Example 36 with Request
use of org.bouncycastle.asn1.ocsp.Request in project xipki by xipki.
the class X509CmpRequestor method requestCertificate.
public EnrollCertResultResp requestCertificate(EnrollCertRequest req, RequestResponseDebug debug) throws CmpRequestorException, PkiErrorException {
ParamUtil.requireNonNull("req", req);
PKIMessage request = buildPkiMessage(req);
Map<BigInteger, String> reqIdIdMap = new HashMap<>();
List<EnrollCertRequestEntry> reqEntries = req.getRequestEntries();
for (EnrollCertRequestEntry reqEntry : reqEntries) {
reqIdIdMap.put(reqEntry.getCertReq().getCertReqId().getValue(), reqEntry.getId());
}
int exptectedBodyType;
switch(req.getType()) {
case CERT_REQ:
exptectedBodyType = PKIBody.TYPE_CERT_REP;
break;
case KEY_UPDATE:
exptectedBodyType = PKIBody.TYPE_KEY_UPDATE_REP;
break;
default:
exptectedBodyType = PKIBody.TYPE_CROSS_CERT_REP;
}
return requestCertificate0(request, reqIdIdMap, exptectedBodyType, debug);
}
Also used :
PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage)
HashMap(java.util.HashMap)
EnrollCertRequestEntry(org.xipki.ca.client.api.dto.EnrollCertRequestEntry)
BigInteger(java.math.BigInteger)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
Example 37 with Request
use of org.bouncycastle.asn1.ocsp.Request in project xipki by xipki.
the class X509CmpRequestor method envelopeRevocation.
public PKIMessage envelopeRevocation(RevokeCertRequest request) throws CmpRequestorException {
ParamUtil.requireNonNull("request", request);
PKIMessage reqMessage = buildRevokeCertRequest(request);
reqMessage = sign(reqMessage);
return reqMessage;
}
Also used :
PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage)
Example 38 with Request
use of org.bouncycastle.asn1.ocsp.Request in project xipki by xipki.
the class X509CmpRequestor method unrevokeCertificate.
public RevokeCertResultType unrevokeCertificate(UnrevokeOrRemoveCertRequest request, RequestResponseDebug debug) throws CmpRequestorException, PkiErrorException {
ParamUtil.requireNonNull("request", request);
PKIMessage reqMessage = buildUnrevokeOrRemoveCertRequest(request, CrlReason.REMOVE_FROM_CRL.getCode());
PkiResponse response = signAndSend(reqMessage, debug);
return parse(response, request.getRequestEntries());
}
Also used :
PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage)
PkiResponse(org.xipki.cmp.PkiResponse)
Example 39 with Request
use of org.bouncycastle.asn1.ocsp.Request in project xipki by xipki.
the class X509CmpRequestor method generateCrl.
public X509CRL generateCrl(RequestResponseDebug debug) throws CmpRequestorException, PkiErrorException {
int action = XiSecurityConstants.CMP_ACTION_GEN_CRL;
PKIMessage request = buildMessageWithXipkAction(action, null);
PkiResponse response = signAndSend(request, debug);
return evaluateCrlResponse(response, action);
}
Also used :
PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage)
PkiResponse(org.xipki.cmp.PkiResponse)
Example 40 with Request
use of org.bouncycastle.asn1.ocsp.Request in project xipki by xipki.
the class X509CmpRequestor method retrieveCaInfo.
public CaInfo retrieveCaInfo(String caName, RequestResponseDebug debug) throws CmpRequestorException, PkiErrorException {
ParamUtil.requireNonBlank("caName", caName);
ASN1EncodableVector vec = new ASN1EncodableVector();
vec.add(new ASN1Integer(2));
ASN1Sequence acceptVersions = new DERSequence(vec);
int action = XiSecurityConstants.CMP_ACTION_GET_CAINFO;
PKIMessage request = buildMessageWithXipkAction(action, acceptVersions);
PkiResponse response = signAndSend(request, debug);
ASN1Encodable itvValue = extractXipkiActionRepContent(response, action);
DERUTF8String utf8Str = DERUTF8String.getInstance(itvValue);
String systemInfoStr = utf8Str.getString();
LOG.debug("CAInfo for CA {}: {}", caName, systemInfoStr);
Document doc;
try {
doc = xmlDocBuilder.parse(new ByteArrayInputStream(systemInfoStr.getBytes("UTF-8")));
} catch (SAXException | IOException ex) {
throw new CmpRequestorException("could not parse the returned systemInfo for CA " + caName + ": " + ex.getMessage(), ex);
}
final String namespace = null;
Element root = doc.getDocumentElement();
String str = root.getAttribute("version");
if (StringUtil.isBlank(str)) {
str = root.getAttributeNS(namespace, "version");
}
int version = StringUtil.isBlank(str) ? 1 : Integer.parseInt(str);
if (version == 2) {
// CACert
X509Certificate caCert;
String b64CaCert = XmlUtil.getValueOfFirstElementChild(root, namespace, "CACert");
try {
caCert = X509Util.parseBase64EncodedCert(b64CaCert);
} catch (CertificateException ex) {
throw new CmpRequestorException("could no parse the CA certificate", ex);
}
// CmpControl
ClientCmpControl cmpControl = null;
Element cmpCtrlElement = XmlUtil.getFirstElementChild(root, namespace, "cmpControl");
if (cmpCtrlElement != null) {
String tmpStr = XmlUtil.getValueOfFirstElementChild(cmpCtrlElement, namespace, "rrAkiRequired");
boolean required = (tmpStr == null) ? false : Boolean.parseBoolean(tmpStr);
cmpControl = new ClientCmpControl(required);
}
// certprofiles
Set<String> profileNames = new HashSet<>();
Element profilesElement = XmlUtil.getFirstElementChild(root, namespace, "certprofiles");
Set<CertprofileInfo> profiles = new HashSet<>();
if (profilesElement != null) {
List<Element> profileElements = XmlUtil.getElementChilden(profilesElement, namespace, "certprofile");
for (Element element : profileElements) {
String name = XmlUtil.getValueOfFirstElementChild(element, namespace, "name");
String type = XmlUtil.getValueOfFirstElementChild(element, namespace, "type");
String conf = XmlUtil.getValueOfFirstElementChild(element, namespace, "conf");
CertprofileInfo profile = new CertprofileInfo(name, type, conf);
profiles.add(profile);
profileNames.add(name);
LOG.debug("configured for CA {} certprofile (name={}, type={}, conf={})", caName, name, type, conf);
}
}
LOG.info("CA {} supports profiles {}", caName, profileNames);
return new CaInfo(caCert, cmpControl, profiles);
} else {
throw new CmpRequestorException("unknown CAInfo version " + version);
}
}
Also used :
PkiResponse(org.xipki.cmp.PkiResponse)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
Element(org.w3c.dom.Element)
CertificateException(java.security.cert.CertificateException)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
Document(org.w3c.dom.Document)
SAXException(org.xml.sax.SAXException)
DERSequence(org.bouncycastle.asn1.DERSequence)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
HashSet(java.util.HashSet)
PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage)
CertprofileInfo(org.xipki.ca.client.api.CertprofileInfo)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
IOException(java.io.IOException)
X509Certificate(java.security.cert.X509Certificate)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
ByteArrayInputStream(java.io.ByteArrayInputStream)
Aggregations
IOException (java.io.IOException)47
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)30
Date (java.util.Date)27
DEROctetString (org.bouncycastle.asn1.DEROctetString)26
BigInteger (java.math.BigInteger)23
X509Certificate (java.security.cert.X509Certificate)22
PKIMessage (org.bouncycastle.asn1.cmp.PKIMessage)22
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)20
CertificateException (java.security.cert.CertificateException)18
ArrayList (java.util.ArrayList)17
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)17
X500Name (org.bouncycastle.asn1.x500.X500Name)16
Extension (org.bouncycastle.asn1.x509.Extension)16
Extensions (org.bouncycastle.asn1.x509.Extensions)16
ASN1Integer (org.bouncycastle.asn1.ASN1Integer)15
DERIA5String (org.bouncycastle.asn1.DERIA5String)15
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)14
PKIBody (org.bouncycastle.asn1.cmp.PKIBody)13
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)12
GeneralName (org.bouncycastle.asn1.x509.GeneralName)11
