Examples with PKIHeader org.bouncycastle.asn1.cmp.PKIHeader used on opensource projects

Search in sources :

Example 16 with PKIHeader

use of org.bouncycastle.asn1.cmp.PKIHeader in project xipki by xipki.

the class X509CmpRequestor method buildPkiMessage.

// method buildPkiMessage
private PKIMessage buildPkiMessage(CertRequest req, ProofOfPossession pop, String profileName) {
    PKIHeader header = buildPkiHeader(implicitConfirm, null);
    CmpUtf8Pairs utf8Pairs = new CmpUtf8Pairs(CmpUtf8Pairs.KEY_CERTPROFILE, profileName);
    AttributeTypeAndValue certprofileInfo = CmpUtil.buildAttributeTypeAndValue(utf8Pairs);
    CertReqMsg[] certReqMsgs = new CertReqMsg[1];
    certReqMsgs[0] = new CertReqMsg(req, pop, new AttributeTypeAndValue[] { certprofileInfo });
    PKIBody body = new PKIBody(PKIBody.TYPE_CERT_REQ, new CertReqMessages(certReqMsgs));
    return new PKIMessage(header, body);
}
Also used : PKIHeader(org.bouncycastle.asn1.cmp.PKIHeader) PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage) PKIBody(org.bouncycastle.asn1.cmp.PKIBody) CertReqMessages(org.bouncycastle.asn1.crmf.CertReqMessages) CmpUtf8Pairs(org.xipki.cmp.CmpUtf8Pairs) CertReqMsg(org.bouncycastle.asn1.crmf.CertReqMsg) AttributeTypeAndValue(org.bouncycastle.asn1.crmf.AttributeTypeAndValue)

Example 17 with PKIHeader

use of org.bouncycastle.asn1.cmp.PKIHeader in project xipki by xipki.

the class X509CaCmpResponderImpl method cmpEnrollCert.

private PKIBody cmpEnrollCert(PKIMessage request, PKIHeaderBuilder respHeader, CmpControl cmpControl, PKIHeader reqHeader, PKIBody reqBody, CmpRequestorInfo requestor, ASN1OctetString tid, String msgId, AuditEvent event) throws InsuffientPermissionException {
    long confirmWaitTime = cmpControl.getConfirmWaitTime();
    if (confirmWaitTime < 0) {
        confirmWaitTime *= -1;
    }
    // second to millisecond
    confirmWaitTime *= 1000;
    PKIBody respBody;
    int type = reqBody.getType();
    switch(type) {
        case PKIBody.TYPE_CERT_REQ:
            checkPermission(requestor, PermissionConstants.ENROLL_CERT);
            respBody = processCr(request, requestor, tid, reqHeader, CertReqMessages.getInstance(reqBody.getContent()), cmpControl, msgId, event);
            break;
        case PKIBody.TYPE_KEY_UPDATE_REQ:
            checkPermission(requestor, PermissionConstants.KEY_UPDATE);
            respBody = processKur(request, requestor, tid, reqHeader, CertReqMessages.getInstance(reqBody.getContent()), cmpControl, msgId, event);
            break;
        case PKIBody.TYPE_P10_CERT_REQ:
            checkPermission(requestor, PermissionConstants.ENROLL_CERT);
            respBody = processP10cr(request, requestor, tid, reqHeader, CertificationRequest.getInstance(reqBody.getContent()), cmpControl, msgId, event);
            break;
        case PKIBody.TYPE_CROSS_CERT_REQ:
            checkPermission(requestor, PermissionConstants.ENROLL_CROSS);
            respBody = processCcp(request, requestor, tid, reqHeader, CertReqMessages.getInstance(reqBody.getContent()), cmpControl, msgId, event);
            break;
        default:
            throw new RuntimeException("should not reach here");
    }
    // switch type
    InfoTypeAndValue tv = null;
    if (!cmpControl.isConfirmCert() && CmpUtil.isImplictConfirm(reqHeader)) {
        pendingCertPool.removeCertificates(tid.getOctets());
        tv = CmpUtil.getImplictConfirmGeneralInfo();
    } else {
        Date now = new Date();
        respHeader.setMessageTime(new ASN1GeneralizedTime(now));
        tv = new InfoTypeAndValue(CMPObjectIdentifiers.it_confirmWaitTime, new ASN1GeneralizedTime(new Date(System.currentTimeMillis() + confirmWaitTime)));
    }
    respHeader.setGeneralInfo(tv);
    return respBody;
}
Also used : PKIBody(org.bouncycastle.asn1.cmp.PKIBody) InfoTypeAndValue(org.bouncycastle.asn1.cmp.InfoTypeAndValue) ASN1GeneralizedTime(org.bouncycastle.asn1.ASN1GeneralizedTime) Date(java.util.Date)

Example 18 with PKIHeader

use of org.bouncycastle.asn1.cmp.PKIHeader in project xipki by xipki.

the class X509CaCmpResponderImpl method processPkiMessage0.

@Override
protected PKIMessage processPkiMessage0(PKIMessage request, RequestorInfo requestor, ASN1OctetString tid, GeneralPKIMessage message, String msgId, AuditEvent event) {
    if (!(requestor instanceof CmpRequestorInfo)) {
        throw new IllegalArgumentException("unknown requestor type " + requestor.getClass().getName());
    }
    CmpRequestorInfo tmpRequestor = (CmpRequestorInfo) requestor;
    event.addEventData(CaAuditConstants.NAME_requestor, tmpRequestor.getIdent().getName());
    PKIHeader reqHeader = message.getHeader();
    PKIHeaderBuilder respHeader = new PKIHeaderBuilder(reqHeader.getPvno().getValue().intValue(), getSender(), reqHeader.getSender());
    respHeader.setTransactionID(tid);
    ASN1OctetString senderNonce = reqHeader.getSenderNonce();
    if (senderNonce != null) {
        respHeader.setRecipNonce(senderNonce);
    }
    PKIBody respBody;
    PKIBody reqBody = message.getBody();
    final int type = reqBody.getType();
    CmpControl cmpControl = getCmpControl();
    try {
        switch(type) {
            case PKIBody.TYPE_CERT_REQ:
            case PKIBody.TYPE_KEY_UPDATE_REQ:
            case PKIBody.TYPE_P10_CERT_REQ:
            case PKIBody.TYPE_CROSS_CERT_REQ:
                String eventType = null;
                if (PKIBody.TYPE_CERT_REQ == type) {
                    eventType = CaAuditConstants.TYPE_CMP_cr;
                } else if (PKIBody.TYPE_KEY_UPDATE_REQ == type) {
                    eventType = CaAuditConstants.TYPE_CMP_kur;
                } else if (PKIBody.TYPE_P10_CERT_REQ == type) {
                    eventType = CaAuditConstants.TYPE_CMP_p10Cr;
                } else if (PKIBody.TYPE_CROSS_CERT_REQ == type) {
                    eventType = CaAuditConstants.TYPE_CMP_ccr;
                }
                if (eventType != null) {
                    event.addEventType(eventType);
                }
                respBody = cmpEnrollCert(request, respHeader, cmpControl, reqHeader, reqBody, tmpRequestor, tid, msgId, event);
                break;
            case PKIBody.TYPE_CERT_CONFIRM:
                event.addEventType(CaAuditConstants.TYPE_CMP_certConf);
                CertConfirmContent certConf = (CertConfirmContent) reqBody.getContent();
                respBody = confirmCertificates(tid, certConf, msgId);
                break;
            case PKIBody.TYPE_REVOCATION_REQ:
                respBody = cmpUnRevokeRemoveCertificates(request, respHeader, cmpControl, reqHeader, reqBody, tmpRequestor, msgId, event);
                break;
            case PKIBody.TYPE_CONFIRM:
                event.addEventType(CaAuditConstants.TYPE_CMP_pkiConf);
                respBody = new PKIBody(PKIBody.TYPE_CONFIRM, DERNull.INSTANCE);
                break;
            case PKIBody.TYPE_GEN_MSG:
                respBody = cmpGeneralMsg(respHeader, cmpControl, reqHeader, reqBody, tmpRequestor, tid, msgId, event);
                break;
            case PKIBody.TYPE_ERROR:
                event.addEventType(CaAuditConstants.TYPE_CMP_error);
                revokePendingCertificates(tid, msgId);
                respBody = new PKIBody(PKIBody.TYPE_CONFIRM, DERNull.INSTANCE);
                break;
            default:
                event.addEventType("PKIBody." + type);
                respBody = buildErrorMsgPkiBody(PKIStatus.rejection, PKIFailureInfo.badRequest, "unsupported type " + type);
                break;
        }
    // end switch (type)
    } catch (InsuffientPermissionException ex) {
        ErrorMsgContent emc = new ErrorMsgContent(new PKIStatusInfo(PKIStatus.rejection, new PKIFreeText(ex.getMessage()), new PKIFailureInfo(PKIFailureInfo.notAuthorized)));
        respBody = new PKIBody(PKIBody.TYPE_ERROR, emc);
    }
    if (respBody.getType() == PKIBody.TYPE_ERROR) {
        ErrorMsgContent errorMsgContent = (ErrorMsgContent) respBody.getContent();
        AuditStatus auditStatus = AuditStatus.FAILED;
        org.xipki.cmp.PkiStatusInfo pkiStatus = new org.xipki.cmp.PkiStatusInfo(errorMsgContent.getPKIStatusInfo());
        if (pkiStatus.pkiFailureInfo() == PKIFailureInfo.systemFailure) {
            auditStatus = AuditStatus.FAILED;
        }
        event.setStatus(auditStatus);
        String statusString = pkiStatus.statusMessage();
        if (statusString != null) {
            event.addEventData(CaAuditConstants.NAME_message, statusString);
        }
    } else if (event.getStatus() == null) {
        event.setStatus(AuditStatus.SUCCESSFUL);
    }
    return new PKIMessage(respHeader.build(), respBody);
}
Also used : PKIHeader(org.bouncycastle.asn1.cmp.PKIHeader) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage) GeneralPKIMessage(org.bouncycastle.cert.cmp.GeneralPKIMessage) PKIBody(org.bouncycastle.asn1.cmp.PKIBody) PKIHeaderBuilder(org.bouncycastle.asn1.cmp.PKIHeaderBuilder) PKIStatusInfo(org.bouncycastle.asn1.cmp.PKIStatusInfo) InsuffientPermissionException(org.xipki.ca.api.InsuffientPermissionException) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) PKIFreeText(org.bouncycastle.asn1.cmp.PKIFreeText) PKIFailureInfo(org.bouncycastle.asn1.cmp.PKIFailureInfo) CertConfirmContent(org.bouncycastle.asn1.cmp.CertConfirmContent) AuditStatus(org.xipki.audit.AuditStatus) CmpControl(org.xipki.ca.server.mgmt.api.CmpControl) ErrorMsgContent(org.bouncycastle.asn1.cmp.ErrorMsgContent)

Example 19 with PKIHeader

use of org.bouncycastle.asn1.cmp.PKIHeader in project xipki by xipki.

the class CmpRequestor method buildMessageWithGeneralMsgContent.

protected PKIMessage buildMessageWithGeneralMsgContent(ASN1ObjectIdentifier type, ASN1Encodable value) throws CmpRequestorException {
    ParamUtil.requireNonNull("type", type);
    PKIHeader header = buildPkiHeader(null);
    InfoTypeAndValue itv = (value != null) ? new InfoTypeAndValue(type, value) : new InfoTypeAndValue(type);
    GenMsgContent genMsgContent = new GenMsgContent(itv);
    PKIBody body = new PKIBody(PKIBody.TYPE_GEN_MSG, genMsgContent);
    return new PKIMessage(header, body);
}
Also used : PKIHeader(org.bouncycastle.asn1.cmp.PKIHeader) ProtectedPKIMessage(org.bouncycastle.cert.cmp.ProtectedPKIMessage) PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage) GeneralPKIMessage(org.bouncycastle.cert.cmp.GeneralPKIMessage) PKIBody(org.bouncycastle.asn1.cmp.PKIBody) GenMsgContent(org.bouncycastle.asn1.cmp.GenMsgContent) InfoTypeAndValue(org.bouncycastle.asn1.cmp.InfoTypeAndValue)

Example 20 with PKIHeader

use of org.bouncycastle.asn1.cmp.PKIHeader in project xipki by xipki.

the class CmpRequestor method buildMessageWithXipkAction.

// method verifyProtection
protected PKIMessage buildMessageWithXipkAction(int action, ASN1Encodable value) throws CmpRequestorException {
    PKIHeader header = buildPkiHeader(null);
    ASN1EncodableVector vec = new ASN1EncodableVector();
    vec.add(new ASN1Integer(action));
    if (value != null) {
        vec.add(value);
    }
    InfoTypeAndValue itv = new InfoTypeAndValue(ObjectIdentifiers.id_xipki_cmp_cmpGenmsg, new DERSequence(vec));
    GenMsgContent genMsgContent = new GenMsgContent(itv);
    PKIBody body = new PKIBody(PKIBody.TYPE_GEN_MSG, genMsgContent);
    return new PKIMessage(header, body);
}
Also used : PKIHeader(org.bouncycastle.asn1.cmp.PKIHeader) ProtectedPKIMessage(org.bouncycastle.cert.cmp.ProtectedPKIMessage) PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage) GeneralPKIMessage(org.bouncycastle.cert.cmp.GeneralPKIMessage) PKIBody(org.bouncycastle.asn1.cmp.PKIBody) DERSequence(org.bouncycastle.asn1.DERSequence) GenMsgContent(org.bouncycastle.asn1.cmp.GenMsgContent) InfoTypeAndValue(org.bouncycastle.asn1.cmp.InfoTypeAndValue) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) ASN1Integer(org.bouncycastle.asn1.ASN1Integer)

Aggregations

PKIBody (org.bouncycastle.asn1.cmp.PKIBody)16 PKIHeader (org.bouncycastle.asn1.cmp.PKIHeader)16 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)12 PKIMessage (org.bouncycastle.asn1.cmp.PKIMessage)12 ProtectedPKIMessage (org.bouncycastle.cert.cmp.ProtectedPKIMessage)9 Date (java.util.Date)8 InfoTypeAndValue (org.bouncycastle.asn1.cmp.InfoTypeAndValue)8 ASN1Integer (org.bouncycastle.asn1.ASN1Integer)7 GeneralPKIMessage (org.bouncycastle.cert.cmp.GeneralPKIMessage)7 DEROctetString (org.bouncycastle.asn1.DEROctetString)6 ASN1GeneralizedTime (org.bouncycastle.asn1.ASN1GeneralizedTime)5 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)5 GeneralName (org.bouncycastle.asn1.x509.GeneralName)5 CmpUtf8Pairs (org.xipki.cmp.CmpUtf8Pairs)5 IOException (java.io.IOException)4 ArrayList (java.util.ArrayList)4 PKIStatusInfo (org.bouncycastle.asn1.cmp.PKIStatusInfo)4 Extensions (org.bouncycastle.asn1.x509.Extensions)4 CMPException (org.bouncycastle.cert.cmp.CMPException)4 ProtectionVerificationResult (org.xipki.cmp.ProtectionVerificationResult)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial