org.bouncycastle.x509.X509V2CRLGenerator Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of bcprov-ext-debug-jdk18on Show documentation
Show all versions of bcprov-ext-debug-jdk18on Show documentation
The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for Java 1.8 and later with debug enabled.
The newest version!
package org.bouncycastle.x509;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.cert.CRLException;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.util.Date;
import java.util.Iterator;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1GeneralizedTime;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.CertificateList;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.TBSCertList;
import org.bouncycastle.asn1.x509.Time;
import org.bouncycastle.asn1.x509.V2TBSCertListGenerator;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.asn1.x509.X509ExtensionsGenerator;
import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.jcajce.util.BCJcaJceHelper;
import org.bouncycastle.jcajce.util.JcaJceHelper;
import org.bouncycastle.jce.X509Principal;
import org.bouncycastle.jce.provider.X509CRLObject;
/**
* class to produce an X.509 Version 2 CRL.
* @deprecated use org.bouncycastle.cert.X509v2CRLBuilder.
*/
public class X509V2CRLGenerator
{
private final JcaJceHelper bcHelper = new BCJcaJceHelper(); // needed to force provider loading
private V2TBSCertListGenerator tbsGen;
private ASN1ObjectIdentifier sigOID;
private AlgorithmIdentifier sigAlgId;
private String signatureAlgorithm;
private X509ExtensionsGenerator extGenerator;
public X509V2CRLGenerator()
{
tbsGen = new V2TBSCertListGenerator();
extGenerator = new X509ExtensionsGenerator();
}
/**
* reset the generator
*/
public void reset()
{
tbsGen = new V2TBSCertListGenerator();
extGenerator.reset();
}
/**
* Set the issuer distinguished name - the issuer is the entity whose private key is used to sign the
* certificate.
*/
public void setIssuerDN(
X500Principal issuer)
{
try
{
tbsGen.setIssuer(new X509Principal(issuer.getEncoded()));
}
catch (IOException e)
{
throw new IllegalArgumentException("can't process principal: " + e);
}
}
/**
* Set the issuer distinguished name - the issuer is the entity whose private key is used to sign the
* certificate.
*/
public void setIssuerDN(
X509Name issuer)
{
tbsGen.setIssuer(issuer);
}
public void setThisUpdate(
Date date)
{
tbsGen.setThisUpdate(new Time(date));
}
public void setNextUpdate(
Date date)
{
tbsGen.setNextUpdate(new Time(date));
}
/**
* Reason being as indicated by CRLReason, i.e. CRLReason.keyCompromise
* or 0 if CRLReason is not to be used
**/
public void addCRLEntry(BigInteger userCertificate, Date revocationDate, int reason)
{
tbsGen.addCRLEntry(new ASN1Integer(userCertificate), new Time(revocationDate), reason);
}
/**
* Add a CRL entry with an Invalidity Date extension as well as a CRLReason extension.
* Reason being as indicated by CRLReason, i.e. CRLReason.keyCompromise
* or 0 if CRLReason is not to be used
**/
public void addCRLEntry(BigInteger userCertificate, Date revocationDate, int reason, Date invalidityDate)
{
tbsGen.addCRLEntry(new ASN1Integer(userCertificate), new Time(revocationDate), reason, new ASN1GeneralizedTime(invalidityDate));
}
/**
* Add a CRL entry with extensions.
**/
public void addCRLEntry(BigInteger userCertificate, Date revocationDate, X509Extensions extensions)
{
tbsGen.addCRLEntry(new ASN1Integer(userCertificate), new Time(revocationDate), Extensions.getInstance(extensions));
}
/**
* Add the CRLEntry objects contained in a previous CRL.
*
* @param other the X509CRL to source the other entries from.
*/
public void addCRL(X509CRL other)
throws CRLException
{
Set revocations = other.getRevokedCertificates();
if (revocations != null)
{
Iterator it = revocations.iterator();
while (it.hasNext())
{
X509CRLEntry entry = (X509CRLEntry)it.next();
ASN1InputStream aIn = new ASN1InputStream(entry.getEncoded());
try
{
tbsGen.addCRLEntry(ASN1Sequence.getInstance(aIn.readObject()));
}
catch (IOException e)
{
throw new CRLException("exception processing encoding of CRL: " + e.toString());
}
}
}
}
/**
* Set the signature algorithm. This can be either a name or an OID, names
* are treated as case insensitive.
*
* @param signatureAlgorithm string representation of the algorithm name.
*/
public void setSignatureAlgorithm(
String signatureAlgorithm)
{
this.signatureAlgorithm = signatureAlgorithm;
try
{
sigOID = X509Util.getAlgorithmOID(signatureAlgorithm);
}
catch (Exception e)
{
throw new IllegalArgumentException("Unknown signature type requested");
}
sigAlgId = X509Util.getSigAlgID(sigOID, signatureAlgorithm);
tbsGen.setSignature(sigAlgId);
}
/**
* add a given extension field for the standard extensions tag (tag 0)
*/
public void addExtension(
String oid,
boolean critical,
ASN1Encodable value)
{
this.addExtension(new ASN1ObjectIdentifier(oid), critical, value);
}
/**
* add a given extension field for the standard extensions tag (tag 0)
*/
public void addExtension(
ASN1ObjectIdentifier oid,
boolean critical,
ASN1Encodable value)
{
extGenerator.addExtension(new ASN1ObjectIdentifier(oid.getId()), critical, value);
}
/**
* add a given extension field for the standard extensions tag (tag 0)
*/
public void addExtension(
String oid,
boolean critical,
byte[] value)
{
this.addExtension(new ASN1ObjectIdentifier(oid), critical, value);
}
/**
* add a given extension field for the standard extensions tag (tag 0)
*/
public void addExtension(
ASN1ObjectIdentifier oid,
boolean critical,
byte[] value)
{
extGenerator.addExtension(new ASN1ObjectIdentifier(oid.getId()), critical, value);
}
/**
* generate an X509 CRL, based on the current issuer and subject
* using the default provider "BC".
* @deprecated use generate(key, "BC")
*/
public X509CRL generateX509CRL(
PrivateKey key)
throws SecurityException, SignatureException, InvalidKeyException
{
try
{
return generateX509CRL(key, "BC", null);
}
catch (NoSuchProviderException e)
{
throw new SecurityException("BC provider not installed!");
}
}
/**
* generate an X509 CRL, based on the current issuer and subject
* using the default provider "BC" and an user defined SecureRandom object as
* source of randomness.
* @deprecated use generate(key, random, "BC")
*/
public X509CRL generateX509CRL(
PrivateKey key,
SecureRandom random)
throws SecurityException, SignatureException, InvalidKeyException
{
try
{
return generateX509CRL(key, "BC", random);
}
catch (NoSuchProviderException e)
{
throw new SecurityException("BC provider not installed!");
}
}
/**
* generate an X509 certificate, based on the current issuer and subject
* using the passed in provider for the signing.
* @deprecated use generate()
*/
public X509CRL generateX509CRL(
PrivateKey key,
String provider)
throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException
{
return generateX509CRL(key, provider, null);
}
/**
* generate an X509 CRL, based on the current issuer and subject,
* using the passed in provider for the signing.
* @deprecated use generate()
*/
public X509CRL generateX509CRL(
PrivateKey key,
String provider,
SecureRandom random)
throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException
{
try
{
return generate(key, provider, random);
}
catch (NoSuchProviderException e)
{
throw e;
}
catch (SignatureException e)
{
throw e;
}
catch (InvalidKeyException e)
{
throw e;
}
catch (GeneralSecurityException e)
{
throw new SecurityException("exception: " + e);
}
}
/**
* generate an X509 CRL, based on the current issuer and subject
* using the default provider.
*
* Note: this differs from the deprecated method in that the default provider is
* used - not "BC".
*
*/
public X509CRL generate(
PrivateKey key)
throws CRLException, IllegalStateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException
{
return generate(key, (SecureRandom)null);
}
/**
* generate an X509 CRL, based on the current issuer and subject
* using the default provider and an user defined SecureRandom object as
* source of randomness.
*
* Note: this differs from the deprecated method in that the default provider is
* used - not "BC".
*
*/
public X509CRL generate(
PrivateKey key,
SecureRandom random)
throws CRLException, IllegalStateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException
{
TBSCertList tbsCrl = generateCertList();
byte[] signature;
try
{
signature = X509Util.calculateSignature(sigOID, signatureAlgorithm, key, random, tbsCrl);
}
catch (IOException e)
{
throw new ExtCRLException("cannot generate CRL encoding", e);
}
return generateJcaObject(tbsCrl, signature);
}
/**
* generate an X509 certificate, based on the current issuer and subject
* using the passed in provider for the signing.
*/
public X509CRL generate(
PrivateKey key,
String provider)
throws CRLException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException
{
return generate(key, provider, null);
}
/**
* generate an X509 CRL, based on the current issuer and subject,
* using the passed in provider for the signing.
*/
public X509CRL generate(
PrivateKey key,
String provider,
SecureRandom random)
throws CRLException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException
{
TBSCertList tbsCrl = generateCertList();
byte[] signature;
try
{
signature = X509Util.calculateSignature(sigOID, signatureAlgorithm, provider, key, random, tbsCrl);
}
catch (IOException e)
{
throw new ExtCRLException("cannot generate CRL encoding", e);
}
return generateJcaObject(tbsCrl, signature);
}
private TBSCertList generateCertList()
{
if (!extGenerator.isEmpty())
{
tbsGen.setExtensions(extGenerator.generate());
}
return tbsGen.generateTBSCertList();
}
private X509CRL generateJcaObject(TBSCertList tbsCrl, byte[] signature)
throws CRLException
{
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(tbsCrl);
v.add(sigAlgId);
v.add(new DERBitString(signature));
return new X509CRLObject(CertificateList.getInstance(new DERSequence(v)));
}
/**
* Return an iterator of the signature names supported by the generator.
*
* @return an iterator containing recognised names.
*/
public Iterator getSignatureAlgNames()
{
return X509Util.getAlgNames();
}
private static class ExtCRLException
extends CRLException
{
Throwable cause;
ExtCRLException(String message, Throwable cause)
{
super(message);
this.cause = cause;
}
public Throwable getCause()
{
return cause;
}
}
}