List of usage examples for org.bouncycastle.asn1.cmp PKIFailureInfo PKIFailureInfo
public PKIFailureInfo(DERBitString info)
From source file:org.ejbca.core.protocol.cmp.CmpMessageHelper.java
License:Open Source License
/** Returns the PKIFailureInfo that is the correct format for CMP, i.e. a DERBitString as specified in PKIFailureInfo. * @see org.bouncycastle.asn1.cmp.PKIFailureInfo * @see org.cesecore.certificates.certificate.request.FailInfo * /* ww w .ja v a2 s . com*/ * @param failInfo * @return PKIFailureInfo for use in CMP error messages */ public static PKIFailureInfo getPKIFailureInfo(int failInfo) { return new PKIFailureInfo(bcconversion[failInfo]); }
From source file:org.jnotary.dvcs.SimpleResponseTest.java
License:Open Source License
@Test public void errorResponse() throws IOException { PKIStatus status = PKIStatus.getInstance(new DERInteger(PKIStatus.REJECTION)); PKIFreeText statusString = new PKIFreeText("Free text"); PKIFailureInfo failInfo = new PKIFailureInfo(PKIFailureInfo.badRequest); PKIStatusInfo transactionStatus = new PKIStatusInfo(status, statusString, failInfo); DVCSErrorNotice dvErrorNote = new DVCSErrorNotice(transactionStatus); DVCSResponse respOut = new DVCSResponse(dvErrorNote); DVCSResponse respIn = DVCSResponse.getInstance(respOut.getEncoded()); assertTrue("Status igetInstances incorrect", respIn.getDvErrorNote().getTransactionStatus().getStatus() .equals(respOut.getDvErrorNote().getTransactionStatus().getStatus())); assertTrue("Status string is incorrect", respIn.getDvErrorNote().getTransactionStatus().getStatusString() .equals(respOut.getDvErrorNote().getTransactionStatus().getStatusString())); assertTrue("Status is incorrect", respIn.getDvErrorNote().getTransactionStatus().getFailInfo() .equals(respOut.getDvErrorNote().getTransactionStatus().getFailInfo())); }
From source file:org.jnotary.dvcs.util.StatusInfoFactory.java
License:Open Source License
public static PKIStatusInfo getInstance(int pkiStatus, String freeText, Integer pkiFailInfo) { PKIStatus status = PKIStatus.getInstance(new DERInteger(pkiStatus)); PKIFreeText statusString = (freeText == null ? null : new PKIFreeText(freeText)); PKIFailureInfo failInfo = (pkiFailInfo == null ? null : new PKIFailureInfo(pkiFailInfo)); return new PKIStatusInfo(status, statusString, failInfo); }
From source file:org.signserver.module.tsa.RequestedPolicyDispatcherTest.java
License:Open Source License
/** * Tests that the signers only accepts requests with their profile. *///from w w w . ja va 2 s .c o m @Test public void test02AcceptedProfiles() throws Exception { TimeStampRequestGenerator gen = new TimeStampRequestGenerator(); TimeStampRequest req; TimeStampResponse res; resetDispatchedAuthorizerForAllWorkers(); // Test that worker1 accepts its profile but not the other gen.setReqPolicy(WORKER1_PROFILE); req = gen.generate(TSPAlgorithms.SHA1, new byte[20], createNounce()); res = requestTimeStamp(WORKER1, req); assertEquals("token granted", PKIStatus.GRANTED, res.getStatus()); assertEquals("right profile", WORKER1_PROFILE, res.getTimeStampToken().getTimeStampInfo().getPolicy().getId()); assertValid(req, res); gen.setReqPolicy(WORKER2_PROFILE); req = gen.generate(TSPAlgorithms.SHA1, new byte[20], createNounce()); res = requestTimeStamp(WORKER1, req); assertEquals("token rejection", PKIStatus.REJECTION, res.getStatus()); assertEquals(new PKIFailureInfo(PKIFailureInfo.unacceptedPolicy), res.getFailInfo()); assertValid(req, res); gen.setReqPolicy(WORKER3_PROFILE); req = gen.generate(TSPAlgorithms.SHA1, new byte[20], createNounce()); res = requestTimeStamp(WORKER1, req); assertEquals("token rejection", PKIStatus.REJECTION, res.getStatus()); assertEquals(new PKIFailureInfo(PKIFailureInfo.unacceptedPolicy), res.getFailInfo()); assertValid(req, res); // Test that worker2 accepts its profile but not the other gen.setReqPolicy(WORKER2_PROFILE); req = gen.generate(TSPAlgorithms.SHA1, new byte[20], createNounce()); res = requestTimeStamp(WORKER2, req); assertEquals("token granted", PKIStatus.GRANTED, res.getStatus()); assertEquals("right profile", WORKER2_PROFILE, res.getTimeStampToken().getTimeStampInfo().getPolicy().getId()); assertValid(req, res); gen.setReqPolicy(WORKER1_PROFILE); req = gen.generate(TSPAlgorithms.SHA1, new byte[20], createNounce()); res = requestTimeStamp(WORKER2, req); assertEquals("token rejection", PKIStatus.REJECTION, res.getStatus()); assertEquals(new PKIFailureInfo(PKIFailureInfo.unacceptedPolicy), res.getFailInfo()); gen.setReqPolicy(WORKER3_PROFILE); req = gen.generate(TSPAlgorithms.SHA1, new byte[20], createNounce()); res = requestTimeStamp(WORKER2, req); assertEquals("token rejection", PKIStatus.REJECTION, res.getStatus()); assertEquals(new PKIFailureInfo(PKIFailureInfo.unacceptedPolicy), res.getFailInfo()); // Test that worker3 accepts its profile but not the other gen.setReqPolicy(WORKER3_PROFILE); req = gen.generate(TSPAlgorithms.SHA1, new byte[20], createNounce()); res = requestTimeStamp(WORKER3, req); assertEquals("token granted", PKIStatus.GRANTED, res.getStatus()); assertEquals("right profile", WORKER3_PROFILE, res.getTimeStampToken().getTimeStampInfo().getPolicy().getId()); assertValid(req, res); gen.setReqPolicy(WORKER1_PROFILE); req = gen.generate(TSPAlgorithms.SHA1, new byte[20], createNounce()); res = requestTimeStamp(WORKER3, req); assertEquals("token rejection", PKIStatus.REJECTION, res.getStatus()); assertEquals(new PKIFailureInfo(PKIFailureInfo.unacceptedPolicy), res.getFailInfo()); gen.setReqPolicy(WORKER2_PROFILE); req = gen.generate(TSPAlgorithms.SHA1, new byte[20], createNounce()); res = requestTimeStamp(WORKER3, req); assertEquals("token rejection", PKIStatus.REJECTION, res.getStatus()); assertEquals(new PKIFailureInfo(PKIFailureInfo.unacceptedPolicy), res.getFailInfo()); }
From source file:org.signserver.module.tsa.RequestedPolicyDispatcherTest.java
License:Open Source License
/** * Tests that requests going through the dispatcher gets the right profiles. *//*from www. j a v a 2s . c o m*/ @Test public void test03AcceptedProfilesThroughDispatcher() throws Exception { try { TimeStampRequestGenerator gen = new TimeStampRequestGenerator(); TimeStampRequest req; TimeStampResponse res; setDispatchedAuthorizerForAllWorkers(); // Test that a request with WORKER1_PROFILE is accepted gen.setReqPolicy(WORKER1_PROFILE); req = gen.generate(TSPAlgorithms.SHA256, new byte[32], createNounce()); res = requestTimeStamp(DISPATCHER0, req); assertEquals("token granted", PKIStatus.GRANTED, res.getStatus()); assertEquals("right profile", WORKER1_PROFILE, res.getTimeStampToken().getTimeStampInfo().getPolicy().getId()); assertValid(req, res); // Test that a request with WORKER2_PROFILE is accepted gen.setReqPolicy(WORKER2_PROFILE); req = gen.generate(TSPAlgorithms.SHA256, new byte[32], createNounce()); res = requestTimeStamp(DISPATCHER0, req); assertEquals("token granted", PKIStatus.GRANTED, res.getStatus()); assertEquals("right profile", WORKER2_PROFILE, res.getTimeStampToken().getTimeStampInfo().getPolicy().getId()); assertValid(req, res); // Test that a request with WORKER3_PROFILE is accepted gen.setReqPolicy(WORKER3_PROFILE); req = gen.generate(TSPAlgorithms.SHA256, new byte[32], createNounce()); res = requestTimeStamp(DISPATCHER0, req); assertEquals("token granted", PKIStatus.GRANTED, res.getStatus()); assertEquals("right profile", WORKER3_PROFILE, res.getTimeStampToken().getTimeStampInfo().getPolicy().getId()); assertValid(req, res); // Test that an unknown profile is not accepted (USEDEFAULTIFMISMATCH=false) gen.setReqPolicy(UNSUPPORTED_PROFILE); req = gen.generate(TSPAlgorithms.SHA256, new byte[32], createNounce()); res = requestTimeStamp(DISPATCHER0, req); assertEquals("token rejection", PKIStatus.REJECTION, res.getStatus()); assertEquals(new PKIFailureInfo(PKIFailureInfo.unacceptedPolicy), res.getFailInfo()); // Test that an unknown profile is not accepted (USEDEFAULTIFMISMATCH=true but profile not known by the default worker) gen.setReqPolicy(UNSUPPORTED_PROFILE); req = gen.generate(TSPAlgorithms.SHA256, new byte[32], createNounce()); res = requestTimeStamp(DISPATCHER9, req); assertEquals("token rejection", PKIStatus.REJECTION, res.getStatus()); assertEquals(new PKIFailureInfo(PKIFailureInfo.unacceptedPolicy), res.getFailInfo()); } finally { resetDispatchedAuthorizerForAllWorkers(); } }
From source file:org.signserver.module.tsa.RequestedPolicyDispatcherTest.java
License:Open Source License
/** * Tests the USEDEFAULTIFMISMATCH option which dispatches requests to the * default worker if no mapping matched. *//*from ww w .java2 s . com*/ @Test public void test05UseDefaultIfMisMatch() throws Exception { try { TimeStampRequestGenerator gen = new TimeStampRequestGenerator(); TimeStampRequest req; TimeStampResponse res; setDispatchedAuthorizerForAllWorkers(); // Test that an profile not known by DISPATCHER0 but by a TSUnit1 is not accepted (USEDEFAULTIFMISMATCH=false) gen.setReqPolicy(WORKER1_ALTERNATIVE_PROFILE); req = gen.generate(TSPAlgorithms.SHA256, new byte[32], createNounce()); res = requestTimeStamp(DISPATCHER0, req); assertEquals("token rejection", PKIStatus.REJECTION, res.getStatus()); assertEquals(new PKIFailureInfo(PKIFailureInfo.unacceptedPolicy), res.getFailInfo()); // Test that an profile not known by DISPATCHER9 but by a TSUnit1 is accepted (USEDEFAULTIFMISMATCH=true) gen.setReqPolicy(WORKER1_ALTERNATIVE_PROFILE); req = gen.generate(TSPAlgorithms.SHA256, new byte[32], createNounce()); res = requestTimeStamp(DISPATCHER9, req); assertEquals("token granted", PKIStatus.GRANTED, res.getStatus()); assertEquals("right profile", WORKER1_ALTERNATIVE_PROFILE, res.getTimeStampToken().getTimeStampInfo().getPolicy().getId()); // Test that an profile not known by DISPATCHER9 and not by a TSUnit1 is rejected even though USEDEFAULTIFMISMATCH=true gen.setReqPolicy(UNSUPPORTED_PROFILE); req = gen.generate(TSPAlgorithms.SHA256, new byte[32], createNounce()); res = requestTimeStamp(DISPATCHER9, req); assertEquals("token rejection", PKIStatus.REJECTION, res.getStatus()); assertEquals(new PKIFailureInfo(PKIFailureInfo.unacceptedPolicy), res.getFailInfo()); } finally { resetDispatchedAuthorizerForAllWorkers(); } }
From source file:org.signserver.module.tsa.TimeStampSignerTest.java
License:Open Source License
private void assertTimeNotAvailable(int worker) throws Exception { final int reqid = random.nextInt(); final TimeStampRequestGenerator timeStampRequestGenerator = new TimeStampRequestGenerator(); final TimeStampRequest timeStampRequest = timeStampRequestGenerator.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(114)); final byte[] requestBytes = timeStampRequest.getEncoded(); final GenericSignRequest signRequest = new GenericSignRequest(reqid, requestBytes); final GenericSignResponse res = (GenericSignResponse) workerSession.process(worker, signRequest, new RequestContext()); assertTrue(reqid == res.getRequestID()); final TimeStampResponse timeStampResponse = new TimeStampResponse((byte[]) res.getProcessedData()); timeStampResponse.validate(timeStampRequest); LOG.info("Response: " + timeStampResponse.getStatusString()); assertEquals("Token not granted", PKIStatus.REJECTION, timeStampResponse.getStatus()); assertEquals("PKIFailureInfo.timeNotAvailable", new PKIFailureInfo(PKIFailureInfo.timeNotAvailable), timeStampResponse.getFailInfo()); assertNull("No timestamp token", timeStampResponse.getTimeStampToken()); }
From source file:org.xipki.ca.server.impl.CmpResponder.java
License:Open Source License
protected PKIStatusInfo generateCmpRejectionStatus(final Integer info, final String errorMessage) { PKIFreeText statusMessage = (errorMessage == null) ? null : new PKIFreeText(errorMessage); PKIFailureInfo failureInfo = (info == null) ? null : new PKIFailureInfo(info); return new PKIStatusInfo(PKIStatus.rejection, statusMessage, failureInfo); }
From source file:org.xipki.ca.server.impl.X509CACmpResponder.java
License:Open Source License
@Override protected PKIMessage intern_processPKIMessage(final RequestorInfo requestor, final String user, final ASN1OctetString tid, final GeneralPKIMessage message, final AuditEvent auditEvent) throws ConfigurationException { if (requestor instanceof CmpRequestorInfo == false) { throw new IllegalArgumentException("unknown requestor type " + requestor.getClass().getName()); }//from w w w .j av a 2s .c o m CmpRequestorInfo _requestor = (CmpRequestorInfo) requestor; if (_requestor != null && auditEvent != null) { auditEvent.addEventData(new AuditEventData("requestor", _requestor.getCert().getSubject())); } PKIHeader reqHeader = message.getHeader(); PKIHeaderBuilder respHeader = new PKIHeaderBuilder(reqHeader.getPvno().getValue().intValue(), getSender(), reqHeader.getSender()); respHeader.setTransactionID(tid); PKIBody respBody; PKIBody reqBody = message.getBody(); final int type = reqBody.getType(); CmpControl cmpControl = getCmpControl(); try { switch (type) { case PKIBody.TYPE_CERT_REQ: case PKIBody.TYPE_KEY_UPDATE_REQ: case PKIBody.TYPE_P10_CERT_REQ: case PKIBody.TYPE_CROSS_CERT_REQ: { respBody = cmpEnrollCert(respHeader, cmpControl, reqHeader, reqBody, _requestor, user, tid, auditEvent); break; } case PKIBody.TYPE_CERT_CONFIRM: { addAutitEventType(auditEvent, "CERT_CONFIRM"); CertConfirmContent certConf = (CertConfirmContent) reqBody.getContent(); respBody = confirmCertificates(tid, certConf); break; } case PKIBody.TYPE_REVOCATION_REQ: { respBody = cmpRevokeOrUnrevokeOrRemoveCertificates(respHeader, cmpControl, reqHeader, reqBody, _requestor, user, tid, auditEvent); break; } case PKIBody.TYPE_CONFIRM: { addAutitEventType(auditEvent, "CONFIRM"); respBody = new PKIBody(PKIBody.TYPE_CONFIRM, DERNull.INSTANCE); } case PKIBody.TYPE_ERROR: { addAutitEventType(auditEvent, "ERROR"); revokePendingCertificates(tid); respBody = new PKIBody(PKIBody.TYPE_CONFIRM, DERNull.INSTANCE); break; } case PKIBody.TYPE_GEN_MSG: { respBody = cmpGeneralMsg(respHeader, cmpControl, reqHeader, reqBody, _requestor, user, tid, auditEvent); break; } default: { addAutitEventType(auditEvent, "PKIBody." + type); respBody = createErrorMsgPKIBody(PKIStatus.rejection, PKIFailureInfo.badRequest, "unsupported type " + type); break; } } // end switch(type) } catch (InsuffientPermissionException e) { ErrorMsgContent emc = new ErrorMsgContent(new PKIStatusInfo(PKIStatus.rejection, new PKIFreeText(e.getMessage()), new PKIFailureInfo(PKIFailureInfo.notAuthorized))); respBody = new PKIBody(PKIBody.TYPE_ERROR, emc); } if (auditEvent != null) { if (respBody.getType() == PKIBody.TYPE_ERROR) { ErrorMsgContent errorMsgContent = (ErrorMsgContent) respBody.getContent(); AuditStatus auditStatus = AuditStatus.FAILED; org.xipki.ca.common.cmp.PKIStatusInfo pkiStatus = new org.xipki.ca.common.cmp.PKIStatusInfo( errorMsgContent.getPKIStatusInfo()); if (pkiStatus.getPkiFailureInfo() == PKIFailureInfo.systemFailure) { auditStatus = AuditStatus.FAILED; } auditEvent.setStatus(auditStatus); String statusString = pkiStatus.getStatusMessage(); if (statusString != null) { auditEvent.addEventData(new AuditEventData("message", statusString)); } } else if (auditEvent.getStatus() == null) { auditEvent.setStatus(AuditStatus.SUCCESSFUL); } } return new PKIMessage(respHeader.build(), respBody); }
From source file:org.xipki.ca.server.impl.X509CACmpResponder.java
License:Open Source License
private PKIBody confirmCertificates(final ASN1OctetString transactionId, final CertConfirmContent certConf) { CertStatus[] certStatuses = certConf.toCertStatusArray(); boolean successfull = true; for (CertStatus certStatus : certStatuses) { ASN1Integer certReqId = certStatus.getCertReqId(); byte[] certHash = certStatus.getCertHash().getOctets(); X509CertificateInfo certInfo = pendingCertPool.removeCertificate(transactionId.getOctets(), certReqId.getPositiveValue(), certHash); if (certInfo == null) { LOG.warn("no cert under transactionId={}, certReqId={} and certHash=0X{}", new Object[] { transactionId, certReqId.getPositiveValue(), Hex.toHexString(certHash) }); continue; }//from w w w . ja va2 s. c om PKIStatusInfo statusInfo = certStatus.getStatusInfo(); boolean accept = true; if (statusInfo != null) { int status = statusInfo.getStatus().intValue(); if (PKIStatus.GRANTED != status && PKIStatus.GRANTED_WITH_MODS != status) { accept = false; } } if (accept) { continue; } BigInteger serialNumber = certInfo.getCert().getCert().getSerialNumber(); X509CA ca = getCA(); try { ca.revokeCertificate(serialNumber, CRLReason.CESSATION_OF_OPERATION, new Date()); } catch (OperationException e) { final String msg = "could not revoke certificate ca=" + ca.getCAInfo().getName() + " serialNumber=" + serialNumber; if (LOG.isWarnEnabled()) { LOG.warn(LogUtil.buildExceptionLogFormat(msg), e.getClass().getName(), e.getMessage()); } LOG.debug(msg, e); } successfull = false; } // all other certificates should be revoked if (revokePendingCertificates(transactionId)) { successfull = false; } if (successfull) { return new PKIBody(PKIBody.TYPE_CONFIRM, DERNull.INSTANCE); } ErrorMsgContent emc = new ErrorMsgContent( new PKIStatusInfo(PKIStatus.rejection, null, new PKIFailureInfo(PKIFailureInfo.systemFailure))); return new PKIBody(PKIBody.TYPE_ERROR, emc); }