List of usage examples for org.bouncycastle.asn1 ASN1Integer getPositiveValue
public BigInteger getPositiveValue()
From source file:org.xipki.pki.ca.server.impl.cmp.X509CaCmpResponder.java
License:Open Source License
private CertResponse postProcessCertInfo(ASN1Integer certReqId, X509CertificateInfo certInfo, ASN1OctetString tid, CmpControl cmpControl) { if (cmpControl.isConfirmCert()) { pendingCertPool.addCertificate(tid.getOctets(), certReqId.getPositiveValue(), certInfo, System.currentTimeMillis() + cmpControl.getConfirmWaitTimeMs()); }//from w ww . ja va 2s . c om String warningMsg = certInfo.getWarningMessage(); PKIStatusInfo statusInfo; if (StringUtil.isBlank(warningMsg)) { statusInfo = certInfo.isAlreadyIssued() ? new PKIStatusInfo(PKIStatus.grantedWithMods, new PKIFreeText("ALREADY_ISSUED")) : new PKIStatusInfo(PKIStatus.granted); } else { statusInfo = new PKIStatusInfo(PKIStatus.grantedWithMods, new PKIFreeText(warningMsg)); } CertOrEncCert cec = new CertOrEncCert(CMPCertificate.getInstance(certInfo.getCert().getEncodedCert())); CertifiedKeyPair kp = new CertifiedKeyPair(cec); return new CertResponse(certReqId, statusInfo, kp, null); }
From source file:org.xipki.pki.ca.server.impl.cmp.X509CaCmpResponder.java
License:Open Source License
private PKIBody unRevokeRemoveCertificates(final PKIMessage request, final RevReqContent rr, final Permission permission, final CmpControl cmpControl, final String msgId) { RevDetails[] revContent = rr.toRevDetailsArray(); RevRepContentBuilder repContentBuilder = new RevRepContentBuilder(); final int n = revContent.length; // test the request for (int i = 0; i < n; i++) { RevDetails revDetails = revContent[i]; CertTemplate certDetails = revDetails.getCertDetails(); X500Name issuer = certDetails.getIssuer(); ASN1Integer serialNumber = certDetails.getSerialNumber(); try {//from w w w . j av a 2s .com X500Name caSubject = getCa().getCaInfo().getCertificate().getSubjectAsX500Name(); if (issuer == null) { return buildErrorMsgPkiBody(PKIStatus.rejection, PKIFailureInfo.badCertTemplate, "issuer is not present"); } if (!issuer.equals(caSubject)) { return buildErrorMsgPkiBody(PKIStatus.rejection, PKIFailureInfo.badCertTemplate, "issuer does not target at the CA"); } if (serialNumber == null) { return buildErrorMsgPkiBody(PKIStatus.rejection, PKIFailureInfo.badCertTemplate, "serialNumber is not present"); } if (certDetails.getSigningAlg() != null || certDetails.getValidity() != null || certDetails.getSubject() != null || certDetails.getPublicKey() != null || certDetails.getIssuerUID() != null || certDetails.getSubjectUID() != null) { return buildErrorMsgPkiBody(PKIStatus.rejection, PKIFailureInfo.badCertTemplate, "only version, issuer and serialNumber in RevDetails.certDetails are " + "allowed, but more is specified"); } if (certDetails.getExtensions() == null) { if (cmpControl.isRrAkiRequired()) { return buildErrorMsgPkiBody(PKIStatus.rejection, PKIFailureInfo.badCertTemplate, "issuer's AKI not present"); } } else { Extensions exts = certDetails.getExtensions(); ASN1ObjectIdentifier[] oids = exts.getCriticalExtensionOIDs(); if (oids != null) { for (ASN1ObjectIdentifier oid : oids) { if (!Extension.authorityKeyIdentifier.equals(oid)) { return buildErrorMsgPkiBody(PKIStatus.rejection, PKIFailureInfo.badCertTemplate, "unknown critical extension " + oid.getId()); } } } Extension ext = exts.getExtension(Extension.authorityKeyIdentifier); if (ext == null) { return buildErrorMsgPkiBody(PKIStatus.rejection, PKIFailureInfo.badCertTemplate, "issuer's AKI not present"); } else { AuthorityKeyIdentifier aki = AuthorityKeyIdentifier.getInstance(ext.getParsedValue()); if (aki.getKeyIdentifier() == null) { return buildErrorMsgPkiBody(PKIStatus.rejection, PKIFailureInfo.badCertTemplate, "issuer's AKI not present"); } boolean issuerMatched = true; byte[] caSki = getCa().getCaInfo().getCertificate().getSubjectKeyIdentifier(); if (Arrays.equals(caSki, aki.getKeyIdentifier())) { issuerMatched = false; } if (issuerMatched && aki.getAuthorityCertSerialNumber() != null) { BigInteger caSerial = getCa().getCaInfo().getSerialNumber(); if (!caSerial.equals(aki.getAuthorityCertSerialNumber())) { issuerMatched = false; } } if (issuerMatched && aki.getAuthorityCertIssuer() != null) { GeneralName[] names = aki.getAuthorityCertIssuer().getNames(); for (GeneralName name : names) { if (name.getTagNo() != GeneralName.directoryName) { issuerMatched = false; break; } if (!caSubject.equals(name.getName())) { issuerMatched = false; break; } } } if (!issuerMatched) { return buildErrorMsgPkiBody(PKIStatus.rejection, PKIFailureInfo.badCertTemplate, "issuer does not target at the CA"); } } } } catch (IllegalArgumentException ex) { return buildErrorMsgPkiBody(PKIStatus.rejection, PKIFailureInfo.badRequest, "the request is not invalid"); } } // end for byte[] encodedRequest = null; if (getCa().getCaInfo().isSaveRequest()) { try { encodedRequest = request.getEncoded(); } catch (IOException ex) { LOG.warn("could not encode request"); } } Long reqDbId = null; for (int i = 0; i < n; i++) { RevDetails revDetails = revContent[i]; CertTemplate certDetails = revDetails.getCertDetails(); ASN1Integer serialNumber = certDetails.getSerialNumber(); // serialNumber is not null due to the check in the previous for-block. X500Name caSubject = getCa().getCaInfo().getCertificate().getSubjectAsX500Name(); BigInteger snBigInt = serialNumber.getPositiveValue(); CertId certId = new CertId(new GeneralName(caSubject), serialNumber); PKIStatusInfo status; try { Object returnedObj = null; Long certDbId = null; X509Ca ca = getCa(); if (Permission.UNREVOKE_CERT == permission) { // unrevoke returnedObj = ca.unrevokeCertificate(snBigInt, msgId); if (returnedObj != null) { certDbId = ((X509CertWithDbId) returnedObj).getCertId(); } } else if (Permission.REMOVE_CERT == permission) { // remove returnedObj = ca.removeCertificate(snBigInt, msgId); } else { // revoke Date invalidityDate = null; CrlReason reason = null; Extensions crlDetails = revDetails.getCrlEntryDetails(); if (crlDetails != null) { ASN1ObjectIdentifier extId = Extension.reasonCode; ASN1Encodable extValue = crlDetails.getExtensionParsedValue(extId); if (extValue != null) { int reasonCode = ASN1Enumerated.getInstance(extValue).getValue().intValue(); reason = CrlReason.forReasonCode(reasonCode); } extId = Extension.invalidityDate; extValue = crlDetails.getExtensionParsedValue(extId); if (extValue != null) { try { invalidityDate = ASN1GeneralizedTime.getInstance(extValue).getDate(); } catch (ParseException ex) { throw new OperationException(ErrorCode.INVALID_EXTENSION, "invalid extension " + extId.getId()); } } } // end if (crlDetails) if (reason == null) { reason = CrlReason.UNSPECIFIED; } returnedObj = ca.revokeCertificate(snBigInt, reason, invalidityDate, msgId); if (returnedObj != null) { certDbId = ((X509CertWithRevocationInfo) returnedObj).getCert().getCertId(); } } // end if (permission) if (returnedObj == null) { throw new OperationException(ErrorCode.UNKNOWN_CERT, "cert not exists"); } if (certDbId != null && ca.getCaInfo().isSaveRequest()) { if (reqDbId == null) { reqDbId = ca.addRequest(encodedRequest); } ca.addRequestCert(reqDbId, certDbId); } status = new PKIStatusInfo(PKIStatus.granted); } catch (OperationException ex) { ErrorCode code = ex.getErrorCode(); LOG.warn("{} certificate, OperationException: code={}, message={}", permission.name(), code.name(), ex.getErrorMessage()); String errorMessage; switch (code) { case DATABASE_FAILURE: case SYSTEM_FAILURE: errorMessage = code.name(); break; default: errorMessage = code.name() + ": " + ex.getErrorMessage(); break; } // end switch code int failureInfo = getPKiFailureInfo(ex); status = generateRejectionStatus(failureInfo, errorMessage); } // end try repContentBuilder.add(status, certId); } // end for return new PKIBody(PKIBody.TYPE_REVOCATION_REP, repContentBuilder.build()); }
From source file:org.xipki.pki.ca.server.impl.cmp.X509CaCmpResponder.java
License:Open Source License
private PKIBody confirmCertificates(final ASN1OctetString transactionId, final CertConfirmContent certConf, final String msgId) { CertStatus[] certStatuses = certConf.toCertStatusArray(); boolean successful = true; for (CertStatus certStatus : certStatuses) { ASN1Integer certReqId = certStatus.getCertReqId(); byte[] certHash = certStatus.getCertHash().getOctets(); X509CertificateInfo certInfo = pendingCertPool.removeCertificate(transactionId.getOctets(), certReqId.getPositiveValue(), certHash); if (certInfo == null) { if (LOG.isWarnEnabled()) { LOG.warn("no cert under transactionId={}, certReqId={} and certHash=0X{}", transactionId, certReqId.getPositiveValue(), Hex.toHexString(certHash)); }/*from ww w . j a v a2s .co m*/ continue; } PKIStatusInfo statusInfo = certStatus.getStatusInfo(); boolean accept = true; if (statusInfo != null) { int status = statusInfo.getStatus().intValue(); if (PKIStatus.GRANTED != status && PKIStatus.GRANTED_WITH_MODS != status) { accept = false; } } if (accept) { continue; } BigInteger serialNumber = certInfo.getCert().getCert().getSerialNumber(); X509Ca ca = getCa(); try { ca.revokeCertificate(serialNumber, CrlReason.CESSATION_OF_OPERATION, new Date(), msgId); } catch (OperationException ex) { LogUtil.warn(LOG, ex, "could not revoke certificate ca=" + ca.getCaInfo().getName() + " serialNumber=" + LogUtil.formatCsn(serialNumber)); } successful = false; } // all other certificates should be revoked if (revokePendingCertificates(transactionId, msgId)) { successful = false; } if (successful) { return new PKIBody(PKIBody.TYPE_CONFIRM, DERNull.INSTANCE); } ErrorMsgContent emc = new ErrorMsgContent( new PKIStatusInfo(PKIStatus.rejection, null, new PKIFailureInfo(PKIFailureInfo.systemFailure))); return new PKIBody(PKIBody.TYPE_ERROR, emc); }
From source file:org.xipki.pki.ca.server.impl.cmp.X509CaCmpResponder.java
License:Open Source License
private PKIBody cmpGeneralMsg(final PKIHeaderBuilder respHeader, final CmpControl cmpControl, final PKIHeader reqHeader, final PKIBody reqBody, final CmpRequestorInfo requestor, final String user, final ASN1OctetString tid, final String msgId, final AuditEvent event) throws InsuffientPermissionException { GenMsgContent genMsgBody = GenMsgContent.getInstance(reqBody.getContent()); InfoTypeAndValue[] itvs = genMsgBody.toInfoTypeAndValueArray(); InfoTypeAndValue itv = null;/* w w w . j a va 2 s. co m*/ if (itvs != null && itvs.length > 0) { for (InfoTypeAndValue entry : itvs) { String itvType = entry.getInfoType().getId(); if (KNOWN_GENMSG_IDS.contains(itvType)) { itv = entry; break; } } } if (itv == null) { String statusMessage = "PKIBody type " + PKIBody.TYPE_GEN_MSG + " is only supported with the sub-types " + KNOWN_GENMSG_IDS.toString(); return buildErrorMsgPkiBody(PKIStatus.rejection, PKIFailureInfo.badRequest, statusMessage); } InfoTypeAndValue itvResp = null; ASN1ObjectIdentifier infoType = itv.getInfoType(); int failureInfo; try { X509Ca ca = getCa(); if (CMPObjectIdentifiers.it_currentCRL.equals(infoType)) { event.addEventType(CaAuditConstants.TYPE_CMP_genm_currentCrl); checkPermission(requestor, Permission.GET_CRL); CertificateList crl = ca.getBcCurrentCrl(); if (itv.getInfoValue() == null) { // as defined in RFC 4210 crl = ca.getBcCurrentCrl(); } else { // xipki extension ASN1Integer crlNumber = ASN1Integer.getInstance(itv.getInfoValue()); crl = ca.getBcCrl(crlNumber.getPositiveValue()); } if (crl == null) { String statusMessage = "no CRL is available"; return buildErrorMsgPkiBody(PKIStatus.rejection, PKIFailureInfo.systemFailure, statusMessage); } itvResp = new InfoTypeAndValue(infoType, crl); } else if (ObjectIdentifiers.id_xipki_cmp_cmpGenmsg.equals(infoType)) { ASN1Encodable asn1 = itv.getInfoValue(); ASN1Integer asn1Code = null; ASN1Encodable reqValue = null; try { ASN1Sequence seq = ASN1Sequence.getInstance(asn1); asn1Code = ASN1Integer.getInstance(seq.getObjectAt(0)); if (seq.size() > 1) { reqValue = seq.getObjectAt(1); } } catch (IllegalArgumentException ex) { String statusMessage = "invalid value of the InfoTypeAndValue for " + ObjectIdentifiers.id_xipki_cmp_cmpGenmsg.getId(); return buildErrorMsgPkiBody(PKIStatus.rejection, PKIFailureInfo.badRequest, statusMessage); } ASN1Encodable respValue; int action = asn1Code.getPositiveValue().intValue(); switch (action) { case XiSecurityConstants.CMP_ACTION_GEN_CRL: event.addEventType(CaAuditConstants.TYPE_CMP_genm_genCrl); checkPermission(requestor, Permission.GEN_CRL); X509CRL tmpCrl = ca.generateCrlOnDemand(msgId); if (tmpCrl == null) { String statusMessage = "CRL generation is not activated"; return buildErrorMsgPkiBody(PKIStatus.rejection, PKIFailureInfo.systemFailure, statusMessage); } else { respValue = CertificateList.getInstance(tmpCrl.getEncoded()); } break; case XiSecurityConstants.CMP_ACTION_GET_CRL_WITH_SN: event.addEventType(CaAuditConstants.TYPE_CMP_genm_crlForNumber); checkPermission(requestor, Permission.GET_CRL); ASN1Integer crlNumber = ASN1Integer.getInstance(reqValue); respValue = ca.getBcCrl(crlNumber.getPositiveValue()); if (respValue == null) { String statusMessage = "no CRL is available"; return buildErrorMsgPkiBody(PKIStatus.rejection, PKIFailureInfo.systemFailure, statusMessage); } break; case XiSecurityConstants.CMP_ACTION_GET_CAINFO: event.addEventType(CaAuditConstants.TYPE_CMP_genm_cainfo); Set<Integer> acceptVersions = new HashSet<>(); if (reqValue != null) { ASN1Sequence seq = DERSequence.getInstance(reqValue); int size = seq.size(); for (int i = 0; i < size; i++) { ASN1Integer ai = ASN1Integer.getInstance(seq.getObjectAt(i)); acceptVersions.add(ai.getPositiveValue().intValue()); } } if (CollectionUtil.isEmpty(acceptVersions)) { acceptVersions.add(1); } String systemInfo = getSystemInfo(requestor, acceptVersions); respValue = new DERUTF8String(systemInfo); break; default: String statusMessage = "unsupported XiPKI action code '" + action + "'"; return buildErrorMsgPkiBody(PKIStatus.rejection, PKIFailureInfo.badRequest, statusMessage); } // end switch (action) ASN1EncodableVector vec = new ASN1EncodableVector(); vec.add(asn1Code); if (respValue != null) { vec.add(respValue); } itvResp = new InfoTypeAndValue(infoType, new DERSequence(vec)); } GenRepContent genRepContent = new GenRepContent(itvResp); return new PKIBody(PKIBody.TYPE_GEN_REP, genRepContent); } catch (OperationException ex) { failureInfo = getPKiFailureInfo(ex); ErrorCode code = ex.getErrorCode(); String errorMessage; switch (code) { case DATABASE_FAILURE: case SYSTEM_FAILURE: errorMessage = code.name(); break; default: errorMessage = code.name() + ": " + ex.getErrorMessage(); break; } // end switch code return buildErrorMsgPkiBody(PKIStatus.rejection, failureInfo, errorMessage); } catch (CRLException ex) { String statusMessage = "CRLException: " + ex.getMessage(); return buildErrorMsgPkiBody(PKIStatus.rejection, PKIFailureInfo.systemFailure, statusMessage); } }
From source file:org.xipki.remotep11.server.impl.CmpResponder.java
License:Open Source License
PKIMessage processPKIMessage(final LocalP11CryptServicePool localP11CryptServicePool, final String moduleName, final PKIMessage pkiMessage) { GeneralPKIMessage message = new GeneralPKIMessage(pkiMessage); PKIHeader reqHeader = message.getHeader(); ASN1OctetString tid = reqHeader.getTransactionID(); if (tid == null) { byte[] randomBytes = randomTransactionId(); tid = new DEROctetString(randomBytes); }/* w ww . j av a 2 s . c o m*/ String tidStr = Hex.toHexString(tid.getOctets()); PKIHeaderBuilder respHeaderBuilder = new PKIHeaderBuilder(reqHeader.getPvno().getValue().intValue(), sender, reqHeader.getSender()); respHeaderBuilder.setTransactionID(tid); PKIBody reqBody = message.getBody(); final int type = reqBody.getType(); PKIHeader respHeader = respHeaderBuilder.build(); if (type != PKIBody.TYPE_GEN_MSG) { ErrorMsgContent emc = new ErrorMsgContent(new PKIStatusInfo(PKIStatus.rejection, new PKIFreeText("unsupported type " + type), new PKIFailureInfo(PKIFailureInfo.badRequest))); PKIBody respBody = new PKIBody(PKIBody.TYPE_ERROR, emc); return new PKIMessage(respHeader, respBody); } GenMsgContent genMsgBody = (GenMsgContent) reqBody.getContent(); InfoTypeAndValue[] itvs = genMsgBody.toInfoTypeAndValueArray(); InfoTypeAndValue itv = null; if (itvs != null && itvs.length > 0) { for (InfoTypeAndValue m : itvs) { ASN1ObjectIdentifier itvType = m.getInfoType(); if (ObjectIdentifiers.id_xipki_cmp.equals(itvType)) { itv = m; break; } } } if (itv == null) { final String statusMessage = String.format("PKIBody type %s is only supported with the sub-knownTypes", ObjectIdentifiers.id_xipki_cmp.getId()); return createRejectionPKIMessage(respHeader, PKIFailureInfo.badRequest, statusMessage); } try { ASN1Encodable asn1 = itv.getInfoValue(); ASN1Integer asn1Code = null; ASN1Encodable reqValue = null; try { ASN1Sequence seq = ASN1Sequence.getInstance(asn1); asn1Code = ASN1Integer.getInstance(seq.getObjectAt(0)); if (seq.size() > 1) { reqValue = seq.getObjectAt(1); } } catch (IllegalArgumentException e) { final String statusMessage = "invalid value of the InfoTypeAndValue for " + ObjectIdentifiers.id_xipki_cmp.getId(); return createRejectionPKIMessage(respHeader, PKIFailureInfo.badRequest, statusMessage); } int action = asn1Code.getPositiveValue().intValue(); ASN1Encodable respItvInfoValue; P11CryptService p11CryptService = localP11CryptServicePool.getP11CryptService(moduleName); switch (action) { case XipkiCmpConstants.ACTION_RP11_VERSION: { respItvInfoValue = new ASN1Integer(localP11CryptServicePool.getVersion()); break; } case XipkiCmpConstants.ACTION_RP11_PSO_DSA_PLAIN: case XipkiCmpConstants.ACTION_RP11_PSO_DSA_X962: case XipkiCmpConstants.ACTION_RP11_PSO_ECDSA_PLAIN: case XipkiCmpConstants.ACTION_RP11_PSO_ECDSA_X962: case XipkiCmpConstants.ACTION_RP11_PSO_RSA_PKCS: case XipkiCmpConstants.ACTION_RP11_PSO_RSA_X509: { byte[] psoMessage = null; P11SlotIdentifier slot = null; P11KeyIdentifier keyId = null; { try { PSOTemplate psoTemplate = PSOTemplate.getInstance(reqValue); psoMessage = psoTemplate.getMessage(); SlotAndKeyIdentifer slotAndKeyIdentifier = psoTemplate.getSlotAndKeyIdentifer(); slot = slotAndKeyIdentifier.getSlotIdentifier().getSlotId(); KeyIdentifier keyIdentifier = slotAndKeyIdentifier.getKeyIdentifier(); keyId = keyIdentifier.getKeyId(); } catch (IllegalArgumentException e) { final String statusMessage = "invalid PSOTemplate"; return createRejectionPKIMessage(respHeader, PKIFailureInfo.badRequest, statusMessage); } } byte[] signature; if (XipkiCmpConstants.ACTION_RP11_PSO_ECDSA_PLAIN == action) { signature = p11CryptService.CKM_ECDSA_Plain(psoMessage, slot, keyId); } else if (XipkiCmpConstants.ACTION_RP11_PSO_ECDSA_X962 == action) { signature = p11CryptService.CKM_ECDSA_X962(psoMessage, slot, keyId); } else if (XipkiCmpConstants.ACTION_RP11_PSO_DSA_PLAIN == action) { signature = p11CryptService.CKM_DSA_Plain(psoMessage, slot, keyId); } else if (XipkiCmpConstants.ACTION_RP11_PSO_DSA_X962 == action) { signature = p11CryptService.CKM_DSA_X962(psoMessage, slot, keyId); } else if (XipkiCmpConstants.ACTION_RP11_PSO_RSA_X509 == action) { signature = p11CryptService.CKM_RSA_X509(psoMessage, slot, keyId); } else if (XipkiCmpConstants.ACTION_RP11_PSO_RSA_PKCS == action) { signature = p11CryptService.CKM_RSA_PKCS(psoMessage, slot, keyId); } else { throw new RuntimeException("should not reach here"); } respItvInfoValue = new DEROctetString(signature); break; } case XipkiCmpConstants.ACTION_RP11_GET_CERTIFICATE: case XipkiCmpConstants.ACTION_RP11_GET_PUBLICKEY: { P11SlotIdentifier slot = null; P11KeyIdentifier keyId = null; try { SlotAndKeyIdentifer slotAndKeyIdentifier = SlotAndKeyIdentifer.getInstance(reqValue); slot = slotAndKeyIdentifier.getSlotIdentifier().getSlotId(); KeyIdentifier keyIdentifier = slotAndKeyIdentifier.getKeyIdentifier(); keyId = keyIdentifier.getKeyId(); } catch (IllegalArgumentException e) { final String statusMessage = "invalid SlotAndKeyIdentifier"; return createRejectionPKIMessage(respHeader, PKIFailureInfo.badRequest, statusMessage); } byte[] encodeCertOrKey; if (XipkiCmpConstants.ACTION_RP11_GET_CERTIFICATE == action) { encodeCertOrKey = p11CryptService.getCertificate(slot, keyId).getEncoded(); } else if (XipkiCmpConstants.ACTION_RP11_GET_PUBLICKEY == action) { encodeCertOrKey = p11CryptService.getPublicKey(slot, keyId).getEncoded(); } else { throw new RuntimeException("should not reach here"); } respItvInfoValue = new DEROctetString(encodeCertOrKey); break; } case XipkiCmpConstants.ACTION_RP11_LIST_SLOTS: { P11SlotIdentifier[] slotIds = p11CryptService.getSlotIdentifiers(); ASN1EncodableVector vector = new ASN1EncodableVector(); for (P11SlotIdentifier slotId : slotIds) { vector.add(new SlotIdentifier(slotId)); } respItvInfoValue = new DERSequence(vector); break; } case XipkiCmpConstants.ACTION_RP11_LIST_KEYLABELS: { SlotIdentifier slotId = SlotIdentifier.getInstance(reqValue); String[] keyLabels = p11CryptService.getKeyLabels(slotId.getSlotId()); ASN1EncodableVector vector = new ASN1EncodableVector(); for (String keyLabel : keyLabels) { vector.add(new DERUTF8String(keyLabel)); } respItvInfoValue = new DERSequence(vector); break; } default: { final String statusMessage = "unsupported XiPKI action code '" + action + "'"; return createRejectionPKIMessage(respHeader, PKIFailureInfo.badRequest, statusMessage); } } // end switch(code) ASN1EncodableVector v = new ASN1EncodableVector(); v.add(new ASN1Integer(action)); if (respItvInfoValue != null) { v.add(respItvInfoValue); } InfoTypeAndValue respItv = new InfoTypeAndValue(ObjectIdentifiers.id_xipki_cmp, new DERSequence(v)); GenRepContent genRepContent = new GenRepContent(respItv); PKIBody respBody = new PKIBody(PKIBody.TYPE_GEN_REP, genRepContent); return new PKIMessage(respHeader, respBody); } catch (Throwable t) { LOG.error("error while processing CMP message {}, message: {}", tidStr, t.getMessage()); LOG.debug("error while processing CMP message " + tidStr, t); return createRejectionPKIMessage(respHeader, PKIFailureInfo.systemFailure, t.getMessage()); } }
From source file:org.xipki.security.api.p11.remote.SlotIdentifier.java
License:Open Source License
private SlotIdentifier(final ASN1Sequence seq) { int size = seq.size(); if (size < 1) { throw new IllegalArgumentException("wrong number of elements in sequence"); }//from ww w.java 2 s . c o m Integer slotIndex = null; ASN1Encodable slotIdASN1Obj = null; ASN1Encodable obj = seq.getObjectAt(0); if (obj instanceof ASN1Integer) { slotIndex = ((ASN1Integer) obj).getPositiveValue().intValue(); if (size > 1) { slotIdASN1Obj = seq.getObjectAt(1); } } else { slotIdASN1Obj = obj; } Long slotId = null; if (slotIdASN1Obj instanceof ASN1TaggedObject) { ASN1TaggedObject tagObj = (ASN1TaggedObject) slotIdASN1Obj; int tagNo = tagObj.getTagNo(); if (tagNo == 1) { ASN1Integer i = ASN1Integer.getInstance(tagObj.getObject()); slotId = i.getPositiveValue().longValue(); } else { throw new IllegalArgumentException("unknown tag " + tagNo); } } this.slotId = new P11SlotIdentifier(slotIndex, slotId); }
From source file:org.xipki.security.p11.remote.RemoteP11CryptService.java
License:Open Source License
public int getServerVersion() throws SignerException { ASN1Encodable result = send(XipkiCmpConstants.ACTION_RP11_VERSION, DERNull.INSTANCE); ASN1Integer derInt; try {/* ww w . j a va 2s. c o m*/ derInt = ASN1Integer.getInstance(result); } catch (IllegalArgumentException e) { throw new SignerException("the returned result is not INTEGER"); } return (derInt == null) ? 0 : derInt.getPositiveValue().intValue(); }