List of usage examples for org.bouncycastle.asn1.cmp PKIBody TYPE_REVOCATION_REQ
int TYPE_REVOCATION_REQ
To view the source code for org.bouncycastle.asn1.cmp PKIBody TYPE_REVOCATION_REQ.
Click Source Link
From source file:org.cryptable.pki.communication.PKICMPMessages.java
License:Open Source License
/** * Revoke a certificate/* w w w . j a va2s. c om*/ * */ public byte[] createRevocationMessage(RevocationInput[] revocationInputs) throws CertificateEncodingException, CMSException, CRMFException, OperatorCreationException, CMPException, IOException, PKICMPMessageException, NoSuchFieldException, IllegalAccessException { List<RevDetails> revDetailsList = new ArrayList<RevDetails>(revocationInputs.length); for (RevocationInput revocationInput : revocationInputs) { List<Extension> extensions = new ArrayList<Extension>(); X509CertificateHolder x509CertificateHolder = new JcaX509CertificateHolder( revocationInput.getX509Certificate()); CertTemplateBuilder certTemplateBuilder = new CertTemplateBuilder(); // Template to fill in certTemplateBuilder.setSubject(x509CertificateHolder.getSubject()) .setIssuer(x509CertificateHolder.getIssuer()) .setSerialNumber(new ASN1Integer(x509CertificateHolder.getSerialNumber())) .setPublicKey(x509CertificateHolder.getSubjectPublicKeyInfo()); // Optional Revocation Extensions if (revocationInput.getReasonCode() != -1) { extensions.add(new Extension(Extension.reasonCode, false, new ReasonFlags(revocationInput.getReasonCode()).getEncoded())); } if (revocationInput.getInvalidityDate() != null) { extensions.add(new Extension(Extension.invalidityDate, false, new Time(revocationInput.getInvalidityDate()).getEncoded())); } if (extensions.size() == 0) { revDetailsList.add(new RevDetails(certTemplateBuilder.build())); } else { revDetailsList.add(new RevDetails(certTemplateBuilder.build(), new Extensions(extensions.toArray(new Extension[extensions.size()])))); } } RevReqContent revReqContent = new RevReqContent( revDetailsList.toArray(new RevDetails[revDetailsList.size()])); return createProtectedPKIMessage(new PKIBody(PKIBody.TYPE_REVOCATION_REQ, revReqContent)); }
From source file:org.cryptable.pki.communication.PKICMPMessagesTest.java
License:Open Source License
/** * Test the confirmation message from the certification authority * * @throws IOException// w w w . j a v a 2 s. c om * @throws CertificateEncodingException * @throws OperatorCreationException * @throws CMPException */ @Test public void testRevocationMessage() throws IOException, CertificateEncodingException, OperatorCreationException, CMPException, PKICMPMessageException, CRMFException, IllegalAccessException, CMSException, NoSuchFieldException { PKICMPMessages pkiMessages = new PKICMPMessages(); pkiMessages.setPkiKeyStore(pkiKeyStoreRA); List<RevocationInput> revocationInputs = new ArrayList<RevocationInput>(2); revocationInputs.add(new RevocationInput(pki.getTestUser1Cert())); revocationInputs.add(new RevocationInput(pki.getTestUser2Cert())); byte[] result = pkiMessages .createRevocationMessage(revocationInputs.toArray(new RevocationInput[revocationInputs.size()])); ASN1InputStream asn1InputStream = new ASN1InputStream(result); ASN1Primitive asn1Primitive = asn1InputStream.readObject(); PKIMessage pkiMessage = PKIMessage.getInstance(asn1Primitive); // Check the Body Assert.assertEquals(PKIBody.TYPE_REVOCATION_REQ, pkiMessage.getBody().getType()); RevDetails[] revDetailses = RevReqContent.getInstance(pkiMessage.getBody().getContent()) .toRevDetailsArray(); Assert.assertEquals(pki.getTestUser1Cert().getIssuerDN().getName().toString(), revDetailses[0].getCertDetails().getIssuer().toString()); Assert.assertEquals(pki.getTestUser1Cert().getSerialNumber(), revDetailses[0].getCertDetails().getSerialNumber().getValue()); Assert.assertEquals(pki.getTestUser1Cert().getSubjectDN().getName().toString(), revDetailses[0].getCertDetails().getSubject().toString()); Assert.assertArrayEquals(pki.getTestUser1Cert().getPublicKey().getEncoded(), revDetailses[0].getCertDetails().getPublicKey().getEncoded()); Assert.assertNull(revDetailses[0].getCrlEntryDetails()); Assert.assertEquals(pki.getTestUser2Cert().getIssuerDN().getName().toString(), revDetailses[1].getCertDetails().getIssuer().toString()); Assert.assertEquals(pki.getTestUser2Cert().getSerialNumber(), revDetailses[1].getCertDetails().getSerialNumber().getValue()); Assert.assertEquals(pki.getTestUser2Cert().getSubjectDN().getName().toString(), revDetailses[1].getCertDetails().getSubject().toString()); Assert.assertArrayEquals(pki.getTestUser2Cert().getPublicKey().getEncoded(), revDetailses[1].getCertDetails().getPublicKey().getEncoded()); Assert.assertNull(revDetailses[1].getCrlEntryDetails()); }
From source file:org.cryptable.pki.communication.PKICMPMessagesTest.java
License:Open Source License
/** * Test the confirmation message from the certification authority * * @throws IOException// w w w . j a va2s .c om * @throws CertificateEncodingException * @throws OperatorCreationException * @throws CMPException */ @Test public void testRevocationMessageWithExtensions() throws IOException, CertificateEncodingException, OperatorCreationException, CMPException, PKICMPMessageException, CRMFException, IllegalAccessException, CMSException, NoSuchFieldException { PKICMPMessages pkiMessages = new PKICMPMessages(); pkiMessages.setPkiKeyStore(pkiKeyStoreRA); List<RevocationInput> revocationInputs = new ArrayList<RevocationInput>(2); Date invalidityDate = new Date(System.currentTimeMillis() - 500L * 60 * 60 * 24 * 30); revocationInputs.add(new RevocationInput(pki.getTestUser1Cert(), RevocationInput.aACompromise)); revocationInputs .add(new RevocationInput(pki.getTestUser2Cert(), RevocationInput.noReasonCode, invalidityDate)); byte[] result = pkiMessages .createRevocationMessage(revocationInputs.toArray(new RevocationInput[revocationInputs.size()])); ASN1InputStream asn1InputStream = new ASN1InputStream(result); ASN1Primitive asn1Primitive = asn1InputStream.readObject(); PKIMessage pkiMessage = PKIMessage.getInstance(asn1Primitive); // Check the Body Assert.assertEquals(PKIBody.TYPE_REVOCATION_REQ, pkiMessage.getBody().getType()); RevDetails[] revDetailses = RevReqContent.getInstance(pkiMessage.getBody().getContent()) .toRevDetailsArray(); Assert.assertEquals(pki.getTestUser1Cert().getIssuerDN().getName().toString(), revDetailses[0].getCertDetails().getIssuer().toString()); Assert.assertEquals(pki.getTestUser1Cert().getSerialNumber(), revDetailses[0].getCertDetails().getSerialNumber().getValue()); Assert.assertEquals(pki.getTestUser1Cert().getSubjectDN().getName().toString(), revDetailses[0].getCertDetails().getSubject().toString()); Assert.assertArrayEquals(pki.getTestUser1Cert().getPublicKey().getEncoded(), revDetailses[0].getCertDetails().getPublicKey().getEncoded()); Assert.assertNotNull(revDetailses[0].getCrlEntryDetails()); Assert.assertNull(revDetailses[0].getCrlEntryDetails().getExtensionParsedValue(Extension.invalidityDate)); ReasonFlags reasonFlags = new ReasonFlags(ReasonFlags .getInstance(revDetailses[0].getCrlEntryDetails().getExtensionParsedValue(Extension.reasonCode))); Assert.assertEquals(RevocationInput.aACompromise, reasonFlags.intValue()); Assert.assertEquals(pki.getTestUser2Cert().getIssuerDN().getName().toString(), revDetailses[1].getCertDetails().getIssuer().toString()); Assert.assertEquals(pki.getTestUser2Cert().getSerialNumber(), revDetailses[1].getCertDetails().getSerialNumber().getValue()); Assert.assertEquals(pki.getTestUser2Cert().getSubjectDN().getName().toString(), revDetailses[1].getCertDetails().getSubject().toString()); Assert.assertArrayEquals(pki.getTestUser2Cert().getPublicKey().getEncoded(), revDetailses[1].getCertDetails().getPublicKey().getEncoded()); Assert.assertNotNull(revDetailses[1].getCrlEntryDetails()); Assert.assertNull(revDetailses[1].getCrlEntryDetails().getExtensionParsedValue(Extension.reasonCode)); Time tmp = new Time(revDetailses[1].getCrlEntryDetails().getExtensionParsedValue(Extension.invalidityDate) .toASN1Primitive()); Assert.assertEquals(invalidityDate.toString(), tmp.getDate().toString()); }
From source file:org.ejbca.core.protocol.cmp.CmpTestCase.java
License:Open Source License
protected static PKIMessage genRevReq(String issuerDN, X500Name userDN, BigInteger serNo, Certificate cacert, byte[] nonce, byte[] transid, boolean crlEntryExtension, AlgorithmIdentifier pAlg, DEROctetString senderKID) throws IOException { CertTemplateBuilder myCertTemplate = new CertTemplateBuilder(); myCertTemplate.setIssuer(new X500Name(issuerDN)); myCertTemplate.setSubject(userDN);//ww w . j av a 2s.c o m myCertTemplate.setSerialNumber(new ASN1Integer(serNo)); ExtensionsGenerator extgen = new ExtensionsGenerator(); CRLReason crlReason; if (crlEntryExtension) { crlReason = CRLReason.lookup(CRLReason.cessationOfOperation); } else { crlReason = CRLReason.lookup(CRLReason.keyCompromise); } extgen.addExtension(Extension.reasonCode, false, crlReason); Extensions exts = extgen.generate(); ASN1EncodableVector v = new ASN1EncodableVector(); v.add(myCertTemplate.build()); v.add(exts); ASN1Sequence seq = new DERSequence(v); RevDetails myRevDetails = RevDetails.getInstance(seq); //new RevDetails(myCertTemplate.build(), exts); RevReqContent myRevReqContent = new RevReqContent(myRevDetails); PKIHeaderBuilder myPKIHeader = new PKIHeaderBuilder(2, new GeneralName(userDN), new GeneralName(new X500Name(((X509Certificate) cacert).getSubjectDN().getName()))); myPKIHeader.setMessageTime(new ASN1GeneralizedTime(new Date())); // senderNonce myPKIHeader.setSenderNonce(new DEROctetString(nonce)); // TransactionId myPKIHeader.setTransactionID(new DEROctetString(transid)); myPKIHeader.setProtectionAlg(pAlg); myPKIHeader.setSenderKID(senderKID); PKIBody myPKIBody = new PKIBody(PKIBody.TYPE_REVOCATION_REQ, myRevReqContent); // revocation request PKIMessage myPKIMessage = new PKIMessage(myPKIHeader.build(), myPKIBody); return myPKIMessage; }
From source file:org.ejbca.ui.cmpclient.commands.RevocationRequestCommand.java
License:Open Source License
@Override public PKIMessage generatePKIMessage(ParameterContainer parameters) throws Exception { boolean verbose = parameters.containsKey(VERBOSE_KEY); final X500Name userDN = new X500Name("CN=foo"); final X500Name issuerDN = new X500Name(parameters.get(ISSUERDN_KEY)); BigInteger serno = new BigInteger(parameters.get(SERNO_KEY), 16); if (verbose) { log.info("Creating revocation request with: SubjectDN=" + userDN.toString()); log.info("Creating revocation request with: IssuerDN=" + issuerDN.toString()); log.info("Creating revocation request with: CertSerno=" + serno.toString(16)); }/*from w w w .j a v a2 s . c o m*/ byte[] nonce = CmpClientMessageHelper.getInstance().createSenderNonce(); byte[] transid = CmpClientMessageHelper.getInstance().createSenderNonce(); CertTemplateBuilder myCertTemplate = new CertTemplateBuilder(); myCertTemplate.setIssuer(issuerDN); myCertTemplate.setSubject(userDN); myCertTemplate.setSerialNumber(new ASN1Integer(serno)); ExtensionsGenerator extgen = new ExtensionsGenerator(); extgen.addExtension(Extension.reasonCode, false, getCRLReason(parameters.get(REVOCATION_REASON_KEY))); Extensions exts = extgen.generate(); ASN1EncodableVector v = new ASN1EncodableVector(); v.add(myCertTemplate.build()); v.add(exts); ASN1Sequence seq = new DERSequence(v); RevDetails myRevDetails = RevDetails.getInstance(seq); RevReqContent myRevReqContent = new RevReqContent(myRevDetails); PKIHeaderBuilder myPKIHeader = new PKIHeaderBuilder(2, new GeneralName(userDN), new GeneralName(issuerDN)); myPKIHeader.setMessageTime(new ASN1GeneralizedTime(new Date())); // senderNonce myPKIHeader.setSenderNonce(new DEROctetString(nonce)); // TransactionId myPKIHeader.setTransactionID(new DEROctetString(transid)); myPKIHeader.setProtectionAlg(null); myPKIHeader.setSenderKID(new byte[0]); PKIBody myPKIBody = new PKIBody(PKIBody.TYPE_REVOCATION_REQ, myRevReqContent); // revocation request PKIMessage myPKIMessage = new PKIMessage(myPKIHeader.build(), myPKIBody); return myPKIMessage; }
From source file:org.xipki.ca.client.impl.X509CmpRequestor.java
License:Open Source License
private PKIMessage buildRevokeCertRequest(final RevokeCertRequestType request) throws CmpRequestorException { PKIHeader header = buildPKIHeader(null); List<RevokeCertRequestEntryType> requestEntries = request.getRequestEntries(); List<RevDetails> revDetailsArray = new ArrayList<>(requestEntries.size()); for (RevokeCertRequestEntryType requestEntry : requestEntries) { CertTemplateBuilder certTempBuilder = new CertTemplateBuilder(); certTempBuilder.setIssuer(requestEntry.getIssuer()); certTempBuilder.setSerialNumber(new ASN1Integer(requestEntry.getSerialNumber())); Date invalidityDate = requestEntry.getInvalidityDate(); Extension[] extensions = new Extension[invalidityDate == null ? 1 : 2]; try {/* w w w. jav a 2 s .c om*/ ASN1Enumerated reason = new ASN1Enumerated(requestEntry.getReason()); extensions[0] = new Extension(Extension.reasonCode, true, new DEROctetString(reason.getEncoded())); if (invalidityDate != null) { ASN1GeneralizedTime time = new ASN1GeneralizedTime(invalidityDate); extensions[1] = new Extension(Extension.invalidityDate, true, new DEROctetString(time.getEncoded())); } } catch (IOException e) { throw new CmpRequestorException(e.getMessage(), e); } Extensions exts = new Extensions(extensions); RevDetails revDetails = new RevDetails(certTempBuilder.build(), exts); revDetailsArray.add(revDetails); } RevReqContent content = new RevReqContent(revDetailsArray.toArray(new RevDetails[0])); PKIBody body = new PKIBody(PKIBody.TYPE_REVOCATION_REQ, content); return new PKIMessage(header, body); }
From source file:org.xipki.ca.client.impl.X509CmpRequestor.java
License:Open Source License
private PKIMessage buildUnrevokeOrRemoveCertRequest(final UnrevokeOrRemoveCertRequestType request, final int reasonCode) throws CmpRequestorException { PKIHeader header = buildPKIHeader(null); List<IssuerSerialEntryType> requestEntries = request.getRequestEntries(); List<RevDetails> revDetailsArray = new ArrayList<>(requestEntries.size()); for (IssuerSerialEntryType requestEntry : requestEntries) { CertTemplateBuilder certTempBuilder = new CertTemplateBuilder(); certTempBuilder.setIssuer(requestEntry.getIssuer()); certTempBuilder.setSerialNumber(new ASN1Integer(requestEntry.getSerialNumber())); Extension[] extensions = new Extension[1]; try {//from www .ja v a 2 s .c o m ASN1Enumerated reason = new ASN1Enumerated(reasonCode); extensions[0] = new Extension(Extension.reasonCode, true, new DEROctetString(reason.getEncoded())); } catch (IOException e) { throw new CmpRequestorException(e.getMessage(), e); } Extensions exts = new Extensions(extensions); RevDetails revDetails = new RevDetails(certTempBuilder.build(), exts); revDetailsArray.add(revDetails); } RevReqContent content = new RevReqContent(revDetailsArray.toArray(new RevDetails[0])); PKIBody body = new PKIBody(PKIBody.TYPE_REVOCATION_REQ, content); return new PKIMessage(header, body); }
From source file:org.xipki.ca.server.impl.X509CACmpResponder.java
License:Open Source License
@Override protected PKIMessage intern_processPKIMessage(final RequestorInfo requestor, final String user, final ASN1OctetString tid, final GeneralPKIMessage message, final AuditEvent auditEvent) throws ConfigurationException { if (requestor instanceof CmpRequestorInfo == false) { throw new IllegalArgumentException("unknown requestor type " + requestor.getClass().getName()); }// w w w .j a va2s . c om CmpRequestorInfo _requestor = (CmpRequestorInfo) requestor; if (_requestor != null && auditEvent != null) { auditEvent.addEventData(new AuditEventData("requestor", _requestor.getCert().getSubject())); } PKIHeader reqHeader = message.getHeader(); PKIHeaderBuilder respHeader = new PKIHeaderBuilder(reqHeader.getPvno().getValue().intValue(), getSender(), reqHeader.getSender()); respHeader.setTransactionID(tid); PKIBody respBody; PKIBody reqBody = message.getBody(); final int type = reqBody.getType(); CmpControl cmpControl = getCmpControl(); try { switch (type) { case PKIBody.TYPE_CERT_REQ: case PKIBody.TYPE_KEY_UPDATE_REQ: case PKIBody.TYPE_P10_CERT_REQ: case PKIBody.TYPE_CROSS_CERT_REQ: { respBody = cmpEnrollCert(respHeader, cmpControl, reqHeader, reqBody, _requestor, user, tid, auditEvent); break; } case PKIBody.TYPE_CERT_CONFIRM: { addAutitEventType(auditEvent, "CERT_CONFIRM"); CertConfirmContent certConf = (CertConfirmContent) reqBody.getContent(); respBody = confirmCertificates(tid, certConf); break; } case PKIBody.TYPE_REVOCATION_REQ: { respBody = cmpRevokeOrUnrevokeOrRemoveCertificates(respHeader, cmpControl, reqHeader, reqBody, _requestor, user, tid, auditEvent); break; } case PKIBody.TYPE_CONFIRM: { addAutitEventType(auditEvent, "CONFIRM"); respBody = new PKIBody(PKIBody.TYPE_CONFIRM, DERNull.INSTANCE); } case PKIBody.TYPE_ERROR: { addAutitEventType(auditEvent, "ERROR"); revokePendingCertificates(tid); respBody = new PKIBody(PKIBody.TYPE_CONFIRM, DERNull.INSTANCE); break; } case PKIBody.TYPE_GEN_MSG: { respBody = cmpGeneralMsg(respHeader, cmpControl, reqHeader, reqBody, _requestor, user, tid, auditEvent); break; } default: { addAutitEventType(auditEvent, "PKIBody." + type); respBody = createErrorMsgPKIBody(PKIStatus.rejection, PKIFailureInfo.badRequest, "unsupported type " + type); break; } } // end switch(type) } catch (InsuffientPermissionException e) { ErrorMsgContent emc = new ErrorMsgContent(new PKIStatusInfo(PKIStatus.rejection, new PKIFreeText(e.getMessage()), new PKIFailureInfo(PKIFailureInfo.notAuthorized))); respBody = new PKIBody(PKIBody.TYPE_ERROR, emc); } if (auditEvent != null) { if (respBody.getType() == PKIBody.TYPE_ERROR) { ErrorMsgContent errorMsgContent = (ErrorMsgContent) respBody.getContent(); AuditStatus auditStatus = AuditStatus.FAILED; org.xipki.ca.common.cmp.PKIStatusInfo pkiStatus = new org.xipki.ca.common.cmp.PKIStatusInfo( errorMsgContent.getPKIStatusInfo()); if (pkiStatus.getPkiFailureInfo() == PKIFailureInfo.systemFailure) { auditStatus = AuditStatus.FAILED; } auditEvent.setStatus(auditStatus); String statusString = pkiStatus.getStatusMessage(); if (statusString != null) { auditEvent.addEventData(new AuditEventData("message", statusString)); } } else if (auditEvent.getStatus() == null) { auditEvent.setStatus(AuditStatus.SUCCESSFUL); } } return new PKIMessage(respHeader.build(), respBody); }
From source file:org.xipki.pki.ca.client.impl.X509CmpRequestor.java
License:Open Source License
private PKIMessage buildRevokeCertRequest(final RevokeCertRequest request) throws CmpRequestorException { PKIHeader header = buildPkiHeader(null); List<RevokeCertRequestEntry> requestEntries = request.getRequestEntries(); List<RevDetails> revDetailsArray = new ArrayList<>(requestEntries.size()); for (RevokeCertRequestEntry requestEntry : requestEntries) { CertTemplateBuilder certTempBuilder = new CertTemplateBuilder(); certTempBuilder.setIssuer(requestEntry.getIssuer()); certTempBuilder.setSerialNumber(new ASN1Integer(requestEntry.getSerialNumber())); byte[] aki = requestEntry.getAuthorityKeyIdentifier(); if (aki != null) { Extensions certTempExts = getCertTempExtensions(aki); certTempBuilder.setExtensions(certTempExts); }//from ww w . j a va 2s . c om Date invalidityDate = requestEntry.getInvalidityDate(); int idx = (invalidityDate == null) ? 1 : 2; Extension[] extensions = new Extension[idx]; try { ASN1Enumerated reason = new ASN1Enumerated(requestEntry.getReason()); extensions[0] = new Extension(Extension.reasonCode, true, new DEROctetString(reason.getEncoded())); if (invalidityDate != null) { ASN1GeneralizedTime time = new ASN1GeneralizedTime(invalidityDate); extensions[1] = new Extension(Extension.invalidityDate, true, new DEROctetString(time.getEncoded())); } } catch (IOException ex) { throw new CmpRequestorException(ex.getMessage(), ex); } Extensions exts = new Extensions(extensions); RevDetails revDetails = new RevDetails(certTempBuilder.build(), exts); revDetailsArray.add(revDetails); } RevReqContent content = new RevReqContent(revDetailsArray.toArray(new RevDetails[0])); PKIBody body = new PKIBody(PKIBody.TYPE_REVOCATION_REQ, content); return new PKIMessage(header, body); }
From source file:org.xipki.pki.ca.client.impl.X509CmpRequestor.java
License:Open Source License
private PKIMessage buildUnrevokeOrRemoveCertRequest(final UnrevokeOrRemoveCertRequest request, final int reasonCode) throws CmpRequestorException { PKIHeader header = buildPkiHeader(null); List<UnrevokeOrRemoveCertEntry> requestEntries = request.getRequestEntries(); List<RevDetails> revDetailsArray = new ArrayList<>(requestEntries.size()); for (UnrevokeOrRemoveCertEntry requestEntry : requestEntries) { CertTemplateBuilder certTempBuilder = new CertTemplateBuilder(); certTempBuilder.setIssuer(requestEntry.getIssuer()); certTempBuilder.setSerialNumber(new ASN1Integer(requestEntry.getSerialNumber())); byte[] aki = requestEntry.getAuthorityKeyIdentifier(); if (aki != null) { Extensions certTempExts = getCertTempExtensions(aki); certTempBuilder.setExtensions(certTempExts); }/*from w w w. j av a 2 s .c o m*/ Extension[] extensions = new Extension[1]; try { ASN1Enumerated reason = new ASN1Enumerated(reasonCode); extensions[0] = new Extension(Extension.reasonCode, true, new DEROctetString(reason.getEncoded())); } catch (IOException ex) { throw new CmpRequestorException(ex.getMessage(), ex); } Extensions exts = new Extensions(extensions); RevDetails revDetails = new RevDetails(certTempBuilder.build(), exts); revDetailsArray.add(revDetails); } RevReqContent content = new RevReqContent(revDetailsArray.toArray(new RevDetails[0])); PKIBody body = new PKIBody(PKIBody.TYPE_REVOCATION_REQ, content); return new PKIMessage(header, body); }