List of usage examples for org.bouncycastle.asn1.cmp PKIBody TYPE_CERT_REP
int TYPE_CERT_REP
To view the source code for org.bouncycastle.asn1.cmp PKIBody TYPE_CERT_REP.
Click Source Link
From source file:org.xipki.ca.client.impl.X509CmpRequestor.java
License:Open Source License
public EnrollCertResultType requestCertificate(final P10EnrollCertRequestType p10Req, final String username, final RequestResponseDebug debug) throws CmpRequestorException, PKIErrorException { PKIMessage request = buildPKIMessage(p10Req, username); Map<BigInteger, String> reqIdIdMap = new HashMap<>(); reqIdIdMap.put(MINUS_ONE, p10Req.getId()); return intern_requestCertificate(request, reqIdIdMap, PKIBody.TYPE_CERT_REP, debug); }
From source file:org.xipki.ca.client.impl.X509CmpRequestor.java
License:Open Source License
public EnrollCertResultType requestCertificate(final EnrollCertRequestType req, final String username, final RequestResponseDebug debug) throws CmpRequestorException, PKIErrorException { PKIMessage request = buildPKIMessage(req, username); Map<BigInteger, String> reqIdIdMap = new HashMap<>(); List<EnrollCertRequestEntryType> reqEntries = req.getRequestEntries(); for (EnrollCertRequestEntryType reqEntry : reqEntries) { reqIdIdMap.put(reqEntry.getCertReq().getCertReqId().getValue(), reqEntry.getId()); }//from w ww . j ava 2s.c om int exptectedBodyType; switch (req.getType()) { case CERT_REQ: exptectedBodyType = PKIBody.TYPE_CERT_REP; break; case KEY_UPDATE: exptectedBodyType = PKIBody.TYPE_KEY_UPDATE_REP; break; default: exptectedBodyType = PKIBody.TYPE_CROSS_CERT_REP; } return intern_requestCertificate(request, reqIdIdMap, exptectedBodyType, debug); }
From source file:org.xipki.ca.server.impl.X509CACmpResponder.java
License:Open Source License
/** * handle the PKI body with the choice {@code cr} * *//*from w ww. jav a 2s. c o m*/ private PKIBody processCr(final CmpRequestorInfo requestor, final String user, final ASN1OctetString tid, final PKIHeader reqHeader, final CertReqMessages cr, final long confirmWaitTime, final boolean sendCaCert, final AuditEvent auditEvent) throws InsuffientPermissionException { CertRepMessage repMessage = processCertReqMessages(requestor, user, tid, reqHeader, cr, false, confirmWaitTime, sendCaCert, auditEvent); return new PKIBody(PKIBody.TYPE_CERT_REP, repMessage); }
From source file:org.xipki.ca.server.impl.X509CACmpResponder.java
License:Open Source License
/** * handle the PKI body with the choice {@code p10cr}<br/> * Since it is not possible to add attribute to the PKCS#10 request, the certificate profile * must be specified in the attribute regInfo-utf8Pairs (1.3.6.1.5.5.7.5.2.1) within * PKIHeader.generalInfo// w w w. j a v a2s. com * */ private PKIBody processP10cr(final CmpRequestorInfo requestor, final String user, final ASN1OctetString tid, final PKIHeader reqHeader, final CertificationRequest p10cr, final long confirmWaitTime, final boolean sendCaCert, final AuditEvent auditEvent) throws InsuffientPermissionException { // verify the POP first CertResponse certResp; ASN1Integer certReqId = new ASN1Integer(-1); AuditChildEvent childAuditEvent = null; if (auditEvent != null) { childAuditEvent = new AuditChildEvent(); auditEvent.addChildAuditEvent(childAuditEvent); } if (securityFactory.verifyPOPO(p10cr) == false) { LOG.warn("could not validate POP for the pkcs#10 requst"); PKIStatusInfo status = generateCmpRejectionStatus(PKIFailureInfo.badPOP, null); certResp = new CertResponse(certReqId, status); if (childAuditEvent != null) { childAuditEvent.setStatus(AuditStatus.FAILED); childAuditEvent.addEventData(new AuditEventData("message", "invalid POP")); } } else { CertificationRequestInfo certTemp = p10cr.getCertificationRequestInfo(); Extensions extensions = null; ASN1Set attrs = certTemp.getAttributes(); for (int i = 0; i < attrs.size(); i++) { Attribute attr = Attribute.getInstance(attrs.getObjectAt(i)); if (PKCSObjectIdentifiers.pkcs_9_at_extensionRequest.equals(attr.getAttrType())) { extensions = Extensions.getInstance(attr.getAttributeValues()[0]); } } X500Name subject = certTemp.getSubject(); if (childAuditEvent != null) { childAuditEvent.addEventData(new AuditEventData("subject", X509Util.getRFC4519Name(subject))); } SubjectPublicKeyInfo publicKeyInfo = certTemp.getSubjectPublicKeyInfo(); try { CmpUtf8Pairs keyvalues = CmpUtil.extract(reqHeader.getGeneralInfo()); String certprofileName = keyvalues == null ? null : keyvalues.getValue(CmpUtf8Pairs.KEY_CERT_PROFILE); if (certprofileName == null) { throw new CMPException("no certificate profile is specified"); } if (childAuditEvent != null) { childAuditEvent.addEventData(new AuditEventData("certprofile", certprofileName)); } checkPermission(requestor, certprofileName); certResp = generateCertificate(requestor, user, tid, certReqId, subject, publicKeyInfo, null, extensions, certprofileName, false, confirmWaitTime, childAuditEvent); } catch (CMPException e) { certResp = new CertResponse(certReqId, generateCmpRejectionStatus(PKIFailureInfo.badCertTemplate, e.getMessage())); if (childAuditEvent != null) { childAuditEvent.setStatus(AuditStatus.FAILED); childAuditEvent.addEventData(new AuditEventData("message", "badCertTemplate")); } } // end try } CMPCertificate[] caPubs = sendCaCert ? new CMPCertificate[] { getCA().getCAInfo().getCertInCMPFormat() } : null; CertRepMessage repMessage = new CertRepMessage(caPubs, new CertResponse[] { certResp }); return new PKIBody(PKIBody.TYPE_CERT_REP, repMessage); }
From source file:org.xipki.pki.ca.client.impl.X509CmpRequestor.java
License:Open Source License
public EnrollCertResultResp requestCertificate(final CsrEnrollCertRequest csr, final String username, final Date notBefore, final Date notAfter, final RequestResponseDebug debug) throws CmpRequestorException, PkiErrorException { ParamUtil.requireNonNull("csr", csr); PKIMessage request = buildPkiMessage(csr, username, notBefore, notAfter); Map<BigInteger, String> reqIdIdMap = new HashMap<>(); reqIdIdMap.put(MINUS_ONE, csr.getId()); return internRequestCertificate(request, reqIdIdMap, PKIBody.TYPE_CERT_REP, debug); }
From source file:org.xipki.pki.ca.client.impl.X509CmpRequestor.java
License:Open Source License
public EnrollCertResultResp requestCertificate(final EnrollCertRequest req, final String username, final RequestResponseDebug debug) throws CmpRequestorException, PkiErrorException { ParamUtil.requireNonNull("req", req); PKIMessage request = buildPkiMessage(req, username); Map<BigInteger, String> reqIdIdMap = new HashMap<>(); List<EnrollCertRequestEntry> reqEntries = req.getRequestEntries(); for (EnrollCertRequestEntry reqEntry : reqEntries) { reqIdIdMap.put(reqEntry.getCertReq().getCertReqId().getValue(), reqEntry.getId()); }/*ww w .j av a 2 s. c om*/ int exptectedBodyType; switch (req.getType()) { case CERT_REQ: exptectedBodyType = PKIBody.TYPE_CERT_REP; break; case KEY_UPDATE: exptectedBodyType = PKIBody.TYPE_KEY_UPDATE_REP; break; default: exptectedBodyType = PKIBody.TYPE_CROSS_CERT_REP; } return internRequestCertificate(request, reqIdIdMap, exptectedBodyType, debug); }
From source file:org.xipki.pki.ca.server.impl.cmp.X509CaCmpResponder.java
License:Open Source License
/** * handle the PKI body with the choice {@code cr}. * *//*ww w .j a v a 2s.co m*/ private PKIBody processCr(final PKIMessage request, final CmpRequestorInfo requestor, final String user, final ASN1OctetString tid, final PKIHeader reqHeader, final CertReqMessages cr, final CmpControl cmpControl, final String msgId, final AuditEvent event) { CertRepMessage repMessage = processCertReqMessages(request, requestor, user, tid, reqHeader, cr, false, cmpControl, msgId, event); return new PKIBody(PKIBody.TYPE_CERT_REP, repMessage); }
From source file:org.xipki.pki.ca.server.impl.cmp.X509CaCmpResponder.java
License:Open Source License
/** * handle the PKI body with the choice {@code p10cr}<br/> * Since it is not possible to add attribute to the PKCS#10 request (CSR), the certificate * profile must be specified in the attribute regInfo-utf8Pairs (1.3.6.1.5.5.7.5.2.1) within * PKIHeader.generalInfo// www . j a v a 2 s . c o m * */ private PKIBody processP10cr(final PKIMessage request, final CmpRequestorInfo requestor, final String user, final ASN1OctetString tid, final PKIHeader reqHeader, final CertificationRequest p10cr, final CmpControl cmpControl, final String msgId, final AuditEvent event) { // verify the POP first CertResponse certResp; ASN1Integer certReqId = new ASN1Integer(-1); boolean certGenerated = false; X509Ca ca = getCa(); if (!securityFactory.verifyPopo(p10cr, getCmpControl().getPopoAlgoValidator())) { LOG.warn("could not validate POP for the pkcs#10 requst"); certResp = buildErrorCertResponse(certReqId, PKIFailureInfo.badPOP, "invalid POP"); } else { CertificationRequestInfo certTemp = p10cr.getCertificationRequestInfo(); Extensions extensions = CaUtil.getExtensions(certTemp); X500Name subject = certTemp.getSubject(); SubjectPublicKeyInfo publicKeyInfo = certTemp.getSubjectPublicKeyInfo(); CmpUtf8Pairs keyvalues = CmpUtil.extract(reqHeader.getGeneralInfo()); String certprofileName = null; Date notBefore = null; Date notAfter = null; if (keyvalues != null) { certprofileName = keyvalues.getValue(CmpUtf8Pairs.KEY_CERT_PROFILE); String str = keyvalues.getValue(CmpUtf8Pairs.KEY_NOT_BEFORE); if (str != null) { notBefore = DateUtil.parseUtcTimeyyyyMMddhhmmss(str); } str = keyvalues.getValue(CmpUtf8Pairs.KEY_NOT_AFTER); if (str != null) { notAfter = DateUtil.parseUtcTimeyyyyMMddhhmmss(str); } } if (certprofileName == null) { certResp = buildErrorCertResponse(certReqId, PKIFailureInfo.badCertTemplate, "badCertTemplate", null); } else { if (!isCertProfilePermitted(requestor, certprofileName)) { String msg = "certprofile " + certprofileName + " is not allowed"; certResp = buildErrorCertResponse(certReqId, PKIFailureInfo.notAuthorized, msg); } else { CertTemplateData certTemplateData = new CertTemplateData(subject, publicKeyInfo, notBefore, notAfter, extensions, certprofileName); certResp = generateCertificates(Arrays.asList(certTemplateData), Arrays.asList(certReqId), requestor, user, tid, false, request, cmpControl, msgId, event).get(0); certGenerated = true; } } } CMPCertificate[] caPubs = null; if (certGenerated && cmpControl.isSendCaCert()) { caPubs = new CMPCertificate[] { ca.getCaInfo().getCertInCmpFormat() }; } CertRepMessage repMessage = new CertRepMessage(caPubs, new CertResponse[] { certResp }); return new PKIBody(PKIBody.TYPE_CERT_REP, repMessage); }