| | |
|---|
| | | import java.security.cert.CertPathBuilderException;
|
|---|
| | | import java.security.cert.CertStore;
|
|---|
| | | import java.security.cert.Certificate;
|
|---|
| | | import java.security.cert.CertificateEncodingException;
|
|---|
| | | import java.security.cert.CertificateFactory;
|
|---|
| | | import java.security.cert.CollectionCertStoreParameters;
|
|---|
| | | import java.security.cert.PKIXBuilderParameters;
|
|---|
| | |
|---|
| | | import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
|
|---|
| | | import org.bouncycastle.jce.PrincipalUtil;
|
|---|
| | | import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier;
|
|---|
| | | import org.bouncycastle.openssl.PEMEncryptor;
|
|---|
| | | import org.bouncycastle.openssl.PEMWriter;
|
|---|
| | | import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
|
|---|
| | | import org.bouncycastle.openssl.jcajce.JcePEMEncryptorBuilder;
|
|---|
| | | import org.bouncycastle.operator.ContentSigner;
|
|---|
| | | import org.bouncycastle.operator.OperatorCreationException;
|
|---|
| | | import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
|
|---|
| | | import org.slf4j.Logger;
|
|---|
| | | import org.slf4j.LoggerFactory;
|
|---|
| | |
|---|
| | | if (pemFile.exists()) {
|
|---|
| | | pemFile.delete();
|
|---|
| | | }
|
|---|
| | | PEMWriter pemWriter = new PEMWriter(new FileWriter(pemFile));
|
|---|
| | | pemWriter.writeObject(pair.getPrivate(), "DES-EDE3-CBC", clientMetadata.password.toCharArray(), new SecureRandom());
|
|---|
| | | JcePEMEncryptorBuilder builder = new JcePEMEncryptorBuilder("DES-EDE3-CBC");
|
|---|
| | | builder.setSecureRandom(new SecureRandom());
|
|---|
| | | PEMEncryptor pemEncryptor = builder.build(clientMetadata.password.toCharArray());
|
|---|
| | | JcaPEMWriter pemWriter = new JcaPEMWriter(new FileWriter(pemFile));
|
|---|
| | | pemWriter.writeObject(pair.getPrivate(), pemEncryptor);
|
|---|
| | | pemWriter.writeObject(userCert);
|
|---|
| | | pemWriter.writeObject(caCert);
|
|---|
| | | pemWriter.flush();
|
|---|
| | |
|---|
| | | x509log.log(MessageFormat.format("Revoked certificate {0,number,0} reason: {1} [{2}]",
|
|---|
| | | cert.getSerialNumber(), reason.toString(), cert.getSubjectDN().getName()));
|
|---|
| | | return true;
|
|---|
| | | } catch (Exception e) {
|
|---|
| | | } catch (IOException | OperatorCreationException | CertificateEncodingException e) {
|
|---|
| | | logger.error(MessageFormat.format("Failed to revoke certificate {0,number,0} [{1}] in {2}",
|
|---|
| | | cert.getSerialNumber(), cert.getSubjectDN().getName(), caRevocationList));
|
|---|
| | | }
|
|---|
