[prev in list] [next in list] [prev in thread] [next in thread]
List: bouncycastle-crypto-dev
Subject: Re: [dev-crypto] CRL generating example?
From: Tomas Gustavsson <tomasg () primekey ! se>
Date: 2002-07-22 9:38:43
[Download RAW message or body]
¹Ú ±Ù¹é wrote:
> I want to generate CRL, but i have no examples... ^^;;
>
> Any one knows CRL generating examples tell me please...
This is a methos from EJBCA, off-course taken out of context it won't
compile straight out-of-the box, but it should be clear how it is done.
Regards,
Tomas
private X509CRL makeBCCRL(X509Name caname, long crlperiod, Vector certs,
int crlnumber)
throws Exception {
debug(">makeBCCRL()");
final String sigAlg="SHA1WithRSA";
Date thisUpdate = new Date();
Date nextUpdate = new Date();
// crlperiod is hours = crlperiod*60*60*1000 milliseconds
nextUpdate.setTime(nextUpdate.getTime() + (crlperiod * 60 * 60 *
1000));
X509V2CRLGenerator crlgen = new X509V2CRLGenerator();
crlgen.setThisUpdate(thisUpdate);
crlgen.setNextUpdate(nextUpdate);
crlgen.setSignatureAlgorithm(sigAlg);
// Make DNs
debug("Issuer="+caname);
crlgen.setIssuerDN(caname);
if (certs != null) {
debug("Number of revoked certificates: "+certs.size());
Iterator it = certs.iterator();
while( it.hasNext() ) {
RevokedCertInfo certinfo = (RevokedCertInfo)it.next();
crlgen.addCRLEntry(certinfo.getUserCertificate(),
certinfo.getRevocationDate(), certinfo.getReason());
}
}
// Authority key identifier
if (useaki.booleanValue() == true) {
SubjectPublicKeyInfo apki = new
SubjectPublicKeyInfo((DERConstructedSequence)new DERInputStream(
new
ByteArrayInputStream(caCert.getPublicKey().getEncoded())).readObject());
AuthorityKeyIdentifier aki = new AuthorityKeyIdentifier(apki);
crlgen.addExtension(X509Extensions.AuthorityKeyIdentifier.getId(),
akicritical.booleanValue(), aki);
}
// CRLNumber extension
if (usecrln.booleanValue() == true) {
CRLNumber crlnum = new CRLNumber(BigInteger.valueOf(crlnumber));
crlgen.addExtension(X509Extensions.CRLNumber.getId(),
crlncritical.booleanValue(), crlnum);
}
X509CRL crl =
crlgen.generateX509CRL(signingDevice.getPrivateSignKey(),
signingDevice.getProvider());
debug("<makeBCCRL()");
return (X509CRL)crl;
} // makeBCCRL
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic