pp.indent(16) + resource.getString(PrettyPrintResources.TOKEN_EXTENSIONS) + "\n");
                            CRLExtensions crlExtensions = revokedCert.getExtensions();
                            if (crlExtensions != null) {
                                for (int k = 0; k < crlExtensions.size(); k++) {
                                    Extension ext = crlExtensions.elementAt(k);
                                    ExtPrettyPrint extpp = new ExtPrettyPrint(ext, 20);
                                    sb.append(extpp.toString());
                                }
                            }
                        }
                    }
                    l++;
                }
            }
        }
        CRLExtensions crlExtensions = mCRL.getExtensions();
        if (crlExtensions != null) {
            sb.append(pp.indent(8) + resource.getString(PrettyPrintResources.TOKEN_EXTENSIONS) + "\n");
            for (int k = 0; k < crlExtensions.size(); k++) {
                Extension ext = crlExtensions.elementAt(k);
                ExtPrettyPrint extpp = new ExtPrettyPrint(ext, 12);
                sb.append(extpp.toString());
            }
        }
        // take care of signature
        sb.append(pp.indent(8) + resource.getString(PrettyPrintResources.TOKEN_SIGNATURE) + "\n");
        // XXX I18N Algorithm Name ?
        sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_ALGORITHM) + mCRL.getSigAlgName() + " - " + mCRL.getSigAlgOID() + "\n");
        sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_SIGNATURE) + "\n");
        sb.append(pp.toHexString(mCRL.getSignature(), 16, 16));
    } catch (Exception e) {
        sb.append("\n\n" + pp.indent(4) + resource.getString(PrettyPrintResources.TOKEN_DECODING_ERROR) + "\n\n");
        e.printStackTrace();
    }
    return sb.toString();
}
Also used : Set(java.util.Set) RevokedCertificate(org.mozilla.jss.netscape.security.x509.RevokedCertificate) Extension(org.mozilla.jss.netscape.security.x509.Extension) DateFormat(java.text.DateFormat) Iterator(java.util.Iterator) ResourceBundle(java.util.ResourceBundle) CRLExtensions(org.mozilla.jss.netscape.security.x509.CRLExtensions)

Aggregations

CRLExtensions (org.mozilla.jss.netscape.security.x509.CRLExtensions)2 RevokedCertificate (org.mozilla.jss.netscape.security.x509.RevokedCertificate)2 ByteArrayInputStream (java.io.ByteArrayInputStream)1 KeyPair (java.security.KeyPair)1 KeyPairGenerator (java.security.KeyPairGenerator)1 CertificateFactory (java.security.cert.CertificateFactory)1 X509CRL (java.security.cert.X509CRL)1 RSAPublicKey (java.security.interfaces.RSAPublicKey)1 DateFormat (java.text.DateFormat)1 ArrayList (java.util.ArrayList)1 Calendar (java.util.Calendar)1 Date (java.util.Date)1 Iterator (java.util.Iterator)1 ResourceBundle (java.util.ResourceBundle)1 Set (java.util.Set)1 CRLNumberExtension (org.mozilla.jss.netscape.security.x509.CRLNumberExtension)1 CRLReasonExtension (org.mozilla.jss.netscape.security.x509.CRLReasonExtension)1 Extension (org.mozilla.jss.netscape.security.x509.Extension)1 RevokedCertImpl (org.mozilla.jss.netscape.security.x509.RevokedCertImpl)1 X500Name (org.mozilla.jss.netscape.security.x509.X500Name)1