List of usage examples for org.bouncycastle.asn1.cmp PKIBody TYPE_CONFIRM
int TYPE_CONFIRM
To view the source code for org.bouncycastle.asn1.cmp PKIBody TYPE_CONFIRM.
Click Source Link
From source file:org.xipki.ca.server.impl.X509CACmpResponder.java
License:Open Source License
@Override protected PKIMessage intern_processPKIMessage(final RequestorInfo requestor, final String user, final ASN1OctetString tid, final GeneralPKIMessage message, final AuditEvent auditEvent) throws ConfigurationException { if (requestor instanceof CmpRequestorInfo == false) { throw new IllegalArgumentException("unknown requestor type " + requestor.getClass().getName()); }//from w w w . ja v a 2s . com CmpRequestorInfo _requestor = (CmpRequestorInfo) requestor; if (_requestor != null && auditEvent != null) { auditEvent.addEventData(new AuditEventData("requestor", _requestor.getCert().getSubject())); } PKIHeader reqHeader = message.getHeader(); PKIHeaderBuilder respHeader = new PKIHeaderBuilder(reqHeader.getPvno().getValue().intValue(), getSender(), reqHeader.getSender()); respHeader.setTransactionID(tid); PKIBody respBody; PKIBody reqBody = message.getBody(); final int type = reqBody.getType(); CmpControl cmpControl = getCmpControl(); try { switch (type) { case PKIBody.TYPE_CERT_REQ: case PKIBody.TYPE_KEY_UPDATE_REQ: case PKIBody.TYPE_P10_CERT_REQ: case PKIBody.TYPE_CROSS_CERT_REQ: { respBody = cmpEnrollCert(respHeader, cmpControl, reqHeader, reqBody, _requestor, user, tid, auditEvent); break; } case PKIBody.TYPE_CERT_CONFIRM: { addAutitEventType(auditEvent, "CERT_CONFIRM"); CertConfirmContent certConf = (CertConfirmContent) reqBody.getContent(); respBody = confirmCertificates(tid, certConf); break; } case PKIBody.TYPE_REVOCATION_REQ: { respBody = cmpRevokeOrUnrevokeOrRemoveCertificates(respHeader, cmpControl, reqHeader, reqBody, _requestor, user, tid, auditEvent); break; } case PKIBody.TYPE_CONFIRM: { addAutitEventType(auditEvent, "CONFIRM"); respBody = new PKIBody(PKIBody.TYPE_CONFIRM, DERNull.INSTANCE); } case PKIBody.TYPE_ERROR: { addAutitEventType(auditEvent, "ERROR"); revokePendingCertificates(tid); respBody = new PKIBody(PKIBody.TYPE_CONFIRM, DERNull.INSTANCE); break; } case PKIBody.TYPE_GEN_MSG: { respBody = cmpGeneralMsg(respHeader, cmpControl, reqHeader, reqBody, _requestor, user, tid, auditEvent); break; } default: { addAutitEventType(auditEvent, "PKIBody." + type); respBody = createErrorMsgPKIBody(PKIStatus.rejection, PKIFailureInfo.badRequest, "unsupported type " + type); break; } } // end switch(type) } catch (InsuffientPermissionException e) { ErrorMsgContent emc = new ErrorMsgContent(new PKIStatusInfo(PKIStatus.rejection, new PKIFreeText(e.getMessage()), new PKIFailureInfo(PKIFailureInfo.notAuthorized))); respBody = new PKIBody(PKIBody.TYPE_ERROR, emc); } if (auditEvent != null) { if (respBody.getType() == PKIBody.TYPE_ERROR) { ErrorMsgContent errorMsgContent = (ErrorMsgContent) respBody.getContent(); AuditStatus auditStatus = AuditStatus.FAILED; org.xipki.ca.common.cmp.PKIStatusInfo pkiStatus = new org.xipki.ca.common.cmp.PKIStatusInfo( errorMsgContent.getPKIStatusInfo()); if (pkiStatus.getPkiFailureInfo() == PKIFailureInfo.systemFailure) { auditStatus = AuditStatus.FAILED; } auditEvent.setStatus(auditStatus); String statusString = pkiStatus.getStatusMessage(); if (statusString != null) { auditEvent.addEventData(new AuditEventData("message", statusString)); } } else if (auditEvent.getStatus() == null) { auditEvent.setStatus(AuditStatus.SUCCESSFUL); } } return new PKIMessage(respHeader.build(), respBody); }
From source file:org.xipki.ca.server.impl.X509CACmpResponder.java
License:Open Source License
private PKIBody confirmCertificates(final ASN1OctetString transactionId, final CertConfirmContent certConf) { CertStatus[] certStatuses = certConf.toCertStatusArray(); boolean successfull = true; for (CertStatus certStatus : certStatuses) { ASN1Integer certReqId = certStatus.getCertReqId(); byte[] certHash = certStatus.getCertHash().getOctets(); X509CertificateInfo certInfo = pendingCertPool.removeCertificate(transactionId.getOctets(), certReqId.getPositiveValue(), certHash); if (certInfo == null) { LOG.warn("no cert under transactionId={}, certReqId={} and certHash=0X{}", new Object[] { transactionId, certReqId.getPositiveValue(), Hex.toHexString(certHash) }); continue; }/*from w w w.ja va2s .c o m*/ PKIStatusInfo statusInfo = certStatus.getStatusInfo(); boolean accept = true; if (statusInfo != null) { int status = statusInfo.getStatus().intValue(); if (PKIStatus.GRANTED != status && PKIStatus.GRANTED_WITH_MODS != status) { accept = false; } } if (accept) { continue; } BigInteger serialNumber = certInfo.getCert().getCert().getSerialNumber(); X509CA ca = getCA(); try { ca.revokeCertificate(serialNumber, CRLReason.CESSATION_OF_OPERATION, new Date()); } catch (OperationException e) { final String msg = "could not revoke certificate ca=" + ca.getCAInfo().getName() + " serialNumber=" + serialNumber; if (LOG.isWarnEnabled()) { LOG.warn(LogUtil.buildExceptionLogFormat(msg), e.getClass().getName(), e.getMessage()); } LOG.debug(msg, e); } successfull = false; } // all other certificates should be revoked if (revokePendingCertificates(transactionId)) { successfull = false; } if (successfull) { return new PKIBody(PKIBody.TYPE_CONFIRM, DERNull.INSTANCE); } ErrorMsgContent emc = new ErrorMsgContent( new PKIStatusInfo(PKIStatus.rejection, null, new PKIFailureInfo(PKIFailureInfo.systemFailure))); return new PKIBody(PKIBody.TYPE_ERROR, emc); }
From source file:org.xipki.pki.ca.server.impl.cmp.X509CaCmpResponder.java
License:Open Source License
@Override protected PKIMessage doProcessPkiMessage(PKIMessage request, final RequestorInfo requestor, final String user, final ASN1OctetString tid, final GeneralPKIMessage message, final String msgId, final AuditEvent event) { if (!(requestor instanceof CmpRequestorInfo)) { throw new IllegalArgumentException("unknown requestor type " + requestor.getClass().getName()); }//from w w w. j a va2s . c om CmpRequestorInfo tmpRequestor = (CmpRequestorInfo) requestor; event.addEventData(CaAuditConstants.NAME_requestor, tmpRequestor.getName()); PKIHeader reqHeader = message.getHeader(); PKIHeaderBuilder respHeader = new PKIHeaderBuilder(reqHeader.getPvno().getValue().intValue(), getSender(), reqHeader.getSender()); respHeader.setTransactionID(tid); PKIBody respBody; PKIBody reqBody = message.getBody(); final int type = reqBody.getType(); CmpControl cmpControl = getCmpControl(); try { switch (type) { case PKIBody.TYPE_CERT_REQ: case PKIBody.TYPE_KEY_UPDATE_REQ: case PKIBody.TYPE_P10_CERT_REQ: case PKIBody.TYPE_CROSS_CERT_REQ: String eventType = null; if (PKIBody.TYPE_CERT_REQ == type) { eventType = CaAuditConstants.TYPE_CMP_cr; } else if (PKIBody.TYPE_KEY_UPDATE_REQ == type) { eventType = CaAuditConstants.TYPE_CMP_kur; } else if (PKIBody.TYPE_KEY_UPDATE_REQ == type) { eventType = CaAuditConstants.TYPE_CMP_p10Cr; } else if (PKIBody.TYPE_CROSS_CERT_REQ == type) { eventType = CaAuditConstants.TYPE_CMP_ccr; } if (eventType != null) { event.addEventType(eventType); } respBody = cmpEnrollCert(request, respHeader, cmpControl, reqHeader, reqBody, tmpRequestor, user, tid, msgId, event); break; case PKIBody.TYPE_CERT_CONFIRM: event.addEventType(CaAuditConstants.TYPE_CMP_certConf); CertConfirmContent certConf = (CertConfirmContent) reqBody.getContent(); respBody = confirmCertificates(tid, certConf, msgId); break; case PKIBody.TYPE_REVOCATION_REQ: respBody = cmpUnRevokeRemoveCertificates(request, respHeader, cmpControl, reqHeader, reqBody, tmpRequestor, user, msgId, event); break; case PKIBody.TYPE_CONFIRM: event.addEventType(CaAuditConstants.TYPE_CMP_pkiConf); respBody = new PKIBody(PKIBody.TYPE_CONFIRM, DERNull.INSTANCE); break; case PKIBody.TYPE_GEN_MSG: respBody = cmpGeneralMsg(respHeader, cmpControl, reqHeader, reqBody, tmpRequestor, user, tid, msgId, event); break; case PKIBody.TYPE_ERROR: event.addEventType(CaAuditConstants.TYPE_CMP_error); revokePendingCertificates(tid, msgId); respBody = new PKIBody(PKIBody.TYPE_CONFIRM, DERNull.INSTANCE); break; default: event.addEventType("PKIBody." + type); respBody = buildErrorMsgPkiBody(PKIStatus.rejection, PKIFailureInfo.badRequest, "unsupported type " + type); break; } // end switch (type) } catch (InsuffientPermissionException ex) { ErrorMsgContent emc = new ErrorMsgContent(new PKIStatusInfo(PKIStatus.rejection, new PKIFreeText(ex.getMessage()), new PKIFailureInfo(PKIFailureInfo.notAuthorized))); respBody = new PKIBody(PKIBody.TYPE_ERROR, emc); } if (respBody.getType() == PKIBody.TYPE_ERROR) { ErrorMsgContent errorMsgContent = (ErrorMsgContent) respBody.getContent(); AuditStatus auditStatus = AuditStatus.FAILED; org.xipki.pki.ca.common.cmp.PkiStatusInfo pkiStatus = new org.xipki.pki.ca.common.cmp.PkiStatusInfo( errorMsgContent.getPKIStatusInfo()); if (pkiStatus.getPkiFailureInfo() == PKIFailureInfo.systemFailure) { auditStatus = AuditStatus.FAILED; } event.setStatus(auditStatus); String statusString = pkiStatus.getStatusMessage(); if (statusString != null) { event.addEventData(CaAuditConstants.NAME_message, statusString); } } else if (event.getStatus() == null) { event.setStatus(AuditStatus.SUCCESSFUL); } return new PKIMessage(respHeader.build(), respBody); }
From source file:org.xipki.pki.ca.server.impl.cmp.X509CaCmpResponder.java
License:Open Source License
private PKIBody confirmCertificates(final ASN1OctetString transactionId, final CertConfirmContent certConf, final String msgId) { CertStatus[] certStatuses = certConf.toCertStatusArray(); boolean successful = true; for (CertStatus certStatus : certStatuses) { ASN1Integer certReqId = certStatus.getCertReqId(); byte[] certHash = certStatus.getCertHash().getOctets(); X509CertificateInfo certInfo = pendingCertPool.removeCertificate(transactionId.getOctets(), certReqId.getPositiveValue(), certHash); if (certInfo == null) { if (LOG.isWarnEnabled()) { LOG.warn("no cert under transactionId={}, certReqId={} and certHash=0X{}", transactionId, certReqId.getPositiveValue(), Hex.toHexString(certHash)); }/*from ww w .j av a2s . c o m*/ continue; } PKIStatusInfo statusInfo = certStatus.getStatusInfo(); boolean accept = true; if (statusInfo != null) { int status = statusInfo.getStatus().intValue(); if (PKIStatus.GRANTED != status && PKIStatus.GRANTED_WITH_MODS != status) { accept = false; } } if (accept) { continue; } BigInteger serialNumber = certInfo.getCert().getCert().getSerialNumber(); X509Ca ca = getCa(); try { ca.revokeCertificate(serialNumber, CrlReason.CESSATION_OF_OPERATION, new Date(), msgId); } catch (OperationException ex) { LogUtil.warn(LOG, ex, "could not revoke certificate ca=" + ca.getCaInfo().getName() + " serialNumber=" + LogUtil.formatCsn(serialNumber)); } successful = false; } // all other certificates should be revoked if (revokePendingCertificates(transactionId, msgId)) { successful = false; } if (successful) { return new PKIBody(PKIBody.TYPE_CONFIRM, DERNull.INSTANCE); } ErrorMsgContent emc = new ErrorMsgContent( new PKIStatusInfo(PKIStatus.rejection, null, new PKIFailureInfo(PKIFailureInfo.systemFailure))); return new PKIBody(PKIBody.TYPE_ERROR, emc); }