/*
* This file is part of rockframework.
*
* rockframework is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* rockframework is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>;.
*/
package br.net.woodstock.rockframework.security.cert.impl;
import java.security.PrivateKey;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Date;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.CRLNumber;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.cert.X509CRLHolder;
import org.bouncycastle.cert.X509v2CRLBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CRLConverter;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import br.net.woodstock.rockframework.security.cert.CRLEntry;
import br.net.woodstock.rockframework.security.cert.CRLGenerator;
import br.net.woodstock.rockframework.security.cert.CRLRequest;
import br.net.woodstock.rockframework.security.cert.CRLResponse;
import br.net.woodstock.rockframework.security.cert.CertificateException;
import br.net.woodstock.rockframework.security.util.BouncyCastleProviderHelper;
public class BouncyCastleCRLGenerator implements CRLGenerator {
private static BouncyCastleCRLGenerator instance = new BouncyCastleCRLGenerator();
protected BouncyCastleCRLGenerator() {
super();
}
@Override
public CRLResponse generate(final CRLRequest request) {
try {
Date now = new Date();
BouncyCastleCRLRequest bcRequest = new BouncyCastleCRLRequest(request);
X509v2CRLBuilder builder = new X509v2CRLBuilder(bcRequest.getIssuerX500Name(), now);
builder.setNextUpdate(bcRequest.getNextUpdate());
X509Certificate certificate = bcRequest.getIssuerCertificate();
AuthorityKeyIdentifier authorityKeyIdentifier = new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(certificate);
builder.addExtension(X509Extension.authorityKeyIdentifier, false, authorityKeyIdentifier);
builder.addExtension(X509Extension.cRLNumber, false, new CRLNumber(bcRequest.getNumber()));
if (bcRequest.getOldCrl() != null) {
X509CRLHolder current = new X509CRLHolder(bcRequest.getOldCrl());
builder.addCRL(current);
}
PrivateKey privateKey = bcRequest.getIssuerPrivateKey();
JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder(bcRequest.getSignAlgorithm());
contentSignerBuilder.setProvider(BouncyCastleProviderHelper.PROVIDER_NAME);
ContentSigner contentSigner = contentSignerBuilder.build(privateKey);
for (CRLEntry entry : bcRequest.getEntries()) {
builder.addCRLEntry(entry.getSerialNumber(), entry.getDate(), entry.getReason().getCode());
}
X509CRLHolder crlh = builder.build(contentSigner);
JcaX509CRLConverter crlConverter = new JcaX509CRLConverter();
crlConverter.setProvider(BouncyCastleProviderHelper.PROVIDER_NAME);
X509CRL crl = crlConverter.getCRL(crlh);
return new CRLResponse(crl);
} catch (Exception e) {
throw new CertificateException(e);
}
}
public static BouncyCastleCRLGenerator getInstance() {
return BouncyCastleCRLGenerator.instance;
}
}