2 * //******************************************************************
4 * // Copyright 2016 Samsung Electronics All Rights Reserved.
6 * //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
8 * // Licensed under the Apache License, Version 2.0 (the "License");
9 * // you may not use this file except in compliance with the License.
10 * // You may obtain a copy of the License at
12 * // http://www.apache.org/licenses/LICENSE-2.0
14 * // Unless required by applicable law or agreed to in writing, software
15 * // distributed under the License is distributed on an "AS IS" BASIS,
16 * // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * // See the License for the specific language governing permissions and
18 * // limitations under the License.
20 * //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
22 import org.bouncycastle.asn1.x500.X500Name;
23 import org.bouncycastle.cert.X509CRLHolder;
24 import org.bouncycastle.cert.X509v2CRLBuilder;
25 import org.bouncycastle.jce.provider.BouncyCastleProvider;
26 import org.bouncycastle.operator.ContentSigner;
27 import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
29 import java.math.BigInteger;
30 import java.security.*;
31 import java.security.spec.PKCS8EncodedKeySpec;
32 import java.util.Arrays;
33 import java.util.Date;
35 import java.security.spec.ECGenParameterSpec;
37 public final class CrlIssuer {
39 private static final String BC = org.bouncycastle.jce.provider.BouncyCastleProvider.PROVIDER_NAME;
40 private static final String SIGNING_ALGORITHM = "SHA256withECDSA";
43 throw new AssertionError();//to get rid of security issue, connected with Java Reflection API
47 Security.insertProviderAt(new BouncyCastleProvider(), 1);
50 public static byte[] generateCrl(String issuerName,
53 byte[] issuerPrivateKey) throws Exception {
55 X500Name issuerDN = new X500Name(issuerName);
56 X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(issuerDN, thisUpdate);
58 for (CrlInfo item: items) {
59 crlBuilder.addCRLEntry(item.getSerialNumber(), item.getRevocationDate(), 0);
62 KeyFactory kf = KeyFactory.getInstance("ECDSA");
63 PrivateKey privateKey = kf.generatePrivate(new PKCS8EncodedKeySpec(issuerPrivateKey));
65 // build and sign CRL with CA private key
66 ContentSigner signer = new JcaContentSignerBuilder(SIGNING_ALGORITHM).setProvider(BC).build(privateKey);
67 X509CRLHolder crl = crlBuilder.build(signer);
69 CrlStore.saveCrl(crl);
71 return crl.getEncoded();
74 public static byte[] getCrl() throws Exception {
75 X509CRLHolder crl = CrlStore.loadCrl();
76 return crl.getEncoded();
79 public static void main(String[] args) {
80 System.out.println("Start!");
82 /* generate dummy crl items */
83 CrlInfo[] items = new CrlInfo[2];
85 for (int i = 0; i < items.length; i++) {
86 items[i] = new CrlInfo();
87 items[i].setSerialNumber(BigInteger.valueOf(val++));
88 items[i].setRevocationDate(new Date());
91 ECGenParameterSpec ecGenSpec = new ECGenParameterSpec("prime192v1");
93 KeyPairGenerator g = KeyPairGenerator.getInstance("ECDSA", "BC");
94 g.initialize(ecGenSpec, new SecureRandom());
95 KeyPair pair = g.generateKeyPair();
97 PrivateKey key = pair.getPrivate();
98 byte[] crl = generateCrl("C=DE,O=Samsung", new Date(), items, key.getEncoded());
100 System.out.println("Success!");
101 System.out.println("Stored CRL = " + getHex(crl));
103 catch (java.lang.Exception e)
107 System.out.println("End!");
110 static final String HEXES = "0123456789ABCDEF";
111 public static String getHex( byte [] raw ) {
115 final StringBuilder hex = new StringBuilder( 2 * raw.length );
116 for ( final byte b : raw ) {
117 hex.append(HEXES.charAt((b & 0xF0) >> 4))
118 .append(HEXES.charAt((b & 0x0F)));
120 return hex.toString();