FileDocCategorySizeDatePackage
X509V2CRLGenerator.javaAPI DocAndroid 1.5 API10320Wed May 06 22:41:06 BST 2009org.bouncycastle.jce

X509V2CRLGenerator

public class X509V2CRLGenerator extends Object
class to produce an X.509 Version 2 CRL.

deprecated
use the equivalent class in org.bouncycastle.x509

Fields Summary
private SimpleDateFormat
dateF
private SimpleTimeZone
tz
private org.bouncycastle.asn1.x509.V2TBSCertListGenerator
tbsGen
private org.bouncycastle.asn1.DERObjectIdentifier
sigOID
private org.bouncycastle.asn1.x509.AlgorithmIdentifier
sigAlgId
private String
signatureAlgorithm
private Hashtable
extensions
private Vector
extOrdering
private static Hashtable
algorithms
Constructors Summary
public X509V2CRLGenerator()


    
    
        algorithms.put("MD2WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.2"));
        algorithms.put("MD2WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.2"));
        algorithms.put("MD5WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.4"));
        algorithms.put("MD5WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.4"));
        algorithms.put("SHA1WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.5"));
        algorithms.put("SHA1WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.5"));
        algorithms.put("RIPEMD160WITHRSAENCRYPTION", new DERObjectIdentifier("1.3.36.3.3.1.2"));
        algorithms.put("RIPEMD160WITHRSA", new DERObjectIdentifier("1.3.36.3.3.1.2"));
        algorithms.put("SHA1WITHDSA", new DERObjectIdentifier("1.2.840.10040.4.3"));
        algorithms.put("DSAWITHSHA1", new DERObjectIdentifier("1.2.840.10040.4.3"));
        algorithms.put("SHA1WITHECDSA", new DERObjectIdentifier("1.2.840.10045.4.1"));
        algorithms.put("ECDSAWITHSHA1", new DERObjectIdentifier("1.2.840.10045.4.1"));
    
        dateF.setTimeZone(tz);

        tbsGen = new V2TBSCertListGenerator();
    
Methods Summary
public voidaddCRLEntry(java.math.BigInteger userCertificate, java.util.Date revocationDate, int reason)
Reason being as indicated by ReasonFlags, i.e. ReasonFlags.KEY_COMPROMISE or 0 if ReasonFlags are not to be used

        tbsGen.addCRLEntry(new DERInteger(userCertificate), new DERUTCTime(dateF.format(revocationDate) + "Z"), reason);
    
public voidaddExtension(java.lang.String OID, boolean critical, byte[] value)
add a given extension field for the standard extensions tag (tag 0)

        this.addExtension(new DERObjectIdentifier(OID), critical, value);
    
public voidaddExtension(org.bouncycastle.asn1.DERObjectIdentifier OID, boolean critical, byte[] value)
add a given extension field for the standard extensions tag (tag 0)

        if (extensions == null)
        {
            extensions = new Hashtable();
            extOrdering = new Vector();
        }

        extensions.put(OID, new X509Extension(critical, new DEROctetString(value)));
        extOrdering.addElement(OID);
    
public voidaddExtension(java.lang.String OID, boolean critical, org.bouncycastle.asn1.DEREncodable value)
add a given extension field for the standard extensions tag (tag 3)

        this.addExtension(new DERObjectIdentifier(OID), critical, value);
    
public voidaddExtension(org.bouncycastle.asn1.DERObjectIdentifier OID, boolean critical, org.bouncycastle.asn1.DEREncodable value)
add a given extension field for the standard extensions tag (tag 0)

        if (extensions == null)
        {
            extensions = new Hashtable();
            extOrdering = new Vector();
        }

        ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
        DEROutputStream         dOut = new DEROutputStream(bOut);

        try
        {
            dOut.writeObject(value);
        }
        catch (IOException e)
        {
            throw new IllegalArgumentException("error encoding value: " + e);
        }

        this.addExtension(OID, critical, bOut.toByteArray());
    
public java.security.cert.X509CRLgenerateX509CRL(java.security.PrivateKey key)
generate an X509 CRL, based on the current issuer and subject using the default provider "BC".

        try
        {
            return generateX509CRL(key, "BC", null);
        }
        catch (NoSuchProviderException e)
        {
            throw new SecurityException("BC provider not installed!");
        }
    
public java.security.cert.X509CRLgenerateX509CRL(java.security.PrivateKey key, java.security.SecureRandom random)
generate an X509 CRL, based on the current issuer and subject using the default provider "BC" and an user defined SecureRandom object as source of randomness.

        try
        {
            return generateX509CRL(key, "BC", random);
        }
        catch (NoSuchProviderException e)
        {
            throw new SecurityException("BC provider not installed!");
        }
    
public java.security.cert.X509CRLgenerateX509CRL(java.security.PrivateKey key, java.lang.String provider)
generate an X509 certificate, based on the current issuer and subject using the passed in provider for the signing.

        return generateX509CRL(key, provider, null);
    
public java.security.cert.X509CRLgenerateX509CRL(java.security.PrivateKey key, java.lang.String provider, java.security.SecureRandom random)
generate an X509 CRL, based on the current issuer and subject, using the passed in provider for the signing.

        Signature sig = null;

        try
        {
            sig = Signature.getInstance(sigOID.getId(), provider);
        }
        catch (NoSuchAlgorithmException ex)
        {
            try
            {
                sig = Signature.getInstance(signatureAlgorithm, provider);
            }
            catch (NoSuchAlgorithmException e)
            {
                throw new SecurityException("exception creating signature: " + e.toString());
            }
        }

        if (random != null)
        {
            sig.initSign(key, random);
        }
        else
        {
            sig.initSign(key);
        }

        if (extensions != null)
        {
            tbsGen.setExtensions(new X509Extensions(extOrdering, extensions));
        }

        TBSCertList tbsCrl = tbsGen.generateTBSCertList();

        try
        {
            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
            DEROutputStream         dOut = new DEROutputStream(bOut);

            dOut.writeObject(tbsCrl);

            sig.update(bOut.toByteArray());
        }
        catch (Exception e)
        {
            throw new SecurityException("exception encoding TBS cert - " + e);
        }

        // Construct the CRL
        ASN1EncodableVector  v = new ASN1EncodableVector();

        v.add(tbsCrl);
        v.add(sigAlgId);
        v.add(new DERBitString(sig.sign()));

        try
        {
            return new X509CRLObject(new CertificateList(new DERSequence(v)));
        }
        catch (CRLException e)
        {
            throw new IllegalStateException("attempt to create malformed CRL: " + e.getMessage());
        }
    
public voidreset()
reset the generator

        tbsGen = new V2TBSCertListGenerator();
    
public voidsetIssuerDN(org.bouncycastle.asn1.x509.X509Name issuer)
Set the issuer distinguished name - the issuer is the entity whose private key is used to sign the certificate.

        tbsGen.setIssuer(issuer);
    
public voidsetNextUpdate(java.util.Date date)

        tbsGen.setNextUpdate(new DERUTCTime(dateF.format(date) + "Z"));
    
public voidsetSignatureAlgorithm(java.lang.String signatureAlgorithm)

        this.signatureAlgorithm = signatureAlgorithm;

        sigOID = (DERObjectIdentifier)algorithms.get(Strings.toUpperCase(signatureAlgorithm));

        if (sigOID == null)
        {
            throw new IllegalArgumentException("Unknown signature type requested");
        }

        sigAlgId = new AlgorithmIdentifier(this.sigOID, null);

        tbsGen.setSignature(sigAlgId);
    
public voidsetThisUpdate(java.util.Date date)

        tbsGen.setThisUpdate(new DERUTCTime(dateF.format(date) + "Z"));