Example usage for org.bouncycastle.asn1.x509 CRLReason getValue

List of usage examples for org.bouncycastle.asn1.x509 CRLReason getValue

  1. HOME
  2. Java
  3. org.bouncycastle
  4. org.bouncycastle.asn1.x509.*
  5. CRLReason
  6. getValue

Introduction

In this page you can find the example usage for org.bouncycastle.asn1.x509 CRLReason getValue.

Prototype

public BigInteger getValue()

Source Link

Usage

From source file:be.fedict.trust.crl.CrlTrustLinker.java

License:Open Source License

@Override
public TrustLinkerResult hasTrustLink(X509Certificate childCertificate, X509Certificate certificate,
        Date validationDate, RevocationData revocationData, AlgorithmPolicy algorithmPolicy)
        throws TrustLinkerResultException, Exception {

    URI crlUri = getCrlUri(childCertificate);
    if (null == crlUri) {
        LOG.debug("no CRL uri in certificate: " + childCertificate.getSubjectX500Principal());
        return TrustLinkerResult.UNDECIDED;
    }//  ww w. j a  v  a2  s.  c o  m

    LOG.debug("CRL URI: " + crlUri);
    X509CRL x509crl = this.crlRepository.findCrl(crlUri, certificate, validationDate);
    if (null == x509crl) {
        LOG.debug("CRL not found");
        return TrustLinkerResult.UNDECIDED;
    }

    // check CRL integrity
    boolean crlIntegrityResult = checkCrlIntegrity(x509crl, certificate, validationDate);
    if (false == crlIntegrityResult) {
        LOG.debug("CRL integrity check failed");
        return TrustLinkerResult.UNDECIDED;
    }

    // check CRL signature algorithm
    algorithmPolicy.checkSignatureAlgorithm(x509crl.getSigAlgOID(), validationDate);

    // we don't support indirect CRLs
    if (isIndirectCRL(x509crl)) {
        LOG.debug("indirect CRL detected");
        return TrustLinkerResult.UNDECIDED;
    }

    LOG.debug("CRL number: " + getCrlNumber(x509crl));

    // fill up revocation data if not null with this valid CRL
    if (null != revocationData) {
        try {
            CRLRevocationData crlRevocationData = new CRLRevocationData(x509crl.getEncoded(),
                    crlUri.toString());
            revocationData.getCrlRevocationData().add(crlRevocationData);
        } catch (CRLException e) {
            LOG.error("CRLException: " + e.getMessage(), e);
            throw new TrustLinkerResultException(TrustLinkerResultReason.UNSPECIFIED,
                    "CRLException : " + e.getMessage(), e);
        }
    }

    X509CRLEntry crlEntry = x509crl.getRevokedCertificate(childCertificate.getSerialNumber());
    if (null == crlEntry) {
        LOG.debug("CRL OK for: " + childCertificate.getSubjectX500Principal());
        return TrustLinkerResult.TRUSTED;
    } else if (crlEntry.getRevocationDate().after(validationDate)) {
        LOG.debug("CRL OK for: " + childCertificate.getSubjectX500Principal() + " at " + validationDate);
        return TrustLinkerResult.TRUSTED;
    }

    LOG.debug("certificate revoked/suspended at: " + crlEntry.getRevocationDate());
    if (crlEntry.hasExtensions()) {
        LOG.debug("critical extensions: " + crlEntry.getCriticalExtensionOIDs());
        LOG.debug("non-critical extensions: " + crlEntry.getNonCriticalExtensionOIDs());
        byte[] reasonCodeExtension = crlEntry.getExtensionValue(Extension.reasonCode.getId());
        if (null != reasonCodeExtension) {
            try {
                DEROctetString octetString = (DEROctetString) (new ASN1InputStream(
                        new ByteArrayInputStream(reasonCodeExtension)).readObject());
                byte[] octets = octetString.getOctets();
                CRLReason crlReason = CRLReason
                        .getInstance(ASN1Enumerated.getInstance(new ASN1InputStream(octets).readObject()));
                BigInteger crlReasonValue = crlReason.getValue();
                LOG.debug("CRL reason value: " + crlReasonValue);
                switch (crlReasonValue.intValue()) {
                case CRLReason.certificateHold:
                    throw new TrustLinkerResultException(TrustLinkerResultReason.INVALID_REVOCATION_STATUS,
                            "certificate suspended by CRL=" + crlEntry.getSerialNumber());
                }
            } catch (IOException e) {
                throw new TrustLinkerResultException(TrustLinkerResultReason.UNSPECIFIED,
                        "IO error: " + e.getMessage(), e);
            }
        }
    }

    throw new TrustLinkerResultException(TrustLinkerResultReason.INVALID_REVOCATION_STATUS,
            "certificate revoked by CRL=" + crlEntry.getSerialNumber());

}

From source file:eu.europa.esig.dss.DSSRevocationUtils.java

License:Open Source License

/**
 * This method returns the reason of the revocation of the certificate
 * extracted from the given CRL.//w ww. jav  a  2 s  . c o m
 *
 * @param crlEntry
 *            An object for a revoked certificate in a CRL (Certificate
 *            Revocation List).
 * @return reason or null
 */
public static String getRevocationReason(final X509CRLEntry crlEntry) {
    final String reasonId = Extension.reasonCode.getId();
    final byte[] extensionBytes = crlEntry.getExtensionValue(reasonId);

    if (ArrayUtils.isEmpty(extensionBytes)) {
        logger.warn("Empty reasonCode extension for crl entry");
        return null;
    }

    String reason = null;
    try {
        final ASN1Enumerated reasonCodeExtension = ASN1Enumerated
                .getInstance(X509ExtensionUtil.fromExtensionValue(extensionBytes));
        final CRLReason crlReason = CRLReason.getInstance(reasonCodeExtension);
        int intValue = crlReason.getValue().intValue();
        reason = CRLReasonEnum.fromInt(intValue).name();
    } catch (IOException e) {
        logger.error("Unable to retrieve the crl reason : " + e.getMessage(), e);
    }
    return reason;
}

From source file:net.sf.keystore_explorer.crypto.x509.X509Ext.java

License:Open Source License

private String getReasonCodeStringValue(byte[] value) throws IOException {
    // @formatter:off

    /*/*from  w  ww  .  j ava2  s  .com*/
     * ReasonCode ::= { CRLReason }
     *
     * CRLReason ::= ASN1Enumerated { unspecified (0), keyCompromise (1),
     * cACompromise (2), affiliationChanged (3), superseded (4),
     * cessationOfOperation (5), certificateHold (6), removeFromCRL (8),
     * privilegeWithdrawn (9), aACompromise (10) }
     */

    // @formatter:on

    StringBuilder sb = new StringBuilder();

    CRLReason crlReason = CRLReason.getInstance(value);

    long crlReasonLong = crlReason.getValue().longValue();

    if (crlReasonLong == CRLReason.unspecified) {
        sb.append(res.getString("UnspecifiedCrlReason"));
    } else if (crlReasonLong == CRLReason.keyCompromise) {
        sb.append(res.getString("KeyCompromiseCrlReason"));
    } else if (crlReasonLong == CRLReason.cACompromise) {
        sb.append(res.getString("CaCompromiseCrlReason"));
    } else if (crlReasonLong == CRLReason.affiliationChanged) {
        sb.append(res.getString("AffiliationChangedCrlReason"));
    } else if (crlReasonLong == CRLReason.superseded) {
        sb.append(res.getString("SupersededCrlReason"));
    } else if (crlReasonLong == CRLReason.cessationOfOperation) {
        sb.append(res.getString("CessationOfOperationCrlReason"));
    } else if (crlReasonLong == CRLReason.certificateHold) {
        sb.append(res.getString("CertificateHoldCrlReason"));
    } else if (crlReasonLong == CRLReason.removeFromCRL) {
        sb.append(res.getString("RemoveFromCrlCrlReason"));
    } else if (crlReasonLong == CRLReason.privilegeWithdrawn) {
        sb.append(res.getString("PrivilegeWithdrawnCrlReason"));
    } else
    // CRLReason.aACompromise
    {
        sb.append(res.getString("AaCompromiseCrlReason"));
    }

    sb.append(NEWLINE);

    return sb.toString();
}