Example usage for org.bouncycastle.asn1.cmp PKIStatusInfo getStatusString

List of usage examples for org.bouncycastle.asn1.cmp PKIStatusInfo getStatusString

  1. HOME
  2. Java
  3. org.bouncycastle
  4. org.bouncycastle.asn1.cmp.*
  5. PKIStatusInfo
  6. getStatusString

Introduction

In this page you can find the example usage for org.bouncycastle.asn1.cmp PKIStatusInfo getStatusString.

Prototype

public PKIFreeText getStatusString()

Source Link

Usage

From source file:org.ejbca.core.protocol.cmp.CmpTestCase.java

License:Open Source License

/**
 * //w  w  w .j a va 2s. co m
 * @param retMsg
 * @param failMsg expected fail message
 * @param tag 1 is answer to initialisation resp, 3 certification resp etc, 23 is error
 * @param err a number from FailInfo
 * @throws IOException
 */
protected static void checkCmpFailMessage(byte[] retMsg, String failMsg, int exptag, int requestId, int err,
        int expectedPKIFailInfo) throws IOException {
    //
    // Parse response message
    //
    PKIMessage respObject = null;
    ASN1InputStream asn1InputStream = new ASN1InputStream(new ByteArrayInputStream(retMsg));
    try {
        respObject = PKIMessage.getInstance(asn1InputStream.readObject());
    } finally {
        asn1InputStream.close();
    }
    assertNotNull(respObject);

    final PKIBody body = respObject.getBody();
    final int tag = body.getType();
    assertEquals(exptag, tag);
    final PKIStatusInfo info;
    if (exptag == CmpPKIBodyConstants.ERRORMESSAGE) {
        ErrorMsgContent c = (ErrorMsgContent) body.getContent();
        assertNotNull(c);
        info = c.getPKIStatusInfo();
        assertNotNull(info);
        assertEquals(ResponseStatus.FAILURE.getValue(), info.getStatus().intValue());
        int i = info.getFailInfo().intValue();
        assertEquals(err, i);
    } else if (exptag == CmpPKIBodyConstants.REVOCATIONRESPONSE) {
        RevRepContent rrc = (RevRepContent) body.getContent();
        assertNotNull(rrc);
        info = rrc.getStatus()[0];
        assertNotNull(info);
        assertEquals(ResponseStatus.FAILURE.getValue(), info.getStatus().intValue());
        assertEquals(PKIFailureInfo.badRequest, info.getFailInfo().intValue());
    } else {
        CertRepMessage c = null;
        if (exptag == CmpPKIBodyConstants.INITIALIZATIONRESPONSE
                || exptag == CmpPKIBodyConstants.CERTIFICATIONRESPONSE) {
            c = (CertRepMessage) body.getContent();
        }
        assertNotNull(c);
        CertResponse resp = c.getResponse()[0];
        assertNotNull(resp);
        assertEquals(resp.getCertReqId().getValue().intValue(), requestId);
        info = resp.getStatus();
        assertNotNull(info);
        int error = info.getStatus().intValue();
        assertEquals(ResponseStatus.FAILURE.getValue(), error); // 2 is
                                                                // rejection
        assertEquals(expectedPKIFailInfo, info.getFailInfo().intValue());
    }
    log.debug("expected fail message: '" + failMsg + "'. received fail message: '"
            + info.getStatusString().getStringAt(0).getString() + "'.");
    assertEquals(failMsg, info.getStatusString().getStringAt(0).getString());
}

From source file:org.ejbca.core.protocol.cmp.CmpTestCase.java

License:Open Source License

protected static void checkCmpPKIErrorMessage(byte[] retMsg, String sender, X500Name recipient, int errorCode,
        String errorMsg) throws IOException {
    ///*from  w  ww. ja v  a 2  s.c  o  m*/
    // Parse response message
    //
    PKIMessage respObject = null;
    ASN1InputStream asn1InputStream = new ASN1InputStream(new ByteArrayInputStream(retMsg));
    try {
        respObject = PKIMessage.getInstance(asn1InputStream.readObject());
    } finally {
        asn1InputStream.close();
    }
    assertNotNull(respObject);
    PKIHeader header = respObject.getHeader();
    assertEquals(header.getSender().getTagNo(), 4);
    {
        final X500Name name = X500Name.getInstance(header.getSender().getName());
        assertEquals(name.toString(), sender);
    }
    {
        final X500Name name = X500Name.getInstance(header.getRecipient().getName());
        assertArrayEquals(name.getEncoded(), recipient.getEncoded());
    }

    PKIBody body = respObject.getBody();
    int tag = body.getType();
    assertEquals(tag, 23);
    ErrorMsgContent n = (ErrorMsgContent) body.getContent();
    assertNotNull(n);
    PKIStatusInfo info = n.getPKIStatusInfo();
    assertNotNull(info);
    BigInteger i = info.getStatus();
    assertEquals(i.intValue(), 2);
    DERBitString b = info.getFailInfo();
    assertEquals("Return wrong error code.", errorCode, b.intValue());
    if (errorMsg != null) {
        PKIFreeText freeText = info.getStatusString();
        DERUTF8String utf = freeText.getStringAt(0);
        assertEquals(errorMsg, utf.getString());
    }
}

From source file:org.ejbca.ui.cmpclient.commands.CrmfRequestCommand.java

License:Open Source License

@Override
public CommandResult handleCMPResponse(byte[] response, final ParameterContainer parameters) throws Exception {
    String dest = parameters.get(DESTINATION_KEY);
    if (dest == null) {
        dest = "dest";
        new File("./" + dest).mkdirs();
        log.info("Using default destination directory: ./dest/");
    }/*from w w  w  . j a  v  a  2  s.  c  o m*/

    PKIMessage respObject = null;
    ASN1InputStream asn1InputStream = new ASN1InputStream(new ByteArrayInputStream(response));
    try {
        respObject = PKIMessage.getInstance(asn1InputStream.readObject());
    } finally {
        asn1InputStream.close();
    }
    if (respObject == null) {
        log.error("ERROR. Cannot construct the response object");
        return CommandResult.FUNCTIONAL_FAILURE;
    }

    PKIBody body = respObject.getBody();
    int tag = body.getType();

    if (tag == PKIBody.TYPE_INIT_REP) {
        CertRepMessage c = (CertRepMessage) body.getContent();
        CertResponse resp = c.getResponse()[0];
        PKIStatusInfo status = resp.getStatus();
        if (status.getStatus().intValue() == PKIStatus.GRANTED) {
            final X509Certificate cert = getCertFromResponse(resp);
            final ArrayList<Certificate> certs = new ArrayList<>();
            certs.add(cert);
            final byte[] certBytes = CertTools.getPemFromCertificateChain(certs);

            String certFileName = getDestinationCertFile(dest, parameters.get(SUBJECTDN_KEY));
            final FileOutputStream fos = new FileOutputStream(new File(certFileName));
            fos.write(certBytes);
            fos.close();
            log.info("CRMF request successful. Received certificate stored in " + certFileName);
            return CommandResult.SUCCESS;
        } else {
            final String errMsg = status.getStatusString().getStringAt(0).getString();
            log.error("Recieved CRMF response with status '" + status.getStatus().intValue()
                    + "' and error message: " + errMsg);
        }
    } else if (tag == PKIBody.TYPE_ERROR) {
        ErrorMsgContent err = (ErrorMsgContent) body.getContent();
        final String errMsg = err.getPKIStatusInfo().getStatusString().getStringAt(0).getString();
        log.error("Revceived CMP Error Message: " + errMsg);
    } else {
        log.error("Received PKIMessage with body tag " + tag);
    }
    return CommandResult.FUNCTIONAL_FAILURE;
}

From source file:org.ejbca.ui.cmpclient.commands.KeyUpdateRequestCommand.java

License:Open Source License

@Override
public CommandResult handleCMPResponse(byte[] response, ParameterContainer parameters) throws Exception {
    String dest = parameters.get(DESTINATION_KEY);
    if (dest == null) {
        dest = "dest";
        new File("./" + dest).mkdirs();
        log.info("Using default destination directory: ./dest/");
    }/*from   w  w  w .  ja  va 2  s  . c o  m*/

    PKIMessage respObject = null;
    ASN1InputStream asn1InputStream = new ASN1InputStream(new ByteArrayInputStream(response));
    try {
        respObject = PKIMessage.getInstance(asn1InputStream.readObject());
    } finally {
        asn1InputStream.close();
    }
    if (respObject == null) {
        log.error("Cannot construct response object");
        return CommandResult.FUNCTIONAL_FAILURE;
    }

    PKIBody body = respObject.getBody();
    int tag = body.getType();
    if (tag == PKIBody.TYPE_KEY_UPDATE_REP) {
        CertRepMessage c = (CertRepMessage) body.getContent();
        CertResponse resp = c.getResponse()[0];
        PKIStatusInfo status = resp.getStatus();

        if (status.getStatus().intValue() == PKIStatus.GRANTED) {
            final X509Certificate cert = getCertFromResponse(resp);
            final ArrayList<Certificate> certs = new ArrayList<>();
            certs.add(cert);
            final byte[] certBytes = CertTools.getPemFromCertificateChain(certs);

            String certFileName = getDestinationCertFile(dest, parameters.get(SUBJECTDN_KEY));
            final FileOutputStream fos = new FileOutputStream(new File(certFileName));
            fos.write(certBytes);
            fos.close();
            log.info("CRMF request successful. Received certificate stored in " + certFileName);
            return CommandResult.SUCCESS;
        } else {
            final String errMsg = status.getStatusString().getStringAt(0).getString();
            log.error("Recieved CRMF response with status '" + status.getStatus().intValue()
                    + "' and error message: " + errMsg);
        }

    } else if (tag == PKIBody.TYPE_ERROR) {
        log.error("Error response was recieved");
        ErrorMsgContent c = (ErrorMsgContent) body.getContent();
        PKIStatusInfo info = c.getPKIStatusInfo();
        log.error("Error message: " + info.getStatusString().getStringAt(0));
    } else {
        log.error("Recieved response with body type(See PKIBody.java): " + tag);
    }
    return CommandResult.FUNCTIONAL_FAILURE;
}

From source file:org.ejbca.ui.cmpclient.commands.RevocationRequestCommand.java

License:Open Source License

@Override
public CommandResult handleCMPResponse(byte[] response, ParameterContainer parameters) throws Exception {
    PKIMessage respObject = null;//from  w  w  w.j  ava2 s  . c  o  m
    ASN1InputStream asn1InputStream = new ASN1InputStream(new ByteArrayInputStream(response));
    try {
        respObject = PKIMessage.getInstance(asn1InputStream.readObject());
    } finally {
        asn1InputStream.close();
    }
    if (respObject == null) {
        log.error("Cannot construct response object");
        return CommandResult.FUNCTIONAL_FAILURE;
    }

    PKIBody body = respObject.getBody();
    int tag = body.getType();
    if (tag == PKIBody.TYPE_REVOCATION_REP) {
        log.info("Revocation response was recieved");
        RevRepContent n = (RevRepContent) body.getContent();
        PKIStatusInfo info = n.getStatus()[0];
        if (info.getStatus().intValue() == 0) {
            log.info("Revocation request have succeeded");
            return CommandResult.SUCCESS;
        } else {
            log.error("Revocation request failed with status (See PKIStatusInfo.java): "
                    + info.getStatus().intValue());
        }
    } else if (tag == PKIBody.TYPE_ERROR) {
        log.error("Error response was recieved");
        ErrorMsgContent c = (ErrorMsgContent) body.getContent();
        PKIStatusInfo info = c.getPKIStatusInfo();
        log.error("Error message: " + info.getStatusString().getStringAt(0).getString());
    } else {
        log.error("Recieved response with body type(See PKIBody.java): " + tag);
    }
    return CommandResult.FUNCTIONAL_FAILURE;
}

From source file:org.jnotary.client.DvcsCheck.java

License:Open Source License

private static void verifyAndDump(byte[] hash, DVCSResponse response) throws Exception {
    if (Arrays.equals(hash, response.getDvCertInfo().getMessageImprint().getDigest())) {
        System.out.println("Message imprint is successfully verified");
    } else {/*from  ww  w .  ja v  a  2s  .  co  m*/
        System.out.println("Message imprint verification is FAILED");

        System.out.println("Message imprint of source file:");
        HexDump.dump(hash, 0, System.out, 0);
        System.out.println("\nMessage imprint from dvcs-response file:");
        HexDump.dump(response.getDvCertInfo().getMessageImprint().getDigest(), 0, System.out, 0);
    }

    System.out.println("DVCS-response information");
    if (response.getDvCertInfo() != null) {
        System.out.println("Service type:"
                + ServiceType.toString(response.getDvCertInfo().getRequestInformation().getService()));
        System.out.println("Nonce: "
                + response.getDvCertInfo().getRequestInformation().getNonce().getPositiveValue().toString(16));
        System.out.println(
                "Response time: " + response.getDvCertInfo().getResponseTime().getGenTime().getTimeString());
    }

    PKIStatusInfo statusInfo = null;
    if (response.getDvErrorNote() != null)
        statusInfo = response.getDvErrorNote().getTransactionStatus();
    else if (response.getDvCertInfo() != null && response.getDvCertInfo().getDvStatus() != null)
        statusInfo = response.getDvCertInfo().getDvStatus();
    if (statusInfo == null)
        throw new Exception("Status info is not present");

    java.lang.StringBuilder sb = new StringBuilder("PKIStatus: ");
    sb.append(statusInfo.getStatus());
    if (statusInfo.getStatusString() != null) {
        sb.append("; FreeText: ");
        sb.append(statusInfo.getStatusString().getStringAt(0).getString());
    }
    if (statusInfo.getFailInfo() != null) {
        sb.append("; PKIFailerInfo: ");
        sb.append(statusInfo.getFailInfo().intValue());
    }
    System.out.println(sb.toString());
}

From source file:org.jnotary.client.DvcsClient.java

License:Open Source License

private static void dump(DVCSResponse response) throws Exception {
    if (response.getDvCertInfo() != null) {
        System.out.println("Service type:" + response.getDvCertInfo().getRequestInformation().getService());
        System.out.println("Nonce: "
                + response.getDvCertInfo().getRequestInformation().getNonce().getPositiveValue().toString(16));
        System.out.println(//from   w w w. j  a  va 2 s  .  c o m
                "Response time: " + response.getDvCertInfo().getResponseTime().getGenTime().getTimeString());
    }

    PKIStatusInfo statusInfo = null;
    if (response.getDvErrorNote() != null)
        statusInfo = response.getDvErrorNote().getTransactionStatus();
    else if (response.getDvCertInfo() != null && response.getDvCertInfo().getDvStatus() != null)
        statusInfo = response.getDvCertInfo().getDvStatus();
    if (statusInfo == null)
        throw new Exception("Status info is not present");

    java.lang.StringBuilder sb = new StringBuilder("PKIStatus: ");
    sb.append(statusInfo.getStatus());
    if (statusInfo.getStatusString() != null) {
        sb.append("; FreeText: ");
        sb.append(statusInfo.getStatusString().getStringAt(0).getString());
    }
    if (statusInfo.getFailInfo() != null) {
        sb.append("; PKIFailerInfo: ");
        sb.append(statusInfo.getFailInfo().intValue());
    }
    System.out.println(sb.toString());
}

From source file:org.xipki.ca.client.impl.X509CmpRequestor.java

License:Open Source License

private RevokeCertResultType parse(final PKIResponse response,
        final List<? extends IssuerSerialEntryType> reqEntries)
        throws CmpRequestorException, PKIErrorException {
    checkProtection(response);/* w  w w  . ja v a 2 s .  c om*/

    PKIBody respBody = response.getPkiMessage().getBody();
    int bodyType = respBody.getType();

    if (PKIBody.TYPE_ERROR == bodyType) {
        ErrorMsgContent content = (ErrorMsgContent) respBody.getContent();
        throw new PKIErrorException(content.getPKIStatusInfo());
    } else if (PKIBody.TYPE_REVOCATION_REP != bodyType) {
        throw new CmpRequestorException("unknown PKI body type " + bodyType + " instead the exceptected ["
                + PKIBody.TYPE_REVOCATION_REP + ", " + PKIBody.TYPE_ERROR + "]");
    }

    RevRepContent content = (RevRepContent) respBody.getContent();
    PKIStatusInfo[] statuses = content.getStatus();
    if (statuses == null || statuses.length != reqEntries.size()) {
        throw new CmpRequestorException("incorrect number of status entries in response '" + statuses.length
                + "' instead the exceptected '" + reqEntries.size() + "'");
    }

    CertId[] revCerts = content.getRevCerts();

    RevokeCertResultType result = new RevokeCertResultType();
    for (int i = 0; i < statuses.length; i++) {
        PKIStatusInfo statusInfo = statuses[i];
        int status = statusInfo.getStatus().intValue();
        IssuerSerialEntryType re = reqEntries.get(i);

        if (status != PKIStatus.GRANTED && status != PKIStatus.GRANTED_WITH_MODS) {
            PKIFreeText text = statusInfo.getStatusString();
            String statusString = text == null ? null : text.getStringAt(0).getString();

            ResultEntryType resultEntry = new ErrorResultEntryType(re.getId(), status,
                    statusInfo.getFailInfo().intValue(), statusString);
            result.addResultEntry(resultEntry);
            continue;
        }

        CertId certId = null;
        if (revCerts != null) {
            for (CertId _certId : revCerts) {
                if (re.getIssuer().equals(_certId.getIssuer().getName())
                        && re.getSerialNumber().equals(_certId.getSerialNumber().getValue())) {
                    certId = _certId;
                    break;
                }
            }
        }

        if (certId == null) {
            LOG.warn("certId is not present in response for (issuer='{}', serialNumber={})",
                    X509Util.getRFC4519Name(re.getIssuer()), re.getSerialNumber());
            certId = new CertId(new GeneralName(re.getIssuer()), re.getSerialNumber());
            continue;
        }

        ResultEntryType resultEntry = new RevokeCertResultEntryType(re.getId(), certId);
        result.addResultEntry(resultEntry);
    }

    return result;
}

From source file:org.xipki.ca.client.impl.X509CmpRequestor.java

License:Open Source License

private EnrollCertResultType intern_requestCertificate(final PKIMessage reqMessage,
        final Map<BigInteger, String> reqIdIdMap, final int expectedBodyType, final RequestResponseDebug debug)
        throws CmpRequestorException, PKIErrorException {
    PKIResponse response = signAndSend(reqMessage, debug);
    checkProtection(response);/*from  w w w. j  av a 2s .  c o m*/

    PKIBody respBody = response.getPkiMessage().getBody();
    int bodyType = respBody.getType();

    if (PKIBody.TYPE_ERROR == bodyType) {
        ErrorMsgContent content = (ErrorMsgContent) respBody.getContent();
        throw new PKIErrorException(content.getPKIStatusInfo());
    }

    else if (expectedBodyType != bodyType) {
        throw new CmpRequestorException("unknown PKI body type " + bodyType + " instead the exceptected ["
                + expectedBodyType + ", " + PKIBody.TYPE_ERROR + "]");
    }

    CertRepMessage certRep = (CertRepMessage) respBody.getContent();
    CertResponse[] certResponses = certRep.getResponse();

    EnrollCertResultType result = new EnrollCertResultType();

    // CA certificates
    CMPCertificate[] caPubs = certRep.getCaPubs();
    if (caPubs != null && caPubs.length > 0) {
        for (int i = 0; i < caPubs.length; i++) {
            if (caPubs[i] != null) {
                result.addCACertificate(caPubs[i]);
            }
        }
    }

    boolean isImplicitConfirm = CmpUtil.isImplictConfirm(response.getPkiMessage().getHeader());

    CertificateConfirmationContentBuilder certConfirmBuilder = isImplicitConfirm ? null
            : new CertificateConfirmationContentBuilder();
    boolean requireConfirm = false;

    // We only accept the certificates which are requested.
    for (CertResponse certResp : certResponses) {
        PKIStatusInfo statusInfo = certResp.getStatus();
        int status = statusInfo.getStatus().intValue();
        BigInteger certReqId = certResp.getCertReqId().getValue();
        String thisId = reqIdIdMap.get(certReqId);
        if (thisId != null) {
            reqIdIdMap.remove(certReqId);
        } else if (reqIdIdMap.size() == 1) {
            thisId = reqIdIdMap.values().iterator().next();
            reqIdIdMap.clear();
        }

        if (thisId == null) {
            continue; // ignore it. this cert is not requested by me
        }

        ResultEntryType resultEntry;
        if (status == PKIStatus.GRANTED || status == PKIStatus.GRANTED_WITH_MODS) {
            CertifiedKeyPair cvk = certResp.getCertifiedKeyPair();
            if (cvk == null) {
                return null;
            }

            CMPCertificate cmpCert = cvk.getCertOrEncCert().getCertificate();
            if (cmpCert == null) {
                return null;
            }

            resultEntry = new EnrollCertResultEntryType(thisId, cmpCert, status);

            if (isImplicitConfirm == false) {
                requireConfirm = true;
                X509CertificateHolder certHolder = null;
                try {
                    certHolder = new X509CertificateHolder(cmpCert.getEncoded());
                } catch (IOException e) {
                    resultEntry = new ErrorResultEntryType(thisId, ClientErrorCode.PKIStatus_RESPONSE_ERROR,
                            PKIFailureInfo.systemFailure, "error while decode the certificate");
                }

                if (certHolder != null) {
                    certConfirmBuilder.addAcceptedCertificate(certHolder, certReqId);
                }
            }
        } else {
            PKIFreeText statusString = statusInfo.getStatusString();
            String errorMessage = statusString == null ? null : statusString.getStringAt(0).getString();
            int failureInfo = statusInfo.getFailInfo().intValue();

            resultEntry = new ErrorResultEntryType(thisId, status, failureInfo, errorMessage);
        }
        result.addResultEntry(resultEntry);
    }

    if (CollectionUtil.isNotEmpty(reqIdIdMap)) {
        for (BigInteger reqId : reqIdIdMap.keySet()) {
            ErrorResultEntryType ere = new ErrorResultEntryType(reqIdIdMap.get(reqId),
                    ClientErrorCode.PKIStatus_NO_ANSWER);
            result.addResultEntry(ere);
        }
    }

    if (requireConfirm == false) {
        return result;
    }

    PKIMessage confirmRequest = buildCertConfirmRequest(response.getPkiMessage().getHeader().getTransactionID(),
            certConfirmBuilder);

    response = signAndSend(confirmRequest, debug);
    checkProtection(response);

    if (PKIBody.TYPE_ERROR == bodyType) {
        ErrorMsgContent content = (ErrorMsgContent) respBody.getContent();
        throw new PKIErrorException(content.getPKIStatusInfo());
    }

    return result;
}

From source file:org.xipki.common.util.SecurityUtil.java

License:Open Source License

public static String formatPKIStatusInfo(final org.bouncycastle.asn1.cmp.PKIStatusInfo pkiStatusInfo) {
    int status = pkiStatusInfo.getStatus().intValue();
    int failureInfo = pkiStatusInfo.getFailInfo().intValue();
    PKIFreeText text = pkiStatusInfo.getStatusString();
    String statusMessage = text == null ? null : text.getStringAt(0).getString();

    return SecurityUtil.formatPKIStatusInfo(status, failureInfo, statusMessage);
}