Example usage for org.bouncycastle.asn1 DERBitString intValue

List of usage examples for org.bouncycastle.asn1 DERBitString intValue

  1. HOME
  2. Java
  3. org.bouncycastle
  4. org.bouncycastle.asn1.*
  5. DERBitString
  6. intValue

Introduction

In this page you can find the example usage for org.bouncycastle.asn1 DERBitString intValue.

Prototype

public int intValue()

Source Link

Usage

From source file:net.sf.keystore_explorer.crypto.x509.X509Ext.java

License:Open Source License

private String getKeyUsageStringValue(byte[] value) throws IOException {
    // @formatter:off

    /*/* w w w.j  a v  a  2s  .c  om*/
     * KeyUsage ::= BIT STRING { digitalSignature (0), nonRepudiation (1),
     * keyEncipherment (2), dataEncipherment (3), keyAgreement (4),
     * keyCertSign (5), cRLSign (6), encipherOnly (7), decipherOnly (8) }
     */

    // @formatter:on

    DERBitString keyUsage = DERBitString.getInstance(ASN1Primitive.fromByteArray(value));

    int keyUsages = keyUsage.intValue();

    StringBuilder sb = new StringBuilder();

    if (hasKeyUsage(keyUsages, KeyUsage.digitalSignature)) {
        sb.append(res.getString("DigitalSignatureKeyUsage"));
        sb.append(NEWLINE);
    }
    if (hasKeyUsage(keyUsages, KeyUsage.nonRepudiation)) {
        sb.append(res.getString("NonRepudiationKeyUsage"));
        sb.append(NEWLINE);
    }
    if (hasKeyUsage(keyUsages, KeyUsage.keyEncipherment)) {
        sb.append(res.getString("KeyEnciphermentKeyUsage"));
        sb.append(NEWLINE);
    }
    if (hasKeyUsage(keyUsages, KeyUsage.dataEncipherment)) {
        sb.append(res.getString("DataEnciphermentKeyUsage"));
        sb.append(NEWLINE);
    }
    if (hasKeyUsage(keyUsages, KeyUsage.keyAgreement)) {
        sb.append(res.getString("KeyAgreementKeyUsage"));
        sb.append(NEWLINE);
    }
    if (hasKeyUsage(keyUsages, KeyUsage.keyCertSign)) {
        sb.append(res.getString("KeyCertSignKeyUsage"));
        sb.append(NEWLINE);
    }
    if (hasKeyUsage(keyUsages, KeyUsage.cRLSign)) {
        sb.append(res.getString("CrlSignKeyUsage"));
        sb.append(NEWLINE);
    }
    if (hasKeyUsage(keyUsages, KeyUsage.encipherOnly)) {
        sb.append(res.getString("EncipherOnlyKeyUsage"));
        sb.append(NEWLINE);
    }
    if (hasKeyUsage(keyUsages, KeyUsage.decipherOnly)) {
        sb.append(res.getString("DecipherOnlyKeyUsage"));
        sb.append(NEWLINE);
    }

    return sb.toString();
}

From source file:net.sf.keystore_explorer.crypto.x509.X509Ext.java

License:Open Source License

private String getNetscapeCertificateTypeStringValue(byte[] value) throws IOException {
    // @formatter:off

    /*/*ww w .ja  va  2s. c  om*/
     * NetscapeCertType ::= BIT STRING { sslClient (0), sslServer (1), smime
     * (2), objectSigning (3), reserved (4), sslCA (5), smimeCA (6),
     * objectSigningCA (7) }
     */

    // @formatter:on

    StringBuilder sb = new StringBuilder();

    @SuppressWarnings("resource") // we have a ByteArrayInputStream here which does not need to be closed
    DERBitString netscapeCertType = DERBitString.getInstance(new ASN1InputStream(value).readObject());

    int netscapeCertTypes = netscapeCertType.intValue();

    if (isCertType(netscapeCertTypes, NetscapeCertType.sslClient)) {
        sb.append(res.getString("SslClientNetscapeCertificateType"));
        sb.append(NEWLINE);
    }

    if (isCertType(netscapeCertTypes, NetscapeCertType.sslServer)) {
        sb.append(res.getString("SslServerNetscapeCertificateType"));
        sb.append(NEWLINE);
    }

    if (isCertType(netscapeCertTypes, NetscapeCertType.smime)) {
        sb.append(res.getString("SmimeNetscapeCertificateType"));
        sb.append(NEWLINE);
    }

    if (isCertType(netscapeCertTypes, NetscapeCertType.objectSigning)) {
        sb.append(res.getString("ObjectSigningNetscapeCertificateType"));
        sb.append(NEWLINE);
    }

    if (isCertType(netscapeCertTypes, NetscapeCertType.reserved)) {
        sb.append(res.getString("ReservedNetscapeCertificateType"));
        sb.append(NEWLINE);
    }

    if (isCertType(netscapeCertTypes, NetscapeCertType.sslCA)) {
        sb.append(res.getString("SslCaNetscapeCertificateType"));
        sb.append(NEWLINE);
    }

    if (isCertType(netscapeCertTypes, NetscapeCertType.smimeCA)) {
        sb.append(res.getString("SmimeCaNetscapeCertificateType"));
        sb.append(NEWLINE);
    }

    if (isCertType(netscapeCertTypes, NetscapeCertType.objectSigningCA)) {
        sb.append(res.getString("ObjectSigningCaNetscapeCertificateType"));
        sb.append(NEWLINE);
    }

    return sb.toString();
}

From source file:net.sf.keystore_explorer.crypto.x509.X509Ext.java

License:Open Source License

private String[] getReasonFlagsStrings(ReasonFlags reasonFlags) throws IOException {
    // @formatter:off

    /*/*ww  w .j a v a2  s  .c o  m*/
     * ReasonFlags ::= BIT STRING { unused(0), keyCompromise(1),
     * cACompromise(2), affiliationChanged(3), superseded(4),
     * cessationOfOperation(5), certificateHold(6), privilegeWithdrawn(7),
     * aACompromise(8)}
     */

    // @formatter:on

    List<String> reasonFlagsList = new ArrayList<String>();

    DERBitString reasonFlagsBitString = (DERBitString) reasonFlags.toASN1Primitive();

    int reasonFlagsInt = reasonFlagsBitString.intValue();

    // Go through bit string adding reason flags found to be true
    if (hasReasonFlag(reasonFlagsInt, ReasonFlags.unused)) {
        reasonFlagsList.add(res.getString("UnusedReasonFlag"));
    }
    if (hasReasonFlag(reasonFlagsInt, ReasonFlags.keyCompromise)) {
        reasonFlagsList.add(res.getString("KeyCompromiseReasonFlag"));
    }
    if (hasReasonFlag(reasonFlagsInt, ReasonFlags.cACompromise)) {
        reasonFlagsList.add(res.getString("CaCompromiseReasonFlag"));
    }
    if (hasReasonFlag(reasonFlagsInt, ReasonFlags.affiliationChanged)) {
        reasonFlagsList.add(res.getString("AffiliationChangedReasonFlag"));
    }
    if (hasReasonFlag(reasonFlagsInt, ReasonFlags.superseded)) {
        reasonFlagsList.add(res.getString("SupersededReasonFlag"));
    }
    if (hasReasonFlag(reasonFlagsInt, ReasonFlags.cessationOfOperation)) {
        reasonFlagsList.add(res.getString("CessationOfOperationReasonFlag"));
    }
    if (hasReasonFlag(reasonFlagsInt, ReasonFlags.certificateHold)) {
        reasonFlagsList.add(res.getString("CertificateHoldReasonFlag"));
    }
    if (hasReasonFlag(reasonFlagsInt, ReasonFlags.privilegeWithdrawn)) {
        reasonFlagsList.add(res.getString("PrivilegeWithdrawnReasonFlag"));
    }
    if (hasReasonFlag(reasonFlagsInt, ReasonFlags.aACompromise)) {
        reasonFlagsList.add(res.getString("AaCompromiseReasonFlag"));
    }

    return reasonFlagsList.toArray(new String[reasonFlagsList.size()]);
}

From source file:net.sf.keystore_explorer.gui.dialogs.extensions.DKeyUsage.java

License:Open Source License

private void prepopulateWithValue(byte[] value) throws IOException {
    @SuppressWarnings("resource") // we have a ByteArrayInputStream here which does not need to be closed
    DERBitString keyUsage = DERBitString.getInstance(new ASN1InputStream(value).readObject());

    int keyUsageValue = keyUsage.intValue();

    jcbDigitalSignature.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.digitalSignature));
    jcbNonRepudiation.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.nonRepudiation));
    jcbKeyEncipherment.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.keyEncipherment));
    jcbDataEncipherment.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.dataEncipherment));
    jcbKeyAgreement.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.keyAgreement));
    jcbCertificateSigning.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.keyCertSign));
    jcbCrlSign.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.cRLSign));
    jcbEncipherOnly.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.encipherOnly));
    jcbDecipherOnly.setSelected(hasKeyUsage(keyUsageValue, KeyUsage.decipherOnly));
}

From source file:net.sf.keystore_explorer.gui.dialogs.extensions.DNetscapeCertificateType.java

License:Open Source License

private void prepopulateWithValue(byte[] value) throws IOException {
    @SuppressWarnings("resource") // we have a ByteArrayInputStream here which does not need to be closed
    DERBitString netscapeCertType = DERBitString.getInstance(new ASN1InputStream(value).readObject());

    int netscapeCertTypes = netscapeCertType.intValue();

    jcbSslClient.setSelected(isCertType(netscapeCertTypes, NetscapeCertType.sslClient));
    jcbSslServer.setSelected(isCertType(netscapeCertTypes, NetscapeCertType.sslServer));
    jcbSmime.setSelected(isCertType(netscapeCertTypes, NetscapeCertType.smime));
    jcbObjectSigning.setSelected(isCertType(netscapeCertTypes, NetscapeCertType.objectSigning));
    jcbReserved.setSelected(isCertType(netscapeCertTypes, NetscapeCertType.reserved));
    jcbSslCa.setSelected(isCertType(netscapeCertTypes, NetscapeCertType.sslCA));
    jcbSmimeCa.setSelected(isCertType(netscapeCertTypes, NetscapeCertType.smimeCA));
    jcbObjectSigningCa.setSelected(isCertType(netscapeCertTypes, NetscapeCertType.objectSigningCA));
}

From source file:org.cesecore.certificates.certificate.CertificateCreateSessionBean.java

License:Open Source License

@Override
public CertificateResponseMessage createCertificate(final AuthenticationToken admin,
        final EndEntityInformation endEntityInformation, final CA ca, final RequestMessage req,
        final Class<? extends ResponseMessage> responseClass, CertificateGenerationParams certGenParams,
        final long updateTime)
        throws CryptoTokenOfflineException, SignRequestSignatureException, IllegalKeyException,
        IllegalNameException, CustomCertificateSerialNumberException, CertificateCreateException,
        CertificateRevokeException, CertificateSerialNumberException, AuthorizationDeniedException,
        IllegalValidityException, CAOfflineException, InvalidAlgorithmException, CertificateExtensionException {
    if (log.isTraceEnabled()) {
        log.trace(">createCertificate(IRequestMessage, CA)");
    }//w w  w.  j a  va2  s  .  c o m
    CertificateResponseMessage ret = null;
    try {
        final CAToken catoken = ca.getCAToken();
        final CryptoToken cryptoToken = cryptoTokenManagementSession.getCryptoToken(catoken.getCryptoTokenId());
        final String alias = catoken.getAliasFromPurpose(CATokenConstants.CAKEYPURPOSE_CERTSIGN);
        // See if we need some key material to decrypt request
        if (req.requireKeyInfo()) {
            // You go figure...scep encrypts message with the public CA-cert
            req.setKeyInfo(ca.getCACertificate(), cryptoToken.getPrivateKey(alias),
                    cryptoToken.getEncProviderName());
        }
        // Verify the request
        final PublicKey reqpk;
        try {
            if (!req.verify()) {
                throw new SignRequestSignatureException(
                        intres.getLocalizedMessage("createcert.popverificationfailed"));
            }
            reqpk = req.getRequestPublicKey();
            if (reqpk == null) {
                final String msg = intres.getLocalizedMessage("createcert.nokeyinrequest");
                throw new InvalidKeyException(msg);
            }
        } catch (InvalidKeyException e) {
            // If we get an invalid key exception here, we should throw an IllegalKeyException to the caller
            // The catch of InvalidKeyException in the end of this method, catches error from the CA crypto token
            throw new IllegalKeyException(e);
        }

        final Date notBefore = req.getRequestValidityNotBefore(); // Optionally requested validity
        final Date notAfter = req.getRequestValidityNotAfter(); // Optionally requested validity
        final Extensions exts = req.getRequestExtensions(); // Optionally requested extensions
        int keyusage = -1;
        if (exts != null) {
            if (log.isDebugEnabled()) {
                log.debug(
                        "we have extensions, see if we can override KeyUsage by looking for a KeyUsage extension in request");
            }
            final Extension ext = exts.getExtension(Extension.keyUsage);
            if (ext != null) {
                final ASN1OctetString os = ext.getExtnValue();
                DERBitString bs;
                try {
                    bs = new DERBitString(os.getEncoded());
                } catch (IOException e) {
                    throw new IllegalStateException("Unexpected IOException caught.");
                }
                keyusage = bs.intValue();
                if (log.isDebugEnabled()) {
                    log.debug("We have a key usage request extension: " + keyusage);
                }
            }
        }
        String sequence = null;
        byte[] ki = req.getRequestKeyInfo();
        // CVC sequence is only 5 characters, don't fill with a lot of garbage here, it must be a readable string
        if ((ki != null) && (ki.length > 0) && (ki.length < 10)) {
            final String str = new String(ki);
            // A cvc sequence must be ascii printable, otherwise it's some binary data
            if (StringUtils.isAsciiPrintable(str)) {
                sequence = new String(ki);
            }
        }

        CertificateDataWrapper certWrapper = createCertificate(admin, endEntityInformation, ca, req, reqpk,
                keyusage, notBefore, notAfter, exts, sequence, certGenParams, updateTime);
        // Create the response message with all nonces and checks etc
        ret = ResponseMessageUtils.createResponseMessage(responseClass, req, ca.getCertificateChain(),
                cryptoToken.getPrivateKey(alias), cryptoToken.getEncProviderName());
        ResponseStatus status = ResponseStatus.SUCCESS;
        FailInfo failInfo = null;
        String failText = null;
        if ((certWrapper == null) && (status == ResponseStatus.SUCCESS)) {
            status = ResponseStatus.FAILURE;
            failInfo = FailInfo.BAD_REQUEST;
        } else {
            ret.setCertificate(certWrapper.getCertificate());
            ret.setCACert(ca.getCACertificate());
            ret.setBase64CertData(certWrapper.getBase64CertData());
            ret.setCertificateData(certWrapper.getCertificateData());
        }
        ret.setStatus(status);
        if (failInfo != null) {
            ret.setFailInfo(failInfo);
            ret.setFailText(failText);
        }
        ret.create();
    } catch (InvalidKeyException e) {
        throw new CertificateCreateException(e);
    } catch (NoSuchAlgorithmException e) {
        throw new CertificateCreateException(e);
    } catch (NoSuchProviderException e) {
        throw new CertificateCreateException(e);
    } catch (CertificateEncodingException e) {
        throw new CertificateCreateException(e);
    } catch (CRLException e) {
        throw new CertificateCreateException(e);
    }

    if (log.isTraceEnabled()) {
        log.trace("<createCertificate(IRequestMessage, CA)");
    }
    return ret;
}

From source file:org.cesecore.util.CertTools.java

License:Open Source License

/**
 * Converts DERBitString ResonFlags to a RevokedCertInfo constant
 * //from www  .ja va 2 s  .co  m
 * @param reasonFlags DERBITString received from org.bouncycastle.asn1.x509.ReasonFlags.
 * @return int according to org.cesecore.certificates.crl.RevokedCertInfo
 */
public static int bitStringToRevokedCertInfo(DERBitString reasonFlags) {
    int ret = RevokedCertInfo.REVOCATION_REASON_UNSPECIFIED;
    if (reasonFlags == null) {
        return ret;
    }
    int val = reasonFlags.intValue();
    if (log.isDebugEnabled()) {
        log.debug("Int value of bitString revocation reason: " + val);
    }
    if ((val & ReasonFlags.aACompromise) != 0) {
        ret = RevokedCertInfo.REVOCATION_REASON_AACOMPROMISE;
    }
    if ((val & ReasonFlags.affiliationChanged) != 0) {
        ret = RevokedCertInfo.REVOCATION_REASON_AFFILIATIONCHANGED;
    }
    if ((val & ReasonFlags.cACompromise) != 0) {
        ret = RevokedCertInfo.REVOCATION_REASON_CACOMPROMISE;
    }
    if ((val & ReasonFlags.certificateHold) != 0) {
        ret = RevokedCertInfo.REVOCATION_REASON_CERTIFICATEHOLD;
    }
    if ((val & ReasonFlags.cessationOfOperation) != 0) {
        ret = RevokedCertInfo.REVOCATION_REASON_CESSATIONOFOPERATION;
    }
    if ((val & ReasonFlags.keyCompromise) != 0) {
        ret = RevokedCertInfo.REVOCATION_REASON_KEYCOMPROMISE;
    }
    if ((val & ReasonFlags.privilegeWithdrawn) != 0) {
        ret = RevokedCertInfo.REVOCATION_REASON_PRIVILEGESWITHDRAWN;
    }
    if ((val & ReasonFlags.superseded) != 0) {
        ret = RevokedCertInfo.REVOCATION_REASON_SUPERSEDED;
    }
    if ((val & ReasonFlags.unused) != 0) {
        ret = RevokedCertInfo.REVOCATION_REASON_UNSPECIFIED;
    }
    return ret;
}

From source file:org.ejbca.core.ejb.ca.sign.RSASignSessionBean.java

License:Open Source License

@Override
public IResponseMessage createCertificate(Admin admin, IRequestMessage req, Class responseClass,
        UserDataVO suppliedUserData) throws EjbcaException {
    if (log.isTraceEnabled()) {
        log.trace(">createCertificate(IRequestMessage)");
    }// w w w  . ja  v a  2 s  .  c  o m
    // Get CA that will receive request
    UserDataVO data = null;
    IResponseMessage ret = null;
    CA ca;
    if (suppliedUserData == null) {
        ca = getCAFromRequest(admin, req);
    } else {
        ca = caSession.getCA(admin, suppliedUserData.getCAId()); // Take the CAId from the supplied userdata, if any
    }
    try {
        CATokenContainer catoken = ca.getCAToken();

        // See if we need some key material to decrypt request
        if (req.requireKeyInfo()) {
            // You go figure...scep encrypts message with the public CA-cert
            req.setKeyInfo(ca.getCACertificate(), catoken.getPrivateKey(SecConst.CAKEYPURPOSE_CERTSIGN),
                    catoken.getJCEProvider());
        }
        // Verify the request
        if (req.verify() == false) {
            String msg = intres.getLocalizedMessage("signsession.popverificationfailed");
            logSession.log(admin, ca.getCAId(), LogConstants.MODULE_CA, new java.util.Date(), req.getUsername(),
                    null, LogConstants.EVENT_ERROR_CREATECERTIFICATE, msg);
            throw new SignRequestSignatureException(msg);
        }

        if (ca.isUseUserStorage() && req.getUsername() == null) {
            String msg = intres.getLocalizedMessage("signsession.nouserinrequest", req.getRequestDN());
            logSession.log(admin, ca.getCAId(), LogConstants.MODULE_CA, new java.util.Date(), req.getUsername(),
                    null, LogConstants.EVENT_ERROR_CREATECERTIFICATE, msg);
            throw new SignRequestException(msg);
            //ret.setFailInfo(FailInfo.BAD_REQUEST);
            //ret.setStatus(ResponseStatus.FAILURE);
        } else if (ca.isUseUserStorage() && req.getPassword() == null) {
            String msg = intres.getLocalizedMessage("signsession.nopasswordinrequest");
            logSession.log(admin, ca.getCAId(), LogConstants.MODULE_CA, new java.util.Date(), req.getUsername(),
                    null, LogConstants.EVENT_ERROR_CREATECERTIFICATE, msg);
            throw new SignRequestException(msg);
        } else {
            ResponseStatus status = ResponseStatus.SUCCESS;
            FailInfo failInfo = null;
            String failText = null;
            Certificate cert = null;
            try {
                // If we haven't done so yet, authenticate user. (Only if we store UserData for this CA.)
                if (ca.isUseUserStorage()) {
                    data = authUser(admin, req.getUsername(), req.getPassword());
                } else {
                    data = suppliedUserData;
                }
                PublicKey reqpk = req.getRequestPublicKey();
                if (reqpk == null) {
                    logSession.log(admin, ca.getCAId(), LogConstants.MODULE_CA, new java.util.Date(),
                            req.getUsername(), null, LogConstants.EVENT_ERROR_CREATECERTIFICATE,
                            intres.getLocalizedMessage("signsession.nokeyinrequest"));
                    throw new InvalidKeyException("Key is null!");
                }
                // We need to make sure we use the users registered CA here
                if (data.getCAId() != ca.getCAId()) {
                    failText = intres.getLocalizedMessage("signsession.wrongauthority",
                            Integer.valueOf(ca.getCAId()), Integer.valueOf(data.getCAId()));
                    status = ResponseStatus.FAILURE;
                    failInfo = FailInfo.WRONG_AUTHORITY;
                    logSession.log(admin, ca.getCAId(), LogConstants.MODULE_CA, new java.util.Date(),
                            req.getUsername(), null, LogConstants.EVENT_ERROR_CREATECERTIFICATE, failText);
                }

                if (status.equals(ResponseStatus.SUCCESS)) {
                    Date notBefore = req.getRequestValidityNotBefore(); // Optionally requested validity
                    Date notAfter = req.getRequestValidityNotAfter(); // Optionally requested validity
                    X509Extensions exts = req.getRequestExtensions(); // Optionally requested extensions
                    int keyusage = -1;
                    if (exts != null) {
                        if (log.isDebugEnabled()) {
                            log.debug(
                                    "we have extensions, see if we can override KeyUsage by looking for a KeyUsage extension in request");
                        }
                        X509Extension ext = exts.getExtension(X509Extensions.KeyUsage);
                        if (ext != null) {
                            ASN1OctetString os = ext.getValue();
                            ByteArrayInputStream bIs = new ByteArrayInputStream(os.getOctets());
                            ASN1InputStream dIs = new ASN1InputStream(bIs);
                            DERObject dob = dIs.readObject();
                            DERBitString bs = DERBitString.getInstance(dob);
                            keyusage = bs.intValue();
                            if (log.isDebugEnabled()) {
                                log.debug("We have a key usage request extension: " + keyusage);
                            }
                        }
                    }
                    String sequence = null;
                    byte[] ki = req.getRequestKeyInfo();
                    if ((ki != null) && (ki.length > 0)) {
                        sequence = new String(ki);
                    }
                    cert = createCertificate(admin, data, req.getRequestX509Name(), ca, reqpk, keyusage,
                            notBefore, notAfter, exts, sequence);
                }
            } catch (ObjectNotFoundException oe) {
                // If we didn't find the entity return error message
                log.error("User not found: ", oe);
                failText = intres.getLocalizedMessage("signsession.nosuchuser", req.getUsername());
                status = ResponseStatus.FAILURE;
                failInfo = FailInfo.INCORRECT_DATA;
                logSession.log(admin, ca.getCAId(), LogConstants.MODULE_CA, new java.util.Date(),
                        req.getUsername(), null, LogConstants.EVENT_ERROR_CREATECERTIFICATE, failText);
            }

            //Create the response message with all nonces and checks etc
            ret = req.createResponseMessage(responseClass, req, ca.getCACertificate(),
                    catoken.getPrivateKey(SecConst.CAKEYPURPOSE_CERTSIGN), catoken.getProvider());

            if ((cert == null) && (status == ResponseStatus.SUCCESS)) {
                status = ResponseStatus.FAILURE;
                failInfo = FailInfo.BAD_REQUEST;
            } else {
                ret.setCertificate(cert);
            }
            ret.setStatus(status);
            if (failInfo != null) {
                ret.setFailInfo(failInfo);
                ret.setFailText(failText);
            }
        }
        ret.create();
        // Call authentication session and tell that we are finished with this user. (Only if we store UserData for this CA.)
        if (ca.isUseUserStorage() && data != null) {
            finishUser(ca, data);
        }
    } catch (NoUniqueCertSerialNumberIndexException e) {
        cleanUserCertDataSN(data);
        throw e.ejbcaException;
    } catch (IllegalKeyException ke) {
        log.error("Key is of unknown type: ", ke);
        throw ke;
    } catch (CATokenOfflineException ctoe) {
        String msg = intres.getLocalizedMessage("error.catokenoffline", ca.getSubjectDN());
        CATokenOfflineException ex = new CATokenOfflineException(msg);
        ex.initCause(ctoe);
        throw ex;
        //} catch (EjbcaException e) {
        //    throw e;
    } catch (NoSuchProviderException e) {
        log.error("NoSuchProvider provider: ", e);
    } catch (InvalidKeyException e) {
        log.error("Invalid key in request: ", e);
    } catch (NoSuchAlgorithmException e) {
        log.error("No such algorithm: ", e);
    } catch (IOException e) {
        log.error("Cannot create response message: ", e);
    }
    if (log.isTraceEnabled()) {
        log.trace("<createCertificate(IRequestMessage)");
    }
    return ret;
}

From source file:org.ejbca.core.protocol.cmp.CmpTestCase.java

License:Open Source License

protected static void checkCmpPKIErrorMessage(byte[] retMsg, String sender, X500Name recipient, int errorCode,
        String errorMsg) throws IOException {
    ////  ww w.j  a  v  a2 s. c  o m
    // Parse response message
    //
    PKIMessage respObject = null;
    ASN1InputStream asn1InputStream = new ASN1InputStream(new ByteArrayInputStream(retMsg));
    try {
        respObject = PKIMessage.getInstance(asn1InputStream.readObject());
    } finally {
        asn1InputStream.close();
    }
    assertNotNull(respObject);
    PKIHeader header = respObject.getHeader();
    assertEquals(header.getSender().getTagNo(), 4);
    {
        final X500Name name = X500Name.getInstance(header.getSender().getName());
        assertEquals(name.toString(), sender);
    }
    {
        final X500Name name = X500Name.getInstance(header.getRecipient().getName());
        assertArrayEquals(name.getEncoded(), recipient.getEncoded());
    }

    PKIBody body = respObject.getBody();
    int tag = body.getType();
    assertEquals(tag, 23);
    ErrorMsgContent n = (ErrorMsgContent) body.getContent();
    assertNotNull(n);
    PKIStatusInfo info = n.getPKIStatusInfo();
    assertNotNull(info);
    BigInteger i = info.getStatus();
    assertEquals(i.intValue(), 2);
    DERBitString b = info.getFailInfo();
    assertEquals("Return wrong error code.", errorCode, b.intValue());
    if (errorMsg != null) {
        PKIFreeText freeText = info.getStatusString();
        DERUTF8String utf = freeText.getStringAt(0);
        assertEquals(errorMsg, utf.getString());
    }
}