/**
   * generate an X509 CRL, based on the current issuer and subject, using the passed in provider for
   * the signing.
   */
  public X509CRL generateX509CRL(PrivateKey key, String provider, SecureRandom random)
      throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException {
    Signature sig = null;

    try {
      sig = Signature.getInstance(sigOID.getId(), provider);
    } catch (NoSuchAlgorithmException ex) {
      try {
        sig = Signature.getInstance(signatureAlgorithm, provider);
      } catch (NoSuchAlgorithmException e) {
        throw new SecurityException("exception creating signature: " + e.toString());
      }
    }

    if (random != null) {
      sig.initSign(key, random);
    } else {
      sig.initSign(key);
    }

    if (extensions != null) {
      tbsGen.setExtensions(new X509Extensions(extOrdering, extensions));
    }

    TBSCertList tbsCrl = tbsGen.generateTBSCertList();

    try {
      ByteArrayOutputStream bOut = new ByteArrayOutputStream();
      DEROutputStream dOut = new DEROutputStream(bOut);

      dOut.writeObject(tbsCrl);

      sig.update(bOut.toByteArray());
    } catch (Exception e) {
      throw new SecurityException("exception encoding TBS cert - " + e);
    }

    // Construct the CRL
    ASN1EncodableVector v = new ASN1EncodableVector();

    v.add(tbsCrl);
    v.add(sigAlgId);
    v.add(new DERBitString(sig.sign()));

    return new X509CRLObject(new CertificateList(new DERSequence(v)));
  }
  public void setSignatureAlgorithm(String signatureAlgorithm) {
    this.signatureAlgorithm = signatureAlgorithm;

    sigOID = (DERObjectIdentifier) algorithms.get(signatureAlgorithm.toUpperCase());

    if (sigOID == null) {
      throw new IllegalArgumentException("Unknown signature type requested");
    }

    sigAlgId = new AlgorithmIdentifier(this.sigOID, null);

    tbsGen.setSignature(sigAlgId);
  }
 public void setNextUpdate(Date date) {
   tbsGen.setNextUpdate(new DERUTCTime(dateF.format(date) + "Z"));
 }
 /**
  * Set the issuer distinguished name - the issuer is the entity whose private key is used to sign
  * the certificate.
  */
 public void setIssuerDN(X509Name issuer) {
   tbsGen.setIssuer(issuer);
 }
 /**
  * Reason being as indicated by ReasonFlags, i.e. ReasonFlags.KEY_COMPROMISE or 0 if ReasonFlags
  * are not to be used
  */
 public void addCRLEntry(BigInteger userCertificate, Date revocationDate, int reason) {
   tbsGen.addCRLEntry(
       new DERInteger(userCertificate),
       new DERUTCTime(dateF.format(revocationDate) + "Z"),
       reason);
 }