List of usage examples for org.bouncycastle.asn1.cmp PKIStatusInfo getStatusString
public PKIFreeText getStatusString()
From source file:org.ejbca.core.protocol.cmp.CmpTestCase.java
License:Open Source License
/** * //w w w .j a va 2s. co m * @param retMsg * @param failMsg expected fail message * @param tag 1 is answer to initialisation resp, 3 certification resp etc, 23 is error * @param err a number from FailInfo * @throws IOException */ protected static void checkCmpFailMessage(byte[] retMsg, String failMsg, int exptag, int requestId, int err, int expectedPKIFailInfo) throws IOException { // // Parse response message // PKIMessage respObject = null; ASN1InputStream asn1InputStream = new ASN1InputStream(new ByteArrayInputStream(retMsg)); try { respObject = PKIMessage.getInstance(asn1InputStream.readObject()); } finally { asn1InputStream.close(); } assertNotNull(respObject); final PKIBody body = respObject.getBody(); final int tag = body.getType(); assertEquals(exptag, tag); final PKIStatusInfo info; if (exptag == CmpPKIBodyConstants.ERRORMESSAGE) { ErrorMsgContent c = (ErrorMsgContent) body.getContent(); assertNotNull(c); info = c.getPKIStatusInfo(); assertNotNull(info); assertEquals(ResponseStatus.FAILURE.getValue(), info.getStatus().intValue()); int i = info.getFailInfo().intValue(); assertEquals(err, i); } else if (exptag == CmpPKIBodyConstants.REVOCATIONRESPONSE) { RevRepContent rrc = (RevRepContent) body.getContent(); assertNotNull(rrc); info = rrc.getStatus()[0]; assertNotNull(info); assertEquals(ResponseStatus.FAILURE.getValue(), info.getStatus().intValue()); assertEquals(PKIFailureInfo.badRequest, info.getFailInfo().intValue()); } else { CertRepMessage c = null; if (exptag == CmpPKIBodyConstants.INITIALIZATIONRESPONSE || exptag == CmpPKIBodyConstants.CERTIFICATIONRESPONSE) { c = (CertRepMessage) body.getContent(); } assertNotNull(c); CertResponse resp = c.getResponse()[0]; assertNotNull(resp); assertEquals(resp.getCertReqId().getValue().intValue(), requestId); info = resp.getStatus(); assertNotNull(info); int error = info.getStatus().intValue(); assertEquals(ResponseStatus.FAILURE.getValue(), error); // 2 is // rejection assertEquals(expectedPKIFailInfo, info.getFailInfo().intValue()); } log.debug("expected fail message: '" + failMsg + "'. received fail message: '" + info.getStatusString().getStringAt(0).getString() + "'."); assertEquals(failMsg, info.getStatusString().getStringAt(0).getString()); }
From source file:org.ejbca.core.protocol.cmp.CmpTestCase.java
License:Open Source License
protected static void checkCmpPKIErrorMessage(byte[] retMsg, String sender, X500Name recipient, int errorCode, String errorMsg) throws IOException { ///*from w ww. ja v a 2 s.c o m*/ // Parse response message // PKIMessage respObject = null; ASN1InputStream asn1InputStream = new ASN1InputStream(new ByteArrayInputStream(retMsg)); try { respObject = PKIMessage.getInstance(asn1InputStream.readObject()); } finally { asn1InputStream.close(); } assertNotNull(respObject); PKIHeader header = respObject.getHeader(); assertEquals(header.getSender().getTagNo(), 4); { final X500Name name = X500Name.getInstance(header.getSender().getName()); assertEquals(name.toString(), sender); } { final X500Name name = X500Name.getInstance(header.getRecipient().getName()); assertArrayEquals(name.getEncoded(), recipient.getEncoded()); } PKIBody body = respObject.getBody(); int tag = body.getType(); assertEquals(tag, 23); ErrorMsgContent n = (ErrorMsgContent) body.getContent(); assertNotNull(n); PKIStatusInfo info = n.getPKIStatusInfo(); assertNotNull(info); BigInteger i = info.getStatus(); assertEquals(i.intValue(), 2); DERBitString b = info.getFailInfo(); assertEquals("Return wrong error code.", errorCode, b.intValue()); if (errorMsg != null) { PKIFreeText freeText = info.getStatusString(); DERUTF8String utf = freeText.getStringAt(0); assertEquals(errorMsg, utf.getString()); } }
From source file:org.ejbca.ui.cmpclient.commands.CrmfRequestCommand.java
License:Open Source License
@Override public CommandResult handleCMPResponse(byte[] response, final ParameterContainer parameters) throws Exception { String dest = parameters.get(DESTINATION_KEY); if (dest == null) { dest = "dest"; new File("./" + dest).mkdirs(); log.info("Using default destination directory: ./dest/"); }/*from w w w . j a v a 2 s. c o m*/ PKIMessage respObject = null; ASN1InputStream asn1InputStream = new ASN1InputStream(new ByteArrayInputStream(response)); try { respObject = PKIMessage.getInstance(asn1InputStream.readObject()); } finally { asn1InputStream.close(); } if (respObject == null) { log.error("ERROR. Cannot construct the response object"); return CommandResult.FUNCTIONAL_FAILURE; } PKIBody body = respObject.getBody(); int tag = body.getType(); if (tag == PKIBody.TYPE_INIT_REP) { CertRepMessage c = (CertRepMessage) body.getContent(); CertResponse resp = c.getResponse()[0]; PKIStatusInfo status = resp.getStatus(); if (status.getStatus().intValue() == PKIStatus.GRANTED) { final X509Certificate cert = getCertFromResponse(resp); final ArrayList<Certificate> certs = new ArrayList<>(); certs.add(cert); final byte[] certBytes = CertTools.getPemFromCertificateChain(certs); String certFileName = getDestinationCertFile(dest, parameters.get(SUBJECTDN_KEY)); final FileOutputStream fos = new FileOutputStream(new File(certFileName)); fos.write(certBytes); fos.close(); log.info("CRMF request successful. Received certificate stored in " + certFileName); return CommandResult.SUCCESS; } else { final String errMsg = status.getStatusString().getStringAt(0).getString(); log.error("Recieved CRMF response with status '" + status.getStatus().intValue() + "' and error message: " + errMsg); } } else if (tag == PKIBody.TYPE_ERROR) { ErrorMsgContent err = (ErrorMsgContent) body.getContent(); final String errMsg = err.getPKIStatusInfo().getStatusString().getStringAt(0).getString(); log.error("Revceived CMP Error Message: " + errMsg); } else { log.error("Received PKIMessage with body tag " + tag); } return CommandResult.FUNCTIONAL_FAILURE; }
From source file:org.ejbca.ui.cmpclient.commands.KeyUpdateRequestCommand.java
License:Open Source License
@Override public CommandResult handleCMPResponse(byte[] response, ParameterContainer parameters) throws Exception { String dest = parameters.get(DESTINATION_KEY); if (dest == null) { dest = "dest"; new File("./" + dest).mkdirs(); log.info("Using default destination directory: ./dest/"); }/*from w w w . ja va 2 s . c o m*/ PKIMessage respObject = null; ASN1InputStream asn1InputStream = new ASN1InputStream(new ByteArrayInputStream(response)); try { respObject = PKIMessage.getInstance(asn1InputStream.readObject()); } finally { asn1InputStream.close(); } if (respObject == null) { log.error("Cannot construct response object"); return CommandResult.FUNCTIONAL_FAILURE; } PKIBody body = respObject.getBody(); int tag = body.getType(); if (tag == PKIBody.TYPE_KEY_UPDATE_REP) { CertRepMessage c = (CertRepMessage) body.getContent(); CertResponse resp = c.getResponse()[0]; PKIStatusInfo status = resp.getStatus(); if (status.getStatus().intValue() == PKIStatus.GRANTED) { final X509Certificate cert = getCertFromResponse(resp); final ArrayList<Certificate> certs = new ArrayList<>(); certs.add(cert); final byte[] certBytes = CertTools.getPemFromCertificateChain(certs); String certFileName = getDestinationCertFile(dest, parameters.get(SUBJECTDN_KEY)); final FileOutputStream fos = new FileOutputStream(new File(certFileName)); fos.write(certBytes); fos.close(); log.info("CRMF request successful. Received certificate stored in " + certFileName); return CommandResult.SUCCESS; } else { final String errMsg = status.getStatusString().getStringAt(0).getString(); log.error("Recieved CRMF response with status '" + status.getStatus().intValue() + "' and error message: " + errMsg); } } else if (tag == PKIBody.TYPE_ERROR) { log.error("Error response was recieved"); ErrorMsgContent c = (ErrorMsgContent) body.getContent(); PKIStatusInfo info = c.getPKIStatusInfo(); log.error("Error message: " + info.getStatusString().getStringAt(0)); } else { log.error("Recieved response with body type(See PKIBody.java): " + tag); } return CommandResult.FUNCTIONAL_FAILURE; }
From source file:org.ejbca.ui.cmpclient.commands.RevocationRequestCommand.java
License:Open Source License
@Override public CommandResult handleCMPResponse(byte[] response, ParameterContainer parameters) throws Exception { PKIMessage respObject = null;//from w w w.j ava2 s . c o m ASN1InputStream asn1InputStream = new ASN1InputStream(new ByteArrayInputStream(response)); try { respObject = PKIMessage.getInstance(asn1InputStream.readObject()); } finally { asn1InputStream.close(); } if (respObject == null) { log.error("Cannot construct response object"); return CommandResult.FUNCTIONAL_FAILURE; } PKIBody body = respObject.getBody(); int tag = body.getType(); if (tag == PKIBody.TYPE_REVOCATION_REP) { log.info("Revocation response was recieved"); RevRepContent n = (RevRepContent) body.getContent(); PKIStatusInfo info = n.getStatus()[0]; if (info.getStatus().intValue() == 0) { log.info("Revocation request have succeeded"); return CommandResult.SUCCESS; } else { log.error("Revocation request failed with status (See PKIStatusInfo.java): " + info.getStatus().intValue()); } } else if (tag == PKIBody.TYPE_ERROR) { log.error("Error response was recieved"); ErrorMsgContent c = (ErrorMsgContent) body.getContent(); PKIStatusInfo info = c.getPKIStatusInfo(); log.error("Error message: " + info.getStatusString().getStringAt(0).getString()); } else { log.error("Recieved response with body type(See PKIBody.java): " + tag); } return CommandResult.FUNCTIONAL_FAILURE; }
From source file:org.jnotary.client.DvcsCheck.java
License:Open Source License
private static void verifyAndDump(byte[] hash, DVCSResponse response) throws Exception { if (Arrays.equals(hash, response.getDvCertInfo().getMessageImprint().getDigest())) { System.out.println("Message imprint is successfully verified"); } else {/*from ww w . ja v a 2s . co m*/ System.out.println("Message imprint verification is FAILED"); System.out.println("Message imprint of source file:"); HexDump.dump(hash, 0, System.out, 0); System.out.println("\nMessage imprint from dvcs-response file:"); HexDump.dump(response.getDvCertInfo().getMessageImprint().getDigest(), 0, System.out, 0); } System.out.println("DVCS-response information"); if (response.getDvCertInfo() != null) { System.out.println("Service type:" + ServiceType.toString(response.getDvCertInfo().getRequestInformation().getService())); System.out.println("Nonce: " + response.getDvCertInfo().getRequestInformation().getNonce().getPositiveValue().toString(16)); System.out.println( "Response time: " + response.getDvCertInfo().getResponseTime().getGenTime().getTimeString()); } PKIStatusInfo statusInfo = null; if (response.getDvErrorNote() != null) statusInfo = response.getDvErrorNote().getTransactionStatus(); else if (response.getDvCertInfo() != null && response.getDvCertInfo().getDvStatus() != null) statusInfo = response.getDvCertInfo().getDvStatus(); if (statusInfo == null) throw new Exception("Status info is not present"); java.lang.StringBuilder sb = new StringBuilder("PKIStatus: "); sb.append(statusInfo.getStatus()); if (statusInfo.getStatusString() != null) { sb.append("; FreeText: "); sb.append(statusInfo.getStatusString().getStringAt(0).getString()); } if (statusInfo.getFailInfo() != null) { sb.append("; PKIFailerInfo: "); sb.append(statusInfo.getFailInfo().intValue()); } System.out.println(sb.toString()); }
From source file:org.jnotary.client.DvcsClient.java
License:Open Source License
private static void dump(DVCSResponse response) throws Exception { if (response.getDvCertInfo() != null) { System.out.println("Service type:" + response.getDvCertInfo().getRequestInformation().getService()); System.out.println("Nonce: " + response.getDvCertInfo().getRequestInformation().getNonce().getPositiveValue().toString(16)); System.out.println(//from w w w. j a va 2 s . c o m "Response time: " + response.getDvCertInfo().getResponseTime().getGenTime().getTimeString()); } PKIStatusInfo statusInfo = null; if (response.getDvErrorNote() != null) statusInfo = response.getDvErrorNote().getTransactionStatus(); else if (response.getDvCertInfo() != null && response.getDvCertInfo().getDvStatus() != null) statusInfo = response.getDvCertInfo().getDvStatus(); if (statusInfo == null) throw new Exception("Status info is not present"); java.lang.StringBuilder sb = new StringBuilder("PKIStatus: "); sb.append(statusInfo.getStatus()); if (statusInfo.getStatusString() != null) { sb.append("; FreeText: "); sb.append(statusInfo.getStatusString().getStringAt(0).getString()); } if (statusInfo.getFailInfo() != null) { sb.append("; PKIFailerInfo: "); sb.append(statusInfo.getFailInfo().intValue()); } System.out.println(sb.toString()); }
From source file:org.xipki.ca.client.impl.X509CmpRequestor.java
License:Open Source License
private RevokeCertResultType parse(final PKIResponse response, final List<? extends IssuerSerialEntryType> reqEntries) throws CmpRequestorException, PKIErrorException { checkProtection(response);/* w w w . ja v a 2 s . c om*/ PKIBody respBody = response.getPkiMessage().getBody(); int bodyType = respBody.getType(); if (PKIBody.TYPE_ERROR == bodyType) { ErrorMsgContent content = (ErrorMsgContent) respBody.getContent(); throw new PKIErrorException(content.getPKIStatusInfo()); } else if (PKIBody.TYPE_REVOCATION_REP != bodyType) { throw new CmpRequestorException("unknown PKI body type " + bodyType + " instead the exceptected [" + PKIBody.TYPE_REVOCATION_REP + ", " + PKIBody.TYPE_ERROR + "]"); } RevRepContent content = (RevRepContent) respBody.getContent(); PKIStatusInfo[] statuses = content.getStatus(); if (statuses == null || statuses.length != reqEntries.size()) { throw new CmpRequestorException("incorrect number of status entries in response '" + statuses.length + "' instead the exceptected '" + reqEntries.size() + "'"); } CertId[] revCerts = content.getRevCerts(); RevokeCertResultType result = new RevokeCertResultType(); for (int i = 0; i < statuses.length; i++) { PKIStatusInfo statusInfo = statuses[i]; int status = statusInfo.getStatus().intValue(); IssuerSerialEntryType re = reqEntries.get(i); if (status != PKIStatus.GRANTED && status != PKIStatus.GRANTED_WITH_MODS) { PKIFreeText text = statusInfo.getStatusString(); String statusString = text == null ? null : text.getStringAt(0).getString(); ResultEntryType resultEntry = new ErrorResultEntryType(re.getId(), status, statusInfo.getFailInfo().intValue(), statusString); result.addResultEntry(resultEntry); continue; } CertId certId = null; if (revCerts != null) { for (CertId _certId : revCerts) { if (re.getIssuer().equals(_certId.getIssuer().getName()) && re.getSerialNumber().equals(_certId.getSerialNumber().getValue())) { certId = _certId; break; } } } if (certId == null) { LOG.warn("certId is not present in response for (issuer='{}', serialNumber={})", X509Util.getRFC4519Name(re.getIssuer()), re.getSerialNumber()); certId = new CertId(new GeneralName(re.getIssuer()), re.getSerialNumber()); continue; } ResultEntryType resultEntry = new RevokeCertResultEntryType(re.getId(), certId); result.addResultEntry(resultEntry); } return result; }
From source file:org.xipki.ca.client.impl.X509CmpRequestor.java
License:Open Source License
private EnrollCertResultType intern_requestCertificate(final PKIMessage reqMessage, final Map<BigInteger, String> reqIdIdMap, final int expectedBodyType, final RequestResponseDebug debug) throws CmpRequestorException, PKIErrorException { PKIResponse response = signAndSend(reqMessage, debug); checkProtection(response);/*from w w w. j av a 2s . c o m*/ PKIBody respBody = response.getPkiMessage().getBody(); int bodyType = respBody.getType(); if (PKIBody.TYPE_ERROR == bodyType) { ErrorMsgContent content = (ErrorMsgContent) respBody.getContent(); throw new PKIErrorException(content.getPKIStatusInfo()); } else if (expectedBodyType != bodyType) { throw new CmpRequestorException("unknown PKI body type " + bodyType + " instead the exceptected [" + expectedBodyType + ", " + PKIBody.TYPE_ERROR + "]"); } CertRepMessage certRep = (CertRepMessage) respBody.getContent(); CertResponse[] certResponses = certRep.getResponse(); EnrollCertResultType result = new EnrollCertResultType(); // CA certificates CMPCertificate[] caPubs = certRep.getCaPubs(); if (caPubs != null && caPubs.length > 0) { for (int i = 0; i < caPubs.length; i++) { if (caPubs[i] != null) { result.addCACertificate(caPubs[i]); } } } boolean isImplicitConfirm = CmpUtil.isImplictConfirm(response.getPkiMessage().getHeader()); CertificateConfirmationContentBuilder certConfirmBuilder = isImplicitConfirm ? null : new CertificateConfirmationContentBuilder(); boolean requireConfirm = false; // We only accept the certificates which are requested. for (CertResponse certResp : certResponses) { PKIStatusInfo statusInfo = certResp.getStatus(); int status = statusInfo.getStatus().intValue(); BigInteger certReqId = certResp.getCertReqId().getValue(); String thisId = reqIdIdMap.get(certReqId); if (thisId != null) { reqIdIdMap.remove(certReqId); } else if (reqIdIdMap.size() == 1) { thisId = reqIdIdMap.values().iterator().next(); reqIdIdMap.clear(); } if (thisId == null) { continue; // ignore it. this cert is not requested by me } ResultEntryType resultEntry; if (status == PKIStatus.GRANTED || status == PKIStatus.GRANTED_WITH_MODS) { CertifiedKeyPair cvk = certResp.getCertifiedKeyPair(); if (cvk == null) { return null; } CMPCertificate cmpCert = cvk.getCertOrEncCert().getCertificate(); if (cmpCert == null) { return null; } resultEntry = new EnrollCertResultEntryType(thisId, cmpCert, status); if (isImplicitConfirm == false) { requireConfirm = true; X509CertificateHolder certHolder = null; try { certHolder = new X509CertificateHolder(cmpCert.getEncoded()); } catch (IOException e) { resultEntry = new ErrorResultEntryType(thisId, ClientErrorCode.PKIStatus_RESPONSE_ERROR, PKIFailureInfo.systemFailure, "error while decode the certificate"); } if (certHolder != null) { certConfirmBuilder.addAcceptedCertificate(certHolder, certReqId); } } } else { PKIFreeText statusString = statusInfo.getStatusString(); String errorMessage = statusString == null ? null : statusString.getStringAt(0).getString(); int failureInfo = statusInfo.getFailInfo().intValue(); resultEntry = new ErrorResultEntryType(thisId, status, failureInfo, errorMessage); } result.addResultEntry(resultEntry); } if (CollectionUtil.isNotEmpty(reqIdIdMap)) { for (BigInteger reqId : reqIdIdMap.keySet()) { ErrorResultEntryType ere = new ErrorResultEntryType(reqIdIdMap.get(reqId), ClientErrorCode.PKIStatus_NO_ANSWER); result.addResultEntry(ere); } } if (requireConfirm == false) { return result; } PKIMessage confirmRequest = buildCertConfirmRequest(response.getPkiMessage().getHeader().getTransactionID(), certConfirmBuilder); response = signAndSend(confirmRequest, debug); checkProtection(response); if (PKIBody.TYPE_ERROR == bodyType) { ErrorMsgContent content = (ErrorMsgContent) respBody.getContent(); throw new PKIErrorException(content.getPKIStatusInfo()); } return result; }
From source file:org.xipki.common.util.SecurityUtil.java
License:Open Source License
public static String formatPKIStatusInfo(final org.bouncycastle.asn1.cmp.PKIStatusInfo pkiStatusInfo) { int status = pkiStatusInfo.getStatus().intValue(); int failureInfo = pkiStatusInfo.getFailInfo().intValue(); PKIFreeText text = pkiStatusInfo.getStatusString(); String statusMessage = text == null ? null : text.getStringAt(0).getString(); return SecurityUtil.formatPKIStatusInfo(status, failureInfo, statusMessage); }