public FluentKeySigner authorityCertificate(X509Certificate certificate) { try { authorityKeyIdentifier(new AuthorityKeyIdentifierStructure(certificate)); this.authorityCertificate = certificate; return this; } catch (CertificateParsingException e) { throw Exceptions.propagate(e); } }
@SuppressWarnings("deprecation") public FluentKeySigner authorityCertificate(X509Certificate certificate) { try { authorityKeyIdentifier(new org.bouncycastle.x509.extension.AuthorityKeyIdentifierStructure(certificate)); this.authorityCertificate = certificate; return this; } catch (CertificateParsingException e) { throw Exceptions.propagate(e); } }
@Override public X509CRL generateX509CRL( X509Certificate caCertificate, PrivateKey caPrivateKey ) { try { X509V2CRLGenerator crlGen = new X509V2CRLGenerator(); crlGen.setIssuerDN( caCertificate.getSubjectX500Principal() ); crlGen.setThisUpdate( new DateTime().minus( Time.CLOCK_SKEW ).toDate() ); crlGen.setNextUpdate( new DateTime().minus( Time.CLOCK_SKEW ).plusHours( 12 ).toDate() ); crlGen.setSignatureAlgorithm( SignatureAlgorithm.SHA256withRSA.jcaString() ); crlGen.addExtension( X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure( caCertificate ) ); crlGen.addExtension( X509Extensions.CRLNumber, false, new CRLNumber( BigInteger.ONE ) ); return crlGen.generate( caPrivateKey, BouncyCastleProvider.PROVIDER_NAME ); } catch ( GeneralSecurityException ex ) { throw new CryptoFailure( "Unable to generate CRL", ex ); } }
new AuthorityKeyIdentifierStructure(fields.getSignerCert()));
@Override public X509CRL updateX509CRL( X509Certificate caCertificate, PrivateKey caPrivateKey, X509Certificate revokedCertificate, RevocationReason reason, X509CRL previousCRL, BigInteger lastCRLNumber ) { try { X509V2CRLGenerator crlGen = new X509V2CRLGenerator(); crlGen.setIssuerDN( caCertificate.getSubjectX500Principal() ); DateTime skewedNow = new DateTime().minus( Time.CLOCK_SKEW ); crlGen.setThisUpdate( skewedNow.toDate() ); crlGen.setNextUpdate( skewedNow.plusHours( 12 ).toDate() ); crlGen.setSignatureAlgorithm( SignatureAlgorithm.SHA256withRSA.jcaString() ); crlGen.addExtension( X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure( caCertificate ) ); crlGen.addExtension( X509Extensions.CRLNumber, false, new CRLNumber( lastCRLNumber ) ); crlGen.addCRL( previousCRL ); crlGen.addCRLEntry( revokedCertificate.getSerialNumber(), skewedNow.toDate(), reason.reason() ); return crlGen.generate( caPrivateKey, BouncyCastleProvider.PROVIDER_NAME ); } catch ( GeneralSecurityException ex ) { throw new CryptoFailure( "Unable to update CRL", ex ); } }
false, new AuthorityKeyIdentifierStructure(issuerCert));
builder.setNextUpdate(nextUpdate); builder.addExtension(Extension.authorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(issuerPublicKey)); builder.addExtension(Extension.cRLNumber, false, new CRLNumber(BigInteger.ZERO)); ContentSigner signer =
X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert.getPublicKey()));
new AuthorityKeyIdentifierStructure(caPubKey));
if (issuer == null) certGen.addExtension(X509Extension.authorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(key)); certGen.addExtension(X509Extension.authorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(issuer.getCertificate()));
new CRLNumber(crlNumber.add(BigInteger.ONE))); builder.addExtension(Extension.authorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(issuerPublicKey));
X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert.getPublicKey()));
new AuthorityKeyIdentifierStructure(caCert)); certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(key));
X509Extensions.SubjectKeyIdentifier, false, subjectKeyIdentifier); AuthorityKeyIdentifierStructure authorityKeyIdentifier = new AuthorityKeyIdentifierStructure(caPubKey); certificateGenerator.addExtension( X509Extensions.AuthorityKeyIdentifier, false,