Example 1 with CMPException
use of org.bouncycastle.cert.cmp.CMPException in project xipki by xipki.
the class CmpRequestor method signAndSend.
protected PkiResponse signAndSend(PKIMessage request, RequestResponseDebug debug) throws CmpRequestorException {
ParamUtil.requireNonNull("request", request);
PKIMessage tmpRequest = (signRequest) ? sign(request) : request;
byte[] encodedRequest;
try {
encodedRequest = tmpRequest.getEncoded();
} catch (IOException ex) {
LOG.error("could not encode the PKI request {}", tmpRequest);
throw new CmpRequestorException(ex.getMessage(), ex);
}
RequestResponsePair reqResp = null;
if (debug != null) {
reqResp = new RequestResponsePair();
debug.add(reqResp);
if (debug.saveRequest()) {
reqResp.setRequest(encodedRequest);
}
}
byte[] encodedResponse;
try {
encodedResponse = send(encodedRequest);
} catch (IOException ex) {
LOG.error("could not send the PKI request {} to server", tmpRequest);
throw new CmpRequestorException("TRANSPORT_ERROR", ex);
}
if (reqResp != null && debug.saveResponse()) {
reqResp.setResponse(encodedResponse);
}
GeneralPKIMessage response;
try {
response = new GeneralPKIMessage(encodedResponse);
} catch (IOException ex) {
LOG.error("could not decode the received PKI message: {}", Hex.encode(encodedResponse));
throw new CmpRequestorException(ex.getMessage(), ex);
}
PKIHeader reqHeader = request.getHeader();
PKIHeader respHeader = response.getHeader();
ASN1OctetString tid = reqHeader.getTransactionID();
ASN1OctetString respTid = respHeader.getTransactionID();
if (!tid.equals(respTid)) {
LOG.warn("Response contains different tid ({}) than requested {}", respTid, tid);
throw new CmpRequestorException("Response contains differnt tid than the request");
}
ASN1OctetString senderNonce = reqHeader.getSenderNonce();
ASN1OctetString respRecipientNonce = respHeader.getRecipNonce();
if (!senderNonce.equals(respRecipientNonce)) {
LOG.warn("tid {}: response.recipientNonce ({}) != request.senderNonce ({})", tid, respRecipientNonce, senderNonce);
throw new CmpRequestorException("Response contains differnt tid than the request");
}
GeneralName rec = respHeader.getRecipient();
if (!sender.equals(rec)) {
LOG.warn("tid={}: unknown CMP requestor '{}'", tid, rec);
}
PkiResponse ret = new PkiResponse(response);
if (response.hasProtection()) {
try {
ProtectionVerificationResult verifyProtection = verifyProtection(Hex.encode(tid.getOctets()), response);
ret.setProtectionVerificationResult(verifyProtection);
} catch (InvalidKeyException | OperatorCreationException | CMPException ex) {
throw new CmpRequestorException(ex.getMessage(), ex);
}
} else if (signRequest) {
PKIBody respBody = response.getBody();
int bodyType = respBody.getType();
if (bodyType != PKIBody.TYPE_ERROR) {
throw new CmpRequestorException("response is not signed");
}
}
return ret;
}
Also used :
ProtectedPKIMessage(org.bouncycastle.cert.cmp.ProtectedPKIMessage)
PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage)
GeneralPKIMessage(org.bouncycastle.cert.cmp.GeneralPKIMessage)
RequestResponsePair(org.xipki.common.RequestResponsePair)
PKIHeader(org.bouncycastle.asn1.cmp.PKIHeader)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
PkiResponse(org.xipki.cmp.PkiResponse)
PKIBody(org.bouncycastle.asn1.cmp.PKIBody)
ProtectionVerificationResult(org.xipki.cmp.ProtectionVerificationResult)
IOException(java.io.IOException)
InvalidKeyException(java.security.InvalidKeyException)
GeneralPKIMessage(org.bouncycastle.cert.cmp.GeneralPKIMessage)
CMPException(org.bouncycastle.cert.cmp.CMPException)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
Example 2 with CMPException
use of org.bouncycastle.cert.cmp.CMPException in project xipki by xipki.
the class X509CmpRequestor method buildCertConfirmRequest.
// method requestCertificate0
private PKIMessage buildCertConfirmRequest(ASN1OctetString tid, CertificateConfirmationContentBuilder certConfirmBuilder) throws CmpRequestorException {
PKIHeader header = buildPkiHeader(implicitConfirm, tid, null, (InfoTypeAndValue[]) null);
CertificateConfirmationContent certConfirm;
try {
certConfirm = certConfirmBuilder.build(DIGEST_CALCULATOR_PROVIDER);
} catch (CMPException ex) {
throw new CmpRequestorException(ex.getMessage(), ex);
}
PKIBody body = new PKIBody(PKIBody.TYPE_CERT_CONFIRM, certConfirm.toASN1Structure());
return new PKIMessage(header, body);
}
Also used :
PKIHeader(org.bouncycastle.asn1.cmp.PKIHeader)
PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage)
CertificateConfirmationContent(org.bouncycastle.cert.cmp.CertificateConfirmationContent)
PKIBody(org.bouncycastle.asn1.cmp.PKIBody)
CMPException(org.bouncycastle.cert.cmp.CMPException)
InfoTypeAndValue(org.bouncycastle.asn1.cmp.InfoTypeAndValue)
Aggregations
PKIBody (org.bouncycastle.asn1.cmp.PKIBody)2
PKIHeader (org.bouncycastle.asn1.cmp.PKIHeader)2
PKIMessage (org.bouncycastle.asn1.cmp.PKIMessage)2
CMPException (org.bouncycastle.cert.cmp.CMPException)2
IOException (java.io.IOException)1
InvalidKeyException (java.security.InvalidKeyException)1
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)1
InfoTypeAndValue (org.bouncycastle.asn1.cmp.InfoTypeAndValue)1
GeneralName (org.bouncycastle.asn1.x509.GeneralName)1
CertificateConfirmationContent (org.bouncycastle.cert.cmp.CertificateConfirmationContent)1
GeneralPKIMessage (org.bouncycastle.cert.cmp.GeneralPKIMessage)1
ProtectedPKIMessage (org.bouncycastle.cert.cmp.ProtectedPKIMessage)1
OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)1
PkiResponse (org.xipki.cmp.PkiResponse)1
ProtectionVerificationResult (org.xipki.cmp.ProtectionVerificationResult)1
RequestResponsePair (org.xipki.common.RequestResponsePair)1
