use of org.xipki.ocsp.qa.OcspCertStatus in project xipki by xipki.
the class BatchOcspQaStatusCmd method processOcspQuery.
// method execute0
private ValidationResult processOcspQuery(OcspQa ocspQa, String line, File messageDir, File detailsDir, URL serverUrl, X509Certificate respIssuer, X509Certificate issuerCert, IssuerHash issuerHash, RequestOptions requestOptions) throws Exception {
StringTokenizer tokens = new StringTokenizer(line, ",;:");
int count = tokens.countTokens();
BigInteger serialNumber;
OcspCertStatus status = null;
Date revTime = null;
try {
serialNumber = toBigInt(tokens.nextToken(), hex);
if (count > 1) {
String token = tokens.nextToken();
if ("unknown".equalsIgnoreCase(token)) {
status = OcspCertStatus.unknown;
} else if ("good".equalsIgnoreCase(token)) {
status = OcspCertStatus.good;
} else {
CrlReason reason = CrlReason.forNameOrText(token);
switch(reason) {
case AA_COMPROMISE:
status = OcspCertStatus.aACompromise;
break;
case CA_COMPROMISE:
status = OcspCertStatus.cACompromise;
break;
case AFFILIATION_CHANGED:
status = OcspCertStatus.affiliationChanged;
break;
case CERTIFICATE_HOLD:
status = OcspCertStatus.certificateHold;
break;
case CESSATION_OF_OPERATION:
status = OcspCertStatus.cessationOfOperation;
break;
case KEY_COMPROMISE:
status = OcspCertStatus.keyCompromise;
break;
case PRIVILEGE_WITHDRAWN:
status = OcspCertStatus.privilegeWithdrawn;
break;
case SUPERSEDED:
status = OcspCertStatus.superseded;
break;
case UNSPECIFIED:
status = OcspCertStatus.unspecified;
break;
default:
throw new Exception("invalid reason");
}
}
} else {
status = OcspCertStatus.good;
}
if (count > 2 && status != OcspCertStatus.good && status != OcspCertStatus.unknown) {
revTime = DateUtil.parseUtcTimeyyyyMMddhhmmss(tokens.nextToken());
}
} catch (Exception ex) {
LogUtil.warn(LOG, ex, "Could not parse line '" + line + "'");
throw new IllegalArgumentException("illegal line");
}
return processOcspQuery(ocspQa, serialNumber, status, revTime, messageDir, detailsDir, serverUrl, respIssuer, issuerCert, issuerHash, requestOptions);
}
use of org.xipki.ocsp.qa.OcspCertStatus in project xipki by xipki.
the class OcspQaStatusCmd method checkParameters.
@Override
protected void checkParameters(X509Certificate respIssuer, List<BigInteger> serialNumbers, Map<BigInteger, byte[]> encodedCerts) throws Exception {
ParamUtil.requireNonEmpty("serialNunmbers", serialNumbers);
if (isBlank(errorText) && isEmpty(statusTexts)) {
throw new IllegalArgumentException("neither expError nor expStatus is set, this is not permitted");
}
if (isNotBlank(errorText) && isNotEmpty(statusTexts)) {
throw new IllegalArgumentException("both expError and expStatus are set, this is not permitted");
}
if (isNotBlank(errorText)) {
expectedOcspError = OcspError.forName(errorText);
}
if (isNotEmpty(statusTexts)) {
if (statusTexts.size() != serialNumbers.size()) {
throw new IllegalArgumentException("number of expStatus is invalid: " + (statusTexts.size()) + ", it should be " + serialNumbers.size());
}
expectedStatuses = new HashMap<>();
final int n = serialNumbers.size();
for (int i = 0; i < n; i++) {
String expectedStatusText = statusTexts.get(i);
OcspCertStatus certStatus = OcspCertStatus.forName(expectedStatusText);
expectedStatuses.put(serialNumbers.get(i), certStatus);
}
}
if (isNotEmpty(revTimeTexts)) {
if (revTimeTexts.size() != serialNumbers.size()) {
throw new IllegalArgumentException("number of revTimes is invalid: " + (revTimeTexts.size()) + ", it should be " + serialNumbers.size());
}
expecteRevTimes = new HashMap<>();
final int n = serialNumbers.size();
for (int i = 0; i < n; i++) {
Date revTime = DateUtil.parseUtcTimeyyyyMMddhhmmss(revTimeTexts.get(i));
expecteRevTimes.put(serialNumbers.get(i), revTime);
}
}
expectedCerthashOccurrence = Occurrence.forName(certhashOccurrenceText);
expectedNextUpdateOccurrence = Occurrence.forName(nextUpdateOccurrenceText);
expectedNonceOccurrence = Occurrence.forName(nonceOccurrenceText);
}
Aggregations