本文整理汇总了Java中org.bouncycastle.cert.X509v2CRLBuilder类的典型用法代码示例。如果您正苦于以下问题:Java X509v2CRLBuilder类的具体用法?Java X509v2CRLBuilder怎么用?Java X509v2CRLBuilder使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
X509v2CRLBuilder类属于org.bouncycastle.cert包,在下文中一共展示了X509v2CRLBuilder类的14个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: generateCrl
import org.bouncycastle.cert.X509v2CRLBuilder; //导入依赖的package包/类
private X509CRL generateCrl(X509Certificate ca, PrivateKey caPrivateKey, X509Certificate... revoked) throws Exception {
X509v2CRLBuilder builder = new X509v2CRLBuilder(
new X500Name(ca.getSubjectDN().getName()),
new Date()
);
for (X509Certificate certificate : revoked) {
builder.addCRLEntry(certificate.getSerialNumber(), new Date(), CRLReason.privilegeWithdrawn);
}
JcaContentSignerBuilder contentSignerBuilder =
new JcaContentSignerBuilder("SHA256WithRSAEncryption");
contentSignerBuilder.setProvider("BC");
X509CRLHolder crlHolder = builder.build(contentSignerBuilder.build(caPrivateKey));
JcaX509CRLConverter converter = new JcaX509CRLConverter();
converter.setProvider("BC");
return converter.getCRL(crlHolder);
}
示例2: generateCRL
import org.bouncycastle.cert.X509v2CRLBuilder; //导入依赖的package包/类
private File generateCRL(X509Certificate cert) throws CRLException, NoSuchAlgorithmException, SignatureException, InvalidKeyException, IOException, OperatorCreationException {
X500Name issuer = new X500Name("CN=ca");
Date thisUpdate = new Date();
X509v2CRLBuilder gen = new X509v2CRLBuilder(issuer, thisUpdate);
gen.setNextUpdate(new Date(System.currentTimeMillis() + 60000));
if (cert != null) {
gen.addCRLEntry(cert.getSerialNumber(), new Date(System.currentTimeMillis() - 1000), CRLReason.keyCompromise);
}
ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(credential.getPrivateKey());
X509CRLHolder crl = gen.build(sigGen);
final File crlFile = File.createTempFile("test", "test");
crlFile.deleteOnExit();
FileOutputStream fos = new FileOutputStream(crlFile);
IOUtils.write(crl.getEncoded(), fos);
fos.close();
return crlFile;
}
示例3: generateCRL
import org.bouncycastle.cert.X509v2CRLBuilder; //导入依赖的package包/类
private File generateCRL(X509Certificate cert) throws CRLException, NoSuchAlgorithmException, SignatureException, InvalidKeyException, IOException, OperatorCreationException {
X500Name issuer = new X500Name("CN=ca");
Date thisUpdate = new Date();
X509v2CRLBuilder gen = new X509v2CRLBuilder(issuer, thisUpdate);
gen.setNextUpdate(new Date(System.currentTimeMillis() + 60000));
if (cert != null) {
gen.addCRLEntry(cert.getSerialNumber(), new Date(System.currentTimeMillis() - 1000), CRLReason.keyCompromise);
}
ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(cred.getPrivateKey());
X509CRLHolder crl = gen.build(sigGen);
final File crlFile = File.createTempFile("test", "test");
crlFile.deleteOnExit();
FileOutputStream fos = new FileOutputStream(crlFile);
IOUtils.write(crl.getEncoded(), fos);
fos.close();
return crlFile;
}
示例4: readCRL
import org.bouncycastle.cert.X509v2CRLBuilder; //导入依赖的package包/类
/**
* Read the current revocation list. Will generate a new revocation list,
* if the currently stored one is expired.
* @return input stream containing the DER encoded revocation list
*/
public InputStream readCRL(){
// TODO check CRL file date and compare to current timestamp
// TODO generate new CRL if expired
X509v2CRLBuilder crl = new X509v2CRLBuilder(caname, new Date());
crl.getClass();
return null;
}
示例5: newCertificateRevocationList
import org.bouncycastle.cert.X509v2CRLBuilder; //导入依赖的package包/类
/**
* Creates a new certificate revocation list (CRL). This function will
* destroy any existing CRL file.
*
* @param caRevocationList
* @param caKeystoreFile
* @param caKeystorePassword
* @return
*/
public static void newCertificateRevocationList(File caRevocationList, File caKeystoreFile, String caKeystorePassword) {
try {
// read the Fathom CA key and certificate
KeyStore store = openKeyStore(caKeystoreFile, caKeystorePassword);
PrivateKey caPrivateKey = (PrivateKey) store.getKey(CA_ALIAS, caKeystorePassword.toCharArray());
X509Certificate caCert = (X509Certificate) store.getCertificate(CA_ALIAS);
X500Name issuerDN = new X500Name(PrincipalUtil.getIssuerX509Principal(caCert).getName());
X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(issuerDN, new Date());
// build and sign CRL with CA private key
ContentSigner signer = new JcaContentSignerBuilder(SIGNING_ALGORITHM).setProvider(BC).build(caPrivateKey);
X509CRLHolder crl = crlBuilder.build(signer);
File tmpFile = new File(caRevocationList.getParentFile(), Long.toHexString(System.currentTimeMillis()) + ".tmp");
FileOutputStream fos = null;
try {
fos = new FileOutputStream(tmpFile);
fos.write(crl.getEncoded());
fos.flush();
fos.close();
if (caRevocationList.exists()) {
caRevocationList.delete();
}
tmpFile.renameTo(caRevocationList);
} finally {
if (fos != null) {
fos.close();
}
if (tmpFile.exists()) {
tmpFile.delete();
}
}
} catch (Exception e) {
throw new RuntimeException("Failed to create new certificate revocation list " + caRevocationList, e);
}
}
示例6: makeCrl
import org.bouncycastle.cert.X509v2CRLBuilder; //导入依赖的package包/类
public static X509CRL makeCrl(KeyPair pair)
throws Exception
{
Date now = new Date();
X509v2CRLBuilder crlGen = new X509v2CRLBuilder(new X500Name("CN=Test CA"), now);
JcaX509ExtensionUtils extensionUtils = new JcaX509ExtensionUtils();
crlGen.setNextUpdate(new Date(now.getTime() + 100000));
crlGen.addCRLEntry(BigInteger.ONE, now, CRLReason.privilegeWithdrawn);
crlGen.addExtension(Extension.authorityKeyIdentifier, false, extensionUtils.createAuthorityKeyIdentifier(pair.getPublic()));
return new JcaX509CRLConverter().setProvider("BC").getCRL(crlGen.build(new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider("BC").build(pair.getPrivate())));
}
示例7: newCertificateRevocationList
import org.bouncycastle.cert.X509v2CRLBuilder; //导入依赖的package包/类
/**
* Creates a new certificate revocation list (CRL). This function will
* destroy any existing CRL file.
*
* @param caRevocationList
* @param storeFile
* @param keystorePassword
* @return
*/
public static void newCertificateRevocationList(File caRevocationList, File caKeystoreFile, String caKeystorePassword) {
try {
// read the Gitblit CA key and certificate
KeyStore store = openKeyStore(caKeystoreFile, caKeystorePassword);
PrivateKey caPrivateKey = (PrivateKey) store.getKey(CA_ALIAS, caKeystorePassword.toCharArray());
X509Certificate caCert = (X509Certificate) store.getCertificate(CA_ALIAS);
X500Name issuerDN = new X500Name(PrincipalUtil.getIssuerX509Principal(caCert).getName());
X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(issuerDN, new Date());
// build and sign CRL with CA private key
ContentSigner signer = new JcaContentSignerBuilder(SIGNING_ALGORITHM).setProvider(BC).build(caPrivateKey);
X509CRLHolder crl = crlBuilder.build(signer);
File tmpFile = new File(caRevocationList.getParentFile(), Long.toHexString(System.currentTimeMillis()) + ".tmp");
FileOutputStream fos = null;
try {
fos = new FileOutputStream(tmpFile);
fos.write(crl.getEncoded());
fos.flush();
fos.close();
if (caRevocationList.exists()) {
caRevocationList.delete();
}
tmpFile.renameTo(caRevocationList);
} finally {
if (fos != null) {
fos.close();
}
if (tmpFile.exists()) {
tmpFile.delete();
}
}
} catch (Exception e) {
throw new RuntimeException("Failed to create new certificate revocation list " + caRevocationList, e);
}
}
示例8: testDirect
import org.bouncycastle.cert.X509v2CRLBuilder; //导入依赖的package包/类
private void testDirect()
throws Exception
{
KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
ByteArrayInputStream input = new ByteArrayInputStream(testCAp12);
keyStore.load(input, "test".toCharArray());
X509Certificate certificate = (X509Certificate) keyStore.getCertificate("ca");
PrivateKey privateKey = (PrivateKey) keyStore.getKey("ca", null);
X500Name issuer = X500Name.getInstance(certificate.getIssuerX500Principal().getEncoded());
X509v2CRLBuilder builder = new X509v2CRLBuilder(issuer, new Date());
builder.addCRLEntry(certificate.getSerialNumber(), new Date(), CRLReason.cACompromise);
JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder("SHA256WithRSAEncryption");
contentSignerBuilder.setProvider("BC");
X509CRLHolder cRLHolder = builder.build(contentSignerBuilder.build(privateKey));
if (!cRLHolder.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider("BC").build(certificate)))
{
fail("CRL signature not valid");
}
X509CRLEntryHolder cRLEntryHolder = cRLHolder.getRevokedCertificate(certificate.getSerialNumber());
if (!cRLEntryHolder.getCertificateIssuer().equals(new GeneralNames(new GeneralName(cRLHolder.getIssuer()))))
{
fail("certificate issuer incorrect");
}
JcaX509CRLConverter converter = new JcaX509CRLConverter();
converter.setProvider("BC");
X509CRL crl = converter.getCRL(cRLHolder);
crl.verify(certificate.getPublicKey());
if (!crl.isRevoked(certificate))
{
fail("Certificate should be revoked");
}
// now encode the CRL and load the CRL with the JCE provider
CertificateFactory fac = CertificateFactory.getInstance("X.509");
X509CRL jceCRL = (X509CRL) fac.generateCRL(new ByteArrayInputStream(crl.getEncoded()));
jceCRL.verify(certificate.getPublicKey());
if (!jceCRL.isRevoked(certificate))
{
fail("This certificate should also be revoked");
}
}
示例9: testIndirect
import org.bouncycastle.cert.X509v2CRLBuilder; //导入依赖的package包/类
private void testIndirect()
throws Exception
{
KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
ByteArrayInputStream input = new ByteArrayInputStream(testCAp12);
keyStore.load(input, "test".toCharArray());
X509Certificate certificate = (X509Certificate) keyStore.getCertificate("ca");
PrivateKey privateKey = (PrivateKey) keyStore.getKey("ca", null);
X500Name crlIssuer = X500Name.getInstance(certificate.getSubjectX500Principal().getEncoded());
X500Name caName = X500Name.getInstance(certificate.getIssuerX500Principal().getEncoded());
X509v2CRLBuilder builder = new X509v2CRLBuilder(crlIssuer, new Date());
builder.addExtension(Extension.issuingDistributionPoint, true, new IssuingDistributionPoint(null, true, false));
ExtensionsGenerator extGen = new ExtensionsGenerator();
extGen.addExtension(Extension.reasonCode, false, CRLReason.lookup(CRLReason.cACompromise));
extGen.addExtension(Extension.certificateIssuer, true, new GeneralNames(new GeneralName(caName)));
builder.addCRLEntry(certificate.getSerialNumber(), new Date(), extGen.generate());
JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder("SHA256WithRSAEncryption");
contentSignerBuilder.setProvider("BC");
X509CRLHolder cRLHolder = builder.build(contentSignerBuilder.build(privateKey));
if (!cRLHolder.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider("BC").build(certificate)))
{
fail("CRL signature not valid");
}
X509CRLEntryHolder cRLEntryHolder = cRLHolder.getRevokedCertificate(certificate.getSerialNumber());
if (!cRLEntryHolder.getCertificateIssuer().equals(new GeneralNames(new GeneralName(X500Name.getInstance(certificate.getIssuerX500Principal().getEncoded())))))
{
fail("certificate issuer incorrect");
}
JcaX509CRLConverter converter = new JcaX509CRLConverter();
converter.setProvider("BC");
X509CRL crl = converter.getCRL(cRLHolder);
crl.verify(certificate.getPublicKey());
if (!crl.isRevoked(certificate))
{
fail("Certificate should be revoked");
}
// now encode the CRL and load the CRL with the JCE provider
CertificateFactory fac = CertificateFactory.getInstance("X.509");
X509CRL jceCRL = (X509CRL) fac.generateCRL(new ByteArrayInputStream(crl.getEncoded()));
jceCRL.verify(certificate.getPublicKey());
if (!jceCRL.isRevoked(certificate))
{
fail("This certificate should also be revoked");
}
}
示例10: testMalformedIndirect
import org.bouncycastle.cert.X509v2CRLBuilder; //导入依赖的package包/类
private void testMalformedIndirect()
throws Exception
{
KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
ByteArrayInputStream input = new ByteArrayInputStream(testCAp12);
keyStore.load(input, "test".toCharArray());
X509Certificate certificate = (X509Certificate) keyStore.getCertificate("ca");
PrivateKey privateKey = (PrivateKey) keyStore.getKey("ca", null);
X500Name crlIssuer = X500Name.getInstance(certificate.getSubjectX500Principal().getEncoded());
X500Name caName = X500Name.getInstance(certificate.getIssuerX500Principal().getEncoded());
X509v2CRLBuilder builder = new X509v2CRLBuilder(crlIssuer, new Date());
ExtensionsGenerator extGen = new ExtensionsGenerator();
extGen.addExtension(Extension.reasonCode, false, CRLReason.lookup(CRLReason.cACompromise));
extGen.addExtension(Extension.certificateIssuer, true, new GeneralNames(new GeneralName(caName)));
builder.addCRLEntry(certificate.getSerialNumber(), new Date(), extGen.generate());
JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder("SHA256WithRSAEncryption");
contentSignerBuilder.setProvider("BC");
X509CRLHolder cRLHolder = builder.build(contentSignerBuilder.build(privateKey));
if (!cRLHolder.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider("BC").build(certificate)))
{
fail("CRL signature not valid");
}
X509CRLEntryHolder cRLEntryHolder = cRLHolder.getRevokedCertificate(certificate.getSerialNumber());
if (!cRLEntryHolder.getCertificateIssuer().equals(new GeneralNames(new GeneralName(cRLHolder.getIssuer()))))
{
fail("certificate issuer incorrect");
}
JcaX509CRLConverter converter = new JcaX509CRLConverter();
converter.setProvider("BC");
X509CRL crl = converter.getCRL(cRLHolder);
crl.verify(certificate.getPublicKey());
if (crl.isRevoked(certificate))
{
throw new Exception("Certificate should not be revoked");
}
}
示例11: testDirect
import org.bouncycastle.cert.X509v2CRLBuilder; //导入依赖的package包/类
private void testDirect()
throws Exception
{
KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
ByteArrayInputStream input = new ByteArrayInputStream(testCAp12);
keyStore.load(input, "test".toCharArray());
X509Certificate certificate = (X509Certificate) keyStore.getCertificate("ca");
PrivateKey privateKey = (PrivateKey) keyStore.getKey("ca", null);
X500Name issuer = X500Name.getInstance(PrincipalUtil.getIssuerX509Principal(certificate).getEncoded());
X509v2CRLBuilder builder = new X509v2CRLBuilder(issuer, new Date());
builder.addCRLEntry(certificate.getSerialNumber(), new Date(), CRLReason.cACompromise);
JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder("SHA256WithRSAEncryption");
contentSignerBuilder.setProvider("BC");
X509CRLHolder cRLHolder = builder.build(contentSignerBuilder.build(privateKey));
JcaX509CRLConverter converter = new JcaX509CRLConverter();
converter.setProvider("BC");
X509CRL crl = converter.getCRL(cRLHolder);
crl.verify(certificate.getPublicKey());
if (!crl.isRevoked(certificate))
{
fail("Certificate should be revoked");
}
// now encode the CRL and load the CRL with the JCE provider
CertificateFactory fac = CertificateFactory.getInstance("X.509");
X509CRL jceCRL = (X509CRL) fac.generateCRL(new ByteArrayInputStream(crl.getEncoded()));
jceCRL.verify(certificate.getPublicKey());
if (!jceCRL.isRevoked(certificate))
{
fail("This certificate should also be revoked");
}
}
示例12: testIndirect
import org.bouncycastle.cert.X509v2CRLBuilder; //导入依赖的package包/类
private void testIndirect()
throws Exception
{
KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
ByteArrayInputStream input = new ByteArrayInputStream(testCAp12);
keyStore.load(input, "test".toCharArray());
X509Certificate certificate = (X509Certificate) keyStore.getCertificate("ca");
PrivateKey privateKey = (PrivateKey) keyStore.getKey("ca", null);
X500Name crlIssuer = X500Name.getInstance(PrincipalUtil.getSubjectX509Principal(certificate).getEncoded());
X500Name caName = X500Name.getInstance(PrincipalUtil.getIssuerX509Principal(certificate).getEncoded());
X509v2CRLBuilder builder = new X509v2CRLBuilder(crlIssuer, new Date());
builder.addExtension(Extension.issuingDistributionPoint, true, new IssuingDistributionPoint(null, true, false));
ExtensionsGenerator extGen = new ExtensionsGenerator();
extGen.addExtension(Extension.reasonCode, false, CRLReason.lookup(CRLReason.cACompromise));
extGen.addExtension(Extension.certificateIssuer, true, new GeneralNames(new GeneralName(caName)));
builder.addCRLEntry(certificate.getSerialNumber(), new Date(), extGen.generate());
JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder("SHA256WithRSAEncryption");
contentSignerBuilder.setProvider("BC");
X509CRLHolder cRLHolder = builder.build(contentSignerBuilder.build(privateKey));
JcaX509CRLConverter converter = new JcaX509CRLConverter();
converter.setProvider("BC");
X509CRL crl = converter.getCRL(cRLHolder);
crl.verify(certificate.getPublicKey());
if (!crl.isRevoked(certificate))
{
fail("Certificate should be revoked");
}
// now encode the CRL and load the CRL with the JCE provider
CertificateFactory fac = CertificateFactory.getInstance("X.509");
X509CRL jceCRL = (X509CRL) fac.generateCRL(new ByteArrayInputStream(crl.getEncoded()));
jceCRL.verify(certificate.getPublicKey());
if (!jceCRL.isRevoked(certificate))
{
fail("This certificate should also be revoked");
}
}
示例13: testMalformedIndirect
import org.bouncycastle.cert.X509v2CRLBuilder; //导入依赖的package包/类
private void testMalformedIndirect()
throws Exception
{
KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
ByteArrayInputStream input = new ByteArrayInputStream(testCAp12);
keyStore.load(input, "test".toCharArray());
X509Certificate certificate = (X509Certificate) keyStore.getCertificate("ca");
PrivateKey privateKey = (PrivateKey) keyStore.getKey("ca", null);
X500Name crlIssuer = X500Name.getInstance(PrincipalUtil.getSubjectX509Principal(certificate).getEncoded());
X500Name caName = X500Name.getInstance(PrincipalUtil.getIssuerX509Principal(certificate).getEncoded());
X509v2CRLBuilder builder = new X509v2CRLBuilder(crlIssuer, new Date());
ExtensionsGenerator extGen = new ExtensionsGenerator();
extGen.addExtension(Extension.reasonCode, false, CRLReason.lookup(CRLReason.cACompromise));
extGen.addExtension(Extension.certificateIssuer, true, new GeneralNames(new GeneralName(caName)));
builder.addCRLEntry(certificate.getSerialNumber(), new Date(), extGen.generate());
JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder("SHA256WithRSAEncryption");
contentSignerBuilder.setProvider("BC");
X509CRLHolder cRLHolder = builder.build(contentSignerBuilder.build(privateKey));
JcaX509CRLConverter converter = new JcaX509CRLConverter();
converter.setProvider("BC");
X509CRL crl = converter.getCRL(cRLHolder);
crl.verify(certificate.getPublicKey());
if (crl.isRevoked(certificate))
{
throw new Exception("Certificate should not be revoked");
}
}
示例14: testIndirect2
import org.bouncycastle.cert.X509v2CRLBuilder; //导入依赖的package包/类
private void testIndirect2()
throws Exception
{
KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
ByteArrayInputStream input = new ByteArrayInputStream(testCAp12);
keyStore.load(input, "test".toCharArray());
X509Certificate certificate = (X509Certificate) keyStore.getCertificate("ca");
PrivateKey privateKey = (PrivateKey) keyStore.getKey("ca", null);
X500Name crlIssuer = X500Name.getInstance(certificate.getSubjectX500Principal().getEncoded());
X500Name caName = X500Name.getInstance(certificate.getIssuerX500Principal().getEncoded());
X509v2CRLBuilder builder = new X509v2CRLBuilder(crlIssuer, new Date());
builder.addExtension(Extension.issuingDistributionPoint, true, new IssuingDistributionPoint(null, true, false));
builder.addCRLEntry(BigInteger.valueOf(100), new Date(), CRLReason.cACompromise);
builder.addCRLEntry(BigInteger.valueOf(120), new Date(), CRLReason.cACompromise);
ExtensionsGenerator extGen = new ExtensionsGenerator();
extGen.addExtension(Extension.reasonCode, false, CRLReason.lookup(CRLReason.cACompromise));
extGen.addExtension(Extension.certificateIssuer, true, new GeneralNames(new GeneralName(caName)));
builder.addCRLEntry(certificate.getSerialNumber(), new Date(), extGen.generate());
builder.addCRLEntry(BigInteger.valueOf(130), new Date(), CRLReason.cACompromise);
JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder("SHA256WithRSAEncryption");
contentSignerBuilder.setProvider("BC");
X509CRLHolder cRLHolder = builder.build(contentSignerBuilder.build(privateKey));
if (!cRLHolder.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider("BC").build(certificate)))
{
fail("CRL signature not valid");
}
X509CRLEntryHolder cRLEntryHolder = cRLHolder.getRevokedCertificate(certificate.getSerialNumber());
if (!cRLEntryHolder.getCertificateIssuer().equals(new GeneralNames(new GeneralName(caName))))
{
fail("certificate issuer incorrect");
}
cRLEntryHolder = cRLHolder.getRevokedCertificate(BigInteger.valueOf(130));
if (!cRLEntryHolder.getCertificateIssuer().equals(new GeneralNames(new GeneralName(caName))))
{
fail("certificate issuer incorrect");
}
cRLEntryHolder = cRLHolder.getRevokedCertificate(BigInteger.valueOf(100));
if (!cRLEntryHolder.getCertificateIssuer().equals(new GeneralNames(new GeneralName(cRLHolder.getIssuer()))))
{
fail("certificate issuer incorrect");
}
JcaX509CRLConverter converter = new JcaX509CRLConverter();
converter.setProvider("BC");
X509CRL crl = converter.getCRL(cRLHolder);
crl.verify(certificate.getPublicKey());
}