List of usage examples for org.bouncycastle.asn1.cmp PKIBody TYPE_CROSS_CERT_REQ
int TYPE_CROSS_CERT_REQ
To view the source code for org.bouncycastle.asn1.cmp PKIBody TYPE_CROSS_CERT_REQ.
Click Source Link
From source file:org.xipki.ca.client.impl.X509CmpRequestor.java
License:Open Source License
private PKIMessage buildPKIMessage(final EnrollCertRequestType req, final String username) { PKIHeader header = buildPKIHeader(implicitConfirm, null, username); List<EnrollCertRequestEntryType> reqEntries = req.getRequestEntries(); CertReqMsg[] certReqMsgs = new CertReqMsg[reqEntries.size()]; for (int i = 0; i < reqEntries.size(); i++) { EnrollCertRequestEntryType reqEntry = reqEntries.get(i); CmpUtf8Pairs utf8Pairs = new CmpUtf8Pairs(CmpUtf8Pairs.KEY_CERT_PROFILE, reqEntry.getCertprofile()); AttributeTypeAndValue certprofileInfo = CmpUtil.buildAttributeTypeAndValue(utf8Pairs); certReqMsgs[i] = new CertReqMsg(reqEntry.getCertReq(), reqEntry.getPopo(), (certprofileInfo == null) ? null : new AttributeTypeAndValue[] { certprofileInfo }); }//from w w w . j a v a 2 s . c om int bodyType; switch (req.getType()) { case CERT_REQ: bodyType = PKIBody.TYPE_CERT_REQ; break; case KEY_UPDATE: bodyType = PKIBody.TYPE_KEY_UPDATE_REQ; break; default: bodyType = PKIBody.TYPE_CROSS_CERT_REQ; } PKIBody body = new PKIBody(bodyType, new CertReqMessages(certReqMsgs)); PKIMessage pkiMessage = new PKIMessage(header, body); return pkiMessage; }
From source file:org.xipki.ca.server.impl.X509CACmpResponder.java
License:Open Source License
@Override protected PKIMessage intern_processPKIMessage(final RequestorInfo requestor, final String user, final ASN1OctetString tid, final GeneralPKIMessage message, final AuditEvent auditEvent) throws ConfigurationException { if (requestor instanceof CmpRequestorInfo == false) { throw new IllegalArgumentException("unknown requestor type " + requestor.getClass().getName()); }/* w ww. j a v a 2 s . com*/ CmpRequestorInfo _requestor = (CmpRequestorInfo) requestor; if (_requestor != null && auditEvent != null) { auditEvent.addEventData(new AuditEventData("requestor", _requestor.getCert().getSubject())); } PKIHeader reqHeader = message.getHeader(); PKIHeaderBuilder respHeader = new PKIHeaderBuilder(reqHeader.getPvno().getValue().intValue(), getSender(), reqHeader.getSender()); respHeader.setTransactionID(tid); PKIBody respBody; PKIBody reqBody = message.getBody(); final int type = reqBody.getType(); CmpControl cmpControl = getCmpControl(); try { switch (type) { case PKIBody.TYPE_CERT_REQ: case PKIBody.TYPE_KEY_UPDATE_REQ: case PKIBody.TYPE_P10_CERT_REQ: case PKIBody.TYPE_CROSS_CERT_REQ: { respBody = cmpEnrollCert(respHeader, cmpControl, reqHeader, reqBody, _requestor, user, tid, auditEvent); break; } case PKIBody.TYPE_CERT_CONFIRM: { addAutitEventType(auditEvent, "CERT_CONFIRM"); CertConfirmContent certConf = (CertConfirmContent) reqBody.getContent(); respBody = confirmCertificates(tid, certConf); break; } case PKIBody.TYPE_REVOCATION_REQ: { respBody = cmpRevokeOrUnrevokeOrRemoveCertificates(respHeader, cmpControl, reqHeader, reqBody, _requestor, user, tid, auditEvent); break; } case PKIBody.TYPE_CONFIRM: { addAutitEventType(auditEvent, "CONFIRM"); respBody = new PKIBody(PKIBody.TYPE_CONFIRM, DERNull.INSTANCE); } case PKIBody.TYPE_ERROR: { addAutitEventType(auditEvent, "ERROR"); revokePendingCertificates(tid); respBody = new PKIBody(PKIBody.TYPE_CONFIRM, DERNull.INSTANCE); break; } case PKIBody.TYPE_GEN_MSG: { respBody = cmpGeneralMsg(respHeader, cmpControl, reqHeader, reqBody, _requestor, user, tid, auditEvent); break; } default: { addAutitEventType(auditEvent, "PKIBody." + type); respBody = createErrorMsgPKIBody(PKIStatus.rejection, PKIFailureInfo.badRequest, "unsupported type " + type); break; } } // end switch(type) } catch (InsuffientPermissionException e) { ErrorMsgContent emc = new ErrorMsgContent(new PKIStatusInfo(PKIStatus.rejection, new PKIFreeText(e.getMessage()), new PKIFailureInfo(PKIFailureInfo.notAuthorized))); respBody = new PKIBody(PKIBody.TYPE_ERROR, emc); } if (auditEvent != null) { if (respBody.getType() == PKIBody.TYPE_ERROR) { ErrorMsgContent errorMsgContent = (ErrorMsgContent) respBody.getContent(); AuditStatus auditStatus = AuditStatus.FAILED; org.xipki.ca.common.cmp.PKIStatusInfo pkiStatus = new org.xipki.ca.common.cmp.PKIStatusInfo( errorMsgContent.getPKIStatusInfo()); if (pkiStatus.getPkiFailureInfo() == PKIFailureInfo.systemFailure) { auditStatus = AuditStatus.FAILED; } auditEvent.setStatus(auditStatus); String statusString = pkiStatus.getStatusMessage(); if (statusString != null) { auditEvent.addEventData(new AuditEventData("message", statusString)); } } else if (auditEvent.getStatus() == null) { auditEvent.setStatus(AuditStatus.SUCCESSFUL); } } return new PKIMessage(respHeader.build(), respBody); }
From source file:org.xipki.ca.server.impl.X509CACmpResponder.java
License:Open Source License
private PKIBody cmpEnrollCert(final PKIHeaderBuilder respHeader, final CmpControl cmpControl, final PKIHeader reqHeader, final PKIBody reqBody, final CmpRequestorInfo requestor, final String user, final ASN1OctetString tid, final AuditEvent auditEvent) throws InsuffientPermissionException { long confirmWaitTime = cmpControl.getConfirmWaitTime(); if (confirmWaitTime < 0) { confirmWaitTime *= -1;/*www .j a v a 2 s . c om*/ } confirmWaitTime *= 1000; // second to millisecond boolean sendCaCert = cmpControl.isSendCaCert(); PKIBody respBody; int type = reqBody.getType(); switch (type) { case PKIBody.TYPE_CERT_REQ: addAutitEventType(auditEvent, "CERT_REQ"); checkPermission(requestor, Permission.ENROLL_CERT); respBody = processCr(requestor, user, tid, reqHeader, (CertReqMessages) reqBody.getContent(), confirmWaitTime, sendCaCert, auditEvent); break; case PKIBody.TYPE_KEY_UPDATE_REQ: addAutitEventType(auditEvent, "KEY_UPDATE"); checkPermission(requestor, Permission.KEY_UPDATE); respBody = processKur(requestor, user, tid, reqHeader, (CertReqMessages) reqBody.getContent(), confirmWaitTime, sendCaCert, auditEvent); break; case PKIBody.TYPE_P10_CERT_REQ: addAutitEventType(auditEvent, "CERT_REQ"); checkPermission(requestor, Permission.ENROLL_CERT); respBody = processP10cr(requestor, user, tid, reqHeader, (CertificationRequest) reqBody.getContent(), confirmWaitTime, sendCaCert, auditEvent); break; case PKIBody.TYPE_CROSS_CERT_REQ: addAutitEventType(auditEvent, "CROSS_CERT_REQ"); checkPermission(requestor, Permission.CROSS_CERT_ENROLL); respBody = processCcp(requestor, user, tid, reqHeader, (CertReqMessages) reqBody.getContent(), confirmWaitTime, sendCaCert, auditEvent); break; default: throw new RuntimeException("should not reach here"); } // switch type InfoTypeAndValue tv = null; if (cmpControl.isConfirmCert() == false && CmpUtil.isImplictConfirm(reqHeader)) { pendingCertPool.removeCertificates(tid.getOctets()); tv = CmpUtil.getImplictConfirmGeneralInfo(); } else { Date now = new Date(); respHeader.setMessageTime(new ASN1GeneralizedTime(now)); tv = new InfoTypeAndValue(CMPObjectIdentifiers.it_confirmWaitTime, new ASN1GeneralizedTime(new Date(System.currentTimeMillis() + confirmWaitTime))); } respHeader.setGeneralInfo(tv); return respBody; }
From source file:org.xipki.pki.ca.client.impl.X509CmpRequestor.java
License:Open Source License
private PKIMessage buildPkiMessage(final EnrollCertRequest req, final String username) { PKIHeader header = buildPkiHeader(implicitConfirm, null, username); List<EnrollCertRequestEntry> reqEntries = req.getRequestEntries(); CertReqMsg[] certReqMsgs = new CertReqMsg[reqEntries.size()]; for (int i = 0; i < reqEntries.size(); i++) { EnrollCertRequestEntry reqEntry = reqEntries.get(i); CmpUtf8Pairs utf8Pairs = new CmpUtf8Pairs(CmpUtf8Pairs.KEY_CERT_PROFILE, reqEntry.getCertprofile()); AttributeTypeAndValue certprofileInfo = CmpUtil.buildAttributeTypeAndValue(utf8Pairs); AttributeTypeAndValue[] atvs = (certprofileInfo == null) ? null : new AttributeTypeAndValue[] { certprofileInfo }; certReqMsgs[i] = new CertReqMsg(reqEntry.getCertReq(), reqEntry.getPopo(), atvs); }/*from www. j a va 2s . c o m*/ int bodyType; switch (req.getType()) { case CERT_REQ: bodyType = PKIBody.TYPE_CERT_REQ; break; case KEY_UPDATE: bodyType = PKIBody.TYPE_KEY_UPDATE_REQ; break; default: bodyType = PKIBody.TYPE_CROSS_CERT_REQ; } PKIBody body = new PKIBody(bodyType, new CertReqMessages(certReqMsgs)); return new PKIMessage(header, body); }
From source file:org.xipki.pki.ca.server.impl.cmp.X509CaCmpResponder.java
License:Open Source License
@Override protected PKIMessage doProcessPkiMessage(PKIMessage request, final RequestorInfo requestor, final String user, final ASN1OctetString tid, final GeneralPKIMessage message, final String msgId, final AuditEvent event) { if (!(requestor instanceof CmpRequestorInfo)) { throw new IllegalArgumentException("unknown requestor type " + requestor.getClass().getName()); }//from ww w. j a va2s.com CmpRequestorInfo tmpRequestor = (CmpRequestorInfo) requestor; event.addEventData(CaAuditConstants.NAME_requestor, tmpRequestor.getName()); PKIHeader reqHeader = message.getHeader(); PKIHeaderBuilder respHeader = new PKIHeaderBuilder(reqHeader.getPvno().getValue().intValue(), getSender(), reqHeader.getSender()); respHeader.setTransactionID(tid); PKIBody respBody; PKIBody reqBody = message.getBody(); final int type = reqBody.getType(); CmpControl cmpControl = getCmpControl(); try { switch (type) { case PKIBody.TYPE_CERT_REQ: case PKIBody.TYPE_KEY_UPDATE_REQ: case PKIBody.TYPE_P10_CERT_REQ: case PKIBody.TYPE_CROSS_CERT_REQ: String eventType = null; if (PKIBody.TYPE_CERT_REQ == type) { eventType = CaAuditConstants.TYPE_CMP_cr; } else if (PKIBody.TYPE_KEY_UPDATE_REQ == type) { eventType = CaAuditConstants.TYPE_CMP_kur; } else if (PKIBody.TYPE_KEY_UPDATE_REQ == type) { eventType = CaAuditConstants.TYPE_CMP_p10Cr; } else if (PKIBody.TYPE_CROSS_CERT_REQ == type) { eventType = CaAuditConstants.TYPE_CMP_ccr; } if (eventType != null) { event.addEventType(eventType); } respBody = cmpEnrollCert(request, respHeader, cmpControl, reqHeader, reqBody, tmpRequestor, user, tid, msgId, event); break; case PKIBody.TYPE_CERT_CONFIRM: event.addEventType(CaAuditConstants.TYPE_CMP_certConf); CertConfirmContent certConf = (CertConfirmContent) reqBody.getContent(); respBody = confirmCertificates(tid, certConf, msgId); break; case PKIBody.TYPE_REVOCATION_REQ: respBody = cmpUnRevokeRemoveCertificates(request, respHeader, cmpControl, reqHeader, reqBody, tmpRequestor, user, msgId, event); break; case PKIBody.TYPE_CONFIRM: event.addEventType(CaAuditConstants.TYPE_CMP_pkiConf); respBody = new PKIBody(PKIBody.TYPE_CONFIRM, DERNull.INSTANCE); break; case PKIBody.TYPE_GEN_MSG: respBody = cmpGeneralMsg(respHeader, cmpControl, reqHeader, reqBody, tmpRequestor, user, tid, msgId, event); break; case PKIBody.TYPE_ERROR: event.addEventType(CaAuditConstants.TYPE_CMP_error); revokePendingCertificates(tid, msgId); respBody = new PKIBody(PKIBody.TYPE_CONFIRM, DERNull.INSTANCE); break; default: event.addEventType("PKIBody." + type); respBody = buildErrorMsgPkiBody(PKIStatus.rejection, PKIFailureInfo.badRequest, "unsupported type " + type); break; } // end switch (type) } catch (InsuffientPermissionException ex) { ErrorMsgContent emc = new ErrorMsgContent(new PKIStatusInfo(PKIStatus.rejection, new PKIFreeText(ex.getMessage()), new PKIFailureInfo(PKIFailureInfo.notAuthorized))); respBody = new PKIBody(PKIBody.TYPE_ERROR, emc); } if (respBody.getType() == PKIBody.TYPE_ERROR) { ErrorMsgContent errorMsgContent = (ErrorMsgContent) respBody.getContent(); AuditStatus auditStatus = AuditStatus.FAILED; org.xipki.pki.ca.common.cmp.PkiStatusInfo pkiStatus = new org.xipki.pki.ca.common.cmp.PkiStatusInfo( errorMsgContent.getPKIStatusInfo()); if (pkiStatus.getPkiFailureInfo() == PKIFailureInfo.systemFailure) { auditStatus = AuditStatus.FAILED; } event.setStatus(auditStatus); String statusString = pkiStatus.getStatusMessage(); if (statusString != null) { event.addEventData(CaAuditConstants.NAME_message, statusString); } } else if (event.getStatus() == null) { event.setStatus(AuditStatus.SUCCESSFUL); } return new PKIMessage(respHeader.build(), respBody); }
From source file:org.xipki.pki.ca.server.impl.cmp.X509CaCmpResponder.java
License:Open Source License
private PKIBody cmpEnrollCert(final PKIMessage request, final PKIHeaderBuilder respHeader, final CmpControl cmpControl, final PKIHeader reqHeader, final PKIBody reqBody, final CmpRequestorInfo requestor, final String user, final ASN1OctetString tid, final String msgId, final AuditEvent event) throws InsuffientPermissionException { long confirmWaitTime = cmpControl.getConfirmWaitTime(); if (confirmWaitTime < 0) { confirmWaitTime *= -1;//from www. j a va2 s .co m } confirmWaitTime *= 1000; // second to millisecond PKIBody respBody; int type = reqBody.getType(); switch (type) { case PKIBody.TYPE_CERT_REQ: checkPermission(requestor, Permission.ENROLL_CERT); respBody = processCr(request, requestor, user, tid, reqHeader, CertReqMessages.getInstance(reqBody.getContent()), cmpControl, msgId, event); break; case PKIBody.TYPE_KEY_UPDATE_REQ: checkPermission(requestor, Permission.KEY_UPDATE); respBody = processKur(request, requestor, user, tid, reqHeader, CertReqMessages.getInstance(reqBody.getContent()), cmpControl, msgId, event); break; case PKIBody.TYPE_P10_CERT_REQ: checkPermission(requestor, Permission.ENROLL_CERT); respBody = processP10cr(request, requestor, user, tid, reqHeader, CertificationRequest.getInstance(reqBody.getContent()), cmpControl, msgId, event); break; case PKIBody.TYPE_CROSS_CERT_REQ: checkPermission(requestor, Permission.CROSS_CERT_ENROLL); respBody = processCcp(request, requestor, user, tid, reqHeader, CertReqMessages.getInstance(reqBody.getContent()), cmpControl, msgId, event); break; default: throw new RuntimeException("should not reach here"); } // switch type InfoTypeAndValue tv = null; if (!cmpControl.isConfirmCert() && CmpUtil.isImplictConfirm(reqHeader)) { pendingCertPool.removeCertificates(tid.getOctets()); tv = CmpUtil.getImplictConfirmGeneralInfo(); } else { Date now = new Date(); respHeader.setMessageTime(new ASN1GeneralizedTime(now)); tv = new InfoTypeAndValue(CMPObjectIdentifiers.it_confirmWaitTime, new ASN1GeneralizedTime(new Date(System.currentTimeMillis() + confirmWaitTime))); } respHeader.setGeneralInfo(tv); return respBody; }