List of usage examples for org.bouncycastle.asn1 ASN1Enumerated getInstance
public static ASN1Enumerated getInstance(Object obj)
From source file:be.fedict.trust.crl.CrlTrustLinker.java
License:Open Source License
@Override public TrustLinkerResult hasTrustLink(X509Certificate childCertificate, X509Certificate certificate, Date validationDate, RevocationData revocationData, AlgorithmPolicy algorithmPolicy) throws TrustLinkerResultException, Exception { URI crlUri = getCrlUri(childCertificate); if (null == crlUri) { LOG.debug("no CRL uri in certificate: " + childCertificate.getSubjectX500Principal()); return TrustLinkerResult.UNDECIDED; }//w w w .j a v a2 s .c o m LOG.debug("CRL URI: " + crlUri); X509CRL x509crl = this.crlRepository.findCrl(crlUri, certificate, validationDate); if (null == x509crl) { LOG.debug("CRL not found"); return TrustLinkerResult.UNDECIDED; } // check CRL integrity boolean crlIntegrityResult = checkCrlIntegrity(x509crl, certificate, validationDate); if (false == crlIntegrityResult) { LOG.debug("CRL integrity check failed"); return TrustLinkerResult.UNDECIDED; } // check CRL signature algorithm algorithmPolicy.checkSignatureAlgorithm(x509crl.getSigAlgOID(), validationDate); // we don't support indirect CRLs if (isIndirectCRL(x509crl)) { LOG.debug("indirect CRL detected"); return TrustLinkerResult.UNDECIDED; } LOG.debug("CRL number: " + getCrlNumber(x509crl)); // fill up revocation data if not null with this valid CRL if (null != revocationData) { try { CRLRevocationData crlRevocationData = new CRLRevocationData(x509crl.getEncoded(), crlUri.toString()); revocationData.getCrlRevocationData().add(crlRevocationData); } catch (CRLException e) { LOG.error("CRLException: " + e.getMessage(), e); throw new TrustLinkerResultException(TrustLinkerResultReason.UNSPECIFIED, "CRLException : " + e.getMessage(), e); } } X509CRLEntry crlEntry = x509crl.getRevokedCertificate(childCertificate.getSerialNumber()); if (null == crlEntry) { LOG.debug("CRL OK for: " + childCertificate.getSubjectX500Principal()); return TrustLinkerResult.TRUSTED; } else if (crlEntry.getRevocationDate().after(validationDate)) { LOG.debug("CRL OK for: " + childCertificate.getSubjectX500Principal() + " at " + validationDate); return TrustLinkerResult.TRUSTED; } LOG.debug("certificate revoked/suspended at: " + crlEntry.getRevocationDate()); if (crlEntry.hasExtensions()) { LOG.debug("critical extensions: " + crlEntry.getCriticalExtensionOIDs()); LOG.debug("non-critical extensions: " + crlEntry.getNonCriticalExtensionOIDs()); byte[] reasonCodeExtension = crlEntry.getExtensionValue(Extension.reasonCode.getId()); if (null != reasonCodeExtension) { try { DEROctetString octetString = (DEROctetString) (new ASN1InputStream( new ByteArrayInputStream(reasonCodeExtension)).readObject()); byte[] octets = octetString.getOctets(); CRLReason crlReason = CRLReason .getInstance(ASN1Enumerated.getInstance(new ASN1InputStream(octets).readObject())); BigInteger crlReasonValue = crlReason.getValue(); LOG.debug("CRL reason value: " + crlReasonValue); switch (crlReasonValue.intValue()) { case CRLReason.certificateHold: throw new TrustLinkerResultException(TrustLinkerResultReason.INVALID_REVOCATION_STATUS, "certificate suspended by CRL=" + crlEntry.getSerialNumber()); } } catch (IOException e) { throw new TrustLinkerResultException(TrustLinkerResultReason.UNSPECIFIED, "IO error: " + e.getMessage(), e); } } } throw new TrustLinkerResultException(TrustLinkerResultReason.INVALID_REVOCATION_STATUS, "certificate revoked by CRL=" + crlEntry.getSerialNumber()); }
From source file:eu.emi.security.authn.x509.helpers.pkipath.bc.RFC3280CertPathUtilitiesHelper.java
License:Open Source License
protected static void getCertStatus(Date validDate, X509CRL crl, Object cert, CertStatus certStatus) throws SimpleValidationErrorException { // use BC X509CRLObject so that indirect CRLs are supported X509CRLObject bcCRL = null;/*from w w w .ja va2 s . c o m*/ try { bcCRL = new X509CRLObject( new CertificateList((ASN1Sequence) ASN1Sequence.fromByteArray(crl.getEncoded()))); } catch (Exception e) { throw new SimpleValidationErrorException(ValidationErrorCode.unknownMsg, e); } // use BC X509CRLEntryObject, so that getCertificateIssuer() is // supported. X509CRLEntryObject crl_entry = (X509CRLEntryObject) bcCRL .getRevokedCertificate(CertPathValidatorUtilities.getSerialNumber(cert)); if (crl_entry != null && (CertPathValidatorUtilities.getEncodedIssuerPrincipal(cert) .equals(crl_entry.getCertificateIssuer()) || CertPathValidatorUtilities.getEncodedIssuerPrincipal(cert) .equals(crl.getIssuerX500Principal()))) { ASN1Enumerated reasonCode = null; if (crl_entry.hasExtensions()) { try { reasonCode = ASN1Enumerated.getInstance(CertPathValidatorUtilities.getExtensionValue(crl_entry, X509Extensions.ReasonCode.getId())); } catch (Exception e) { throw new SimpleValidationErrorException(ValidationErrorCode.crlReasonExtError, e); } } // for reason keyCompromise, caCompromise, aACompromise // or // unspecified if (!(validDate.getTime() < crl_entry.getRevocationDate().getTime()) || reasonCode == null || reasonCode.getValue().intValue() == 0 || reasonCode.getValue().intValue() == 1 || reasonCode.getValue().intValue() == 2 || reasonCode.getValue().intValue() == 8) { // (i) or (j) (1) if (reasonCode != null) { certStatus.setCertStatus(reasonCode.getValue().intValue()); } // (i) or (j) (2) else { certStatus.setCertStatus(CRLReason.unspecified); } certStatus.setRevocationDate(crl_entry.getRevocationDate()); } } }
From source file:eu.europa.ec.markt.dss.DSSRevocationUtils.java
License:Open Source License
/** * This method returns the reason of the revocation of the certificate extracted from the given CRL. * * @param crlEntry An object for a revoked certificate in a CRL (Certificate Revocation List). * @return/* www .j av a 2s. c o m*/ * @throws DSSException */ public static String getRevocationReason(final X509CRLEntry crlEntry) throws DSSException { final String reasonId = Extension.reasonCode.getId(); final byte[] extensionBytes = crlEntry.getExtensionValue(reasonId); ASN1InputStream asn1InputStream = null; try { asn1InputStream = new ASN1InputStream(extensionBytes); final ASN1Enumerated asn1Enumerated = ASN1Enumerated.getInstance(asn1InputStream.readObject()); final CRLReason reason = CRLReason.getInstance(asn1Enumerated); return reason.toString(); } catch (IllegalArgumentException e) { // In the test case XAdESTest003 testTRevoked() there is an error in the revocation reason. //LOG.warn("Error when revocation reason decoding from CRL: " + e.toString()); final CRLReason reason = CRLReason.lookup(7); // 7 -> unknown return reason.toString(); // unknown } catch (IOException e) { throw new DSSException(e); } finally { DSSUtils.closeQuietly(asn1InputStream); } }
From source file:eu.europa.esig.dss.DSSRevocationUtils.java
License:Open Source License
/** * This method returns the reason of the revocation of the certificate * extracted from the given CRL./*from w w w . j a v a 2s. c o m*/ * * @param crlEntry * An object for a revoked certificate in a CRL (Certificate * Revocation List). * @return reason or null */ public static String getRevocationReason(final X509CRLEntry crlEntry) { final String reasonId = Extension.reasonCode.getId(); final byte[] extensionBytes = crlEntry.getExtensionValue(reasonId); if (ArrayUtils.isEmpty(extensionBytes)) { logger.warn("Empty reasonCode extension for crl entry"); return null; } String reason = null; try { final ASN1Enumerated reasonCodeExtension = ASN1Enumerated .getInstance(X509ExtensionUtil.fromExtensionValue(extensionBytes)); final CRLReason crlReason = CRLReason.getInstance(reasonCodeExtension); int intValue = crlReason.getValue().intValue(); reason = CRLReasonEnum.fromInt(intValue).name(); } catch (IOException e) { logger.error("Unable to retrieve the crl reason : " + e.getMessage(), e); } return reason; }
From source file:jcifs.spnego.NegTokenTarg.java
License:Open Source License
@Override public byte[] toByteArray() { try {//from w ww. j a va2 s. c o m ByteArrayOutputStream collector = new ByteArrayOutputStream(); DEROutputStream der = new DEROutputStream(collector); ASN1EncodableVector fields = new ASN1EncodableVector(); int res = getResult(); if (res != UNSPECIFIED_RESULT) { fields.add(new DERTaggedObject(true, 0, ASN1Enumerated.getInstance(res))); } Oid mech = getMechanism(); if (mech != null) { fields.add(new DERTaggedObject(true, 1, ASN1ObjectIdentifier.getInstance(mech.getDER()))); } byte[] mechanismToken = getMechanismToken(); if (mechanismToken != null) { fields.add(new DERTaggedObject(true, 2, new DEROctetString(mechanismToken))); } byte[] mechanismListMIC = getMechanismListMIC(); if (mechanismListMIC != null) { fields.add(new DERTaggedObject(true, 3, new DEROctetString(mechanismListMIC))); } der.writeObject(new DERTaggedObject(true, 1, new DERSequence(fields))); return collector.toByteArray(); } catch (IOException | GSSException ex) { throw new IllegalStateException(ex.getMessage()); } }
From source file:org.cesecore.certificates.util.cert.CrlExtensions.java
License:Open Source License
/** @return the revocation reason code as defined in RevokedCertInfo.REVOCATION_REASON_... */ public static int extractReasonCode(final X509CRLEntry crlEntry) { int reasonCode = RevokedCertInfo.REVOCATION_REASON_UNSPECIFIED; if (crlEntry.hasExtensions()) { final byte[] extensionValue = crlEntry.getExtensionValue(Extension.reasonCode.getId()); try {//www .j a va2s . c o m final ASN1Enumerated reasonCodeExtension = ASN1Enumerated .getInstance(X509ExtensionUtil.fromExtensionValue(extensionValue)); if (reasonCodeExtension != null) { reasonCode = reasonCodeExtension.getValue().intValue(); } } catch (IOException e) { log.debug("Failed to parse reason code of CRLEntry: " + e.getMessage()); } } return reasonCode; }
From source file:org.cryptoworkshop.ximix.common.asn1.message.AlgorithmServiceMessage.java
License:Apache License
private AlgorithmServiceMessage(ASN1Sequence seq) { this.algorithm = Algorithm.values()[ASN1Enumerated.getInstance(seq.getObjectAt(0)).getValue().intValue()]; this.payload = seq.getObjectAt(1); }
From source file:org.cryptoworkshop.ximix.common.asn1.message.BoardErrorStatusMessage.java
License:Apache License
private BoardErrorStatusMessage(ASN1Sequence seq) { this.boardName = DERUTF8String.getInstance(seq.getObjectAt(0)).getString(); this.status = Status.values()[ASN1Enumerated.getInstance(seq.getObjectAt(1)).getValue().intValue()]; }
From source file:org.cryptoworkshop.ximix.common.asn1.message.BoardStatusMessage.java
License:Apache License
private BoardStatusMessage(ASN1Sequence seq) { this.boardName = DERUTF8String.getInstance(seq.getObjectAt(0)).getString(); this.status = Status.values()[ASN1Enumerated.getInstance(seq.getObjectAt(1)).getValue().intValue()]; }
From source file:org.cryptoworkshop.ximix.common.asn1.message.CapabilityMessage.java
License:Apache License
private CapabilityMessage(ASN1Sequence s) { this.type = Type.values()[ASN1Enumerated.getInstance(s.getObjectAt(0)).getValue().intValue()]; this.details = convertSet(ASN1Set.getInstance(s.getObjectAt(1))); }