Package org.bouncycastle.cert

Class X509v2CRLBuilder

java.lang.Object
org.bouncycastle.cert.X509v2CRLBuilder
Direct Known Subclasses:
JcaX509v2CRLBuilder
public class X509v2CRLBuilder extends Object
class to produce an X.509 Version 2 CRL.

  • Constructor Details

    • X509v2CRLBuilder

      public X509v2CRLBuilder(org.bouncycastle.asn1.x500.X500Name issuer, Date thisUpdate)
      Basic constructor.
      Parameters:
      issuer - the issuer this CRL is associated with.
      thisUpdate - the date of this update.

    • X509v2CRLBuilder

      public X509v2CRLBuilder(org.bouncycastle.asn1.x500.X500Name issuer, Date thisUpdate, Locale dateLocale)
      Basic constructor with Locale. You may need to use this constructor if the default locale doesn't use a Gregorian calender so that the Time produced is compatible with other ASN.1 implementations.
      Parameters:
      issuer - the issuer this CRL is associated with.
      thisUpdate - the date of this update.
      dateLocale - locale to be used for date interpretation.

    • X509v2CRLBuilder

      public X509v2CRLBuilder(org.bouncycastle.asn1.x500.X500Name issuer, org.bouncycastle.asn1.x509.Time thisUpdate)
      Basic constructor.
      Parameters:
      issuer - the issuer this CRL is associated with.
      thisUpdate - the Time of this update.

    • X509v2CRLBuilder

      public X509v2CRLBuilder(X509CRLHolder template)
      Create a builder for a version 2 CRL, initialised with another CRL.
      Parameters:
      template - template CRL to base the new one on.

  • Method Details

    • hasExtension

      public boolean hasExtension(org.bouncycastle.asn1.ASN1ObjectIdentifier oid)
      Return if the extension indicated by OID is present.
      Parameters:
      oid - the OID for the extension of interest.
      Returns:
      the Extension, or null if it is not present.

    • getExtension

      public org.bouncycastle.asn1.x509.Extension getExtension(org.bouncycastle.asn1.ASN1ObjectIdentifier oid)
      Return the current value of the extension for OID.
      Parameters:
      oid - the OID for the extension we want to fetch.
      Returns:
      true if a matching extension is present, false otherwise.

    • setThisUpdate

      public X509v2CRLBuilder setThisUpdate(Date date)
      Set the date by which the next CRL will become available.
      Parameters:
      date - date of next CRL update.
      Returns:
      the current builder.

    • setThisUpdate

      public X509v2CRLBuilder setThisUpdate(Date date, Locale dateLocale)
      Set the date by which the next CRL will become available.
      Parameters:
      date - date of next CRL update.
      dateLocale - locale to be used for date interpretation.
      Returns:
      the current builder.

    • setThisUpdate

      public X509v2CRLBuilder setThisUpdate(org.bouncycastle.asn1.x509.Time date)
      Set the date by which the next CRL will become available.
      Parameters:
      date - date of next CRL update.
      Returns:
      the current builder.

    • setNextUpdate

      public X509v2CRLBuilder setNextUpdate(Date date)
      Set the date by which the next CRL will become available.
      Parameters:
      date - date of next CRL update.
      Returns:
      the current builder.

    • setNextUpdate

      public X509v2CRLBuilder setNextUpdate(Date date, Locale dateLocale)
      Set the date by which the next CRL will become available.
      Parameters:
      date - date of next CRL update.
      dateLocale - locale to be used for date interpretation.
      Returns:
      the current builder.

    • setNextUpdate

      public X509v2CRLBuilder setNextUpdate(org.bouncycastle.asn1.x509.Time date)
      Set the date by which the next CRL will become available.
      Parameters:
      date - date of next CRL update.
      Returns:
      the current builder.

    • addCRLEntry

      public X509v2CRLBuilder addCRLEntry(BigInteger userCertificateSerial, Date revocationDate, int reason)
      Add a CRL entry with the just reasonCode extension.
      Parameters:
      userCertificateSerial - serial number of revoked certificate.
      revocationDate - date of certificate revocation.
      reason - the reason code, as indicated in CRLReason, i.e CRLReason.keyCompromise, or 0 if not to be used.
      Returns:
      the current builder.

    • addCRLEntry

      public X509v2CRLBuilder addCRLEntry(BigInteger userCertificateSerial, Date revocationDate, int reason, Date invalidityDate)
      Add a CRL entry with an invalidityDate extension as well as a reasonCode extension. This is used where the date of revocation might be after issues with the certificate may have occurred.
      Parameters:
      userCertificateSerial - serial number of revoked certificate.
      revocationDate - date of certificate revocation.
      reason - the reason code, as indicated in CRLReason, i.e CRLReason.keyCompromise, or 0 if not to be used.
      invalidityDate - the date on which the private key for the certificate became compromised or the certificate otherwise became invalid.
      Returns:
      the current builder.

    • addCRLEntry

      public X509v2CRLBuilder addCRLEntry(BigInteger userCertificateSerial, Date revocationDate, org.bouncycastle.asn1.x509.Extensions extensions)
      Add a CRL entry with extensions.
      Parameters:
      userCertificateSerial - serial number of revoked certificate.
      revocationDate - date of certificate revocation.
      extensions - extension set to be associated with this CRLEntry.
      Returns:
      the current builder.

    • addCRL

      public X509v2CRLBuilder addCRL(X509CRLHolder other)
      Add the CRLEntry objects contained in a previous CRL.
      Parameters:
      other - the X509CRLHolder to source the other entries from.
      Returns:
      the current builder.

    • addExtension

      public X509v2CRLBuilder addExtension(org.bouncycastle.asn1.ASN1ObjectIdentifier oid, boolean isCritical, org.bouncycastle.asn1.ASN1Encodable value) throws CertIOException
      Add a given extension field for the standard extensions tag (tag 3)
      Parameters:
      oid - the OID defining the extension type.
      isCritical - true if the extension is critical, false otherwise.
      value - the ASN.1 structure that forms the extension's value.
      Returns:
      this builder object.
      Throws:
      CertIOException

    • addExtension

      public X509v2CRLBuilder addExtension(org.bouncycastle.asn1.ASN1ObjectIdentifier oid, boolean isCritical, byte[] encodedValue) throws CertIOException
      Add a given extension field for the standard extensions tag (tag 3) using a byte encoding of the extension value.
      Parameters:
      oid - the OID defining the extension type.
      isCritical - true if the extension is critical, false otherwise.
      encodedValue - a byte array representing the encoding of the extension value.
      Returns:
      this builder object.
      Throws:
      CertIOException

    • addExtension

      public X509v2CRLBuilder addExtension(org.bouncycastle.asn1.x509.Extension extension) throws CertIOException
      Add a given extension field for the standard extensions tag (tag 3).
      Parameters:
      extension - the full extension value.
      Returns:
      this builder object.
      Throws:
      CertIOException

    • replaceExtension

      public X509v2CRLBuilder replaceExtension(org.bouncycastle.asn1.ASN1ObjectIdentifier oid, boolean isCritical, org.bouncycastle.asn1.ASN1Encodable value) throws CertIOException
      Replace the extension field for the passed in extension's extension ID with a new version.
      Parameters:
      oid - the OID defining the extension type.
      isCritical - true if the extension is critical, false otherwise.
      value - the ASN.1 structure that forms the extension's value.
      Returns:
      this builder object.
      Throws:
      CertIOException - if there is an issue with the new extension value.
      IllegalArgumentException - if the extension to be replaced is not present.

    • replaceExtension

      public X509v2CRLBuilder replaceExtension(org.bouncycastle.asn1.x509.Extension extension) throws CertIOException
      Replace the extension field for the passed in extension's extension ID with a new version.
      Parameters:
      extension - the full extension value.
      Returns:
      this builder object.
      Throws:
      CertIOException - if there is an issue with the new extension value.
      IllegalArgumentException - if the extension to be replaced is not present.

    • replaceExtension

      public X509v2CRLBuilder replaceExtension(org.bouncycastle.asn1.ASN1ObjectIdentifier oid, boolean isCritical, byte[] encodedValue) throws CertIOException
      Replace a given extension field for the standard extensions tag (tag 3) with the passed in byte encoded extension value.
      Parameters:
      oid - the OID defining the extension type.
      isCritical - true if the extension is critical, false otherwise.
      encodedValue - a byte array representing the encoding of the extension value.
      Returns:
      this builder object.
      Throws:
      CertIOException - if there is an issue with the new extension value.
      IllegalArgumentException - if the extension to be replaced is not present.

    • removeExtension

      public X509v2CRLBuilder removeExtension(org.bouncycastle.asn1.ASN1ObjectIdentifier oid)
      Remove the extension indicated by OID.
      Parameters:
      oid - the OID of the extension to be removed.
      Returns:
      this builder object.
      Throws:
      IllegalArgumentException - if the extension to be removed is not present.

    • build

      public X509CRLHolder build(ContentSigner signer)
      Generate an X.509 CRL, based on the current issuer and subject using the passed in signer.
      Parameters:
      signer - the content signer to be used to generate the signature validating the certificate.
      Returns:
      a holder containing the resulting signed certificate.