List of usage examples for org.bouncycastle.asn1.cmp CMPObjectIdentifiers it_currentCRL
ASN1ObjectIdentifier it_currentCRL
To view the source code for org.bouncycastle.asn1.cmp CMPObjectIdentifiers it_currentCRL.
Click Source Link
From source file:org.xipki.ca.client.impl.X509CmpRequestor.java
License:Open Source License
public CRLResultType downloadCRL(final BigInteger crlNumber, final RequestResponseDebug debug) throws CmpRequestorException, PKIErrorException { Integer action = null;//from w ww . j a v a 2 s.com PKIMessage request; if (crlNumber == null) { ASN1ObjectIdentifier type = CMPObjectIdentifiers.it_currentCRL; request = buildMessageWithGeneralMsgContent(type, null); } else { action = XipkiCmpConstants.ACTION_GET_CRL_WITH_SN; request = buildMessageWithXipkAction(action, new ASN1Integer(crlNumber)); } PKIResponse response = signAndSend(request, debug); return evaluateCRLResponse(response, action); }
From source file:org.xipki.ca.client.impl.X509CmpRequestor.java
License:Open Source License
private CRLResultType evaluateCRLResponse(final PKIResponse response, final Integer xipkiAction) throws CmpRequestorException, PKIErrorException { checkProtection(response);/*from w ww. j a va 2 s . co m*/ PKIBody respBody = response.getPkiMessage().getBody(); int bodyType = respBody.getType(); if (PKIBody.TYPE_ERROR == bodyType) { ErrorMsgContent content = (ErrorMsgContent) respBody.getContent(); throw new PKIErrorException(content.getPKIStatusInfo()); } else if (PKIBody.TYPE_GEN_REP != bodyType) { throw new CmpRequestorException("unknown PKI body type " + bodyType + " instead the exceptected [" + PKIBody.TYPE_GEN_REP + ", " + PKIBody.TYPE_ERROR + "]"); } ASN1ObjectIdentifier expectedType = xipkiAction == null ? CMPObjectIdentifiers.it_currentCRL : ObjectIdentifiers.id_xipki_cmp; GenRepContent genRep = (GenRepContent) respBody.getContent(); InfoTypeAndValue[] itvs = genRep.toInfoTypeAndValueArray(); InfoTypeAndValue itv = null; if (itvs != null && itvs.length > 0) { for (InfoTypeAndValue m : itvs) { if (expectedType.equals(m.getInfoType())) { itv = m; break; } } } if (itv == null) { throw new CmpRequestorException("the response does not contain InfoTypeAndValue " + expectedType); } ASN1Encodable certListAsn1Object; if (xipkiAction == null) { certListAsn1Object = itv.getInfoValue(); } else { certListAsn1Object = extractXipkiActionContent(itv.getInfoValue(), xipkiAction); } CertificateList certList = CertificateList.getInstance(certListAsn1Object); X509CRL crl; try { crl = new X509CRLObject(certList); } catch (CRLException e) { throw new CmpRequestorException("returned CRL is invalid: " + e.getMessage()); } CRLResultType result = new CRLResultType(); result.setCRL(crl); return result; }
From source file:org.xipki.ca.server.impl.X509CACmpResponder.java
License:Open Source License
private PKIBody cmpGeneralMsg(final PKIHeaderBuilder respHeader, final CmpControl cmpControl, final PKIHeader reqHeader, final PKIBody reqBody, final CmpRequestorInfo requestor, final String user, final ASN1OctetString tid, final AuditEvent auditEvent) throws InsuffientPermissionException { GenMsgContent genMsgBody = (GenMsgContent) reqBody.getContent(); InfoTypeAndValue[] itvs = genMsgBody.toInfoTypeAndValueArray(); InfoTypeAndValue itv = null;/* w w w . j ava 2 s .c om*/ if (itvs != null && itvs.length > 0) { for (InfoTypeAndValue _itv : itvs) { String itvType = _itv.getInfoType().getId(); if (knownGenMsgIds.contains(itvType)) { itv = _itv; break; } } } if (itv == null) { String statusMessage = "PKIBody type " + PKIBody.TYPE_GEN_MSG + " is only supported with the sub-types " + knownGenMsgIds.toString(); return createErrorMsgPKIBody(PKIStatus.rejection, PKIFailureInfo.badRequest, statusMessage); } InfoTypeAndValue itvResp = null; ASN1ObjectIdentifier infoType = itv.getInfoType(); int failureInfo; try { X509CA ca = getCA(); if (CMPObjectIdentifiers.it_currentCRL.equals(infoType)) { addAutitEventType(auditEvent, "CRL_DOWNLOAD"); checkPermission(requestor, Permission.GET_CRL); CertificateList crl = ca.getCurrentCRL(); if (itv.getInfoValue() == null) { // as defined in RFC 4210 crl = ca.getCurrentCRL(); } else { // xipki extension ASN1Integer crlNumber = ASN1Integer.getInstance(itv.getInfoValue()); crl = ca.getCRL(crlNumber.getPositiveValue()); } if (crl == null) { String statusMessage = "no CRL is available"; return createErrorMsgPKIBody(PKIStatus.rejection, PKIFailureInfo.systemFailure, statusMessage); } itvResp = new InfoTypeAndValue(infoType, crl); } else if (ObjectIdentifiers.id_xipki_cmp.equals(infoType)) { ASN1Encodable asn1 = itv.getInfoValue(); ASN1Integer asn1Code = null; ASN1Encodable reqValue = null; try { ASN1Sequence seq = ASN1Sequence.getInstance(asn1); asn1Code = ASN1Integer.getInstance(seq.getObjectAt(0)); if (seq.size() > 1) { reqValue = seq.getObjectAt(1); } } catch (IllegalArgumentException e) { String statusMessage = "invalid value of the InfoTypeAndValue for " + ObjectIdentifiers.id_xipki_cmp.getId(); return createErrorMsgPKIBody(PKIStatus.rejection, PKIFailureInfo.badRequest, statusMessage); } ASN1Encodable respValue; int action = asn1Code.getPositiveValue().intValue(); switch (action) { case XipkiCmpConstants.ACTION_GEN_CRL: addAutitEventType(auditEvent, "CRL_GEN_ONDEMAND"); checkPermission(requestor, Permission.GEN_CRL); X509CRL _crl = ca.generateCRLonDemand(auditEvent); if (_crl == null) { String statusMessage = "CRL generation is not activated"; return createErrorMsgPKIBody(PKIStatus.rejection, PKIFailureInfo.systemFailure, statusMessage); } else { respValue = CertificateList.getInstance(_crl.getEncoded()); } break; case XipkiCmpConstants.ACTION_GET_CRL_WITH_SN: addAutitEventType(auditEvent, "CRL_DOWNLOAD_WITH_SN"); checkPermission(requestor, Permission.GET_CRL); ASN1Integer crlNumber = ASN1Integer.getInstance(reqValue); respValue = ca.getCRL(crlNumber.getPositiveValue()); if (respValue == null) { String statusMessage = "no CRL is available"; return createErrorMsgPKIBody(PKIStatus.rejection, PKIFailureInfo.systemFailure, statusMessage); } break; case XipkiCmpConstants.ACTION_GET_CAINFO: addAutitEventType(auditEvent, "GET_SYSTEMINFO"); Set<Integer> acceptVersions = new HashSet<>(); if (reqValue != null) { ASN1Sequence seq = DERSequence.getInstance(reqValue); int size = seq.size(); for (int i = 0; i < size; i++) { ASN1Integer a = ASN1Integer.getInstance(seq.getObjectAt(i)); acceptVersions.add(a.getPositiveValue().intValue()); } } if (CollectionUtil.isEmpty(acceptVersions)) { acceptVersions.add(1); } String systemInfo = getSystemInfo(requestor, acceptVersions); respValue = new DERUTF8String(systemInfo); break; case XipkiCmpConstants.ACTION_REMOVE_EXPIRED_CERTS: checkPermission(requestor, Permission.REMOVE_CERT); String info = removeExpiredCerts(requestor, itv.getInfoValue()); respValue = new DERUTF8String(info); break; default: String statusMessage = "unsupported XiPKI action code '" + action + "'"; return createErrorMsgPKIBody(PKIStatus.rejection, PKIFailureInfo.badRequest, statusMessage); } // end switch(action) ASN1EncodableVector v = new ASN1EncodableVector(); v.add(asn1Code); if (respValue != null) { v.add(respValue); } itvResp = new InfoTypeAndValue(infoType, new DERSequence(v)); } GenRepContent genRepContent = new GenRepContent(itvResp); return new PKIBody(PKIBody.TYPE_GEN_REP, genRepContent); } catch (OperationException e) { failureInfo = PKIFailureInfo.systemFailure; String statusMessage = null; ErrorCode code = e.getErrorCode(); switch (code) { case BAD_REQUEST: failureInfo = PKIFailureInfo.badRequest; statusMessage = e.getErrorMessage(); break; case DATABASE_FAILURE: case SYSTEM_FAILURE: statusMessage = code.name(); break; default: statusMessage = code.name() + ": " + e.getErrorMessage(); break; } // end switch(code) return createErrorMsgPKIBody(PKIStatus.rejection, failureInfo, statusMessage); } catch (CRLException e) { String statusMessage = "CRLException: " + e.getMessage(); return createErrorMsgPKIBody(PKIStatus.rejection, PKIFailureInfo.systemFailure, statusMessage); } }
From source file:org.xipki.pki.ca.client.impl.X509CmpRequestor.java
License:Open Source License
public X509CRL downloadCrl(final BigInteger crlNumber, final RequestResponseDebug debug) throws CmpRequestorException, PkiErrorException { Integer action = null;/* ww w. j a v a 2s . c o m*/ PKIMessage request; if (crlNumber == null) { ASN1ObjectIdentifier type = CMPObjectIdentifiers.it_currentCRL; request = buildMessageWithGeneralMsgContent(type, null); } else { action = XiSecurityConstants.CMP_ACTION_GET_CRL_WITH_SN; request = buildMessageWithXipkAction(action, new ASN1Integer(crlNumber)); } PkiResponse response = signAndSend(request, debug); return evaluateCrlResponse(response, action); }
From source file:org.xipki.pki.ca.client.impl.X509CmpRequestor.java
License:Open Source License
private X509CRL evaluateCrlResponse(final PkiResponse response, final Integer xipkiAction) throws CmpRequestorException, PkiErrorException { ParamUtil.requireNonNull("response", response); checkProtection(response);//from w w w. j a v a 2s . c om PKIBody respBody = response.getPkiMessage().getBody(); int bodyType = respBody.getType(); if (PKIBody.TYPE_ERROR == bodyType) { ErrorMsgContent content = ErrorMsgContent.getInstance(respBody.getContent()); throw new PkiErrorException(content.getPKIStatusInfo()); } else if (PKIBody.TYPE_GEN_REP != bodyType) { throw new CmpRequestorException(String.format("unknown PKI body type %s instead the expected [%s, %s]", bodyType, PKIBody.TYPE_GEN_REP, PKIBody.TYPE_ERROR)); } ASN1ObjectIdentifier expectedType = (xipkiAction == null) ? CMPObjectIdentifiers.it_currentCRL : ObjectIdentifiers.id_xipki_cmp_cmpGenmsg; GenRepContent genRep = GenRepContent.getInstance(respBody.getContent()); InfoTypeAndValue[] itvs = genRep.toInfoTypeAndValueArray(); InfoTypeAndValue itv = null; if (itvs != null && itvs.length > 0) { for (InfoTypeAndValue m : itvs) { if (expectedType.equals(m.getInfoType())) { itv = m; break; } } } if (itv == null) { throw new CmpRequestorException("the response does not contain InfoTypeAndValue " + expectedType); } ASN1Encodable certListAsn1Object = (xipkiAction == null) ? itv.getInfoValue() : extractXipkiActionContent(itv.getInfoValue(), xipkiAction); CertificateList certList = CertificateList.getInstance(certListAsn1Object); X509CRL crl; try { crl = X509Util.toX509Crl(certList); } catch (CRLException | CertificateException ex) { throw new CmpRequestorException("returned CRL is invalid: " + ex.getMessage()); } return crl; }
From source file:org.xipki.pki.ca.server.impl.cmp.X509CaCmpResponder.java
License:Open Source License
private PKIBody cmpGeneralMsg(final PKIHeaderBuilder respHeader, final CmpControl cmpControl, final PKIHeader reqHeader, final PKIBody reqBody, final CmpRequestorInfo requestor, final String user, final ASN1OctetString tid, final String msgId, final AuditEvent event) throws InsuffientPermissionException { GenMsgContent genMsgBody = GenMsgContent.getInstance(reqBody.getContent()); InfoTypeAndValue[] itvs = genMsgBody.toInfoTypeAndValueArray(); InfoTypeAndValue itv = null;//from w w w. j a v a 2 s . c om if (itvs != null && itvs.length > 0) { for (InfoTypeAndValue entry : itvs) { String itvType = entry.getInfoType().getId(); if (KNOWN_GENMSG_IDS.contains(itvType)) { itv = entry; break; } } } if (itv == null) { String statusMessage = "PKIBody type " + PKIBody.TYPE_GEN_MSG + " is only supported with the sub-types " + KNOWN_GENMSG_IDS.toString(); return buildErrorMsgPkiBody(PKIStatus.rejection, PKIFailureInfo.badRequest, statusMessage); } InfoTypeAndValue itvResp = null; ASN1ObjectIdentifier infoType = itv.getInfoType(); int failureInfo; try { X509Ca ca = getCa(); if (CMPObjectIdentifiers.it_currentCRL.equals(infoType)) { event.addEventType(CaAuditConstants.TYPE_CMP_genm_currentCrl); checkPermission(requestor, Permission.GET_CRL); CertificateList crl = ca.getBcCurrentCrl(); if (itv.getInfoValue() == null) { // as defined in RFC 4210 crl = ca.getBcCurrentCrl(); } else { // xipki extension ASN1Integer crlNumber = ASN1Integer.getInstance(itv.getInfoValue()); crl = ca.getBcCrl(crlNumber.getPositiveValue()); } if (crl == null) { String statusMessage = "no CRL is available"; return buildErrorMsgPkiBody(PKIStatus.rejection, PKIFailureInfo.systemFailure, statusMessage); } itvResp = new InfoTypeAndValue(infoType, crl); } else if (ObjectIdentifiers.id_xipki_cmp_cmpGenmsg.equals(infoType)) { ASN1Encodable asn1 = itv.getInfoValue(); ASN1Integer asn1Code = null; ASN1Encodable reqValue = null; try { ASN1Sequence seq = ASN1Sequence.getInstance(asn1); asn1Code = ASN1Integer.getInstance(seq.getObjectAt(0)); if (seq.size() > 1) { reqValue = seq.getObjectAt(1); } } catch (IllegalArgumentException ex) { String statusMessage = "invalid value of the InfoTypeAndValue for " + ObjectIdentifiers.id_xipki_cmp_cmpGenmsg.getId(); return buildErrorMsgPkiBody(PKIStatus.rejection, PKIFailureInfo.badRequest, statusMessage); } ASN1Encodable respValue; int action = asn1Code.getPositiveValue().intValue(); switch (action) { case XiSecurityConstants.CMP_ACTION_GEN_CRL: event.addEventType(CaAuditConstants.TYPE_CMP_genm_genCrl); checkPermission(requestor, Permission.GEN_CRL); X509CRL tmpCrl = ca.generateCrlOnDemand(msgId); if (tmpCrl == null) { String statusMessage = "CRL generation is not activated"; return buildErrorMsgPkiBody(PKIStatus.rejection, PKIFailureInfo.systemFailure, statusMessage); } else { respValue = CertificateList.getInstance(tmpCrl.getEncoded()); } break; case XiSecurityConstants.CMP_ACTION_GET_CRL_WITH_SN: event.addEventType(CaAuditConstants.TYPE_CMP_genm_crlForNumber); checkPermission(requestor, Permission.GET_CRL); ASN1Integer crlNumber = ASN1Integer.getInstance(reqValue); respValue = ca.getBcCrl(crlNumber.getPositiveValue()); if (respValue == null) { String statusMessage = "no CRL is available"; return buildErrorMsgPkiBody(PKIStatus.rejection, PKIFailureInfo.systemFailure, statusMessage); } break; case XiSecurityConstants.CMP_ACTION_GET_CAINFO: event.addEventType(CaAuditConstants.TYPE_CMP_genm_cainfo); Set<Integer> acceptVersions = new HashSet<>(); if (reqValue != null) { ASN1Sequence seq = DERSequence.getInstance(reqValue); int size = seq.size(); for (int i = 0; i < size; i++) { ASN1Integer ai = ASN1Integer.getInstance(seq.getObjectAt(i)); acceptVersions.add(ai.getPositiveValue().intValue()); } } if (CollectionUtil.isEmpty(acceptVersions)) { acceptVersions.add(1); } String systemInfo = getSystemInfo(requestor, acceptVersions); respValue = new DERUTF8String(systemInfo); break; default: String statusMessage = "unsupported XiPKI action code '" + action + "'"; return buildErrorMsgPkiBody(PKIStatus.rejection, PKIFailureInfo.badRequest, statusMessage); } // end switch (action) ASN1EncodableVector vec = new ASN1EncodableVector(); vec.add(asn1Code); if (respValue != null) { vec.add(respValue); } itvResp = new InfoTypeAndValue(infoType, new DERSequence(vec)); } GenRepContent genRepContent = new GenRepContent(itvResp); return new PKIBody(PKIBody.TYPE_GEN_REP, genRepContent); } catch (OperationException ex) { failureInfo = getPKiFailureInfo(ex); ErrorCode code = ex.getErrorCode(); String errorMessage; switch (code) { case DATABASE_FAILURE: case SYSTEM_FAILURE: errorMessage = code.name(); break; default: errorMessage = code.name() + ": " + ex.getErrorMessage(); break; } // end switch code return buildErrorMsgPkiBody(PKIStatus.rejection, failureInfo, errorMessage); } catch (CRLException ex) { String statusMessage = "CRLException: " + ex.getMessage(); return buildErrorMsgPkiBody(PKIStatus.rejection, PKIFailureInfo.systemFailure, statusMessage); } }