本文整理汇总了Java中org.bouncycastle.cert.X509v2CRLBuilder.addCRLEntry方法的典型用法代码示例。如果您正苦于以下问题:Java X509v2CRLBuilder.addCRLEntry方法的具体用法?Java X509v2CRLBuilder.addCRLEntry怎么用?Java X509v2CRLBuilder.addCRLEntry使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类org.bouncycastle.cert.X509v2CRLBuilder的用法示例。
在下文中一共展示了X509v2CRLBuilder.addCRLEntry方法的11个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: generateCrl
import org.bouncycastle.cert.X509v2CRLBuilder; //导入方法依赖的package包/类
private X509CRL generateCrl(X509Certificate ca, PrivateKey caPrivateKey, X509Certificate... revoked) throws Exception {
X509v2CRLBuilder builder = new X509v2CRLBuilder(
new X500Name(ca.getSubjectDN().getName()),
new Date()
);
for (X509Certificate certificate : revoked) {
builder.addCRLEntry(certificate.getSerialNumber(), new Date(), CRLReason.privilegeWithdrawn);
}
JcaContentSignerBuilder contentSignerBuilder =
new JcaContentSignerBuilder("SHA256WithRSAEncryption");
contentSignerBuilder.setProvider("BC");
X509CRLHolder crlHolder = builder.build(contentSignerBuilder.build(caPrivateKey));
JcaX509CRLConverter converter = new JcaX509CRLConverter();
converter.setProvider("BC");
return converter.getCRL(crlHolder);
}
示例2: generateCRL
import org.bouncycastle.cert.X509v2CRLBuilder; //导入方法依赖的package包/类
private File generateCRL(X509Certificate cert) throws CRLException, NoSuchAlgorithmException, SignatureException, InvalidKeyException, IOException, OperatorCreationException {
X500Name issuer = new X500Name("CN=ca");
Date thisUpdate = new Date();
X509v2CRLBuilder gen = new X509v2CRLBuilder(issuer, thisUpdate);
gen.setNextUpdate(new Date(System.currentTimeMillis() + 60000));
if (cert != null) {
gen.addCRLEntry(cert.getSerialNumber(), new Date(System.currentTimeMillis() - 1000), CRLReason.keyCompromise);
}
ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(credential.getPrivateKey());
X509CRLHolder crl = gen.build(sigGen);
final File crlFile = File.createTempFile("test", "test");
crlFile.deleteOnExit();
FileOutputStream fos = new FileOutputStream(crlFile);
IOUtils.write(crl.getEncoded(), fos);
fos.close();
return crlFile;
}
示例3: generateCRL
import org.bouncycastle.cert.X509v2CRLBuilder; //导入方法依赖的package包/类
private File generateCRL(X509Certificate cert) throws CRLException, NoSuchAlgorithmException, SignatureException, InvalidKeyException, IOException, OperatorCreationException {
X500Name issuer = new X500Name("CN=ca");
Date thisUpdate = new Date();
X509v2CRLBuilder gen = new X509v2CRLBuilder(issuer, thisUpdate);
gen.setNextUpdate(new Date(System.currentTimeMillis() + 60000));
if (cert != null) {
gen.addCRLEntry(cert.getSerialNumber(), new Date(System.currentTimeMillis() - 1000), CRLReason.keyCompromise);
}
ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(cred.getPrivateKey());
X509CRLHolder crl = gen.build(sigGen);
final File crlFile = File.createTempFile("test", "test");
crlFile.deleteOnExit();
FileOutputStream fos = new FileOutputStream(crlFile);
IOUtils.write(crl.getEncoded(), fos);
fos.close();
return crlFile;
}
示例4: makeCrl
import org.bouncycastle.cert.X509v2CRLBuilder; //导入方法依赖的package包/类
public static X509CRL makeCrl(KeyPair pair)
throws Exception
{
Date now = new Date();
X509v2CRLBuilder crlGen = new X509v2CRLBuilder(new X500Name("CN=Test CA"), now);
JcaX509ExtensionUtils extensionUtils = new JcaX509ExtensionUtils();
crlGen.setNextUpdate(new Date(now.getTime() + 100000));
crlGen.addCRLEntry(BigInteger.ONE, now, CRLReason.privilegeWithdrawn);
crlGen.addExtension(Extension.authorityKeyIdentifier, false, extensionUtils.createAuthorityKeyIdentifier(pair.getPublic()));
return new JcaX509CRLConverter().setProvider("BC").getCRL(crlGen.build(new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider("BC").build(pair.getPrivate())));
}
示例5: testDirect
import org.bouncycastle.cert.X509v2CRLBuilder; //导入方法依赖的package包/类
private void testDirect()
throws Exception
{
KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
ByteArrayInputStream input = new ByteArrayInputStream(testCAp12);
keyStore.load(input, "test".toCharArray());
X509Certificate certificate = (X509Certificate) keyStore.getCertificate("ca");
PrivateKey privateKey = (PrivateKey) keyStore.getKey("ca", null);
X500Name issuer = X500Name.getInstance(certificate.getIssuerX500Principal().getEncoded());
X509v2CRLBuilder builder = new X509v2CRLBuilder(issuer, new Date());
builder.addCRLEntry(certificate.getSerialNumber(), new Date(), CRLReason.cACompromise);
JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder("SHA256WithRSAEncryption");
contentSignerBuilder.setProvider("BC");
X509CRLHolder cRLHolder = builder.build(contentSignerBuilder.build(privateKey));
if (!cRLHolder.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider("BC").build(certificate)))
{
fail("CRL signature not valid");
}
X509CRLEntryHolder cRLEntryHolder = cRLHolder.getRevokedCertificate(certificate.getSerialNumber());
if (!cRLEntryHolder.getCertificateIssuer().equals(new GeneralNames(new GeneralName(cRLHolder.getIssuer()))))
{
fail("certificate issuer incorrect");
}
JcaX509CRLConverter converter = new JcaX509CRLConverter();
converter.setProvider("BC");
X509CRL crl = converter.getCRL(cRLHolder);
crl.verify(certificate.getPublicKey());
if (!crl.isRevoked(certificate))
{
fail("Certificate should be revoked");
}
// now encode the CRL and load the CRL with the JCE provider
CertificateFactory fac = CertificateFactory.getInstance("X.509");
X509CRL jceCRL = (X509CRL) fac.generateCRL(new ByteArrayInputStream(crl.getEncoded()));
jceCRL.verify(certificate.getPublicKey());
if (!jceCRL.isRevoked(certificate))
{
fail("This certificate should also be revoked");
}
}
示例6: testIndirect
import org.bouncycastle.cert.X509v2CRLBuilder; //导入方法依赖的package包/类
private void testIndirect()
throws Exception
{
KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
ByteArrayInputStream input = new ByteArrayInputStream(testCAp12);
keyStore.load(input, "test".toCharArray());
X509Certificate certificate = (X509Certificate) keyStore.getCertificate("ca");
PrivateKey privateKey = (PrivateKey) keyStore.getKey("ca", null);
X500Name crlIssuer = X500Name.getInstance(certificate.getSubjectX500Principal().getEncoded());
X500Name caName = X500Name.getInstance(certificate.getIssuerX500Principal().getEncoded());
X509v2CRLBuilder builder = new X509v2CRLBuilder(crlIssuer, new Date());
builder.addExtension(Extension.issuingDistributionPoint, true, new IssuingDistributionPoint(null, true, false));
ExtensionsGenerator extGen = new ExtensionsGenerator();
extGen.addExtension(Extension.reasonCode, false, CRLReason.lookup(CRLReason.cACompromise));
extGen.addExtension(Extension.certificateIssuer, true, new GeneralNames(new GeneralName(caName)));
builder.addCRLEntry(certificate.getSerialNumber(), new Date(), extGen.generate());
JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder("SHA256WithRSAEncryption");
contentSignerBuilder.setProvider("BC");
X509CRLHolder cRLHolder = builder.build(contentSignerBuilder.build(privateKey));
if (!cRLHolder.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider("BC").build(certificate)))
{
fail("CRL signature not valid");
}
X509CRLEntryHolder cRLEntryHolder = cRLHolder.getRevokedCertificate(certificate.getSerialNumber());
if (!cRLEntryHolder.getCertificateIssuer().equals(new GeneralNames(new GeneralName(X500Name.getInstance(certificate.getIssuerX500Principal().getEncoded())))))
{
fail("certificate issuer incorrect");
}
JcaX509CRLConverter converter = new JcaX509CRLConverter();
converter.setProvider("BC");
X509CRL crl = converter.getCRL(cRLHolder);
crl.verify(certificate.getPublicKey());
if (!crl.isRevoked(certificate))
{
fail("Certificate should be revoked");
}
// now encode the CRL and load the CRL with the JCE provider
CertificateFactory fac = CertificateFactory.getInstance("X.509");
X509CRL jceCRL = (X509CRL) fac.generateCRL(new ByteArrayInputStream(crl.getEncoded()));
jceCRL.verify(certificate.getPublicKey());
if (!jceCRL.isRevoked(certificate))
{
fail("This certificate should also be revoked");
}
}
示例7: testIndirect
import org.bouncycastle.cert.X509v2CRLBuilder; //导入方法依赖的package包/类
private void testIndirect()
throws Exception
{
KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
ByteArrayInputStream input = new ByteArrayInputStream(testCAp12);
keyStore.load(input, "test".toCharArray());
X509Certificate certificate = (X509Certificate) keyStore.getCertificate("ca");
PrivateKey privateKey = (PrivateKey) keyStore.getKey("ca", null);
X500Name crlIssuer = X500Name.getInstance(PrincipalUtil.getSubjectX509Principal(certificate).getEncoded());
X500Name caName = X500Name.getInstance(PrincipalUtil.getIssuerX509Principal(certificate).getEncoded());
X509v2CRLBuilder builder = new X509v2CRLBuilder(crlIssuer, new Date());
builder.addExtension(Extension.issuingDistributionPoint, true, new IssuingDistributionPoint(null, true, false));
ExtensionsGenerator extGen = new ExtensionsGenerator();
extGen.addExtension(Extension.reasonCode, false, CRLReason.lookup(CRLReason.cACompromise));
extGen.addExtension(Extension.certificateIssuer, true, new GeneralNames(new GeneralName(caName)));
builder.addCRLEntry(certificate.getSerialNumber(), new Date(), extGen.generate());
JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder("SHA256WithRSAEncryption");
contentSignerBuilder.setProvider("BC");
X509CRLHolder cRLHolder = builder.build(contentSignerBuilder.build(privateKey));
JcaX509CRLConverter converter = new JcaX509CRLConverter();
converter.setProvider("BC");
X509CRL crl = converter.getCRL(cRLHolder);
crl.verify(certificate.getPublicKey());
if (!crl.isRevoked(certificate))
{
fail("Certificate should be revoked");
}
// now encode the CRL and load the CRL with the JCE provider
CertificateFactory fac = CertificateFactory.getInstance("X.509");
X509CRL jceCRL = (X509CRL) fac.generateCRL(new ByteArrayInputStream(crl.getEncoded()));
jceCRL.verify(certificate.getPublicKey());
if (!jceCRL.isRevoked(certificate))
{
fail("This certificate should also be revoked");
}
}
示例8: testDirect
import org.bouncycastle.cert.X509v2CRLBuilder; //导入方法依赖的package包/类
private void testDirect()
throws Exception
{
KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
ByteArrayInputStream input = new ByteArrayInputStream(testCAp12);
keyStore.load(input, "test".toCharArray());
X509Certificate certificate = (X509Certificate) keyStore.getCertificate("ca");
PrivateKey privateKey = (PrivateKey) keyStore.getKey("ca", null);
X500Name issuer = X500Name.getInstance(PrincipalUtil.getIssuerX509Principal(certificate).getEncoded());
X509v2CRLBuilder builder = new X509v2CRLBuilder(issuer, new Date());
builder.addCRLEntry(certificate.getSerialNumber(), new Date(), CRLReason.cACompromise);
JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder("SHA256WithRSAEncryption");
contentSignerBuilder.setProvider("BC");
X509CRLHolder cRLHolder = builder.build(contentSignerBuilder.build(privateKey));
JcaX509CRLConverter converter = new JcaX509CRLConverter();
converter.setProvider("BC");
X509CRL crl = converter.getCRL(cRLHolder);
crl.verify(certificate.getPublicKey());
if (!crl.isRevoked(certificate))
{
fail("Certificate should be revoked");
}
// now encode the CRL and load the CRL with the JCE provider
CertificateFactory fac = CertificateFactory.getInstance("X.509");
X509CRL jceCRL = (X509CRL) fac.generateCRL(new ByteArrayInputStream(crl.getEncoded()));
jceCRL.verify(certificate.getPublicKey());
if (!jceCRL.isRevoked(certificate))
{
fail("This certificate should also be revoked");
}
}
示例9: testMalformedIndirect
import org.bouncycastle.cert.X509v2CRLBuilder; //导入方法依赖的package包/类
private void testMalformedIndirect()
throws Exception
{
KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
ByteArrayInputStream input = new ByteArrayInputStream(testCAp12);
keyStore.load(input, "test".toCharArray());
X509Certificate certificate = (X509Certificate) keyStore.getCertificate("ca");
PrivateKey privateKey = (PrivateKey) keyStore.getKey("ca", null);
X500Name crlIssuer = X500Name.getInstance(PrincipalUtil.getSubjectX509Principal(certificate).getEncoded());
X500Name caName = X500Name.getInstance(PrincipalUtil.getIssuerX509Principal(certificate).getEncoded());
X509v2CRLBuilder builder = new X509v2CRLBuilder(crlIssuer, new Date());
ExtensionsGenerator extGen = new ExtensionsGenerator();
extGen.addExtension(Extension.reasonCode, false, CRLReason.lookup(CRLReason.cACompromise));
extGen.addExtension(Extension.certificateIssuer, true, new GeneralNames(new GeneralName(caName)));
builder.addCRLEntry(certificate.getSerialNumber(), new Date(), extGen.generate());
JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder("SHA256WithRSAEncryption");
contentSignerBuilder.setProvider("BC");
X509CRLHolder cRLHolder = builder.build(contentSignerBuilder.build(privateKey));
JcaX509CRLConverter converter = new JcaX509CRLConverter();
converter.setProvider("BC");
X509CRL crl = converter.getCRL(cRLHolder);
crl.verify(certificate.getPublicKey());
if (crl.isRevoked(certificate))
{
throw new Exception("Certificate should not be revoked");
}
}
示例10: testIndirect2
import org.bouncycastle.cert.X509v2CRLBuilder; //导入方法依赖的package包/类
private void testIndirect2()
throws Exception
{
KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
ByteArrayInputStream input = new ByteArrayInputStream(testCAp12);
keyStore.load(input, "test".toCharArray());
X509Certificate certificate = (X509Certificate) keyStore.getCertificate("ca");
PrivateKey privateKey = (PrivateKey) keyStore.getKey("ca", null);
X500Name crlIssuer = X500Name.getInstance(certificate.getSubjectX500Principal().getEncoded());
X500Name caName = X500Name.getInstance(certificate.getIssuerX500Principal().getEncoded());
X509v2CRLBuilder builder = new X509v2CRLBuilder(crlIssuer, new Date());
builder.addExtension(Extension.issuingDistributionPoint, true, new IssuingDistributionPoint(null, true, false));
builder.addCRLEntry(BigInteger.valueOf(100), new Date(), CRLReason.cACompromise);
builder.addCRLEntry(BigInteger.valueOf(120), new Date(), CRLReason.cACompromise);
ExtensionsGenerator extGen = new ExtensionsGenerator();
extGen.addExtension(Extension.reasonCode, false, CRLReason.lookup(CRLReason.cACompromise));
extGen.addExtension(Extension.certificateIssuer, true, new GeneralNames(new GeneralName(caName)));
builder.addCRLEntry(certificate.getSerialNumber(), new Date(), extGen.generate());
builder.addCRLEntry(BigInteger.valueOf(130), new Date(), CRLReason.cACompromise);
JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder("SHA256WithRSAEncryption");
contentSignerBuilder.setProvider("BC");
X509CRLHolder cRLHolder = builder.build(contentSignerBuilder.build(privateKey));
if (!cRLHolder.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider("BC").build(certificate)))
{
fail("CRL signature not valid");
}
X509CRLEntryHolder cRLEntryHolder = cRLHolder.getRevokedCertificate(certificate.getSerialNumber());
if (!cRLEntryHolder.getCertificateIssuer().equals(new GeneralNames(new GeneralName(caName))))
{
fail("certificate issuer incorrect");
}
cRLEntryHolder = cRLHolder.getRevokedCertificate(BigInteger.valueOf(130));
if (!cRLEntryHolder.getCertificateIssuer().equals(new GeneralNames(new GeneralName(caName))))
{
fail("certificate issuer incorrect");
}
cRLEntryHolder = cRLHolder.getRevokedCertificate(BigInteger.valueOf(100));
if (!cRLEntryHolder.getCertificateIssuer().equals(new GeneralNames(new GeneralName(cRLHolder.getIssuer()))))
{
fail("certificate issuer incorrect");
}
JcaX509CRLConverter converter = new JcaX509CRLConverter();
converter.setProvider("BC");
X509CRL crl = converter.getCRL(cRLHolder);
crl.verify(certificate.getPublicKey());
}
示例11: testMalformedIndirect
import org.bouncycastle.cert.X509v2CRLBuilder; //导入方法依赖的package包/类
private void testMalformedIndirect()
throws Exception
{
KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
ByteArrayInputStream input = new ByteArrayInputStream(testCAp12);
keyStore.load(input, "test".toCharArray());
X509Certificate certificate = (X509Certificate) keyStore.getCertificate("ca");
PrivateKey privateKey = (PrivateKey) keyStore.getKey("ca", null);
X500Name crlIssuer = X500Name.getInstance(certificate.getSubjectX500Principal().getEncoded());
X500Name caName = X500Name.getInstance(certificate.getIssuerX500Principal().getEncoded());
X509v2CRLBuilder builder = new X509v2CRLBuilder(crlIssuer, new Date());
ExtensionsGenerator extGen = new ExtensionsGenerator();
extGen.addExtension(Extension.reasonCode, false, CRLReason.lookup(CRLReason.cACompromise));
extGen.addExtension(Extension.certificateIssuer, true, new GeneralNames(new GeneralName(caName)));
builder.addCRLEntry(certificate.getSerialNumber(), new Date(), extGen.generate());
JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder("SHA256WithRSAEncryption");
contentSignerBuilder.setProvider("BC");
X509CRLHolder cRLHolder = builder.build(contentSignerBuilder.build(privateKey));
if (!cRLHolder.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider("BC").build(certificate)))
{
fail("CRL signature not valid");
}
X509CRLEntryHolder cRLEntryHolder = cRLHolder.getRevokedCertificate(certificate.getSerialNumber());
if (!cRLEntryHolder.getCertificateIssuer().equals(new GeneralNames(new GeneralName(cRLHolder.getIssuer()))))
{
fail("certificate issuer incorrect");
}
JcaX509CRLConverter converter = new JcaX509CRLConverter();
converter.setProvider("BC");
X509CRL crl = converter.getCRL(cRLHolder);
crl.verify(certificate.getPublicKey());
if (crl.isRevoked(certificate))
{
throw new Exception("Certificate should not be revoked");
}
}