java.lang.Object
- net.maritimeconnectivity.pki.Revocation

```
public class Revocation
extends Object
```
Class that contains functions that are relevant for providing revocation information

Method Summary

All Methods Static Methods Concrete Methods
Modifier and Type	Method	Description
`static X509CRL`	`generateCRL(List<RevocationInfo> revokedCerts, KeyStore.PrivateKeyEntry keyEntry, PKIConfiguration pkiConfiguration)`	Creates a Certificate RevocationInfo List (CRL) for the certificate serialnumbers given.
`static org.bouncycastle.cert.ocsp.OCSPResp`	`generateOCSPResponse(org.bouncycastle.cert.ocsp.BasicOCSPRespBuilder respBuilder, KeyStore.PrivateKeyEntry signingCert, P11PKIConfiguration p11PKIConfiguration)`	Generates a OCSPResp.
`static void`	`generateRootCACRL(String signName, List<RevocationInfo> revokedCerts, KeyStore.PrivateKeyEntry keyEntry, String outputCaCrlPath, AuthProvider pkcs11Provider)`	Creates a Certificate RevocationInfo List (CRL) for the certificate serialnumbers given.
`static int`	`getCRLReasonFromString(String certReason)`	Returns the int value associated with a revocation status
`static org.bouncycastle.cert.ocsp.OCSPResp`	`handleOCSP(org.bouncycastle.cert.ocsp.OCSPReq request, PublicKey caPublicKey, KeyStore.PrivateKeyEntry signingCA, Map<org.bouncycastle.cert.ocsp.CertificateID,org.bouncycastle.cert.ocsp.CertificateStatus> certificateStatusMap, PKIConfiguration pkiConfiguration)`
`static org.bouncycastle.cert.ocsp.BasicOCSPRespBuilder`	`initOCSPRespBuilder(org.bouncycastle.cert.ocsp.OCSPReq request, PublicKey publicKey)`	Generate a BasicOCSPRespBuilder.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

getCRLReasonFromString
```
public static int getCRLReasonFromString(String certReason)
```
Returns the int value associated with a revocation status

Parameters:

certReason - The string representation of the status. Should be lowercase with no spaces or underscore

Returns:

The int value associated with the revocation status

generateCRL

public static X509CRL generateCRL(List<RevocationInfo> revokedCerts,
                                  KeyStore.PrivateKeyEntry keyEntry,
                                  PKIConfiguration pkiConfiguration)

Creates a Certificate RevocationInfo List (CRL) for the certificate serialnumbers given.

Parameters:: revokedCerts - List of the serialnumbers that should be revoked.; keyEntry - Private key to sign the CRL; pkiConfiguration - A PKIConfiguration
Returns:: a CRL

generateRootCACRL

public static void generateRootCACRL(String signName,
                                     List<RevocationInfo> revokedCerts,
                                     KeyStore.PrivateKeyEntry keyEntry,
                                     String outputCaCrlPath,
                                     AuthProvider pkcs11Provider)

Creates a Certificate RevocationInfo List (CRL) for the certificate serialnumbers given.

Parameters:: signName - DN name of the signing certificate; revokedCerts - List of the serialnumbers that should be revoked.; keyEntry - Private key to sign the CRL; outputCaCrlPath - Where to place the CRL; pkcs11Provider - PKCS#11 provider. If null default BC provider will be used.

handleOCSP

public static org.bouncycastle.cert.ocsp.OCSPResp handleOCSP(org.bouncycastle.cert.ocsp.OCSPReq request,
                                                             PublicKey caPublicKey,
                                                             KeyStore.PrivateKeyEntry signingCA,
                                                             Map<org.bouncycastle.cert.ocsp.CertificateID,org.bouncycastle.cert.ocsp.CertificateStatus> certificateStatusMap,
                                                             PKIConfiguration pkiConfiguration)

Parameters:: request - The incoming issue; caPublicKey - The public key of the signing CA; signingCA - The keystore entry for the signing CA; certificateStatusMap - A mapping from CertificateID to CertificateStatus; pkiConfiguration - A PKIConfiguration
Returns:: An OCSP response

initOCSPRespBuilder

public static org.bouncycastle.cert.ocsp.BasicOCSPRespBuilder initOCSPRespBuilder(org.bouncycastle.cert.ocsp.OCSPReq request,
                                                                                  PublicKey publicKey)
                                                                           throws org.bouncycastle.cert.ocsp.OCSPException,
                                                                                  org.bouncycastle.operator.OperatorCreationException

Generate a BasicOCSPRespBuilder.

Parameters:: request - The incoming request.; publicKey - Public key of the issuer.
Returns:: a BasicOCSPRespBuilder
Throws:: org.bouncycastle.cert.ocsp.OCSPException; org.bouncycastle.operator.OperatorCreationException

generateOCSPResponse

public static org.bouncycastle.cert.ocsp.OCSPResp generateOCSPResponse(org.bouncycastle.cert.ocsp.BasicOCSPRespBuilder respBuilder,
                                                                       KeyStore.PrivateKeyEntry signingCert,
                                                                       P11PKIConfiguration p11PKIConfiguration)
                                                                throws org.bouncycastle.cert.ocsp.OCSPException,
                                                                       IOException,
                                                                       org.bouncycastle.operator.OperatorCreationException,
                                                                       CertificateEncodingException

Generates a OCSPResp.

Parameters:: respBuilder - A BasicOCSPRespBuilder; signingCert - PrivateKeyEntry of the signing certificate.; p11PKIConfiguration - A P11PKIConfiguration. Can be null
Returns:: a OCSPResp
Throws:: org.bouncycastle.cert.ocsp.OCSPException; IOException; org.bouncycastle.operator.OperatorCreationException; CertificateEncodingException

Class Revocation