Example usage for org.bouncycastle.asn1.cmp RevReqContent getInstance

List of usage examples for org.bouncycastle.asn1.cmp RevReqContent getInstance

  1. HOME
  2. Java
  3. org.bouncycastle
  4. org.bouncycastle.asn1.cmp.*
  5. RevReqContent
  6. getInstance

Introduction

In this page you can find the example usage for org.bouncycastle.asn1.cmp RevReqContent getInstance.

Prototype

public static RevReqContent getInstance(Object o)

Source Link

Usage

From source file:org.cryptable.pki.communication.PKICMPMessagesTest.java

License:Open Source License

/**
 * Test the confirmation message from the certification authority
 *
 * @throws IOException//from  www  .  j  av  a 2  s  . co  m
 * @throws CertificateEncodingException
 * @throws OperatorCreationException
 * @throws CMPException
 */
@Test
public void testRevocationMessage()
        throws IOException, CertificateEncodingException, OperatorCreationException, CMPException,
        PKICMPMessageException, CRMFException, IllegalAccessException, CMSException, NoSuchFieldException {
    PKICMPMessages pkiMessages = new PKICMPMessages();
    pkiMessages.setPkiKeyStore(pkiKeyStoreRA);
    List<RevocationInput> revocationInputs = new ArrayList<RevocationInput>(2);
    revocationInputs.add(new RevocationInput(pki.getTestUser1Cert()));
    revocationInputs.add(new RevocationInput(pki.getTestUser2Cert()));

    byte[] result = pkiMessages
            .createRevocationMessage(revocationInputs.toArray(new RevocationInput[revocationInputs.size()]));

    ASN1InputStream asn1InputStream = new ASN1InputStream(result);
    ASN1Primitive asn1Primitive = asn1InputStream.readObject();
    PKIMessage pkiMessage = PKIMessage.getInstance(asn1Primitive);

    // Check the Body
    Assert.assertEquals(PKIBody.TYPE_REVOCATION_REQ, pkiMessage.getBody().getType());
    RevDetails[] revDetailses = RevReqContent.getInstance(pkiMessage.getBody().getContent())
            .toRevDetailsArray();
    Assert.assertEquals(pki.getTestUser1Cert().getIssuerDN().getName().toString(),
            revDetailses[0].getCertDetails().getIssuer().toString());
    Assert.assertEquals(pki.getTestUser1Cert().getSerialNumber(),
            revDetailses[0].getCertDetails().getSerialNumber().getValue());
    Assert.assertEquals(pki.getTestUser1Cert().getSubjectDN().getName().toString(),
            revDetailses[0].getCertDetails().getSubject().toString());
    Assert.assertArrayEquals(pki.getTestUser1Cert().getPublicKey().getEncoded(),
            revDetailses[0].getCertDetails().getPublicKey().getEncoded());
    Assert.assertNull(revDetailses[0].getCrlEntryDetails());
    Assert.assertEquals(pki.getTestUser2Cert().getIssuerDN().getName().toString(),
            revDetailses[1].getCertDetails().getIssuer().toString());
    Assert.assertEquals(pki.getTestUser2Cert().getSerialNumber(),
            revDetailses[1].getCertDetails().getSerialNumber().getValue());
    Assert.assertEquals(pki.getTestUser2Cert().getSubjectDN().getName().toString(),
            revDetailses[1].getCertDetails().getSubject().toString());
    Assert.assertArrayEquals(pki.getTestUser2Cert().getPublicKey().getEncoded(),
            revDetailses[1].getCertDetails().getPublicKey().getEncoded());
    Assert.assertNull(revDetailses[1].getCrlEntryDetails());
}

From source file:org.cryptable.pki.communication.PKICMPMessagesTest.java

License:Open Source License

/**
 * Test the confirmation message from the certification authority
 *
 * @throws IOException/*from  w  w w  . ja va2s.c  o  m*/
 * @throws CertificateEncodingException
 * @throws OperatorCreationException
 * @throws CMPException
 */
@Test
public void testRevocationMessageWithExtensions()
        throws IOException, CertificateEncodingException, OperatorCreationException, CMPException,
        PKICMPMessageException, CRMFException, IllegalAccessException, CMSException, NoSuchFieldException {
    PKICMPMessages pkiMessages = new PKICMPMessages();
    pkiMessages.setPkiKeyStore(pkiKeyStoreRA);
    List<RevocationInput> revocationInputs = new ArrayList<RevocationInput>(2);
    Date invalidityDate = new Date(System.currentTimeMillis() - 500L * 60 * 60 * 24 * 30);
    revocationInputs.add(new RevocationInput(pki.getTestUser1Cert(), RevocationInput.aACompromise));
    revocationInputs
            .add(new RevocationInput(pki.getTestUser2Cert(), RevocationInput.noReasonCode, invalidityDate));

    byte[] result = pkiMessages
            .createRevocationMessage(revocationInputs.toArray(new RevocationInput[revocationInputs.size()]));

    ASN1InputStream asn1InputStream = new ASN1InputStream(result);
    ASN1Primitive asn1Primitive = asn1InputStream.readObject();
    PKIMessage pkiMessage = PKIMessage.getInstance(asn1Primitive);

    // Check the Body
    Assert.assertEquals(PKIBody.TYPE_REVOCATION_REQ, pkiMessage.getBody().getType());
    RevDetails[] revDetailses = RevReqContent.getInstance(pkiMessage.getBody().getContent())
            .toRevDetailsArray();
    Assert.assertEquals(pki.getTestUser1Cert().getIssuerDN().getName().toString(),
            revDetailses[0].getCertDetails().getIssuer().toString());
    Assert.assertEquals(pki.getTestUser1Cert().getSerialNumber(),
            revDetailses[0].getCertDetails().getSerialNumber().getValue());
    Assert.assertEquals(pki.getTestUser1Cert().getSubjectDN().getName().toString(),
            revDetailses[0].getCertDetails().getSubject().toString());
    Assert.assertArrayEquals(pki.getTestUser1Cert().getPublicKey().getEncoded(),
            revDetailses[0].getCertDetails().getPublicKey().getEncoded());
    Assert.assertNotNull(revDetailses[0].getCrlEntryDetails());
    Assert.assertNull(revDetailses[0].getCrlEntryDetails().getExtensionParsedValue(Extension.invalidityDate));
    ReasonFlags reasonFlags = new ReasonFlags(ReasonFlags
            .getInstance(revDetailses[0].getCrlEntryDetails().getExtensionParsedValue(Extension.reasonCode)));
    Assert.assertEquals(RevocationInput.aACompromise, reasonFlags.intValue());
    Assert.assertEquals(pki.getTestUser2Cert().getIssuerDN().getName().toString(),
            revDetailses[1].getCertDetails().getIssuer().toString());
    Assert.assertEquals(pki.getTestUser2Cert().getSerialNumber(),
            revDetailses[1].getCertDetails().getSerialNumber().getValue());
    Assert.assertEquals(pki.getTestUser2Cert().getSubjectDN().getName().toString(),
            revDetailses[1].getCertDetails().getSubject().toString());
    Assert.assertArrayEquals(pki.getTestUser2Cert().getPublicKey().getEncoded(),
            revDetailses[1].getCertDetails().getPublicKey().getEncoded());
    Assert.assertNotNull(revDetailses[1].getCrlEntryDetails());
    Assert.assertNull(revDetailses[1].getCrlEntryDetails().getExtensionParsedValue(Extension.reasonCode));
    Time tmp = new Time(revDetailses[1].getCrlEntryDetails().getExtensionParsedValue(Extension.invalidityDate)
            .toASN1Primitive());
    Assert.assertEquals(invalidityDate.toString(), tmp.getDate().toString());
}

From source file:org.xipki.pki.ca.server.impl.cmp.X509CaCmpResponder.java

License:Open Source License

private PKIBody cmpUnRevokeRemoveCertificates(final PKIMessage request, final PKIHeaderBuilder respHeader,
        final CmpControl cmpControl, final PKIHeader reqHeader, final PKIBody reqBody,
        final CmpRequestorInfo requestor, final String user, final String msgId, final AuditEvent event) {
    Permission requiredPermission = null;
    boolean allRevdetailsOfSameType = true;

    RevReqContent rr = RevReqContent.getInstance(reqBody.getContent());
    RevDetails[] revContent = rr.toRevDetailsArray();

    int len = revContent.length;
    for (int i = 0; i < len; i++) {
        RevDetails revDetails = revContent[i];
        Extensions crlDetails = revDetails.getCrlEntryDetails();
        int reasonCode = CrlReason.UNSPECIFIED.getCode();
        if (crlDetails != null) {
            ASN1ObjectIdentifier extId = Extension.reasonCode;
            ASN1Encodable extValue = crlDetails.getExtensionParsedValue(extId);
            if (extValue != null) {
                reasonCode = ASN1Enumerated.getInstance(extValue).getValue().intValue();
            }//  w  w  w .  j  av a2s  .  c  o  m
        }

        if (reasonCode == XiSecurityConstants.CMP_CRL_REASON_REMOVE) {
            if (requiredPermission == null) {
                event.addEventType(CaAuditConstants.TYPE_CMP_rr_remove);
                requiredPermission = Permission.REMOVE_CERT;
            } else if (requiredPermission != Permission.REMOVE_CERT) {
                allRevdetailsOfSameType = false;
                break;
            }
        } else if (reasonCode == CrlReason.REMOVE_FROM_CRL.getCode()) {
            if (requiredPermission == null) {
                event.addEventType(CaAuditConstants.TYPE_CMP_rr_unrevoke);
                requiredPermission = Permission.UNREVOKE_CERT;
            } else if (requiredPermission != Permission.UNREVOKE_CERT) {
                allRevdetailsOfSameType = false;
                break;
            }
        } else {
            if (requiredPermission == null) {
                event.addEventType(CaAuditConstants.TYPE_CMP_rr_revoke);
                requiredPermission = Permission.REVOKE_CERT;
            } else if (requiredPermission != Permission.REVOKE_CERT) {
                allRevdetailsOfSameType = false;
                break;
            }
        }
    } // end for

    if (!allRevdetailsOfSameType) {
        ErrorMsgContent emc = new ErrorMsgContent(new PKIStatusInfo(PKIStatus.rejection,
                new PKIFreeText("not all revDetails are of the same type"),
                new PKIFailureInfo(PKIFailureInfo.badRequest)));

        return new PKIBody(PKIBody.TYPE_ERROR, emc);
    } else {
        try {
            checkPermission(requestor, requiredPermission);
        } catch (InsuffientPermissionException ex) {
            event.setStatus(AuditStatus.FAILED);
            event.addEventData(CaAuditConstants.NAME_message, "NOT_PERMITTED");
            return buildErrorMsgPkiBody(PKIStatus.rejection, PKIFailureInfo.notAuthorized, null);
        }
        return unRevokeRemoveCertificates(request, rr, requiredPermission, cmpControl, msgId);
    }
}