Example usage for org.bouncycastle.asn1.x509 ReasonFlags getBytes

Introduction

In this page you can find the example usage for org.bouncycastle.asn1.x509 ReasonFlags getBytes.

Prototype

public byte[] getBytes() 

Source Link

Usage

From source file:org.ejbca.core.protocol.cmp.CmpMessageHelper.java

License:Open Source License

public static RevDetails getNovosecRevDetails(RevReqContent revContent) {
    // Novosec implements RFC2510, while bouncycastle 1.47 implements RFC4210.
    ///* w  ww  .j  a  va 2  s .co m*/
    // In RFC2510/novosec, the RevDetails structure looks like this:
    //              RevDetails ::= SEQUENCE {
    //                                  certDetails         CertTemplate,
    //                                  revocationReason    ReasonFlags      OPTIONAL,
    //                                  badSinceDate        GeneralizedTime  OPTIONAL,
    //                                  crlEntryDetails     Extensions       OPTIONAL
    //             }
    //
    // In RFC4210/bouncycastle, the REVDetails structure looks like this:
    //                 RevDetails ::= SEQUENCE {
    //                                  certDetails         CertTemplate,
    //                                  crlEntryDetails     Extensions       OPTIONAL
    //                  }
    //
    // This means that there is a chance that the request generated using novosec specifies the revocation reason in 'revocationReason' and not
    // as an extension, leading to Ejbca not being able to parse the request using bouncycastle OR not setting the correct revocation reason.

    ASN1Encodable o2 = ((DERSequence) revContent.toASN1Primitive()).getObjectAt(0);
    ASN1Encodable o3 = ((DERSequence) o2).getObjectAt(0);
    CertTemplate ct = CertTemplate.getInstance(o3);

    ReasonFlags reasonbits = null;
    Extensions crlEntryDetails = null;
    int seqSize = ((DERSequence) o2).size();
    for (int i = 1; i < seqSize; i++) {
        ASN1Encodable o4 = ((DERSequence) o2).getObjectAt(i);
        if (o4 instanceof DERBitString) {
            reasonbits = new ReasonFlags((DERBitString) o4);
        } else if (o4 instanceof DERGeneralizedTime) {
            DERGeneralizedTime.getInstance(o4); // bad since time, not used in the bouncycastle class
        } else if (o4 instanceof DERSequence) {
            crlEntryDetails = Extensions.getInstance(o4);
        }
    }

    if ((crlEntryDetails != null) && (reasonbits != null)) {
        Extension reason = crlEntryDetails.getExtension(Extension.reasonCode);
        if (reason == null) {
            reason = new Extension(Extension.reasonCode, true,
                    ASN1OctetString.getInstance(reasonbits.getBytes()));
        }
    } else if ((crlEntryDetails == null) && (reasonbits != null)) {
        ExtensionsGenerator extgen = new ExtensionsGenerator();
        try {
            extgen.addExtension(Extension.reasonCode, true, ASN1OctetString.getInstance(reasonbits.getBytes()));
            crlEntryDetails = extgen.generate();
        } catch (IOException e) {
            LOG.error(e.getLocalizedMessage(), e);
        }
    }

    //The constructor RevDetails(certTemplate, crlEntryDetails) only sets 'crlEntryDetails' and ignores 'certTemplate'
    //This is a reported bug in bouncycastle. For now, the only way to have both of them set is to create a ASN1/DERSequence 
    ASN1EncodableVector seq = new ASN1EncodableVector();
    seq.add(ct);
    seq.add(crlEntryDetails);
    RevDetails res = RevDetails.getInstance(new DERSequence(seq));
    return res;
}

---