List of usage examples for org.bouncycastle.asn1.x509 Time getDate
public Date getDate()
From source file:it.trento.comune.j4sign.cms.utils.CMSBuilder.java
License:Open Source License
private Date parseSigningTime(byte[] bytes, PrintWriter pw) { Date parsedSigningTime = null; try {//from ww w . j a va2s . c o m ASN1InputStream aIn = new ASN1InputStream(bytes); ASN1Set signedAttributes = (ASN1Set) aIn.readObject(); AttributeTable attr = new AttributeTable(signedAttributes); Iterator iter = attr.toHashtable().values().iterator(); pw.println("Listing authenticated attributes:"); int count = 1; while (iter.hasNext()) { Attribute a = (Attribute) iter.next(); pw.println("Attribute " + count + ":"); if (a.getAttrType().getId().equals(CMSAttributes.signingTime.getId())) { Time time = Time.getInstance(a.getAttrValues().getObjectAt(0)); pw.println("Authenticated time (SERVER local time): " + time.getDate()); parsedSigningTime = time.getDate(); } if (a.getAttrType().getId().equals(CMSAttributes.contentType.getId())) { if (CMSObjectIdentifiers.data.getId() .equals(DERObjectIdentifier.getInstance(a.getAttrValues().getObjectAt(0)).getId())) pw.println("Content Type: PKCS7_DATA"); } if (a.getAttrType().getId().equals(CMSAttributes.messageDigest.getId())) { byte[] md = DEROctetString.getInstance(a.getAttrValues().getObjectAt(0)).getOctets(); pw.println("Message Digest (hash of data content): " + formatAsString(md, " ", 16)); } pw.println("\nAttribute dump follows:"); pw.println(ASN1Dump.dumpAsString(a) + "\n"); count++; } } catch (Exception e) { pw.println(e); return null; } pw.flush(); return parsedSigningTime; }
From source file:it.trento.comune.j4sign.cms.utils.CMSVerifier.java
License:Open Source License
private void parseAuthenticatedAttributes(SignerInformation signer) { AttributeTable attr = signer.getSignedAttributes(); Iterator<Attribute> iter = attr.toHashtable().values().iterator(); if (debug)//from w ww. j a v a2s . co m System.out.println("Listing authenticated attributes:"); int count = 1; while (iter.hasNext()) { Attribute a = iter.next(); if (debug) System.out.println("Attribute " + count + ":"); if (a.getAttrType().getId().equals(CMSAttributes.signingTime.getId())) { Time time = Time.getInstance(a.getAttrValues().getObjectAt(0)); if (debug) System.out.println("Authenticated time: " + time.getDate()); this.signingTime = time.getDate(); } if (a.getAttrType().getId().equals(CMSAttributes.contentType.getId())) { if (CMSObjectIdentifiers.data.getId() .equals(DERObjectIdentifier.getInstance(a.getAttrValues().getObjectAt(0)).getId())) if (debug) System.out.println("Content Type: PKCS7_DATA"); } if (a.getAttrType().getId().equals(CMSAttributes.messageDigest.getId())) { byte[] md = DEROctetString.getInstance(a.getAttrValues().getObjectAt(0)).getOctets(); if (debug) System.out.println( "Message Digest (hash of data content):\n" + CMSBuilder.formatAsString(md, " ", 16)); } if (debug) System.out.println("\nAttribute dump follows:"); if (debug) System.out.println(ASN1Dump.dumpAsString(a) + "\n"); count++; } }
From source file:it.trento.comune.j4sign.examples.CMSServlet.java
License:Open Source License
/** * A text message resulting from a dump of provided authenticated attributes * data. Shows, among other things, the embedded timestamp attribute. * //ww w . ja v a 2 s . co m * @param bytes * the ASN.1 DER set of authenticated attributes. * @return the attributes textual dump. */ private String getAuthenticatedAttributesPrintout(byte[] bytes) { StringWriter printout = new StringWriter(); PrintWriter pw = new PrintWriter(printout); try { ASN1StreamParser a1p = new ASN1StreamParser(bytes); System.out.println("ASN1 parser built: " + a1p); DERSetParser signedAttributesParser = (DERSetParser) a1p.readObject(); System.out.println("DERSetParser object read: " + signedAttributesParser); ASN1Set set = ASN1Set.getInstance(signedAttributesParser.getDERObject()); AttributeTable attr = new AttributeTable(set); System.out.println("Attribute table created: " + attr); Iterator iter = attr.toHashtable().values().iterator(); pw.println("Listing authenticated attributes:"); int count = 1; while (iter.hasNext()) { Attribute a = (Attribute) iter.next(); pw.println("Attribute " + count + ":"); if (a.getAttrType().getId().equals(CMSAttributes.signingTime.getId())) { Time time = Time.getInstance(a.getAttrValues().getObjectAt(0)); pw.println("Authenticated time (SERVER local time): " + time.getDate()); } if (a.getAttrType().getId().equals(CMSAttributes.contentType.getId())) { if (CMSObjectIdentifiers.data.getId() .equals(DERObjectIdentifier.getInstance(a.getAttrValues().getObjectAt(0)).getId())) pw.println("Content Type: PKCS7_DATA"); } if (a.getAttrType().getId().equals(CMSAttributes.messageDigest.getId())) { byte[] md = DEROctetString.getInstance(a.getAttrValues().getObjectAt(0)).getOctets(); pw.println("Message Digest (SHA-256 hash of data content): " + formatAsString(md, " ")); } if (a.getAttrType().getId().equals(PKCSObjectIdentifiers.id_aa_signingCertificateV2.getId())) { pw.println("Signing Certificate V2"); } pw.println("\nAttribute dump follows:"); pw.println(ASN1Dump.dumpAsString(a) + "\n"); count++; } } catch (Exception e) { System.out.println(e); pw.println(e); return null; } pw.flush(); return printout.toString(); }
From source file:it.trento.comune.j4sign.verification.VerifyResult.java
License:Open Source License
/** * Main signature verification and signature attributes correctness<br> * <br>// w w w. j a v a 2 s .c om * Verifica principale della firma e di correttezza degli attributi. * * @return boolean */ public boolean checkIntegrity() { this.integrityChecked = this.messageDigestPresent = this.contentTypeDataPresent = false; if (signer == null) { log.info("No signers"); return integrityChecked; } log.info("\nSigner DN: " + cert.getSubjectDN() + "\nSigner SID: " + signer.getSID().toString() + "\n"); // ===== List authenticated attributes ========= AttributeTable attrs = signer.getSignedAttributes(); if (attrs == null) { log.info("No authenticated attributes!"); return false; } Iterator<Attribute> iter = attrs.toHashtable().values().iterator(); log.info("Listing authenticated attributes:"); int count = 1; while (iter.hasNext()) { Attribute a = iter.next(); log.info("Attribute " + count + ")"); if (a.getAttrType().getId().equals(CMSAttributes.contentType.getId())) { if (CMSObjectIdentifiers.data.getId() .equals(DERObjectIdentifier.getInstance(a.getAttrValues().getObjectAt(0)).getId())) this.contentTypeDataPresent = true; log.info("Content Type: PKCS7_DATA"); } if (a.getAttrType().getId().equals(CMSAttributes.messageDigest.getId())) { byte[] md = DEROctetString.getInstance(a.getAttrValues().getObjectAt(0)).getOctets(); this.messageDigestPresent = true; log.info("Message Digest:\n" + CertUtils.formatAsHexString(md)); } if (a.getAttrType().getId().equals(PKCSObjectIdentifiers.id_aa_signingCertificateV2.getId())) log.info("Reference to signing certificate (CAdES): signingCertificateV2"); if (a.getAttrType().getId().equals(CMSAttributes.signingTime.getId())) { Time time = Time.getInstance(a.getAttrValues().getObjectAt(0)); log.info("Signing time: " + time.getDate()); this.signingTime = time.getDate(); } log.info("\nAttribute dump follows:"); log.info(ASN1Dump.dumpAsString(a) + "\n"); count++; } signingAlgorithmName = new DefaultCMSSignatureAlgorithmNameGenerator().getSignatureName( AlgorithmIdentifier.getInstance(signer.getDigestAlgOID()), AlgorithmIdentifier.getInstance(signer.getEncryptionAlgOID())); log.info("\nSigning algorithm is : " + signingAlgorithmName + "\n"); try { // BC API version 2 /* * Note: we should test for EncryptionAlg = RSA before doing * this!!!! integrityChecked = signer .verify(new * BcRSASignerInfoVerifierBuilder( new * DefaultDigestAlgorithmIdentifierFinder(), new * BcDigestCalculatorProvider()) .build(new * X509CertificateHolder(cert.getEncoded()))); */ integrityChecked = signer.verify( new JcaSimpleSignerInfoVerifierBuilder().build(new X509CertificateHolder(cert.getEncoded()))); // Now deprecated // integrityChecked = signer.verify(cert, "BC"); } catch (CMSException ex) { System.out.println(ex.getMessage()); } catch (CertificateNotYetValidException ex) { System.out.println(ex.getMessage()); } catch (CertificateExpiredException ex) { System.out.println(ex.getMessage()); } catch (CertificateException e) { System.out.println(e.getMessage()); } catch (OperatorCreationException e) { System.out.println(e.getMessage()); } catch (IOException e) { System.out.println(e.getMessage()); } return integrityChecked; }
From source file:org.cryptable.pki.communication.PKICMPMessagesTest.java
License:Open Source License
/** * Test the confirmation message from the certification authority * * @throws IOException//from w ww. j av a 2s . com * @throws CertificateEncodingException * @throws OperatorCreationException * @throws CMPException */ @Test public void testRevocationMessageWithExtensions() throws IOException, CertificateEncodingException, OperatorCreationException, CMPException, PKICMPMessageException, CRMFException, IllegalAccessException, CMSException, NoSuchFieldException { PKICMPMessages pkiMessages = new PKICMPMessages(); pkiMessages.setPkiKeyStore(pkiKeyStoreRA); List<RevocationInput> revocationInputs = new ArrayList<RevocationInput>(2); Date invalidityDate = new Date(System.currentTimeMillis() - 500L * 60 * 60 * 24 * 30); revocationInputs.add(new RevocationInput(pki.getTestUser1Cert(), RevocationInput.aACompromise)); revocationInputs .add(new RevocationInput(pki.getTestUser2Cert(), RevocationInput.noReasonCode, invalidityDate)); byte[] result = pkiMessages .createRevocationMessage(revocationInputs.toArray(new RevocationInput[revocationInputs.size()])); ASN1InputStream asn1InputStream = new ASN1InputStream(result); ASN1Primitive asn1Primitive = asn1InputStream.readObject(); PKIMessage pkiMessage = PKIMessage.getInstance(asn1Primitive); // Check the Body Assert.assertEquals(PKIBody.TYPE_REVOCATION_REQ, pkiMessage.getBody().getType()); RevDetails[] revDetailses = RevReqContent.getInstance(pkiMessage.getBody().getContent()) .toRevDetailsArray(); Assert.assertEquals(pki.getTestUser1Cert().getIssuerDN().getName().toString(), revDetailses[0].getCertDetails().getIssuer().toString()); Assert.assertEquals(pki.getTestUser1Cert().getSerialNumber(), revDetailses[0].getCertDetails().getSerialNumber().getValue()); Assert.assertEquals(pki.getTestUser1Cert().getSubjectDN().getName().toString(), revDetailses[0].getCertDetails().getSubject().toString()); Assert.assertArrayEquals(pki.getTestUser1Cert().getPublicKey().getEncoded(), revDetailses[0].getCertDetails().getPublicKey().getEncoded()); Assert.assertNotNull(revDetailses[0].getCrlEntryDetails()); Assert.assertNull(revDetailses[0].getCrlEntryDetails().getExtensionParsedValue(Extension.invalidityDate)); ReasonFlags reasonFlags = new ReasonFlags(ReasonFlags .getInstance(revDetailses[0].getCrlEntryDetails().getExtensionParsedValue(Extension.reasonCode))); Assert.assertEquals(RevocationInput.aACompromise, reasonFlags.intValue()); Assert.assertEquals(pki.getTestUser2Cert().getIssuerDN().getName().toString(), revDetailses[1].getCertDetails().getIssuer().toString()); Assert.assertEquals(pki.getTestUser2Cert().getSerialNumber(), revDetailses[1].getCertDetails().getSerialNumber().getValue()); Assert.assertEquals(pki.getTestUser2Cert().getSubjectDN().getName().toString(), revDetailses[1].getCertDetails().getSubject().toString()); Assert.assertArrayEquals(pki.getTestUser2Cert().getPublicKey().getEncoded(), revDetailses[1].getCertDetails().getPublicKey().getEncoded()); Assert.assertNotNull(revDetailses[1].getCrlEntryDetails()); Assert.assertNull(revDetailses[1].getCrlEntryDetails().getExtensionParsedValue(Extension.reasonCode)); Time tmp = new Time(revDetailses[1].getCrlEntryDetails().getExtensionParsedValue(Extension.invalidityDate) .toASN1Primitive()); Assert.assertEquals(invalidityDate.toString(), tmp.getDate().toString()); }
From source file:org.ejbca.core.protocol.cmp.CrmfRequestMessage.java
License:Open Source License
@Override public Date getRequestValidityNotBefore() { Date ret = null;//from w ww .java2 s.co m final CertTemplate templ = getReq().getCertReq().getCertTemplate(); final OptionalValidity val = templ.getValidity(); if (val != null) { DERSequence valSeq = (DERSequence) val.toASN1Primitive(); ASN1Encodable[] asn1a = valSeq.toArray(); final Time time = Time.getInstance((ASN1TaggedObject) asn1a[0], true); if (time != null) { ret = time.getDate(); } } if (log.isDebugEnabled()) { log.debug("Request validity notBefore is: " + (ret == null ? "null" : ret.toString())); } return ret; }
From source file:org.ejbca.core.protocol.cmp.CrmfRequestMessage.java
License:Open Source License
@Override public Date getRequestValidityNotAfter() { Date ret = null;/* ww w . j a va2 s. co m*/ final CertTemplate templ = getReq().getCertReq().getCertTemplate(); final OptionalValidity val = templ.getValidity(); if (val != null) { DERSequence valSeq = (DERSequence) val.toASN1Primitive(); ASN1Encodable[] asn1a = valSeq.toArray(); final Time time = Time.getInstance((ASN1TaggedObject) asn1a[1], true); if (time != null) { ret = time.getDate(); } } if (log.isDebugEnabled()) { log.debug("Request validity notAfter is: " + (ret == null ? "null" : ret.toString())); } return ret; }
From source file:org.signserver.module.tsa.MSAuthCodeTimeStampSignerTest.java
License:Open Source License
/** * Performs test using specified signature algorithm, digest algorithm and with the optional SigningCertificate attribute included or not included. * //from ww w. ja va 2 s . c o m * The SigningCertificate attribute is specified in RFC 2634. * * SigningCertificate ::= SEQUENCE { * certs SEQUENCE OF ESSCertID, * policies SEQUENCE OF PolicyInformation OPTIONAL * } * * id-aa-signingCertificate OBJECT IDENTIFIER ::= { iso(1) * member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) * smime(16) id-aa(2) 12 } * * ESSCertID ::= SEQUENCE { * certHash Hash, * issuerSerial IssuerSerial OPTIONAL * } * Hash ::= OCTET STRING -- SHA1 hash of entire certificate * * IssuerSerial ::= SEQUENCE { * issuer GeneralNames, * serialNumber CertificateSerialNumber * } * * @param signingAlgo Signature algorithm to use * @param expectedDigestOID Expected digest OID * @param requestData Request data to test with * @param includeSigningCertAttr If true, include and test the SigningCertificate attribute * @throws Exception */ private void testProcessDataWithAlgo(final String signingAlgo, final String expectedDigestOID, final byte[] requestData, final boolean includeSigningCertAttr, final String includeCertificateLevels) throws Exception { SignServerUtil.installBCProvider(); final String CRYPTOTOKEN_CLASSNAME = "org.signserver.server.cryptotokens.HardCodedCryptoToken"; final ProcessRequest signRequest; final GlobalConfigurationSessionMock globalConfig = new GlobalConfigurationSessionMock(); final WorkerSessionMock workerMock = new WorkerSessionMock(globalConfig); final WorkerConfig config = new WorkerConfig(); config.setProperty("NAME", "TestMSAuthCodeTimeStampSigner"); config.setProperty("AUTHTYPE", "NOAUTH"); config.setProperty("TIMESOURCE", "org.signserver.server.ZeroTimeSource"); config.setProperty("SIGNATUREALGORITHM", signingAlgo); config.setProperty("DEFAULTKEY", HardCodedCryptoTokenAliases.KEY_ALIAS_1); if (includeSigningCertAttr) { config.setProperty("INCLUDE_SIGNING_CERTIFICATE_ATTRIBUTE", "true"); } if (includeCertificateLevels != null) { config.setProperty(WorkerConfig.PROPERTY_INCLUDE_CERTIFICATE_LEVELS, includeCertificateLevels); } final MSAuthCodeTimeStampSigner worker = new MSAuthCodeTimeStampSigner() { @Override protected IGlobalConfigurationSession.IRemote getGlobalConfigurationSession() { return globalConfig; } }; workerMock.setupWorker(SIGNER_ID, CRYPTOTOKEN_CLASSNAME, config, worker); workerMock.reloadConfiguration(SIGNER_ID); // if the INCLUDE_CERTIFICATE_LEVELS property has been set, // check that it gives a not supported error if (includeCertificateLevels != null) { final List<String> errors = worker.getFatalErrors(); assertTrue("Should contain config error", errors.contains(WorkerConfig.PROPERTY_INCLUDE_CERTIFICATE_LEVELS + " is not supported.")); return; } // create sample hard-coded request signRequest = new GenericSignRequest(REQUEST_ID, requestData); final RequestContext requestContext = new RequestContext(); GenericSignResponse resp = (GenericSignResponse) workerMock.process(SIGNER_ID, signRequest, requestContext); // check that the response contains the needed attributes byte[] buf = resp.getProcessedData(); ASN1Sequence asn1seq = ASN1Sequence.getInstance(Base64.decode(buf)); ASN1ObjectIdentifier oid = ASN1ObjectIdentifier.getInstance(asn1seq.getObjectAt(0)); ASN1TaggedObject ato = ASN1TaggedObject.getInstance(asn1seq.getObjectAt(1)); assertEquals("Invalid OID in response", SIGNED_DATA_OID, oid.getId()); ASN1Sequence asn1seq1 = ASN1Sequence.getInstance(ato.getObject()); ASN1Set asn1set = ASN1Set.getInstance(asn1seq1.getObjectAt(4)); ASN1Sequence asn1seq2 = ASN1Sequence.getInstance(asn1set.getObjectAt(0)); ASN1TaggedObject ato1 = ASN1TaggedObject.getInstance(asn1seq2.getObjectAt(3)); ASN1Sequence asn1seq3 = ASN1Sequence.getInstance(ato1.getObject()); ASN1Sequence asn1seq4 = ASN1Sequence.getInstance(asn1seq3.getObjectAt(0)); ASN1Sequence asn1seq5 = ASN1Sequence.getInstance(asn1seq3.getObjectAt(1)); ASN1Sequence asn1seq6 = ASN1Sequence.getInstance(asn1seq3.getObjectAt(2)); final X509Certificate cert = (X509Certificate) CertTools .getCertfromByteArray(HardCodedCryptoToken.certbytes1); // expected serial number final BigInteger sn = cert.getSerialNumber(); // if INCLUDE_SIGNING_CERTIFICATE_ATTRIBUTE is set to false, the attribute should not be included if (!includeSigningCertAttr) { assertEquals("Number of attributes", 3, asn1seq3.size()); } else { final ASN1Sequence scAttr = ASN1Sequence.getInstance(asn1seq3.getObjectAt(3)); TestUtils.checkSigningCertificateAttribute(scAttr, cert); } ASN1ObjectIdentifier ctOID = ASN1ObjectIdentifier.getInstance(asn1seq4.getObjectAt(0)); assertEquals("Invalid OID for content type", CONTENT_TYPE_OID, ctOID.getId()); ASN1ObjectIdentifier stOID = ASN1ObjectIdentifier.getInstance(asn1seq5.getObjectAt(0)); assertEquals("Invalid OID for signing time", SIGNING_TIME_OID, stOID.getId()); ASN1ObjectIdentifier mdOID = ASN1ObjectIdentifier.getInstance(asn1seq6.getObjectAt(0)); assertEquals("Invalid OID for content type", MESSAGE_DIGEST_OID, mdOID.getId()); // get signing time from response ASN1Set set = ASN1Set.getInstance(asn1seq5.getObjectAt(1)); ASN1Encodable t = set.getObjectAt(0); Time t2 = Time.getInstance(t); Date d = t2.getDate(); // the expected time (the "starting point" of time according to java.util.Date, consistent with the behavior of ZeroTimeSource Date d0 = new Date(0); assertEquals("Unexpected signing time in response", d0, d); // check expected signing algo ASN1Set set1 = ASN1Set.getInstance(asn1seq1.getObjectAt(1)); ASN1Sequence asn1seq7 = ASN1Sequence.getInstance(set1.getObjectAt(0)); ASN1ObjectIdentifier algOid = ASN1ObjectIdentifier.getInstance(asn1seq7.getObjectAt(0)); assertEquals("Unexpected digest OID in response", expectedDigestOID, algOid.getId()); // check that the request is included final CMSSignedData signedData = new CMSSignedData(asn1seq.getEncoded()); final byte[] content = (byte[]) signedData.getSignedContent().getContent(); final ASN1Sequence seq = ASN1Sequence.getInstance(Base64.decode(requestData)); final ASN1Sequence seq2 = ASN1Sequence.getInstance(seq.getObjectAt(1)); final ASN1TaggedObject tag = ASN1TaggedObject.getInstance(seq2.getObjectAt(1)); final ASN1OctetString data = ASN1OctetString.getInstance(tag.getObject()); assertTrue("Contains request data", Arrays.equals(data.getOctets(), content)); // check the signing certificate final X509Certificate signercert = (X509Certificate) resp.getSignerCertificate(); assertEquals("Serial number", sn, signercert.getSerialNumber()); assertEquals("Issuer", cert.getIssuerDN(), signercert.getIssuerDN()); // check ContentInfo, according to the Microsoft specification, the contentInfo in the response is // identical to the contentInfo in the request final ContentInfo expCi = new ContentInfo(seq2); final ContentInfo ci = new ContentInfo(ASN1Sequence.getInstance(asn1seq1.getObjectAt(2))); assertEquals("Content info should match the request", expCi, ci); // Get signers final Collection signers = signedData.getSignerInfos().getSigners(); final SignerInformation signer = (SignerInformation) signers.iterator().next(); // Verify using the signer's certificate assertTrue("Verification using signer certificate", signer.verify(signercert.getPublicKey(), "BC")); // Check that the time source is being logged LogMap logMap = LogMap.getInstance(requestContext); assertEquals("timesource", ZeroTimeSource.class.getSimpleName(), logMap.get("TSA_TIMESOURCE")); assertNotNull("response", logMap.get(ITimeStampLogger.LOG_TSA_TIMESTAMPRESPONSE_ENCODED)); assertEquals("log line doesn't contain newlines", -1, logMap.get(ITimeStampLogger.LOG_TSA_TIMESTAMPRESPONSE_ENCODED).lastIndexOf('\n')); }
From source file:org.xipki.ca.server.impl.X509CACmpResponder.java
License:Open Source License
private CertResponse generateCertificate(final CmpRequestorInfo requestor, final String user, final ASN1OctetString tid, final ASN1Integer certReqId, final X500Name subject, final SubjectPublicKeyInfo publicKeyInfo, final OptionalValidity validity, final Extensions extensions, final String certprofileName, final boolean keyUpdate, final long confirmWaitTime, final AuditChildEvent childAuditEvent) throws InsuffientPermissionException { checkPermission(requestor, certprofileName); Date notBefore = null;/*from w ww.java 2 s . co m*/ Date notAfter = null; if (validity != null) { Time t = validity.getNotBefore(); if (t != null) { notBefore = t.getDate(); } t = validity.getNotAfter(); if (t != null) { notAfter = t.getDate(); } } try { X509CA ca = getCA(); X509CertificateInfo certInfo; if (keyUpdate) { certInfo = ca.regenerateCertificate(requestor.isRA(), requestor, certprofileName, user, subject, publicKeyInfo, notBefore, notAfter, extensions); } else { certInfo = ca.generateCertificate(requestor.isRA(), requestor, certprofileName, user, subject, publicKeyInfo, notBefore, notAfter, extensions); } certInfo.setRequestor(requestor); certInfo.setUser(user); if (childAuditEvent != null) { childAuditEvent.addEventData(new AuditEventData("subject", certInfo.getCert().getSubject())); } pendingCertPool.addCertificate(tid.getOctets(), certReqId.getPositiveValue(), certInfo, System.currentTimeMillis() + confirmWaitTime); String warningMsg = certInfo.getWarningMessage(); PKIStatusInfo statusInfo; if (StringUtil.isBlank(warningMsg)) { if (certInfo.isAlreadyIssued()) { statusInfo = new PKIStatusInfo(PKIStatus.grantedWithMods, new PKIFreeText("ALREADY_ISSUED")); } else { statusInfo = new PKIStatusInfo(PKIStatus.granted); } } else { statusInfo = new PKIStatusInfo(PKIStatus.grantedWithMods, new PKIFreeText(warningMsg)); } if (childAuditEvent != null) { childAuditEvent.setStatus(AuditStatus.SUCCESSFUL); } CertOrEncCert cec = new CertOrEncCert(CMPCertificate.getInstance(certInfo.getCert().getEncodedCert())); CertifiedKeyPair kp = new CertifiedKeyPair(cec); CertResponse certResp = new CertResponse(certReqId, statusInfo, kp, null); return certResp; } catch (OperationException e) { ErrorCode code = e.getErrorCode(); LOG.warn("generate certificate, OperationException: code={}, message={}", code.name(), e.getErrorMessage()); String auditMessage; int failureInfo; switch (code) { case ALREADY_ISSUED: failureInfo = PKIFailureInfo.badRequest; auditMessage = "ALREADY_ISSUED"; break; case BAD_CERT_TEMPLATE: failureInfo = PKIFailureInfo.badCertTemplate; auditMessage = "BAD_CERT_TEMPLATE"; break; case BAD_REQUEST: failureInfo = PKIFailureInfo.badRequest; auditMessage = "BAD_REQUEST"; case CERT_REVOKED: failureInfo = PKIFailureInfo.certRevoked; auditMessage = "CERT_REVOKED"; break; case CRL_FAILURE: failureInfo = PKIFailureInfo.systemFailure; auditMessage = "CRL_FAILURE"; break; case DATABASE_FAILURE: failureInfo = PKIFailureInfo.systemFailure; auditMessage = "DATABASE_FAILURE"; break; case NOT_PERMITTED: failureInfo = PKIFailureInfo.notAuthorized; auditMessage = "NOT_PERMITTED"; break; case INSUFFICIENT_PERMISSION: failureInfo = PKIFailureInfo.notAuthorized; auditMessage = "INSUFFICIENT_PERMISSION"; break; case INVALID_EXTENSION: failureInfo = PKIFailureInfo.systemFailure; auditMessage = "INVALID_EXTENSION"; break; case SYSTEM_FAILURE: failureInfo = PKIFailureInfo.systemFailure; auditMessage = "System_Failure"; break; case SYSTEM_UNAVAILABLE: failureInfo = PKIFailureInfo.systemUnavail; auditMessage = "System_Unavailable"; break; case UNKNOWN_CERT: failureInfo = PKIFailureInfo.badCertId; auditMessage = "UNKNOWN_CERT"; break; case UNKNOWN_CERT_PROFILE: failureInfo = PKIFailureInfo.badCertTemplate; auditMessage = "UNKNOWN_CERT_PROFILE"; break; default: failureInfo = PKIFailureInfo.systemFailure; auditMessage = "InternalErrorCode " + e.getErrorCode(); break; } // end switch(code) if (childAuditEvent != null) { childAuditEvent.setStatus(AuditStatus.FAILED); childAuditEvent.addEventData(new AuditEventData("message", auditMessage)); } String errorMessage; switch (code) { case DATABASE_FAILURE: case SYSTEM_FAILURE: errorMessage = code.name(); break; default: errorMessage = code.name() + ": " + e.getErrorMessage(); break; } // end switch code PKIStatusInfo status = generateCmpRejectionStatus(failureInfo, errorMessage); return new CertResponse(certReqId, status); } }
From source file:org.xipki.pki.ca.qa.X509CertprofileQa.java
License:Open Source License
private static void checkTime(Time time, ValidationIssue issue) { ASN1Primitive asn1Time = time.toASN1Primitive(); if (time.getDate().getTime() / 1000 < EPOCHTIME_2050010100) { if (!(asn1Time instanceof ASN1UTCTime)) { issue.setFailureMessage("not encoded as UTCTime"); }/*from w w w. j a v a 2s . c om*/ } else { if (!(asn1Time instanceof ASN1GeneralizedTime)) { issue.setFailureMessage("not encoded as GeneralizedTime"); } } }