Search in sources :

Example 1 with OcspCertStatus

use of org.xipki.ocsp.qa.OcspCertStatus in project xipki by xipki.

the class BatchOcspQaStatusCmd method processOcspQuery.

// method execute0
private ValidationResult processOcspQuery(OcspQa ocspQa, String line, File messageDir, File detailsDir, URL serverUrl, X509Certificate respIssuer, X509Certificate issuerCert, IssuerHash issuerHash, RequestOptions requestOptions) throws Exception {
    StringTokenizer tokens = new StringTokenizer(line, ",;:");
    int count = tokens.countTokens();
    BigInteger serialNumber;
    OcspCertStatus status = null;
    Date revTime = null;
    try {
        serialNumber = toBigInt(tokens.nextToken(), hex);
        if (count > 1) {
            String token = tokens.nextToken();
            if ("unknown".equalsIgnoreCase(token)) {
                status = OcspCertStatus.unknown;
            } else if ("good".equalsIgnoreCase(token)) {
                status = OcspCertStatus.good;
            } else {
                CrlReason reason = CrlReason.forNameOrText(token);
                switch(reason) {
                    case AA_COMPROMISE:
                        status = OcspCertStatus.aACompromise;
                        break;
                    case CA_COMPROMISE:
                        status = OcspCertStatus.cACompromise;
                        break;
                    case AFFILIATION_CHANGED:
                        status = OcspCertStatus.affiliationChanged;
                        break;
                    case CERTIFICATE_HOLD:
                        status = OcspCertStatus.certificateHold;
                        break;
                    case CESSATION_OF_OPERATION:
                        status = OcspCertStatus.cessationOfOperation;
                        break;
                    case KEY_COMPROMISE:
                        status = OcspCertStatus.keyCompromise;
                        break;
                    case PRIVILEGE_WITHDRAWN:
                        status = OcspCertStatus.privilegeWithdrawn;
                        break;
                    case SUPERSEDED:
                        status = OcspCertStatus.superseded;
                        break;
                    case UNSPECIFIED:
                        status = OcspCertStatus.unspecified;
                        break;
                    default:
                        throw new Exception("invalid reason");
                }
            }
        } else {
            status = OcspCertStatus.good;
        }
        if (count > 2 && status != OcspCertStatus.good && status != OcspCertStatus.unknown) {
            revTime = DateUtil.parseUtcTimeyyyyMMddhhmmss(tokens.nextToken());
        }
    } catch (Exception ex) {
        LogUtil.warn(LOG, ex, "Could not parse line '" + line + "'");
        throw new IllegalArgumentException("illegal line");
    }
    return processOcspQuery(ocspQa, serialNumber, status, revTime, messageDir, detailsDir, serverUrl, respIssuer, issuerCert, issuerHash, requestOptions);
}
Also used : StringTokenizer(java.util.StringTokenizer) BigInteger(java.math.BigInteger) OcspCertStatus(org.xipki.ocsp.qa.OcspCertStatus) CrlReason(org.xipki.security.CrlReason) Date(java.util.Date) IOException(java.io.IOException)

Example 2 with OcspCertStatus

use of org.xipki.ocsp.qa.OcspCertStatus in project xipki by xipki.

the class OcspQaStatusCmd method checkParameters.

@Override
protected void checkParameters(X509Certificate respIssuer, List<BigInteger> serialNumbers, Map<BigInteger, byte[]> encodedCerts) throws Exception {
    ParamUtil.requireNonEmpty("serialNunmbers", serialNumbers);
    if (isBlank(errorText) && isEmpty(statusTexts)) {
        throw new IllegalArgumentException("neither expError nor expStatus is set, this is not permitted");
    }
    if (isNotBlank(errorText) && isNotEmpty(statusTexts)) {
        throw new IllegalArgumentException("both expError and expStatus are set, this is not permitted");
    }
    if (isNotBlank(errorText)) {
        expectedOcspError = OcspError.forName(errorText);
    }
    if (isNotEmpty(statusTexts)) {
        if (statusTexts.size() != serialNumbers.size()) {
            throw new IllegalArgumentException("number of expStatus is invalid: " + (statusTexts.size()) + ", it should be " + serialNumbers.size());
        }
        expectedStatuses = new HashMap<>();
        final int n = serialNumbers.size();
        for (int i = 0; i < n; i++) {
            String expectedStatusText = statusTexts.get(i);
            OcspCertStatus certStatus = OcspCertStatus.forName(expectedStatusText);
            expectedStatuses.put(serialNumbers.get(i), certStatus);
        }
    }
    if (isNotEmpty(revTimeTexts)) {
        if (revTimeTexts.size() != serialNumbers.size()) {
            throw new IllegalArgumentException("number of revTimes is invalid: " + (revTimeTexts.size()) + ", it should be " + serialNumbers.size());
        }
        expecteRevTimes = new HashMap<>();
        final int n = serialNumbers.size();
        for (int i = 0; i < n; i++) {
            Date revTime = DateUtil.parseUtcTimeyyyyMMddhhmmss(revTimeTexts.get(i));
            expecteRevTimes.put(serialNumbers.get(i), revTime);
        }
    }
    expectedCerthashOccurrence = Occurrence.forName(certhashOccurrenceText);
    expectedNextUpdateOccurrence = Occurrence.forName(nextUpdateOccurrenceText);
    expectedNonceOccurrence = Occurrence.forName(nonceOccurrenceText);
}
Also used : OcspCertStatus(org.xipki.ocsp.qa.OcspCertStatus) Date(java.util.Date)

Aggregations

Date (java.util.Date)2 OcspCertStatus (org.xipki.ocsp.qa.OcspCertStatus)2 IOException (java.io.IOException)1 BigInteger (java.math.BigInteger)1 StringTokenizer (java.util.StringTokenizer)1 CrlReason (org.xipki.security.CrlReason)1