Java Code Examples for java.security.cert.Certificate#getEncoded()

The following examples show how to use java.security.cert.Certificate#getEncoded() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: HttpResponseCache.java    From reader with MIT License 6 votes vote down vote up
private void writeCertArray(Writer writer, Certificate[] certificates) throws IOException {
  if (certificates == null) {
    writer.write("-1\n");
    return;
  }
  try {
    writer.write(Integer.toString(certificates.length) + '\n');
    for (Certificate certificate : certificates) {
      byte[] bytes = certificate.getEncoded();
      String line = Base64.encode(bytes);
      writer.write(line + '\n');
    }
  } catch (CertificateEncodingException e) {
    throw new IOException(e.getMessage());
  }
}
 
Example 2
Source File: ResponseCacheMiddleware.java    From MediaSDK with Apache License 2.0 6 votes vote down vote up
private void writeCertArray(Writer writer, Certificate[] certificates) throws IOException {
    if (certificates == null) {
        writer.write("-1\n");
        return;
    }
    try {
        writer.write(Integer.toString(certificates.length) + '\n');
        for (Certificate certificate : certificates) {
            byte[] bytes = certificate.getEncoded();
            String line = Base64.encodeToString(bytes, Base64.DEFAULT);
            writer.write(line + '\n');
        }
    } catch (CertificateEncodingException e) {
        throw new IOException(e.getMessage());
    }
}
 
Example 3
Source File: PrivateKeyResolver.java    From openjdk-8-source with GNU General Public License v2.0 5 votes vote down vote up
private PrivateKey resolveX509Certificate(
    XMLX509Certificate x509Cert
) throws XMLSecurityException, KeyStoreException {
    log.log(java.util.logging.Level.FINE, "Can I resolve X509Certificate?");
    byte[] x509CertBytes = x509Cert.getCertificateBytes();

    Enumeration<String> aliases = keyStore.aliases();
    while (aliases.hasMoreElements()) {
        String alias = aliases.nextElement();
        if (keyStore.isKeyEntry(alias)) {

            Certificate cert = keyStore.getCertificate(alias);
            if (cert instanceof X509Certificate) {
                byte[] certBytes = null;

                try {
                    certBytes = cert.getEncoded();
                } catch (CertificateEncodingException e1) {
                }

                if (certBytes != null && Arrays.equals(certBytes, x509CertBytes)) {
                    log.log(java.util.logging.Level.FINE, "match !!! ");

                    try {
                        Key key = keyStore.getKey(alias, password);
                        if (key instanceof PrivateKey) {
                            return (PrivateKey) key;
                        }
                    }
                    catch (Exception e) {
                        log.log(java.util.logging.Level.FINE, "Cannot recover the key", e);
                        // Keep searching
                    }
                }
            }
        }
    }

    return null;
}
 
Example 4
Source File: X509CertImpl.java    From openjdk-jdk8u with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Returned the encoding of the given certificate for internal use.
 * Callers must guarantee that they neither modify it nor expose it
 * to untrusted code. Uses getEncodedInternal() if the certificate
 * is instance of X509CertImpl, getEncoded() otherwise.
 */
public static byte[] getEncodedInternal(Certificate cert)
        throws CertificateEncodingException {
    if (cert instanceof X509CertImpl) {
        return ((X509CertImpl)cert).getEncodedInternal();
    } else {
        return cert.getEncoded();
    }
}
 
Example 5
Source File: X509CertImpl.java    From Bytecoder with Apache License 2.0 5 votes vote down vote up
/**
 * Returned the encoding of the given certificate for internal use.
 * Callers must guarantee that they neither modify it nor expose it
 * to untrusted code. Uses getEncodedInternal() if the certificate
 * is instance of X509CertImpl, getEncoded() otherwise.
 */
public static byte[] getEncodedInternal(Certificate cert)
        throws CertificateEncodingException {
    if (cert instanceof X509CertImpl) {
        return ((X509CertImpl)cert).getEncodedInternal();
    } else {
        return cert.getEncoded();
    }
}
 
Example 6
Source File: Main.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Gets the requested finger print of the certificate.
 */
private String getCertFingerPrint(String mdAlg, Certificate cert)
    throws Exception
{
    byte[] encCertInfo = cert.getEncoded();
    MessageDigest md = MessageDigest.getInstance(mdAlg);
    byte[] digest = md.digest(encCertInfo);
    return toHexString(digest);
}
 
Example 7
Source File: Main.java    From openjdk-jdk8u with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Gets the requested finger print of the certificate.
 */
private String getCertFingerPrint(String mdAlg, Certificate cert)
    throws Exception
{
    byte[] encCertInfo = cert.getEncoded();
    MessageDigest md = MessageDigest.getInstance(mdAlg);
    byte[] digest = md.digest(encCertInfo);
    return toHexString(digest);
}
 
Example 8
Source File: X509CertImpl.java    From jdk8u-jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Returned the encoding of the given certificate for internal use.
 * Callers must guarantee that they neither modify it nor expose it
 * to untrusted code. Uses getEncodedInternal() if the certificate
 * is instance of X509CertImpl, getEncoded() otherwise.
 */
public static byte[] getEncodedInternal(Certificate cert)
        throws CertificateEncodingException {
    if (cert instanceof X509CertImpl) {
        return ((X509CertImpl)cert).getEncodedInternal();
    } else {
        return cert.getEncoded();
    }
}
 
Example 9
Source File: KeychainStore.java    From TencentKona-8 with GNU General Public License v2.0 5 votes vote down vote up
private long addCertificateToKeychain(String alias, Certificate cert) {
    byte[] certblob = null;
    long returnValue = 0;

    try {
        certblob = cert.getEncoded();
        returnValue = _addItemToKeychain(alias, true, certblob, null);
    } catch (Exception e) {
        e.printStackTrace();
    }

    return returnValue;
}
 
Example 10
Source File: PrivateKeyResolver.java    From jdk1.8-source-analysis with Apache License 2.0 5 votes vote down vote up
private PrivateKey resolveX509Certificate(
    XMLX509Certificate x509Cert
) throws XMLSecurityException, KeyStoreException {
    log.log(java.util.logging.Level.FINE, "Can I resolve X509Certificate?");
    byte[] x509CertBytes = x509Cert.getCertificateBytes();

    Enumeration<String> aliases = keyStore.aliases();
    while (aliases.hasMoreElements()) {
        String alias = aliases.nextElement();
        if (keyStore.isKeyEntry(alias)) {

            Certificate cert = keyStore.getCertificate(alias);
            if (cert instanceof X509Certificate) {
                byte[] certBytes = null;

                try {
                    certBytes = cert.getEncoded();
                } catch (CertificateEncodingException e1) {
                }

                if (certBytes != null && Arrays.equals(certBytes, x509CertBytes)) {
                    log.log(java.util.logging.Level.FINE, "match !!! ");

                    try {
                        Key key = keyStore.getKey(alias, password);
                        if (key instanceof PrivateKey) {
                            return (PrivateKey) key;
                        }
                    }
                    catch (Exception e) {
                        log.log(java.util.logging.Level.FINE, "Cannot recover the key", e);
                        // Keep searching
                    }
                }
            }
        }
    }

    return null;
}
 
Example 11
Source File: ConfiguredObjectCustomSerialization.java    From qpid-broker-j with Apache License 2.0 5 votes vote down vote up
@Override
public Object convert(final Certificate value)
{
    try
    {
        return value.getEncoded();
    }
    catch (CertificateEncodingException e)
    {
        throw new IllegalArgumentException(e);
    }
}
 
Example 12
Source File: BigCRL.java    From jdk8u-jdk with GNU General Public License v2.0 4 votes vote down vote up
public static void main(String[] args) throws Exception {
    int n = 500000;
    String ks = System.getProperty("test.src", ".")
            + "/../../ssl/etc/keystore";
    String pass = "passphrase";
    String alias = "dummy";

    KeyStore keyStore = KeyStore.getInstance("JKS");
    keyStore.load(new FileInputStream(ks), pass.toCharArray());
    Certificate signerCert = keyStore.getCertificate(alias);
    byte[] encoded = signerCert.getEncoded();
    X509CertImpl signerCertImpl = new X509CertImpl(encoded);
    X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get(
            X509CertImpl.NAME + "." + X509CertImpl.INFO);
    X500Name owner = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "."
            + X509CertInfo.DN_NAME);

    Date date = new Date();
    PrivateKey privateKey = (PrivateKey)
            keyStore.getKey(alias, pass.toCharArray());
    String sigAlgName = signerCertImpl.getSigAlgOID();

    X509CRLEntry[] badCerts = new X509CRLEntry[n];
    CRLExtensions ext = new CRLExtensions();
    ext.set("Reason", new CRLReasonCodeExtension(1));
    for (int i = 0; i < n; i++) {
        badCerts[i] = new X509CRLEntryImpl(
                BigInteger.valueOf(i), date, ext);
    }
    X509CRLImpl crl = new X509CRLImpl(owner, date, date, badCerts);
    crl.sign(privateKey, sigAlgName);
    byte[] data = crl.getEncodedInternal();

    // Make sure the CRL is big enough
    if ((data[1]&0xff) != 0x84) {
        throw new Exception("The file should be big enough?");
    }

    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    cf.generateCRL(new ByteArrayInputStream(data));
}
 
Example 13
Source File: BigCRL.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 4 votes vote down vote up
public static void main(String[] args) throws Exception {
    int n = 500000;
    String ks = System.getProperty("test.src", ".")
            + "/../../ssl/etc/keystore";
    String pass = "passphrase";
    String alias = "dummy";

    KeyStore keyStore = KeyStore.getInstance("JKS");
    keyStore.load(new FileInputStream(ks), pass.toCharArray());
    Certificate signerCert = keyStore.getCertificate(alias);
    byte[] encoded = signerCert.getEncoded();
    X509CertImpl signerCertImpl = new X509CertImpl(encoded);
    X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get(
            X509CertImpl.NAME + "." + X509CertImpl.INFO);
    X500Name owner = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "."
            + X509CertInfo.DN_NAME);

    Date date = new Date();
    PrivateKey privateKey = (PrivateKey)
            keyStore.getKey(alias, pass.toCharArray());
    String sigAlgName = signerCertImpl.getSigAlgOID();

    X509CRLEntry[] badCerts = new X509CRLEntry[n];
    CRLExtensions ext = new CRLExtensions();
    ext.set("Reason", new CRLReasonCodeExtension(1));
    for (int i = 0; i < n; i++) {
        badCerts[i] = new X509CRLEntryImpl(
                BigInteger.valueOf(i), date, ext);
    }
    X509CRLImpl crl = new X509CRLImpl(owner, date, date, badCerts);
    crl.sign(privateKey, sigAlgName);
    byte[] data = crl.getEncodedInternal();

    // Make sure the CRL is big enough
    if ((data[1]&0xff) != 0x84) {
        throw new Exception("The file should be big enough?");
    }

    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    cf.generateCRL(new ByteArrayInputStream(data));
}
 
Example 14
Source File: Main.java    From jdk8u_jdk with GNU General Public License v2.0 4 votes vote down vote up
private void doGenCRL(PrintStream out)
        throws Exception {
    if (ids == null) {
        throw new Exception("Must provide -id when -gencrl");
    }
    Certificate signerCert = keyStore.getCertificate(alias);
    byte[] encoded = signerCert.getEncoded();
    X509CertImpl signerCertImpl = new X509CertImpl(encoded);
    X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get(
            X509CertImpl.NAME + "." + X509CertImpl.INFO);
    X500Name owner = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "." +
                                                  X509CertInfo.DN_NAME);

    Date firstDate = getStartDate(startDate);
    Date lastDate = (Date) firstDate.clone();
    lastDate.setTime(lastDate.getTime() + validity*1000*24*60*60);
    CertificateValidity interval = new CertificateValidity(firstDate,
                                                           lastDate);


    PrivateKey privateKey =
            (PrivateKey)recoverKey(alias, storePass, keyPass).fst;
    if (sigAlgName == null) {
        sigAlgName = getCompatibleSigAlgName(privateKey.getAlgorithm());
    }

    X509CRLEntry[] badCerts = new X509CRLEntry[ids.size()];
    for (int i=0; i<ids.size(); i++) {
        String id = ids.get(i);
        int d = id.indexOf(':');
        if (d >= 0) {
            CRLExtensions ext = new CRLExtensions();
            ext.set("Reason", new CRLReasonCodeExtension(Integer.parseInt(id.substring(d+1))));
            badCerts[i] = new X509CRLEntryImpl(new BigInteger(id.substring(0, d)),
                    firstDate, ext);
        } else {
            badCerts[i] = new X509CRLEntryImpl(new BigInteger(ids.get(i)), firstDate);
        }
    }
    X509CRLImpl crl = new X509CRLImpl(owner, firstDate, lastDate, badCerts);
    crl.sign(privateKey, sigAlgName);
    if (rfc) {
        out.println("-----BEGIN X509 CRL-----");
        out.println(Base64.getMimeEncoder(64, CRLF).encodeToString(crl.getEncodedInternal()));
        out.println("-----END X509 CRL-----");
    } else {
        out.write(crl.getEncodedInternal());
    }
    checkWeak(rb.getString("the.generated.crl"), crl, privateKey);
}
 
Example 15
Source File: Main.java    From jdk8u-jdk with GNU General Public License v2.0 4 votes vote down vote up
private void doGenCRL(PrintStream out)
        throws Exception {
    if (ids == null) {
        throw new Exception("Must provide -id when -gencrl");
    }
    Certificate signerCert = keyStore.getCertificate(alias);
    byte[] encoded = signerCert.getEncoded();
    X509CertImpl signerCertImpl = new X509CertImpl(encoded);
    X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get(
            X509CertImpl.NAME + "." + X509CertImpl.INFO);
    X500Name owner = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "." +
                                                  X509CertInfo.DN_NAME);

    Date firstDate = getStartDate(startDate);
    Date lastDate = (Date) firstDate.clone();
    lastDate.setTime(lastDate.getTime() + validity*1000*24*60*60);
    CertificateValidity interval = new CertificateValidity(firstDate,
                                                           lastDate);


    PrivateKey privateKey =
            (PrivateKey)recoverKey(alias, storePass, keyPass).fst;
    if (sigAlgName == null) {
        sigAlgName = getCompatibleSigAlgName(privateKey.getAlgorithm());
    }

    X509CRLEntry[] badCerts = new X509CRLEntry[ids.size()];
    for (int i=0; i<ids.size(); i++) {
        String id = ids.get(i);
        int d = id.indexOf(':');
        if (d >= 0) {
            CRLExtensions ext = new CRLExtensions();
            ext.set("Reason", new CRLReasonCodeExtension(Integer.parseInt(id.substring(d+1))));
            badCerts[i] = new X509CRLEntryImpl(new BigInteger(id.substring(0, d)),
                    firstDate, ext);
        } else {
            badCerts[i] = new X509CRLEntryImpl(new BigInteger(ids.get(i)), firstDate);
        }
    }
    X509CRLImpl crl = new X509CRLImpl(owner, firstDate, lastDate, badCerts);
    crl.sign(privateKey, sigAlgName);
    if (rfc) {
        out.println("-----BEGIN X509 CRL-----");
        out.println(Base64.getMimeEncoder().encodeToString(crl.getEncodedInternal()));
        out.println("-----END X509 CRL-----");
    } else {
        out.write(crl.getEncodedInternal());
    }
}
 
Example 16
Source File: BigCRL.java    From TencentKona-8 with GNU General Public License v2.0 4 votes vote down vote up
public static void main(String[] args) throws Exception {
    int n = 500000;
    String ks = System.getProperty("test.src", ".")
            + "/../../ssl/etc/keystore";
    String pass = "passphrase";
    String alias = "dummy";

    KeyStore keyStore = KeyStore.getInstance("JKS");
    keyStore.load(new FileInputStream(ks), pass.toCharArray());
    Certificate signerCert = keyStore.getCertificate(alias);
    byte[] encoded = signerCert.getEncoded();
    X509CertImpl signerCertImpl = new X509CertImpl(encoded);
    X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get(
            X509CertImpl.NAME + "." + X509CertImpl.INFO);
    X500Name owner = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "."
            + X509CertInfo.DN_NAME);

    Date date = new Date();
    PrivateKey privateKey = (PrivateKey)
            keyStore.getKey(alias, pass.toCharArray());
    String sigAlgName = signerCertImpl.getSigAlgOID();

    X509CRLEntry[] badCerts = new X509CRLEntry[n];
    CRLExtensions ext = new CRLExtensions();
    ext.set("Reason", new CRLReasonCodeExtension(1));
    for (int i = 0; i < n; i++) {
        badCerts[i] = new X509CRLEntryImpl(
                BigInteger.valueOf(i), date, ext);
    }
    X509CRLImpl crl = new X509CRLImpl(owner, date, date, badCerts);
    crl.sign(privateKey, sigAlgName);
    byte[] data = crl.getEncodedInternal();

    // Make sure the CRL is big enough
    if ((data[1]&0xff) != 0x84) {
        throw new Exception("The file should be big enough?");
    }

    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    cf.generateCRL(new ByteArrayInputStream(data));
}
 
Example 17
Source File: BigCRL.java    From dragonwell8_jdk with GNU General Public License v2.0 4 votes vote down vote up
public static void main(String[] args) throws Exception {
    int n = 500000;
    String ks = System.getProperty("test.src", ".")
            + "/../../ssl/etc/keystore";
    String pass = "passphrase";
    String alias = "dummy";

    KeyStore keyStore = KeyStore.getInstance("JKS");
    keyStore.load(new FileInputStream(ks), pass.toCharArray());
    Certificate signerCert = keyStore.getCertificate(alias);
    byte[] encoded = signerCert.getEncoded();
    X509CertImpl signerCertImpl = new X509CertImpl(encoded);
    X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get(
            X509CertImpl.NAME + "." + X509CertImpl.INFO);
    X500Name owner = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "."
            + X509CertInfo.DN_NAME);

    Date date = new Date();
    PrivateKey privateKey = (PrivateKey)
            keyStore.getKey(alias, pass.toCharArray());
    String sigAlgName = signerCertImpl.getSigAlgOID();

    X509CRLEntry[] badCerts = new X509CRLEntry[n];
    CRLExtensions ext = new CRLExtensions();
    ext.set("Reason", new CRLReasonCodeExtension(1));
    for (int i = 0; i < n; i++) {
        badCerts[i] = new X509CRLEntryImpl(
                BigInteger.valueOf(i), date, ext);
    }
    X509CRLImpl crl = new X509CRLImpl(owner, date, date, badCerts);
    crl.sign(privateKey, sigAlgName);
    byte[] data = crl.getEncodedInternal();

    // Make sure the CRL is big enough
    if ((data[1]&0xff) != 0x84) {
        throw new Exception("The file should be big enough?");
    }

    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    cf.generateCRL(new ByteArrayInputStream(data));
}
 
Example 18
Source File: Main.java    From openjdk-8-source with GNU General Public License v2.0 4 votes vote down vote up
private void doGenCRL(PrintStream out)
        throws Exception {
    if (ids == null) {
        throw new Exception("Must provide -id when -gencrl");
    }
    Certificate signerCert = keyStore.getCertificate(alias);
    byte[] encoded = signerCert.getEncoded();
    X509CertImpl signerCertImpl = new X509CertImpl(encoded);
    X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get(
            X509CertImpl.NAME + "." + X509CertImpl.INFO);
    X500Name owner = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "." +
                                                  X509CertInfo.DN_NAME);

    Date firstDate = getStartDate(startDate);
    Date lastDate = (Date) firstDate.clone();
    lastDate.setTime(lastDate.getTime() + validity*1000*24*60*60);
    CertificateValidity interval = new CertificateValidity(firstDate,
                                                           lastDate);


    PrivateKey privateKey =
            (PrivateKey)recoverKey(alias, storePass, keyPass).fst;
    if (sigAlgName == null) {
        sigAlgName = getCompatibleSigAlgName(privateKey.getAlgorithm());
    }

    X509CRLEntry[] badCerts = new X509CRLEntry[ids.size()];
    for (int i=0; i<ids.size(); i++) {
        String id = ids.get(i);
        int d = id.indexOf(':');
        if (d >= 0) {
            CRLExtensions ext = new CRLExtensions();
            ext.set("Reason", new CRLReasonCodeExtension(Integer.parseInt(id.substring(d+1))));
            badCerts[i] = new X509CRLEntryImpl(new BigInteger(id.substring(0, d)),
                    firstDate, ext);
        } else {
            badCerts[i] = new X509CRLEntryImpl(new BigInteger(ids.get(i)), firstDate);
        }
    }
    X509CRLImpl crl = new X509CRLImpl(owner, firstDate, lastDate, badCerts);
    crl.sign(privateKey, sigAlgName);
    if (rfc) {
        out.println("-----BEGIN X509 CRL-----");
        out.println(Base64.getMimeEncoder().encodeToString(crl.getEncodedInternal()));
        out.println("-----END X509 CRL-----");
    } else {
        out.write(crl.getEncodedInternal());
    }
}
 
Example 19
Source File: Main.java    From openjdk-8 with GNU General Public License v2.0 4 votes vote down vote up
private void doGenCRL(PrintStream out)
        throws Exception {
    if (ids == null) {
        throw new Exception("Must provide -id when -gencrl");
    }
    Certificate signerCert = keyStore.getCertificate(alias);
    byte[] encoded = signerCert.getEncoded();
    X509CertImpl signerCertImpl = new X509CertImpl(encoded);
    X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get(
            X509CertImpl.NAME + "." + X509CertImpl.INFO);
    X500Name owner = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "." +
                                                  X509CertInfo.DN_NAME);

    Date firstDate = getStartDate(startDate);
    Date lastDate = (Date) firstDate.clone();
    lastDate.setTime(lastDate.getTime() + validity*1000*24*60*60);
    CertificateValidity interval = new CertificateValidity(firstDate,
                                                           lastDate);


    PrivateKey privateKey =
            (PrivateKey)recoverKey(alias, storePass, keyPass).fst;
    if (sigAlgName == null) {
        sigAlgName = getCompatibleSigAlgName(privateKey.getAlgorithm());
    }

    X509CRLEntry[] badCerts = new X509CRLEntry[ids.size()];
    for (int i=0; i<ids.size(); i++) {
        String id = ids.get(i);
        int d = id.indexOf(':');
        if (d >= 0) {
            CRLExtensions ext = new CRLExtensions();
            ext.set("Reason", new CRLReasonCodeExtension(Integer.parseInt(id.substring(d+1))));
            badCerts[i] = new X509CRLEntryImpl(new BigInteger(id.substring(0, d)),
                    firstDate, ext);
        } else {
            badCerts[i] = new X509CRLEntryImpl(new BigInteger(ids.get(i)), firstDate);
        }
    }
    X509CRLImpl crl = new X509CRLImpl(owner, firstDate, lastDate, badCerts);
    crl.sign(privateKey, sigAlgName);
    if (rfc) {
        out.println("-----BEGIN X509 CRL-----");
        out.println(Base64.getMimeEncoder().encodeToString(crl.getEncodedInternal()));
        out.println("-----END X509 CRL-----");
    } else {
        out.write(crl.getEncodedInternal());
    }
}
 
Example 20
Source File: Main.java    From hottub with GNU General Public License v2.0 4 votes vote down vote up
private void doGenCRL(PrintStream out)
        throws Exception {
    if (ids == null) {
        throw new Exception("Must provide -id when -gencrl");
    }
    Certificate signerCert = keyStore.getCertificate(alias);
    byte[] encoded = signerCert.getEncoded();
    X509CertImpl signerCertImpl = new X509CertImpl(encoded);
    X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get(
            X509CertImpl.NAME + "." + X509CertImpl.INFO);
    X500Name owner = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "." +
                                                  X509CertInfo.DN_NAME);

    Date firstDate = getStartDate(startDate);
    Date lastDate = (Date) firstDate.clone();
    lastDate.setTime(lastDate.getTime() + validity*1000*24*60*60);
    CertificateValidity interval = new CertificateValidity(firstDate,
                                                           lastDate);


    PrivateKey privateKey =
            (PrivateKey)recoverKey(alias, storePass, keyPass).fst;
    if (sigAlgName == null) {
        sigAlgName = getCompatibleSigAlgName(privateKey.getAlgorithm());
    }

    X509CRLEntry[] badCerts = new X509CRLEntry[ids.size()];
    for (int i=0; i<ids.size(); i++) {
        String id = ids.get(i);
        int d = id.indexOf(':');
        if (d >= 0) {
            CRLExtensions ext = new CRLExtensions();
            ext.set("Reason", new CRLReasonCodeExtension(Integer.parseInt(id.substring(d+1))));
            badCerts[i] = new X509CRLEntryImpl(new BigInteger(id.substring(0, d)),
                    firstDate, ext);
        } else {
            badCerts[i] = new X509CRLEntryImpl(new BigInteger(ids.get(i)), firstDate);
        }
    }
    X509CRLImpl crl = new X509CRLImpl(owner, firstDate, lastDate, badCerts);
    crl.sign(privateKey, sigAlgName);
    if (rfc) {
        out.println("-----BEGIN X509 CRL-----");
        out.println(Base64.getMimeEncoder(64, CRLF).encodeToString(crl.getEncodedInternal()));
        out.println("-----END X509 CRL-----");
    } else {
        out.write(crl.getEncodedInternal());
    }
}