List of usage examples for org.bouncycastle.asn1.cmp PKIBody TYPE_P10_CERT_REQ
int TYPE_P10_CERT_REQ
To view the source code for org.bouncycastle.asn1.cmp PKIBody TYPE_P10_CERT_REQ.
Click Source Link
From source file:org.xipki.ca.client.impl.X509CmpRequestor.java
License:Open Source License
private PKIMessage buildPKIMessage(final P10EnrollCertRequestType p10Req, final String username) { CmpUtf8Pairs utf8Pairs = new CmpUtf8Pairs(CmpUtf8Pairs.KEY_CERT_PROFILE, p10Req.getCertprofile()); if (StringUtil.isNotBlank(username)) { utf8Pairs.putUtf8Pair(CmpUtf8Pairs.KEY_USER, username); }/* www .j a v a 2 s . co m*/ PKIHeader header = buildPKIHeader(implicitConfirm, null, utf8Pairs); PKIBody body = new PKIBody(PKIBody.TYPE_P10_CERT_REQ, p10Req.getP10Req()); return new PKIMessage(header, body); }
From source file:org.xipki.ca.server.impl.X509CACmpResponder.java
License:Open Source License
@Override protected PKIMessage intern_processPKIMessage(final RequestorInfo requestor, final String user, final ASN1OctetString tid, final GeneralPKIMessage message, final AuditEvent auditEvent) throws ConfigurationException { if (requestor instanceof CmpRequestorInfo == false) { throw new IllegalArgumentException("unknown requestor type " + requestor.getClass().getName()); }/*from w w w.j a v a 2 s . com*/ CmpRequestorInfo _requestor = (CmpRequestorInfo) requestor; if (_requestor != null && auditEvent != null) { auditEvent.addEventData(new AuditEventData("requestor", _requestor.getCert().getSubject())); } PKIHeader reqHeader = message.getHeader(); PKIHeaderBuilder respHeader = new PKIHeaderBuilder(reqHeader.getPvno().getValue().intValue(), getSender(), reqHeader.getSender()); respHeader.setTransactionID(tid); PKIBody respBody; PKIBody reqBody = message.getBody(); final int type = reqBody.getType(); CmpControl cmpControl = getCmpControl(); try { switch (type) { case PKIBody.TYPE_CERT_REQ: case PKIBody.TYPE_KEY_UPDATE_REQ: case PKIBody.TYPE_P10_CERT_REQ: case PKIBody.TYPE_CROSS_CERT_REQ: { respBody = cmpEnrollCert(respHeader, cmpControl, reqHeader, reqBody, _requestor, user, tid, auditEvent); break; } case PKIBody.TYPE_CERT_CONFIRM: { addAutitEventType(auditEvent, "CERT_CONFIRM"); CertConfirmContent certConf = (CertConfirmContent) reqBody.getContent(); respBody = confirmCertificates(tid, certConf); break; } case PKIBody.TYPE_REVOCATION_REQ: { respBody = cmpRevokeOrUnrevokeOrRemoveCertificates(respHeader, cmpControl, reqHeader, reqBody, _requestor, user, tid, auditEvent); break; } case PKIBody.TYPE_CONFIRM: { addAutitEventType(auditEvent, "CONFIRM"); respBody = new PKIBody(PKIBody.TYPE_CONFIRM, DERNull.INSTANCE); } case PKIBody.TYPE_ERROR: { addAutitEventType(auditEvent, "ERROR"); revokePendingCertificates(tid); respBody = new PKIBody(PKIBody.TYPE_CONFIRM, DERNull.INSTANCE); break; } case PKIBody.TYPE_GEN_MSG: { respBody = cmpGeneralMsg(respHeader, cmpControl, reqHeader, reqBody, _requestor, user, tid, auditEvent); break; } default: { addAutitEventType(auditEvent, "PKIBody." + type); respBody = createErrorMsgPKIBody(PKIStatus.rejection, PKIFailureInfo.badRequest, "unsupported type " + type); break; } } // end switch(type) } catch (InsuffientPermissionException e) { ErrorMsgContent emc = new ErrorMsgContent(new PKIStatusInfo(PKIStatus.rejection, new PKIFreeText(e.getMessage()), new PKIFailureInfo(PKIFailureInfo.notAuthorized))); respBody = new PKIBody(PKIBody.TYPE_ERROR, emc); } if (auditEvent != null) { if (respBody.getType() == PKIBody.TYPE_ERROR) { ErrorMsgContent errorMsgContent = (ErrorMsgContent) respBody.getContent(); AuditStatus auditStatus = AuditStatus.FAILED; org.xipki.ca.common.cmp.PKIStatusInfo pkiStatus = new org.xipki.ca.common.cmp.PKIStatusInfo( errorMsgContent.getPKIStatusInfo()); if (pkiStatus.getPkiFailureInfo() == PKIFailureInfo.systemFailure) { auditStatus = AuditStatus.FAILED; } auditEvent.setStatus(auditStatus); String statusString = pkiStatus.getStatusMessage(); if (statusString != null) { auditEvent.addEventData(new AuditEventData("message", statusString)); } } else if (auditEvent.getStatus() == null) { auditEvent.setStatus(AuditStatus.SUCCESSFUL); } } return new PKIMessage(respHeader.build(), respBody); }
From source file:org.xipki.ca.server.impl.X509CACmpResponder.java
License:Open Source License
private PKIBody cmpEnrollCert(final PKIHeaderBuilder respHeader, final CmpControl cmpControl, final PKIHeader reqHeader, final PKIBody reqBody, final CmpRequestorInfo requestor, final String user, final ASN1OctetString tid, final AuditEvent auditEvent) throws InsuffientPermissionException { long confirmWaitTime = cmpControl.getConfirmWaitTime(); if (confirmWaitTime < 0) { confirmWaitTime *= -1;//from w w w.ja v a 2 s . co m } confirmWaitTime *= 1000; // second to millisecond boolean sendCaCert = cmpControl.isSendCaCert(); PKIBody respBody; int type = reqBody.getType(); switch (type) { case PKIBody.TYPE_CERT_REQ: addAutitEventType(auditEvent, "CERT_REQ"); checkPermission(requestor, Permission.ENROLL_CERT); respBody = processCr(requestor, user, tid, reqHeader, (CertReqMessages) reqBody.getContent(), confirmWaitTime, sendCaCert, auditEvent); break; case PKIBody.TYPE_KEY_UPDATE_REQ: addAutitEventType(auditEvent, "KEY_UPDATE"); checkPermission(requestor, Permission.KEY_UPDATE); respBody = processKur(requestor, user, tid, reqHeader, (CertReqMessages) reqBody.getContent(), confirmWaitTime, sendCaCert, auditEvent); break; case PKIBody.TYPE_P10_CERT_REQ: addAutitEventType(auditEvent, "CERT_REQ"); checkPermission(requestor, Permission.ENROLL_CERT); respBody = processP10cr(requestor, user, tid, reqHeader, (CertificationRequest) reqBody.getContent(), confirmWaitTime, sendCaCert, auditEvent); break; case PKIBody.TYPE_CROSS_CERT_REQ: addAutitEventType(auditEvent, "CROSS_CERT_REQ"); checkPermission(requestor, Permission.CROSS_CERT_ENROLL); respBody = processCcp(requestor, user, tid, reqHeader, (CertReqMessages) reqBody.getContent(), confirmWaitTime, sendCaCert, auditEvent); break; default: throw new RuntimeException("should not reach here"); } // switch type InfoTypeAndValue tv = null; if (cmpControl.isConfirmCert() == false && CmpUtil.isImplictConfirm(reqHeader)) { pendingCertPool.removeCertificates(tid.getOctets()); tv = CmpUtil.getImplictConfirmGeneralInfo(); } else { Date now = new Date(); respHeader.setMessageTime(new ASN1GeneralizedTime(now)); tv = new InfoTypeAndValue(CMPObjectIdentifiers.it_confirmWaitTime, new ASN1GeneralizedTime(new Date(System.currentTimeMillis() + confirmWaitTime))); } respHeader.setGeneralInfo(tv); return respBody; }
From source file:org.xipki.pki.ca.client.impl.X509CmpRequestor.java
License:Open Source License
private PKIMessage buildPkiMessage(final CsrEnrollCertRequest csr, final String username, final Date notBefore, final Date notAfter) { CmpUtf8Pairs utf8Pairs = new CmpUtf8Pairs(CmpUtf8Pairs.KEY_CERT_PROFILE, csr.getCertprofile()); if (StringUtil.isNotBlank(username)) { utf8Pairs.putUtf8Pair(CmpUtf8Pairs.KEY_USER, username); }/* www .j a va2s . c o m*/ if (notBefore != null) { utf8Pairs.putUtf8Pair(CmpUtf8Pairs.KEY_NOT_BEFORE, DateUtil.toUtcTimeyyyyMMddhhmmss(notBefore)); } if (notAfter != null) { utf8Pairs.putUtf8Pair(CmpUtf8Pairs.KEY_NOT_AFTER, DateUtil.toUtcTimeyyyyMMddhhmmss(notAfter)); } PKIHeader header = buildPkiHeader(implicitConfirm, null, utf8Pairs); PKIBody body = new PKIBody(PKIBody.TYPE_P10_CERT_REQ, csr.getCsr()); return new PKIMessage(header, body); }
From source file:org.xipki.pki.ca.server.impl.cmp.X509CaCmpResponder.java
License:Open Source License
@Override protected PKIMessage doProcessPkiMessage(PKIMessage request, final RequestorInfo requestor, final String user, final ASN1OctetString tid, final GeneralPKIMessage message, final String msgId, final AuditEvent event) { if (!(requestor instanceof CmpRequestorInfo)) { throw new IllegalArgumentException("unknown requestor type " + requestor.getClass().getName()); }/*from w w w .j av a 2 s. co m*/ CmpRequestorInfo tmpRequestor = (CmpRequestorInfo) requestor; event.addEventData(CaAuditConstants.NAME_requestor, tmpRequestor.getName()); PKIHeader reqHeader = message.getHeader(); PKIHeaderBuilder respHeader = new PKIHeaderBuilder(reqHeader.getPvno().getValue().intValue(), getSender(), reqHeader.getSender()); respHeader.setTransactionID(tid); PKIBody respBody; PKIBody reqBody = message.getBody(); final int type = reqBody.getType(); CmpControl cmpControl = getCmpControl(); try { switch (type) { case PKIBody.TYPE_CERT_REQ: case PKIBody.TYPE_KEY_UPDATE_REQ: case PKIBody.TYPE_P10_CERT_REQ: case PKIBody.TYPE_CROSS_CERT_REQ: String eventType = null; if (PKIBody.TYPE_CERT_REQ == type) { eventType = CaAuditConstants.TYPE_CMP_cr; } else if (PKIBody.TYPE_KEY_UPDATE_REQ == type) { eventType = CaAuditConstants.TYPE_CMP_kur; } else if (PKIBody.TYPE_KEY_UPDATE_REQ == type) { eventType = CaAuditConstants.TYPE_CMP_p10Cr; } else if (PKIBody.TYPE_CROSS_CERT_REQ == type) { eventType = CaAuditConstants.TYPE_CMP_ccr; } if (eventType != null) { event.addEventType(eventType); } respBody = cmpEnrollCert(request, respHeader, cmpControl, reqHeader, reqBody, tmpRequestor, user, tid, msgId, event); break; case PKIBody.TYPE_CERT_CONFIRM: event.addEventType(CaAuditConstants.TYPE_CMP_certConf); CertConfirmContent certConf = (CertConfirmContent) reqBody.getContent(); respBody = confirmCertificates(tid, certConf, msgId); break; case PKIBody.TYPE_REVOCATION_REQ: respBody = cmpUnRevokeRemoveCertificates(request, respHeader, cmpControl, reqHeader, reqBody, tmpRequestor, user, msgId, event); break; case PKIBody.TYPE_CONFIRM: event.addEventType(CaAuditConstants.TYPE_CMP_pkiConf); respBody = new PKIBody(PKIBody.TYPE_CONFIRM, DERNull.INSTANCE); break; case PKIBody.TYPE_GEN_MSG: respBody = cmpGeneralMsg(respHeader, cmpControl, reqHeader, reqBody, tmpRequestor, user, tid, msgId, event); break; case PKIBody.TYPE_ERROR: event.addEventType(CaAuditConstants.TYPE_CMP_error); revokePendingCertificates(tid, msgId); respBody = new PKIBody(PKIBody.TYPE_CONFIRM, DERNull.INSTANCE); break; default: event.addEventType("PKIBody." + type); respBody = buildErrorMsgPkiBody(PKIStatus.rejection, PKIFailureInfo.badRequest, "unsupported type " + type); break; } // end switch (type) } catch (InsuffientPermissionException ex) { ErrorMsgContent emc = new ErrorMsgContent(new PKIStatusInfo(PKIStatus.rejection, new PKIFreeText(ex.getMessage()), new PKIFailureInfo(PKIFailureInfo.notAuthorized))); respBody = new PKIBody(PKIBody.TYPE_ERROR, emc); } if (respBody.getType() == PKIBody.TYPE_ERROR) { ErrorMsgContent errorMsgContent = (ErrorMsgContent) respBody.getContent(); AuditStatus auditStatus = AuditStatus.FAILED; org.xipki.pki.ca.common.cmp.PkiStatusInfo pkiStatus = new org.xipki.pki.ca.common.cmp.PkiStatusInfo( errorMsgContent.getPKIStatusInfo()); if (pkiStatus.getPkiFailureInfo() == PKIFailureInfo.systemFailure) { auditStatus = AuditStatus.FAILED; } event.setStatus(auditStatus); String statusString = pkiStatus.getStatusMessage(); if (statusString != null) { event.addEventData(CaAuditConstants.NAME_message, statusString); } } else if (event.getStatus() == null) { event.setStatus(AuditStatus.SUCCESSFUL); } return new PKIMessage(respHeader.build(), respBody); }
From source file:org.xipki.pki.ca.server.impl.cmp.X509CaCmpResponder.java
License:Open Source License
private PKIBody cmpEnrollCert(final PKIMessage request, final PKIHeaderBuilder respHeader, final CmpControl cmpControl, final PKIHeader reqHeader, final PKIBody reqBody, final CmpRequestorInfo requestor, final String user, final ASN1OctetString tid, final String msgId, final AuditEvent event) throws InsuffientPermissionException { long confirmWaitTime = cmpControl.getConfirmWaitTime(); if (confirmWaitTime < 0) { confirmWaitTime *= -1;/*from ww w . j a va 2 s .co m*/ } confirmWaitTime *= 1000; // second to millisecond PKIBody respBody; int type = reqBody.getType(); switch (type) { case PKIBody.TYPE_CERT_REQ: checkPermission(requestor, Permission.ENROLL_CERT); respBody = processCr(request, requestor, user, tid, reqHeader, CertReqMessages.getInstance(reqBody.getContent()), cmpControl, msgId, event); break; case PKIBody.TYPE_KEY_UPDATE_REQ: checkPermission(requestor, Permission.KEY_UPDATE); respBody = processKur(request, requestor, user, tid, reqHeader, CertReqMessages.getInstance(reqBody.getContent()), cmpControl, msgId, event); break; case PKIBody.TYPE_P10_CERT_REQ: checkPermission(requestor, Permission.ENROLL_CERT); respBody = processP10cr(request, requestor, user, tid, reqHeader, CertificationRequest.getInstance(reqBody.getContent()), cmpControl, msgId, event); break; case PKIBody.TYPE_CROSS_CERT_REQ: checkPermission(requestor, Permission.CROSS_CERT_ENROLL); respBody = processCcp(request, requestor, user, tid, reqHeader, CertReqMessages.getInstance(reqBody.getContent()), cmpControl, msgId, event); break; default: throw new RuntimeException("should not reach here"); } // switch type InfoTypeAndValue tv = null; if (!cmpControl.isConfirmCert() && CmpUtil.isImplictConfirm(reqHeader)) { pendingCertPool.removeCertificates(tid.getOctets()); tv = CmpUtil.getImplictConfirmGeneralInfo(); } else { Date now = new Date(); respHeader.setMessageTime(new ASN1GeneralizedTime(now)); tv = new InfoTypeAndValue(CMPObjectIdentifiers.it_confirmWaitTime, new ASN1GeneralizedTime(new Date(System.currentTimeMillis() + confirmWaitTime))); } respHeader.setGeneralInfo(tv); return respBody; }