Java Code Examples for org.bouncycastle.asn1.x509.Extension#reasonCode()

The following examples show how to use org.bouncycastle.asn1.x509.Extension#reasonCode() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: CmpCaClient.java    From xipki with Apache License 2.0 5 votes vote down vote up
public boolean revokeCert(BigInteger serialNumber, CRLReason reason) throws Exception {
  ProtectedPKIMessageBuilder builder = new ProtectedPKIMessageBuilder(
      PKIHeader.CMP_2000, requestorSubject, responderSubject);
  builder.setMessageTime(new Date());
  builder.setTransactionID(randomTransactionId());
  builder.setSenderNonce(randomSenderNonce());

  CertTemplateBuilder certTempBuilder = new CertTemplateBuilder();
  certTempBuilder.setIssuer(caSubject);
  certTempBuilder.setSerialNumber(new ASN1Integer(serialNumber));

  AuthorityKeyIdentifier aki = new AuthorityKeyIdentifier(caSubjectKeyIdentifier);
  byte[] encodedAki = aki.getEncoded();

  Extension extAki = new Extension(Extension.authorityKeyIdentifier, false, encodedAki);
  Extensions certTempExts = new Extensions(extAki);
  certTempBuilder.setExtensions(certTempExts);

  ASN1Enumerated asn1Reason = new ASN1Enumerated(reason.getValue().intValue());
  Extensions exts = new Extensions(
      new Extension(Extension.reasonCode, true, new DEROctetString(asn1Reason.getEncoded())));
  RevDetails revDetails = new RevDetails(certTempBuilder.build(), exts);

  RevReqContent content = new RevReqContent(revDetails);
  builder.setBody(new PKIBody(PKIBody.TYPE_REVOCATION_REQ, content));
  ProtectedPKIMessage request = build(builder);

  PKIMessage response = transmit(request, null);
  return parseRevocationResult(response, serialNumber);
}
 
Example 2
Source File: X509Ca.java    From xipki with Apache License 2.0 5 votes vote down vote up
private static Extension createReasonExtension(int reasonCode) {
  CRLReason crlReason = CRLReason.lookup(reasonCode);
  try {
    return new Extension(Extension.reasonCode, false, crlReason.getEncoded());
  } catch (IOException ex) {
    throw new IllegalArgumentException("error encoding reason: " + ex.getMessage(), ex);
  }
}
 
Example 3
Source File: CmpAgent.java    From xipki with Apache License 2.0 5 votes vote down vote up
private PKIMessage buildUnrevokeOrRemoveCertRequest(UnrevokeOrRemoveCertRequest request,
    int reasonCode) throws CmpClientException {
  PKIHeader header = buildPkiHeader(null);

  List<UnrevokeOrRemoveCertRequest.Entry> requestEntries = request.getRequestEntries();
  List<RevDetails> revDetailsArray = new ArrayList<>(requestEntries.size());
  for (UnrevokeOrRemoveCertRequest.Entry requestEntry : requestEntries) {
    CertTemplateBuilder certTempBuilder = new CertTemplateBuilder();
    certTempBuilder.setIssuer(requestEntry.getIssuer());
    certTempBuilder.setSerialNumber(new ASN1Integer(requestEntry.getSerialNumber()));
    byte[] aki = requestEntry.getAuthorityKeyIdentifier();
    if (aki != null) {
      Extensions certTempExts = getCertTempExtensions(aki);
      certTempBuilder.setExtensions(certTempExts);
    }

    Extension[] extensions = new Extension[1];

    try {
      ASN1Enumerated reason = new ASN1Enumerated(reasonCode);
      extensions[0] = new Extension(Extension.reasonCode, true,
              new DEROctetString(reason.getEncoded()));
    } catch (IOException ex) {
      throw new CmpClientException(ex.getMessage(), ex);
    }
    Extensions exts = new Extensions(extensions);

    RevDetails revDetails = new RevDetails(certTempBuilder.build(), exts);
    revDetailsArray.add(revDetails);
  }

  RevReqContent content = new RevReqContent(revDetailsArray.toArray(new RevDetails[0]));
  PKIBody body = new PKIBody(PKIBody.TYPE_REVOCATION_REQ, content);
  return new PKIMessage(header, body);
}
 
Example 4
Source File: CmpResponder.java    From xipki with Apache License 2.0 4 votes vote down vote up
private PKIBody cmpUnRevokeRemoveCertificates(PKIMessage request, PKIHeaderBuilder respHeader,
    CmpControl cmpControl, PKIHeader reqHeader, PKIBody reqBody, CmpRequestorInfo requestor,
    String msgId, AuditEvent event) {
  Integer requiredPermission = null;
  boolean allRevdetailsOfSameType = true;

  RevReqContent rr = RevReqContent.getInstance(reqBody.getContent());
  RevDetails[] revContent = rr.toRevDetailsArray();

  int len = revContent.length;
  for (int i = 0; i < len; i++) {
    RevDetails revDetails = revContent[i];
    Extensions crlDetails = revDetails.getCrlEntryDetails();
    int reasonCode = CrlReason.UNSPECIFIED.getCode();
    if (crlDetails != null) {
      ASN1ObjectIdentifier extId = Extension.reasonCode;
      ASN1Encodable extValue = crlDetails.getExtensionParsedValue(extId);
      if (extValue != null) {
        reasonCode = ASN1Enumerated.getInstance(extValue).getValue().intValue();
      }
    }

    if (reasonCode == XiSecurityConstants.CMP_CRL_REASON_REMOVE) {
      if (requiredPermission == null) {
        event.addEventType(CaAuditConstants.Cmp.TYPE_rr_remove);
        requiredPermission = PermissionConstants.REMOVE_CERT;
      } else if (requiredPermission != PermissionConstants.REMOVE_CERT) {
        allRevdetailsOfSameType = false;
        break;
      }
    } else if (reasonCode == CrlReason.REMOVE_FROM_CRL.getCode()) {
      if (requiredPermission == null) {
        event.addEventType(CaAuditConstants.Cmp.TYPE_rr_unrevoke);
        requiredPermission = PermissionConstants.UNREVOKE_CERT;
      } else if (requiredPermission != PermissionConstants.UNREVOKE_CERT) {
        allRevdetailsOfSameType = false;
        break;
      }
    } else {
      if (requiredPermission == null) {
        event.addEventType(CaAuditConstants.Cmp.TYPE_rr_revoke);
        requiredPermission = PermissionConstants.REVOKE_CERT;
      } else if (requiredPermission != PermissionConstants.REVOKE_CERT) {
        allRevdetailsOfSameType = false;
        break;
      }
    }
  } // end for

  if (!allRevdetailsOfSameType) {
    ErrorMsgContent emc = new ErrorMsgContent(
        new PKIStatusInfo(PKIStatus.rejection,
        new PKIFreeText("not all revDetails are of the same type"),
        new PKIFailureInfo(PKIFailureInfo.badRequest)));

    return new PKIBody(PKIBody.TYPE_ERROR, emc);
  }

  try {
    checkPermission(requestor, requiredPermission);
  } catch (InsuffientPermissionException ex) {
    event.setStatus(AuditStatus.FAILED);
    event.addEventData(CaAuditConstants.NAME_message, "NOT_PERMITTED");
    return buildErrorMsgPkiBody(PKIStatus.rejection, PKIFailureInfo.notAuthorized, null);
  }

  return unRevokeRemoveCertificates(request, rr, requiredPermission, cmpControl, msgId, event);
}
 
Example 5
Source File: CmpAgent.java    From xipki with Apache License 2.0 4 votes vote down vote up
private PKIMessage buildRevokeCertRequest(RevokeCertRequest request)
    throws CmpClientException {
  PKIHeader header = buildPkiHeader(null);

  List<RevokeCertRequest.Entry> requestEntries = request.getRequestEntries();
  List<RevDetails> revDetailsArray = new ArrayList<>(requestEntries.size());
  for (RevokeCertRequest.Entry requestEntry : requestEntries) {
    CertTemplateBuilder certTempBuilder = new CertTemplateBuilder();
    certTempBuilder.setIssuer(requestEntry.getIssuer());
    certTempBuilder.setSerialNumber(new ASN1Integer(requestEntry.getSerialNumber()));
    byte[] aki = requestEntry.getAuthorityKeyIdentifier();
    if (aki != null) {
      Extensions certTempExts = getCertTempExtensions(aki);
      certTempBuilder.setExtensions(certTempExts);
    }

    Date invalidityDate = requestEntry.getInvalidityDate();
    int idx = (invalidityDate == null) ? 1 : 2;
    Extension[] extensions = new Extension[idx];

    try {
      ASN1Enumerated reason = new ASN1Enumerated(requestEntry.getReason());
      extensions[0] = new Extension(Extension.reasonCode, true,
          new DEROctetString(reason.getEncoded()));

      if (invalidityDate != null) {
        ASN1GeneralizedTime time = new ASN1GeneralizedTime(invalidityDate);
        extensions[1] = new Extension(Extension.invalidityDate, true,
                new DEROctetString(time.getEncoded()));
      }
    } catch (IOException ex) {
      throw new CmpClientException(ex.getMessage(), ex);
    }

    Extensions exts = new Extensions(extensions);

    RevDetails revDetails = new RevDetails(certTempBuilder.build(), exts);
    revDetailsArray.add(revDetails);
  }

  RevReqContent content = new RevReqContent(revDetailsArray.toArray(new RevDetails[0]));
  PKIBody body = new PKIBody(PKIBody.TYPE_REVOCATION_REQ, content);
  return new PKIMessage(header, body);
}