本文整理汇总了Java中org.bouncycastle.x509.X509V2CRLGenerator.setThisUpdate方法的典型用法代码示例。如果您正苦于以下问题:Java X509V2CRLGenerator.setThisUpdate方法的具体用法?Java X509V2CRLGenerator.setThisUpdate怎么用?Java X509V2CRLGenerator.setThisUpdate使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类org.bouncycastle.x509.X509V2CRLGenerator
的用法示例。
在下文中一共展示了X509V2CRLGenerator.setThisUpdate方法的6个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: createCRL
import org.bouncycastle.x509.X509V2CRLGenerator; //导入方法依赖的package包/类
public static X509CRL createCRL(
X509Certificate caCert,
PrivateKey caKey,
BigInteger serialNumber)
throws Exception
{
X509V2CRLGenerator crlGen = new X509V2CRLGenerator();
Date now = new Date();
BigInteger revokedSerialNumber = BigInteger.valueOf(2);
crlGen.setIssuerDN(PrincipalUtil.getSubjectX509Principal(caCert));
crlGen.setThisUpdate(now);
crlGen.setNextUpdate(new Date(now.getTime() + 100000));
crlGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
crlGen.addCRLEntry(serialNumber, now, CRLReason.privilegeWithdrawn);
crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert));
crlGen.addExtension(X509Extensions.CRLNumber, false, new CRLNumber(BigInteger.valueOf(1)));
return crlGen.generate(caKey, "BC");
}
示例2: generateCRL
import org.bouncycastle.x509.X509V2CRLGenerator; //导入方法依赖的package包/类
@SuppressWarnings("deprecation")
public X509CRL generateCRL(String caName) {
try {
CertificateAuthority ca = this.caRepository.findOneByName(caName);
if(ca == null) {
throw new RuntimeException("Error getting CRL for non existing CA: " + caName);
}
Date now = new Date();
Date nextUpdate = new Date(now.getYear(), now.getMonth(), now.getDate(), now.getHours() + 3, now.getMinutes());
X509V2CRLGenerator crlGenerator = new X509V2CRLGenerator();
String caDN = getCADN(ca);
crlGenerator.setIssuerDN(new X500Principal(caDN));
crlGenerator.setThisUpdate(now);
crlGenerator.setNextUpdate(nextUpdate);
crlGenerator.setSignatureAlgorithm("SHA256withRSA");
X509Certificate caCertificate = new JcaX509CertificateConverter().getCertificate(ca.getIdentityContainer().getCertificate());
crlGenerator.addExtension(Extension.authorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCertificate));
crlGenerator.addExtension(Extension.cRLNumber, false, new CRLNumber(BigInteger.ONE));
X509CRL crl = crlGenerator.generateX509CRL(ca.getIdentityContainer().getPrivateKey(), BouncyCastleProvider.PROVIDER_NAME);
return crl;
} catch (Exception e) {
throw new RuntimeException("Error while generating CRL: " + e.getMessage(), e);
}
}
示例3: generateCrl
import org.bouncycastle.x509.X509V2CRLGenerator; //导入方法依赖的package包/类
public static X509CRL generateCrl(X509Certificate issuer, PrivateKey issuerPrivateKey) throws InvalidKeyException,
CRLException, IllegalStateException, NoSuchAlgorithmException, SignatureException {
X509V2CRLGenerator crlGenerator = new X509V2CRLGenerator();
crlGenerator.setIssuerDN(issuer.getSubjectX500Principal());
Date now = new Date();
crlGenerator.setThisUpdate(now);
crlGenerator.setNextUpdate(new Date(now.getTime() + 100000));
crlGenerator.setSignatureAlgorithm("SHA1withRSA");
crlGenerator.addExtension(X509Extensions.CRLNumber, false, new CRLNumber(new BigInteger("1234")));
X509CRL x509Crl = crlGenerator.generate(issuerPrivateKey);
return x509Crl;
}
示例4: createCRL
import org.bouncycastle.x509.X509V2CRLGenerator; //导入方法依赖的package包/类
public static X509CRL createCRL(String provider, X509Certificate caCert, PrivateKey caKey, CRLEntry[] entries, Date expires, String signatureAlgorithm) throws Exception {
X509V2CRLGenerator crlGen = new X509V2CRLGenerator();
Date now = new Date();
crlGen.setIssuerDN(new X509Name(caCert.getSubjectDN().getName()));
crlGen.setThisUpdate(now);
crlGen.setNextUpdate(expires);
crlGen.setSignatureAlgorithm(signatureAlgorithm);
for (int i = 0; i < entries.length; i++) {
crlGen.addCRLEntry(entries[i].getCertificateSerialNumber(), now, entries[i].getReason());
}
SubjectPublicKeyInfo apki = new SubjectPublicKeyInfo((ASN1Sequence) new ASN1InputStream(new ByteArrayInputStream(caCert.getPublicKey().getEncoded())).readObject());
crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier(apki));
crlGen.addExtension(X509Extensions.CRLNumber, false, new CRLNumber(BigInteger.valueOf(System.currentTimeMillis())));
return crlGen.generateX509CRL(caKey, provider);
}
示例5: checkCRLCreation1
import org.bouncycastle.x509.X509V2CRLGenerator; //导入方法依赖的package包/类
public void checkCRLCreation1()
throws Exception
{
KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC");
X509V2CRLGenerator crlGen = new X509V2CRLGenerator();
Date now = new Date();
KeyPair pair = kpGen.generateKeyPair();
crlGen.setIssuerDN(new X500Principal("CN=Test CA"));
crlGen.setThisUpdate(now);
crlGen.setNextUpdate(new Date(now.getTime() + 100000));
crlGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
crlGen.addCRLEntry(BigInteger.ONE, now, CRLReason.privilegeWithdrawn);
crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(pair.getPublic()));
X509CRL crl = crlGen.generate(pair.getPrivate(), "BC");
if (!crl.getIssuerX500Principal().equals(new X500Principal("CN=Test CA")))
{
fail("failed CRL issuer test");
}
byte[] authExt = crl.getExtensionValue(X509Extensions.AuthorityKeyIdentifier.getId());
if (authExt == null)
{
fail("failed to find CRL extension");
}
AuthorityKeyIdentifier authId = new AuthorityKeyIdentifierStructure(authExt);
X509CRLEntry entry = crl.getRevokedCertificate(BigInteger.ONE);
if (entry == null)
{
fail("failed to find CRL entry");
}
if (!entry.getSerialNumber().equals(BigInteger.ONE))
{
fail("CRL cert serial number does not match");
}
if (!entry.hasExtensions())
{
fail("CRL entry extension not found");
}
byte[] ext = entry.getExtensionValue(X509Extensions.ReasonCode.getId());
if (ext != null)
{
DEREnumerated reasonCode = (DEREnumerated)X509ExtensionUtil.fromExtensionValue(ext);
if (reasonCode.getValue().intValue() != CRLReason.privilegeWithdrawn)
{
fail("CRL entry reasonCode wrong");
}
}
else
{
fail("CRL entry reasonCode not found");
}
}
示例6: checkCRLCreation1
import org.bouncycastle.x509.X509V2CRLGenerator; //导入方法依赖的package包/类
public void checkCRLCreation1()
throws Exception
{
KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC");
X509V2CRLGenerator crlGen = new X509V2CRLGenerator();
Date now = new Date();
KeyPair pair = kpGen.generateKeyPair();
crlGen.setIssuerDN(new X509Principal("CN=Test CA"));
crlGen.setThisUpdate(now);
crlGen.setNextUpdate(new Date(now.getTime() + 100000));
crlGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
crlGen.addCRLEntry(BigInteger.ONE, now, CRLReason.privilegeWithdrawn);
crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(pair.getPublic()));
X509CRL crl = crlGen.generate(pair.getPrivate(), "BC");
if (!crl.getIssuerDN().equals(new X509Principal("CN=Test CA")))
{
fail("failed CRL issuer test");
}
byte[] authExt = crl.getExtensionValue(X509Extensions.AuthorityKeyIdentifier.getId());
if (authExt == null)
{
fail("failed to find CRL extension");
}
AuthorityKeyIdentifier authId = new AuthorityKeyIdentifierStructure(authExt);
X509CRLEntry entry = crl.getRevokedCertificate(BigInteger.ONE);
if (entry == null)
{
fail("failed to find CRL entry");
}
if (!entry.getSerialNumber().equals(BigInteger.ONE))
{
fail("CRL cert serial number does not match");
}
if (!entry.hasExtensions())
{
fail("CRL entry extension not found");
}
byte[] ext = entry.getExtensionValue(X509Extensions.ReasonCode.getId());
if (ext != null)
{
DEREnumerated reasonCode = (DEREnumerated)X509ExtensionUtil.fromExtensionValue(ext);
if (reasonCode.getValue().intValue() != CRLReason.privilegeWithdrawn)
{
fail("CRL entry reasonCode wrong");
}
}
else
{
fail("CRL entry reasonCode not found");
}
}