List of usage examples for org.bouncycastle.asn1.x509 X509Extension reasonCode
ASN1ObjectIdentifier reasonCode
To view the source code for org.bouncycastle.asn1.x509 X509Extension reasonCode.
Click Source Link
From source file:eu.europa.ec.markt.dss.validation102853.CRLCertificateVerifier.java
License:Open Source License
@Override public RevocationToken check(final CertificateToken toCheckToken) { String crlUri = null;/*from w ww .ja v a 2 s.co m*/ try { if (crlSource == null) { toCheckToken.extraInfo().infoCRLSourceIsNull(); return null; } final X509Certificate toCheckCert = toCheckToken.getCertificate(); final X509Certificate issuerCert = toCheckToken.getIssuerToken().getCertificate(); final X509CRL x509crl = crlSource.findCrl(toCheckCert, issuerCert); if (crlSource instanceof OnlineCRLSource) { crlUri = ((OnlineCRLSource) crlSource).getCrlUri(toCheckCert); } if (x509crl == null) { if (LOG.isLoggable(Level.INFO)) { LOG.info("No CRL found for " + toCheckToken.getDSSIdAsString()); } if (crlSource instanceof OnlineCRLSource) { toCheckToken.extraInfo().infoNoCRLInfoFound(crlUri); } return null; } final CRLToken crlToken = new CRLToken(x509crl); if (crlSource instanceof OnlineCRLSource) { crlToken.setSourceURI(crlUri); } if (!isCRLTokenValid(crlToken, toCheckToken.getIssuerToken())) { LOG.warning("The CRL is not valid !"); toCheckToken.extraInfo().infoCRLIsNotValid(); return null; } final X509CRLEntry crlEntry = x509crl.getRevokedCertificate(toCheckCert.getSerialNumber()); if (null == crlEntry) { if (LOG.isLoggable(Level.FINE)) { LOG.fine("CRL OK for: " + toCheckToken.getDSSIdAsString()); } /* * If there is no entry in the CRL, the certificate is more likely to be valid */ crlToken.setStatus(true); } else { if (LOG.isLoggable(Level.FINE)) { LOG.fine("CRL reports certificate: " + toCheckToken.getDSSIdAsString() + " as revoked since " + crlEntry.getRevocationDate()); } crlToken.setStatus(false); crlToken.setRevocationDate(crlEntry.getRevocationDate()); final byte[] extensionBytes = crlEntry.getExtensionValue(X509Extension.reasonCode.getId()); ASN1InputStream dIn = null; try { dIn = new ASN1InputStream(extensionBytes); CRLReason reason = new CRLReason(DEREnumerated.getInstance(dIn.readObject())); crlToken.setReason(reason.toString()); } catch (IllegalArgumentException e) { // In the test case XAdESTest003 testTRevoked() there is an error in the revocation reason. LOG.warning("Error when revocation reason decoding from CRL: " + e.toString()); crlToken.setReason(new CRLReason(7).toString()); // unknown } finally { DSSUtils.closeQuietly(dIn); } } toCheckToken.setRevocationToken(crlToken); return crlToken; } catch (final Exception e) { LOG.log(Level.SEVERE, "Exception when accessing CRL for " + toCheckToken.getDSSIdAsString(), e); toCheckToken.extraInfo().infoCRLException(crlUri, e); return null; } }
From source file:mitm.common.security.crl.X509CRLEntryInspector.java
License:Open Source License
/** * Returns the reason code, null of this extension does not exist. *///from ww w . j a va 2s .com public static Integer getReasonCode(X509CRLEntry crlEntry) throws IOException { Integer code = null; DEREnumerated reasonCode = DEREnumerated .getInstance(ASN1Utils.getExtensionValue(crlEntry, X509Extension.reasonCode.getId())); if (reasonCode != null) { code = reasonCode.getValue().intValue(); } return code; }
From source file:org.candlepin.util.X509CRLStreamWriter.java
License:Open Source License
/** * Create an entry to be added to the CRL. * * @param serial/* w w w. ja va 2 s .c o m*/ * @param date * @param reason */ @SuppressWarnings({ "unchecked", "rawtypes" }) public void add(BigInteger serial, Date date, int reason) { if (locked) { throw new IllegalStateException("Cannot add to a locked stream."); } ASN1EncodableVector v = new ASN1EncodableVector(); v.add(new DERInteger(serial)); v.add(new Time(date)); CRLReason crlReason = new CRLReason(reason); Vector extOids = new Vector(); Vector extValues = new Vector(); extOids.addElement(X509Extension.reasonCode); extValues.addElement(new X509Extension(false, new DEROctetString(crlReason.getDEREncoded()))); v.add(new X509Extensions(extOids, extValues)); newEntries.add(new DERSequence(v)); }
From source file:org.candlepin.util.X509CRLStreamWriter.java
License:Open Source License
protected void writeToEmptyCrl(OutputStream out) throws IOException { ASN1InputStream asn1in = null; try {/*from w w w . jav a 2s. c om*/ asn1in = new ASN1InputStream(crlIn); DERSequence certListSeq = (DERSequence) asn1in.readObject(); CertificateList certList = new CertificateList(certListSeq); X509CRLHolder oldCrl = new X509CRLHolder(certList); X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(oldCrl.getIssuer(), new Date()); crlBuilder.addCRL(oldCrl); Date now = new Date(); Date oldNextUpdate = certList.getNextUpdate().getDate(); Date oldThisUpdate = certList.getThisUpdate().getDate(); Date nextUpdate = new Date(now.getTime() + (oldNextUpdate.getTime() - oldThisUpdate.getTime())); crlBuilder.setNextUpdate(nextUpdate); for (Object o : oldCrl.getExtensionOIDs()) { ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) o; X509Extension ext = oldCrl.getExtension(oid); if (oid.equals(X509Extension.cRLNumber)) { DEROctetString octet = (DEROctetString) ext.getValue().getDERObject(); DERInteger currentNumber = (DERInteger) DERTaggedObject.fromByteArray(octet.getOctets()); DERInteger nextNumber = new DERInteger(currentNumber.getValue().add(BigInteger.ONE)); crlBuilder.addExtension(oid, ext.isCritical(), nextNumber); } else if (oid.equals(X509Extension.authorityKeyIdentifier)) { crlBuilder.addExtension(oid, ext.isCritical(), new AuthorityKeyIdentifierStructure(ext.getValue().getDEREncoded())); } } for (DERSequence entry : newEntries) { // XXX: This is all a bit messy considering the user already passed in the serial, date // and reason. BigInteger serial = ((DERInteger) entry.getObjectAt(0)).getValue(); Date revokeDate = ((Time) entry.getObjectAt(1)).getDate(); int reason = CRLReason.unspecified; if (entry.size() == 3) { X509Extensions extensions = (X509Extensions) entry.getObjectAt(2); X509Extension reasonExt = extensions.getExtension(X509Extension.reasonCode); if (reasonExt != null) { reason = ((DEREnumerated) reasonExt.getParsedValue()).getValue().intValue(); } } crlBuilder.addCRLEntry(serial, revokeDate, reason); } RSAKeyParameters keyParams = new RSAKeyParameters(true, key.getModulus(), key.getPrivateExponent()); signingAlg = oldCrl.toASN1Structure().getSignatureAlgorithm(); digestAlg = new DefaultDigestAlgorithmIdentifierFinder().find(signingAlg); ContentSigner s; try { s = new BcRSAContentSignerBuilder(signingAlg, digestAlg).build(keyParams); X509CRLHolder newCrl = crlBuilder.build(s); out.write(newCrl.getEncoded()); } catch (OperatorCreationException e) { throw new IOException("Could not sign CRL", e); } } finally { IOUtils.closeQuietly(asn1in); } }
From source file:org.signserver.validationservice.server.ValidationUtils.java
License:Open Source License
public static int getReasonCodeFromCRLEntry(X509CRLEntry crlEntry) throws IOException { // retrieve reason byte[] reasonBytes = crlEntry.getExtensionValue(X509Extension.reasonCode.getId()); if (reasonBytes == null) { // if null then unspecified (RFC 3280) return CRLReason.unspecified; }//w w w . j a v a 2 s. co m DEREnumerated reasonCode = (DEREnumerated) X509ExtensionUtil.fromExtensionValue(reasonBytes); return reasonCode.getValue().intValue(); }