Package org.bouncycastle.cert

Class X509v2CRLBuilder

  • Direct Known Subclasses:
    JcaX509v2CRLBuilder
    public class X509v2CRLBuilder
extends java.lang.Object
    class to produce an X.509 Version 2 CRL.

    • Constructor Summary

      Constructors 
      Constructor Description
      X509v2CRLBuilder​(org.bouncycastle.asn1.x500.X500Name issuer, java.util.Date thisUpdate)
      Basic constructor.
      X509v2CRLBuilder​(org.bouncycastle.asn1.x500.X500Name issuer, java.util.Date thisUpdate, java.util.Locale dateLocale)
      Basic constructor with Locale.
      X509v2CRLBuilder​(org.bouncycastle.asn1.x500.X500Name issuer, org.bouncycastle.asn1.x509.Time thisUpdate)
      Basic constructor.
      X509v2CRLBuilder​(X509CRLHolder template)
      Create a builder for a version 2 CRL, initialised with another CRL.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      X509v2CRLBuilder addCRL​(X509CRLHolder other)
      Add the CRLEntry objects contained in a previous CRL.
      X509v2CRLBuilder addCRLEntry​(java.math.BigInteger userCertificateSerial, java.util.Date revocationDate, int reason)
      Add a CRL entry with the just reasonCode extension.
      X509v2CRLBuilder addCRLEntry​(java.math.BigInteger userCertificateSerial, java.util.Date revocationDate, int reason, java.util.Date invalidityDate)
      Add a CRL entry with an invalidityDate extension as well as a reasonCode extension.
      X509v2CRLBuilder addCRLEntry​(java.math.BigInteger userCertificateSerial, java.util.Date revocationDate, org.bouncycastle.asn1.x509.Extensions extensions)
      Add a CRL entry with extensions.
      X509v2CRLBuilder addExtension​(org.bouncycastle.asn1.ASN1ObjectIdentifier oid, boolean isCritical, byte[] encodedValue)
      Add a given extension field for the standard extensions tag (tag 3) using a byte encoding of the extension value.
      X509v2CRLBuilder addExtension​(org.bouncycastle.asn1.ASN1ObjectIdentifier oid, boolean isCritical, org.bouncycastle.asn1.ASN1Encodable value)
      Add a given extension field for the standard extensions tag (tag 3)
      X509v2CRLBuilder addExtension​(org.bouncycastle.asn1.x509.Extension extension)
      Add a given extension field for the standard extensions tag (tag 3).
      X509CRLHolder build​(org.bouncycastle.operator.ContentSigner signer)
      Generate an X.509 CRL, based on the current issuer and subject using the passed in signer.
      X509CRLHolder build​(org.bouncycastle.operator.ContentSigner signer, boolean isCritical, org.bouncycastle.operator.ContentSigner altSigner)
      Generate an X.509 CRL, based on the current issuer using the passed in signer and containing altSignatureAlgorithm and altSignatureValue extensions based on the passed altSigner.
      org.bouncycastle.asn1.x509.Extension getExtension​(org.bouncycastle.asn1.ASN1ObjectIdentifier oid)
      Return the current value of the extension for OID.
      boolean hasExtension​(org.bouncycastle.asn1.ASN1ObjectIdentifier oid)
      Return if the extension indicated by OID is present.
      X509v2CRLBuilder removeExtension​(org.bouncycastle.asn1.ASN1ObjectIdentifier oid)
      Remove the extension indicated by OID.
      X509v2CRLBuilder replaceExtension​(org.bouncycastle.asn1.ASN1ObjectIdentifier oid, boolean isCritical, byte[] encodedValue)
      Replace a given extension field for the standard extensions tag (tag 3) with the passed in byte encoded extension value.
      X509v2CRLBuilder replaceExtension​(org.bouncycastle.asn1.ASN1ObjectIdentifier oid, boolean isCritical, org.bouncycastle.asn1.ASN1Encodable value)
      Replace the extension field for the passed in extension's extension ID with a new version.
      X509v2CRLBuilder replaceExtension​(org.bouncycastle.asn1.x509.Extension extension)
      Replace the extension field for the passed in extension's extension ID with a new version.
      X509v2CRLBuilder setNextUpdate​(java.util.Date date)
      Set the date by which the next CRL will become available.
      X509v2CRLBuilder setNextUpdate​(java.util.Date date, java.util.Locale dateLocale)
      Set the date by which the next CRL will become available.
      X509v2CRLBuilder setNextUpdate​(org.bouncycastle.asn1.x509.Time date)
      Set the date by which the next CRL will become available.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • X509v2CRLBuilder

        public X509v2CRLBuilder​(org.bouncycastle.asn1.x500.X500Name issuer,
                        java.util.Date thisUpdate)
        Basic constructor.
        Parameters:
        issuer - the issuer this CRL is associated with.
        thisUpdate - the date of this update.

      • X509v2CRLBuilder

        public X509v2CRLBuilder​(org.bouncycastle.asn1.x500.X500Name issuer,
                        java.util.Date thisUpdate,
                        java.util.Locale dateLocale)
        Basic constructor with Locale. You may need to use this constructor if the default locale doesn't use a Gregorian calender so that the Time produced is compatible with other ASN.1 implementations.
        Parameters:
        issuer - the issuer this CRL is associated with.
        thisUpdate - the date of this update.
        dateLocale - locale to be used for date interpretation.

      • X509v2CRLBuilder

        public X509v2CRLBuilder​(org.bouncycastle.asn1.x500.X500Name issuer,
                        org.bouncycastle.asn1.x509.Time thisUpdate)
        Basic constructor.
        Parameters:
        issuer - the issuer this CRL is associated with.
        thisUpdate - the Time of this update.

      • X509v2CRLBuilder

        public X509v2CRLBuilder​(X509CRLHolder template)
        Create a builder for a version 2 CRL, initialised with another CRL.
        Parameters:
        template - template CRL to base the new one on.

    • Method Detail

      • hasExtension

        public boolean hasExtension​(org.bouncycastle.asn1.ASN1ObjectIdentifier oid)
        Return if the extension indicated by OID is present.
        Parameters:
        oid - the OID for the extension of interest.
        Returns:
        the Extension, or null if it is not present.

      • getExtension

        public org.bouncycastle.asn1.x509.Extension getExtension​(org.bouncycastle.asn1.ASN1ObjectIdentifier oid)
        Return the current value of the extension for OID.
        Parameters:
        oid - the OID for the extension we want to fetch.
        Returns:
        true if a matching extension is present, false otherwise.

      • setNextUpdate

        public X509v2CRLBuilder setNextUpdate​(java.util.Date date)
        Set the date by which the next CRL will become available.
        Parameters:
        date - date of next CRL update.
        Returns:
        the current builder.

      • setNextUpdate

        public X509v2CRLBuilder setNextUpdate​(java.util.Date date,
                                      java.util.Locale dateLocale)
        Set the date by which the next CRL will become available.
        Parameters:
        date - date of next CRL update.
        dateLocale - locale to be used for date interpretation.
        Returns:
        the current builder.

      • setNextUpdate

        public X509v2CRLBuilder setNextUpdate​(org.bouncycastle.asn1.x509.Time date)
        Set the date by which the next CRL will become available.
        Parameters:
        date - date of next CRL update.
        Returns:
        the current builder.

      • addCRLEntry

        public X509v2CRLBuilder addCRLEntry​(java.math.BigInteger userCertificateSerial,
                                    java.util.Date revocationDate,
                                    int reason)
        Add a CRL entry with the just reasonCode extension.
        Parameters:
        userCertificateSerial - serial number of revoked certificate.
        revocationDate - date of certificate revocation.
        reason - the reason code, as indicated in CRLReason, i.e CRLReason.keyCompromise, or 0 if not to be used.
        Returns:
        the current builder.

      • addCRLEntry

        public X509v2CRLBuilder addCRLEntry​(java.math.BigInteger userCertificateSerial,
                                    java.util.Date revocationDate,
                                    int reason,
                                    java.util.Date invalidityDate)
        Add a CRL entry with an invalidityDate extension as well as a reasonCode extension. This is used where the date of revocation might be after issues with the certificate may have occurred.
        Parameters:
        userCertificateSerial - serial number of revoked certificate.
        revocationDate - date of certificate revocation.
        reason - the reason code, as indicated in CRLReason, i.e CRLReason.keyCompromise, or 0 if not to be used.
        invalidityDate - the date on which the private key for the certificate became compromised or the certificate otherwise became invalid.
        Returns:
        the current builder.

      • addCRLEntry

        public X509v2CRLBuilder addCRLEntry​(java.math.BigInteger userCertificateSerial,
                                    java.util.Date revocationDate,
                                    org.bouncycastle.asn1.x509.Extensions extensions)
        Add a CRL entry with extensions.
        Parameters:
        userCertificateSerial - serial number of revoked certificate.
        revocationDate - date of certificate revocation.
        extensions - extension set to be associated with this CRLEntry.
        Returns:
        the current builder.

      • addCRL

        public X509v2CRLBuilder addCRL​(X509CRLHolder other)
        Add the CRLEntry objects contained in a previous CRL.
        Parameters:
        other - the X509CRLHolder to source the other entries from.
        Returns:
        the current builder.

      • addExtension

        public X509v2CRLBuilder addExtension​(org.bouncycastle.asn1.ASN1ObjectIdentifier oid,
                                     boolean isCritical,
                                     org.bouncycastle.asn1.ASN1Encodable value)
                              throws CertIOException
        Add a given extension field for the standard extensions tag (tag 3)
        Parameters:
        oid - the OID defining the extension type.
        isCritical - true if the extension is critical, false otherwise.
        value - the ASN.1 structure that forms the extension's value.
        Returns:
        this builder object.
        Throws:
        CertIOException

      • addExtension

        public X509v2CRLBuilder addExtension​(org.bouncycastle.asn1.ASN1ObjectIdentifier oid,
                                     boolean isCritical,
                                     byte[] encodedValue)
                              throws CertIOException
        Add a given extension field for the standard extensions tag (tag 3) using a byte encoding of the extension value.
        Parameters:
        oid - the OID defining the extension type.
        isCritical - true if the extension is critical, false otherwise.
        encodedValue - a byte array representing the encoding of the extension value.
        Returns:
        this builder object.
        Throws:
        CertIOException

      • addExtension

        public X509v2CRLBuilder addExtension​(org.bouncycastle.asn1.x509.Extension extension)
                              throws CertIOException
        Add a given extension field for the standard extensions tag (tag 3).
        Parameters:
        extension - the full extension value.
        Returns:
        this builder object.
        Throws:
        CertIOException

      • replaceExtension

        public X509v2CRLBuilder replaceExtension​(org.bouncycastle.asn1.ASN1ObjectIdentifier oid,
                                         boolean isCritical,
                                         org.bouncycastle.asn1.ASN1Encodable value)
                                  throws CertIOException
        Replace the extension field for the passed in extension's extension ID with a new version.
        Parameters:
        oid - the OID defining the extension type.
        isCritical - true if the extension is critical, false otherwise.
        value - the ASN.1 structure that forms the extension's value.
        Returns:
        this builder object.
        Throws:
        CertIOException - if there is an issue with the new extension value.
        java.lang.IllegalArgumentException - if the extension to be replaced is not present.

      • replaceExtension

        public X509v2CRLBuilder replaceExtension​(org.bouncycastle.asn1.x509.Extension extension)
                                  throws CertIOException
        Replace the extension field for the passed in extension's extension ID with a new version.
        Parameters:
        extension - the full extension value.
        Returns:
        this builder object.
        Throws:
        CertIOException - if there is an issue with the new extension value.
        java.lang.IllegalArgumentException - if the extension to be replaced is not present.

      • replaceExtension

        public X509v2CRLBuilder replaceExtension​(org.bouncycastle.asn1.ASN1ObjectIdentifier oid,
                                         boolean isCritical,
                                         byte[] encodedValue)
                                  throws CertIOException
        Replace a given extension field for the standard extensions tag (tag 3) with the passed in byte encoded extension value.
        Parameters:
        oid - the OID defining the extension type.
        isCritical - true if the extension is critical, false otherwise.
        encodedValue - a byte array representing the encoding of the extension value.
        Returns:
        this builder object.
        Throws:
        CertIOException - if there is an issue with the new extension value.
        java.lang.IllegalArgumentException - if the extension to be replaced is not present.

      • removeExtension

        public X509v2CRLBuilder removeExtension​(org.bouncycastle.asn1.ASN1ObjectIdentifier oid)
        Remove the extension indicated by OID.
        Parameters:
        oid - the OID of the extension to be removed.
        Returns:
        this builder object.
        Throws:
        java.lang.IllegalArgumentException - if the extension to be removed is not present.

      • build

        public X509CRLHolder build​(org.bouncycastle.operator.ContentSigner signer)
        Generate an X.509 CRL, based on the current issuer and subject using the passed in signer.
        Parameters:
        signer - the content signer to be used to generate the signature validating the certificate.
        Returns:
        a holder containing the resulting signed certificate.

      • build

        public X509CRLHolder build​(org.bouncycastle.operator.ContentSigner signer,
                           boolean isCritical,
                           org.bouncycastle.operator.ContentSigner altSigner)
        Generate an X.509 CRL, based on the current issuer using the passed in signer and containing altSignatureAlgorithm and altSignatureValue extensions based on the passed altSigner.
        Parameters:
        signer - the content signer to be used to generate the signature validating the CRL.
        altSigner - the content signer used to create the altSignatureAlgorithm and altSignatureValue extension.
        Returns:
        a holder containing the resulting signed CRL.