use of org.bouncycastle.asn1.ASN1Enumerated in project candlepin by candlepin.
the class X509CRLStreamWriter method add.
/**
* Create an entry to be added to the CRL.
*
* @param serial
* @param date
* @param reason
* @throws IOException if an entry fails to generate
*/
@SuppressWarnings({ "unchecked", "rawtypes" })
public void add(BigInteger serial, Date date, int reason) throws IOException {
if (locked) {
throw new IllegalStateException("Cannot add to a locked stream.");
}
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(new ASN1Integer(serial));
v.add(new Time(date));
CRLReason crlReason = CRLReason.getInstance(new ASN1Enumerated(reason));
ExtensionsGenerator generator = new ExtensionsGenerator();
generator.addExtension(Extension.reasonCode, false, crlReason);
v.add(generator.generate());
newEntries.add(new DERSequence(v));
}
use of org.bouncycastle.asn1.ASN1Enumerated in project xipki by xipki.
the class X509CmpRequestor method buildUnrevokeOrRemoveCertRequest.
// method buildRevokeCertRequest
private PKIMessage buildUnrevokeOrRemoveCertRequest(UnrevokeOrRemoveCertRequest request, int reasonCode) throws CmpRequestorException {
PKIHeader header = buildPkiHeader(null);
List<UnrevokeOrRemoveCertEntry> requestEntries = request.getRequestEntries();
List<RevDetails> revDetailsArray = new ArrayList<>(requestEntries.size());
for (UnrevokeOrRemoveCertEntry requestEntry : requestEntries) {
CertTemplateBuilder certTempBuilder = new CertTemplateBuilder();
certTempBuilder.setIssuer(requestEntry.getIssuer());
certTempBuilder.setSerialNumber(new ASN1Integer(requestEntry.getSerialNumber()));
byte[] aki = requestEntry.getAuthorityKeyIdentifier();
if (aki != null) {
Extensions certTempExts = getCertTempExtensions(aki);
certTempBuilder.setExtensions(certTempExts);
}
Extension[] extensions = new Extension[1];
try {
ASN1Enumerated reason = new ASN1Enumerated(reasonCode);
extensions[0] = new Extension(Extension.reasonCode, true, new DEROctetString(reason.getEncoded()));
} catch (IOException ex) {
throw new CmpRequestorException(ex.getMessage(), ex);
}
Extensions exts = new Extensions(extensions);
RevDetails revDetails = new RevDetails(certTempBuilder.build(), exts);
revDetailsArray.add(revDetails);
}
RevReqContent content = new RevReqContent(revDetailsArray.toArray(new RevDetails[0]));
PKIBody body = new PKIBody(PKIBody.TYPE_REVOCATION_REQ, content);
return new PKIMessage(header, body);
}
use of org.bouncycastle.asn1.ASN1Enumerated in project wildfly by wildfly.
the class KerberosTestUtils method generateSpnegoTokenResp.
/**
* Generates SPNEGO response (to a "select mechanism challenge") with given bytes as the ticket for selected mechanism.
*
* @param ticket
* @return ASN.1 encoded SPNEGO response
*/
public static byte[] generateSpnegoTokenResp(byte[] ticket) throws IOException {
DEROctetString ourKerberosTicket = new DEROctetString(ticket);
// accept-incomplete
DERTaggedObject taggedNegState = new DERTaggedObject(0, new ASN1Enumerated(1));
DERTaggedObject taggedResponseToken = new DERTaggedObject(2, ourKerberosTicket);
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(taggedNegState);
v.add(taggedResponseToken);
DERSequence seqNegTokenResp = new DERSequence(v);
DERTaggedObject taggedSpnego = new DERTaggedObject(1, seqNegTokenResp);
return taggedSpnego.getEncoded();
}
use of org.bouncycastle.asn1.ASN1Enumerated in project xipki by xipki.
the class X509CmpRequestor method buildRevokeCertRequest.
private PKIMessage buildRevokeCertRequest(RevokeCertRequest request) throws CmpRequestorException {
PKIHeader header = buildPkiHeader(null);
List<RevokeCertRequestEntry> requestEntries = request.getRequestEntries();
List<RevDetails> revDetailsArray = new ArrayList<>(requestEntries.size());
for (RevokeCertRequestEntry requestEntry : requestEntries) {
CertTemplateBuilder certTempBuilder = new CertTemplateBuilder();
certTempBuilder.setIssuer(requestEntry.getIssuer());
certTempBuilder.setSerialNumber(new ASN1Integer(requestEntry.getSerialNumber()));
byte[] aki = requestEntry.getAuthorityKeyIdentifier();
if (aki != null) {
Extensions certTempExts = getCertTempExtensions(aki);
certTempBuilder.setExtensions(certTempExts);
}
Date invalidityDate = requestEntry.getInvalidityDate();
int idx = (invalidityDate == null) ? 1 : 2;
Extension[] extensions = new Extension[idx];
try {
ASN1Enumerated reason = new ASN1Enumerated(requestEntry.getReason());
extensions[0] = new Extension(Extension.reasonCode, true, new DEROctetString(reason.getEncoded()));
if (invalidityDate != null) {
ASN1GeneralizedTime time = new ASN1GeneralizedTime(invalidityDate);
extensions[1] = new Extension(Extension.invalidityDate, true, new DEROctetString(time.getEncoded()));
}
} catch (IOException ex) {
throw new CmpRequestorException(ex.getMessage(), ex);
}
Extensions exts = new Extensions(extensions);
RevDetails revDetails = new RevDetails(certTempBuilder.build(), exts);
revDetailsArray.add(revDetails);
}
RevReqContent content = new RevReqContent(revDetailsArray.toArray(new RevDetails[0]));
PKIBody body = new PKIBody(PKIBody.TYPE_REVOCATION_REQ, content);
return new PKIMessage(header, body);
}
use of org.bouncycastle.asn1.ASN1Enumerated in project xipki by xipki.
the class CmpCaClient method revokeCert.
// method requestCerts
public boolean revokeCert(BigInteger serialNumber, CRLReason reason) throws Exception {
ProtectedPKIMessageBuilder builder = new ProtectedPKIMessageBuilder(PKIHeader.CMP_2000, requestorSubject, responderSubject);
builder.setMessageTime(new Date());
builder.setTransactionID(randomTransactionId());
builder.setSenderNonce(randomSenderNonce());
CertTemplateBuilder certTempBuilder = new CertTemplateBuilder();
certTempBuilder.setIssuer(caSubject);
certTempBuilder.setSerialNumber(new ASN1Integer(serialNumber));
AuthorityKeyIdentifier aki = new AuthorityKeyIdentifier(caSubjectKeyIdentifier);
byte[] encodedAki = aki.getEncoded();
Extension extAki = new Extension(Extension.authorityKeyIdentifier, false, encodedAki);
Extensions certTempExts = new Extensions(extAki);
certTempBuilder.setExtensions(certTempExts);
ASN1Enumerated asn1Reason = new ASN1Enumerated(reason.getValue().intValue());
Extensions exts = new Extensions(new Extension(Extension.reasonCode, true, new DEROctetString(asn1Reason.getEncoded())));
RevDetails revDetails = new RevDetails(certTempBuilder.build(), exts);
RevReqContent content = new RevReqContent(revDetails);
builder.setBody(new PKIBody(PKIBody.TYPE_REVOCATION_REQ, content));
ProtectedPKIMessage request = builder.build(requestorSigner);
PKIMessage response = transmit(request);
return parseRevocationResult(response, serialNumber);
}
Aggregations