private PKIBody cmpUnRevokeRemoveCertificates(PKIMessage request, PKIHeaderBuilder respHeader, CmpControl cmpControl, PKIHeader reqHeader, PKIBody reqBody, CmpRequestorInfo requestor, String msgId, AuditEvent event) { Integer requiredPermission = null; boolean allRevdetailsOfSameType = true; RevReqContent rr = RevReqContent.getInstance(reqBody.getContent()); RevDetails[] revContent = rr.toRevDetailsArray(); int len = revContent.length; for (int i = 0; i < len; i++) { RevDetails revDetails = revContent[i]; Extensions crlDetails = revDetails.getCrlEntryDetails(); int reasonCode = CrlReason.UNSPECIFIED.code(); if (crlDetails != null) { ASN1ObjectIdentifier extId = Extension.reasonCode; ASN1Encodable extValue = crlDetails.getExtensionParsedValue(extId); if (extValue != null) { reasonCode = ASN1Enumerated.getInstance(extValue).getValue().intValue(); } } if (reasonCode == XiSecurityConstants.CMP_CRL_REASON_REMOVE) { if (requiredPermission == null) { event.addEventType(CaAuditConstants.TYPE_CMP_rr_remove); requiredPermission = PermissionConstants.REMOVE_CERT; } else if (requiredPermission != PermissionConstants.REMOVE_CERT) { allRevdetailsOfSameType = false; break; } } else if (reasonCode == CrlReason.REMOVE_FROM_CRL.code()) { if (requiredPermission == null) { event.addEventType(CaAuditConstants.TYPE_CMP_rr_unrevoke); requiredPermission = PermissionConstants.UNREVOKE_CERT; } else if (requiredPermission != PermissionConstants.UNREVOKE_CERT) { allRevdetailsOfSameType = false; break; } } else { if (requiredPermission == null) { event.addEventType(CaAuditConstants.TYPE_CMP_rr_revoke); requiredPermission = PermissionConstants.REVOKE_CERT; } else if (requiredPermission != PermissionConstants.REVOKE_CERT) { allRevdetailsOfSameType = false; break; } } } // end for if (!allRevdetailsOfSameType) { ErrorMsgContent emc = new ErrorMsgContent( new PKIStatusInfo(PKIStatus.rejection, new PKIFreeText("not all revDetails are of the same type"), new PKIFailureInfo(PKIFailureInfo.badRequest))); return new PKIBody(PKIBody.TYPE_ERROR, emc); } else { try { checkPermission(requestor, requiredPermission); } catch (InsuffientPermissionException ex) { event.setStatus(AuditStatus.FAILED); event.addEventData(CaAuditConstants.NAME_message, "NOT_PERMITTED"); return buildErrorMsgPkiBody(PKIStatus.rejection, PKIFailureInfo.notAuthorized, null); } return unRevokeRemoveCertificates(request, rr, requiredPermission, cmpControl, msgId); } }