Example 11 with ErrorMsgContent
use of org.bouncycastle.asn1.cmp.ErrorMsgContent in project xipki by xipki.
the class X509CaCmpResponderImpl method processPkiMessage0.
@Override
protected PKIMessage processPkiMessage0(PKIMessage request, RequestorInfo requestor, ASN1OctetString tid, GeneralPKIMessage message, String msgId, AuditEvent event) {
if (!(requestor instanceof CmpRequestorInfo)) {
throw new IllegalArgumentException("unknown requestor type " + requestor.getClass().getName());
}
CmpRequestorInfo tmpRequestor = (CmpRequestorInfo) requestor;
event.addEventData(CaAuditConstants.NAME_requestor, tmpRequestor.getIdent().getName());
PKIHeader reqHeader = message.getHeader();
PKIHeaderBuilder respHeader = new PKIHeaderBuilder(reqHeader.getPvno().getValue().intValue(), getSender(), reqHeader.getSender());
respHeader.setTransactionID(tid);
ASN1OctetString senderNonce = reqHeader.getSenderNonce();
if (senderNonce != null) {
respHeader.setRecipNonce(senderNonce);
}
PKIBody respBody;
PKIBody reqBody = message.getBody();
final int type = reqBody.getType();
CmpControl cmpControl = getCmpControl();
try {
switch(type) {
case PKIBody.TYPE_CERT_REQ:
case PKIBody.TYPE_KEY_UPDATE_REQ:
case PKIBody.TYPE_P10_CERT_REQ:
case PKIBody.TYPE_CROSS_CERT_REQ:
String eventType = null;
if (PKIBody.TYPE_CERT_REQ == type) {
eventType = CaAuditConstants.TYPE_CMP_cr;
} else if (PKIBody.TYPE_KEY_UPDATE_REQ == type) {
eventType = CaAuditConstants.TYPE_CMP_kur;
} else if (PKIBody.TYPE_P10_CERT_REQ == type) {
eventType = CaAuditConstants.TYPE_CMP_p10Cr;
} else if (PKIBody.TYPE_CROSS_CERT_REQ == type) {
eventType = CaAuditConstants.TYPE_CMP_ccr;
}
if (eventType != null) {
event.addEventType(eventType);
}
respBody = cmpEnrollCert(request, respHeader, cmpControl, reqHeader, reqBody, tmpRequestor, tid, msgId, event);
break;
case PKIBody.TYPE_CERT_CONFIRM:
event.addEventType(CaAuditConstants.TYPE_CMP_certConf);
CertConfirmContent certConf = (CertConfirmContent) reqBody.getContent();
respBody = confirmCertificates(tid, certConf, msgId);
break;
case PKIBody.TYPE_REVOCATION_REQ:
respBody = cmpUnRevokeRemoveCertificates(request, respHeader, cmpControl, reqHeader, reqBody, tmpRequestor, msgId, event);
break;
case PKIBody.TYPE_CONFIRM:
event.addEventType(CaAuditConstants.TYPE_CMP_pkiConf);
respBody = new PKIBody(PKIBody.TYPE_CONFIRM, DERNull.INSTANCE);
break;
case PKIBody.TYPE_GEN_MSG:
respBody = cmpGeneralMsg(respHeader, cmpControl, reqHeader, reqBody, tmpRequestor, tid, msgId, event);
break;
case PKIBody.TYPE_ERROR:
event.addEventType(CaAuditConstants.TYPE_CMP_error);
revokePendingCertificates(tid, msgId);
respBody = new PKIBody(PKIBody.TYPE_CONFIRM, DERNull.INSTANCE);
break;
default:
event.addEventType("PKIBody." + type);
respBody = buildErrorMsgPkiBody(PKIStatus.rejection, PKIFailureInfo.badRequest, "unsupported type " + type);
break;
}
// end switch (type)
} catch (InsuffientPermissionException ex) {
ErrorMsgContent emc = new ErrorMsgContent(new PKIStatusInfo(PKIStatus.rejection, new PKIFreeText(ex.getMessage()), new PKIFailureInfo(PKIFailureInfo.notAuthorized)));
respBody = new PKIBody(PKIBody.TYPE_ERROR, emc);
}
if (respBody.getType() == PKIBody.TYPE_ERROR) {
ErrorMsgContent errorMsgContent = (ErrorMsgContent) respBody.getContent();
AuditStatus auditStatus = AuditStatus.FAILED;
org.xipki.cmp.PkiStatusInfo pkiStatus = new org.xipki.cmp.PkiStatusInfo(errorMsgContent.getPKIStatusInfo());
if (pkiStatus.pkiFailureInfo() == PKIFailureInfo.systemFailure) {
auditStatus = AuditStatus.FAILED;
}
event.setStatus(auditStatus);
String statusString = pkiStatus.statusMessage();
if (statusString != null) {
event.addEventData(CaAuditConstants.NAME_message, statusString);
}
} else if (event.getStatus() == null) {
event.setStatus(AuditStatus.SUCCESSFUL);
}
return new PKIMessage(respHeader.build(), respBody);
}
Also used :
PKIHeader(org.bouncycastle.asn1.cmp.PKIHeader)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage)
GeneralPKIMessage(org.bouncycastle.cert.cmp.GeneralPKIMessage)
PKIBody(org.bouncycastle.asn1.cmp.PKIBody)
PKIHeaderBuilder(org.bouncycastle.asn1.cmp.PKIHeaderBuilder)
PKIStatusInfo(org.bouncycastle.asn1.cmp.PKIStatusInfo)
InsuffientPermissionException(org.xipki.ca.api.InsuffientPermissionException)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
PKIFreeText(org.bouncycastle.asn1.cmp.PKIFreeText)
PKIFailureInfo(org.bouncycastle.asn1.cmp.PKIFailureInfo)
CertConfirmContent(org.bouncycastle.asn1.cmp.CertConfirmContent)
AuditStatus(org.xipki.audit.AuditStatus)
CmpControl(org.xipki.ca.server.mgmt.api.CmpControl)
ErrorMsgContent(org.bouncycastle.asn1.cmp.ErrorMsgContent)
Example 12 with ErrorMsgContent
use of org.bouncycastle.asn1.cmp.ErrorMsgContent in project xipki by xipki.
the class X509CmpRequestor method evaluateCrlResponse.
private X509CRL evaluateCrlResponse(PkiResponse response, Integer xipkiAction) throws CmpRequestorException, PkiErrorException {
ParamUtil.requireNonNull("response", response);
checkProtection(response);
PKIBody respBody = response.getPkiMessage().getBody();
int bodyType = respBody.getType();
if (PKIBody.TYPE_ERROR == bodyType) {
ErrorMsgContent content = ErrorMsgContent.getInstance(respBody.getContent());
throw new PkiErrorException(content.getPKIStatusInfo());
} else if (PKIBody.TYPE_GEN_REP != bodyType) {
throw new CmpRequestorException(String.format("unknown PKI body type %s instead the expected [%s, %s]", bodyType, PKIBody.TYPE_GEN_REP, PKIBody.TYPE_ERROR));
}
ASN1ObjectIdentifier expectedType = (xipkiAction == null) ? CMPObjectIdentifiers.it_currentCRL : ObjectIdentifiers.id_xipki_cmp_cmpGenmsg;
GenRepContent genRep = GenRepContent.getInstance(respBody.getContent());
InfoTypeAndValue[] itvs = genRep.toInfoTypeAndValueArray();
InfoTypeAndValue itv = null;
if (itvs != null && itvs.length > 0) {
for (InfoTypeAndValue m : itvs) {
if (expectedType.equals(m.getInfoType())) {
itv = m;
break;
}
}
}
if (itv == null) {
throw new CmpRequestorException("the response does not contain InfoTypeAndValue " + expectedType);
}
ASN1Encodable certListAsn1Object = (xipkiAction == null) ? itv.getInfoValue() : extractXiActionContent(itv.getInfoValue(), xipkiAction);
CertificateList certList = CertificateList.getInstance(certListAsn1Object);
X509CRL crl;
try {
crl = X509Util.toX509Crl(certList);
} catch (CRLException | CertificateException ex) {
throw new CmpRequestorException("returned CRL is invalid: " + ex.getMessage());
}
return crl;
}
Also used :
PKIBody(org.bouncycastle.asn1.cmp.PKIBody)
X509CRL(java.security.cert.X509CRL)
GenRepContent(org.bouncycastle.asn1.cmp.GenRepContent)
CertificateList(org.bouncycastle.asn1.x509.CertificateList)
CertificateException(java.security.cert.CertificateException)
PkiErrorException(org.xipki.ca.client.api.PkiErrorException)
InfoTypeAndValue(org.bouncycastle.asn1.cmp.InfoTypeAndValue)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
ErrorMsgContent(org.bouncycastle.asn1.cmp.ErrorMsgContent)
CRLException(java.security.cert.CRLException)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Aggregations
ErrorMsgContent (org.bouncycastle.asn1.cmp.ErrorMsgContent)12
PKIBody (org.bouncycastle.asn1.cmp.PKIBody)12
PKIStatusInfo (org.bouncycastle.asn1.cmp.PKIStatusInfo)9
PKIFreeText (org.bouncycastle.asn1.cmp.PKIFreeText)5
IOException (java.io.IOException)4
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)4
PKIFailureInfo (org.bouncycastle.asn1.cmp.PKIFailureInfo)4
BigInteger (java.math.BigInteger)3
InvalidKeyException (java.security.InvalidKeyException)3
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)3
GenRepContent (org.bouncycastle.asn1.cmp.GenRepContent)3
InfoTypeAndValue (org.bouncycastle.asn1.cmp.InfoTypeAndValue)3
PKIMessage (org.bouncycastle.asn1.cmp.PKIMessage)3
CMPException (org.bouncycastle.cert.cmp.CMPException)3
OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)3
PkiErrorException (org.xipki.ca.client.api.PkiErrorException)3
Date (java.util.Date)2
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)2
ASN1Integer (org.bouncycastle.asn1.ASN1Integer)2
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)2
