/** * generate an X509 CRL, based on the current issuer and subject * using the default provider and an user defined SecureRandom object as * source of randomness. * <p> * <b>Note:</b> this differs from the deprecated method in that the default provider is * used - not "BC". * </p> */ public X509CRL generate( PrivateKey key, SecureRandom random) throws CRLException, IllegalStateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException { TBSCertList tbsCrl = generateCertList(); byte[] signature; try { signature = X509Util.calculateSignature(sigOID, signatureAlgorithm, key, random, tbsCrl); } catch (IOException e) { throw new ExtCRLException("cannot generate CRL encoding", e); } return generateJcaObject(tbsCrl, signature); }
/** * generate an X509 CRL, based on the current issuer and subject, * using the passed in provider for the signing. */ public X509CRL generate( PrivateKey key, String provider, SecureRandom random) throws CRLException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException { TBSCertList tbsCrl = generateCertList(); byte[] signature; try { signature = X509Util.calculateSignature(sigOID, signatureAlgorithm, provider, key, random, tbsCrl); } catch (IOException e) { throw new ExtCRLException("cannot generate CRL encoding", e); } return generateJcaObject(tbsCrl, signature); }
/** * Add the CRLEntry objects contained in a previous CRL. * * @param other the X509CRLHolder to source the other entries from. * @return the current builder. */ public X509v2CRLBuilder addCRL(X509CRLHolder other) { TBSCertList revocations = other.toASN1Structure().getTBSCertList(); if (revocations != null) { for (Enumeration en = revocations.getRevokedCertificateEnumeration(); en.hasMoreElements();) { tbsGen.addCRLEntry(ASN1Sequence.getInstance(((ASN1Encodable)en.nextElement()).toASN1Primitive())); } } return this; }
public X509CRLEntryHolder getRevokedCertificate(BigInteger serialNumber) { GeneralNames currentCA = issuerName; for (Enumeration en = x509CRL.getRevokedCertificateEnumeration(); en.hasMoreElements();) { TBSCertList.CRLEntry entry = (TBSCertList.CRLEntry)en.nextElement(); if (entry.getUserCertificate().getValue().equals(serialNumber)) { return new X509CRLEntryHolder(entry, isIndirect, currentCA); } if (isIndirect && entry.hasExtensions()) { Extension currentCaName = entry.getExtensions().getExtension(Extension.certificateIssuer); if (currentCaName != null) { currentCA = GeneralNames.getInstance(currentCaName.getParsedValue()); } } } return null; }
/** * Return a collection of X509CRLEntryHolder objects, giving the details of the * revoked certificates that appear on this CRL. * * @return the revoked certificates as a collection of X509CRLEntryHolder objects. */ public Collection getRevokedCertificates() { TBSCertList.CRLEntry[] entries = x509CRL.getRevokedCertificates(); List l = new ArrayList(entries.length); GeneralNames currentCA = issuerName; for (Enumeration en = x509CRL.getRevokedCertificateEnumeration(); en.hasMoreElements();) { TBSCertList.CRLEntry entry = (TBSCertList.CRLEntry)en.nextElement(); X509CRLEntryHolder crlEntry = new X509CRLEntryHolder(entry, isIndirect, currentCA); l.add(crlEntry); currentCA = crlEntry.getCertificateIssuer(); } return l; }
/** * return the issuer of the given CRL as an X509PrincipalObject. */ public static X509Principal getIssuerX509Principal( X509CRL crl) throws CRLException { try { TBSCertList tbsCertList = TBSCertList.getInstance( ASN1Primitive.fromByteArray(crl.getTBSCertList())); return new X509Principal(X509Name.getInstance(tbsCertList.getIssuer())); } catch (IOException e) { throw new CRLException(e.toString()); } }
private Set loadCRLEntries() { Set entrySet = new HashSet(); Enumeration certs = c.getRevokedCertificateEnumeration(); X500Name previousCertificateIssuer = null; // the issuer while (certs.hasMoreElements()) { TBSCertList.CRLEntry entry = (TBSCertList.CRLEntry)certs.nextElement(); X509CRLEntryObject crlEntry = new X509CRLEntryObject(entry, isIndirect, previousCertificateIssuer); entrySet.add(crlEntry); if (isIndirect && entry.hasExtensions()) { Extension currentCaName = entry.getExtensions().getExtension(Extension.certificateIssuer); if (currentCaName != null) { previousCertificateIssuer = X500Name.getInstance(GeneralNames.getInstance(currentCaName.getParsedValue()).getNames()[0].getName()); } } } return entrySet; }
/** * return the issuer of the given CRL as an X509PrincipalObject. */ public static X509Principal getIssuerX509Principal( X509CRL crl) throws CRLException { try { ByteArrayInputStream bIn = new ByteArrayInputStream( crl.getTBSCertList()); ASN1InputStream aIn = new ASN1InputStream(bIn); TBSCertList tbsCertList = new TBSCertList( (ASN1Sequence)aIn.readObject()); return new X509Principal(tbsCertList.getIssuer()); } catch (IOException e) { throw new CRLException(e.toString()); } }
public X509CRLEntry getRevokedCertificate(BigInteger serialNumber) { TBSCertList.CRLEntry[] certs = c.getRevokedCertificates(); if ( certs != null ) { for ( int i = 0; i < certs.length; i++ ) { if ( certs[i].getUserCertificate().getValue().equals(serialNumber) ) { return new X509CRLEntryObject(certs[i]); } } } return null; }
public Set getRevokedCertificates() { TBSCertList.CRLEntry[] certs = c.getRevokedCertificates(); if ( certs != null ) { HashSet set = new HashSet(); for ( int i = 0; i < certs.length; i++ ) { set.add(new X509CRLEntryObject(certs[i])); } return set; } return null; }
/** * Checks whether the given certificate is on this CRL. * * @param cert the certificate to check for. * @return true if the given certificate is on this CRL, * false otherwise. */ public boolean isRevoked(Certificate cert) { if ( !cert.getType().equals("X.509") ) { throw new RuntimeException("X.509 CRL used with non X.509 Cert"); } TBSCertList.CRLEntry[] certs = c.getRevokedCertificates(); if ( certs != null ) { BigInteger serial = ((X509Certificate)cert).getSerialNumber(); for ( int i = 0; i < certs.length; i++ ) { if ( certs[i].getUserCertificate().getValue().equals(serial) ) { return true; } } } return false; }
private Set loadCRLEntries() { Set entrySet = new HashSet(); Enumeration certs = c.getRevokedCertificateEnumeration(); X500Name previousCertificateIssuer = c.getIssuer(); while (certs.hasMoreElements()) { TBSCertList.CRLEntry entry = (TBSCertList.CRLEntry)certs.nextElement(); X509CRLEntryObject crlEntry = new X509CRLEntryObject(entry, isIndirect, previousCertificateIssuer); entrySet.add(crlEntry); if (isIndirect && entry.hasExtensions()) { Extension currentCaName = entry.getExtensions().getExtension(Extension.certificateIssuer); if (currentCaName != null) { previousCertificateIssuer = X500Name.getInstance(GeneralNames.getInstance(currentCaName.getParsedValue()).getNames()[0].getName()); } } } return entrySet; }
