1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
|
package org.spongycastle.cert;
import java.math.BigInteger;
import java.util.Date;
import java.util.Enumeration;
import org.spongycastle.asn1.ASN1Encodable;
import org.spongycastle.asn1.ASN1GeneralizedTime;
import org.spongycastle.asn1.ASN1Integer;
import org.spongycastle.asn1.ASN1ObjectIdentifier;
import org.spongycastle.asn1.ASN1Sequence;
import org.spongycastle.asn1.x500.X500Name;
import org.spongycastle.asn1.x509.Extensions;
import org.spongycastle.asn1.x509.ExtensionsGenerator;
import org.spongycastle.asn1.x509.TBSCertList;
import org.spongycastle.asn1.x509.Time;
import org.spongycastle.asn1.x509.V2TBSCertListGenerator;
import org.spongycastle.asn1.x509.X509Extensions;
import org.spongycastle.operator.ContentSigner;
/**
* class to produce an X.509 Version 2 CRL.
*/
public class X509v2CRLBuilder
{
private V2TBSCertListGenerator tbsGen;
private ExtensionsGenerator extGenerator;
/**
* Basic constructor.
*
* @param issuer the issuer this CRL is associated with.
* @param thisUpdate the date of this update.
*/
public X509v2CRLBuilder(
X500Name issuer,
Date thisUpdate)
{
tbsGen = new V2TBSCertListGenerator();
extGenerator = new ExtensionsGenerator();
tbsGen.setIssuer(issuer);
tbsGen.setThisUpdate(new Time(thisUpdate));
}
/**
* Basic constructor.
*
* @param issuer the issuer this CRL is associated with.
* @param thisUpdate the Time of this update.
*/
public X509v2CRLBuilder(
X500Name issuer,
Time thisUpdate)
{
tbsGen = new V2TBSCertListGenerator();
extGenerator = new ExtensionsGenerator();
tbsGen.setIssuer(issuer);
tbsGen.setThisUpdate(thisUpdate);
}
/**
* Set the date by which the next CRL will become available.
*
* @param date date of next CRL update.
* @return the current builder.
*/
public X509v2CRLBuilder setNextUpdate(
Date date)
{
return this.setNextUpdate(new Time(date));
}
/**
* Set the date by which the next CRL will become available.
*
* @param date date of next CRL update.
* @return the current builder.
*/
public X509v2CRLBuilder setNextUpdate(
Time date)
{
tbsGen.setNextUpdate(date);
return this;
}
/**
* Add a CRL entry with the just reasonCode extension.
*
* @param userCertificateSerial serial number of revoked certificate.
* @param revocationDate date of certificate revocation.
* @param reason the reason code, as indicated in CRLReason, i.e CRLReason.keyCompromise, or 0 if not to be used.
* @return the current builder.
*/
public X509v2CRLBuilder addCRLEntry(BigInteger userCertificateSerial, Date revocationDate, int reason)
{
tbsGen.addCRLEntry(new ASN1Integer(userCertificateSerial), new Time(revocationDate), reason);
return this;
}
/**
* Add a CRL entry with an invalidityDate extension as well as a reasonCode extension. This is used
* where the date of revocation might be after issues with the certificate may have occurred.
*
* @param userCertificateSerial serial number of revoked certificate.
* @param revocationDate date of certificate revocation.
* @param reason the reason code, as indicated in CRLReason, i.e CRLReason.keyCompromise, or 0 if not to be used.
* @param invalidityDate the date on which the private key for the certificate became compromised or the certificate otherwise became invalid.
* @return the current builder.
*/
public X509v2CRLBuilder addCRLEntry(BigInteger userCertificateSerial, Date revocationDate, int reason, Date invalidityDate)
{
tbsGen.addCRLEntry(new ASN1Integer(userCertificateSerial), new Time(revocationDate), reason, new ASN1GeneralizedTime(invalidityDate));
return this;
}
/**
* Add a CRL entry with extensions.
*
* @param userCertificateSerial serial number of revoked certificate.
* @param revocationDate date of certificate revocation.
* @param extensions extension set to be associated with this CRLEntry.
* @return the current builder.
* @deprecated use method taking Extensions
*/
public X509v2CRLBuilder addCRLEntry(BigInteger userCertificateSerial, Date revocationDate, X509Extensions extensions)
{
tbsGen.addCRLEntry(new ASN1Integer(userCertificateSerial), new Time(revocationDate), Extensions.getInstance(extensions));
return this;
}
/**
* Add a CRL entry with extensions.
*
* @param userCertificateSerial serial number of revoked certificate.
* @param revocationDate date of certificate revocation.
* @param extensions extension set to be associated with this CRLEntry.
* @return the current builder.
*/
public X509v2CRLBuilder addCRLEntry(BigInteger userCertificateSerial, Date revocationDate, Extensions extensions)
{
tbsGen.addCRLEntry(new ASN1Integer(userCertificateSerial), new Time(revocationDate), extensions);
return this;
}
/**
* Add the CRLEntry objects contained in a previous CRL.
*
* @param other the X509CRLHolder to source the other entries from.
* @return the current builder.
*/
public X509v2CRLBuilder addCRL(X509CRLHolder other)
{
TBSCertList revocations = other.toASN1Structure().getTBSCertList();
if (revocations != null)
{
for (Enumeration en = revocations.getRevokedCertificateEnumeration(); en.hasMoreElements();)
{
tbsGen.addCRLEntry(ASN1Sequence.getInstance(((ASN1Encodable)en.nextElement()).toASN1Primitive()));
}
}
return this;
}
/**
* Add a given extension field for the standard extensions tag (tag 3)
*
* @param oid the OID defining the extension type.
* @param isCritical true if the extension is critical, false otherwise.
* @param value the ASN.1 structure that forms the extension's value.
* @return this builder object.
*/
public X509v2CRLBuilder addExtension(
ASN1ObjectIdentifier oid,
boolean isCritical,
ASN1Encodable value)
throws CertIOException
{
CertUtils.addExtension(extGenerator, oid, isCritical, value);
return this;
}
/**
* Add a given extension field for the standard extensions tag (tag 3) using a byte encoding of the
* extension value.
*
* @param oid the OID defining the extension type.
* @param isCritical true if the extension is critical, false otherwise.
* @param encodedValue a byte array representing the encoding of the extension value.
* @return this builder object.
*/
public X509v2CRLBuilder addExtension(
ASN1ObjectIdentifier oid,
boolean isCritical,
byte[] encodedValue)
throws CertIOException
{
extGenerator.addExtension(oid, isCritical, encodedValue);
return this;
}
/**
* Generate an X.509 CRL, based on the current issuer and subject
* using the passed in signer.
*
* @param signer the content signer to be used to generate the signature validating the certificate.
* @return a holder containing the resulting signed certificate.
*/
public X509CRLHolder build(
ContentSigner signer)
{
tbsGen.setSignature(signer.getAlgorithmIdentifier());
if (!extGenerator.isEmpty())
{
tbsGen.setExtensions(extGenerator.generate());
}
return CertUtils.generateFullCRL(signer, tbsGen.generateTBSCertList());
}
}
|
