List of usage examples for org.bouncycastle.asn1.x509 ReasonFlags keyCompromise
int keyCompromise
To view the source code for org.bouncycastle.asn1.x509 ReasonFlags keyCompromise.
Click Source Link
From source file:net.sf.keystore_explorer.crypto.x509.X509Ext.java
License:Open Source License
private String[] getReasonFlagsStrings(ReasonFlags reasonFlags) throws IOException { // @formatter:off /*//from w w w.j av a 2 s .co m * ReasonFlags ::= BIT STRING { unused(0), keyCompromise(1), * cACompromise(2), affiliationChanged(3), superseded(4), * cessationOfOperation(5), certificateHold(6), privilegeWithdrawn(7), * aACompromise(8)} */ // @formatter:on List<String> reasonFlagsList = new ArrayList<String>(); DERBitString reasonFlagsBitString = (DERBitString) reasonFlags.toASN1Primitive(); int reasonFlagsInt = reasonFlagsBitString.intValue(); // Go through bit string adding reason flags found to be true if (hasReasonFlag(reasonFlagsInt, ReasonFlags.unused)) { reasonFlagsList.add(res.getString("UnusedReasonFlag")); } if (hasReasonFlag(reasonFlagsInt, ReasonFlags.keyCompromise)) { reasonFlagsList.add(res.getString("KeyCompromiseReasonFlag")); } if (hasReasonFlag(reasonFlagsInt, ReasonFlags.cACompromise)) { reasonFlagsList.add(res.getString("CaCompromiseReasonFlag")); } if (hasReasonFlag(reasonFlagsInt, ReasonFlags.affiliationChanged)) { reasonFlagsList.add(res.getString("AffiliationChangedReasonFlag")); } if (hasReasonFlag(reasonFlagsInt, ReasonFlags.superseded)) { reasonFlagsList.add(res.getString("SupersededReasonFlag")); } if (hasReasonFlag(reasonFlagsInt, ReasonFlags.cessationOfOperation)) { reasonFlagsList.add(res.getString("CessationOfOperationReasonFlag")); } if (hasReasonFlag(reasonFlagsInt, ReasonFlags.certificateHold)) { reasonFlagsList.add(res.getString("CertificateHoldReasonFlag")); } if (hasReasonFlag(reasonFlagsInt, ReasonFlags.privilegeWithdrawn)) { reasonFlagsList.add(res.getString("PrivilegeWithdrawnReasonFlag")); } if (hasReasonFlag(reasonFlagsInt, ReasonFlags.aACompromise)) { reasonFlagsList.add(res.getString("AaCompromiseReasonFlag")); } return reasonFlagsList.toArray(new String[reasonFlagsList.size()]); }
From source file:org.cesecore.util.CertTools.java
License:Open Source License
/** * Converts DERBitString ResonFlags to a RevokedCertInfo constant * //from w w w .j ava 2s . co m * @param reasonFlags DERBITString received from org.bouncycastle.asn1.x509.ReasonFlags. * @return int according to org.cesecore.certificates.crl.RevokedCertInfo */ public static int bitStringToRevokedCertInfo(DERBitString reasonFlags) { int ret = RevokedCertInfo.REVOCATION_REASON_UNSPECIFIED; if (reasonFlags == null) { return ret; } int val = reasonFlags.intValue(); if (log.isDebugEnabled()) { log.debug("Int value of bitString revocation reason: " + val); } if ((val & ReasonFlags.aACompromise) != 0) { ret = RevokedCertInfo.REVOCATION_REASON_AACOMPROMISE; } if ((val & ReasonFlags.affiliationChanged) != 0) { ret = RevokedCertInfo.REVOCATION_REASON_AFFILIATIONCHANGED; } if ((val & ReasonFlags.cACompromise) != 0) { ret = RevokedCertInfo.REVOCATION_REASON_CACOMPROMISE; } if ((val & ReasonFlags.certificateHold) != 0) { ret = RevokedCertInfo.REVOCATION_REASON_CERTIFICATEHOLD; } if ((val & ReasonFlags.cessationOfOperation) != 0) { ret = RevokedCertInfo.REVOCATION_REASON_CESSATIONOFOPERATION; } if ((val & ReasonFlags.keyCompromise) != 0) { ret = RevokedCertInfo.REVOCATION_REASON_KEYCOMPROMISE; } if ((val & ReasonFlags.privilegeWithdrawn) != 0) { ret = RevokedCertInfo.REVOCATION_REASON_PRIVILEGESWITHDRAWN; } if ((val & ReasonFlags.superseded) != 0) { ret = RevokedCertInfo.REVOCATION_REASON_SUPERSEDED; } if ((val & ReasonFlags.unused) != 0) { ret = RevokedCertInfo.REVOCATION_REASON_UNSPECIFIED; } return ret; }
From source file:org.cryptable.pki.util.GeneratePKI.java
License:Open Source License
/** * we generate an revoked certificate signed by our CA's intermediate certficate * @throws OperatorCreationException/*from w ww. j av a 2 s . com*/ * @throws CertificateException */ private static X509CRL createCRL(PrivateKey privKey, X509Certificate caCert, BigInteger serNum) throws OperatorCreationException, CRLException { // Signer of the certificate ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(BC) .build(privKey); // Builder of the certificate X509v2CRLBuilder jcaX509v2CRLBuilder = new JcaX509v2CRLBuilder(caCert.getSubjectX500Principal(), new Date(System.currentTimeMillis() - (1000L * 60 * 60))).addCRLEntry(serNum, new Date(System.currentTimeMillis() - (1000L * 60 * 60)), ReasonFlags.keyCompromise); return new JcaX509CRLConverter().setProvider("BC").getCRL(jcaX509v2CRLBuilder.build(sigGen)); }
From source file:org.ejbca.core.protocol.cmp.AuthenticationModulesTest.java
License:Open Source License
@AfterClass public static void restoreConf() { EndEntityManagementSessionRemote endEntityManagementSession = EjbRemoteHelper.INSTANCE .getRemoteSession(EndEntityManagementSessionRemote.class); try {/*from w ww . j a va 2s. c om*/ endEntityManagementSession.revokeAndDeleteUser(ADMIN, USERNAME, ReasonFlags.unused); endEntityManagementSession.revokeAndDeleteUser(ADMIN, "cmpTestUnauthorizedAdmin", ReasonFlags.keyCompromise); } catch (Exception e) {// do nothing } }
From source file:org.ejbca.core.protocol.cmp.NestedMessageContentTest.java
License:Open Source License
@AfterClass public static void afterClass() throws Exception { final AuthenticationToken admin = new TestAlwaysAllowLocalAuthenticationToken( new UsernamePrincipal("NestedMessageContentTest")); EndEntityManagementSession endEntityManagementSession = EjbRemoteHelper.INSTANCE .getRemoteSession(EndEntityManagementSessionRemote.class); try {/* w w w . j ava 2s.c o m*/ endEntityManagementSession.revokeAndDeleteUser(admin, "cmpTestAdmin", ReasonFlags.keyCompromise); } catch (Exception e) { // NOPMD } try { endEntityManagementSession.revokeAndDeleteUser(admin, "\\ nestedCMPTest/", ReasonFlags.keyCompromise); } catch (Exception e) { } InternalCertificateStoreSessionRemote internalCertificateStoreSession = EjbRemoteHelper.INSTANCE .getRemoteSession(InternalCertificateStoreSessionRemote.class, EjbRemoteHelper.MODULE_TEST); internalCertificateStoreSession.removeCertificatesBySubject(SUBJECT_DN.toString()); }
From source file:org.mailster.gui.dialogs.CertificateDialog.java
License:Open Source License
private void generateExtensionNode(TreeItem parent, X509Certificate cert, X509Extensions extensions, String oid) {/* w w w. j a v a 2s.c o m*/ DERObjectIdentifier derOID = new DERObjectIdentifier(oid); X509Extension ext = extensions.getExtension(derOID); if (ext.getValue() == null) return; byte[] octs = ext.getValue().getOctets(); ASN1InputStream dIn = new ASN1InputStream(octs); StringBuilder buf = new StringBuilder(); try { if (ext.isCritical()) buf.append(Messages.getString("MailsterSWT.dialog.certificate.criticalExt")); //$NON-NLS-1$ else buf.append(Messages.getString("MailsterSWT.dialog.certificate.nonCriticalExt")); //$NON-NLS-1$ if (derOID.equals(X509Extensions.BasicConstraints)) { BasicConstraints bc = new BasicConstraints((ASN1Sequence) dIn.readObject()); if (bc.isCA()) buf.append(Messages.getString("MailsterSWT.dialog.certificate.BasicConstraints.isCA")); //$NON-NLS-1$ else buf.append(Messages.getString("MailsterSWT.dialog.certificate.BasicConstraints.notCA")); //$NON-NLS-1$ buf.append(Messages.getString("MailsterSWT.dialog.certificate.BasicConstraints.maxIntermediateCA")); //$NON-NLS-1$ if (bc.getPathLenConstraint() == null || bc.getPathLenConstraint().intValue() == Integer.MAX_VALUE) buf.append(Messages.getString("MailsterSWT.dialog.certificate.BasicConstraints.unlimited")); //$NON-NLS-1$ else buf.append(bc.getPathLenConstraint()).append('\n'); generateNode(parent, Messages.getString(oid), buf); } else if (derOID.equals(X509Extensions.KeyUsage)) { KeyUsage us = new KeyUsage((DERBitString) dIn.readObject()); if ((us.intValue() & KeyUsage.digitalSignature) > 0) buf.append(Messages.getString("MailsterSWT.dialog.certificate.KeyUsage.digitalSignature")); //$NON-NLS-1$ if ((us.intValue() & KeyUsage.nonRepudiation) > 0) buf.append(Messages.getString("MailsterSWT.dialog.certificate.KeyUsage.nonRepudiation")); //$NON-NLS-1$ if ((us.intValue() & KeyUsage.keyEncipherment) > 0) buf.append(Messages.getString("MailsterSWT.dialog.certificate.KeyUsage.keyEncipherment")); //$NON-NLS-1$ if ((us.intValue() & KeyUsage.dataEncipherment) > 0) buf.append(Messages.getString("MailsterSWT.dialog.certificate.KeyUsage.dataEncipherment")); //$NON-NLS-1$ if ((us.intValue() & KeyUsage.keyAgreement) > 0) buf.append(Messages.getString("MailsterSWT.dialog.certificate.KeyUsage.keyAgreement")); //$NON-NLS-1$ if ((us.intValue() & KeyUsage.keyCertSign) > 0) buf.append(Messages.getString("MailsterSWT.dialog.certificate.KeyUsage.keyCertSign")); //$NON-NLS-1$ if ((us.intValue() & KeyUsage.cRLSign) > 0) buf.append(Messages.getString("MailsterSWT.dialog.certificate.KeyUsage.cRLSign")); //$NON-NLS-1$ if ((us.intValue() & KeyUsage.encipherOnly) > 0) buf.append(Messages.getString("MailsterSWT.dialog.certificate.KeyUsage.encipherOnly")); //$NON-NLS-1$ if ((us.intValue() & KeyUsage.decipherOnly) > 0) buf.append(Messages.getString("MailsterSWT.dialog.certificate.KeyUsage.decipherOnly")); //$NON-NLS-1$ generateNode(parent, Messages.getString(oid), buf); } else if (derOID.equals(X509Extensions.SubjectKeyIdentifier)) { SubjectKeyIdentifier id = new SubjectKeyIdentifier((DEROctetString) dIn.readObject()); generateNode(parent, Messages.getString(oid), buf.toString() + CertificateUtilities.byteArrayToString(id.getKeyIdentifier())); } else if (derOID.equals(X509Extensions.AuthorityKeyIdentifier)) { AuthorityKeyIdentifier id = new AuthorityKeyIdentifier((ASN1Sequence) dIn.readObject()); generateNode(parent, Messages.getString(oid), buf.toString() + id.getAuthorityCertSerialNumber()); } else if (derOID.equals(MiscObjectIdentifiers.netscapeRevocationURL)) { buf.append(new NetscapeRevocationURL((DERIA5String) dIn.readObject())).append("\n"); generateNode(parent, Messages.getString(oid), buf.toString()); } else if (derOID.equals(MiscObjectIdentifiers.verisignCzagExtension)) { buf.append(new VerisignCzagExtension((DERIA5String) dIn.readObject())).append("\n"); generateNode(parent, Messages.getString(oid), buf.toString()); } else if (derOID.equals(X509Extensions.CRLNumber)) { buf.append((DERInteger) dIn.readObject()).append("\n"); generateNode(parent, Messages.getString(oid), buf.toString()); } else if (derOID.equals(X509Extensions.ReasonCode)) { ReasonFlags rf = new ReasonFlags((DERBitString) dIn.readObject()); if ((rf.intValue() & ReasonFlags.unused) > 0) buf.append(Messages.getString("MailsterSWT.dialog.certificate.ReasonCode.unused")); //$NON-NLS-1$ if ((rf.intValue() & ReasonFlags.keyCompromise) > 0) buf.append(Messages.getString("MailsterSWT.dialog.certificate.ReasonCode.keyCompromise")); //$NON-NLS-1$ if ((rf.intValue() & ReasonFlags.cACompromise) > 0) buf.append(Messages.getString("MailsterSWT.dialog.certificate.ReasonCode.cACompromise")); //$NON-NLS-1$ if ((rf.intValue() & ReasonFlags.affiliationChanged) > 0) buf.append(Messages.getString("MailsterSWT.dialog.certificate.ReasonCode.affiliationChanged")); //$NON-NLS-1$ if ((rf.intValue() & ReasonFlags.superseded) > 0) buf.append(Messages.getString("MailsterSWT.dialog.certificate.ReasonCode.superseded")); //$NON-NLS-1$ if ((rf.intValue() & ReasonFlags.cessationOfOperation) > 0) buf.append( Messages.getString("MailsterSWT.dialog.certificate.ReasonCode.cessationOfOperation")); //$NON-NLS-1$ if ((rf.intValue() & ReasonFlags.certificateHold) > 0) buf.append(Messages.getString("MailsterSWT.dialog.certificate.ReasonCode.certificateHold")); //$NON-NLS-1$ if ((rf.intValue() & ReasonFlags.privilegeWithdrawn) > 0) buf.append(Messages.getString("MailsterSWT.dialog.certificate.ReasonCode.privilegeWithdrawn")); //$NON-NLS-1$ if ((rf.intValue() & ReasonFlags.aACompromise) > 0) buf.append(Messages.getString("MailsterSWT.dialog.certificate.ReasonCode.aACompromise")); //$NON-NLS-1$ generateNode(parent, Messages.getString(oid), buf.toString()); } else if (derOID.equals(MiscObjectIdentifiers.netscapeCertType)) { NetscapeCertType type = new NetscapeCertType((DERBitString) dIn.readObject()); if ((type.intValue() & NetscapeCertType.sslClient) > 0) buf.append(Messages.getString("MailsterSWT.dialog.certificate.NetscapeCertType.sslClient")); //$NON-NLS-1$ if ((type.intValue() & NetscapeCertType.sslServer) > 0) buf.append(Messages.getString("MailsterSWT.dialog.certificate.NetscapeCertType.sslServer")); //$NON-NLS-1$ if ((type.intValue() & NetscapeCertType.smime) > 0) buf.append(Messages.getString("MailsterSWT.dialog.certificate.NetscapeCertType.smime")); //$NON-NLS-1$ if ((type.intValue() & NetscapeCertType.objectSigning) > 0) buf.append(Messages.getString("MailsterSWT.dialog.certificate.NetscapeCertType.objectSigning")); //$NON-NLS-1$ if ((type.intValue() & NetscapeCertType.reserved) > 0) buf.append(Messages.getString("MailsterSWT.dialog.certificate.NetscapeCertType.reserved")); //$NON-NLS-1$ if ((type.intValue() & NetscapeCertType.sslCA) > 0) buf.append(Messages.getString("MailsterSWT.dialog.certificate.NetscapeCertType.sslCA")); //$NON-NLS-1$ if ((type.intValue() & NetscapeCertType.smimeCA) > 0) buf.append(Messages.getString("MailsterSWT.dialog.certificate.NetscapeCertType.smimeCA")); //$NON-NLS-1$ if ((type.intValue() & NetscapeCertType.objectSigningCA) > 0) buf.append( Messages.getString("MailsterSWT.dialog.certificate.NetscapeCertType.objectSigningCA")); //$NON-NLS-1$ generateNode(parent, Messages.getString(oid), buf.toString()); } else if (derOID.equals(X509Extensions.ExtendedKeyUsage)) { ExtendedKeyUsage eku = new ExtendedKeyUsage((ASN1Sequence) dIn.readObject()); if (eku.hasKeyPurposeId(KeyPurposeId.anyExtendedKeyUsage)) buf.append(Messages .getString("MailsterSWT.dialog.certificate.ExtendedKeyUsage.anyExtendedKeyUsage")); //$NON-NLS-1$ if (eku.hasKeyPurposeId(KeyPurposeId.id_kp_clientAuth)) buf.append( Messages.getString("MailsterSWT.dialog.certificate.ExtendedKeyUsage.id_kp_clientAuth")); //$NON-NLS-1$ if (eku.hasKeyPurposeId(KeyPurposeId.id_kp_codeSigning)) buf.append(Messages .getString("MailsterSWT.dialog.certificate.ExtendedKeyUsage.id_kp_codeSigning")); //$NON-NLS-1$ if (eku.hasKeyPurposeId(KeyPurposeId.id_kp_emailProtection)) buf.append(Messages .getString("MailsterSWT.dialog.certificate.ExtendedKeyUsage.id_kp_emailProtection")); //$NON-NLS-1$ if (eku.hasKeyPurposeId(KeyPurposeId.id_kp_ipsecEndSystem)) buf.append(Messages .getString("MailsterSWT.dialog.certificate.ExtendedKeyUsage.id_kp_ipsecEndSystem")); //$NON-NLS-1$ if (eku.hasKeyPurposeId(KeyPurposeId.id_kp_ipsecTunnel)) buf.append(Messages .getString("MailsterSWT.dialog.certificate.ExtendedKeyUsage.id_kp_ipsecTunnel")); //$NON-NLS-1$ if (eku.hasKeyPurposeId(KeyPurposeId.id_kp_ipsecUser)) buf.append( Messages.getString("MailsterSWT.dialog.certificate.ExtendedKeyUsage.id_kp_ipsecUser")); //$NON-NLS-1$ if (eku.hasKeyPurposeId(KeyPurposeId.id_kp_OCSPSigning)) buf.append(Messages .getString("MailsterSWT.dialog.certificate.ExtendedKeyUsage.id_kp_OCSPSigning")); //$NON-NLS-1$ if (eku.hasKeyPurposeId(KeyPurposeId.id_kp_serverAuth)) buf.append( Messages.getString("MailsterSWT.dialog.certificate.ExtendedKeyUsage.id_kp_serverAuth")); //$NON-NLS-1$ if (eku.hasKeyPurposeId(KeyPurposeId.id_kp_smartcardlogon)) buf.append(Messages .getString("MailsterSWT.dialog.certificate.ExtendedKeyUsage.id_kp_smartcardlogon")); //$NON-NLS-1$ if (eku.hasKeyPurposeId(KeyPurposeId.id_kp_timeStamping)) buf.append(Messages .getString("MailsterSWT.dialog.certificate.ExtendedKeyUsage.id_kp_timeStamping")); //$NON-NLS-1$ generateNode(parent, Messages.getString(oid), buf.toString()); } else generateNode(parent, MessageFormat.format(Messages.getString("MailsterSWT.dialog.certificate.objectIdentifier"), //$NON-NLS-1$ new Object[] { oid.replace('.', ' ') }), CertificateUtilities.byteArrayToString((cert.getExtensionValue(oid)))); } catch (Exception ex) { ex.printStackTrace(); } }