Example 6 with PKIFailureInfo
use of org.bouncycastle.asn1.cmp.PKIFailureInfo in project xipki by xipki.
the class CmpResponder method generateRejectionStatus.
// method generateCmpRejectionStatus
protected PKIStatusInfo generateRejectionStatus(PKIStatus status, Integer info, String errorMessage) {
PKIFreeText statusMessage = (errorMessage == null) ? null : new PKIFreeText(errorMessage);
PKIFailureInfo failureInfo = (info == null) ? null : new PKIFailureInfo(info);
return new PKIStatusInfo(status, statusMessage, failureInfo);
}
Also used :
PKIFailureInfo(org.bouncycastle.asn1.cmp.PKIFailureInfo)
PKIStatusInfo(org.bouncycastle.asn1.cmp.PKIStatusInfo)
PKIFreeText(org.bouncycastle.asn1.cmp.PKIFreeText)
Example 7 with PKIFailureInfo
use of org.bouncycastle.asn1.cmp.PKIFailureInfo in project xipki by xipki.
the class X509CaCmpResponderImpl method processPkiMessage0.
@Override
protected PKIMessage processPkiMessage0(PKIMessage request, RequestorInfo requestor, ASN1OctetString tid, GeneralPKIMessage message, String msgId, AuditEvent event) {
if (!(requestor instanceof CmpRequestorInfo)) {
throw new IllegalArgumentException("unknown requestor type " + requestor.getClass().getName());
}
CmpRequestorInfo tmpRequestor = (CmpRequestorInfo) requestor;
event.addEventData(CaAuditConstants.NAME_requestor, tmpRequestor.getIdent().getName());
PKIHeader reqHeader = message.getHeader();
PKIHeaderBuilder respHeader = new PKIHeaderBuilder(reqHeader.getPvno().getValue().intValue(), getSender(), reqHeader.getSender());
respHeader.setTransactionID(tid);
ASN1OctetString senderNonce = reqHeader.getSenderNonce();
if (senderNonce != null) {
respHeader.setRecipNonce(senderNonce);
}
PKIBody respBody;
PKIBody reqBody = message.getBody();
final int type = reqBody.getType();
CmpControl cmpControl = getCmpControl();
try {
switch(type) {
case PKIBody.TYPE_CERT_REQ:
case PKIBody.TYPE_KEY_UPDATE_REQ:
case PKIBody.TYPE_P10_CERT_REQ:
case PKIBody.TYPE_CROSS_CERT_REQ:
String eventType = null;
if (PKIBody.TYPE_CERT_REQ == type) {
eventType = CaAuditConstants.TYPE_CMP_cr;
} else if (PKIBody.TYPE_KEY_UPDATE_REQ == type) {
eventType = CaAuditConstants.TYPE_CMP_kur;
} else if (PKIBody.TYPE_P10_CERT_REQ == type) {
eventType = CaAuditConstants.TYPE_CMP_p10Cr;
} else if (PKIBody.TYPE_CROSS_CERT_REQ == type) {
eventType = CaAuditConstants.TYPE_CMP_ccr;
}
if (eventType != null) {
event.addEventType(eventType);
}
respBody = cmpEnrollCert(request, respHeader, cmpControl, reqHeader, reqBody, tmpRequestor, tid, msgId, event);
break;
case PKIBody.TYPE_CERT_CONFIRM:
event.addEventType(CaAuditConstants.TYPE_CMP_certConf);
CertConfirmContent certConf = (CertConfirmContent) reqBody.getContent();
respBody = confirmCertificates(tid, certConf, msgId);
break;
case PKIBody.TYPE_REVOCATION_REQ:
respBody = cmpUnRevokeRemoveCertificates(request, respHeader, cmpControl, reqHeader, reqBody, tmpRequestor, msgId, event);
break;
case PKIBody.TYPE_CONFIRM:
event.addEventType(CaAuditConstants.TYPE_CMP_pkiConf);
respBody = new PKIBody(PKIBody.TYPE_CONFIRM, DERNull.INSTANCE);
break;
case PKIBody.TYPE_GEN_MSG:
respBody = cmpGeneralMsg(respHeader, cmpControl, reqHeader, reqBody, tmpRequestor, tid, msgId, event);
break;
case PKIBody.TYPE_ERROR:
event.addEventType(CaAuditConstants.TYPE_CMP_error);
revokePendingCertificates(tid, msgId);
respBody = new PKIBody(PKIBody.TYPE_CONFIRM, DERNull.INSTANCE);
break;
default:
event.addEventType("PKIBody." + type);
respBody = buildErrorMsgPkiBody(PKIStatus.rejection, PKIFailureInfo.badRequest, "unsupported type " + type);
break;
}
// end switch (type)
} catch (InsuffientPermissionException ex) {
ErrorMsgContent emc = new ErrorMsgContent(new PKIStatusInfo(PKIStatus.rejection, new PKIFreeText(ex.getMessage()), new PKIFailureInfo(PKIFailureInfo.notAuthorized)));
respBody = new PKIBody(PKIBody.TYPE_ERROR, emc);
}
if (respBody.getType() == PKIBody.TYPE_ERROR) {
ErrorMsgContent errorMsgContent = (ErrorMsgContent) respBody.getContent();
AuditStatus auditStatus = AuditStatus.FAILED;
org.xipki.cmp.PkiStatusInfo pkiStatus = new org.xipki.cmp.PkiStatusInfo(errorMsgContent.getPKIStatusInfo());
if (pkiStatus.pkiFailureInfo() == PKIFailureInfo.systemFailure) {
auditStatus = AuditStatus.FAILED;
}
event.setStatus(auditStatus);
String statusString = pkiStatus.statusMessage();
if (statusString != null) {
event.addEventData(CaAuditConstants.NAME_message, statusString);
}
} else if (event.getStatus() == null) {
event.setStatus(AuditStatus.SUCCESSFUL);
}
return new PKIMessage(respHeader.build(), respBody);
}
Also used :
PKIHeader(org.bouncycastle.asn1.cmp.PKIHeader)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage)
GeneralPKIMessage(org.bouncycastle.cert.cmp.GeneralPKIMessage)
PKIBody(org.bouncycastle.asn1.cmp.PKIBody)
PKIHeaderBuilder(org.bouncycastle.asn1.cmp.PKIHeaderBuilder)
PKIStatusInfo(org.bouncycastle.asn1.cmp.PKIStatusInfo)
InsuffientPermissionException(org.xipki.ca.api.InsuffientPermissionException)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
PKIFreeText(org.bouncycastle.asn1.cmp.PKIFreeText)
PKIFailureInfo(org.bouncycastle.asn1.cmp.PKIFailureInfo)
CertConfirmContent(org.bouncycastle.asn1.cmp.CertConfirmContent)
AuditStatus(org.xipki.audit.AuditStatus)
CmpControl(org.xipki.ca.server.mgmt.api.CmpControl)
ErrorMsgContent(org.bouncycastle.asn1.cmp.ErrorMsgContent)
Example 8 with PKIFailureInfo
use of org.bouncycastle.asn1.cmp.PKIFailureInfo in project keystore-explorer by kaikramer.
the class TimeStampingClient method getTimeStampToken.
/**
* Get RFC 3161 timeStampToken.
*
* @param tsaUrl Location of TSA
* @param data The data to be time-stamped
* @param hashAlg The algorithm used for generating a hash value of the data to be time-stamped
* @return encoded, TSA signed data of the timeStampToken
* @throws IOException
*/
public static byte[] getTimeStampToken(String tsaUrl, byte[] data, DigestType hashAlg) throws IOException {
TimeStampResponse response = null;
try {
// calculate hash value
MessageDigest digest = MessageDigest.getInstance(hashAlg.jce());
byte[] hashValue = digest.digest(data);
// Setup the time stamp request
TimeStampRequestGenerator tsqGenerator = new TimeStampRequestGenerator();
tsqGenerator.setCertReq(true);
BigInteger nonce = BigInteger.valueOf(System.currentTimeMillis());
TimeStampRequest request = tsqGenerator.generate(new ASN1ObjectIdentifier(hashAlg.oid()), hashValue, nonce);
byte[] requestBytes = request.getEncoded();
// send http request
byte[] respBytes = queryServer(tsaUrl, requestBytes);
// process response
response = new TimeStampResponse(respBytes);
// validate communication level attributes (RFC 3161 PKIStatus)
response.validate(request);
PKIFailureInfo failure = response.getFailInfo();
int value = failure == null ? 0 : failure.intValue();
if (value != 0) {
throw new IOException("Server returned error code: " + String.valueOf(value));
}
} catch (NoSuchAlgorithmException e) {
throw new IOException(e);
} catch (TSPException e) {
throw new IOException(e);
}
// extract the time stamp token
TimeStampToken tsToken = response.getTimeStampToken();
if (tsToken == null) {
throw new IOException("TSA returned no time stamp token: " + response.getStatusString());
}
return tsToken.getEncoded();
}
Also used :
IOException(java.io.IOException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
TimeStampRequest(org.bouncycastle.tsp.TimeStampRequest)
PKIFailureInfo(org.bouncycastle.asn1.cmp.PKIFailureInfo)
TimeStampResponse(org.bouncycastle.tsp.TimeStampResponse)
BigInteger(java.math.BigInteger)
TimeStampRequestGenerator(org.bouncycastle.tsp.TimeStampRequestGenerator)
TSPException(org.bouncycastle.tsp.TSPException)
MessageDigest(java.security.MessageDigest)
TimeStampToken(org.bouncycastle.tsp.TimeStampToken)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Aggregations
PKIFailureInfo (org.bouncycastle.asn1.cmp.PKIFailureInfo)8
PKIStatusInfo (org.bouncycastle.asn1.cmp.PKIStatusInfo)6
BigInteger (java.math.BigInteger)5
ErrorMsgContent (org.bouncycastle.asn1.cmp.ErrorMsgContent)4
PKIBody (org.bouncycastle.asn1.cmp.PKIBody)4
PKIFreeText (org.bouncycastle.asn1.cmp.PKIFreeText)4
ASN1Integer (org.bouncycastle.asn1.ASN1Integer)3
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)3
IOException (java.io.IOException)2
MessageDigest (java.security.MessageDigest)2
ArrayList (java.util.ArrayList)2
Date (java.util.Date)2
HashMap (java.util.HashMap)2
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)2
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)2
TimeStampRequest (org.bouncycastle.tsp.TimeStampRequest)2
TimeStampRequestGenerator (org.bouncycastle.tsp.TimeStampRequestGenerator)2
TimeStampResponse (org.bouncycastle.tsp.TimeStampResponse)2
TimeStampToken (org.bouncycastle.tsp.TimeStampToken)2
ByteArrayOutputStream (java.io.ByteArrayOutputStream)1
