List of usage examples for org.bouncycastle.asn1.x509 CertificateList getEncoded
public byte[] getEncoded() throws IOException
From source file:org.xipki.commons.security.util.X509Util.java
License:Open Source License
public static X509CRL toX509Crl(final CertificateList asn1CertList) throws CertificateException, CRLException { byte[] encodedCrl; try {/* w w w.ja v a 2 s . c o m*/ encodedCrl = asn1CertList.getEncoded(); } catch (IOException ex) { throw new CRLException("could not get encoded CRL", ex); } return parseCrl(encodedCrl); }
From source file:org.xipki.pki.ca.server.impl.rest.HttpRestServlet.java
License:Open Source License
private void doService(final boolean perRequest, final HttpServletRequest request, final HttpServletResponse response) throws ServletException, IOException { X509Certificate clientCert = ClientCertCache.getTlsClientCert(request, sslCertInHttpHeader); AuditService auditService = auditServiceRegister.getAuditService(); AuditEvent event = new AuditEvent(new Date()); event.setApplicationName(CaAuditConstants.APPNAME); event.setName(CaAuditConstants.NAME_PERF); event.addEventData(CaAuditConstants.NAME_reqType, RequestType.REST.name()); String msgId = RandomUtil.nextHexLong(); event.addEventData(CaAuditConstants.NAME_mid, msgId); AuditLevel auditLevel = AuditLevel.INFO; AuditStatus auditStatus = AuditStatus.SUCCESSFUL; String auditMessage = null;/*from www. j a v a 2 s .c o m*/ try { if (clientCert == null) { throw new HttpRespAuditException(HttpServletResponse.SC_UNAUTHORIZED, null, "no client certificate", AuditLevel.INFO, AuditStatus.FAILED); } if (responderManager == null) { String message = "responderManager in servlet not configured"; LOG.error(message); throw new HttpRespAuditException(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, null, message, AuditLevel.ERROR, AuditStatus.FAILED); } String requestUri = request.getRequestURI(); String servletPath = request.getServletPath(); String caName = null; String command = null; X509CaCmpResponder responder = null; int len = servletPath.length(); if (requestUri.length() > len + 1) { String coreUri = URLDecoder.decode(requestUri.substring(len + 1), "UTF-8"); int sepIndex = coreUri.indexOf('/'); if (sepIndex == -1 || sepIndex == coreUri.length() - 1) { String message = "invalid requestURI " + requestUri; LOG.error(message); throw new HttpRespAuditException(HttpServletResponse.SC_NOT_FOUND, null, message, AuditLevel.ERROR, AuditStatus.FAILED); } String caAlias = coreUri.substring(0, sepIndex).toUpperCase(); command = coreUri.substring(sepIndex + 1); caName = responderManager.getCaNameForAlias(caAlias); if (caName == null) { caName = caAlias; } caName = caName.toUpperCase(); responder = responderManager.getX509CaCmpResponder(caName); } if (caName == null || responder == null || !responder.isInService()) { String message; if (caName == null) { message = "no CA is specified"; } else if (responder == null) { message = "unknown CA '" + caName + "'"; } else { message = "CA '" + caName + "' is out of service"; } LOG.warn(message); throw new HttpRespAuditException(HttpServletResponse.SC_NOT_FOUND, null, message, AuditLevel.INFO, AuditStatus.FAILED); } event.addEventData(CaAuditConstants.NAME_CA, responder.getCa().getCaName()); event.addEventType(command); CmpRequestorInfo requestor = responder.getRequestor(clientCert); if (requestor == null) { throw new OperationException(ErrorCode.NOT_PERMITTED, "no requestor specified"); } event.addEventData(CaAuditConstants.NAME_requestor, requestor.getName()); String respCt = null; byte[] respBytes = null; if (RestfulAPIConstants.CMD_cacert.equalsIgnoreCase(command)) { respCt = RestfulAPIConstants.CT_pkix_cert; respBytes = responder.getCa().getCaInfo().getCertificate().getEncodedCert(); } else if (RestfulAPIConstants.CMD_enroll_cert.equalsIgnoreCase(command)) { String profile = request.getParameter(RestfulAPIConstants.PARAM_profile); if (StringUtil.isBlank(profile)) { throw new HttpRespAuditException(HttpServletResponse.SC_BAD_REQUEST, null, "required parameter " + RestfulAPIConstants.PARAM_profile + " not specified", AuditLevel.INFO, AuditStatus.FAILED); } String ct = request.getContentType(); if (!RestfulAPIConstants.CT_pkcs10.equalsIgnoreCase(ct)) { String message = "unsupported media type " + ct; throw new HttpRespAuditException(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE, message, AuditLevel.INFO, AuditStatus.FAILED); } String strNotBefore = request.getParameter(RestfulAPIConstants.PARAM_not_before); Date notBefore = (strNotBefore == null) ? null : DateUtil.parseUtcTimeyyyyMMddhhmmss(strNotBefore); String strNotAfter = request.getParameter(RestfulAPIConstants.PARAM_not_after); Date notAfter = (strNotAfter == null) ? null : DateUtil.parseUtcTimeyyyyMMddhhmmss(strNotAfter); String user = request.getParameter(RestfulAPIConstants.PARAM_user); byte[] encodedCsr = IoUtil.read(request.getInputStream()); X509Cert cert = responder.generateCert(requestor, encodedCsr, profile, notBefore, notAfter, user, RequestType.REST, msgId); if (cert == null) { String message = "could not generate certificate"; LOG.warn(message); throw new HttpRespAuditException(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, null, message, AuditLevel.INFO, AuditStatus.FAILED); } respCt = RestfulAPIConstants.CT_pkix_cert; respBytes = cert.getEncodedCert(); } else if (RestfulAPIConstants.CMD_revoke_cert.equalsIgnoreCase(command) || RestfulAPIConstants.CMD_delete_cert.equalsIgnoreCase(command)) { String strCaSha1 = request.getParameter(RestfulAPIConstants.PARAM_ca_sha1); if (StringUtil.isBlank(strCaSha1)) { throw new HttpRespAuditException(HttpServletResponse.SC_BAD_REQUEST, null, "required parameter " + RestfulAPIConstants.PARAM_ca_sha1 + " not specified", AuditLevel.INFO, AuditStatus.FAILED); } String strSerialNumber = request.getParameter(RestfulAPIConstants.PARAM_serial_number); if (StringUtil.isBlank(strSerialNumber)) { throw new HttpRespAuditException(HttpServletResponse.SC_BAD_REQUEST, null, "required parameter " + RestfulAPIConstants.PARAM_serial_number + " not specified", AuditLevel.INFO, AuditStatus.FAILED); } if (!strCaSha1.equalsIgnoreCase(responder.getCa().getHexSha1OfCert())) { throw new HttpRespAuditException(HttpServletResponse.SC_BAD_REQUEST, null, "unknown " + RestfulAPIConstants.PARAM_ca_sha1, AuditLevel.INFO, AuditStatus.FAILED); } BigInteger serialNumber = toBigInt(strSerialNumber); if (RestfulAPIConstants.CMD_revoke_cert.equalsIgnoreCase(command)) { String strReason = request.getParameter(RestfulAPIConstants.PARAM_reason); CrlReason reason = (strReason == null) ? CrlReason.UNSPECIFIED : CrlReason.forNameOrText(strReason); Date invalidityTime = null; String strInvalidityTime = request.getParameter(RestfulAPIConstants.PARAM_invalidity_time); if (StringUtil.isNotBlank(strInvalidityTime)) { invalidityTime = DateUtil.parseUtcTimeyyyyMMddhhmmss(strInvalidityTime); } responder.revokeCert(requestor, serialNumber, reason, invalidityTime, RequestType.REST, msgId); } else if (RestfulAPIConstants.CMD_delete_cert.equalsIgnoreCase(command)) { responder.removeCert(requestor, serialNumber, RequestType.REST, msgId); } } else if (RestfulAPIConstants.CMD_crl.equalsIgnoreCase(command)) { String strCrlNumber = request.getParameter(RestfulAPIConstants.PARAM_crl_number); BigInteger crlNumber = null; if (StringUtil.isNotBlank(strCrlNumber)) { try { crlNumber = toBigInt(strCrlNumber); } catch (NumberFormatException ex) { String message = "invalid crlNumber '" + strCrlNumber + "'"; LOG.warn(message); throw new HttpRespAuditException(HttpServletResponse.SC_BAD_REQUEST, null, message, AuditLevel.INFO, AuditStatus.FAILED); } } CertificateList crl = responder.getCrl(requestor, crlNumber); if (crl == null) { String message = "could not get CRL"; LOG.warn(message); throw new HttpRespAuditException(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, null, message, AuditLevel.INFO, AuditStatus.FAILED); } respCt = RestfulAPIConstants.CT_pkix_crl; respBytes = crl.getEncoded(); } else if (RestfulAPIConstants.CMD_new_crl.equalsIgnoreCase(command)) { X509CRL crl = responder.generateCrlOnDemand(requestor, RequestType.REST, msgId); if (crl == null) { String message = "could not generate CRL"; LOG.warn(message); throw new HttpRespAuditException(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, null, message, AuditLevel.INFO, AuditStatus.FAILED); } respCt = RestfulAPIConstants.CT_pkix_crl; respBytes = crl.getEncoded(); } else { String message = "invalid command '" + command + "'"; LOG.error(message); throw new HttpRespAuditException(HttpServletResponse.SC_NOT_FOUND, message, AuditLevel.INFO, AuditStatus.FAILED); } response.setStatus(HttpServletResponse.SC_OK); response.setHeader(RestfulAPIConstants.HEADER_PKISTATUS, RestfulAPIConstants.PKISTATUS_accepted); if (StringUtil.isNotBlank(respCt)) { response.setContentType(respCt); } if (respBytes != null) { response.setContentLength(respBytes.length); response.getOutputStream().write(respBytes); } } catch (OperationException ex) { ErrorCode code = ex.getErrorCode(); LOG.warn("generate certificate, OperationException: code={}, message={}", code.name(), ex.getErrorMessage()); int sc; String failureInfo; switch (code) { case ALREADY_ISSUED: sc = HttpServletResponse.SC_BAD_REQUEST; failureInfo = RestfulAPIConstants.FAILINFO_badRequest; break; case BAD_CERT_TEMPLATE: sc = HttpServletResponse.SC_BAD_REQUEST; failureInfo = RestfulAPIConstants.FAILINFO_badCertTemplate; break; case BAD_REQUEST: sc = HttpServletResponse.SC_BAD_REQUEST; failureInfo = RestfulAPIConstants.FAILINFO_badRequest; break; case CERT_REVOKED: sc = HttpServletResponse.SC_CONFLICT; failureInfo = RestfulAPIConstants.FAILINFO_certRevoked; break; case CRL_FAILURE: sc = HttpServletResponse.SC_INTERNAL_SERVER_ERROR; failureInfo = RestfulAPIConstants.FAILINFO_systemFailure; break; case DATABASE_FAILURE: sc = HttpServletResponse.SC_INTERNAL_SERVER_ERROR; failureInfo = RestfulAPIConstants.FAILINFO_systemFailure; break; case NOT_PERMITTED: sc = HttpServletResponse.SC_UNAUTHORIZED; failureInfo = RestfulAPIConstants.FAILINFO_notAuthorized; break; case INVALID_EXTENSION: sc = HttpServletResponse.SC_BAD_REQUEST; failureInfo = RestfulAPIConstants.FAILINFO_badRequest; break; case SYSTEM_FAILURE: sc = HttpServletResponse.SC_INTERNAL_SERVER_ERROR; failureInfo = RestfulAPIConstants.FAILINFO_systemFailure; break; case SYSTEM_UNAVAILABLE: sc = HttpServletResponse.SC_SERVICE_UNAVAILABLE; failureInfo = RestfulAPIConstants.FAILINFO_systemUnavail; break; case UNKNOWN_CERT: sc = HttpServletResponse.SC_BAD_REQUEST; failureInfo = RestfulAPIConstants.FAILINFO_badCertId; break; case UNKNOWN_CERT_PROFILE: sc = HttpServletResponse.SC_BAD_REQUEST; failureInfo = RestfulAPIConstants.FAILINFO_badCertTemplate; break; default: sc = HttpServletResponse.SC_INTERNAL_SERVER_ERROR; failureInfo = RestfulAPIConstants.FAILINFO_systemFailure; break; } // end switch (code) event.setStatus(AuditStatus.FAILED); event.addEventData(CaAuditConstants.NAME_message, code.name()); switch (code) { case DATABASE_FAILURE: case SYSTEM_FAILURE: auditMessage = code.name(); break; default: auditMessage = code.name() + ": " + ex.getErrorMessage(); break; } // end switch code response.setContentLength(0); response.setStatus(sc); response.setHeader(RestfulAPIConstants.HEADER_PKISTATUS, RestfulAPIConstants.PKISTATUS_rejection); if (StringUtil.isNotBlank(failureInfo)) { response.setHeader(RestfulAPIConstants.HEADER_failInfo, failureInfo); } } catch (HttpRespAuditException ex) { auditStatus = ex.getAuditStatus(); auditLevel = ex.getAuditLevel(); auditMessage = ex.getAuditMessage(); response.setContentLength(0); response.setStatus(ex.getHttpStatus()); } catch (EOFException ex) { LogUtil.warn(LOG, ex, "connection reset by peer"); response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); response.setContentLength(0); } catch (Throwable th) { final String message = "Throwable thrown, this should not happen!"; LogUtil.error(LOG, th, message); response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); response.setContentLength(0); auditLevel = AuditLevel.ERROR; auditStatus = AuditStatus.FAILED; auditMessage = "internal error"; } finally { try { response.flushBuffer(); } finally { audit(auditService, event, auditLevel, auditStatus, auditMessage); } } }