package org.bouncycastle.cert;
import java.math.BigInteger;
import java.util.Date;
import java.util.Enumeration;
import java.util.Locale;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1GeneralizedTime;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.ExtensionsGenerator;
import org.bouncycastle.asn1.x509.TBSCertList;
import org.bouncycastle.asn1.x509.Time;
import org.bouncycastle.asn1.x509.V2TBSCertListGenerator;
import org.bouncycastle.operator.ContentSigner;
class to produce an X.509 Version 2 CRL.
/**
* class to produce an X.509 Version 2 CRL.
*/
public class X509v2CRLBuilder
{
private V2TBSCertListGenerator tbsGen;
private ExtensionsGenerator extGenerator;
Basic constructor.
Params: - issuer – the issuer this CRL is associated with.
- thisUpdate – the date of this update.
/**
* Basic constructor.
*
* @param issuer the issuer this CRL is associated with.
* @param thisUpdate the date of this update.
*/
public X509v2CRLBuilder(
X500Name issuer,
Date thisUpdate)
{
tbsGen = new V2TBSCertListGenerator();
extGenerator = new ExtensionsGenerator();
tbsGen.setIssuer(issuer);
tbsGen.setThisUpdate(new Time(thisUpdate));
}
Basic constructor with Locale. You may need to use this constructor if the default locale
doesn't use a Gregorian calender so that the Time produced is compatible with other ASN.1 implementations.
Params: - issuer – the issuer this CRL is associated with.
- thisUpdate – the date of this update.
- dateLocale – locale to be used for date interpretation.
/**
* Basic constructor with Locale. You may need to use this constructor if the default locale
* doesn't use a Gregorian calender so that the Time produced is compatible with other ASN.1 implementations.
*
* @param issuer the issuer this CRL is associated with.
* @param thisUpdate the date of this update.
* @param dateLocale locale to be used for date interpretation.
*/
public X509v2CRLBuilder(
X500Name issuer,
Date thisUpdate,
Locale dateLocale)
{
tbsGen = new V2TBSCertListGenerator();
extGenerator = new ExtensionsGenerator();
tbsGen.setIssuer(issuer);
tbsGen.setThisUpdate(new Time(thisUpdate, dateLocale));
}
Basic constructor.
Params: - issuer – the issuer this CRL is associated with.
- thisUpdate – the Time of this update.
/**
* Basic constructor.
*
* @param issuer the issuer this CRL is associated with.
* @param thisUpdate the Time of this update.
*/
public X509v2CRLBuilder(
X500Name issuer,
Time thisUpdate)
{
tbsGen = new V2TBSCertListGenerator();
extGenerator = new ExtensionsGenerator();
tbsGen.setIssuer(issuer);
tbsGen.setThisUpdate(thisUpdate);
}
Set the date by which the next CRL will become available.
Params: - date – date of next CRL update.
Returns: the current builder.
/**
* Set the date by which the next CRL will become available.
*
* @param date date of next CRL update.
* @return the current builder.
*/
public X509v2CRLBuilder setNextUpdate(
Date date)
{
return this.setNextUpdate(new Time(date));
}
Set the date by which the next CRL will become available.
Params: - date – date of next CRL update.
- dateLocale – locale to be used for date interpretation.
Returns: the current builder.
/**
* Set the date by which the next CRL will become available.
*
* @param date date of next CRL update.
* @param dateLocale locale to be used for date interpretation.
* @return the current builder.
*/
public X509v2CRLBuilder setNextUpdate(
Date date,
Locale dateLocale)
{
return this.setNextUpdate(new Time(date, dateLocale));
}
Set the date by which the next CRL will become available.
Params: - date – date of next CRL update.
Returns: the current builder.
/**
* Set the date by which the next CRL will become available.
*
* @param date date of next CRL update.
* @return the current builder.
*/
public X509v2CRLBuilder setNextUpdate(
Time date)
{
tbsGen.setNextUpdate(date);
return this;
}
Add a CRL entry with the just reasonCode extension.
Params: - userCertificateSerial – serial number of revoked certificate.
- revocationDate – date of certificate revocation.
- reason – the reason code, as indicated in CRLReason, i.e CRLReason.keyCompromise, or 0 if not to be used.
Returns: the current builder.
/**
* Add a CRL entry with the just reasonCode extension.
*
* @param userCertificateSerial serial number of revoked certificate.
* @param revocationDate date of certificate revocation.
* @param reason the reason code, as indicated in CRLReason, i.e CRLReason.keyCompromise, or 0 if not to be used.
* @return the current builder.
*/
public X509v2CRLBuilder addCRLEntry(BigInteger userCertificateSerial, Date revocationDate, int reason)
{
tbsGen.addCRLEntry(new ASN1Integer(userCertificateSerial), new Time(revocationDate), reason);
return this;
}
Add a CRL entry with an invalidityDate extension as well as a reasonCode extension. This is used
where the date of revocation might be after issues with the certificate may have occurred.
Params: - userCertificateSerial – serial number of revoked certificate.
- revocationDate – date of certificate revocation.
- reason – the reason code, as indicated in CRLReason, i.e CRLReason.keyCompromise, or 0 if not to be used.
- invalidityDate – the date on which the private key for the certificate became compromised or the certificate otherwise became invalid.
Returns: the current builder.
/**
* Add a CRL entry with an invalidityDate extension as well as a reasonCode extension. This is used
* where the date of revocation might be after issues with the certificate may have occurred.
*
* @param userCertificateSerial serial number of revoked certificate.
* @param revocationDate date of certificate revocation.
* @param reason the reason code, as indicated in CRLReason, i.e CRLReason.keyCompromise, or 0 if not to be used.
* @param invalidityDate the date on which the private key for the certificate became compromised or the certificate otherwise became invalid.
* @return the current builder.
*/
public X509v2CRLBuilder addCRLEntry(BigInteger userCertificateSerial, Date revocationDate, int reason, Date invalidityDate)
{
tbsGen.addCRLEntry(new ASN1Integer(userCertificateSerial), new Time(revocationDate), reason, new ASN1GeneralizedTime(invalidityDate));
return this;
}
Add a CRL entry with extensions.
Params: - userCertificateSerial – serial number of revoked certificate.
- revocationDate – date of certificate revocation.
- extensions – extension set to be associated with this CRLEntry.
Returns: the current builder.
/**
* Add a CRL entry with extensions.
*
* @param userCertificateSerial serial number of revoked certificate.
* @param revocationDate date of certificate revocation.
* @param extensions extension set to be associated with this CRLEntry.
* @return the current builder.
*/
public X509v2CRLBuilder addCRLEntry(BigInteger userCertificateSerial, Date revocationDate, Extensions extensions)
{
tbsGen.addCRLEntry(new ASN1Integer(userCertificateSerial), new Time(revocationDate), extensions);
return this;
}
Add the CRLEntry objects contained in a previous CRL.
Params: - other – the X509CRLHolder to source the other entries from.
Returns: the current builder.
/**
* Add the CRLEntry objects contained in a previous CRL.
*
* @param other the X509CRLHolder to source the other entries from.
* @return the current builder.
*/
public X509v2CRLBuilder addCRL(X509CRLHolder other)
{
TBSCertList revocations = other.toASN1Structure().getTBSCertList();
if (revocations != null)
{
for (Enumeration en = revocations.getRevokedCertificateEnumeration(); en.hasMoreElements();)
{
tbsGen.addCRLEntry(ASN1Sequence.getInstance(((ASN1Encodable)en.nextElement()).toASN1Primitive()));
}
}
return this;
}
Add a given extension field for the standard extensions tag (tag 3)
Params: - oid – the OID defining the extension type.
- isCritical – true if the extension is critical, false otherwise.
- value – the ASN.1 structure that forms the extension's value.
Returns: this builder object.
/**
* Add a given extension field for the standard extensions tag (tag 3)
*
* @param oid the OID defining the extension type.
* @param isCritical true if the extension is critical, false otherwise.
* @param value the ASN.1 structure that forms the extension's value.
* @return this builder object.
*/
public X509v2CRLBuilder addExtension(
ASN1ObjectIdentifier oid,
boolean isCritical,
ASN1Encodable value)
throws CertIOException
{
CertUtils.addExtension(extGenerator, oid, isCritical, value);
return this;
}
Add a given extension field for the standard extensions tag (tag 3) using a byte encoding of the
extension value.
Params: - oid – the OID defining the extension type.
- isCritical – true if the extension is critical, false otherwise.
- encodedValue – a byte array representing the encoding of the extension value.
Returns: this builder object.
/**
* Add a given extension field for the standard extensions tag (tag 3) using a byte encoding of the
* extension value.
*
* @param oid the OID defining the extension type.
* @param isCritical true if the extension is critical, false otherwise.
* @param encodedValue a byte array representing the encoding of the extension value.
* @return this builder object.
*/
public X509v2CRLBuilder addExtension(
ASN1ObjectIdentifier oid,
boolean isCritical,
byte[] encodedValue)
throws CertIOException
{
extGenerator.addExtension(oid, isCritical, encodedValue);
return this;
}
Add a given extension field for the standard extensions tag (tag 3).
Params: - extension – the full extension value.
Returns: this builder object.
/**
* Add a given extension field for the standard extensions tag (tag 3).
*
* @param extension the full extension value.
* @return this builder object.
*/
public X509v2CRLBuilder addExtension(
Extension extension)
throws CertIOException
{
extGenerator.addExtension(extension);
return this;
}
Generate an X.509 CRL, based on the current issuer and subject
using the passed in signer.
Params: - signer – the content signer to be used to generate the signature validating the certificate.
Returns: a holder containing the resulting signed certificate.
/**
* Generate an X.509 CRL, based on the current issuer and subject
* using the passed in signer.
*
* @param signer the content signer to be used to generate the signature validating the certificate.
* @return a holder containing the resulting signed certificate.
*/
public X509CRLHolder build(
ContentSigner signer)
{
tbsGen.setSignature(signer.getAlgorithmIdentifier());
if (!extGenerator.isEmpty())
{
tbsGen.setExtensions(extGenerator.generate());
}
return CertUtils.generateFullCRL(signer, tbsGen.generateTBSCertList());
}
}