Examples with PKIStatusInfo com.github.zhenwei.pkix.util.asn1.cmp.PKIStatusInfo used on opensource projects

Example 11 with PKIStatusInfo

use of com.github.zhenwei.pkix.util.asn1.cmp.PKIStatusInfo in project LinLong-Java by zhenwei1108.

the class TimeStampResponseGenerator method generateGrantedResponse.

/**
 * Return a granted response, if the passed in request passes validation with the passed in status
 * string and extra extensions.
 * <p>
 * If genTime is null a timeNotAvailable or a validation exception occurs a TSPValidationException
 * will be thrown. The parent TSPException will only occur on some sort of system failure.
 * </p>
 *
 * @param request              the request this response is for.
 * @param serialNumber         serial number for the response token.
 * @param genTime              generation time for the response token.
 * @param additionalExtensions extra extensions to be added to the response token.
 * @return the TimeStampResponse with a status of  PKIStatus.GRANTED
 * @throws TSPException on validation exception or internal error.
 */
public TimeStampResponse generateGrantedResponse(TimeStampRequest request, BigInteger serialNumber, Date genTime, String statusString, Extensions additionalExtensions) throws TSPException {
    if (genTime == null) {
        throw new TSPValidationException("The time source is not available.", PKIFailureInfo.timeNotAvailable);
    }
    request.validate(acceptedAlgorithms, acceptedPolicies, acceptedExtensions);
    status = PKIStatus.GRANTED;
    statusStrings = new ASN1EncodableVector();
    if (statusString != null) {
        this.addStatusString(statusString);
    }
    PKIStatusInfo pkiStatusInfo = getPKIStatusInfo();
    ContentInfo tstTokenContentInfo;
    try {
        tstTokenContentInfo = tokenGenerator.generate(request, serialNumber, genTime, additionalExtensions).toCMSSignedData().toASN1Structure();
    } catch (TSPException e) {
        throw e;
    } catch (Exception e) {
        throw new TSPException("Timestamp token received cannot be converted to ContentInfo", e);
    }
    try {
        return new TimeStampResponse(new DLSequence(new ASN1Encodable[] { pkiStatusInfo.toASN1Primitive(), tstTokenContentInfo.toASN1Primitive() }));
    } catch (IOException e) {
        throw new TSPException("created badly formatted response!");
    }
}

Example 12 with PKIStatusInfo

use of com.github.zhenwei.pkix.util.asn1.cmp.PKIStatusInfo in project LinLong-Java by zhenwei1108.

the class TimeStampResponseGenerator method generateFailResponse.

/**
 * Generate a non-granted TimeStampResponse with chosen status and FailInfoField.
 *
 * @param status        the PKIStatus to set.
 * @param failInfoField the FailInfoField to set.
 * @param statusString  an optional string describing the failure.
 * @return a TimeStampResponse with a failInfoField and optional statusString
 * @throws TSPException in case the response could not be created
 */
public TimeStampResponse generateFailResponse(int status, int failInfoField, String statusString) throws TSPException {
    this.status = status;
    this.statusStrings = new ASN1EncodableVector();
    this.setFailInfoField(failInfoField);
    if (statusString != null) {
        this.addStatusString(statusString);
    }
    PKIStatusInfo pkiStatusInfo = getPKIStatusInfo();
    TimeStampResp resp = new TimeStampResp(pkiStatusInfo, null);
    try {
        return new TimeStampResponse(resp);
    } catch (IOException e) {
        throw new TSPException("created badly formatted response!");
    }
}

Example 13 with PKIStatusInfo

use of com.github.zhenwei.pkix.util.asn1.cmp.PKIStatusInfo in project xipki by xipki.

the class CmpResponder method generateRejectionStatus.

// method generateCmpRejectionStatus
protected PKIStatusInfo generateRejectionStatus(PKIStatus status, Integer info, String errorMessage) {
    PKIFreeText statusMessage = (errorMessage == null) ? null : new PKIFreeText(errorMessage);
    PKIFailureInfo failureInfo = (info == null) ? null : new PKIFailureInfo(info);
    return new PKIStatusInfo(status, statusMessage, failureInfo);
}

Example 14 with PKIStatusInfo

use of com.github.zhenwei.pkix.util.asn1.cmp.PKIStatusInfo in project xipki by xipki.

the class X509CaCmpResponderImpl method postProcessCertInfo.

// method generateCertificates
private CertResponse postProcessCertInfo(ASN1Integer certReqId, X509CertificateInfo certInfo, ASN1OctetString tid, CmpControl cmpControl) {
    if (cmpControl.isConfirmCert()) {
        pendingCertPool.addCertificate(tid.getOctets(), certReqId.getPositiveValue(), certInfo, System.currentTimeMillis() + cmpControl.getConfirmWaitTimeMs());
    }
    String warningMsg = certInfo.getWarningMessage();
    PKIStatusInfo statusInfo;
    if (StringUtil.isBlank(warningMsg)) {
        statusInfo = certInfo.isAlreadyIssued() ? new PKIStatusInfo(PKIStatus.grantedWithMods, new PKIFreeText("ALREADY_ISSUED")) : new PKIStatusInfo(PKIStatus.granted);
    } else {
        statusInfo = new PKIStatusInfo(PKIStatus.grantedWithMods, new PKIFreeText(warningMsg));
    }
    CertOrEncCert cec = new CertOrEncCert(CMPCertificate.getInstance(certInfo.getCert().getEncodedCert()));
    CertifiedKeyPair kp = new CertifiedKeyPair(cec);
    return new CertResponse(certReqId, statusInfo, kp, null);
}

Example 15 with PKIStatusInfo

use of com.github.zhenwei.pkix.util.asn1.cmp.PKIStatusInfo in project xipki by xipki.

the class X509CaCmpResponderImpl method processPkiMessage0.

@Override
protected PKIMessage processPkiMessage0(PKIMessage request, RequestorInfo requestor, ASN1OctetString tid, GeneralPKIMessage message, String msgId, AuditEvent event) {
    if (!(requestor instanceof CmpRequestorInfo)) {
        throw new IllegalArgumentException("unknown requestor type " + requestor.getClass().getName());
    }
    CmpRequestorInfo tmpRequestor = (CmpRequestorInfo) requestor;
    event.addEventData(CaAuditConstants.NAME_requestor, tmpRequestor.getIdent().getName());
    PKIHeader reqHeader = message.getHeader();
    PKIHeaderBuilder respHeader = new PKIHeaderBuilder(reqHeader.getPvno().getValue().intValue(), getSender(), reqHeader.getSender());
    respHeader.setTransactionID(tid);
    ASN1OctetString senderNonce = reqHeader.getSenderNonce();
    if (senderNonce != null) {
        respHeader.setRecipNonce(senderNonce);
    }
    PKIBody respBody;
    PKIBody reqBody = message.getBody();
    final int type = reqBody.getType();
    CmpControl cmpControl = getCmpControl();
    try {
        switch(type) {
            case PKIBody.TYPE_CERT_REQ:
            case PKIBody.TYPE_KEY_UPDATE_REQ:
            case PKIBody.TYPE_P10_CERT_REQ:
            case PKIBody.TYPE_CROSS_CERT_REQ:
                String eventType = null;
                if (PKIBody.TYPE_CERT_REQ == type) {
                    eventType = CaAuditConstants.TYPE_CMP_cr;
                } else if (PKIBody.TYPE_KEY_UPDATE_REQ == type) {
                    eventType = CaAuditConstants.TYPE_CMP_kur;
                } else if (PKIBody.TYPE_P10_CERT_REQ == type) {
                    eventType = CaAuditConstants.TYPE_CMP_p10Cr;
                } else if (PKIBody.TYPE_CROSS_CERT_REQ == type) {
                    eventType = CaAuditConstants.TYPE_CMP_ccr;
                }
                if (eventType != null) {
                    event.addEventType(eventType);
                }
                respBody = cmpEnrollCert(request, respHeader, cmpControl, reqHeader, reqBody, tmpRequestor, tid, msgId, event);
                break;
            case PKIBody.TYPE_CERT_CONFIRM:
                event.addEventType(CaAuditConstants.TYPE_CMP_certConf);
                CertConfirmContent certConf = (CertConfirmContent) reqBody.getContent();
                respBody = confirmCertificates(tid, certConf, msgId);
                break;
            case PKIBody.TYPE_REVOCATION_REQ:
                respBody = cmpUnRevokeRemoveCertificates(request, respHeader, cmpControl, reqHeader, reqBody, tmpRequestor, msgId, event);
                break;
            case PKIBody.TYPE_CONFIRM:
                event.addEventType(CaAuditConstants.TYPE_CMP_pkiConf);
                respBody = new PKIBody(PKIBody.TYPE_CONFIRM, DERNull.INSTANCE);
                break;
            case PKIBody.TYPE_GEN_MSG:
                respBody = cmpGeneralMsg(respHeader, cmpControl, reqHeader, reqBody, tmpRequestor, tid, msgId, event);
                break;
            case PKIBody.TYPE_ERROR:
                event.addEventType(CaAuditConstants.TYPE_CMP_error);
                revokePendingCertificates(tid, msgId);
                respBody = new PKIBody(PKIBody.TYPE_CONFIRM, DERNull.INSTANCE);
                break;
            default:
                event.addEventType("PKIBody." + type);
                respBody = buildErrorMsgPkiBody(PKIStatus.rejection, PKIFailureInfo.badRequest, "unsupported type " + type);
                break;
        }
    // end switch (type)
    } catch (InsuffientPermissionException ex) {
        ErrorMsgContent emc = new ErrorMsgContent(new PKIStatusInfo(PKIStatus.rejection, new PKIFreeText(ex.getMessage()), new PKIFailureInfo(PKIFailureInfo.notAuthorized)));
        respBody = new PKIBody(PKIBody.TYPE_ERROR, emc);
    }
    if (respBody.getType() == PKIBody.TYPE_ERROR) {
        ErrorMsgContent errorMsgContent = (ErrorMsgContent) respBody.getContent();
        AuditStatus auditStatus = AuditStatus.FAILED;
        org.xipki.cmp.PkiStatusInfo pkiStatus = new org.xipki.cmp.PkiStatusInfo(errorMsgContent.getPKIStatusInfo());
        if (pkiStatus.pkiFailureInfo() == PKIFailureInfo.systemFailure) {
            auditStatus = AuditStatus.FAILED;
        }
        event.setStatus(auditStatus);
        String statusString = pkiStatus.statusMessage();
        if (statusString != null) {
            event.addEventData(CaAuditConstants.NAME_message, statusString);
        }
    } else if (event.getStatus() == null) {
        event.setStatus(AuditStatus.SUCCESSFUL);
    }
    return new PKIMessage(respHeader.build(), respBody);
}