Java 类org.bouncycastle.asn1.DEREnumerated 实例源码

/**
 * Constructor from given details.
 * <p>
 * If <code>digestedObjectType</code> is not {@link #publicKeyCert} or
 * {@link #publicKey} <code>otherObjectTypeID</code> must be given,
 * otherwise it is ignored.
 * 
 * @param digestedObjectType The digest object type.
 * @param otherObjectTypeID The object type ID for
 *            <code>otherObjectDigest</code>.
 * @param digestAlgorithm The algorithm identifier for the hash.
 * @param objectDigest The hash value.
 */
public ObjectDigestInfo(
    int digestedObjectType,
    String otherObjectTypeID,
    AlgorithmIdentifier digestAlgorithm,
    byte[] objectDigest)
{
    this.digestedObjectType = new DEREnumerated(digestedObjectType);
    if (digestedObjectType == otherObjectDigest)
    {
        this.otherObjectTypeID = new DERObjectIdentifier(otherObjectTypeID);
    }

    this.digestAlgorithm = digestAlgorithm; 

    this.objectDigest = new DERBitString(objectDigest);
}

private ObjectDigestInfo(
    ASN1Sequence seq)
{
    if (seq.size() > 4 || seq.size() < 3)
    {
        throw new IllegalArgumentException("Bad sequence size: "
            + seq.size());
    }

    digestedObjectType = DEREnumerated.getInstance(seq.getObjectAt(0));

    int offset = 0;

    if (seq.size() == 4)
    {
        otherObjectTypeID = DERObjectIdentifier.getInstance(seq.getObjectAt(1));
        offset++;
    }

    digestAlgorithm = AlgorithmIdentifier.getInstance(seq.getObjectAt(1 + offset));

    objectDigest = DERBitString.getInstance(seq.getObjectAt(2 + offset));
}

private RevokedInfo(
    ASN1Sequence    seq)
{
    this.revocationTime = ASN1GeneralizedTime.getInstance(seq.getObjectAt(0));

    if (seq.size() > 1)
    {
        this.revocationReason = CRLReason.getInstance(DEREnumerated.getInstance(
                            (ASN1TaggedObject)seq.getObjectAt(1), true));
    }
}

public SpnegoTargToken(byte[] token) throws DecodingException {
    ASN1InputStream stream = new ASN1InputStream(new ByteArrayInputStream(token));
    ASN1TaggedObject tagged;
    try {
        tagged = DecodingUtil.as(ASN1TaggedObject.class, stream);
    } catch(IOException e) {
        throw new DecodingException("spnego.token.malformed", null, e);
    }

    ASN1Sequence sequence = ASN1Sequence.getInstance(tagged, true);
    Enumeration<?> fields = sequence.getObjects();
    while(fields.hasMoreElements()) {
        tagged = DecodingUtil.as(ASN1TaggedObject.class, fields);
        switch (tagged.getTagNo()) {
        case 0:
            ASN1Enumerated enumerated = DEREnumerated.getInstance(tagged, true);
            result = enumerated.getValue().intValue();
            break;
        case 1:
            ASN1ObjectIdentifier mechanismOid = DERObjectIdentifier.getInstance(tagged, true);
            mechanism = mechanismOid.getId();
            break;
        case 2:
            ASN1OctetString mechanismTokenString = ASN1OctetString.getInstance(tagged, true);
            mechanismToken = mechanismTokenString.getOctets();
            break;
        case 3:
            ASN1OctetString mechanismListString = ASN1OctetString.getInstance(tagged, true);
            mechanismList = mechanismListString.getOctets();
            break;
        default:
            Object[] args = new Object[]{tagged.getTagNo()};
            throw new DecodingException("spnego.field.invalid", args, null);
        }
    }
}

private RevokedInfo(
    ASN1Sequence    seq)
{
    this.revocationTime = ASN1GeneralizedTime.getInstance(seq.getObjectAt(0));

    if (seq.size() > 1)
    {
        this.revocationReason = CRLReason.getInstance(DEREnumerated.getInstance(
                            (ASN1TaggedObject)seq.getObjectAt(1), true));
    }
}

private RevokedInfo(
    ASN1Sequence    seq)
{
    this.revocationTime = ASN1GeneralizedTime.getInstance(seq.getObjectAt(0));

    if (seq.size() > 1)
    {
        this.revocationReason = CRLReason.getInstance(DEREnumerated.getInstance(
                            (ASN1TaggedObject)seq.getObjectAt(1), true));
    }
}

public CRLReason(
    DEREnumerated reason)
{
    super(reason.getValue().intValue());
}

public DEREnumerated getDigestedObjectType()
{
    return digestedObjectType;
}

public CRLReason(
    DEREnumerated reason)
{
    super(reason.getValue().intValue());
}

public void checkCRLCreation1()
    throws Exception
{
    KeyPairGenerator     kpGen = KeyPairGenerator.getInstance("RSA", "BC");
    X509V2CRLGenerator   crlGen = new X509V2CRLGenerator();
    Date                 now = new Date();
    KeyPair              pair = kpGen.generateKeyPair();

    crlGen.setIssuerDN(new X500Principal("CN=Test CA"));

    crlGen.setThisUpdate(now);
    crlGen.setNextUpdate(new Date(now.getTime() + 100000));
    crlGen.setSignatureAlgorithm("SHA256WithRSAEncryption");

    crlGen.addCRLEntry(BigInteger.ONE, now, CRLReason.privilegeWithdrawn);

    crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(pair.getPublic()));

    X509CRL    crl = crlGen.generate(pair.getPrivate(), "BC");

    if (!crl.getIssuerX500Principal().equals(new X500Principal("CN=Test CA")))
    {
        fail("failed CRL issuer test");
    }

    byte[] authExt = crl.getExtensionValue(X509Extensions.AuthorityKeyIdentifier.getId());

    if (authExt == null)
    {
        fail("failed to find CRL extension");
    }

    AuthorityKeyIdentifier authId = new AuthorityKeyIdentifierStructure(authExt);

    X509CRLEntry entry = crl.getRevokedCertificate(BigInteger.ONE);

    if (entry == null)
    {
        fail("failed to find CRL entry");
    }

    if (!entry.getSerialNumber().equals(BigInteger.ONE))
    {
        fail("CRL cert serial number does not match");
    }

    if (!entry.hasExtensions())
    {
        fail("CRL entry extension not found");
    }

    byte[]  ext = entry.getExtensionValue(X509Extensions.ReasonCode.getId());

    if (ext != null)
    {
        DEREnumerated   reasonCode = (DEREnumerated)X509ExtensionUtil.fromExtensionValue(ext);

        if (reasonCode.getValue().intValue() != CRLReason.privilegeWithdrawn)
        {
            fail("CRL entry reasonCode wrong");
        }
    }
    else
    {
        fail("CRL entry reasonCode not found");
    }
}

public TestResult perform()
{
    byte[]    data = { 0, 1, 0, 1, 0, 0, 1 };

    ASN1Primitive    values[] = {
            new BERConstructedOctetString(data),
            new BERSequence(new DERPrintableString("hello world")),
            new BERSet(new DERPrintableString("hello world")),
            new BERTaggedObject(0, new DERPrintableString("hello world")),
            new DERApplicationSpecific(0, data),
            new DERBitString(data),
            new DERBMPString("hello world"),
            new DERBoolean(true),
            new DERBoolean(false),
            new DEREnumerated(100),
            new DERGeneralizedTime("20070315173729Z"),
            new DERGeneralString("hello world"),
            new DERIA5String("hello"),
            new DERInteger(1000),
            new DERNull(),
            new DERNumericString("123456"),
            new DERObjectIdentifier("1.1.1.10000.1"),
            new DEROctetString(data),
            new DERPrintableString("hello world"),
            new DERSequence(new DERPrintableString("hello world")),
            new DERSet(new DERPrintableString("hello world")),
            new DERT61String("hello world"),
            new DERTaggedObject(0, new DERPrintableString("hello world")),
            new DERUniversalString(data),
            new DERUTCTime(new Date()),
            new DERUTF8String("hello world"),
            new DERVisibleString("hello world")
        };

    try
    {
        ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
        ASN1OutputStream        aOut = new ASN1OutputStream(bOut);

        for (int i = 0; i != values.length; i++)
        {
            aOut.writeObject(values[i]);
        }

        ASN1Primitive[] readValues = new ASN1Primitive[values.length];

        ByteArrayInputStream    bIn = new ByteArrayInputStream(bOut.toByteArray());
        ASN1InputStream         aIn = new ASN1InputStream(bIn);

        for (int i = 0; i != values.length; i++)
        {
            ASN1Primitive o = aIn.readObject();
            if (!o.equals(values[i]))
            {
                return new SimpleTestResult(false, getName() + ": Failed equality test for " + o.getClass());
            }

            if (o.hashCode() != values[i].hashCode())
            {
                return new SimpleTestResult(false, getName() + ": Failed hashCode test for " + o.getClass());
            }
        }
    }
    catch (Exception e)
    {
        return new SimpleTestResult(false, getName() + ": Failed - exception " + e.toString(), e);
    }

    return new SimpleTestResult(true, getName() + ": Okay");
}

public String toString()
{
    StringBuffer buf = new StringBuffer();
    String nl = System.getProperty("line.separator");

    buf.append("      userCertificate: ").append(this.getSerialNumber()).append(nl);
    buf.append("       revocationDate: ").append(this.getRevocationDate()).append(nl);

    Extensions extensions = c.getExtensions();

    if (extensions != null)
    {
        Enumeration e = extensions.oids();
        if (e.hasMoreElements())
        {
            buf.append("   crlEntryExtensions:").append(nl);

            while (e.hasMoreElements())
            {
                ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement();
                Extension ext = extensions.getExtension(oid);
                if (ext.getExtnValue() != null)
                {
                    byte[]                  octs = ext.getExtnValue().getOctets();
                    ASN1InputStream dIn = new ASN1InputStream(octs);
                    buf.append("                       critical(").append(ext.isCritical()).append(") ");
                    try
                    {
                        if (oid.equals(X509Extension.reasonCode))
                        {
                            buf.append(CRLReason.getInstance(DEREnumerated.getInstance(dIn.readObject()))).append(nl);
                        }
                        else if (oid.equals(X509Extension.certificateIssuer))
                        {
                            buf.append("Certificate issuer: ").append(GeneralNames.getInstance(dIn.readObject())).append(nl);
                        }
                        else 
                        {
                            buf.append(oid.getId());
                            buf.append(" value = ").append(ASN1Dump.dumpAsString(dIn.readObject())).append(nl);
                        }
                    }
                    catch (Exception ex)
                    {
                        buf.append(oid.getId());
                        buf.append(" value = ").append("*****").append(nl);
                    }
                }
                else
                {
                    buf.append(nl);
                }
            }
        }
    }

    return buf.toString();
}

public String toString()
{
    StringBuffer buf = new StringBuffer();
    String nl = System.getProperty("line.separator");

    buf.append("      userCertificate: ").append(this.getSerialNumber()).append(nl);
    buf.append("       revocationDate: ").append(this.getRevocationDate()).append(nl);

    Extensions extensions = c.getExtensions();

    if (extensions != null)
    {
        Enumeration e = extensions.oids();
        if (e.hasMoreElements())
        {
            buf.append("   crlEntryExtensions:").append(nl);

            while (e.hasMoreElements())
            {
                ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement();
                Extension ext = extensions.getExtension(oid);
                if (ext.getExtnValue() != null)
                {
                    byte[]                  octs = ext.getExtnValue().getOctets();
                    ASN1InputStream dIn = new ASN1InputStream(octs);
                    buf.append("                       critical(").append(ext.isCritical()).append(") ");
                    try
                    {
                        if (oid.equals(X509Extension.reasonCode))
                        {
                            buf.append(CRLReason.getInstance(DEREnumerated.getInstance(dIn.readObject()))).append(nl);
                        }
                        else if (oid.equals(X509Extension.certificateIssuer))
                        {
                            buf.append("Certificate issuer: ").append(GeneralNames.getInstance(dIn.readObject())).append(nl);
                        }
                        else 
                        {
                            buf.append(oid.getId());
                            buf.append(" value = ").append(ASN1Dump.dumpAsString(dIn.readObject())).append(nl);
                        }
                    }
                    catch (Exception ex)
                    {
                        buf.append(oid.getId());
                        buf.append(" value = ").append("*****").append(nl);
                    }
                }
                else
                {
                    buf.append(nl);
                }
            }
        }
    }

    return buf.toString();
}

public void checkCRLCreation1()
    throws Exception
{
    KeyPairGenerator     kpGen = KeyPairGenerator.getInstance("RSA", "BC");
    X509V2CRLGenerator   crlGen = new X509V2CRLGenerator();
    Date                 now = new Date();
    KeyPair              pair = kpGen.generateKeyPair();

    crlGen.setIssuerDN(new X500Principal("CN=Test CA"));

    crlGen.setThisUpdate(now);
    crlGen.setNextUpdate(new Date(now.getTime() + 100000));
    crlGen.setSignatureAlgorithm("SHA256WithRSAEncryption");

    crlGen.addCRLEntry(BigInteger.ONE, now, CRLReason.privilegeWithdrawn);

    crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(pair.getPublic()));

    X509CRL    crl = crlGen.generate(pair.getPrivate(), "BC");

    if (!crl.getIssuerX500Principal().equals(new X500Principal("CN=Test CA")))
    {
        fail("failed CRL issuer test");
    }

    byte[] authExt = crl.getExtensionValue(X509Extensions.AuthorityKeyIdentifier.getId());

    if (authExt == null)
    {
        fail("failed to find CRL extension");
    }

    AuthorityKeyIdentifier authId = new AuthorityKeyIdentifierStructure(authExt);

    X509CRLEntry entry = crl.getRevokedCertificate(BigInteger.ONE);

    if (entry == null)
    {
        fail("failed to find CRL entry");
    }

    if (!entry.getSerialNumber().equals(BigInteger.ONE))
    {
        fail("CRL cert serial number does not match");
    }

    if (!entry.hasExtensions())
    {
        fail("CRL entry extension not found");
    }

    byte[]  ext = entry.getExtensionValue(X509Extensions.ReasonCode.getId());

    if (ext != null)
    {
        DEREnumerated   reasonCode = (DEREnumerated)X509ExtensionUtil.fromExtensionValue(ext);

        if (reasonCode.getValue().intValue() != CRLReason.privilegeWithdrawn)
        {
            fail("CRL entry reasonCode wrong");
        }
    }
    else
    {
        fail("CRL entry reasonCode not found");
    }
}

public void checkCRLCreation1()
    throws Exception
{
    KeyPairGenerator     kpGen = KeyPairGenerator.getInstance("RSA", "BC");
    X509V2CRLGenerator   crlGen = new X509V2CRLGenerator();
    Date                 now = new Date();
    KeyPair              pair = kpGen.generateKeyPair();

    crlGen.setIssuerDN(new X509Principal("CN=Test CA"));

    crlGen.setThisUpdate(now);
    crlGen.setNextUpdate(new Date(now.getTime() + 100000));
    crlGen.setSignatureAlgorithm("SHA256WithRSAEncryption");

    crlGen.addCRLEntry(BigInteger.ONE, now, CRLReason.privilegeWithdrawn);

    crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(pair.getPublic()));

    X509CRL    crl = crlGen.generate(pair.getPrivate(), "BC");

    if (!crl.getIssuerDN().equals(new X509Principal("CN=Test CA")))
    {
        fail("failed CRL issuer test");
    }

    byte[] authExt = crl.getExtensionValue(X509Extensions.AuthorityKeyIdentifier.getId());

    if (authExt == null)
    {
        fail("failed to find CRL extension");
    }

    AuthorityKeyIdentifier authId = new AuthorityKeyIdentifierStructure(authExt);

    X509CRLEntry entry = crl.getRevokedCertificate(BigInteger.ONE);

    if (entry == null)
    {
        fail("failed to find CRL entry");
    }

    if (!entry.getSerialNumber().equals(BigInteger.ONE))
    {
        fail("CRL cert serial number does not match");
    }

    if (!entry.hasExtensions())
    {
        fail("CRL entry extension not found");
    }

    byte[]  ext = entry.getExtensionValue(X509Extensions.ReasonCode.getId());

    if (ext != null)
    {
        DEREnumerated   reasonCode = (DEREnumerated)X509ExtensionUtil.fromExtensionValue(ext);

        if (reasonCode.getValue().intValue() != CRLReason.privilegeWithdrawn)
        {
            fail("CRL entry reasonCode wrong");
        }
    }
    else
    {
        fail("CRL entry reasonCode not found");
    }
}

public TestResult perform()
{
    byte[]    data = { 0, 1, 0, 1, 0, 0, 1 };

    ASN1Primitive    values[] = {
            new BERConstructedOctetString(data),
            new BERSequence(new DERPrintableString("hello world")),
            new BERSet(new DERPrintableString("hello world")),
            new BERTaggedObject(0, new DERPrintableString("hello world")),
            new DERApplicationSpecific(0, data),
            new DERBitString(data),
            new DERBMPString("hello world"),
            new DERBoolean(true),
            new DERBoolean(false),
            new DEREnumerated(100),
            new DERGeneralizedTime("20070315173729Z"),
            new DERGeneralString("hello world"),
            new DERIA5String("hello"),
            new DERInteger(1000),
            new DERNull(),
            new DERNumericString("123456"),
            new DERObjectIdentifier("1.1.1.10000.1"),
            new DEROctetString(data),
            new DERPrintableString("hello world"),
            new DERSequence(new DERPrintableString("hello world")),
            new DERSet(new DERPrintableString("hello world")),
            new DERT61String("hello world"),
            new DERTaggedObject(0, new DERPrintableString("hello world")),
            new DERUniversalString(data),
            new DERUTCTime(new Date()),
            new DERUTF8String("hello world"),
            new DERVisibleString("hello world")
        };

    try
    {
        ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
        ASN1OutputStream        aOut = new ASN1OutputStream(bOut);

        for (int i = 0; i != values.length; i++)
        {
            aOut.writeObject(values[i]);
        }

        ASN1Primitive[] readValues = new ASN1Primitive[values.length];

        ByteArrayInputStream    bIn = new ByteArrayInputStream(bOut.toByteArray());
        ASN1InputStream         aIn = new ASN1InputStream(bIn);

        for (int i = 0; i != values.length; i++)
        {
            ASN1Primitive o = aIn.readObject();
            if (!o.equals(values[i]))
            {
                return new SimpleTestResult(false, getName() + ": Failed equality test for " + o.getClass());
            }

            if (o.hashCode() != values[i].hashCode())
            {
                return new SimpleTestResult(false, getName() + ": Failed hashCode test for " + o.getClass());
            }
        }
    }
    catch (Exception e)
    {
        return new SimpleTestResult(false, getName() + ": Failed - exception " + e.toString(), e);
    }

    return new SimpleTestResult(true, getName() + ": Okay");
}

public String toString()
{
    StringBuffer buf = new StringBuffer();
    String nl = System.getProperty("line.separator");

    buf.append("      userCertificate: ").append(this.getSerialNumber()).append(nl);
    buf.append("       revocationDate: ").append(this.getRevocationDate()).append(nl);

    Extensions extensions = c.getExtensions();

    if (extensions != null)
    {
        Enumeration e = extensions.oids();
        if (e.hasMoreElements())
        {
            buf.append("   crlEntryExtensions:").append(nl);

            while (e.hasMoreElements())
            {
                ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement();
                Extension ext = extensions.getExtension(oid);
                if (ext.getExtnValue() != null)
                {
                    byte[]                  octs = ext.getExtnValue().getOctets();
                    ASN1InputStream dIn = new ASN1InputStream(octs);
                    buf.append("                       critical(").append(ext.isCritical()).append(") ");
                    try
                    {
                        if (oid.equals(X509Extension.reasonCode))
                        {
                            buf.append(CRLReason.getInstance(DEREnumerated.getInstance(dIn.readObject()))).append(nl);
                        }
                        else if (oid.equals(X509Extension.certificateIssuer))
                        {
                            buf.append("Certificate issuer: ").append(GeneralNames.getInstance(dIn.readObject())).append(nl);
                        }
                        else 
                        {
                            buf.append(oid.getId());
                            buf.append(" value = ").append(ASN1Dump.dumpAsString(dIn.readObject())).append(nl);
                        }
                    }
                    catch (Exception ex)
                    {
                        buf.append(oid.getId());
                        buf.append(" value = ").append("*****").append(nl);
                    }
                }
                else
                {
                    buf.append(nl);
                }
            }
        }
    }

    return buf.toString();
}

public String toString()
{
    StringBuffer buf = new StringBuffer();
    String nl = System.getProperty("line.separator");

    buf.append("      userCertificate: ").append(this.getSerialNumber()).append(nl);
    buf.append("       revocationDate: ").append(this.getRevocationDate()).append(nl);

    Extensions extensions = c.getExtensions();

    if (extensions != null)
    {
        Enumeration e = extensions.oids();
        if (e.hasMoreElements())
        {
            buf.append("   crlEntryExtensions:").append(nl);

            while (e.hasMoreElements())
            {
                ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement();
                Extension ext = extensions.getExtension(oid);
                if (ext.getExtnValue() != null)
                {
                    byte[]                  octs = ext.getExtnValue().getOctets();
                    ASN1InputStream dIn = new ASN1InputStream(octs);
                    buf.append("                       critical(").append(ext.isCritical()).append(") ");
                    try
                    {
                        if (oid.equals(X509Extension.reasonCode))
                        {
                            buf.append(CRLReason.getInstance(DEREnumerated.getInstance(dIn.readObject()))).append(nl);
                        }
                        else if (oid.equals(X509Extension.certificateIssuer))
                        {
                            buf.append("Certificate issuer: ").append(GeneralNames.getInstance(dIn.readObject())).append(nl);
                        }
                        else 
                        {
                            buf.append(oid.getId());
                            buf.append(" value = ").append(ASN1Dump.dumpAsString(dIn.readObject())).append(nl);
                        }
                    }
                    catch (Exception ex)
                    {
                        buf.append(oid.getId());
                        buf.append(" value = ").append("*****").append(nl);
                    }
                }
                else
                {
                    buf.append(nl);
                }
            }
        }
    }

    return buf.toString();
}

public void checkCRLCreation1()
    throws Exception
{
    KeyPairGenerator     kpGen = KeyPairGenerator.getInstance("RSA", "BC");
    X509V2CRLGenerator   crlGen = new X509V2CRLGenerator();
    Date                 now = new Date();
    KeyPair              pair = kpGen.generateKeyPair();

    crlGen.setIssuerDN(new X500Principal("CN=Test CA"));

    crlGen.setThisUpdate(now);
    crlGen.setNextUpdate(new Date(now.getTime() + 100000));
    crlGen.setSignatureAlgorithm("SHA256WithRSAEncryption");

    crlGen.addCRLEntry(BigInteger.ONE, now, CRLReason.privilegeWithdrawn);

    crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(pair.getPublic()));

    X509CRL    crl = crlGen.generate(pair.getPrivate(), "BC");

    if (!crl.getIssuerX500Principal().equals(new X500Principal("CN=Test CA")))
    {
        fail("failed CRL issuer test");
    }

    byte[] authExt = crl.getExtensionValue(X509Extensions.AuthorityKeyIdentifier.getId());

    if (authExt == null)
    {
        fail("failed to find CRL extension");
    }

    AuthorityKeyIdentifier authId = new AuthorityKeyIdentifierStructure(authExt);

    X509CRLEntry entry = crl.getRevokedCertificate(BigInteger.ONE);

    if (entry == null)
    {
        fail("failed to find CRL entry");
    }

    if (!entry.getSerialNumber().equals(BigInteger.ONE))
    {
        fail("CRL cert serial number does not match");
    }

    if (!entry.hasExtensions())
    {
        fail("CRL entry extension not found");
    }

    byte[]  ext = entry.getExtensionValue(X509Extensions.ReasonCode.getId());

    if (ext != null)
    {
        DEREnumerated   reasonCode = (DEREnumerated)X509ExtensionUtil.fromExtensionValue(ext);

        if (reasonCode.getValue().intValue() != CRLReason.privilegeWithdrawn)
        {
            fail("CRL entry reasonCode wrong");
        }
    }
    else
    {
        fail("CRL entry reasonCode not found");
    }
}

public void checkCRLCreation1()
    throws Exception
{
    KeyPairGenerator     kpGen = KeyPairGenerator.getInstance("RSA", "BC");
    X509V2CRLGenerator   crlGen = new X509V2CRLGenerator();
    Date                 now = new Date();
    KeyPair              pair = kpGen.generateKeyPair();

    crlGen.setIssuerDN(new X509Principal("CN=Test CA"));

    crlGen.setThisUpdate(now);
    crlGen.setNextUpdate(new Date(now.getTime() + 100000));
    crlGen.setSignatureAlgorithm("SHA256WithRSAEncryption");

    crlGen.addCRLEntry(BigInteger.ONE, now, CRLReason.privilegeWithdrawn);

    crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(pair.getPublic()));

    X509CRL    crl = crlGen.generate(pair.getPrivate(), "BC");

    if (!crl.getIssuerDN().equals(new X509Principal("CN=Test CA")))
    {
        fail("failed CRL issuer test");
    }

    byte[] authExt = crl.getExtensionValue(X509Extensions.AuthorityKeyIdentifier.getId());

    if (authExt == null)
    {
        fail("failed to find CRL extension");
    }

    AuthorityKeyIdentifier authId = new AuthorityKeyIdentifierStructure(authExt);

    X509CRLEntry entry = crl.getRevokedCertificate(BigInteger.ONE);

    if (entry == null)
    {
        fail("failed to find CRL entry");
    }

    if (!entry.getSerialNumber().equals(BigInteger.ONE))
    {
        fail("CRL cert serial number does not match");
    }

    if (!entry.hasExtensions())
    {
        fail("CRL entry extension not found");
    }

    byte[]  ext = entry.getExtensionValue(X509Extensions.ReasonCode.getId());

    if (ext != null)
    {
        DEREnumerated   reasonCode = (DEREnumerated)X509ExtensionUtil.fromExtensionValue(ext);

        if (reasonCode.getValue().intValue() != CRLReason.privilegeWithdrawn)
        {
            fail("CRL entry reasonCode wrong");
        }
    }
    else
    {
        fail("CRL entry reasonCode not found");
    }
}