Search in sources :

Example 1 with PkiErrorException

use of org.xipki.cmpclient.PkiErrorException in project xipki by xipki.

the class CmpAgentUtil method evaluateCrlResponse.

// method decrypt
static X509CRLHolder evaluateCrlResponse(VerifiedPkiMessage response, Integer xipkiAction) throws CmpClientException, PkiErrorException {
    checkProtection(notNull(response, "response"));
    PKIBody respBody = response.getPkiMessage().getBody();
    int bodyType = respBody.getType();
    if (PKIBody.TYPE_ERROR == bodyType) {
        ErrorMsgContent content = ErrorMsgContent.getInstance(respBody.getContent());
        throw new PkiErrorException(content.getPKIStatusInfo());
    } else if (PKIBody.TYPE_GEN_REP != bodyType) {
        throw new CmpClientException(String.format("unknown PKI body type %s instead the expected [%s, %s]", bodyType, PKIBody.TYPE_GEN_REP, PKIBody.TYPE_ERROR));
    }
    ASN1ObjectIdentifier expectedType = (xipkiAction == null) ? CMPObjectIdentifiers.it_currentCRL : ObjectIdentifiers.Xipki.id_xipki_cmp_cmpGenmsg;
    GenRepContent genRep = GenRepContent.getInstance(respBody.getContent());
    InfoTypeAndValue[] itvs = genRep.toInfoTypeAndValueArray();
    InfoTypeAndValue itv = null;
    if (itvs != null && itvs.length > 0) {
        for (InfoTypeAndValue m : itvs) {
            if (expectedType.equals(m.getInfoType())) {
                itv = m;
                break;
            }
        }
    }
    if (itv == null) {
        throw new CmpClientException("the response does not contain InfoTypeAndValue " + expectedType);
    }
    ASN1Encodable certListAsn1Object = (xipkiAction == null) ? itv.getInfoValue() : extractXiActionContent(itv.getInfoValue(), xipkiAction);
    CertificateList certList = CertificateList.getInstance(certListAsn1Object);
    return new X509CRLHolder(certList);
}
Also used : PkiErrorException(org.xipki.cmpclient.PkiErrorException) X509CRLHolder(org.bouncycastle.cert.X509CRLHolder) CmpClientException(org.xipki.cmpclient.CmpClientException)

Example 2 with PkiErrorException

use of org.xipki.cmpclient.PkiErrorException in project xipki by xipki.

the class CmpAgentUtil method checkProtection.

// method extractXiActionContent
static void checkProtection(VerifiedPkiMessage response) throws PkiErrorException {
    notNull(response, "response");
    if (!response.hasProtection()) {
        return;
    }
    ProtectionVerificationResult protectionVerificationResult = response.getProtectionVerificationResult();
    boolean valid;
    if (protectionVerificationResult == null) {
        valid = false;
    } else {
        ProtectionResult protectionResult = protectionVerificationResult.getProtectionResult();
        valid = protectionResult == ProtectionResult.MAC_VALID || protectionResult == ProtectionResult.SIGNATURE_VALID;
    }
    if (!valid) {
        throw new PkiErrorException(PKISTATUS_RESPONSE_ERROR, PKIFailureInfo.badMessageCheck, "message check of the response failed");
    }
}
Also used : ProtectionResult(org.xipki.security.cmp.ProtectionResult) PkiErrorException(org.xipki.cmpclient.PkiErrorException) ProtectionVerificationResult(org.xipki.security.cmp.ProtectionVerificationResult)

Example 3 with PkiErrorException

use of org.xipki.cmpclient.PkiErrorException in project xipki by xipki.

the class CmpAgentUtil method parse.

// method evaluateCrlResponse
static RevokeCertResponse parse(VerifiedPkiMessage response, List<? extends UnrevokeOrRemoveCertRequest.Entry> reqEntries) throws CmpClientException, PkiErrorException {
    checkProtection(notNull(response, "response"));
    PKIBody respBody = response.getPkiMessage().getBody();
    int bodyType = respBody.getType();
    if (PKIBody.TYPE_ERROR == bodyType) {
        ErrorMsgContent content = ErrorMsgContent.getInstance(respBody.getContent());
        throw new PkiErrorException(content.getPKIStatusInfo());
    } else if (PKIBody.TYPE_REVOCATION_REP != bodyType) {
        throw new CmpClientException(String.format("unknown PKI body type %s instead the expected [%s, %s]", bodyType, PKIBody.TYPE_REVOCATION_REP, PKIBody.TYPE_ERROR));
    }
    RevRepContent content = RevRepContent.getInstance(respBody.getContent());
    PKIStatusInfo[] statuses = content.getStatus();
    if (statuses == null || statuses.length != reqEntries.size()) {
        int statusesLen = 0;
        if (statuses != null) {
            statusesLen = statuses.length;
        }
        throw new CmpClientException(String.format("incorrect number of status entries in response '%s' instead the expected '%s'", statusesLen, reqEntries.size()));
    }
    CertId[] revCerts = content.getRevCerts();
    RevokeCertResponse result = new RevokeCertResponse();
    for (int i = 0; i < statuses.length; i++) {
        PKIStatusInfo statusInfo = statuses[i];
        int status = statusInfo.getStatus().intValue();
        UnrevokeOrRemoveCertRequest.Entry re = reqEntries.get(i);
        if (status != PKIStatus.GRANTED && status != PKIStatus.GRANTED_WITH_MODS) {
            PKIFreeText text = statusInfo.getStatusString();
            String statusString = (text == null) ? null : text.getStringAt(0).getString();
            ResultEntry resultEntry = new ResultEntry.Error(re.getId(), status, statusInfo.getFailInfo().intValue(), statusString);
            result.addResultEntry(resultEntry);
            continue;
        }
        CertId certId = null;
        if (revCerts != null) {
            for (CertId entry : revCerts) {
                if (re.getIssuer().equals(entry.getIssuer().getName()) && re.getSerialNumber().equals(entry.getSerialNumber().getValue())) {
                    certId = entry;
                    break;
                }
            }
        }
        if (certId == null) {
            LOG.warn("certId is not present in response for (issuer='{}', serialNumber={})", X509Util.getRfc4519Name(re.getIssuer()), LogUtil.formatCsn(re.getSerialNumber()));
            certId = new CertId(new GeneralName(re.getIssuer()), re.getSerialNumber());
        }
        result.addResultEntry(new ResultEntry.RevokeCert(re.getId(), certId));
    }
    return result;
}
Also used : CertId(org.bouncycastle.asn1.crmf.CertId) CmpClientException(org.xipki.cmpclient.CmpClientException) PkiErrorException(org.xipki.cmpclient.PkiErrorException) UnrevokeOrRemoveCertRequest(org.xipki.cmpclient.UnrevokeOrRemoveCertRequest)

Aggregations

PkiErrorException (org.xipki.cmpclient.PkiErrorException)3 CmpClientException (org.xipki.cmpclient.CmpClientException)2 CertId (org.bouncycastle.asn1.crmf.CertId)1 X509CRLHolder (org.bouncycastle.cert.X509CRLHolder)1 UnrevokeOrRemoveCertRequest (org.xipki.cmpclient.UnrevokeOrRemoveCertRequest)1 ProtectionResult (org.xipki.security.cmp.ProtectionResult)1 ProtectionVerificationResult (org.xipki.security.cmp.ProtectionVerificationResult)1