import org.bouncycastle.asn1.x509.Time; //导入依赖的package包/类
/**
 * Create a builder for a version 1 certificate.
 *
 * @param issuer the certificate issuer
 * @param serial the certificate serial number
 * @param notBefore the date before which the certificate is not valid
 * @param notAfter the date after which the certificate is not valid
 * @param subject the certificate subject
 * @param publicKeyInfo the info structure for the public key to be associated with this certificate.
 */
public X509v1CertificateBuilder(X500Name issuer, BigInteger serial, Date notBefore, Date notAfter, X500Name subject, SubjectPublicKeyInfo publicKeyInfo)
{
    if (issuer == null)
    {
        throw new IllegalArgumentException("issuer must not be null");
    }

    if (publicKeyInfo == null)
    {
        throw new IllegalArgumentException("publicKeyInfo must not be null");
    }

    tbsGen = new V1TBSCertificateGenerator();
    tbsGen.setSerialNumber(new ASN1Integer(serial));
    tbsGen.setIssuer(issuer);
    tbsGen.setStartDate(new Time(notBefore));
    tbsGen.setEndDate(new Time(notAfter));
    tbsGen.setSubject(subject);
    tbsGen.setSubjectPublicKeyInfo(publicKeyInfo);
}
 

import org.bouncycastle.asn1.x509.Time; //导入依赖的package包/类
private OptionalValidity(ASN1Sequence seq)
{
    Enumeration en = seq.getObjects();
    while (en.hasMoreElements())
    {
        ASN1TaggedObject tObj = (ASN1TaggedObject)en.nextElement();

        if (tObj.getTagNo() == 0)
        {
            notBefore = Time.getInstance(tObj, true);
        }
        else
        {
            notAfter = Time.getInstance(tObj, true);
        }
    }
}
 

import org.bouncycastle.asn1.x509.Time; //导入依赖的package包/类
/**
 * Create a builder for a version 1 certificate.
 *
 * @param issuer the certificate issuer
 * @param serial the certificate serial number
 * @param notBefore the Time before which the certificate is not valid
 * @param notAfter the Time after which the certificate is not valid
 * @param subject the certificate subject
 * @param publicKeyInfo the info structure for the public key to be associated with this certificate.
 */
public X509v1CertificateBuilder(X500Name issuer, BigInteger serial, Time notBefore, Time notAfter, X500Name subject, SubjectPublicKeyInfo publicKeyInfo)
{
    if (issuer == null)
    {
        throw new IllegalArgumentException("issuer must not be null");
    }

    if (publicKeyInfo == null)
    {
        throw new IllegalArgumentException("publicKeyInfo must not be null");
    }

    tbsGen = new V1TBSCertificateGenerator();
    tbsGen.setSerialNumber(new ASN1Integer(serial));
    tbsGen.setIssuer(issuer);
    tbsGen.setStartDate(notBefore);
    tbsGen.setEndDate(notAfter);
    tbsGen.setSubject(subject);
    tbsGen.setSubjectPublicKeyInfo(publicKeyInfo);
}
 

import org.bouncycastle.asn1.x509.Time; //导入依赖的package包/类
private static TBSCertificate createTBS(ByteArrayOutputStream bOut, SubjectPublicKeyInfo ski, AlgorithmIdentifier algo) throws IOException {
    TBSCertificate tbs = null;

    V1TBSCertificateGenerator tbsGen = new V1TBSCertificateGenerator();
    tbsGen.setSerialNumber(new ASN1Integer(0x1));
    tbsGen.setStartDate(new Time(new Date(100, 01, 01, 00, 00, 00)));
    tbsGen.setEndDate(new Time(new Date(130, 12, 31, 23, 59, 59)));
    tbsGen.setIssuer(new X500Name("CN=Cryptonit"));
    tbsGen.setSubject(new X500Name("CN=Cryptonit"));
    tbsGen.setSignature(algo);
    tbsGen.setSubjectPublicKeyInfo(ski);
    tbs = tbsGen.generateTBSCertificate();

    ASN1OutputStream aOut = new ASN1OutputStream(bOut);
    aOut.writeObject(tbs);
    System.out.println("Build TBS");
    System.out.println(toHex(bOut.toByteArray()));
    Base64.encode(bOut.toByteArray(), System.out);
    System.out.println();

    return tbs;
}
 

import org.bouncycastle.asn1.x509.Time; //导入依赖的package包/类
private void addSigningTimeAttribute(final CAdESSignatureParameters parameters, final ASN1EncodableVector signedAttributes) {

		if (!padesUsage) {
			/*
			 * In PAdES, we don't include the signing time : ETSI TS 102 778-3 V1.2.1 (2010-07): 4.5.3 signing-time
			 * Attribute
			 */
			final Date signingDate = parameters.bLevel().getSigningDate();
			if (signingDate != null) {

				final DERSet attrValues = new DERSet(new Time(signingDate));
				final Attribute attribute = new Attribute(pkcs_9_at_signingTime, attrValues);
				signedAttributes.add(attribute);
			}
		}
	}
 

import org.bouncycastle.asn1.x509.Time; //导入依赖的package包/类
private X509Certificate makeRootCert(KeyPair kp) throws InvalidKeyException, IllegalStateException, NoSuchProviderException,
        SignatureException, IOException, NoSuchAlgorithmException, ParseException, OperatorCreationException, CertificateException {

    // Load real root certificate
    X509CertificateHolder real = getRealCert("sk-root.pem");

    // Use values from real certificate
    JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(real.getIssuer(), real.getSerialNumber(), Time.getInstance(new ASN1GeneralizedTime(real.getNotBefore())), Time.getInstance(new ASN1GeneralizedTime(real.getNotAfter())), real.getSubject(), kp.getPublic());

    @SuppressWarnings("unchecked")
    List<ASN1ObjectIdentifier> list = real.getExtensionOIDs();

    // Copy all extensions verbatim
    for (ASN1ObjectIdentifier extoid : list) {
        Extension ext = real.getExtension(extoid);
        builder.copyAndAddExtension(ext.getExtnId(), ext.isCritical(), real);
    }

    // Generate cert
    ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BouncyCastleProvider.PROVIDER_NAME).build(kp.getPrivate());

    X509CertificateHolder cert = builder.build(sigGen);
    return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getCertificate(cert);
}
 

import org.bouncycastle.asn1.x509.Time; //导入依赖的package包/类
private X509Certificate makeEsteidCert(KeyPair esteid, KeyPair root) throws InvalidKeyException, IllegalStateException,
        NoSuchProviderException, SignatureException, IOException, NoSuchAlgorithmException, ParseException, OperatorCreationException,
        CertificateException {

    // Load current root certificate
    X509CertificateHolder real = getRealCert("sk-esteid.pem");

    JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(real.getIssuer(), real.getSerialNumber(),
            Time.getInstance(new ASN1UTCTime(real.getNotBefore())), Time.getInstance(new ASN1GeneralizedTime(real.getNotAfter())), real.getSubject(), esteid.getPublic());

    // Basic constraints
    @SuppressWarnings("unchecked")
    List<ASN1ObjectIdentifier> list = real.getExtensionOIDs();

    // Copy all extensions
    for (ASN1ObjectIdentifier extoid : list) {
        Extension ext = real.getExtension(extoid);
        builder.copyAndAddExtension(ext.getExtnId(), ext.isCritical(), real);
    }

    // Generate cert
    ContentSigner sigGen = new JcaContentSignerBuilder("SHA384withRSA").setProvider(BouncyCastleProvider.PROVIDER_NAME).build(root.getPrivate());

    X509CertificateHolder cert = builder.build(sigGen);
    return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getCertificate(cert);
}
 

import org.bouncycastle.asn1.x509.Time; //导入依赖的package包/类
/**
 * Basic constructor.
 *
 * @param issuer the issuer this CRL is associated with.
 * @param thisUpdate  the date of this update.
 */
public X509v2CRLBuilder(
    X500Name issuer,
    Date     thisUpdate)
{
    tbsGen = new V2TBSCertListGenerator();
    extGenerator = new ExtensionsGenerator();

    tbsGen.setIssuer(issuer);
    tbsGen.setThisUpdate(new Time(thisUpdate));
}
 

import org.bouncycastle.asn1.x509.Time; //导入依赖的package包/类
/**
 * Set the date by which the next CRL will become available.
 *
 * @param date  date of next CRL update.
 * @return the current builder.
 */
public X509v2CRLBuilder setNextUpdate(
    Date    date)
{
    tbsGen.setNextUpdate(new Time(date));

    return this;
}
 

import org.bouncycastle.asn1.x509.Time; //导入依赖的package包/类
/**
 * Create a builder for a version 3 certificate.
 *
 * @param issuer the certificate issuer
 * @param serial the certificate serial number
 * @param notBefore the date before which the certificate is not valid
 * @param notAfter the date after which the certificate is not valid
 * @param subject the certificate subject
 * @param publicKeyInfo the info structure for the public key to be associated with this certificate.
 */
public X509v3CertificateBuilder(X500Name issuer, BigInteger serial, Date notBefore, Date notAfter, X500Name subject, SubjectPublicKeyInfo publicKeyInfo)
{
    tbsGen = new V3TBSCertificateGenerator();
    tbsGen.setSerialNumber(new ASN1Integer(serial));
    tbsGen.setIssuer(issuer);
    tbsGen.setStartDate(new Time(notBefore));
    tbsGen.setEndDate(new Time(notAfter));
    tbsGen.setSubject(subject);
    tbsGen.setSubjectPublicKeyInfo(publicKeyInfo);

    extGenerator = new ExtensionsGenerator();
}
 

import org.bouncycastle.asn1.x509.Time; //导入依赖的package包/类
private Time createTime(Date date)
{
    if (date != null)
    {
        return new Time(date);
    }

    return null;
}
 

import org.bouncycastle.asn1.x509.Time; //导入依赖的package包/类
/**
 * Set the date by which the next CRL will become available.
 *
 * @param date  date of next CRL update.
 * @return the current builder.
 */
public X509v2CRLBuilder setNextUpdate(
    Time    date)
{
    tbsGen.setNextUpdate(date);

    return this;
}
 

import org.bouncycastle.asn1.x509.Time; //导入依赖的package包/类
/**
 * Create a builder for a version 3 certificate.
 *
 * @param issuer the certificate issuer
 * @param serial the certificate serial number
 * @param notBefore the Time before which the certificate is not valid
 * @param notAfter the Time after which the certificate is not valid
 * @param subject the certificate subject
 * @param publicKeyInfo the info structure for the public key to be associated with this certificate.
 */
public X509v3CertificateBuilder(X500Name issuer, BigInteger serial, Time notBefore, Time notAfter, X500Name subject, SubjectPublicKeyInfo publicKeyInfo)
{
    tbsGen = new V3TBSCertificateGenerator();
    tbsGen.setSerialNumber(new ASN1Integer(serial));
    tbsGen.setIssuer(issuer);
    tbsGen.setStartDate(notBefore);
    tbsGen.setEndDate(notAfter);
    tbsGen.setSubject(subject);
    tbsGen.setSubjectPublicKeyInfo(publicKeyInfo);

    extGenerator = new ExtensionsGenerator();
}
 

import org.bouncycastle.asn1.x509.Time; //导入依赖的package包/类
protected void extractExpiredCertsOnCRL(CRLValidity validity, byte[] expiredCertsOnCRLBinaries) {
	if (expiredCertsOnCRLBinaries != null) {
		try {
			ASN1OctetString octetString = (ASN1OctetString) ASN1Primitive.fromByteArray(expiredCertsOnCRLBinaries);
			Time time = Time.getInstance(ASN1Primitive.fromByteArray(octetString.getOctets()));
			if (time != null && time.toASN1Primitive() instanceof ASN1GeneralizedTime) {
				validity.setExpiredCertsOnCRL(time.getDate());
			} else {
				LOG.warn("Attribute 'expiredCertsOnCRL' found but ignored (should be encoded as ASN.1 GeneralizedTime)");
			}
		} catch (Exception e) {
			LOG.error("Unable to parse expiredCertsOnCRL on CRL : " + e.getMessage(), e);
		}
	}
}
 

import org.bouncycastle.asn1.x509.Time; //导入依赖的package包/类
public static Date getDate(ASN1Encodable encodable) {
	try {
		return Time.getInstance(encodable).getDate();
	} catch (Exception e) {
		LOG.warn("Unable to retrieve the date : " + encodable, e);
		return null;
	}
}
 

import org.bouncycastle.asn1.x509.Time; //导入依赖的package包/类
private static void checkTime(Time time, ValidationIssue issue) {
    ASN1Primitive asn1Time = time.toASN1Primitive();
    if (time.getDate().getTime() / 1000 < EPOCHTIME_2050010100) {
        if (!(asn1Time instanceof ASN1UTCTime)) {
            issue.setFailureMessage("not encoded as UTCTime");
        }
    } else {
        if (!(asn1Time instanceof ASN1GeneralizedTime)) {
            issue.setFailureMessage("not encoded as GeneralizedTime");
        }
    }
}