Example 21 with PKIMessage
use of org.bouncycastle.asn1.cmp.PKIMessage in project xipki by xipki.
the class X509CmpRequestor method envelopeRevocation.
public PKIMessage envelopeRevocation(RevokeCertRequest request) throws CmpRequestorException {
ParamUtil.requireNonNull("request", request);
PKIMessage reqMessage = buildRevokeCertRequest(request);
reqMessage = sign(reqMessage);
return reqMessage;
}
Also used :
PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage)
Example 22 with PKIMessage
use of org.bouncycastle.asn1.cmp.PKIMessage in project xipki by xipki.
the class X509CmpRequestor method buildPkiMessage.
private PKIMessage buildPkiMessage(EnrollCertRequest req) {
PKIHeader header = buildPkiHeader(implicitConfirm, null);
List<EnrollCertRequestEntry> reqEntries = req.getRequestEntries();
CertReqMsg[] certReqMsgs = new CertReqMsg[reqEntries.size()];
for (int i = 0; i < reqEntries.size(); i++) {
EnrollCertRequestEntry reqEntry = reqEntries.get(i);
CmpUtf8Pairs utf8Pairs = new CmpUtf8Pairs(CmpUtf8Pairs.KEY_CERTPROFILE, reqEntry.getCertprofile());
AttributeTypeAndValue certprofileInfo = CmpUtil.buildAttributeTypeAndValue(utf8Pairs);
AttributeTypeAndValue[] atvs = (certprofileInfo == null) ? null : new AttributeTypeAndValue[] { certprofileInfo };
certReqMsgs[i] = new CertReqMsg(reqEntry.getCertReq(), reqEntry.getPopo(), atvs);
}
int bodyType;
switch(req.getType()) {
case CERT_REQ:
bodyType = PKIBody.TYPE_CERT_REQ;
break;
case KEY_UPDATE:
bodyType = PKIBody.TYPE_KEY_UPDATE_REQ;
break;
default:
bodyType = PKIBody.TYPE_CROSS_CERT_REQ;
}
PKIBody body = new PKIBody(bodyType, new CertReqMessages(certReqMsgs));
return new PKIMessage(header, body);
}
Also used :
PKIHeader(org.bouncycastle.asn1.cmp.PKIHeader)
PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage)
PKIBody(org.bouncycastle.asn1.cmp.PKIBody)
CertReqMessages(org.bouncycastle.asn1.crmf.CertReqMessages)
CmpUtf8Pairs(org.xipki.cmp.CmpUtf8Pairs)
CertReqMsg(org.bouncycastle.asn1.crmf.CertReqMsg)
EnrollCertRequestEntry(org.xipki.ca.client.api.dto.EnrollCertRequestEntry)
AttributeTypeAndValue(org.bouncycastle.asn1.crmf.AttributeTypeAndValue)
Example 23 with PKIMessage
use of org.bouncycastle.asn1.cmp.PKIMessage in project xipki by xipki.
the class X509CmpRequestor method unrevokeCertificate.
public RevokeCertResultType unrevokeCertificate(UnrevokeOrRemoveCertRequest request, RequestResponseDebug debug) throws CmpRequestorException, PkiErrorException {
ParamUtil.requireNonNull("request", request);
PKIMessage reqMessage = buildUnrevokeOrRemoveCertRequest(request, CrlReason.REMOVE_FROM_CRL.getCode());
PkiResponse response = signAndSend(reqMessage, debug);
return parse(response, request.getRequestEntries());
}
Also used :
PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage)
PkiResponse(org.xipki.cmp.PkiResponse)
Example 24 with PKIMessage
use of org.bouncycastle.asn1.cmp.PKIMessage in project xipki by xipki.
the class X509CmpRequestor method generateCrl.
public X509CRL generateCrl(RequestResponseDebug debug) throws CmpRequestorException, PkiErrorException {
int action = XiSecurityConstants.CMP_ACTION_GEN_CRL;
PKIMessage request = buildMessageWithXipkAction(action, null);
PkiResponse response = signAndSend(request, debug);
return evaluateCrlResponse(response, action);
}
Also used :
PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage)
PkiResponse(org.xipki.cmp.PkiResponse)
Example 25 with PKIMessage
use of org.bouncycastle.asn1.cmp.PKIMessage in project xipki by xipki.
the class X509CmpRequestor method requestCertificate0.
private EnrollCertResultResp requestCertificate0(PKIMessage reqMessage, Map<BigInteger, String> reqIdIdMap, int expectedBodyType, RequestResponseDebug debug) throws CmpRequestorException, PkiErrorException {
PkiResponse response = signAndSend(reqMessage, debug);
checkProtection(response);
PKIBody respBody = response.getPkiMessage().getBody();
final int bodyType = respBody.getType();
if (PKIBody.TYPE_ERROR == bodyType) {
ErrorMsgContent content = ErrorMsgContent.getInstance(respBody.getContent());
throw new PkiErrorException(content.getPKIStatusInfo());
} else if (expectedBodyType != bodyType) {
throw new CmpRequestorException(String.format("unknown PKI body type %s instead the expected [%s, %s]", bodyType, expectedBodyType, PKIBody.TYPE_ERROR));
}
CertRepMessage certRep = CertRepMessage.getInstance(respBody.getContent());
CertResponse[] certResponses = certRep.getResponse();
EnrollCertResultResp result = new EnrollCertResultResp();
// CA certificates
CMPCertificate[] caPubs = certRep.getCaPubs();
if (caPubs != null && caPubs.length > 0) {
for (int i = 0; i < caPubs.length; i++) {
if (caPubs[i] != null) {
result.addCaCertificate(caPubs[i]);
}
}
}
CertificateConfirmationContentBuilder certConfirmBuilder = null;
if (!CmpUtil.isImplictConfirm(response.getPkiMessage().getHeader())) {
certConfirmBuilder = new CertificateConfirmationContentBuilder();
}
boolean requireConfirm = false;
// We only accept the certificates which are requested.
for (CertResponse certResp : certResponses) {
PKIStatusInfo statusInfo = certResp.getStatus();
int status = statusInfo.getStatus().intValue();
BigInteger certReqId = certResp.getCertReqId().getValue();
String thisId = reqIdIdMap.get(certReqId);
if (thisId != null) {
reqIdIdMap.remove(certReqId);
} else if (reqIdIdMap.size() == 1) {
thisId = reqIdIdMap.values().iterator().next();
reqIdIdMap.clear();
}
if (thisId == null) {
// ignore it. this cert is not requested by me
continue;
}
ResultEntry resultEntry;
if (status == PKIStatus.GRANTED || status == PKIStatus.GRANTED_WITH_MODS) {
CertifiedKeyPair cvk = certResp.getCertifiedKeyPair();
if (cvk == null) {
return null;
}
CMPCertificate cmpCert = cvk.getCertOrEncCert().getCertificate();
if (cmpCert == null) {
return null;
}
resultEntry = new EnrollCertResultEntry(thisId, cmpCert, status);
if (certConfirmBuilder != null) {
requireConfirm = true;
X509CertificateHolder certHolder = null;
try {
certHolder = new X509CertificateHolder(cmpCert.getEncoded());
} catch (IOException ex) {
resultEntry = new ErrorResultEntry(thisId, ClientErrorCode.PKISTATUS_RESPONSE_ERROR, PKIFailureInfo.systemFailure, "could not decode the certificate");
}
if (certHolder != null) {
certConfirmBuilder.addAcceptedCertificate(certHolder, certReqId);
}
}
} else {
PKIFreeText statusString = statusInfo.getStatusString();
String errorMessage = (statusString == null) ? null : statusString.getStringAt(0).getString();
int failureInfo = statusInfo.getFailInfo().intValue();
resultEntry = new ErrorResultEntry(thisId, status, failureInfo, errorMessage);
}
result.addResultEntry(resultEntry);
}
if (CollectionUtil.isNonEmpty(reqIdIdMap)) {
for (BigInteger reqId : reqIdIdMap.keySet()) {
ErrorResultEntry ere = new ErrorResultEntry(reqIdIdMap.get(reqId), ClientErrorCode.PKISTATUS_NO_ANSWER);
result.addResultEntry(ere);
}
}
if (!requireConfirm) {
return result;
}
PKIMessage confirmRequest = buildCertConfirmRequest(response.getPkiMessage().getHeader().getTransactionID(), certConfirmBuilder);
response = signAndSend(confirmRequest, debug);
checkProtection(response);
return result;
}
Also used :
ErrorResultEntry(org.xipki.ca.client.api.dto.ErrorResultEntry)
RevokeCertResultEntry(org.xipki.ca.client.api.dto.RevokeCertResultEntry)
EnrollCertResultEntry(org.xipki.ca.client.api.dto.EnrollCertResultEntry)
ResultEntry(org.xipki.ca.client.api.dto.ResultEntry)
PkiResponse(org.xipki.cmp.PkiResponse)
PKIStatusInfo(org.bouncycastle.asn1.cmp.PKIStatusInfo)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
CMPCertificate(org.bouncycastle.asn1.cmp.CMPCertificate)
PkiErrorException(org.xipki.ca.client.api.PkiErrorException)
CertifiedKeyPair(org.bouncycastle.asn1.cmp.CertifiedKeyPair)
PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage)
PKIBody(org.bouncycastle.asn1.cmp.PKIBody)
CertificateConfirmationContentBuilder(org.bouncycastle.cert.cmp.CertificateConfirmationContentBuilder)
CertResponse(org.bouncycastle.asn1.cmp.CertResponse)
ErrorResultEntry(org.xipki.ca.client.api.dto.ErrorResultEntry)
CertRepMessage(org.bouncycastle.asn1.cmp.CertRepMessage)
IOException(java.io.IOException)
PKIFreeText(org.bouncycastle.asn1.cmp.PKIFreeText)
EnrollCertResultResp(org.xipki.ca.client.api.dto.EnrollCertResultResp)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
BigInteger(java.math.BigInteger)
EnrollCertResultEntry(org.xipki.ca.client.api.dto.EnrollCertResultEntry)
ErrorMsgContent(org.bouncycastle.asn1.cmp.ErrorMsgContent)
Aggregations
PKIMessage (org.bouncycastle.asn1.cmp.PKIMessage)31
PKIBody (org.bouncycastle.asn1.cmp.PKIBody)24
Date (java.util.Date)18
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)16
PKIHeader (org.bouncycastle.asn1.cmp.PKIHeader)16
IOException (java.io.IOException)14
ProtectedPKIMessage (org.bouncycastle.cert.cmp.ProtectedPKIMessage)13
X509Certificate (java.security.cert.X509Certificate)12
ASN1Integer (org.bouncycastle.asn1.ASN1Integer)11
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)11
GeneralPKIMessage (org.bouncycastle.cert.cmp.GeneralPKIMessage)11
DEROctetString (org.bouncycastle.asn1.DEROctetString)10
InfoTypeAndValue (org.bouncycastle.asn1.cmp.InfoTypeAndValue)9
ContentInfo (org.bouncycastle.asn1.cms.ContentInfo)9
BigInteger (java.math.BigInteger)8
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)8
X500Name (org.bouncycastle.asn1.x500.X500Name)7
Extensions (org.bouncycastle.asn1.x509.Extensions)7
InvalidKeyException (java.security.InvalidKeyException)6
CertificateException (java.security.cert.CertificateException)6
