List of usage examples for org.bouncycastle.asn1.x509 CRLReason getValue
public BigInteger getValue()
From source file:be.fedict.trust.crl.CrlTrustLinker.java
License:Open Source License
@Override public TrustLinkerResult hasTrustLink(X509Certificate childCertificate, X509Certificate certificate, Date validationDate, RevocationData revocationData, AlgorithmPolicy algorithmPolicy) throws TrustLinkerResultException, Exception { URI crlUri = getCrlUri(childCertificate); if (null == crlUri) { LOG.debug("no CRL uri in certificate: " + childCertificate.getSubjectX500Principal()); return TrustLinkerResult.UNDECIDED; }// ww w. j a v a2 s. c o m LOG.debug("CRL URI: " + crlUri); X509CRL x509crl = this.crlRepository.findCrl(crlUri, certificate, validationDate); if (null == x509crl) { LOG.debug("CRL not found"); return TrustLinkerResult.UNDECIDED; } // check CRL integrity boolean crlIntegrityResult = checkCrlIntegrity(x509crl, certificate, validationDate); if (false == crlIntegrityResult) { LOG.debug("CRL integrity check failed"); return TrustLinkerResult.UNDECIDED; } // check CRL signature algorithm algorithmPolicy.checkSignatureAlgorithm(x509crl.getSigAlgOID(), validationDate); // we don't support indirect CRLs if (isIndirectCRL(x509crl)) { LOG.debug("indirect CRL detected"); return TrustLinkerResult.UNDECIDED; } LOG.debug("CRL number: " + getCrlNumber(x509crl)); // fill up revocation data if not null with this valid CRL if (null != revocationData) { try { CRLRevocationData crlRevocationData = new CRLRevocationData(x509crl.getEncoded(), crlUri.toString()); revocationData.getCrlRevocationData().add(crlRevocationData); } catch (CRLException e) { LOG.error("CRLException: " + e.getMessage(), e); throw new TrustLinkerResultException(TrustLinkerResultReason.UNSPECIFIED, "CRLException : " + e.getMessage(), e); } } X509CRLEntry crlEntry = x509crl.getRevokedCertificate(childCertificate.getSerialNumber()); if (null == crlEntry) { LOG.debug("CRL OK for: " + childCertificate.getSubjectX500Principal()); return TrustLinkerResult.TRUSTED; } else if (crlEntry.getRevocationDate().after(validationDate)) { LOG.debug("CRL OK for: " + childCertificate.getSubjectX500Principal() + " at " + validationDate); return TrustLinkerResult.TRUSTED; } LOG.debug("certificate revoked/suspended at: " + crlEntry.getRevocationDate()); if (crlEntry.hasExtensions()) { LOG.debug("critical extensions: " + crlEntry.getCriticalExtensionOIDs()); LOG.debug("non-critical extensions: " + crlEntry.getNonCriticalExtensionOIDs()); byte[] reasonCodeExtension = crlEntry.getExtensionValue(Extension.reasonCode.getId()); if (null != reasonCodeExtension) { try { DEROctetString octetString = (DEROctetString) (new ASN1InputStream( new ByteArrayInputStream(reasonCodeExtension)).readObject()); byte[] octets = octetString.getOctets(); CRLReason crlReason = CRLReason .getInstance(ASN1Enumerated.getInstance(new ASN1InputStream(octets).readObject())); BigInteger crlReasonValue = crlReason.getValue(); LOG.debug("CRL reason value: " + crlReasonValue); switch (crlReasonValue.intValue()) { case CRLReason.certificateHold: throw new TrustLinkerResultException(TrustLinkerResultReason.INVALID_REVOCATION_STATUS, "certificate suspended by CRL=" + crlEntry.getSerialNumber()); } } catch (IOException e) { throw new TrustLinkerResultException(TrustLinkerResultReason.UNSPECIFIED, "IO error: " + e.getMessage(), e); } } } throw new TrustLinkerResultException(TrustLinkerResultReason.INVALID_REVOCATION_STATUS, "certificate revoked by CRL=" + crlEntry.getSerialNumber()); }
From source file:eu.europa.esig.dss.DSSRevocationUtils.java
License:Open Source License
/** * This method returns the reason of the revocation of the certificate * extracted from the given CRL.//w ww. jav a 2 s . c o m * * @param crlEntry * An object for a revoked certificate in a CRL (Certificate * Revocation List). * @return reason or null */ public static String getRevocationReason(final X509CRLEntry crlEntry) { final String reasonId = Extension.reasonCode.getId(); final byte[] extensionBytes = crlEntry.getExtensionValue(reasonId); if (ArrayUtils.isEmpty(extensionBytes)) { logger.warn("Empty reasonCode extension for crl entry"); return null; } String reason = null; try { final ASN1Enumerated reasonCodeExtension = ASN1Enumerated .getInstance(X509ExtensionUtil.fromExtensionValue(extensionBytes)); final CRLReason crlReason = CRLReason.getInstance(reasonCodeExtension); int intValue = crlReason.getValue().intValue(); reason = CRLReasonEnum.fromInt(intValue).name(); } catch (IOException e) { logger.error("Unable to retrieve the crl reason : " + e.getMessage(), e); } return reason; }
From source file:net.sf.keystore_explorer.crypto.x509.X509Ext.java
License:Open Source License
private String getReasonCodeStringValue(byte[] value) throws IOException { // @formatter:off /*/*from w ww . j ava2 s .com*/ * ReasonCode ::= { CRLReason } * * CRLReason ::= ASN1Enumerated { unspecified (0), keyCompromise (1), * cACompromise (2), affiliationChanged (3), superseded (4), * cessationOfOperation (5), certificateHold (6), removeFromCRL (8), * privilegeWithdrawn (9), aACompromise (10) } */ // @formatter:on StringBuilder sb = new StringBuilder(); CRLReason crlReason = CRLReason.getInstance(value); long crlReasonLong = crlReason.getValue().longValue(); if (crlReasonLong == CRLReason.unspecified) { sb.append(res.getString("UnspecifiedCrlReason")); } else if (crlReasonLong == CRLReason.keyCompromise) { sb.append(res.getString("KeyCompromiseCrlReason")); } else if (crlReasonLong == CRLReason.cACompromise) { sb.append(res.getString("CaCompromiseCrlReason")); } else if (crlReasonLong == CRLReason.affiliationChanged) { sb.append(res.getString("AffiliationChangedCrlReason")); } else if (crlReasonLong == CRLReason.superseded) { sb.append(res.getString("SupersededCrlReason")); } else if (crlReasonLong == CRLReason.cessationOfOperation) { sb.append(res.getString("CessationOfOperationCrlReason")); } else if (crlReasonLong == CRLReason.certificateHold) { sb.append(res.getString("CertificateHoldCrlReason")); } else if (crlReasonLong == CRLReason.removeFromCRL) { sb.append(res.getString("RemoveFromCrlCrlReason")); } else if (crlReasonLong == CRLReason.privilegeWithdrawn) { sb.append(res.getString("PrivilegeWithdrawnCrlReason")); } else // CRLReason.aACompromise { sb.append(res.getString("AaCompromiseCrlReason")); } sb.append(NEWLINE); return sb.toString(); }