List of usage examples for org.bouncycastle.asn1.cmp PKIStatusInfo PKIStatusInfo
public PKIStatusInfo(PKIStatus status, PKIFreeText statusString)
From source file:org.xipki.ca.server.impl.X509CACmpResponder.java
License:Open Source License
private CertResponse generateCertificate(final CmpRequestorInfo requestor, final String user, final ASN1OctetString tid, final ASN1Integer certReqId, final X500Name subject, final SubjectPublicKeyInfo publicKeyInfo, final OptionalValidity validity, final Extensions extensions, final String certprofileName, final boolean keyUpdate, final long confirmWaitTime, final AuditChildEvent childAuditEvent) throws InsuffientPermissionException { checkPermission(requestor, certprofileName); Date notBefore = null;/*ww w. j a va 2 s .c o m*/ Date notAfter = null; if (validity != null) { Time t = validity.getNotBefore(); if (t != null) { notBefore = t.getDate(); } t = validity.getNotAfter(); if (t != null) { notAfter = t.getDate(); } } try { X509CA ca = getCA(); X509CertificateInfo certInfo; if (keyUpdate) { certInfo = ca.regenerateCertificate(requestor.isRA(), requestor, certprofileName, user, subject, publicKeyInfo, notBefore, notAfter, extensions); } else { certInfo = ca.generateCertificate(requestor.isRA(), requestor, certprofileName, user, subject, publicKeyInfo, notBefore, notAfter, extensions); } certInfo.setRequestor(requestor); certInfo.setUser(user); if (childAuditEvent != null) { childAuditEvent.addEventData(new AuditEventData("subject", certInfo.getCert().getSubject())); } pendingCertPool.addCertificate(tid.getOctets(), certReqId.getPositiveValue(), certInfo, System.currentTimeMillis() + confirmWaitTime); String warningMsg = certInfo.getWarningMessage(); PKIStatusInfo statusInfo; if (StringUtil.isBlank(warningMsg)) { if (certInfo.isAlreadyIssued()) { statusInfo = new PKIStatusInfo(PKIStatus.grantedWithMods, new PKIFreeText("ALREADY_ISSUED")); } else { statusInfo = new PKIStatusInfo(PKIStatus.granted); } } else { statusInfo = new PKIStatusInfo(PKIStatus.grantedWithMods, new PKIFreeText(warningMsg)); } if (childAuditEvent != null) { childAuditEvent.setStatus(AuditStatus.SUCCESSFUL); } CertOrEncCert cec = new CertOrEncCert(CMPCertificate.getInstance(certInfo.getCert().getEncodedCert())); CertifiedKeyPair kp = new CertifiedKeyPair(cec); CertResponse certResp = new CertResponse(certReqId, statusInfo, kp, null); return certResp; } catch (OperationException e) { ErrorCode code = e.getErrorCode(); LOG.warn("generate certificate, OperationException: code={}, message={}", code.name(), e.getErrorMessage()); String auditMessage; int failureInfo; switch (code) { case ALREADY_ISSUED: failureInfo = PKIFailureInfo.badRequest; auditMessage = "ALREADY_ISSUED"; break; case BAD_CERT_TEMPLATE: failureInfo = PKIFailureInfo.badCertTemplate; auditMessage = "BAD_CERT_TEMPLATE"; break; case BAD_REQUEST: failureInfo = PKIFailureInfo.badRequest; auditMessage = "BAD_REQUEST"; case CERT_REVOKED: failureInfo = PKIFailureInfo.certRevoked; auditMessage = "CERT_REVOKED"; break; case CRL_FAILURE: failureInfo = PKIFailureInfo.systemFailure; auditMessage = "CRL_FAILURE"; break; case DATABASE_FAILURE: failureInfo = PKIFailureInfo.systemFailure; auditMessage = "DATABASE_FAILURE"; break; case NOT_PERMITTED: failureInfo = PKIFailureInfo.notAuthorized; auditMessage = "NOT_PERMITTED"; break; case INSUFFICIENT_PERMISSION: failureInfo = PKIFailureInfo.notAuthorized; auditMessage = "INSUFFICIENT_PERMISSION"; break; case INVALID_EXTENSION: failureInfo = PKIFailureInfo.systemFailure; auditMessage = "INVALID_EXTENSION"; break; case SYSTEM_FAILURE: failureInfo = PKIFailureInfo.systemFailure; auditMessage = "System_Failure"; break; case SYSTEM_UNAVAILABLE: failureInfo = PKIFailureInfo.systemUnavail; auditMessage = "System_Unavailable"; break; case UNKNOWN_CERT: failureInfo = PKIFailureInfo.badCertId; auditMessage = "UNKNOWN_CERT"; break; case UNKNOWN_CERT_PROFILE: failureInfo = PKIFailureInfo.badCertTemplate; auditMessage = "UNKNOWN_CERT_PROFILE"; break; default: failureInfo = PKIFailureInfo.systemFailure; auditMessage = "InternalErrorCode " + e.getErrorCode(); break; } // end switch(code) if (childAuditEvent != null) { childAuditEvent.setStatus(AuditStatus.FAILED); childAuditEvent.addEventData(new AuditEventData("message", auditMessage)); } String errorMessage; switch (code) { case DATABASE_FAILURE: case SYSTEM_FAILURE: errorMessage = code.name(); break; default: errorMessage = code.name() + ": " + e.getErrorMessage(); break; } // end switch code PKIStatusInfo status = generateCmpRejectionStatus(failureInfo, errorMessage); return new CertResponse(certReqId, status); } }
From source file:org.xipki.pki.ca.server.impl.cmp.X509CaCmpResponder.java
License:Open Source License
private CertResponse postProcessCertInfo(ASN1Integer certReqId, X509CertificateInfo certInfo, ASN1OctetString tid, CmpControl cmpControl) { if (cmpControl.isConfirmCert()) { pendingCertPool.addCertificate(tid.getOctets(), certReqId.getPositiveValue(), certInfo, System.currentTimeMillis() + cmpControl.getConfirmWaitTimeMs()); }//from w w w.ja v a 2 s . c om String warningMsg = certInfo.getWarningMessage(); PKIStatusInfo statusInfo; if (StringUtil.isBlank(warningMsg)) { statusInfo = certInfo.isAlreadyIssued() ? new PKIStatusInfo(PKIStatus.grantedWithMods, new PKIFreeText("ALREADY_ISSUED")) : new PKIStatusInfo(PKIStatus.granted); } else { statusInfo = new PKIStatusInfo(PKIStatus.grantedWithMods, new PKIFreeText(warningMsg)); } CertOrEncCert cec = new CertOrEncCert(CMPCertificate.getInstance(certInfo.getCert().getEncodedCert())); CertifiedKeyPair kp = new CertifiedKeyPair(cec); return new CertResponse(certReqId, statusInfo, kp, null); }