List of usage examples for org.bouncycastle.asn1.cmp RevDetails getInstance
public static RevDetails getInstance(Object o)
From source file:org.ejbca.core.protocol.cmp.CmpMessageHelper.java
License:Open Source License
public static RevDetails getNovosecRevDetails(RevReqContent revContent) { // Novosec implements RFC2510, while bouncycastle 1.47 implements RFC4210. ///* w w w . j av a 2s. c om*/ // In RFC2510/novosec, the RevDetails structure looks like this: // RevDetails ::= SEQUENCE { // certDetails CertTemplate, // revocationReason ReasonFlags OPTIONAL, // badSinceDate GeneralizedTime OPTIONAL, // crlEntryDetails Extensions OPTIONAL // } // // In RFC4210/bouncycastle, the REVDetails structure looks like this: // RevDetails ::= SEQUENCE { // certDetails CertTemplate, // crlEntryDetails Extensions OPTIONAL // } // // This means that there is a chance that the request generated using novosec specifies the revocation reason in 'revocationReason' and not // as an extension, leading to Ejbca not being able to parse the request using bouncycastle OR not setting the correct revocation reason. ASN1Encodable o2 = ((DERSequence) revContent.toASN1Primitive()).getObjectAt(0); ASN1Encodable o3 = ((DERSequence) o2).getObjectAt(0); CertTemplate ct = CertTemplate.getInstance(o3); ReasonFlags reasonbits = null; Extensions crlEntryDetails = null; int seqSize = ((DERSequence) o2).size(); for (int i = 1; i < seqSize; i++) { ASN1Encodable o4 = ((DERSequence) o2).getObjectAt(i); if (o4 instanceof DERBitString) { reasonbits = new ReasonFlags((DERBitString) o4); } else if (o4 instanceof DERGeneralizedTime) { DERGeneralizedTime.getInstance(o4); // bad since time, not used in the bouncycastle class } else if (o4 instanceof DERSequence) { crlEntryDetails = Extensions.getInstance(o4); } } if ((crlEntryDetails != null) && (reasonbits != null)) { Extension reason = crlEntryDetails.getExtension(Extension.reasonCode); if (reason == null) { reason = new Extension(Extension.reasonCode, true, ASN1OctetString.getInstance(reasonbits.getBytes())); } } else if ((crlEntryDetails == null) && (reasonbits != null)) { ExtensionsGenerator extgen = new ExtensionsGenerator(); try { extgen.addExtension(Extension.reasonCode, true, ASN1OctetString.getInstance(reasonbits.getBytes())); crlEntryDetails = extgen.generate(); } catch (IOException e) { LOG.error(e.getLocalizedMessage(), e); } } //The constructor RevDetails(certTemplate, crlEntryDetails) only sets 'crlEntryDetails' and ignores 'certTemplate' //This is a reported bug in bouncycastle. For now, the only way to have both of them set is to create a ASN1/DERSequence ASN1EncodableVector seq = new ASN1EncodableVector(); seq.add(ct); seq.add(crlEntryDetails); RevDetails res = RevDetails.getInstance(new DERSequence(seq)); return res; }
From source file:org.ejbca.core.protocol.cmp.CmpTestCase.java
License:Open Source License
protected static PKIMessage genRevReq(String issuerDN, X500Name userDN, BigInteger serNo, Certificate cacert, byte[] nonce, byte[] transid, boolean crlEntryExtension, AlgorithmIdentifier pAlg, DEROctetString senderKID) throws IOException { CertTemplateBuilder myCertTemplate = new CertTemplateBuilder(); myCertTemplate.setIssuer(new X500Name(issuerDN)); myCertTemplate.setSubject(userDN);//from www . ja va2s .co m myCertTemplate.setSerialNumber(new ASN1Integer(serNo)); ExtensionsGenerator extgen = new ExtensionsGenerator(); CRLReason crlReason; if (crlEntryExtension) { crlReason = CRLReason.lookup(CRLReason.cessationOfOperation); } else { crlReason = CRLReason.lookup(CRLReason.keyCompromise); } extgen.addExtension(Extension.reasonCode, false, crlReason); Extensions exts = extgen.generate(); ASN1EncodableVector v = new ASN1EncodableVector(); v.add(myCertTemplate.build()); v.add(exts); ASN1Sequence seq = new DERSequence(v); RevDetails myRevDetails = RevDetails.getInstance(seq); //new RevDetails(myCertTemplate.build(), exts); RevReqContent myRevReqContent = new RevReqContent(myRevDetails); PKIHeaderBuilder myPKIHeader = new PKIHeaderBuilder(2, new GeneralName(userDN), new GeneralName(new X500Name(((X509Certificate) cacert).getSubjectDN().getName()))); myPKIHeader.setMessageTime(new ASN1GeneralizedTime(new Date())); // senderNonce myPKIHeader.setSenderNonce(new DEROctetString(nonce)); // TransactionId myPKIHeader.setTransactionID(new DEROctetString(transid)); myPKIHeader.setProtectionAlg(pAlg); myPKIHeader.setSenderKID(senderKID); PKIBody myPKIBody = new PKIBody(PKIBody.TYPE_REVOCATION_REQ, myRevReqContent); // revocation request PKIMessage myPKIMessage = new PKIMessage(myPKIHeader.build(), myPKIBody); return myPKIMessage; }
From source file:org.ejbca.ui.cmpclient.commands.RevocationRequestCommand.java
License:Open Source License
@Override public PKIMessage generatePKIMessage(ParameterContainer parameters) throws Exception { boolean verbose = parameters.containsKey(VERBOSE_KEY); final X500Name userDN = new X500Name("CN=foo"); final X500Name issuerDN = new X500Name(parameters.get(ISSUERDN_KEY)); BigInteger serno = new BigInteger(parameters.get(SERNO_KEY), 16); if (verbose) { log.info("Creating revocation request with: SubjectDN=" + userDN.toString()); log.info("Creating revocation request with: IssuerDN=" + issuerDN.toString()); log.info("Creating revocation request with: CertSerno=" + serno.toString(16)); }/* w ww . j ava2 s. c o m*/ byte[] nonce = CmpClientMessageHelper.getInstance().createSenderNonce(); byte[] transid = CmpClientMessageHelper.getInstance().createSenderNonce(); CertTemplateBuilder myCertTemplate = new CertTemplateBuilder(); myCertTemplate.setIssuer(issuerDN); myCertTemplate.setSubject(userDN); myCertTemplate.setSerialNumber(new ASN1Integer(serno)); ExtensionsGenerator extgen = new ExtensionsGenerator(); extgen.addExtension(Extension.reasonCode, false, getCRLReason(parameters.get(REVOCATION_REASON_KEY))); Extensions exts = extgen.generate(); ASN1EncodableVector v = new ASN1EncodableVector(); v.add(myCertTemplate.build()); v.add(exts); ASN1Sequence seq = new DERSequence(v); RevDetails myRevDetails = RevDetails.getInstance(seq); RevReqContent myRevReqContent = new RevReqContent(myRevDetails); PKIHeaderBuilder myPKIHeader = new PKIHeaderBuilder(2, new GeneralName(userDN), new GeneralName(issuerDN)); myPKIHeader.setMessageTime(new ASN1GeneralizedTime(new Date())); // senderNonce myPKIHeader.setSenderNonce(new DEROctetString(nonce)); // TransactionId myPKIHeader.setTransactionID(new DEROctetString(transid)); myPKIHeader.setProtectionAlg(null); myPKIHeader.setSenderKID(new byte[0]); PKIBody myPKIBody = new PKIBody(PKIBody.TYPE_REVOCATION_REQ, myRevReqContent); // revocation request PKIMessage myPKIMessage = new PKIMessage(myPKIHeader.build(), myPKIBody); return myPKIMessage; }