List of usage examples for org.bouncycastle.asn1.cmp CertifiedKeyPair getCertOrEncCert
public CertOrEncCert getCertOrEncCert()
From source file:org.ejbca.core.protocol.cmp.CmpTestCase.java
License:Open Source License
protected X509Certificate checkCmpCertRepMessage(X500Name userDN, Certificate cacert, byte[] retMsg, int requestId) throws Exception { ///*w w w. j a v a2 s .co m*/ // Parse response message // assertTrue(cacert instanceof X509Certificate); PKIMessage respObject = null; ASN1InputStream asn1InputStream = new ASN1InputStream(new ByteArrayInputStream(retMsg)); try { respObject = PKIMessage.getInstance(asn1InputStream.readObject()); } finally { asn1InputStream.close(); } assertNotNull(respObject); // Verify body type PKIBody body = respObject.getBody(); int tag = body.getType(); assertEquals(1, tag); // Verify the response CertRepMessage c = (CertRepMessage) body.getContent(); assertNotNull(c); CertResponse resp = c.getResponse()[0]; assertNotNull(resp); assertEquals(resp.getCertReqId().getValue().intValue(), requestId); // Verify response status PKIStatusInfo info = resp.getStatus(); assertNotNull(info); assertEquals(0, info.getStatus().intValue()); // Verify response certificate CertifiedKeyPair kp = resp.getCertifiedKeyPair(); assertNotNull(kp); CertOrEncCert cc = kp.getCertOrEncCert(); assertNotNull(cc); final CMPCertificate cmpcert = cc.getCertificate(); assertNotNull(cmpcert); final X509Certificate cert = (X509Certificate) CertTools.getCertfromByteArray(cmpcert.getEncoded()); checkDN(userDN, new JcaX509CertificateHolder(cert).getSubject()); assertArrayEquals(cert.getIssuerX500Principal().getEncoded(), ((X509Certificate) cacert).getSubjectX500Principal().getEncoded()); // Verify the issuer of cert CMPCertificate respCmpCaCert = c.getCaPubs()[0]; final X509Certificate respCaCert = (X509Certificate) CertTools .getCertfromByteArray(respCmpCaCert.getEncoded()); assertEquals(CertTools.getFingerprintAsString(cacert), CertTools.getFingerprintAsString(respCaCert)); Collection<Certificate> cacerts = new ArrayList<Certificate>(); cacerts.add(cacert); assertTrue(CertTools.verify(cert, cacerts)); cacerts = new ArrayList<Certificate>(); cacerts.add(respCaCert); assertTrue(CertTools.verify(cert, cacerts)); return cert; }
From source file:org.ejbca.core.protocol.cmp.CrmfKeyUpdateTest.java
License:Open Source License
private static X509Certificate checkKurCertRepMessage(X500Name eeDN, Certificate issuerCert, byte[] retMsg, int requestId) throws Exception { ///*from w w w .j a va2s . c o m*/ // Parse response message // PKIMessage respObject = null; ASN1InputStream asn1InputStream = new ASN1InputStream(new ByteArrayInputStream(retMsg)); try { respObject = PKIMessage.getInstance(asn1InputStream.readObject()); } finally { asn1InputStream.close(); } assertNotNull(respObject); // Verify body type PKIBody body = respObject.getBody(); int tag = body.getType(); assertEquals(8, tag); // Verify the response CertRepMessage c = (CertRepMessage) body.getContent(); assertNotNull(c); CertResponse resp = c.getResponse()[0]; assertNotNull(resp); assertEquals(resp.getCertReqId().getValue().intValue(), requestId); // Verify response status PKIStatusInfo info = resp.getStatus(); assertNotNull(info); assertEquals(0, info.getStatus().intValue()); // Verify response certificate CertifiedKeyPair kp = resp.getCertifiedKeyPair(); assertNotNull(kp); CertOrEncCert cc = kp.getCertOrEncCert(); assertNotNull(cc); final CMPCertificate cmpcert = cc.getCertificate(); assertNotNull(cmpcert); X509Certificate cert = (X509Certificate) CertTools.getCertfromByteArray(cmpcert.getEncoded()); final X500Name name = new X500Name(CertTools.getSubjectDN(cert)); assertArrayEquals(eeDN.getEncoded(), name.getEncoded()); assertEquals(CertTools.stringToBCDNString(CertTools.getIssuerDN(cert)), CertTools.getSubjectDN(issuerCert)); // Verify the issuer of cert CMPCertificate respCmpCaCert = c.getCaPubs()[0]; final X509Certificate respCaCert = (X509Certificate) CertTools .getCertfromByteArray(respCmpCaCert.getEncoded()); assertEquals(CertTools.getFingerprintAsString(issuerCert), CertTools.getFingerprintAsString(respCaCert)); Collection<Certificate> cacerts = new ArrayList<Certificate>(); cacerts.add(issuerCert); assertTrue(CertTools.verify(cert, cacerts)); cacerts = new ArrayList<Certificate>(); cacerts.add(respCaCert); assertTrue(CertTools.verify(cert, cacerts)); return cert; }
From source file:org.ejbca.ui.cmpclient.commands.CrmfRequestCommand.java
License:Open Source License
private X509Certificate getCertFromResponse(final CertResponse resp) throws Exception { final CertifiedKeyPair kp = resp.getCertifiedKeyPair(); final CertOrEncCert cc = kp.getCertOrEncCert(); final CMPCertificate cmpcert = cc.getCertificate(); return (X509Certificate) CertTools.getCertfromByteArray(cmpcert.getEncoded()); }
From source file:org.xipki.ca.client.impl.X509CmpRequestor.java
License:Open Source License
private EnrollCertResultType intern_requestCertificate(final PKIMessage reqMessage, final Map<BigInteger, String> reqIdIdMap, final int expectedBodyType, final RequestResponseDebug debug) throws CmpRequestorException, PKIErrorException { PKIResponse response = signAndSend(reqMessage, debug); checkProtection(response);/*from w w w. j a v a 2s. com*/ PKIBody respBody = response.getPkiMessage().getBody(); int bodyType = respBody.getType(); if (PKIBody.TYPE_ERROR == bodyType) { ErrorMsgContent content = (ErrorMsgContent) respBody.getContent(); throw new PKIErrorException(content.getPKIStatusInfo()); } else if (expectedBodyType != bodyType) { throw new CmpRequestorException("unknown PKI body type " + bodyType + " instead the exceptected [" + expectedBodyType + ", " + PKIBody.TYPE_ERROR + "]"); } CertRepMessage certRep = (CertRepMessage) respBody.getContent(); CertResponse[] certResponses = certRep.getResponse(); EnrollCertResultType result = new EnrollCertResultType(); // CA certificates CMPCertificate[] caPubs = certRep.getCaPubs(); if (caPubs != null && caPubs.length > 0) { for (int i = 0; i < caPubs.length; i++) { if (caPubs[i] != null) { result.addCACertificate(caPubs[i]); } } } boolean isImplicitConfirm = CmpUtil.isImplictConfirm(response.getPkiMessage().getHeader()); CertificateConfirmationContentBuilder certConfirmBuilder = isImplicitConfirm ? null : new CertificateConfirmationContentBuilder(); boolean requireConfirm = false; // We only accept the certificates which are requested. for (CertResponse certResp : certResponses) { PKIStatusInfo statusInfo = certResp.getStatus(); int status = statusInfo.getStatus().intValue(); BigInteger certReqId = certResp.getCertReqId().getValue(); String thisId = reqIdIdMap.get(certReqId); if (thisId != null) { reqIdIdMap.remove(certReqId); } else if (reqIdIdMap.size() == 1) { thisId = reqIdIdMap.values().iterator().next(); reqIdIdMap.clear(); } if (thisId == null) { continue; // ignore it. this cert is not requested by me } ResultEntryType resultEntry; if (status == PKIStatus.GRANTED || status == PKIStatus.GRANTED_WITH_MODS) { CertifiedKeyPair cvk = certResp.getCertifiedKeyPair(); if (cvk == null) { return null; } CMPCertificate cmpCert = cvk.getCertOrEncCert().getCertificate(); if (cmpCert == null) { return null; } resultEntry = new EnrollCertResultEntryType(thisId, cmpCert, status); if (isImplicitConfirm == false) { requireConfirm = true; X509CertificateHolder certHolder = null; try { certHolder = new X509CertificateHolder(cmpCert.getEncoded()); } catch (IOException e) { resultEntry = new ErrorResultEntryType(thisId, ClientErrorCode.PKIStatus_RESPONSE_ERROR, PKIFailureInfo.systemFailure, "error while decode the certificate"); } if (certHolder != null) { certConfirmBuilder.addAcceptedCertificate(certHolder, certReqId); } } } else { PKIFreeText statusString = statusInfo.getStatusString(); String errorMessage = statusString == null ? null : statusString.getStringAt(0).getString(); int failureInfo = statusInfo.getFailInfo().intValue(); resultEntry = new ErrorResultEntryType(thisId, status, failureInfo, errorMessage); } result.addResultEntry(resultEntry); } if (CollectionUtil.isNotEmpty(reqIdIdMap)) { for (BigInteger reqId : reqIdIdMap.keySet()) { ErrorResultEntryType ere = new ErrorResultEntryType(reqIdIdMap.get(reqId), ClientErrorCode.PKIStatus_NO_ANSWER); result.addResultEntry(ere); } } if (requireConfirm == false) { return result; } PKIMessage confirmRequest = buildCertConfirmRequest(response.getPkiMessage().getHeader().getTransactionID(), certConfirmBuilder); response = signAndSend(confirmRequest, debug); checkProtection(response); if (PKIBody.TYPE_ERROR == bodyType) { ErrorMsgContent content = (ErrorMsgContent) respBody.getContent(); throw new PKIErrorException(content.getPKIStatusInfo()); } return result; }
From source file:org.xipki.pki.ca.client.impl.X509CmpRequestor.java
License:Open Source License
private EnrollCertResultResp internRequestCertificate(final PKIMessage reqMessage, final Map<BigInteger, String> reqIdIdMap, final int expectedBodyType, final RequestResponseDebug debug) throws CmpRequestorException, PkiErrorException { PkiResponse response = signAndSend(reqMessage, debug); checkProtection(response);//from w w w.j a va2 s. c o m PKIBody respBody = response.getPkiMessage().getBody(); final int bodyType = respBody.getType(); if (PKIBody.TYPE_ERROR == bodyType) { ErrorMsgContent content = ErrorMsgContent.getInstance(respBody.getContent()); throw new PkiErrorException(content.getPKIStatusInfo()); } else if (expectedBodyType != bodyType) { throw new CmpRequestorException(String.format("unknown PKI body type %s instead the expected [%s, %s]", bodyType, expectedBodyType, PKIBody.TYPE_ERROR)); } CertRepMessage certRep = CertRepMessage.getInstance(respBody.getContent()); CertResponse[] certResponses = certRep.getResponse(); EnrollCertResultResp result = new EnrollCertResultResp(); // CA certificates CMPCertificate[] caPubs = certRep.getCaPubs(); if (caPubs != null && caPubs.length > 0) { for (int i = 0; i < caPubs.length; i++) { if (caPubs[i] != null) { result.addCaCertificate(caPubs[i]); } } } CertificateConfirmationContentBuilder certConfirmBuilder = null; if (!CmpUtil.isImplictConfirm(response.getPkiMessage().getHeader())) { certConfirmBuilder = new CertificateConfirmationContentBuilder(); } boolean requireConfirm = false; // We only accept the certificates which are requested. for (CertResponse certResp : certResponses) { PKIStatusInfo statusInfo = certResp.getStatus(); int status = statusInfo.getStatus().intValue(); BigInteger certReqId = certResp.getCertReqId().getValue(); String thisId = reqIdIdMap.get(certReqId); if (thisId != null) { reqIdIdMap.remove(certReqId); } else if (reqIdIdMap.size() == 1) { thisId = reqIdIdMap.values().iterator().next(); reqIdIdMap.clear(); } if (thisId == null) { continue; // ignore it. this cert is not requested by me } ResultEntry resultEntry; if (status == PKIStatus.GRANTED || status == PKIStatus.GRANTED_WITH_MODS) { CertifiedKeyPair cvk = certResp.getCertifiedKeyPair(); if (cvk == null) { return null; } CMPCertificate cmpCert = cvk.getCertOrEncCert().getCertificate(); if (cmpCert == null) { return null; } resultEntry = new EnrollCertResultEntry(thisId, cmpCert, status); if (certConfirmBuilder != null) { requireConfirm = true; X509CertificateHolder certHolder = null; try { certHolder = new X509CertificateHolder(cmpCert.getEncoded()); } catch (IOException ex) { resultEntry = new ErrorResultEntry(thisId, ClientErrorCode.PKISTATUS_RESPONSE_ERROR, PKIFailureInfo.systemFailure, "could not decode the certificate"); } if (certHolder != null) { certConfirmBuilder.addAcceptedCertificate(certHolder, certReqId); } } } else { PKIFreeText statusString = statusInfo.getStatusString(); String errorMessage = (statusString == null) ? null : statusString.getStringAt(0).getString(); int failureInfo = statusInfo.getFailInfo().intValue(); resultEntry = new ErrorResultEntry(thisId, status, failureInfo, errorMessage); } result.addResultEntry(resultEntry); } if (CollectionUtil.isNonEmpty(reqIdIdMap)) { for (BigInteger reqId : reqIdIdMap.keySet()) { ErrorResultEntry ere = new ErrorResultEntry(reqIdIdMap.get(reqId), ClientErrorCode.PKISTATUS_NO_ANSWER); result.addResultEntry(ere); } } if (!requireConfirm) { return result; } PKIMessage confirmRequest = buildCertConfirmRequest(response.getPkiMessage().getHeader().getTransactionID(), certConfirmBuilder); response = signAndSend(confirmRequest, debug); checkProtection(response); return result; }