List of usage examples for org.bouncycastle.asn1.cmp PKIFreeText getStringAt
public DERUTF8String getStringAt(int i)
From source file:com.guardtime.asn1.StatusInfo.java
License:Apache License
/** * Class constructor.//from w ww .j a v a2 s . co m * * @param obj DER-encoded status info object. * * @throws Asn1FormatException if status info object has invalid format. */ StatusInfo(ASN1Encodable obj) throws Asn1FormatException { try { statusInfo = PKIStatusInfo.getInstance(obj); statusCode = statusInfo.getStatus().intValue(); // RFC 3161: // // Compliant servers SHOULD NOT produce any other (than 0..5) // values. Compliant clients MUST generate an error // if values it does not understand are present. if (statusCode < 0 || statusCode > 5) { throw new Asn1FormatException("invalid status: " + statusCode); } PKIFreeText freeText = statusInfo.getStatusString(); if (freeText != null) { int freeTextSize = freeText.size(); // PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String if (freeTextSize < 1) { throw new Asn1FormatException("zero-length status string not allowed"); } statusText = new ArrayList(); for (int i = 0; i < freeTextSize; i++) { statusText.add(freeText.getStringAt(i).getString()); } } // -1 means that status code is not set failCode = -1; DERBitString bitString = statusInfo.getFailInfo(); if (bitString != null) { byte[] failBytes = bitString.getBytes(); int len = failBytes.length * 8; for (int i = 0; i < len; i++) { // return only the first error encountered if ((failBytes[i >> 3] & (0x80 >> (i & 7))) != 0) { failCode = i; break; } } // Check that received fail code is valid boolean isValidFailCode = false; for (int i = 0; i < allowedFailCodes.length; i++) { if (failCode == allowedFailCodes[i]) { isValidFailCode = true; break; } } if (!isValidFailCode) { throw new Asn1FormatException("invalid fail info: " + failCode); } } } catch (Asn1FormatException e) { throw e; } catch (Exception e) { throw new Asn1FormatException("status info has invalid format", e); } }
From source file:ee.ria.xroad.proxy.messagelog.TimestamperUtil.java
License:Open Source License
static TimeStampResponse getTimestampResponse(InputStream in) throws Exception { TimeStampResp response = TimeStampResp.getInstance(new ASN1InputStream(in).readObject()); if (response == null) { throw new RuntimeException("Could not read time-stamp response"); }/* w w w . j a v a 2 s . co m*/ BigInteger status = response.getStatus().getStatus(); log.trace("getTimestampDer() - TimeStampResp.status: {}", status); if (!PKIStatus.granted.getValue().equals(status) && !PKIStatus.grantedWithMods.getValue().equals(status)) { PKIFreeText statusString = response.getStatus().getStatusString(); StringBuilder sb = new StringBuilder(); for (int i = 0; i < statusString.size(); i++) { if (i > 0) { sb.append(", "); } sb.append("\"" + statusString.getStringAt(i) + "\""); } log.error("getTimestampDer() - TimeStampResp.status is not " + "\"granted\" neither \"grantedWithMods\": {}, {}", status, sb); throw new RuntimeException("TimeStampResp.status: " + status + ", .statusString: " + sb); } return new TimeStampResponse(response); }
From source file:org.ejbca.core.protocol.cmp.CmpTestCase.java
License:Open Source License
protected static void checkCmpPKIErrorMessage(byte[] retMsg, String sender, X500Name recipient, int errorCode, String errorMsg) throws IOException { //// w w w. j a va 2 s.c o m // Parse response message // PKIMessage respObject = null; ASN1InputStream asn1InputStream = new ASN1InputStream(new ByteArrayInputStream(retMsg)); try { respObject = PKIMessage.getInstance(asn1InputStream.readObject()); } finally { asn1InputStream.close(); } assertNotNull(respObject); PKIHeader header = respObject.getHeader(); assertEquals(header.getSender().getTagNo(), 4); { final X500Name name = X500Name.getInstance(header.getSender().getName()); assertEquals(name.toString(), sender); } { final X500Name name = X500Name.getInstance(header.getRecipient().getName()); assertArrayEquals(name.getEncoded(), recipient.getEncoded()); } PKIBody body = respObject.getBody(); int tag = body.getType(); assertEquals(tag, 23); ErrorMsgContent n = (ErrorMsgContent) body.getContent(); assertNotNull(n); PKIStatusInfo info = n.getPKIStatusInfo(); assertNotNull(info); BigInteger i = info.getStatus(); assertEquals(i.intValue(), 2); DERBitString b = info.getFailInfo(); assertEquals("Return wrong error code.", errorCode, b.intValue()); if (errorMsg != null) { PKIFreeText freeText = info.getStatusString(); DERUTF8String utf = freeText.getStringAt(0); assertEquals(errorMsg, utf.getString()); } }
From source file:org.xipki.ca.client.impl.X509CmpRequestor.java
License:Open Source License
private RevokeCertResultType parse(final PKIResponse response, final List<? extends IssuerSerialEntryType> reqEntries) throws CmpRequestorException, PKIErrorException { checkProtection(response);/*from www . j a v a 2 s. c o m*/ PKIBody respBody = response.getPkiMessage().getBody(); int bodyType = respBody.getType(); if (PKIBody.TYPE_ERROR == bodyType) { ErrorMsgContent content = (ErrorMsgContent) respBody.getContent(); throw new PKIErrorException(content.getPKIStatusInfo()); } else if (PKIBody.TYPE_REVOCATION_REP != bodyType) { throw new CmpRequestorException("unknown PKI body type " + bodyType + " instead the exceptected [" + PKIBody.TYPE_REVOCATION_REP + ", " + PKIBody.TYPE_ERROR + "]"); } RevRepContent content = (RevRepContent) respBody.getContent(); PKIStatusInfo[] statuses = content.getStatus(); if (statuses == null || statuses.length != reqEntries.size()) { throw new CmpRequestorException("incorrect number of status entries in response '" + statuses.length + "' instead the exceptected '" + reqEntries.size() + "'"); } CertId[] revCerts = content.getRevCerts(); RevokeCertResultType result = new RevokeCertResultType(); for (int i = 0; i < statuses.length; i++) { PKIStatusInfo statusInfo = statuses[i]; int status = statusInfo.getStatus().intValue(); IssuerSerialEntryType re = reqEntries.get(i); if (status != PKIStatus.GRANTED && status != PKIStatus.GRANTED_WITH_MODS) { PKIFreeText text = statusInfo.getStatusString(); String statusString = text == null ? null : text.getStringAt(0).getString(); ResultEntryType resultEntry = new ErrorResultEntryType(re.getId(), status, statusInfo.getFailInfo().intValue(), statusString); result.addResultEntry(resultEntry); continue; } CertId certId = null; if (revCerts != null) { for (CertId _certId : revCerts) { if (re.getIssuer().equals(_certId.getIssuer().getName()) && re.getSerialNumber().equals(_certId.getSerialNumber().getValue())) { certId = _certId; break; } } } if (certId == null) { LOG.warn("certId is not present in response for (issuer='{}', serialNumber={})", X509Util.getRFC4519Name(re.getIssuer()), re.getSerialNumber()); certId = new CertId(new GeneralName(re.getIssuer()), re.getSerialNumber()); continue; } ResultEntryType resultEntry = new RevokeCertResultEntryType(re.getId(), certId); result.addResultEntry(resultEntry); } return result; }
From source file:org.xipki.ca.client.impl.X509CmpRequestor.java
License:Open Source License
private EnrollCertResultType intern_requestCertificate(final PKIMessage reqMessage, final Map<BigInteger, String> reqIdIdMap, final int expectedBodyType, final RequestResponseDebug debug) throws CmpRequestorException, PKIErrorException { PKIResponse response = signAndSend(reqMessage, debug); checkProtection(response);/* w ww . j a v a2 s .c o m*/ PKIBody respBody = response.getPkiMessage().getBody(); int bodyType = respBody.getType(); if (PKIBody.TYPE_ERROR == bodyType) { ErrorMsgContent content = (ErrorMsgContent) respBody.getContent(); throw new PKIErrorException(content.getPKIStatusInfo()); } else if (expectedBodyType != bodyType) { throw new CmpRequestorException("unknown PKI body type " + bodyType + " instead the exceptected [" + expectedBodyType + ", " + PKIBody.TYPE_ERROR + "]"); } CertRepMessage certRep = (CertRepMessage) respBody.getContent(); CertResponse[] certResponses = certRep.getResponse(); EnrollCertResultType result = new EnrollCertResultType(); // CA certificates CMPCertificate[] caPubs = certRep.getCaPubs(); if (caPubs != null && caPubs.length > 0) { for (int i = 0; i < caPubs.length; i++) { if (caPubs[i] != null) { result.addCACertificate(caPubs[i]); } } } boolean isImplicitConfirm = CmpUtil.isImplictConfirm(response.getPkiMessage().getHeader()); CertificateConfirmationContentBuilder certConfirmBuilder = isImplicitConfirm ? null : new CertificateConfirmationContentBuilder(); boolean requireConfirm = false; // We only accept the certificates which are requested. for (CertResponse certResp : certResponses) { PKIStatusInfo statusInfo = certResp.getStatus(); int status = statusInfo.getStatus().intValue(); BigInteger certReqId = certResp.getCertReqId().getValue(); String thisId = reqIdIdMap.get(certReqId); if (thisId != null) { reqIdIdMap.remove(certReqId); } else if (reqIdIdMap.size() == 1) { thisId = reqIdIdMap.values().iterator().next(); reqIdIdMap.clear(); } if (thisId == null) { continue; // ignore it. this cert is not requested by me } ResultEntryType resultEntry; if (status == PKIStatus.GRANTED || status == PKIStatus.GRANTED_WITH_MODS) { CertifiedKeyPair cvk = certResp.getCertifiedKeyPair(); if (cvk == null) { return null; } CMPCertificate cmpCert = cvk.getCertOrEncCert().getCertificate(); if (cmpCert == null) { return null; } resultEntry = new EnrollCertResultEntryType(thisId, cmpCert, status); if (isImplicitConfirm == false) { requireConfirm = true; X509CertificateHolder certHolder = null; try { certHolder = new X509CertificateHolder(cmpCert.getEncoded()); } catch (IOException e) { resultEntry = new ErrorResultEntryType(thisId, ClientErrorCode.PKIStatus_RESPONSE_ERROR, PKIFailureInfo.systemFailure, "error while decode the certificate"); } if (certHolder != null) { certConfirmBuilder.addAcceptedCertificate(certHolder, certReqId); } } } else { PKIFreeText statusString = statusInfo.getStatusString(); String errorMessage = statusString == null ? null : statusString.getStringAt(0).getString(); int failureInfo = statusInfo.getFailInfo().intValue(); resultEntry = new ErrorResultEntryType(thisId, status, failureInfo, errorMessage); } result.addResultEntry(resultEntry); } if (CollectionUtil.isNotEmpty(reqIdIdMap)) { for (BigInteger reqId : reqIdIdMap.keySet()) { ErrorResultEntryType ere = new ErrorResultEntryType(reqIdIdMap.get(reqId), ClientErrorCode.PKIStatus_NO_ANSWER); result.addResultEntry(ere); } } if (requireConfirm == false) { return result; } PKIMessage confirmRequest = buildCertConfirmRequest(response.getPkiMessage().getHeader().getTransactionID(), certConfirmBuilder); response = signAndSend(confirmRequest, debug); checkProtection(response); if (PKIBody.TYPE_ERROR == bodyType) { ErrorMsgContent content = (ErrorMsgContent) respBody.getContent(); throw new PKIErrorException(content.getPKIStatusInfo()); } return result; }
From source file:org.xipki.ca.common.cmp.PKIStatusInfo.java
License:Open Source License
public PKIStatusInfo(final org.bouncycastle.asn1.cmp.PKIStatusInfo bcPKIStatusInfo) { this.status = bcPKIStatusInfo.getStatus().intValue(); if (bcPKIStatusInfo.getFailInfo() != null) { this.pkiFailureInfo = bcPKIStatusInfo.getFailInfo().intValue(); } else {// www . j av a2 s .com this.pkiFailureInfo = 0; } PKIFreeText text = bcPKIStatusInfo.getStatusString(); this.statusMessage = text == null ? null : text.getStringAt(0).getString(); }
From source file:org.xipki.common.util.SecurityUtil.java
License:Open Source License
public static String formatPKIStatusInfo(final org.bouncycastle.asn1.cmp.PKIStatusInfo pkiStatusInfo) { int status = pkiStatusInfo.getStatus().intValue(); int failureInfo = pkiStatusInfo.getFailInfo().intValue(); PKIFreeText text = pkiStatusInfo.getStatusString(); String statusMessage = text == null ? null : text.getStringAt(0).getString(); return SecurityUtil.formatPKIStatusInfo(status, failureInfo, statusMessage); }
From source file:org.xipki.commons.security.util.CmpFailureUtil.java
License:Open Source License
public static String formatPkiStatusInfo(final org.bouncycastle.asn1.cmp.PKIStatusInfo pkiStatusInfo) { ParamUtil.requireNonNull("pkiStatusInfo", pkiStatusInfo); int status = pkiStatusInfo.getStatus().intValue(); int failureInfo = pkiStatusInfo.getFailInfo().intValue(); PKIFreeText text = pkiStatusInfo.getStatusString(); String statusMessage = (text == null) ? null : text.getStringAt(0).getString(); return formatPkiStatusInfo(status, failureInfo, statusMessage); }
From source file:org.xipki.pki.ca.client.impl.X509CmpRequestor.java
License:Open Source License
private RevokeCertResultType parse(final PkiResponse response, final List<? extends IssuerSerialEntry> reqEntries) throws CmpRequestorException, PkiErrorException { ParamUtil.requireNonNull("response", response); checkProtection(response);// ww w .ja va 2s . c o m PKIBody respBody = response.getPkiMessage().getBody(); int bodyType = respBody.getType(); if (PKIBody.TYPE_ERROR == bodyType) { ErrorMsgContent content = ErrorMsgContent.getInstance(respBody.getContent()); throw new PkiErrorException(content.getPKIStatusInfo()); } else if (PKIBody.TYPE_REVOCATION_REP != bodyType) { throw new CmpRequestorException(String.format("unknown PKI body type %s instead the expected [%s, %s]", bodyType, PKIBody.TYPE_REVOCATION_REP, PKIBody.TYPE_ERROR)); } RevRepContent content = RevRepContent.getInstance(respBody.getContent()); PKIStatusInfo[] statuses = content.getStatus(); if (statuses == null || statuses.length != reqEntries.size()) { int statusesLen = 0; if (statuses != null) { statusesLen = statuses.length; } throw new CmpRequestorException( String.format("incorrect number of status entries in response '%s' instead the expected '%s'", statusesLen, reqEntries.size())); } CertId[] revCerts = content.getRevCerts(); RevokeCertResultType result = new RevokeCertResultType(); for (int i = 0; i < statuses.length; i++) { PKIStatusInfo statusInfo = statuses[i]; int status = statusInfo.getStatus().intValue(); IssuerSerialEntry re = reqEntries.get(i); if (status != PKIStatus.GRANTED && status != PKIStatus.GRANTED_WITH_MODS) { PKIFreeText text = statusInfo.getStatusString(); String statusString = (text == null) ? null : text.getStringAt(0).getString(); ResultEntry resultEntry = new ErrorResultEntry(re.getId(), status, statusInfo.getFailInfo().intValue(), statusString); result.addResultEntry(resultEntry); continue; } CertId certId = null; if (revCerts != null) { for (CertId entry : revCerts) { if (re.getIssuer().equals(entry.getIssuer().getName()) && re.getSerialNumber().equals(entry.getSerialNumber().getValue())) { certId = entry; break; } } } if (certId == null) { LOG.warn("certId is not present in response for (issuer='{}', serialNumber={})", X509Util.getRfc4519Name(re.getIssuer()), LogUtil.formatCsn(re.getSerialNumber())); certId = new CertId(new GeneralName(re.getIssuer()), re.getSerialNumber()); continue; } ResultEntry resultEntry = new RevokeCertResultEntry(re.getId(), certId); result.addResultEntry(resultEntry); } return result; }
From source file:org.xipki.pki.ca.client.impl.X509CmpRequestor.java
License:Open Source License
private EnrollCertResultResp internRequestCertificate(final PKIMessage reqMessage, final Map<BigInteger, String> reqIdIdMap, final int expectedBodyType, final RequestResponseDebug debug) throws CmpRequestorException, PkiErrorException { PkiResponse response = signAndSend(reqMessage, debug); checkProtection(response);/*www . ja v a2 s . c o m*/ PKIBody respBody = response.getPkiMessage().getBody(); final int bodyType = respBody.getType(); if (PKIBody.TYPE_ERROR == bodyType) { ErrorMsgContent content = ErrorMsgContent.getInstance(respBody.getContent()); throw new PkiErrorException(content.getPKIStatusInfo()); } else if (expectedBodyType != bodyType) { throw new CmpRequestorException(String.format("unknown PKI body type %s instead the expected [%s, %s]", bodyType, expectedBodyType, PKIBody.TYPE_ERROR)); } CertRepMessage certRep = CertRepMessage.getInstance(respBody.getContent()); CertResponse[] certResponses = certRep.getResponse(); EnrollCertResultResp result = new EnrollCertResultResp(); // CA certificates CMPCertificate[] caPubs = certRep.getCaPubs(); if (caPubs != null && caPubs.length > 0) { for (int i = 0; i < caPubs.length; i++) { if (caPubs[i] != null) { result.addCaCertificate(caPubs[i]); } } } CertificateConfirmationContentBuilder certConfirmBuilder = null; if (!CmpUtil.isImplictConfirm(response.getPkiMessage().getHeader())) { certConfirmBuilder = new CertificateConfirmationContentBuilder(); } boolean requireConfirm = false; // We only accept the certificates which are requested. for (CertResponse certResp : certResponses) { PKIStatusInfo statusInfo = certResp.getStatus(); int status = statusInfo.getStatus().intValue(); BigInteger certReqId = certResp.getCertReqId().getValue(); String thisId = reqIdIdMap.get(certReqId); if (thisId != null) { reqIdIdMap.remove(certReqId); } else if (reqIdIdMap.size() == 1) { thisId = reqIdIdMap.values().iterator().next(); reqIdIdMap.clear(); } if (thisId == null) { continue; // ignore it. this cert is not requested by me } ResultEntry resultEntry; if (status == PKIStatus.GRANTED || status == PKIStatus.GRANTED_WITH_MODS) { CertifiedKeyPair cvk = certResp.getCertifiedKeyPair(); if (cvk == null) { return null; } CMPCertificate cmpCert = cvk.getCertOrEncCert().getCertificate(); if (cmpCert == null) { return null; } resultEntry = new EnrollCertResultEntry(thisId, cmpCert, status); if (certConfirmBuilder != null) { requireConfirm = true; X509CertificateHolder certHolder = null; try { certHolder = new X509CertificateHolder(cmpCert.getEncoded()); } catch (IOException ex) { resultEntry = new ErrorResultEntry(thisId, ClientErrorCode.PKISTATUS_RESPONSE_ERROR, PKIFailureInfo.systemFailure, "could not decode the certificate"); } if (certHolder != null) { certConfirmBuilder.addAcceptedCertificate(certHolder, certReqId); } } } else { PKIFreeText statusString = statusInfo.getStatusString(); String errorMessage = (statusString == null) ? null : statusString.getStringAt(0).getString(); int failureInfo = statusInfo.getFailInfo().intValue(); resultEntry = new ErrorResultEntry(thisId, status, failureInfo, errorMessage); } result.addResultEntry(resultEntry); } if (CollectionUtil.isNonEmpty(reqIdIdMap)) { for (BigInteger reqId : reqIdIdMap.keySet()) { ErrorResultEntry ere = new ErrorResultEntry(reqIdIdMap.get(reqId), ClientErrorCode.PKISTATUS_NO_ANSWER); result.addResultEntry(ere); } } if (!requireConfirm) { return result; } PKIMessage confirmRequest = buildCertConfirmRequest(response.getPkiMessage().getHeader().getTransactionID(), certConfirmBuilder); response = signAndSend(confirmRequest, debug); checkProtection(response); return result; }