Java 类org.bouncycastle.asn1.x509.CRLReason 实例源码

private X509CRL generateCrl(X509Certificate ca, PrivateKey caPrivateKey, X509Certificate... revoked) throws Exception {
    X509v2CRLBuilder builder = new X509v2CRLBuilder(
        new X500Name(ca.getSubjectDN().getName()),
        new Date()
    );

    for (X509Certificate certificate : revoked) {
        builder.addCRLEntry(certificate.getSerialNumber(), new Date(), CRLReason.privilegeWithdrawn);
    }

    JcaContentSignerBuilder contentSignerBuilder =
        new JcaContentSignerBuilder("SHA256WithRSAEncryption");

    contentSignerBuilder.setProvider("BC");

    X509CRLHolder crlHolder = builder.build(contentSignerBuilder.build(caPrivateKey));

    JcaX509CRLConverter converter = new JcaX509CRLConverter();

    converter.setProvider("BC");

    return converter.getCRL(crlHolder);
}

private File generateCRL(X509Certificate cert) throws CRLException, NoSuchAlgorithmException, SignatureException, InvalidKeyException, IOException, OperatorCreationException {
    X500Name issuer = new X500Name("CN=ca");
    Date thisUpdate = new Date();
    X509v2CRLBuilder gen = new X509v2CRLBuilder(issuer, thisUpdate);
    gen.setNextUpdate(new Date(System.currentTimeMillis() + 60000));

    if (cert != null) {
        gen.addCRLEntry(cert.getSerialNumber(), new Date(System.currentTimeMillis() - 1000), CRLReason.keyCompromise);
    }

    ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(credential.getPrivateKey());
    X509CRLHolder crl = gen.build(sigGen);

    final File crlFile = File.createTempFile("test", "test");
    crlFile.deleteOnExit();
    FileOutputStream fos = new FileOutputStream(crlFile);
    IOUtils.write(crl.getEncoded(), fos);
    fos.close();
    return crlFile;
}

private File generateCRL(X509Certificate cert) throws CRLException, NoSuchAlgorithmException, SignatureException, InvalidKeyException, IOException, OperatorCreationException {
       X500Name issuer = new X500Name("CN=ca");
       Date thisUpdate = new Date();
       X509v2CRLBuilder gen = new X509v2CRLBuilder(issuer, thisUpdate);
    gen.setNextUpdate(new Date(System.currentTimeMillis() + 60000));

       if (cert != null) {
        gen.addCRLEntry(cert.getSerialNumber(), new Date(System.currentTimeMillis() - 1000), CRLReason.keyCompromise);
    }

       ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(cred.getPrivateKey());
    X509CRLHolder crl = gen.build(sigGen);

    final File crlFile = File.createTempFile("test", "test");
    crlFile.deleteOnExit();
    FileOutputStream fos = new FileOutputStream(crlFile);
    IOUtils.write(crl.getEncoded(), fos);
    fos.close();
    return crlFile;
}

private File generateCRL(X509Certificate cert) throws CRLException, NoSuchAlgorithmException, SignatureException, InvalidKeyException, IOException, OperatorCreationException {
       X500Name issuer = new X500Name("CN=ca");
       Date thisUpdate = new Date();
       X509v2CRLBuilder gen = new X509v2CRLBuilder(issuer, thisUpdate);
    gen.setNextUpdate(new Date(System.currentTimeMillis() + 60000));

       if (cert != null) {
        gen.addCRLEntry(cert.getSerialNumber(), new Date(System.currentTimeMillis() - 1000), CRLReason.keyCompromise);
    }

       ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(cred.getPrivateKey());
    X509CRLHolder crl = gen.build(sigGen);

    final File crlFile = File.createTempFile("test", "test");
    crlFile.deleteOnExit();
    FileOutputStream fos = new FileOutputStream(crlFile);
    IOUtils.write(crl.getEncoded(), fos);
    fos.close();
    return crlFile;
}

public static X509CRL createCRL(
    X509Certificate caCert, 
    PrivateKey      caKey, 
    BigInteger      serialNumber)
    throws Exception
{
    X509V2CRLGenerator   crlGen = new X509V2CRLGenerator();
    Date                 now = new Date();
    BigInteger           revokedSerialNumber = BigInteger.valueOf(2);

    crlGen.setIssuerDN(PrincipalUtil.getSubjectX509Principal(caCert));

    crlGen.setThisUpdate(now);
    crlGen.setNextUpdate(new Date(now.getTime() + 100000));
    crlGen.setSignatureAlgorithm("SHA256WithRSAEncryption");

    crlGen.addCRLEntry(serialNumber, now, CRLReason.privilegeWithdrawn);

    crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert));
    crlGen.addExtension(X509Extensions.CRLNumber, false, new CRLNumber(BigInteger.valueOf(1)));

    return crlGen.generate(caKey, "BC");
}

public static X509CRL createCRL(
    X509Certificate caCert, 
    PrivateKey      caKey, 
    BigInteger      serialNumber)
    throws Exception
{
    X509V2CRLGenerator   crlGen = new X509V2CRLGenerator();
    Date                 now = new Date();
    BigInteger           revokedSerialNumber = BigInteger.valueOf(2);

    crlGen.setIssuerDN(PrincipalUtil.getSubjectX509Principal(caCert));

    crlGen.setThisUpdate(now);
    crlGen.setNextUpdate(new Date(now.getTime() + 100000));
    crlGen.setSignatureAlgorithm("SHA256WithRSAEncryption");

    crlGen.addCRLEntry(serialNumber, now, CRLReason.privilegeWithdrawn);

    crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert));
    crlGen.addExtension(X509Extensions.CRLNumber, false, new CRLNumber(BigInteger.valueOf(1)));

    return crlGen.generate(caKey, "BC");
}

public static X509CRL createCRL(
    X509Certificate caCert, 
    PrivateKey      caKey, 
    BigInteger      serialNumber)
    throws Exception
{
    X509V2CRLGenerator   crlGen = new X509V2CRLGenerator();
    Date                 now = new Date();
    BigInteger           revokedSerialNumber = BigInteger.valueOf(2);

    crlGen.setIssuerDN(PrincipalUtil.getSubjectX509Principal(caCert));

    crlGen.setThisUpdate(now);
    crlGen.setNextUpdate(new Date(now.getTime() + 100000));
    crlGen.setSignatureAlgorithm("SHA256WithRSAEncryption");

    crlGen.addCRLEntry(serialNumber, now, CRLReason.privilegeWithdrawn);

    crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert));
    crlGen.addExtension(X509Extensions.CRLNumber, false, new CRLNumber(BigInteger.valueOf(1)));

    return crlGen.generate(caKey, "BC");
}

private TrustedAuthority getTrustedAuthority(String dn) throws Exception {
    CA ca = new CA(dn);
    Calendar c = new GregorianCalendar();
    c.add(Calendar.HOUR, 1);
    String name = ca.getCertificate().getSubjectDN().toString();
    BigInteger sn = new BigInteger(String.valueOf(System.currentTimeMillis()));
    CRLEntry entry = new CRLEntry(sn, CRLReason.PRIVILEGE_WITHDRAWN);
    ca.updateCRL(entry);
    TrustedAuthority ta = new TrustedAuthority();
    ta.setName(name);
    ta.setCertificate(new X509Certificate(CertUtil.writeCertificate(ca.getCertificate())));
    ta.setCRL(new X509CRL(CertUtil.writeCRL(ca.getCRL())));
    ta.setStatus(Status.Trusted);
    ta.setTrustLevels(toTrustLevels(LEVEL_ONE));
    ta.setIsAuthority(Boolean.TRUE);
    return ta;
}

private TrustedAuthority getTrustedAuthority(String dn) throws Exception {
    CA ca = new CA(dn);
    Calendar c = new GregorianCalendar();
    c.add(Calendar.HOUR, 1);
    String name = ca.getCertificate().getSubjectDN().toString();
    BigInteger sn = new BigInteger(String.valueOf(System.currentTimeMillis()));
    CRLEntry entry = new CRLEntry(sn, CRLReason.PRIVILEGE_WITHDRAWN);
    ca.updateCRL(entry);
    TrustedAuthority ta = new TrustedAuthority();
    ta.setName(name);
    X509Certificate x509 = new X509Certificate();
    x509.setCertificateEncodedString(CertUtil.writeCertificate(ca.getCertificate()));
    ta.setCertificate(x509);
    X509CRL crl = new X509CRL();
    crl.setCrlEncodedString(CertUtil.writeCRL(ca.getCRL()));
    ta.setCRL(crl);
    ta.setStatus(Status.TRUSTED);
    ta.setTrustLevels(toTrustLevels(LEVEL_ONE));
    ta.setIsAuthority(Boolean.TRUE);
    return ta;
}

public RevokedInfo(
    ASN1GeneralizedTime  revocationTime,
    CRLReason           revocationReason)
{
    this.revocationTime = revocationTime;
    this.revocationReason = revocationReason;
}

private RevokedInfo(
    ASN1Sequence    seq)
{
    this.revocationTime = ASN1GeneralizedTime.getInstance(seq.getObjectAt(0));

    if (seq.size() > 1)
    {
        this.revocationReason = CRLReason.getInstance(DEREnumerated.getInstance(
                            (ASN1TaggedObject)seq.getObjectAt(1), true));
    }
}

public RevokedInfo(
    ASN1GeneralizedTime  revocationTime,
    CRLReason           revocationReason)
{
    this.revocationTime = revocationTime;
    this.revocationReason = revocationReason;
}

private RevokedInfo(
    ASN1Sequence    seq)
{
    this.revocationTime = ASN1GeneralizedTime.getInstance(seq.getObjectAt(0));

    if (seq.size() > 1)
    {
        this.revocationReason = CRLReason.getInstance(ASN1Enumerated.getInstance(
            (ASN1TaggedObject)seq.getObjectAt(1), true));
    }
}

public static byte[] getOCSPResponseForRevoked(PrivateKeyEntry server, PrivateKeyEntry issuer)
        throws CertificateException {
    try {
        return generateOCSPResponse(
                server, issuer, new RevokedStatus(new Date(), CRLReason.keyCompromise))
                .getEncoded();
    } catch (IOException e) {
        throw new CertificateException(e);
    }
}

public RevokedInfo(
    ASN1GeneralizedTime  revocationTime,
    CRLReason           revocationReason)
{
    this.revocationTime = revocationTime;
    this.revocationReason = revocationReason;
}

private RevokedInfo(
    ASN1Sequence    seq)
{
    this.revocationTime = ASN1GeneralizedTime.getInstance(seq.getObjectAt(0));

    if (seq.size() > 1)
    {
        this.revocationReason = CRLReason.getInstance(ASN1Enumerated.getInstance(
            (ASN1TaggedObject)seq.getObjectAt(1), true));
    }
}

public RevokedInfo(
    ASN1GeneralizedTime  revocationTime,
    CRLReason           revocationReason)
{
    this.revocationTime = revocationTime;
    this.revocationReason = revocationReason;
}

private RevokedInfo(
    ASN1Sequence    seq)
{
    this.revocationTime = ASN1GeneralizedTime.getInstance(seq.getObjectAt(0));

    if (seq.size() > 1)
    {
        this.revocationReason = CRLReason.getInstance(ASN1Enumerated.getInstance(
            (ASN1TaggedObject)seq.getObjectAt(1), true));
    }
}

public RevokedInfo(
    ASN1GeneralizedTime  revocationTime,
    CRLReason           revocationReason)
{
    this.revocationTime = revocationTime;
    this.revocationReason = revocationReason;
}

private RevokedInfo(
    ASN1Sequence    seq)
{
    this.revocationTime = ASN1GeneralizedTime.getInstance(seq.getObjectAt(0));

    if (seq.size() > 1)
    {
        this.revocationReason = CRLReason.getInstance(ASN1Enumerated.getInstance(
            (ASN1TaggedObject)seq.getObjectAt(1), true));
    }
}

private static Extension createReasonExtension(int reasonCode) {
    CRLReason crlReason = CRLReason.lookup(reasonCode);
    try {
        return new Extension(Extension.reasonCode, false, crlReason.getEncoded());
    } catch (IOException ex) {
        throw new IllegalArgumentException("error encoding reason: " + ex.getMessage(), ex);
    }
}

public static X509CRL makeCrl(KeyPair pair)
    throws Exception
{
    Date                 now = new Date();
    X509v2CRLBuilder crlGen = new X509v2CRLBuilder(new X500Name("CN=Test CA"), now);
    JcaX509ExtensionUtils extensionUtils = new JcaX509ExtensionUtils();

    crlGen.setNextUpdate(new Date(now.getTime() + 100000));

    crlGen.addCRLEntry(BigInteger.ONE, now, CRLReason.privilegeWithdrawn);

    crlGen.addExtension(Extension.authorityKeyIdentifier, false, extensionUtils.createAuthorityKeyIdentifier(pair.getPublic()));

    return new JcaX509CRLConverter().setProvider("BC").getCRL(crlGen.build(new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider("BC").build(pair.getPrivate())));
}

public RevokedInfo(
    ASN1GeneralizedTime  revocationTime,
    CRLReason           revocationReason)
{
    this.revocationTime = revocationTime;
    this.revocationReason = revocationReason;
}

private RevokedInfo(
    ASN1Sequence    seq)
{
    this.revocationTime = ASN1GeneralizedTime.getInstance(seq.getObjectAt(0));

    if (seq.size() > 1)
    {
        this.revocationReason = CRLReason.getInstance(DEREnumerated.getInstance(
                            (ASN1TaggedObject)seq.getObjectAt(1), true));
    }
}

public static X509CRL makeCrl(KeyPair pair)
    throws Exception
{
    Date                 now = new Date();
    X509v2CRLBuilder crlGen = new X509v2CRLBuilder(new X500Name("CN=Test CA"), now);
    JcaX509ExtensionUtils extensionUtils = new JcaX509ExtensionUtils();

    crlGen.setNextUpdate(new Date(now.getTime() + 100000));

    crlGen.addCRLEntry(BigInteger.ONE, now, CRLReason.privilegeWithdrawn);

    crlGen.addExtension(Extension.authorityKeyIdentifier, false, extensionUtils.createAuthorityKeyIdentifier(pair.getPublic()));

    return new JcaX509CRLConverter().setProvider("BC").getCRL(crlGen.build(new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider("BC").build(pair.getPrivate())));
}

public RevokedInfo(
    ASN1GeneralizedTime  revocationTime,
    CRLReason           revocationReason)
{
    this.revocationTime = revocationTime;
    this.revocationReason = revocationReason;
}

private RevokedInfo(
    ASN1Sequence    seq)
{
    this.revocationTime = ASN1GeneralizedTime.getInstance(seq.getObjectAt(0));

    if (seq.size() > 1)
    {
        this.revocationReason = CRLReason.getInstance(DEREnumerated.getInstance(
                            (ASN1TaggedObject)seq.getObjectAt(1), true));
    }
}

public ResponseObject(
    CertificateID     certId,
    CertificateStatus certStatus,
    Date              thisUpdate,
    Date              nextUpdate,
    Extensions    extensions)
{
    this.certId = certId;

    if (certStatus == null)
    {
        this.certStatus = new CertStatus();
    }
    else if (certStatus instanceof UnknownStatus)
    {
        this.certStatus = new CertStatus(2, DERNull.INSTANCE);
    }
    else
    {
        RevokedStatus rs = (RevokedStatus)certStatus;

        if (rs.hasRevocationReason())
        {
            this.certStatus = new CertStatus(
                                    new RevokedInfo(new ASN1GeneralizedTime(rs.getRevocationTime()), CRLReason.lookup(rs.getRevocationReason())));
        }
        else
        {
            this.certStatus = new CertStatus(
                                    new RevokedInfo(new ASN1GeneralizedTime(rs.getRevocationTime()), null));
        }
    }

    this.thisUpdate = new DERGeneralizedTime(thisUpdate);

    if (nextUpdate != null)
    {
        this.nextUpdate = new DERGeneralizedTime(nextUpdate);
    }
    else
    {
        this.nextUpdate = null;
    }

    this.extensions = extensions;
}

public RevokedStatus(
    Date        revocationDate,
    int         reason)
{
    this.info = new RevokedInfo(new ASN1GeneralizedTime(revocationDate), CRLReason.lookup(reason));
}

public String toString()
{
    StringBuffer buf = new StringBuffer();
    String nl = System.getProperty("line.separator");

    buf.append("      userCertificate: ").append(this.getSerialNumber()).append(nl);
    buf.append("       revocationDate: ").append(this.getRevocationDate()).append(nl);
    buf.append("       certificateIssuer: ").append(this.getCertificateIssuer()).append(nl);

    Extensions extensions = c.getExtensions();

    if (extensions != null)
    {
        Enumeration e = extensions.oids();
        if (e.hasMoreElements())
        {
            buf.append("   crlEntryExtensions:").append(nl);

            while (e.hasMoreElements())
            {
                ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement();
                Extension ext = extensions.getExtension(oid);
                if (ext.getExtnValue() != null)
                {
                    byte[]                  octs = ext.getExtnValue().getOctets();
                    ASN1InputStream dIn = new ASN1InputStream(octs);
                    buf.append("                       critical(").append(ext.isCritical()).append(") ");
                    try
                    {
                        if (oid.equals(X509Extension.reasonCode))
                        {
                            buf.append(CRLReason.getInstance(ASN1Enumerated.getInstance(dIn.readObject()))).append(nl);
                        }
                        else if (oid.equals(X509Extension.certificateIssuer))
                        {
                            buf.append("Certificate issuer: ").append(GeneralNames.getInstance(dIn.readObject())).append(nl);
                        }
                        else 
                        {
                            buf.append(oid.getId());
                            buf.append(" value = ").append(ASN1Dump.dumpAsString(dIn.readObject())).append(nl);
                        }
                    }
                    catch (Exception ex)
                    {
                        buf.append(oid.getId());
                        buf.append(" value = ").append("*****").append(nl);
                    }
                }
                else
                {
                    buf.append(nl);
                }
            }
        }
    }

    return buf.toString();
}

public CRLReason getRevocationReason()
{
    return revocationReason;
}

public String toString()
{
    StringBuffer buf = new StringBuffer();
    String nl = System.getProperty("line.separator");

    buf.append("      userCertificate: ").append(this.getSerialNumber()).append(nl);
    buf.append("       revocationDate: ").append(this.getRevocationDate()).append(nl);
    buf.append("       certificateIssuer: ").append(this.getCertificateIssuer()).append(nl);

    Extensions extensions = c.getExtensions();

    if (extensions != null)
    {
        Enumeration e = extensions.oids();
        if (e.hasMoreElements())
        {
            buf.append("   crlEntryExtensions:").append(nl);

            while (e.hasMoreElements())
            {
                ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement();
                Extension ext = extensions.getExtension(oid);
                if (ext.getExtnValue() != null)
                {
                    byte[]                  octs = ext.getExtnValue().getOctets();
                    ASN1InputStream dIn = new ASN1InputStream(octs);
                    buf.append("                       critical(").append(ext.isCritical()).append(") ");
                    try
                    {
                        if (oid.equals(X509Extension.reasonCode))
                        {
                            buf.append(CRLReason.getInstance(ASN1Enumerated.getInstance(dIn.readObject()))).append(nl);
                        }
                        else if (oid.equals(X509Extension.certificateIssuer))
                        {
                            buf.append("Certificate issuer: ").append(GeneralNames.getInstance(dIn.readObject())).append(nl);
                        }
                        else 
                        {
                            buf.append(oid.getId());
                            buf.append(" value = ").append(ASN1Dump.dumpAsString(dIn.readObject())).append(nl);
                        }
                    }
                    catch (Exception ex)
                    {
                        buf.append(oid.getId());
                        buf.append(" value = ").append("*****").append(nl);
                    }
                }
                else
                {
                    buf.append(nl);
                }
            }
        }
    }

    return buf.toString();
}

public ResponseObject(
    CertificateID     certId,
    CertificateStatus certStatus,
    Date              thisUpdate,
    Date              nextUpdate,
    X509Extensions    extensions)
{
    this.certId = certId;

    if (certStatus == null)
    {
        this.certStatus = new CertStatus();
    }
    else if (certStatus instanceof UnknownStatus)
    {
        this.certStatus = new CertStatus(2, DERNull.INSTANCE);
    }
    else 
    {
        RevokedStatus rs = (RevokedStatus)certStatus;

        if (rs.hasRevocationReason())
        {
            this.certStatus = new CertStatus(
                                    new RevokedInfo(new ASN1GeneralizedTime(rs.getRevocationTime()), CRLReason.lookup(rs.getRevocationReason())));
        }
        else
        {
            this.certStatus = new CertStatus(
                                    new RevokedInfo(new ASN1GeneralizedTime(rs.getRevocationTime()), null));
        }
    }

    this.thisUpdate = new DERGeneralizedTime(thisUpdate);

    if (nextUpdate != null)
    {
        this.nextUpdate = new DERGeneralizedTime(nextUpdate);
    }
    else
    {
        this.nextUpdate = null;
    }

    this.extensions = extensions;
}

public RevokedStatus(
    Date        revocationDate,
    int         reason)
{
    this.info = new RevokedInfo(new ASN1GeneralizedTime(revocationDate), CRLReason.lookup(reason));
}

public ResponseObject(
    CertificateID     certId,
    CertificateStatus certStatus,
    Date              thisUpdate,
    Date              nextUpdate,
    Extensions    extensions)
{
    this.certId = certId;

    if (certStatus == null)
    {
        this.certStatus = new CertStatus();
    }
    else if (certStatus instanceof UnknownStatus)
    {
        this.certStatus = new CertStatus(2, DERNull.INSTANCE);
    }
    else
    {
        RevokedStatus rs = (RevokedStatus)certStatus;

        if (rs.hasRevocationReason())
        {
            this.certStatus = new CertStatus(
                                    new RevokedInfo(new ASN1GeneralizedTime(rs.getRevocationTime()), CRLReason.lookup(rs.getRevocationReason())));
        }
        else
        {
            this.certStatus = new CertStatus(
                                    new RevokedInfo(new ASN1GeneralizedTime(rs.getRevocationTime()), null));
        }
    }

    this.thisUpdate = new DERGeneralizedTime(thisUpdate);

    if (nextUpdate != null)
    {
        this.nextUpdate = new DERGeneralizedTime(nextUpdate);
    }
    else
    {
        this.nextUpdate = null;
    }

    this.extensions = extensions;
}

public RevokedStatus(
    Date        revocationDate,
    int         reason)
{
    this.info = new RevokedInfo(new ASN1GeneralizedTime(revocationDate), CRLReason.lookup(reason));
}

public CRLReason getRevocationReason()
{
    return revocationReason;
}

public ResponseObject(
    CertificateID     certId,
    CertificateStatus certStatus,
    Date              thisUpdate,
    Date              nextUpdate,
    Extensions    extensions)
{
    this.certId = certId;

    if (certStatus == null)
    {
        this.certStatus = new CertStatus();
    }
    else if (certStatus instanceof UnknownStatus)
    {
        this.certStatus = new CertStatus(2, DERNull.INSTANCE);
    }
    else
    {
        RevokedStatus rs = (RevokedStatus)certStatus;

        if (rs.hasRevocationReason())
        {
            this.certStatus = new CertStatus(
                                    new RevokedInfo(new ASN1GeneralizedTime(rs.getRevocationTime()), CRLReason.lookup(rs.getRevocationReason())));
        }
        else
        {
            this.certStatus = new CertStatus(
                                    new RevokedInfo(new ASN1GeneralizedTime(rs.getRevocationTime()), null));
        }
    }

    this.thisUpdate = new DERGeneralizedTime(thisUpdate);

    if (nextUpdate != null)
    {
        this.nextUpdate = new DERGeneralizedTime(nextUpdate);
    }
    else
    {
        this.nextUpdate = null;
    }

    this.extensions = extensions;
}

public RevokedStatus(
    Date        revocationDate,
    int         reason)
{
    this.info = new RevokedInfo(new ASN1GeneralizedTime(revocationDate), CRLReason.lookup(reason));
}

public String toString()
{
    StringBuffer buf = new StringBuffer();
    String nl = Strings.lineSeparator();

    buf.append("      userCertificate: ").append(this.getSerialNumber()).append(nl);
    buf.append("       revocationDate: ").append(this.getRevocationDate()).append(nl);
    buf.append("       certificateIssuer: ").append(this.getCertificateIssuer()).append(nl);

    Extensions extensions = c.getExtensions();

    if (extensions != null)
    {
        Enumeration e = extensions.oids();
        if (e.hasMoreElements())
        {
            buf.append("   crlEntryExtensions:").append(nl);

            while (e.hasMoreElements())
            {
                ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement();
                Extension ext = extensions.getExtension(oid);
                if (ext.getExtnValue() != null)
                {
                    byte[]                  octs = ext.getExtnValue().getOctets();
                    ASN1InputStream dIn = new ASN1InputStream(octs);
                    buf.append("                       critical(").append(ext.isCritical()).append(") ");
                    try
                    {
                        if (oid.equals(X509Extension.reasonCode))
                        {
                            buf.append(CRLReason.getInstance(ASN1Enumerated.getInstance(dIn.readObject()))).append(nl);
                        }
                        else if (oid.equals(X509Extension.certificateIssuer))
                        {
                            buf.append("Certificate issuer: ").append(GeneralNames.getInstance(dIn.readObject())).append(nl);
                        }
                        else 
                        {
                            buf.append(oid.getId());
                            buf.append(" value = ").append(ASN1Dump.dumpAsString(dIn.readObject())).append(nl);
                        }
                    }
                    catch (Exception ex)
                    {
                        buf.append(oid.getId());
                        buf.append(" value = ").append("*****").append(nl);
                    }
                }
                else
                {
                    buf.append(nl);
                }
            }
        }
    }

    return buf.toString();
}