protected static void getCertStatus(
Date validDate, X509CRL crl, Object cert, CertStatus certStatus) throws AnnotatedException {
X509CRLEntry crl_entry = null;
boolean isIndirect;
try {
isIndirect = X509CRLObject.isIndirectCRL(crl);
} catch (CRLException exception) {
throw new AnnotatedException("Failed check for indirect CRL.", exception);
}
if (isIndirect) {
crl_entry = crl.getRevokedCertificate(getSerialNumber(cert));
if (crl_entry == null) {
return;
}
X500Principal certIssuer = crl_entry.getCertificateIssuer();
if (certIssuer == null) {
certIssuer = getIssuerPrincipal(crl);
}
if (!getEncodedIssuerPrincipal(cert).equals(certIssuer)) {
return;
}
} else if (!getEncodedIssuerPrincipal(cert).equals(getIssuerPrincipal(crl))) {
return; // not for our issuer, ignore
} else {
crl_entry = crl.getRevokedCertificate(getSerialNumber(cert));
if (crl_entry == null) {
return;
}
}
DEREnumerated reasonCode = null;
if (crl_entry.hasExtensions()) {
try {
reasonCode =
DEREnumerated.getInstance(
CertPathValidatorUtilities.getExtensionValue(
crl_entry, X509Extension.reasonCode.getId()));
} catch (Exception e) {
throw new AnnotatedException("Reason code CRL entry extension could not be decoded.", e);
}
}
// for reason keyCompromise, caCompromise, aACompromise or
// unspecified
if (!(validDate.getTime() < crl_entry.getRevocationDate().getTime())
|| reasonCode == null
|| reasonCode.getValue().intValue() == 0
|| reasonCode.getValue().intValue() == 1
|| reasonCode.getValue().intValue() == 2
|| reasonCode.getValue().intValue() == 8) {
// (i) or (j) (1)
if (reasonCode != null) {
certStatus.setCertStatus(reasonCode.getValue().intValue());
}
// (i) or (j) (2)
else {
certStatus.setCertStatus(CRLReason.unspecified);
}
certStatus.setRevocationDate(crl_entry.getRevocationDate());
}
}
