Example usage for org.bouncycastle.jce.provider X509CRLEntryObject hasExtensions

List of usage examples for org.bouncycastle.jce.provider X509CRLEntryObject hasExtensions

  1. HOME
  2. Java
  3. org.bouncycastle
  4. org.bouncycastle.jce.provider.*
  5. X509CRLEntryObject
  6. hasExtensions

Introduction

In this page you can find the example usage for org.bouncycastle.jce.provider X509CRLEntryObject hasExtensions.

Prototype

public boolean hasExtensions()

Source Link

Usage

From source file:eu.emi.security.authn.x509.helpers.pkipath.bc.RFC3280CertPathUtilitiesHelper.java

License:Open Source License

protected static void getCertStatus(Date validDate, X509CRL crl, Object cert, CertStatus certStatus)
        throws SimpleValidationErrorException {
    // use BC X509CRLObject so that indirect CRLs are supported
    X509CRLObject bcCRL = null;//  ww w. ja  v a 2 s . co  m
    try {
        bcCRL = new X509CRLObject(
                new CertificateList((ASN1Sequence) ASN1Sequence.fromByteArray(crl.getEncoded())));
    } catch (Exception e) {
        throw new SimpleValidationErrorException(ValidationErrorCode.unknownMsg, e);
    }
    // use BC X509CRLEntryObject, so that getCertificateIssuer() is
    // supported.
    X509CRLEntryObject crl_entry = (X509CRLEntryObject) bcCRL
            .getRevokedCertificate(CertPathValidatorUtilities.getSerialNumber(cert));
    if (crl_entry != null && (CertPathValidatorUtilities.getEncodedIssuerPrincipal(cert)
            .equals(crl_entry.getCertificateIssuer())
            || CertPathValidatorUtilities.getEncodedIssuerPrincipal(cert)
                    .equals(crl.getIssuerX500Principal()))) {
        ASN1Enumerated reasonCode = null;
        if (crl_entry.hasExtensions()) {
            try {
                reasonCode = ASN1Enumerated.getInstance(CertPathValidatorUtilities.getExtensionValue(crl_entry,
                        X509Extensions.ReasonCode.getId()));
            } catch (Exception e) {
                throw new SimpleValidationErrorException(ValidationErrorCode.crlReasonExtError, e);
            }
        }

        // for reason keyCompromise, caCompromise, aACompromise
        // or
        // unspecified
        if (!(validDate.getTime() < crl_entry.getRevocationDate().getTime()) || reasonCode == null
                || reasonCode.getValue().intValue() == 0 || reasonCode.getValue().intValue() == 1
                || reasonCode.getValue().intValue() == 2 || reasonCode.getValue().intValue() == 8) {

            // (i) or (j) (1)
            if (reasonCode != null) {
                certStatus.setCertStatus(reasonCode.getValue().intValue());
            }
            // (i) or (j) (2)
            else {
                certStatus.setCertStatus(CRLReason.unspecified);
            }
            certStatus.setRevocationDate(crl_entry.getRevocationDate());
        }
    }
}