@SuppressWarnings("deprecation") public FluentKeySigner authorityCertificate(X509Certificate certificate) { try { authorityKeyIdentifier(new org.bouncycastle.x509.extension.AuthorityKeyIdentifierStructure(certificate)); this.authorityCertificate = certificate; return this; } catch (CertificateParsingException e) { throw Exceptions.propagate(e); } }
/** * Create an AuthorityKeyIdentifier using the passed in certificate's public * key, issuer and serial number. * * @param certificate the certificate providing the information. * @throws CertificateParsingException if there is a problem processing the certificate */ public AuthorityKeyIdentifierStructure( X509Certificate certificate) throws CertificateParsingException { super(fromCertificate(certificate)); }
/** * Create an AuthorityKeyIdentifier using just the hash of the * public key. * * @param pubKey the key to generate the hash from. * @throws InvalidKeyException if there is a problem using the key. */ public AuthorityKeyIdentifierStructure( PublicKey pubKey) throws InvalidKeyException { super(fromKey(pubKey)); } }
public FluentKeySigner authorityCertificate(X509Certificate certificate) { try { authorityKeyIdentifier(new AuthorityKeyIdentifierStructure(certificate)); this.authorityCertificate = certificate; return this; } catch (CertificateParsingException e) { throw Exceptions.propagate(e); } }
@Override public X509CRL generateX509CRL( X509Certificate caCertificate, PrivateKey caPrivateKey ) { try { X509V2CRLGenerator crlGen = new X509V2CRLGenerator(); crlGen.setIssuerDN( caCertificate.getSubjectX500Principal() ); crlGen.setThisUpdate( new DateTime().minus( Time.CLOCK_SKEW ).toDate() ); crlGen.setNextUpdate( new DateTime().minus( Time.CLOCK_SKEW ).plusHours( 12 ).toDate() ); crlGen.setSignatureAlgorithm( SignatureAlgorithm.SHA256withRSA.jcaString() ); crlGen.addExtension( X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure( caCertificate ) ); crlGen.addExtension( X509Extensions.CRLNumber, false, new CRLNumber( BigInteger.ONE ) ); return crlGen.generate( caPrivateKey, BouncyCastleProvider.PROVIDER_NAME ); } catch ( GeneralSecurityException ex ) { throw new CryptoFailure( "Unable to generate CRL", ex ); } }
new AuthorityKeyIdentifierStructure(fields.getSignerCert()));
@Override public X509CRL updateX509CRL( X509Certificate caCertificate, PrivateKey caPrivateKey, X509Certificate revokedCertificate, RevocationReason reason, X509CRL previousCRL, BigInteger lastCRLNumber ) { try { X509V2CRLGenerator crlGen = new X509V2CRLGenerator(); crlGen.setIssuerDN( caCertificate.getSubjectX500Principal() ); DateTime skewedNow = new DateTime().minus( Time.CLOCK_SKEW ); crlGen.setThisUpdate( skewedNow.toDate() ); crlGen.setNextUpdate( skewedNow.plusHours( 12 ).toDate() ); crlGen.setSignatureAlgorithm( SignatureAlgorithm.SHA256withRSA.jcaString() ); crlGen.addExtension( X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure( caCertificate ) ); crlGen.addExtension( X509Extensions.CRLNumber, false, new CRLNumber( lastCRLNumber ) ); crlGen.addCRL( previousCRL ); crlGen.addCRLEntry( revokedCertificate.getSerialNumber(), skewedNow.toDate(), reason.reason() ); return crlGen.generate( caPrivateKey, BouncyCastleProvider.PROVIDER_NAME ); } catch ( GeneralSecurityException ex ) { throw new CryptoFailure( "Unable to update CRL", ex ); } }
false, new AuthorityKeyIdentifierStructure(issuerCert));
builder.setNextUpdate(nextUpdate); builder.addExtension(Extension.authorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(issuerPublicKey)); builder.addExtension(Extension.cRLNumber, false, new CRLNumber(BigInteger.ZERO)); ContentSigner signer =
X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert.getPublicKey()));
new AuthorityKeyIdentifierStructure(caPubKey));
if (issuer == null) certGen.addExtension(X509Extension.authorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(key)); certGen.addExtension(X509Extension.authorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(issuer.getCertificate()));
X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert.getPublicKey()));
new AuthorityKeyIdentifierStructure(caCert)); certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(key));
new CRLNumber(crlNumber.add(BigInteger.ONE))); builder.addExtension(Extension.authorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(issuerPublicKey));
X509Extensions.SubjectKeyIdentifier, false, subjectKeyIdentifier); AuthorityKeyIdentifierStructure authorityKeyIdentifier = new AuthorityKeyIdentifierStructure(caPubKey); certificateGenerator.addExtension( X509Extensions.AuthorityKeyIdentifier, false,