org.bouncycastle.cert.X509v2CRLBuilder Java Exaples

Source File: TestCRLCodec.java From hadoop-ozone with Apache License 2.0

6 votes

@Test
public void testWriteCRLX509() throws IOException,
    OperatorCreationException, CertificateException, CRLException {

  X500Name issuer = x509CertificateHolder.getIssuer();
  Date now = new Date();
  X509v2CRLBuilder builder = new X509v2CRLBuilder(issuer, now);
  builder.addCRLEntry(x509CertificateHolder.getSerialNumber(), now,
                      CRLReason.cACompromise);

  byte[] crlBytes = TMP_CRL_ENTRY.getBytes();
  try (InputStream inStream = new ByteArrayInputStream(crlBytes)) {
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    X509CRL crl = (X509CRL)cf.generateCRL(inStream);

    CRLCodec crlCodec = new CRLCodec(securityConfig);
    crlCodec.writeCRL(crl);

    // verify file generated or not
    File crlFile =
        Paths.get(crlCodec.getLocation().toString(),
                  this.securityConfig.getCrlName()).toFile();

    assertTrue(crlFile.exists());
  }
}

Source File: TestCRLCodec.java From hadoop-ozone with Apache License 2.0

6 votes

@Test
public void testGetX509CRLFromCRLHolder() throws IOException,
    OperatorCreationException, CertificateException, CRLException {

  X500Name issuer = x509CertificateHolder.getIssuer();
  Date now = new Date();
  X509v2CRLBuilder builder = new X509v2CRLBuilder(issuer, now);
  builder.addCRLEntry(x509CertificateHolder.getSerialNumber(), now,
                      CRLReason.cACompromise);

  JcaContentSignerBuilder contentSignerBuilder =
      new JcaContentSignerBuilder(securityConfig.getSignatureAlgo());

  contentSignerBuilder.setProvider(securityConfig.getProvider());
  PrivateKey privateKey = keyPair.getPrivate();
  X509CRLHolder cRLHolder =
      builder.build(contentSignerBuilder.build(privateKey));

  CRLCodec crlCodec = new CRLCodec(securityConfig);

  X509CRL crl = crlCodec.getX509CRL(cRLHolder);
  assertNotNull(crl);
}

Source File: TestCRLCodec.java From hadoop-ozone with Apache License 2.0

5 votes

@Test
public void testGetX509CRL() throws IOException,
    OperatorCreationException, CertificateException, CRLException {

  X500Name issuer = x509CertificateHolder.getIssuer();
  Date now = new Date();
  X509v2CRLBuilder builder = new X509v2CRLBuilder(issuer, now);
  builder.addCRLEntry(x509CertificateHolder.getSerialNumber(), now,
                      CRLReason.cACompromise);

  JcaContentSignerBuilder contentSignerBuilder =
      new JcaContentSignerBuilder(securityConfig.getSignatureAlgo());

  contentSignerBuilder.setProvider(securityConfig.getProvider());
  PrivateKey privateKey = keyPair.getPrivate();
  X509CRLHolder cRLHolder =
      builder.build(contentSignerBuilder.build(privateKey));

  CRLCodec crlCodec = new CRLCodec(securityConfig);
  crlCodec.writeCRL(cRLHolder, this.securityConfig.getCrlName(), true);

  X509CRLEntryHolder entryHolder =
      cRLHolder.getRevokedCertificate(BigInteger.ONE);
  assertNotNull(entryHolder);

  String pemEncodedString = crlCodec.getPEMEncodedString(cRLHolder);
  assertNotNull(pemEncodedString);

  // Verify header and footer of PEM encoded String
  String header = "-----BEGIN X509 CRL-----";
  String footer = "-----END X509 CRL-----";
  assertTrue(pemEncodedString.contains(header));
  assertTrue(pemEncodedString.contains(footer));
}

Source File: TestCRLCodec.java From hadoop-ozone with Apache License 2.0

4 votes

@Test
public void testWriteCRL() throws IOException, OperatorCreationException {

  X500Name issuer = x509CertificateHolder.getIssuer();
  Date now = new Date();
  X509v2CRLBuilder builder = new X509v2CRLBuilder(issuer, now);
  builder.addCRLEntry(x509CertificateHolder.getSerialNumber(), now,
                      CRLReason.cACompromise);

  JcaContentSignerBuilder contentSignerBuilder =
      new JcaContentSignerBuilder(securityConfig.getSignatureAlgo());

  contentSignerBuilder.setProvider(securityConfig.getProvider());
  PrivateKey privateKey = keyPair.getPrivate();
  X509CRLHolder cRLHolder =
      builder.build(contentSignerBuilder.build(privateKey));

  CRLCodec crlCodec = new CRLCodec(securityConfig);
  crlCodec.writeCRL(cRLHolder, this.securityConfig.getCrlName(), true);

  X509CRLEntryHolder entryHolder =
      cRLHolder.getRevokedCertificate(BigInteger.ONE);
  assertNotNull(entryHolder);

  // verify file generation
  File crlFile =
      Paths.get(crlCodec.getLocation().toString(),
                this.securityConfig.getCrlName()).toFile();
  assertTrue(crlFile.exists());

  try (BufferedReader reader = new BufferedReader(new FileReader(crlFile))){

    // Verify contents of the file
    String header = reader.readLine();
    assertEquals("-----BEGIN X509 CRL-----", header);

    String footer = null;
    String line = null;
    while ((line = reader.readLine()) != null) {
      footer = line;
    }
    assertEquals("-----END X509 CRL-----", footer);
  }
}

Source File: TlsTestCase.java From wildfly-core with GNU Lesser General Public License v2.1

4 votes

private static X509CRLHolder createCRL() throws Exception {
    Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());

    SelfSignedX509CertificateAndSigningKey muneraSelfSignedX509CertificateAndSigningKey = SelfSignedX509CertificateAndSigningKey.builder()
            .setDn(MUNERASOFT_DN)
            .setKeyAlgorithmName("RSA")
            .setSignatureAlgorithmName("SHA256withRSA")
            .addExtension(false, "BasicConstraints", "CA:true,pathlen:2147483647")
            .build();
    X509Certificate muneraCertificate = muneraSelfSignedX509CertificateAndSigningKey.getSelfSignedCertificate();

    Calendar calendar = Calendar.getInstance();
    Date currentDate = calendar.getTime();
    calendar.add(Calendar.YEAR, 1);
    Date nextYear = calendar.getTime();
    calendar.add(Calendar.YEAR, -1);
    calendar.add(Calendar.SECOND, -30);
    Date revokeDate = calendar.getTime();

    X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(
            new X500Name(MUNERASOFT_DN.getName()),
            currentDate
    );
    crlBuilder.addExtension(
            Extension.authorityKeyIdentifier, false, new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(muneraCertificate.getPublicKey())
    );
    crlBuilder.addExtension(
            Extension.cRLNumber, false, new CRLNumber(BigInteger.valueOf(4110))
    );
    crlBuilder.addCRLEntry(
            new BigInteger("1005"),
            revokeDate,
            CRLReason.unspecified
    );
    crlBuilder.addCRLEntry(
            new BigInteger("1006"),
            revokeDate,
            CRLReason.unspecified
    );
    return crlBuilder.setNextUpdate(nextYear).build(
            new JcaContentSignerBuilder("SHA256withRSA")
                    .setProvider("BC")
                    .build(muneraSelfSignedX509CertificateAndSigningKey.getSigningKey())
    );
}

org.bouncycastle.cert.X509v2CRLBuilder Java Examples