if (ret) {
// If authentication was correct, we will now try to find the certificate to revoke
PKIMessage pkimsg = msg.getMessage();
PKIBody body = pkimsg.getBody();
RevReqContent rr = body.getRr();
RevDetails rd = rr.getRevDetails(0);
CertTemplate ct = rd.getCertDetails();
DERInteger serno = ct.getSerialNumber();
X509Name issuer = ct.getIssuer();
// Get the revocation reason.
// For CMPv1 this can be a simple DERBitString or it can be a requested CRL Entry Extension
// If there exists CRL Entry Extensions we will use that, because it's the only thing allowed in CMPv2
int reason = RevokedCertInfo.REVOCATION_REASON_UNSPECIFIED;
DERBitString reasonbits = rd.getRevocationReason();
if (reasonbits != null) {
reason = CertTools.bitStringToRevokedCertInfo(reasonbits);
LOG.debug("CMPv1 revocation reason: "+reason);
} else {
LOG.debug("CMPv1 revocation reason is null");
}
X509Extensions crlExt = rd.getCrlEntryDetails();
if (crlExt != null) {
X509Extension ext = crlExt.getExtension(X509Extensions.ReasonCode);
if (ext != null) {
try {
ASN1InputStream ai = new ASN1InputStream(ext.getValue().getOctets());