1
package org.bouncycastle.cert;
3
import java.math.BigInteger;
5
import java.util.Enumeration;
7
import org.bouncycastle.asn1.ASN1Encodable;
8
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
9
import org.bouncycastle.asn1.ASN1Sequence;
10
import org.bouncycastle.asn1.DERGeneralizedTime;
11
import org.bouncycastle.asn1.DERInteger;
12
import org.bouncycastle.asn1.x500.X500Name;
13
import org.bouncycastle.asn1.x509.TBSCertList;
14
import org.bouncycastle.asn1.x509.Time;
15
import org.bouncycastle.asn1.x509.V2TBSCertListGenerator;
16
import org.bouncycastle.asn1.x509.X509Extensions;
17
import org.bouncycastle.asn1.x509.X509ExtensionsGenerator;
18
import org.bouncycastle.operator.ContentSigner;
21
* class to produce an X.509 Version 2 CRL.
23
public class X509v2CRLBuilder
25
private V2TBSCertListGenerator tbsGen;
26
private X509ExtensionsGenerator extGenerator;
31
* @param issuer the issuer this CRL is associated with.
32
* @param thisUpdate the date of this update.
34
public X509v2CRLBuilder(
38
tbsGen = new V2TBSCertListGenerator();
39
extGenerator = new X509ExtensionsGenerator();
41
tbsGen.setIssuer(issuer);
42
tbsGen.setThisUpdate(new Time(thisUpdate));
46
* Set the date by which the next CRL will become available.
48
* @param date date of next CRL update.
49
* @return the current builder.
51
public X509v2CRLBuilder setNextUpdate(
54
tbsGen.setNextUpdate(new Time(date));
60
* Add a CRL entry with the just reasonCode extension.
62
* @param userCertificateSerial serial number of revoked certificate.
63
* @param revocationDate date of certificate revocation.
64
* @param reason the reason code, as indicated in CRLReason, i.e CRLReason.keyCompromise, or 0 if not to be used.
65
* @return the current builder.
67
public X509v2CRLBuilder addCRLEntry(BigInteger userCertificateSerial, Date revocationDate, int reason)
69
tbsGen.addCRLEntry(new DERInteger(userCertificateSerial), new Time(revocationDate), reason);
75
* Add a CRL entry with an invalidityDate extension as well as a reasonCode extension. This is used
76
* where the date of revocation might be after issues with the certificate may have occurred.
78
* @param userCertificateSerial serial number of revoked certificate.
79
* @param revocationDate date of certificate revocation.
80
* @param reason the reason code, as indicated in CRLReason, i.e CRLReason.keyCompromise, or 0 if not to be used.
81
* @param invalidityDate the date on which the private key for the certificate became compromised or the certificate otherwise became invalid.
82
* @return the current builder.
84
public X509v2CRLBuilder addCRLEntry(BigInteger userCertificateSerial, Date revocationDate, int reason, Date invalidityDate)
86
tbsGen.addCRLEntry(new DERInteger(userCertificateSerial), new Time(revocationDate), reason, new DERGeneralizedTime(invalidityDate));
92
* Add a CRL entry with extensions.
94
* @param userCertificateSerial serial number of revoked certificate.
95
* @param revocationDate date of certificate revocation.
96
* @param extensions extension set to be associated with this CRLEntry.
97
* @return the current builder.
99
public X509v2CRLBuilder addCRLEntry(BigInteger userCertificateSerial, Date revocationDate, X509Extensions extensions)
101
tbsGen.addCRLEntry(new DERInteger(userCertificateSerial), new Time(revocationDate), extensions);
107
* Add the CRLEntry objects contained in a previous CRL.
109
* @param other the X509CRLHolder to source the other entries from.
110
* @return the current builder.
112
public X509v2CRLBuilder addCRL(X509CRLHolder other)
114
TBSCertList revocations = other.toASN1Structure().getTBSCertList();
116
if (revocations != null)
118
for (Enumeration en = revocations.getRevokedCertificateEnumeration(); en.hasMoreElements();)
120
tbsGen.addCRLEntry(ASN1Sequence.getInstance(((ASN1Encodable)en.nextElement()).getDERObject()));
128
* Add a given extension field for the standard extensions tag (tag 3)
130
* @param oid the OID defining the extension type.
131
* @param isCritical true if the extension is critical, false otherwise.
132
* @param value the ASN.1 structure that forms the extension's value.
133
* @return this builder object.
135
public X509v2CRLBuilder addExtension(
136
ASN1ObjectIdentifier oid,
140
extGenerator.addExtension(oid, isCritical, value);
146
* Generate an X.509 CRL, based on the current issuer and subject
147
* using the passed in signer.
149
* @param signer the content signer to be used to generate the signature validating the certificate.
150
* @return a holder containing the resulting signed certificate.
152
public X509CRLHolder build(
153
ContentSigner signer)
155
tbsGen.setSignature(signer.getAlgorithmIdentifier());
157
if (!extGenerator.isEmpty())
159
tbsGen.setExtensions(extGenerator.generate());
162
return CertUtils.generateFullCRL(signer, tbsGen.generateTBSCertList());