• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    公众号

Java X509v2CRLBuilder类代码示例

原作者: [db:作者] 来自: [db:来源] 收藏 邀请

本文整理汇总了Java中org.bouncycastle.cert.X509v2CRLBuilder的典型用法代码示例。如果您正苦于以下问题:Java X509v2CRLBuilder类的具体用法?Java X509v2CRLBuilder怎么用?Java X509v2CRLBuilder使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。



X509v2CRLBuilder类属于org.bouncycastle.cert包,在下文中一共展示了X509v2CRLBuilder类的14个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Java代码示例。

示例1: generateCrl

import org.bouncycastle.cert.X509v2CRLBuilder; //导入依赖的package包/类
private X509CRL generateCrl(X509Certificate ca, PrivateKey caPrivateKey, X509Certificate... revoked) throws Exception {
    X509v2CRLBuilder builder = new X509v2CRLBuilder(
        new X500Name(ca.getSubjectDN().getName()),
        new Date()
    );

    for (X509Certificate certificate : revoked) {
        builder.addCRLEntry(certificate.getSerialNumber(), new Date(), CRLReason.privilegeWithdrawn);
    }

    JcaContentSignerBuilder contentSignerBuilder =
        new JcaContentSignerBuilder("SHA256WithRSAEncryption");

    contentSignerBuilder.setProvider("BC");

    X509CRLHolder crlHolder = builder.build(contentSignerBuilder.build(caPrivateKey));

    JcaX509CRLConverter converter = new JcaX509CRLConverter();

    converter.setProvider("BC");

    return converter.getCRL(crlHolder);
}
 
开发者ID:eclipse,项目名称:milo,代码行数:24,代码来源:CertificateValidationUtilTest.java


示例2: generateCRL

import org.bouncycastle.cert.X509v2CRLBuilder; //导入依赖的package包/类
private File generateCRL(X509Certificate cert) throws CRLException, NoSuchAlgorithmException, SignatureException, InvalidKeyException, IOException, OperatorCreationException {
    X500Name issuer = new X500Name("CN=ca");
    Date thisUpdate = new Date();
    X509v2CRLBuilder gen = new X509v2CRLBuilder(issuer, thisUpdate);
    gen.setNextUpdate(new Date(System.currentTimeMillis() + 60000));

    if (cert != null) {
        gen.addCRLEntry(cert.getSerialNumber(), new Date(System.currentTimeMillis() - 1000), CRLReason.keyCompromise);
    }

    ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(credential.getPrivateKey());
    X509CRLHolder crl = gen.build(sigGen);

    final File crlFile = File.createTempFile("test", "test");
    crlFile.deleteOnExit();
    FileOutputStream fos = new FileOutputStream(crlFile);
    IOUtils.write(crl.getEncoded(), fos);
    fos.close();
    return crlFile;
}
 
开发者ID:amagdenko,项目名称:oiosaml.java,代码行数:21,代码来源:IntegrationTests.java


示例3: generateCRL

import org.bouncycastle.cert.X509v2CRLBuilder; //导入依赖的package包/类
private File generateCRL(X509Certificate cert) throws CRLException, NoSuchAlgorithmException, SignatureException, InvalidKeyException, IOException, OperatorCreationException {
       X500Name issuer = new X500Name("CN=ca");
       Date thisUpdate = new Date();
       X509v2CRLBuilder gen = new X509v2CRLBuilder(issuer, thisUpdate);
	gen.setNextUpdate(new Date(System.currentTimeMillis() + 60000));

       if (cert != null) {
		gen.addCRLEntry(cert.getSerialNumber(), new Date(System.currentTimeMillis() - 1000), CRLReason.keyCompromise);
	}

       ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(cred.getPrivateKey());
	X509CRLHolder crl = gen.build(sigGen);

	final File crlFile = File.createTempFile("test", "test");
	crlFile.deleteOnExit();
	FileOutputStream fos = new FileOutputStream(crlFile);
	IOUtils.write(crl.getEncoded(), fos);
	fos.close();
	return crlFile;
}
 
开发者ID:amagdenko,项目名称:oiosaml.java,代码行数:21,代码来源:CRLCheckerTest.java


示例4: readCRL

import org.bouncycastle.cert.X509v2CRLBuilder; //导入依赖的package包/类
/**
 * Read the current revocation list. Will generate a new revocation list, 
 * if the currently stored one is expired.
 * @return input stream containing the DER encoded revocation list
 */
public InputStream readCRL(){
	// TODO check CRL file date and compare to current timestamp
	// TODO generate new CRL if expired
	X509v2CRLBuilder crl = new X509v2CRLBuilder(caname, new Date());
	crl.getClass();
	
	return null;
}
 
开发者ID:aktin,项目名称:ca,代码行数:14,代码来源:CertificateManager.java


示例5: newCertificateRevocationList

import org.bouncycastle.cert.X509v2CRLBuilder; //导入依赖的package包/类
/**
 * Creates a new certificate revocation list (CRL).  This function will
 * destroy any existing CRL file.
 *
 * @param caRevocationList
 * @param caKeystoreFile
 * @param caKeystorePassword
 * @return
 */
public static void newCertificateRevocationList(File caRevocationList, File caKeystoreFile, String caKeystorePassword) {
    try {
        // read the Fathom CA key and certificate
        KeyStore store = openKeyStore(caKeystoreFile, caKeystorePassword);
        PrivateKey caPrivateKey = (PrivateKey) store.getKey(CA_ALIAS, caKeystorePassword.toCharArray());
        X509Certificate caCert = (X509Certificate) store.getCertificate(CA_ALIAS);

        X500Name issuerDN = new X500Name(PrincipalUtil.getIssuerX509Principal(caCert).getName());
        X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(issuerDN, new Date());

        // build and sign CRL with CA private key
        ContentSigner signer = new JcaContentSignerBuilder(SIGNING_ALGORITHM).setProvider(BC).build(caPrivateKey);
        X509CRLHolder crl = crlBuilder.build(signer);

        File tmpFile = new File(caRevocationList.getParentFile(), Long.toHexString(System.currentTimeMillis()) + ".tmp");
        FileOutputStream fos = null;
        try {
            fos = new FileOutputStream(tmpFile);
            fos.write(crl.getEncoded());
            fos.flush();
            fos.close();
            if (caRevocationList.exists()) {
                caRevocationList.delete();
            }
            tmpFile.renameTo(caRevocationList);
        } finally {
            if (fos != null) {
                fos.close();
            }
            if (tmpFile.exists()) {
                tmpFile.delete();
            }
        }
    } catch (Exception e) {
        throw new RuntimeException("Failed to create new certificate revocation list " + caRevocationList, e);
    }
}
 
开发者ID:gitblit,项目名称:fathom,代码行数:47,代码来源:X509Utils.java


示例6: makeCrl

import org.bouncycastle.cert.X509v2CRLBuilder; //导入依赖的package包/类
public static X509CRL makeCrl(KeyPair pair)
    throws Exception
{
    Date                 now = new Date();
    X509v2CRLBuilder crlGen = new X509v2CRLBuilder(new X500Name("CN=Test CA"), now);
    JcaX509ExtensionUtils extensionUtils = new JcaX509ExtensionUtils();

    crlGen.setNextUpdate(new Date(now.getTime() + 100000));

    crlGen.addCRLEntry(BigInteger.ONE, now, CRLReason.privilegeWithdrawn);

    crlGen.addExtension(Extension.authorityKeyIdentifier, false, extensionUtils.createAuthorityKeyIdentifier(pair.getPublic()));

    return new JcaX509CRLConverter().setProvider("BC").getCRL(crlGen.build(new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider("BC").build(pair.getPrivate())));
}
 
开发者ID:credentials,项目名称:irma_future_id,代码行数:16,代码来源:CMSTestUtil.java


示例7: newCertificateRevocationList

import org.bouncycastle.cert.X509v2CRLBuilder; //导入依赖的package包/类
/**
 * Creates a new certificate revocation list (CRL).  This function will
 * destroy any existing CRL file.
 * 
 * @param caRevocationList
 * @param storeFile
 * @param keystorePassword
 * @return
 */
public static void newCertificateRevocationList(File caRevocationList, File caKeystoreFile, String caKeystorePassword) {
	try {
		// read the Gitblit CA key and certificate
		KeyStore store = openKeyStore(caKeystoreFile, caKeystorePassword);
		PrivateKey caPrivateKey = (PrivateKey) store.getKey(CA_ALIAS, caKeystorePassword.toCharArray());
		X509Certificate caCert = (X509Certificate) store.getCertificate(CA_ALIAS);

		X500Name issuerDN = new X500Name(PrincipalUtil.getIssuerX509Principal(caCert).getName());
		X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(issuerDN, new Date());
		
		// build and sign CRL with CA private key
		ContentSigner signer = new JcaContentSignerBuilder(SIGNING_ALGORITHM).setProvider(BC).build(caPrivateKey);
		X509CRLHolder crl = crlBuilder.build(signer);

		File tmpFile = new File(caRevocationList.getParentFile(), Long.toHexString(System.currentTimeMillis()) + ".tmp");
		FileOutputStream fos = null;
		try {
			fos = new FileOutputStream(tmpFile);
			fos.write(crl.getEncoded());
			fos.flush();
			fos.close();
			if (caRevocationList.exists()) {
				caRevocationList.delete();
			}
			tmpFile.renameTo(caRevocationList);
		} finally {
			if (fos != null) {
				fos.close();
			}
			if (tmpFile.exists()) {
				tmpFile.delete();
			}
		}
	} catch (Exception e) {
		throw new RuntimeException("Failed to create new certificate revocation list " + caRevocationList, e);
	}
}
 
开发者ID:warpfork,项目名称:gitblit,代码行数:47,代码来源:X509Utils.java


示例8: testDirect

import org.bouncycastle.cert.X509v2CRLBuilder; //导入依赖的package包/类
private void testDirect()
    throws Exception
{
    KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");

    ByteArrayInputStream input = new ByteArrayInputStream(testCAp12);

    keyStore.load(input, "test".toCharArray());

    X509Certificate certificate = (X509Certificate) keyStore.getCertificate("ca");
    PrivateKey privateKey = (PrivateKey) keyStore.getKey("ca", null);

    X500Name issuer = X500Name.getInstance(certificate.getIssuerX500Principal().getEncoded());

    X509v2CRLBuilder builder = new X509v2CRLBuilder(issuer, new Date());

    builder.addCRLEntry(certificate.getSerialNumber(), new Date(), CRLReason.cACompromise);

    JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder("SHA256WithRSAEncryption");

    contentSignerBuilder.setProvider("BC");

    X509CRLHolder cRLHolder = builder.build(contentSignerBuilder.build(privateKey));

    if (!cRLHolder.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider("BC").build(certificate)))
    {
        fail("CRL signature not valid");
    }

    X509CRLEntryHolder cRLEntryHolder = cRLHolder.getRevokedCertificate(certificate.getSerialNumber());

    if (!cRLEntryHolder.getCertificateIssuer().equals(new GeneralNames(new GeneralName(cRLHolder.getIssuer()))))
    {
        fail("certificate issuer incorrect");
    }

    JcaX509CRLConverter converter = new JcaX509CRLConverter();

    converter.setProvider("BC");

    X509CRL crl = converter.getCRL(cRLHolder);

    crl.verify(certificate.getPublicKey());

    if (!crl.isRevoked(certificate))
    {
        fail("Certificate should be revoked");
    }

    // now encode the CRL and load the CRL with the JCE provider

    CertificateFactory fac = CertificateFactory.getInstance("X.509");

    X509CRL jceCRL = (X509CRL) fac.generateCRL(new ByteArrayInputStream(crl.getEncoded()));

    jceCRL.verify(certificate.getPublicKey());

    if (!jceCRL.isRevoked(certificate))
    {
        fail("This certificate should also be revoked");
    }
}
 
开发者ID:credentials,项目名称:irma_future_id,代码行数:63,代码来源:CertTest.java


示例9: testIndirect

import org.bouncycastle.cert.X509v2CRLBuilder; //导入依赖的package包/类
private void testIndirect()
    throws Exception
{
    KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");

    ByteArrayInputStream input = new ByteArrayInputStream(testCAp12);

    keyStore.load(input, "test".toCharArray());

    X509Certificate certificate = (X509Certificate) keyStore.getCertificate("ca");
    PrivateKey privateKey = (PrivateKey) keyStore.getKey("ca", null);

    X500Name crlIssuer = X500Name.getInstance(certificate.getSubjectX500Principal().getEncoded());
    X500Name caName = X500Name.getInstance(certificate.getIssuerX500Principal().getEncoded());

    X509v2CRLBuilder builder = new X509v2CRLBuilder(crlIssuer, new Date());

    builder.addExtension(Extension.issuingDistributionPoint, true, new IssuingDistributionPoint(null, true, false));

    ExtensionsGenerator extGen = new ExtensionsGenerator();

    extGen.addExtension(Extension.reasonCode, false, CRLReason.lookup(CRLReason.cACompromise));
    extGen.addExtension(Extension.certificateIssuer, true, new GeneralNames(new GeneralName(caName)));

    builder.addCRLEntry(certificate.getSerialNumber(), new Date(), extGen.generate());

    JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder("SHA256WithRSAEncryption");

    contentSignerBuilder.setProvider("BC");

    X509CRLHolder cRLHolder = builder.build(contentSignerBuilder.build(privateKey));

    if (!cRLHolder.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider("BC").build(certificate)))
    {
        fail("CRL signature not valid");
    }

    X509CRLEntryHolder cRLEntryHolder = cRLHolder.getRevokedCertificate(certificate.getSerialNumber());

    if (!cRLEntryHolder.getCertificateIssuer().equals(new GeneralNames(new GeneralName(X500Name.getInstance(certificate.getIssuerX500Principal().getEncoded())))))
    {
        fail("certificate issuer incorrect");
    }

    JcaX509CRLConverter converter = new JcaX509CRLConverter();

    converter.setProvider("BC");

    X509CRL crl = converter.getCRL(cRLHolder);

    crl.verify(certificate.getPublicKey());

    if (!crl.isRevoked(certificate))
    {
        fail("Certificate should be revoked");
    }

    // now encode the CRL and load the CRL with the JCE provider

    CertificateFactory fac = CertificateFactory.getInstance("X.509");

    X509CRL jceCRL = (X509CRL) fac.generateCRL(new ByteArrayInputStream(crl.getEncoded()));

    jceCRL.verify(certificate.getPublicKey());

    if (!jceCRL.isRevoked(certificate))
    {
        fail("This certificate should also be revoked");
    }
}
 
开发者ID:credentials,项目名称:irma_future_id,代码行数:71,代码来源:CertTest.java


示例10: testMalformedIndirect

import org.bouncycastle.cert.X509v2CRLBuilder; //导入依赖的package包/类
private void testMalformedIndirect()
    throws Exception
{
    KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");

    ByteArrayInputStream input = new ByteArrayInputStream(testCAp12);

    keyStore.load(input, "test".toCharArray());

    X509Certificate certificate = (X509Certificate) keyStore.getCertificate("ca");
    PrivateKey privateKey = (PrivateKey) keyStore.getKey("ca", null);

    X500Name crlIssuer = X500Name.getInstance(certificate.getSubjectX500Principal().getEncoded());
    X500Name caName = X500Name.getInstance(certificate.getIssuerX500Principal().getEncoded());

    X509v2CRLBuilder builder = new X509v2CRLBuilder(crlIssuer, new Date());

    ExtensionsGenerator extGen = new ExtensionsGenerator();

    extGen.addExtension(Extension.reasonCode, false, CRLReason.lookup(CRLReason.cACompromise));
    extGen.addExtension(Extension.certificateIssuer, true, new GeneralNames(new GeneralName(caName)));

    builder.addCRLEntry(certificate.getSerialNumber(), new Date(), extGen.generate());

    JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder("SHA256WithRSAEncryption");

    contentSignerBuilder.setProvider("BC");

    X509CRLHolder cRLHolder = builder.build(contentSignerBuilder.build(privateKey));

    if (!cRLHolder.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider("BC").build(certificate)))
    {
        fail("CRL signature not valid");
    }

    X509CRLEntryHolder cRLEntryHolder = cRLHolder.getRevokedCertificate(certificate.getSerialNumber());

    if (!cRLEntryHolder.getCertificateIssuer().equals(new GeneralNames(new GeneralName(cRLHolder.getIssuer()))))
    {
        fail("certificate issuer incorrect");
    }

    JcaX509CRLConverter converter = new JcaX509CRLConverter();

    converter.setProvider("BC");

    X509CRL crl = converter.getCRL(cRLHolder);

    crl.verify(certificate.getPublicKey());

    if (crl.isRevoked(certificate))
    {
        throw new Exception("Certificate should not be revoked");
    }
}
 
开发者ID:credentials,项目名称:irma_future_id,代码行数:56,代码来源:CertTest.java


示例11: testDirect

import org.bouncycastle.cert.X509v2CRLBuilder; //导入依赖的package包/类
private void testDirect()
    throws Exception
{
    KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");

    ByteArrayInputStream input = new ByteArrayInputStream(testCAp12);

    keyStore.load(input, "test".toCharArray());

    X509Certificate certificate = (X509Certificate) keyStore.getCertificate("ca");
    PrivateKey privateKey = (PrivateKey) keyStore.getKey("ca", null);

    X500Name issuer = X500Name.getInstance(PrincipalUtil.getIssuerX509Principal(certificate).getEncoded());

    X509v2CRLBuilder builder = new X509v2CRLBuilder(issuer, new Date());

    builder.addCRLEntry(certificate.getSerialNumber(), new Date(), CRLReason.cACompromise);

    JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder("SHA256WithRSAEncryption");

    contentSignerBuilder.setProvider("BC");

    X509CRLHolder cRLHolder = builder.build(contentSignerBuilder.build(privateKey));

    JcaX509CRLConverter converter = new JcaX509CRLConverter();

    converter.setProvider("BC");

    X509CRL crl = converter.getCRL(cRLHolder);

    crl.verify(certificate.getPublicKey());

    if (!crl.isRevoked(certificate))
    {
        fail("Certificate should be revoked");
    }

    // now encode the CRL and load the CRL with the JCE provider

    CertificateFactory fac = CertificateFactory.getInstance("X.509");

    X509CRL jceCRL = (X509CRL) fac.generateCRL(new ByteArrayInputStream(crl.getEncoded()));

    jceCRL.verify(certificate.getPublicKey());

    if (!jceCRL.isRevoked(certificate))
    {
        fail("This certificate should also be revoked");
    }
}
 
开发者ID:credentials,项目名称:irma_future_id,代码行数:51,代码来源:CertTest.java


示例12: testIndirect

import org.bouncycastle.cert.X509v2CRLBuilder; //导入依赖的package包/类
private void testIndirect()
    throws Exception
{
    KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");

    ByteArrayInputStream input = new ByteArrayInputStream(testCAp12);

    keyStore.load(input, "test".toCharArray());

    X509Certificate certificate = (X509Certificate) keyStore.getCertificate("ca");
    PrivateKey privateKey = (PrivateKey) keyStore.getKey("ca", null);

    X500Name crlIssuer = X500Name.getInstance(PrincipalUtil.getSubjectX509Principal(certificate).getEncoded());
    X500Name caName = X500Name.getInstance(PrincipalUtil.getIssuerX509Principal(certificate).getEncoded());

    X509v2CRLBuilder builder = new X509v2CRLBuilder(crlIssuer, new Date());

    builder.addExtension(Extension.issuingDistributionPoint, true, new IssuingDistributionPoint(null, true, false));

    ExtensionsGenerator extGen = new ExtensionsGenerator();

    extGen.addExtension(Extension.reasonCode, false, CRLReason.lookup(CRLReason.cACompromise));
    extGen.addExtension(Extension.certificateIssuer, true, new GeneralNames(new GeneralName(caName)));

    builder.addCRLEntry(certificate.getSerialNumber(), new Date(), extGen.generate());

    JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder("SHA256WithRSAEncryption");

    contentSignerBuilder.setProvider("BC");

    X509CRLHolder cRLHolder = builder.build(contentSignerBuilder.build(privateKey));

    JcaX509CRLConverter converter = new JcaX509CRLConverter();

    converter.setProvider("BC");

    X509CRL crl = converter.getCRL(cRLHolder);

    crl.verify(certificate.getPublicKey());

    if (!crl.isRevoked(certificate))
    {
        fail("Certificate should be revoked");
    }

    // now encode the CRL and load the CRL with the JCE provider

    CertificateFactory fac = CertificateFactory.getInstance("X.509");

    X509CRL jceCRL = (X509CRL) fac.generateCRL(new ByteArrayInputStream(crl.getEncoded()));

    jceCRL.verify(certificate.getPublicKey());

    if (!jceCRL.isRevoked(certificate))
    {
        fail("This certificate should also be revoked");
    }
}
 
开发者ID:credentials,项目名称:irma_future_id,代码行数:59,代码来源:CertTest.java


示例13: testMalformedIndirect

import org.bouncycastle.cert.X509v2CRLBuilder; //导入依赖的package包/类
private void testMalformedIndirect()
    throws Exception
{
    KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");

    ByteArrayInputStream input = new ByteArrayInputStream(testCAp12);

    keyStore.load(input, "test".toCharArray());

    X509Certificate certificate = (X509Certificate) keyStore.getCertificate("ca");
    PrivateKey privateKey = (PrivateKey) keyStore.getKey("ca", null);

    X500Name crlIssuer = X500Name.getInstance(PrincipalUtil.getSubjectX509Principal(certificate).getEncoded());
    X500Name caName = X500Name.getInstance(PrincipalUtil.getIssuerX509Principal(certificate).getEncoded());

    X509v2CRLBuilder builder = new X509v2CRLBuilder(crlIssuer, new Date());

    ExtensionsGenerator extGen = new ExtensionsGenerator();

    extGen.addExtension(Extension.reasonCode, false, CRLReason.lookup(CRLReason.cACompromise));
    extGen.addExtension(Extension.certificateIssuer, true, new GeneralNames(new GeneralName(caName)));

    builder.addCRLEntry(certificate.getSerialNumber(), new Date(), extGen.generate());

    JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder("SHA256WithRSAEncryption");

    contentSignerBuilder.setProvider("BC");

    X509CRLHolder cRLHolder = builder.build(contentSignerBuilder.build(privateKey));

    JcaX509CRLConverter converter = new JcaX509CRLConverter();

    converter.setProvider("BC");

    X509CRL crl = converter.getCRL(cRLHolder);

    crl.verify(certificate.getPublicKey());

    if (crl.isRevoked(certificate))
    {
        throw new Exception("Certificate should not be revoked");
    }
}
 
开发者ID:credentials,项目名称:irma_future_id,代码行数:44,代码来源:CertTest.java


示例14: testIndirect2

import org.bouncycastle.cert.X509v2CRLBuilder; //导入依赖的package包/类
private void testIndirect2()
    throws Exception
{
    KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");

    ByteArrayInputStream input = new ByteArrayInputStream(testCAp12);

    keyStore.load(input, "test".toCharArray());

    X509Certificate certificate = (X509Certificate) keyStore.getCertificate("ca");
    PrivateKey privateKey = (PrivateKey) keyStore.getKey("ca", null);

    X500Name crlIssuer = X500Name.getInstance(certificate.getSubjectX500Principal().getEncoded());
    X500Name caName = X500Name.getInstance(certificate.getIssuerX500Principal().getEncoded());

    X509v2CRLBuilder builder = new X509v2CRLBuilder(crlIssuer, new Date());

    builder.addExtension(Extension.issuingDistributionPoint, true, new IssuingDistributionPoint(null, true, false));

    builder.addCRLEntry(BigInteger.valueOf(100), new Date(), CRLReason.cACompromise);
    builder.addCRLEntry(BigInteger.valueOf(120), new Date(), CRLReason.cACompromise);

    ExtensionsGenerator extGen = new ExtensionsGenerator();

    extGen.addExtension(Extension.reasonCode, false, CRLReason.lookup(CRLReason.cACompromise));
    extGen.addExtension(Extension.certificateIssuer, true, new GeneralNames(new GeneralName(caName)));

    builder.addCRLEntry(certificate.getSerialNumber(), new Date(), extGen.generate());

    builder.addCRLEntry(BigInteger.valueOf(130), new Date(), CRLReason.cACompromise);

    JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder("SHA256WithRSAEncryption");

    contentSignerBuilder.setProvider("BC");

    X509CRLHolder cRLHolder = builder.build(contentSignerBuilder.build(privateKey));

    if (!cRLHolder.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider("BC").build(certificate)))
    {
        fail("CRL signature not valid");
    }

    X509CRLEntryHolder cRLEntryHolder = cRLHolder.getRevokedCertificate(certificate.getSerialNumber());

    if (!cRLEntryHolder.getCertificateIssuer().equals(new GeneralNames(new GeneralName(caName))))
    {
        fail("certificate issuer incorrect");
    }

    cRLEntryHolder = cRLHolder.getRevokedCertificate(BigInteger.valueOf(130));

    if (!cRLEntryHolder.getCertificateIssuer().equals(new GeneralNames(new GeneralName(caName))))
    {
        fail("certificate issuer incorrect");
    }

    cRLEntryHolder = cRLHolder.getRevokedCertificate(BigInteger.valueOf(100));

    if (!cRLEntryHolder.getCertificateIssuer().equals(new GeneralNames(new GeneralName(cRLHolder.getIssuer()))))
    {
        fail("certificate issuer incorrect");
    }

    JcaX509CRLConverter converter = new JcaX509CRLConverter();

    converter.setProvider("BC");

    X509CRL crl = converter.getCRL(cRLHolder);

    crl.verify(certificate.getPublicKey());
}
 
开发者ID:credentials,项目名称:irma_future_id,代码行数:72,代码来源:CertTest.java



注:本文中的org.bouncycastle.cert.X509v2CRLBuilder类示例整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。


鲜花

握手

雷人

路过

鸡蛋
该文章已有0人参与评论

请发表评论

全部评论

专题导读
上一篇:
Java JPEGImageReader类代码示例发布时间:2022-05-22
下一篇:
Java JRPropertiesMap类代码示例发布时间:2022-05-22
热门推荐
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap