Search in sources :

Example 6 with InfoTypeAndValue

use of org.bouncycastle.asn1.cmp.InfoTypeAndValue in project xipki by xipki.

the class CmpRequestor method extractGeneralRepContent.

private ASN1Encodable extractGeneralRepContent(PkiResponse response, String expectedType, boolean requireProtectionCheck) throws CmpRequestorException, PkiErrorException {
    ParamUtil.requireNonNull("response", response);
    ParamUtil.requireNonNull("expectedType", expectedType);
    if (requireProtectionCheck) {
        checkProtection(response);
    }
    PKIBody respBody = response.getPkiMessage().getBody();
    int bodyType = respBody.getType();
    if (PKIBody.TYPE_ERROR == bodyType) {
        ErrorMsgContent content = ErrorMsgContent.getInstance(respBody.getContent());
        throw new CmpRequestorException(CmpFailureUtil.formatPkiStatusInfo(content.getPKIStatusInfo()));
    } else if (PKIBody.TYPE_GEN_REP != bodyType) {
        throw new CmpRequestorException(String.format("unknown PKI body type %s instead the expected [%s, %s]", bodyType, PKIBody.TYPE_GEN_REP, PKIBody.TYPE_ERROR));
    }
    GenRepContent genRep = GenRepContent.getInstance(respBody.getContent());
    InfoTypeAndValue[] itvs = genRep.toInfoTypeAndValueArray();
    InfoTypeAndValue itv = null;
    if (itvs != null && itvs.length > 0) {
        for (InfoTypeAndValue entry : itvs) {
            if (expectedType.equals(entry.getInfoType().getId())) {
                itv = entry;
                break;
            }
        }
    }
    if (itv == null) {
        throw new CmpRequestorException("the response does not contain InfoTypeAndValue " + expectedType);
    }
    return itv.getInfoValue();
}
Also used : PKIBody(org.bouncycastle.asn1.cmp.PKIBody) GenRepContent(org.bouncycastle.asn1.cmp.GenRepContent) InfoTypeAndValue(org.bouncycastle.asn1.cmp.InfoTypeAndValue) ErrorMsgContent(org.bouncycastle.asn1.cmp.ErrorMsgContent)

Example 7 with InfoTypeAndValue

use of org.bouncycastle.asn1.cmp.InfoTypeAndValue in project xipki by xipki.

the class X509CaCmpResponderImpl method cmpEnrollCert.

private PKIBody cmpEnrollCert(PKIMessage request, PKIHeaderBuilder respHeader, CmpControl cmpControl, PKIHeader reqHeader, PKIBody reqBody, CmpRequestorInfo requestor, ASN1OctetString tid, String msgId, AuditEvent event) throws InsuffientPermissionException {
    long confirmWaitTime = cmpControl.getConfirmWaitTime();
    if (confirmWaitTime < 0) {
        confirmWaitTime *= -1;
    }
    // second to millisecond
    confirmWaitTime *= 1000;
    PKIBody respBody;
    int type = reqBody.getType();
    switch(type) {
        case PKIBody.TYPE_CERT_REQ:
            checkPermission(requestor, PermissionConstants.ENROLL_CERT);
            respBody = processCr(request, requestor, tid, reqHeader, CertReqMessages.getInstance(reqBody.getContent()), cmpControl, msgId, event);
            break;
        case PKIBody.TYPE_KEY_UPDATE_REQ:
            checkPermission(requestor, PermissionConstants.KEY_UPDATE);
            respBody = processKur(request, requestor, tid, reqHeader, CertReqMessages.getInstance(reqBody.getContent()), cmpControl, msgId, event);
            break;
        case PKIBody.TYPE_P10_CERT_REQ:
            checkPermission(requestor, PermissionConstants.ENROLL_CERT);
            respBody = processP10cr(request, requestor, tid, reqHeader, CertificationRequest.getInstance(reqBody.getContent()), cmpControl, msgId, event);
            break;
        case PKIBody.TYPE_CROSS_CERT_REQ:
            checkPermission(requestor, PermissionConstants.ENROLL_CROSS);
            respBody = processCcp(request, requestor, tid, reqHeader, CertReqMessages.getInstance(reqBody.getContent()), cmpControl, msgId, event);
            break;
        default:
            throw new RuntimeException("should not reach here");
    }
    // switch type
    InfoTypeAndValue tv = null;
    if (!cmpControl.isConfirmCert() && CmpUtil.isImplictConfirm(reqHeader)) {
        pendingCertPool.removeCertificates(tid.getOctets());
        tv = CmpUtil.getImplictConfirmGeneralInfo();
    } else {
        Date now = new Date();
        respHeader.setMessageTime(new ASN1GeneralizedTime(now));
        tv = new InfoTypeAndValue(CMPObjectIdentifiers.it_confirmWaitTime, new ASN1GeneralizedTime(new Date(System.currentTimeMillis() + confirmWaitTime)));
    }
    respHeader.setGeneralInfo(tv);
    return respBody;
}
Also used : PKIBody(org.bouncycastle.asn1.cmp.PKIBody) InfoTypeAndValue(org.bouncycastle.asn1.cmp.InfoTypeAndValue) ASN1GeneralizedTime(org.bouncycastle.asn1.ASN1GeneralizedTime) Date(java.util.Date)

Example 8 with InfoTypeAndValue

use of org.bouncycastle.asn1.cmp.InfoTypeAndValue in project xipki by xipki.

the class CmpRequestor method buildMessageWithGeneralMsgContent.

protected PKIMessage buildMessageWithGeneralMsgContent(ASN1ObjectIdentifier type, ASN1Encodable value) throws CmpRequestorException {
    ParamUtil.requireNonNull("type", type);
    PKIHeader header = buildPkiHeader(null);
    InfoTypeAndValue itv = (value != null) ? new InfoTypeAndValue(type, value) : new InfoTypeAndValue(type);
    GenMsgContent genMsgContent = new GenMsgContent(itv);
    PKIBody body = new PKIBody(PKIBody.TYPE_GEN_MSG, genMsgContent);
    return new PKIMessage(header, body);
}
Also used : PKIHeader(org.bouncycastle.asn1.cmp.PKIHeader) ProtectedPKIMessage(org.bouncycastle.cert.cmp.ProtectedPKIMessage) PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage) GeneralPKIMessage(org.bouncycastle.cert.cmp.GeneralPKIMessage) PKIBody(org.bouncycastle.asn1.cmp.PKIBody) GenMsgContent(org.bouncycastle.asn1.cmp.GenMsgContent) InfoTypeAndValue(org.bouncycastle.asn1.cmp.InfoTypeAndValue)

Example 9 with InfoTypeAndValue

use of org.bouncycastle.asn1.cmp.InfoTypeAndValue in project xipki by xipki.

the class CmpRequestor method buildMessageWithXipkAction.

// method verifyProtection
protected PKIMessage buildMessageWithXipkAction(int action, ASN1Encodable value) throws CmpRequestorException {
    PKIHeader header = buildPkiHeader(null);
    ASN1EncodableVector vec = new ASN1EncodableVector();
    vec.add(new ASN1Integer(action));
    if (value != null) {
        vec.add(value);
    }
    InfoTypeAndValue itv = new InfoTypeAndValue(ObjectIdentifiers.id_xipki_cmp_cmpGenmsg, new DERSequence(vec));
    GenMsgContent genMsgContent = new GenMsgContent(itv);
    PKIBody body = new PKIBody(PKIBody.TYPE_GEN_MSG, genMsgContent);
    return new PKIMessage(header, body);
}
Also used : PKIHeader(org.bouncycastle.asn1.cmp.PKIHeader) ProtectedPKIMessage(org.bouncycastle.cert.cmp.ProtectedPKIMessage) PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage) GeneralPKIMessage(org.bouncycastle.cert.cmp.GeneralPKIMessage) PKIBody(org.bouncycastle.asn1.cmp.PKIBody) DERSequence(org.bouncycastle.asn1.DERSequence) GenMsgContent(org.bouncycastle.asn1.cmp.GenMsgContent) InfoTypeAndValue(org.bouncycastle.asn1.cmp.InfoTypeAndValue) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) ASN1Integer(org.bouncycastle.asn1.ASN1Integer)

Example 10 with InfoTypeAndValue

use of org.bouncycastle.asn1.cmp.InfoTypeAndValue in project xipki by xipki.

the class X509CmpRequestor method evaluateCrlResponse.

private X509CRL evaluateCrlResponse(PkiResponse response, Integer xipkiAction) throws CmpRequestorException, PkiErrorException {
    ParamUtil.requireNonNull("response", response);
    checkProtection(response);
    PKIBody respBody = response.getPkiMessage().getBody();
    int bodyType = respBody.getType();
    if (PKIBody.TYPE_ERROR == bodyType) {
        ErrorMsgContent content = ErrorMsgContent.getInstance(respBody.getContent());
        throw new PkiErrorException(content.getPKIStatusInfo());
    } else if (PKIBody.TYPE_GEN_REP != bodyType) {
        throw new CmpRequestorException(String.format("unknown PKI body type %s instead the expected [%s, %s]", bodyType, PKIBody.TYPE_GEN_REP, PKIBody.TYPE_ERROR));
    }
    ASN1ObjectIdentifier expectedType = (xipkiAction == null) ? CMPObjectIdentifiers.it_currentCRL : ObjectIdentifiers.id_xipki_cmp_cmpGenmsg;
    GenRepContent genRep = GenRepContent.getInstance(respBody.getContent());
    InfoTypeAndValue[] itvs = genRep.toInfoTypeAndValueArray();
    InfoTypeAndValue itv = null;
    if (itvs != null && itvs.length > 0) {
        for (InfoTypeAndValue m : itvs) {
            if (expectedType.equals(m.getInfoType())) {
                itv = m;
                break;
            }
        }
    }
    if (itv == null) {
        throw new CmpRequestorException("the response does not contain InfoTypeAndValue " + expectedType);
    }
    ASN1Encodable certListAsn1Object = (xipkiAction == null) ? itv.getInfoValue() : extractXiActionContent(itv.getInfoValue(), xipkiAction);
    CertificateList certList = CertificateList.getInstance(certListAsn1Object);
    X509CRL crl;
    try {
        crl = X509Util.toX509Crl(certList);
    } catch (CRLException | CertificateException ex) {
        throw new CmpRequestorException("returned CRL is invalid: " + ex.getMessage());
    }
    return crl;
}
Also used : PKIBody(org.bouncycastle.asn1.cmp.PKIBody) X509CRL(java.security.cert.X509CRL) GenRepContent(org.bouncycastle.asn1.cmp.GenRepContent) CertificateList(org.bouncycastle.asn1.x509.CertificateList) CertificateException(java.security.cert.CertificateException) PkiErrorException(org.xipki.ca.client.api.PkiErrorException) InfoTypeAndValue(org.bouncycastle.asn1.cmp.InfoTypeAndValue) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) ErrorMsgContent(org.bouncycastle.asn1.cmp.ErrorMsgContent) CRLException(java.security.cert.CRLException) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Aggregations

InfoTypeAndValue (org.bouncycastle.asn1.cmp.InfoTypeAndValue)14 PKIBody (org.bouncycastle.asn1.cmp.PKIBody)11 Date (java.util.Date)6 PKIMessage (org.bouncycastle.asn1.cmp.PKIMessage)6 ProtectedPKIMessage (org.bouncycastle.cert.cmp.ProtectedPKIMessage)6 GeneralPKIMessage (org.bouncycastle.cert.cmp.GeneralPKIMessage)5 GenMsgContent (org.bouncycastle.asn1.cmp.GenMsgContent)4 GenRepContent (org.bouncycastle.asn1.cmp.GenRepContent)4 PKIHeader (org.bouncycastle.asn1.cmp.PKIHeader)4 ProtectedPKIMessageBuilder (org.bouncycastle.cert.cmp.ProtectedPKIMessageBuilder)4 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)3 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)3 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)3 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)3 ErrorMsgContent (org.bouncycastle.asn1.cmp.ErrorMsgContent)3 CRLException (java.security.cert.CRLException)2 X509CRL (java.security.cert.X509CRL)2 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)2 ASN1GeneralizedTime (org.bouncycastle.asn1.ASN1GeneralizedTime)2 ASN1Integer (org.bouncycastle.asn1.ASN1Integer)2