[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bouncycastle-crypto-dev
Subject:    Re: [dev-crypto] CRL generating example?
From:       Tomas Gustavsson <tomasg () primekey ! se>
Date:       2002-07-22 9:38:43
[Download RAW message or body]

¹Ú ±Ù¹é wrote:
> I want to generate CRL, but i have no examples... ^^;;
> 
> Any one knows CRL generating examples tell me please...

This is a methos from EJBCA, off-course taken out of context it won't
compile straight out-of-the box, but it should be clear how it is done.

Regards,
Tomas


private X509CRL makeBCCRL(X509Name caname, long crlperiod, Vector certs,
int crlnumber)
    throws Exception {
        debug(">makeBCCRL()");
        final String sigAlg="SHA1WithRSA";

        Date thisUpdate = new Date();
        Date nextUpdate = new Date();

        // crlperiod is hours = crlperiod*60*60*1000 milliseconds
        nextUpdate.setTime(nextUpdate.getTime() + (crlperiod * 60 * 60 *
1000));
        X509V2CRLGenerator crlgen = new X509V2CRLGenerator();
        crlgen.setThisUpdate(thisUpdate);
        crlgen.setNextUpdate(nextUpdate);
        crlgen.setSignatureAlgorithm(sigAlg);
        // Make DNs
        debug("Issuer="+caname);
        crlgen.setIssuerDN(caname);
        if (certs != null) {
            debug("Number of revoked certificates: "+certs.size());
            Iterator it = certs.iterator();
            while( it.hasNext() ) {
                RevokedCertInfo certinfo = (RevokedCertInfo)it.next();
                crlgen.addCRLEntry(certinfo.getUserCertificate(),
certinfo.getRevocationDate(), certinfo.getReason());
            }
        }

        // Authority key identifier
        if (useaki.booleanValue() == true) {
            SubjectPublicKeyInfo apki = new
SubjectPublicKeyInfo((DERConstructedSequence)new DERInputStream(
                new
ByteArrayInputStream(caCert.getPublicKey().getEncoded())).readObject());
            AuthorityKeyIdentifier aki = new AuthorityKeyIdentifier(apki);

crlgen.addExtension(X509Extensions.AuthorityKeyIdentifier.getId(),
akicritical.booleanValue(), aki);
        }
        // CRLNumber extension
        if (usecrln.booleanValue() == true) {
            CRLNumber crlnum = new CRLNumber(BigInteger.valueOf(crlnumber));
            crlgen.addExtension(X509Extensions.CRLNumber.getId(),
crlncritical.booleanValue(), crlnum);
        }
        X509CRL crl =
crlgen.generateX509CRL(signingDevice.getPrivateSignKey(),
signingDevice.getProvider());

        debug("<makeBCCRL()");
        return (X509CRL)crl;
    } // makeBCCRL



[prev in list] [next in list] [prev in thread] [next in thread]