org.ccnx.ccn.impl.security.crypto.util.MinimalCRLGenerator Class Reference

Helper wrapper around BouncyCastle's CRL support. More...

List of all members.

Public Member Functions

 MinimalCRLGenerator (String issuerName, Date thisUpdate, Date nextUpdate)
 Constructor for X509CRLGenerator.
 MinimalCRLGenerator (X509Name issuerName, Date thisUpdate, Date nextUpdate)
 MinimalCRLGenerator (String issuerName, long duration)
 Same as above, only sets thisUpdate to now and nextUpdate to now+duration.
 MinimalCRLGenerator (X509Name issuerName, long duration)
void addExtension (String oid, boolean critical, byte[] encodedValue)
 Add an extension to the CRL.
void addRevokedCertificate (BigInteger serialNumber, Date revocationTime, int reason)
 Reason codes listed above.
void addRevokedCertificate (BigInteger serialNumber, Date revocationTime, String reason) throws InvalidParameterException
 Add a certificate to a CRL.
X509CRL sign (String hashAlgorithm, PrivateKey signingKey, String provider) throws InvalidKeyException, SignatureException, NoSuchProviderException, CRLException, IllegalStateException, NoSuchAlgorithmException
 If the digestAlgorithm is null, SHA-1 is used.

Static Public Member Functions

static int reasonToReasonCode (String reason)
static String reasonCodeToReason (int code)

Static Public Attributes

static final int REASON_UNSPECIFIED = 0
 Reason codes.
static final int REASON_KEY_COMPROMISE = 1
static final int REASON_CA_COMPROMISE = 2
static final int REASON_AFFILIATION_CHANGED = 4
static final int REASON_SUPERSEDED = 5
static final int REASON_CESSATION_OF_OPERATION = 6
static final int REASON_CERTIFICATE_HOLD = 7
static final int REASON_REMOVE_FROM_CRL = 8
static final String[] REASONS
static final int REASON_CODES []
static final int DEFAULT_DURATION = (int)(1000 * 60 * 60 * 24 * 365.25/12)
 One month (avg), in milliseconds.

Protected Attributes

X509V2CRLGenerator _crlGenerator = new X509V2CRLGenerator()
Date _thisUpdate = null
Date _nextUpdate = null

Static Protected Attributes

static final String DEFAULT_HASH = "SHA1"


Detailed Description

Helper wrapper around BouncyCastle's CRL support.

BouncyCastle's CRL support is a bit dodgy; as it relies on the verifier being able to inherit algorithm parameters (e.g. DSA params) for the signer key, if any, from the CA certificate.


Constructor & Destructor Documentation

org.ccnx.ccn.impl.security.crypto.util.MinimalCRLGenerator.MinimalCRLGenerator ( String  issuerName,
Date  thisUpdate,
Date  nextUpdate 
)

Constructor for X509CRLGenerator.

Parameters:
issuerName Issuer's name in X.500 format (C=US,...)
thisUpdate date of issuance of this CRL. If null, filled in with "now".
nextUpdate date of expiration of this CRL.
extensions currently pass through a BouncyCastle X509Extensions object to constructor. No easy way to map this back into java X509Extensions....

org.ccnx.ccn.impl.security.crypto.util.MinimalCRLGenerator.MinimalCRLGenerator ( String  issuerName,
long  duration 
)

Same as above, only sets thisUpdate to now and nextUpdate to now+duration.

Parameters:
duration length of validity in milliseconds. If <= 0, defaults to DEFAULT_DURATION.


Member Function Documentation

void org.ccnx.ccn.impl.security.crypto.util.MinimalCRLGenerator.addRevokedCertificate ( BigInteger  serialNumber,
Date  revocationTime,
String  reason 
) throws InvalidParameterException

Add a certificate to a CRL.

Parameters:
serialNumber 
revocationTime 
reason must be one of the entries in the REASONS array, or null or "" for REASON_UNSPECIFIED.

X509CRL org.ccnx.ccn.impl.security.crypto.util.MinimalCRLGenerator.sign ( String  hashAlgorithm,
PrivateKey  signingKey,
String  provider 
) throws InvalidKeyException, SignatureException, NoSuchProviderException, CRLException, IllegalStateException, NoSuchAlgorithmException

If the digestAlgorithm is null, SHA-1 is used.

Returns:
the DER-encoded signed CRL.


Member Data Documentation

final String [] org.ccnx.ccn.impl.security.crypto.util.MinimalCRLGenerator.REASONS [static]

Initial value:

 {"unspecified", "key_compromise",
                                                "ca_compromise", "extra_space", "affiliation_changed",
                                                "superseded", "cessation_of_operation", "certificate_hold",
                                                "remove_from_crl"}

final int org.ccnx.ccn.impl.security.crypto.util.MinimalCRLGenerator.REASON_CODES[] [static]

Initial value:

 {REASON_UNSPECIFIED, REASON_KEY_COMPROMISE,
                        REASON_CA_COMPROMISE, REASON_AFFILIATION_CHANGED, REASON_SUPERSEDED,
                        REASON_CESSATION_OF_OPERATION, REASON_CERTIFICATE_HOLD, REASON_REMOVE_FROM_CRL
                        }


The documentation for this class was generated from the following file:

Generated on Thu Feb 16 00:44:58 2012 for Content-Centric Networking in Java by  doxygen 1.5.6