X509V2CRLGeneratorpublic class X509V2CRLGenerator extends Object class to produce an X.509 Version 2 CRL.
Note: This class may be subject to change. |
Fields Summary |
---|
private SimpleDateFormat | dateF | private SimpleTimeZone | tz | private org.bouncycastle.asn1.x509.V2TBSCertListGenerator | tbsGen | private org.bouncycastle.asn1.DERObjectIdentifier | sigOID | private org.bouncycastle.asn1.x509.AlgorithmIdentifier | sigAlgId | private String | signatureAlgorithm | private Hashtable | extensions | private Vector | extOrdering | private static Hashtable | algorithms |
Constructors Summary |
---|
public X509V2CRLGenerator()
algorithms.put("MD2WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.2"));
algorithms.put("MD2WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.2"));
algorithms.put("MD5WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.4"));
algorithms.put("MD5WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.4"));
algorithms.put("SHA1WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.5"));
algorithms.put("SHA1WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.5"));
algorithms.put("RIPEMD160WITHRSAENCRYPTION", new DERObjectIdentifier("1.3.36.3.3.1.2"));
algorithms.put("RIPEMD160WITHRSA", new DERObjectIdentifier("1.3.36.3.3.1.2"));
algorithms.put("SHA1WITHDSA", new DERObjectIdentifier("1.2.840.10040.4.3"));
algorithms.put("DSAWITHSHA1", new DERObjectIdentifier("1.2.840.10040.4.3"));
algorithms.put("SHA1WITHECDSA", new DERObjectIdentifier("1.2.840.10045.4.1"));
algorithms.put("ECDSAWITHSHA1", new DERObjectIdentifier("1.2.840.10045.4.1"));
dateF.setTimeZone(tz);
tbsGen = new V2TBSCertListGenerator();
|
Methods Summary |
---|
public void | addCRLEntry(java.math.BigInteger userCertificate, java.util.Date revocationDate, int reason)Reason being as indicated by ReasonFlags, i.e. ReasonFlags.KEY_COMPROMISE
or 0 if ReasonFlags are not to be used
tbsGen.addCRLEntry(new DERInteger(userCertificate), new DERUTCTime(dateF.format(revocationDate) + "Z"), reason);
| public void | addExtension(java.lang.String OID, boolean critical, byte[] value)add a given extension field for the standard extensions tag (tag 0)
this.addExtension(new DERObjectIdentifier(OID), critical, value);
| public void | addExtension(org.bouncycastle.asn1.DERObjectIdentifier OID, boolean critical, byte[] value)add a given extension field for the standard extensions tag (tag 0)
if (extensions == null)
{
extensions = new Hashtable();
extOrdering = new Vector();
}
extensions.put(OID, new X509Extension(critical, new DEROctetString(value)));
extOrdering.addElement(OID);
| public void | addExtension(java.lang.String OID, boolean critical, org.bouncycastle.asn1.DEREncodable value)add a given extension field for the standard extensions tag (tag 3)
this.addExtension(new DERObjectIdentifier(OID), critical, value);
| public void | addExtension(org.bouncycastle.asn1.DERObjectIdentifier OID, boolean critical, org.bouncycastle.asn1.DEREncodable value)add a given extension field for the standard extensions tag (tag 0)
if (extensions == null)
{
extensions = new Hashtable();
extOrdering = new Vector();
}
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
DEROutputStream dOut = new DEROutputStream(bOut);
try
{
dOut.writeObject(value);
}
catch (IOException e)
{
throw new IllegalArgumentException("error encoding value: " + e);
}
this.addExtension(OID, critical, bOut.toByteArray());
| public java.security.cert.X509CRL | generateX509CRL(java.security.PrivateKey key)generate an X509 CRL, based on the current issuer and subject
using the default provider "BC".
try
{
return generateX509CRL(key, "BC", null);
}
catch (NoSuchProviderException e)
{
throw new SecurityException("BC provider not installed!");
}
| public java.security.cert.X509CRL | generateX509CRL(java.security.PrivateKey key, java.security.SecureRandom random)generate an X509 CRL, based on the current issuer and subject
using the default provider "BC" and an user defined SecureRandom object as
source of randomness.
try
{
return generateX509CRL(key, "BC", random);
}
catch (NoSuchProviderException e)
{
throw new SecurityException("BC provider not installed!");
}
| public java.security.cert.X509CRL | generateX509CRL(java.security.PrivateKey key, java.lang.String provider)generate an X509 certificate, based on the current issuer and subject
using the passed in provider for the signing.
return generateX509CRL(key, provider, null);
| public java.security.cert.X509CRL | generateX509CRL(java.security.PrivateKey key, java.lang.String provider, java.security.SecureRandom random)generate an X509 CRL, based on the current issuer and subject,
using the passed in provider for the signing.
Signature sig = null;
try
{
sig = Signature.getInstance(sigOID.getId(), provider);
}
catch (NoSuchAlgorithmException ex)
{
try
{
sig = Signature.getInstance(signatureAlgorithm, provider);
}
catch (NoSuchAlgorithmException e)
{
throw new SecurityException("exception creating signature: " + e.toString());
}
}
if (random != null)
{
sig.initSign(key, random);
}
else
{
sig.initSign(key);
}
if (extensions != null)
{
tbsGen.setExtensions(new X509Extensions(extOrdering, extensions));
}
TBSCertList tbsCrl = tbsGen.generateTBSCertList();
try
{
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
DEROutputStream dOut = new DEROutputStream(bOut);
dOut.writeObject(tbsCrl);
sig.update(bOut.toByteArray());
}
catch (Exception e)
{
throw new SecurityException("exception encoding TBS cert - " + e);
}
// Construct the CRL
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(tbsCrl);
v.add(sigAlgId);
v.add(new DERBitString(sig.sign()));
return new X509CRLObject(new CertificateList(new DERSequence(v)));
| public void | reset()reset the generator
tbsGen = new V2TBSCertListGenerator();
| public void | setIssuerDN(org.bouncycastle.asn1.x509.X509Name issuer)Set the issuer distinguished name - the issuer is the entity whose private key is used to sign the
certificate.
tbsGen.setIssuer(issuer);
| public void | setNextUpdate(java.util.Date date)
tbsGen.setNextUpdate(new DERUTCTime(dateF.format(date) + "Z"));
| public void | setSignatureAlgorithm(java.lang.String signatureAlgorithm)
this.signatureAlgorithm = signatureAlgorithm;
sigOID = (DERObjectIdentifier)algorithms.get(signatureAlgorithm.toUpperCase());
if (sigOID == null)
{
throw new IllegalArgumentException("Unknown signature type requested");
}
sigAlgId = new AlgorithmIdentifier(this.sigOID, null);
tbsGen.setSignature(sigAlgId);
| public void | setThisUpdate(java.util.Date date)
tbsGen.setThisUpdate(new DERUTCTime(dateF.format(date) + "Z"));
|
|