/**
* generate an X509 CRL, based on the current issuer and subject, using the passed in provider for
* the signing.
*/
public X509CRL generateX509CRL(PrivateKey key, String provider, SecureRandom random)
throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException {
Signature sig = null;
try {
sig = Signature.getInstance(sigOID.getId(), provider);
} catch (NoSuchAlgorithmException ex) {
try {
sig = Signature.getInstance(signatureAlgorithm, provider);
} catch (NoSuchAlgorithmException e) {
throw new SecurityException("exception creating signature: " + e.toString());
}
}
if (random != null) {
sig.initSign(key, random);
} else {
sig.initSign(key);
}
if (extensions != null) {
tbsGen.setExtensions(new X509Extensions(extOrdering, extensions));
}
TBSCertList tbsCrl = tbsGen.generateTBSCertList();
try {
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
DEROutputStream dOut = new DEROutputStream(bOut);
dOut.writeObject(tbsCrl);
sig.update(bOut.toByteArray());
} catch (Exception e) {
throw new SecurityException("exception encoding TBS cert - " + e);
}
// Construct the CRL
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(tbsCrl);
v.add(sigAlgId);
v.add(new DERBitString(sig.sign()));
return new X509CRLObject(new CertificateList(new DERSequence(v)));
}
public void setSignatureAlgorithm(String signatureAlgorithm) {
this.signatureAlgorithm = signatureAlgorithm;
sigOID = (DERObjectIdentifier) algorithms.get(signatureAlgorithm.toUpperCase());
if (sigOID == null) {
throw new IllegalArgumentException("Unknown signature type requested");
}
sigAlgId = new AlgorithmIdentifier(this.sigOID, null);
tbsGen.setSignature(sigAlgId);
}
public void setNextUpdate(Date date) {
tbsGen.setNextUpdate(new DERUTCTime(dateF.format(date) + "Z"));
}
/**
* Set the issuer distinguished name - the issuer is the entity whose private key is used to sign
* the certificate.
*/
public void setIssuerDN(X509Name issuer) {
tbsGen.setIssuer(issuer);
}
/**
* Reason being as indicated by ReasonFlags, i.e. ReasonFlags.KEY_COMPROMISE or 0 if ReasonFlags
* are not to be used
*/
public void addCRLEntry(BigInteger userCertificate, Date revocationDate, int reason) {
tbsGen.addCRLEntry(
new DERInteger(userCertificate),
new DERUTCTime(dateF.format(revocationDate) + "Z"),
reason);
}