Example 1 with X509CRLImpl
use of org.mozilla.jss.netscape.security.x509.X509CRLImpl in project jss by dogtagpki.
the class EnumerationZeroTest method buildCrl.
/**
* Build a CRL using JSS
* @param useZero whether or not to try creating a CRLEntry with the reason set to "unspecified"
* @return an X509CRL object
* @throws Exception if anything goes wrong
*/
public static X509CRL buildCrl(boolean useZero) throws Exception {
KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");
generator.initialize(2048);
KeyPair kp = generator.generateKeyPair();
List<RevokedCertificate> revokedCerts = new ArrayList<>();
for (int i = 0; i <= 10; i++) {
// 7 is an unused value in the enumeration
if (i == 7 || (i == 0 && !useZero)) {
continue;
}
CRLReasonExtension reasonExt = new CRLReasonExtension(RevocationReason.fromInt(i));
outputExtension(reasonExt);
CRLExtensions entryExtensions = new CRLExtensions();
entryExtensions.add(reasonExt);
revokedCerts.add(new RevokedCertImpl(BigInteger.valueOf(i), new Date(), entryExtensions));
}
CRLExtensions crlExtensions = new CRLExtensions();
crlExtensions.add(new CRLNumberExtension(BigInteger.ONE));
crlExtensions.add(buildAuthorityKeyIdentifier((RSAPublicKey) kp.getPublic()));
X500Name issuer = new X500Name("CN=Test");
Date now = new Date();
Calendar calendar = Calendar.getInstance();
calendar.add(Calendar.DAY_OF_MONTH, 365);
Date until = calendar.getTime();
X509CRLImpl crlImpl = new X509CRLImpl(issuer, now, until, revokedCerts.toArray(new RevokedCertificate[] {}), crlExtensions);
crlImpl.sign(kp.getPrivate(), "SHA256withRSA");
CertificateFactory cf = CertificateFactory.getInstance("X.509");
byte[] data = crlImpl.getEncoded();
return (X509CRL) cf.generateCRL(new ByteArrayInputStream(data));
}
Also used :
KeyPair(java.security.KeyPair)
X509CRL(java.security.cert.X509CRL)
Calendar(java.util.Calendar)
ArrayList(java.util.ArrayList)
RevokedCertificate(org.mozilla.jss.netscape.security.x509.RevokedCertificate)
KeyPairGenerator(java.security.KeyPairGenerator)
X500Name(org.mozilla.jss.netscape.security.x509.X500Name)
CertificateFactory(java.security.cert.CertificateFactory)
Date(java.util.Date)
RevokedCertImpl(org.mozilla.jss.netscape.security.x509.RevokedCertImpl)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
ByteArrayInputStream(java.io.ByteArrayInputStream)
CRLReasonExtension(org.mozilla.jss.netscape.security.x509.CRLReasonExtension)
CRLNumberExtension(org.mozilla.jss.netscape.security.x509.CRLNumberExtension)
X509CRLImpl(org.mozilla.jss.netscape.security.x509.X509CRLImpl)
CRLExtensions(org.mozilla.jss.netscape.security.x509.CRLExtensions)
Example 2 with X509CRLImpl
use of org.mozilla.jss.netscape.security.x509.X509CRLImpl in project jss by dogtagpki.
the class Cert method mapCRL.
public static X509CRL mapCRL(String mime64) throws IOException {
mime64 = stripCRLBrackets(mime64.trim());
String newval = normalizeCertStr(mime64);
// byte rawPub[] = mDecoder.decodeBuffer(newval);
byte[] rawPub = Utils.base64decode(newval);
X509CRL crl = null;
try {
crl = new X509CRLImpl(rawPub);
} catch (Exception e) {
}
return crl;
}
Also used :
X509CRL(java.security.cert.X509CRL)
X509CRLImpl(org.mozilla.jss.netscape.security.x509.X509CRLImpl)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
Example 3 with X509CRLImpl
use of org.mozilla.jss.netscape.security.x509.X509CRLImpl in project j2objc by google.
the class X509Factory method engineGenerateCRL.
/**
* Generates an X.509 certificate revocation list (CRL) object and
* initializes it with the data read from the given input stream
* <code>is</code>.
*
* @param is an input stream with the CRL data.
*
* @return an X.509 CRL object initialized with the data
* from the input stream.
*
* @exception CRLException on parsing errors.
*/
public CRL engineGenerateCRL(InputStream is) throws CRLException {
if (is == null) {
// clear the cache (for debugging)
crlCache.clear();
throw new CRLException("Missing input stream");
}
try {
byte[] encoding = readOneBlock(is);
if (encoding != null) {
X509CRLImpl crl = (X509CRLImpl) getFromCache(crlCache, encoding);
if (crl != null) {
return crl;
}
crl = new X509CRLImpl(encoding);
addToCache(crlCache, crl.getEncodedInternal(), crl);
return crl;
} else {
throw new IOException("Empty input");
}
} catch (IOException ioe) {
throw new CRLException(ioe.getMessage());
}
}
Also used :
IOException(java.io.IOException)
CRLException(java.security.cert.CRLException)
X509CRLImpl(sun.security.x509.X509CRLImpl)
Example 4 with X509CRLImpl
use of org.mozilla.jss.netscape.security.x509.X509CRLImpl in project j2objc by google.
the class X509Factory method parseX509orPKCS7CRL.
/*
* Parses the data in the given input stream as a sequence of DER encoded
* X.509 CRLs (in binary or base 64 encoded format) OR as a single PKCS#7
* encoded blob (in binary or base 64 encoded format).
*/
private Collection<? extends java.security.cert.CRL> parseX509orPKCS7CRL(InputStream is) throws CRLException, IOException {
Collection<X509CRLImpl> coll = new ArrayList<>();
byte[] data = readOneBlock(is);
if (data == null) {
return new ArrayList<>(0);
}
try {
PKCS7 pkcs7 = new PKCS7(data);
X509CRL[] crls = pkcs7.getCRLs();
// CRLs are optional in PKCS #7
if (crls != null) {
return Arrays.asList(crls);
} else {
// no crls provided
return new ArrayList<>(0);
}
} catch (ParsingException e) {
while (data != null) {
coll.add(new X509CRLImpl(data));
data = readOneBlock(is);
}
}
return coll;
}
Also used :
X509CRL(java.security.cert.X509CRL)
PKCS7(sun.security.pkcs.PKCS7)
ParsingException(sun.security.pkcs.ParsingException)
ArrayList(java.util.ArrayList)
X509CRLImpl(sun.security.x509.X509CRLImpl)
Example 5 with X509CRLImpl
use of org.mozilla.jss.netscape.security.x509.X509CRLImpl in project j2objc by google.
the class AlgorithmChecker method check.
/**
* Check the signature algorithm with the specified public key.
*
* @param key the public key to verify the CRL signature
* @param crl the target CRL
*/
static void check(PublicKey key, X509CRL crl) throws CertPathValidatorException {
X509CRLImpl x509CRLImpl = null;
try {
x509CRLImpl = X509CRLImpl.toImpl(crl);
} catch (CRLException ce) {
throw new CertPathValidatorException(ce);
}
AlgorithmId algorithmId = x509CRLImpl.getSigAlgId();
check(key, algorithmId);
}
Also used :
CertPathValidatorException(java.security.cert.CertPathValidatorException)
AlgorithmId(sun.security.x509.AlgorithmId)
X509CRLImpl(sun.security.x509.X509CRLImpl)
CRLException(java.security.cert.CRLException)
Aggregations
X509CRLImpl (sun.security.x509.X509CRLImpl)18
CRLException (java.security.cert.CRLException)10
CertificateException (java.security.cert.CertificateException)8
X509CRL (java.security.cert.X509CRL)7
X509CertImpl (sun.security.x509.X509CertImpl)6
CertificateFactory (java.security.cert.CertificateFactory)4
IOException (java.io.IOException)3
CertPathValidatorException (java.security.cert.CertPathValidatorException)3
X509CRLImpl (org.mozilla.jss.netscape.security.x509.X509CRLImpl)3
PKCS7 (sun.security.pkcs.PKCS7)3
ParsingException (sun.security.pkcs.ParsingException)3
AlgorithmId (sun.security.x509.AlgorithmId)3
ArrayList (java.util.ArrayList)2
ByteArrayInputStream (java.io.ByteArrayInputStream)1
KeyPair (java.security.KeyPair)1
KeyPairGenerator (java.security.KeyPairGenerator)1
CertificateParsingException (java.security.cert.CertificateParsingException)1
X509Certificate (java.security.cert.X509Certificate)1
RSAPublicKey (java.security.interfaces.RSAPublicKey)1
Calendar (java.util.Calendar)1
