Public Member Functions | |
MinimalCRLGenerator (String issuerName, Date thisUpdate, Date nextUpdate) | |
Constructor for X509CRLGenerator. | |
MinimalCRLGenerator (X509Name issuerName, Date thisUpdate, Date nextUpdate) | |
MinimalCRLGenerator (String issuerName, long duration) | |
Same as above, only sets thisUpdate to now and nextUpdate to now+duration. | |
MinimalCRLGenerator (X509Name issuerName, long duration) | |
void | addExtension (String oid, boolean critical, byte[] encodedValue) |
Add an extension to the CRL. | |
void | addRevokedCertificate (BigInteger serialNumber, Date revocationTime, int reason) |
Reason codes listed above. | |
void | addRevokedCertificate (BigInteger serialNumber, Date revocationTime, String reason) throws InvalidParameterException |
Add a certificate to a CRL. | |
X509CRL | sign (String hashAlgorithm, PrivateKey signingKey, String provider) throws InvalidKeyException, SignatureException, NoSuchProviderException, CRLException, IllegalStateException, NoSuchAlgorithmException |
If the digestAlgorithm is null, SHA-1 is used. | |
Static Public Member Functions | |
static int | reasonToReasonCode (String reason) |
static String | reasonCodeToReason (int code) |
Static Public Attributes | |
static final int | REASON_UNSPECIFIED = 0 |
Reason codes. | |
static final int | REASON_KEY_COMPROMISE = 1 |
static final int | REASON_CA_COMPROMISE = 2 |
static final int | REASON_AFFILIATION_CHANGED = 4 |
static final int | REASON_SUPERSEDED = 5 |
static final int | REASON_CESSATION_OF_OPERATION = 6 |
static final int | REASON_CERTIFICATE_HOLD = 7 |
static final int | REASON_REMOVE_FROM_CRL = 8 |
static final String[] | REASONS |
static final int | REASON_CODES [] |
static final int | DEFAULT_DURATION = (int)(1000 * 60 * 60 * 24 * 365.25/12) |
One month (avg), in milliseconds. | |
Protected Attributes | |
X509V2CRLGenerator | _crlGenerator = new X509V2CRLGenerator() |
Date | _thisUpdate = null |
Date | _nextUpdate = null |
Static Protected Attributes | |
static final String | DEFAULT_HASH = "SHA1" |
BouncyCastle's CRL support is a bit dodgy; as it relies on the verifier being able to inherit algorithm parameters (e.g. DSA params) for the signer key, if any, from the CA certificate.
org.ccnx.ccn.impl.security.crypto.util.MinimalCRLGenerator.MinimalCRLGenerator | ( | String | issuerName, | |
Date | thisUpdate, | |||
Date | nextUpdate | |||
) |
Constructor for X509CRLGenerator.
issuerName | Issuer's name in X.500 format (C=US,...) | |
thisUpdate | date of issuance of this CRL. If null, filled in with "now". | |
nextUpdate | date of expiration of this CRL. | |
extensions | currently pass through a BouncyCastle X509Extensions object to constructor. No easy way to map this back into java X509Extensions.... |
org.ccnx.ccn.impl.security.crypto.util.MinimalCRLGenerator.MinimalCRLGenerator | ( | String | issuerName, | |
long | duration | |||
) |
Same as above, only sets thisUpdate to now and nextUpdate to now+duration.
duration | length of validity in milliseconds. If <= 0, defaults to DEFAULT_DURATION. |
void org.ccnx.ccn.impl.security.crypto.util.MinimalCRLGenerator.addRevokedCertificate | ( | BigInteger | serialNumber, | |
Date | revocationTime, | |||
String | reason | |||
) | throws InvalidParameterException |
Add a certificate to a CRL.
serialNumber | ||
revocationTime | ||
reason | must be one of the entries in the REASONS array, or null or "" for REASON_UNSPECIFIED. |
X509CRL org.ccnx.ccn.impl.security.crypto.util.MinimalCRLGenerator.sign | ( | String | hashAlgorithm, | |
PrivateKey | signingKey, | |||
String | provider | |||
) | throws InvalidKeyException, SignatureException, NoSuchProviderException, CRLException, IllegalStateException, NoSuchAlgorithmException |
If the digestAlgorithm is null, SHA-1 is used.
final String [] org.ccnx.ccn.impl.security.crypto.util.MinimalCRLGenerator.REASONS [static] |
Initial value:
{"unspecified", "key_compromise", "ca_compromise", "extra_space", "affiliation_changed", "superseded", "cessation_of_operation", "certificate_hold", "remove_from_crl"}
final int org.ccnx.ccn.impl.security.crypto.util.MinimalCRLGenerator.REASON_CODES[] [static] |
Initial value:
{REASON_UNSPECIFIED, REASON_KEY_COMPROMISE, REASON_CA_COMPROMISE, REASON_AFFILIATION_CHANGED, REASON_SUPERSEDED, REASON_CESSATION_OF_OPERATION, REASON_CERTIFICATE_HOLD, REASON_REMOVE_FROM_CRL }