Example 1 with RevRepContent
use of org.bouncycastle.asn1.cmp.RevRepContent in project xipki by xipki.
the class CmpCaClient method parseRevocationResult.
private boolean parseRevocationResult(PKIMessage response, BigInteger serialNumber) throws Exception {
PKIBody respBody = response.getBody();
final int bodyType = respBody.getType();
if (PKIBody.TYPE_ERROR == bodyType) {
ErrorMsgContent content = ErrorMsgContent.getInstance(respBody.getContent());
throw new Exception("Server returned PKIStatus: " + content.getPKIStatusInfo());
} else if (PKIBody.TYPE_REVOCATION_REP != bodyType) {
throw new Exception(String.format("unknown PKI body type %s instead the expected [%s, %s]", bodyType, PKIBody.TYPE_REVOCATION_REP, PKIBody.TYPE_ERROR));
}
RevRepContent content = RevRepContent.getInstance(respBody.getContent());
PKIStatusInfo[] statuses = content.getStatus();
int statusesLen = (statuses == null) ? 0 : statuses.length;
if (statusesLen != 1) {
throw new Exception(String.format("incorrect number of status entries in response '%s'" + " instead the expected '1'", statusesLen));
}
PKIStatusInfo statusInfo = statuses[0];
int status = statusInfo.getStatus().intValue();
if (status != PKIStatus.GRANTED && status != PKIStatus.GRANTED_WITH_MODS) {
LOG.warn("Server returned error: " + buildText(statusInfo));
return false;
}
CertId[] revCerts = content.getRevCerts();
if (revCerts == null) {
return true;
}
CertId revCert = revCerts[0];
return caSubject.equals(revCert.getIssuer().getName()) && serialNumber.equals(revCert.getSerialNumber().getValue());
}
Also used :
PKIBody(org.bouncycastle.asn1.cmp.PKIBody)
CertId(org.bouncycastle.asn1.crmf.CertId)
PKIStatusInfo(org.bouncycastle.asn1.cmp.PKIStatusInfo)
ErrorMsgContent(org.bouncycastle.asn1.cmp.ErrorMsgContent)
RevRepContent(org.bouncycastle.asn1.cmp.RevRepContent)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
CMPException(org.bouncycastle.cert.cmp.CMPException)
InvalidKeyException(java.security.InvalidKeyException)
IOException(java.io.IOException)
Example 2 with RevRepContent
use of org.bouncycastle.asn1.cmp.RevRepContent in project xipki by xipki.
the class X509CmpRequestor method parse.
private RevokeCertResultType parse(PkiResponse response, List<? extends IssuerSerialEntry> reqEntries) throws CmpRequestorException, PkiErrorException {
ParamUtil.requireNonNull("response", response);
checkProtection(response);
PKIBody respBody = response.getPkiMessage().getBody();
int bodyType = respBody.getType();
if (PKIBody.TYPE_ERROR == bodyType) {
ErrorMsgContent content = ErrorMsgContent.getInstance(respBody.getContent());
throw new PkiErrorException(content.getPKIStatusInfo());
} else if (PKIBody.TYPE_REVOCATION_REP != bodyType) {
throw new CmpRequestorException(String.format("unknown PKI body type %s instead the expected [%s, %s]", bodyType, PKIBody.TYPE_REVOCATION_REP, PKIBody.TYPE_ERROR));
}
RevRepContent content = RevRepContent.getInstance(respBody.getContent());
PKIStatusInfo[] statuses = content.getStatus();
if (statuses == null || statuses.length != reqEntries.size()) {
int statusesLen = 0;
if (statuses != null) {
statusesLen = statuses.length;
}
throw new CmpRequestorException(String.format("incorrect number of status entries in response '%s' instead the expected '%s'", statusesLen, reqEntries.size()));
}
CertId[] revCerts = content.getRevCerts();
RevokeCertResultType result = new RevokeCertResultType();
for (int i = 0; i < statuses.length; i++) {
PKIStatusInfo statusInfo = statuses[i];
int status = statusInfo.getStatus().intValue();
IssuerSerialEntry re = reqEntries.get(i);
if (status != PKIStatus.GRANTED && status != PKIStatus.GRANTED_WITH_MODS) {
PKIFreeText text = statusInfo.getStatusString();
String statusString = (text == null) ? null : text.getStringAt(0).getString();
ResultEntry resultEntry = new ErrorResultEntry(re.getId(), status, statusInfo.getFailInfo().intValue(), statusString);
result.addResultEntry(resultEntry);
continue;
}
CertId certId = null;
if (revCerts != null) {
for (CertId entry : revCerts) {
if (re.getIssuer().equals(entry.getIssuer().getName()) && re.getSerialNumber().equals(entry.getSerialNumber().getValue())) {
certId = entry;
break;
}
}
}
if (certId == null) {
LOG.warn("certId is not present in response for (issuer='{}', serialNumber={})", X509Util.getRfc4519Name(re.getIssuer()), LogUtil.formatCsn(re.getSerialNumber()));
certId = new CertId(new GeneralName(re.getIssuer()), re.getSerialNumber());
continue;
}
ResultEntry resultEntry = new RevokeCertResultEntry(re.getId(), certId);
result.addResultEntry(resultEntry);
}
return result;
}
Also used :
ErrorResultEntry(org.xipki.ca.client.api.dto.ErrorResultEntry)
RevokeCertResultEntry(org.xipki.ca.client.api.dto.RevokeCertResultEntry)
EnrollCertResultEntry(org.xipki.ca.client.api.dto.EnrollCertResultEntry)
ResultEntry(org.xipki.ca.client.api.dto.ResultEntry)
PKIBody(org.bouncycastle.asn1.cmp.PKIBody)
RevokeCertResultEntry(org.xipki.ca.client.api.dto.RevokeCertResultEntry)
CertId(org.bouncycastle.asn1.crmf.CertId)
PKIStatusInfo(org.bouncycastle.asn1.cmp.PKIStatusInfo)
ErrorResultEntry(org.xipki.ca.client.api.dto.ErrorResultEntry)
IssuerSerialEntry(org.xipki.ca.client.api.dto.IssuerSerialEntry)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
RevRepContent(org.bouncycastle.asn1.cmp.RevRepContent)
PKIFreeText(org.bouncycastle.asn1.cmp.PKIFreeText)
PkiErrorException(org.xipki.ca.client.api.PkiErrorException)
RevokeCertResultType(org.xipki.ca.client.api.dto.RevokeCertResultType)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
ErrorMsgContent(org.bouncycastle.asn1.cmp.ErrorMsgContent)
Aggregations
ErrorMsgContent (org.bouncycastle.asn1.cmp.ErrorMsgContent)2
PKIBody (org.bouncycastle.asn1.cmp.PKIBody)2
PKIStatusInfo (org.bouncycastle.asn1.cmp.PKIStatusInfo)2
RevRepContent (org.bouncycastle.asn1.cmp.RevRepContent)2
CertId (org.bouncycastle.asn1.crmf.CertId)2
IOException (java.io.IOException)1
InvalidKeyException (java.security.InvalidKeyException)1
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)1
DEROctetString (org.bouncycastle.asn1.DEROctetString)1
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)1
PKIFreeText (org.bouncycastle.asn1.cmp.PKIFreeText)1
GeneralName (org.bouncycastle.asn1.x509.GeneralName)1
CMPException (org.bouncycastle.cert.cmp.CMPException)1
OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)1
PkiErrorException (org.xipki.ca.client.api.PkiErrorException)1
EnrollCertResultEntry (org.xipki.ca.client.api.dto.EnrollCertResultEntry)1
ErrorResultEntry (org.xipki.ca.client.api.dto.ErrorResultEntry)1
IssuerSerialEntry (org.xipki.ca.client.api.dto.IssuerSerialEntry)1
ResultEntry (org.xipki.ca.client.api.dto.ResultEntry)1
RevokeCertResultEntry (org.xipki.ca.client.api.dto.RevokeCertResultEntry)1
