public static PKIBody getInstance(Object o) { if (o == null || o instanceof PKIBody) { return (PKIBody)o; } if (o instanceof ASN1TaggedObject) { return new PKIBody((ASN1TaggedObject)o); } throw new IllegalArgumentException("Invalid object: " + o.getClass().getName()); }
public static PKIBody getInstance(Object o) { if (o == null || o instanceof PKIBody) { return (PKIBody)o; } if (o instanceof ASN1TaggedObject) { return new PKIBody((ASN1TaggedObject)o); } throw new IllegalArgumentException("Invalid object: " + o.getClass().getName()); }
private PKIBody processCcp(String dfltCertprofileName, PKIMessage request, CmpRequestorInfo requestor, ASN1OctetString tid, PKIHeader reqHeader, CertReqMessages cr, CmpControl cmpControl, String msgId, AuditEvent event) throws InsuffientPermissionException { CertRepMessage repMessage = processCertReqMessages(dfltCertprofileName, Boolean.FALSE, request, requestor, tid, reqHeader, cr, false, cmpControl, msgId, event); return new PKIBody(PKIBody.TYPE_CROSS_CERT_REP, repMessage); }
private PKIBody processIr(String dfltCertprofileName, Boolean dfltCaGenKeypair, PKIMessage request, CmpRequestorInfo requestor, ASN1OctetString tid, PKIHeader reqHeader, CertReqMessages cr, CmpControl cmpControl, String msgId, AuditEvent event) throws InsuffientPermissionException { CertRepMessage repMessage = processCertReqMessages(dfltCertprofileName, dfltCaGenKeypair, request, requestor, tid, reqHeader, cr, true, cmpControl, msgId, event); return new PKIBody(PKIBody.TYPE_INIT_REP, repMessage); }
private PKIBody processCr(String dfltCertprofileName, Boolean dfltCaGenKeypair, PKIMessage request, CmpRequestorInfo requestor, ASN1OctetString tid, PKIHeader reqHeader, CertReqMessages cr, CmpControl cmpControl, String msgId, AuditEvent event) throws InsuffientPermissionException { CertRepMessage repMessage = processCertReqMessages(dfltCertprofileName, dfltCaGenKeypair, request, requestor, tid, reqHeader, cr, true, cmpControl, msgId, event); return new PKIBody(PKIBody.TYPE_CERT_REP, repMessage); }
private PKIBody processKur(String dfltCertprofileName, Boolean dfltCaGenKeypair, PKIMessage request, CmpRequestorInfo requestor, ASN1OctetString tid, PKIHeader reqHeader, CertReqMessages kur, CmpControl cmpControl, String msgId, AuditEvent event) throws InsuffientPermissionException { CertRepMessage repMessage = processCertReqMessages(dfltCertprofileName, dfltCaGenKeypair, request, requestor, tid, reqHeader, kur, true, cmpControl, msgId, event); return new PKIBody(PKIBody.TYPE_KEY_UPDATE_REP, repMessage); }
private PKIMessage buildMessageWithGeneralMsgContent(ASN1ObjectIdentifier type, ASN1Encodable value) { Args.notNull(type, "type"); PKIHeader header = buildPkiHeader(null); InfoTypeAndValue itv = (value != null) ? new InfoTypeAndValue(type, value) : new InfoTypeAndValue(type); GenMsgContent genMsgContent = new GenMsgContent(itv); PKIBody body = new PKIBody(PKIBody.TYPE_GEN_MSG, genMsgContent); return new PKIMessage(header, body); }
private PKIMessage buildCertConfirmRequest(ASN1OctetString tid, CertificateConfirmationContentBuilder certConfirmBuilder) throws CmpClientException { PKIHeader header = buildPkiHeader(implicitConfirm, tid, null, (InfoTypeAndValue[]) null); CertificateConfirmationContent certConfirm; try { certConfirm = certConfirmBuilder.build(DIGEST_CALCULATOR_PROVIDER); } catch (CMPException ex) { throw new CmpClientException(ex.getMessage(), ex); } PKIBody body = new PKIBody(PKIBody.TYPE_CERT_CONFIRM, certConfirm.toASN1Structure()); return new PKIMessage(header, body); }
private static PKIBody buildErrorMsgPkiBody(PKIStatus pkiStatus, int failureInfo, String statusMessage) { PKIFreeText pkiStatusMsg = (statusMessage == null) ? null : new PKIFreeText(statusMessage); ErrorMsgContent emc = new ErrorMsgContent( new PKIStatusInfo(pkiStatus, pkiStatusMsg, new PKIFailureInfo(failureInfo))); return new PKIBody(PKIBody.TYPE_ERROR, emc); }
protected PKIMessage buildErrorPkiMessage(ASN1OctetString tid, PKIHeader requestHeader, int failureCode, String statusText) { GeneralName respRecipient = requestHeader.getSender(); PKIHeaderBuilder respHeader = new PKIHeaderBuilder( requestHeader.getPvno().getValue().intValue(), getSender(), respRecipient); respHeader.setMessageTime(new ASN1GeneralizedTime(new Date())); if (tid != null) { respHeader.setTransactionID(tid); } ASN1OctetString senderNonce = requestHeader.getSenderNonce(); if (senderNonce != null) { respHeader.setRecipNonce(senderNonce); } PKIStatusInfo status = generateRejectionStatus(failureCode, statusText); ErrorMsgContent error = new ErrorMsgContent(status); PKIBody body = new PKIBody(PKIBody.TYPE_ERROR, error); return new PKIMessage(respHeader.build(), body); } // method buildErrorPkiMessage
public X509Certificate enrollCertViaCsr(String certprofile, CertificationRequest csr, boolean profileInUri) throws Exception { ProtectedPKIMessageBuilder builder = new ProtectedPKIMessageBuilder( PKIHeader.CMP_2000, requestorSubject, responderSubject); builder.setMessageTime(new Date()); builder.setTransactionID(randomTransactionId()); builder.setSenderNonce(randomSenderNonce()); builder.addGeneralInfo( new InfoTypeAndValue(CMPObjectIdentifiers.it_implicitConfirm, DERNull.INSTANCE)); String uri = null; if (profileInUri) { uri = caUri + "?certprofile=" + certprofile.toLowerCase(); } else { builder.addGeneralInfo( new InfoTypeAndValue(CMPObjectIdentifiers.regInfo_utf8Pairs, new DERUTF8String("certprofile?" + certprofile + "%"))); } builder.setBody(new PKIBody(PKIBody.TYPE_P10_CERT_REQ, csr)); ProtectedPKIMessage request = build(builder); PKIMessage response = transmit(request, uri); return parseEnrollCertResult(response, PKIBody.TYPE_CERT_REP, 1) .values().iterator().next().getCert(); }
private PKIMessage buildPkiMessage(CsrEnrollCertRequest csr, Date notBefore, Date notAfter) { CmpUtf8Pairs utf8Pairs = new CmpUtf8Pairs(CmpUtf8Pairs.KEY_CERTPROFILE, csr.getCertprofile()); if (notBefore != null) { utf8Pairs.putUtf8Pair(CmpUtf8Pairs.KEY_NOTBEFORE, DateUtil.toUtcTimeyyyyMMddhhmmss(notBefore)); } if (notAfter != null) { utf8Pairs.putUtf8Pair(CmpUtf8Pairs.KEY_NOTAFTER, DateUtil.toUtcTimeyyyyMMddhhmmss(notAfter)); } PKIHeader header = buildPkiHeader(implicitConfirm, null, utf8Pairs); PKIBody body = new PKIBody(PKIBody.TYPE_P10_CERT_REQ, csr.getCsr()); return new PKIMessage(header, body); }
PKIBody body = new PKIBody(bodyType, new CertReqMessages(certReqMsgs)); return new PKIMessage(header, body);
private PKIMessage buildMessageWithXipkAction(int action, ASN1Encodable value) { PKIHeader header = buildPkiHeader(null); ASN1EncodableVector vec = new ASN1EncodableVector(); vec.add(new ASN1Integer(action)); if (value != null) { vec.add(value); } InfoTypeAndValue itv = new InfoTypeAndValue(ObjectIdentifiers.id_xipki_cmp_cmpGenmsg, new DERSequence(vec)); GenMsgContent genMsgContent = new GenMsgContent(itv); PKIBody body = new PKIBody(PKIBody.TYPE_GEN_MSG, genMsgContent); return new PKIMessage(header, body); }
private PKIMessage buildUnrevokeOrRemoveCertRequest(UnrevokeOrRemoveCertRequest request, int reasonCode) throws CmpClientException { PKIHeader header = buildPkiHeader(null); List<UnrevokeOrRemoveCertRequest.Entry> requestEntries = request.getRequestEntries(); List<RevDetails> revDetailsArray = new ArrayList<>(requestEntries.size()); for (UnrevokeOrRemoveCertRequest.Entry requestEntry : requestEntries) { CertTemplateBuilder certTempBuilder = new CertTemplateBuilder(); certTempBuilder.setIssuer(requestEntry.getIssuer()); certTempBuilder.setSerialNumber(new ASN1Integer(requestEntry.getSerialNumber())); byte[] aki = requestEntry.getAuthorityKeyIdentifier(); if (aki != null) { Extensions certTempExts = getCertTempExtensions(aki); certTempBuilder.setExtensions(certTempExts); } Extension[] extensions = new Extension[1]; try { ASN1Enumerated reason = new ASN1Enumerated(reasonCode); extensions[0] = new Extension(Extension.reasonCode, true, new DEROctetString(reason.getEncoded())); } catch (IOException ex) { throw new CmpClientException(ex.getMessage(), ex); } Extensions exts = new Extensions(extensions); RevDetails revDetails = new RevDetails(certTempBuilder.build(), exts); revDetailsArray.add(revDetails); } RevReqContent content = new RevReqContent(revDetailsArray.toArray(new RevDetails[0])); PKIBody body = new PKIBody(PKIBody.TYPE_REVOCATION_REQ, content); return new PKIMessage(header, body); } // method buildUnrevokeOrRemoveCertRequest
PKIBody body = new PKIBody(PKIBody.TYPE_REVOCATION_REQ, content); return new PKIMessage(header, body);
private Certificate[] cmpCaCerts() throws Exception { ProtectedPKIMessageBuilder builder = new ProtectedPKIMessageBuilder( PKIHeader.CMP_2000, requestorSubject, responderSubject); builder.setMessageTime(new Date()); builder.setTransactionID(randomTransactionId()); builder.setSenderNonce(randomSenderNonce()); InfoTypeAndValue itv = new InfoTypeAndValue(id_xipki_cmp); PKIBody body = new PKIBody(PKIBody.TYPE_GEN_MSG, new GenMsgContent(itv)); builder.setBody(body); ProtectedPKIMessage request = build(builder); PKIMessage response = transmit(request, null); ASN1Encodable asn1Value = extractGeneralRepContent(response, id_xipki_cmp.getId()); ASN1Sequence seq = ASN1Sequence.getInstance(asn1Value); final int size = seq.size(); Certificate[] caCerts = new Certificate[size]; for (int i = 0; i < size; i++) { caCerts[i] = CMPCertificate.getInstance(seq.getObjectAt(i)).getX509v3PKCert(); } return caCerts; }
PKIBody body = new PKIBody(PKIBody.TYPE_KEY_UPDATE_REQ, new CertReqMessages(certReqMsgs)); ProtectedPKIMessageBuilder builder = new ProtectedPKIMessageBuilder( PKIHeader.CMP_2000, requestorSubject, responderSubject);
public boolean revokeCert(BigInteger serialNumber, CRLReason reason) throws Exception { ProtectedPKIMessageBuilder builder = new ProtectedPKIMessageBuilder( PKIHeader.CMP_2000, requestorSubject, responderSubject); builder.setMessageTime(new Date()); builder.setTransactionID(randomTransactionId()); builder.setSenderNonce(randomSenderNonce()); CertTemplateBuilder certTempBuilder = new CertTemplateBuilder(); certTempBuilder.setIssuer(caSubject); certTempBuilder.setSerialNumber(new ASN1Integer(serialNumber)); AuthorityKeyIdentifier aki = new AuthorityKeyIdentifier(caSubjectKeyIdentifier); byte[] encodedAki = aki.getEncoded(); Extension extAki = new Extension(Extension.authorityKeyIdentifier, false, encodedAki); Extensions certTempExts = new Extensions(extAki); certTempBuilder.setExtensions(certTempExts); ASN1Enumerated asn1Reason = new ASN1Enumerated(reason.getValue().intValue()); Extensions exts = new Extensions( new Extension(Extension.reasonCode, true, new DEROctetString(asn1Reason.getEncoded()))); RevDetails revDetails = new RevDetails(certTempBuilder.build(), exts); RevReqContent content = new RevReqContent(revDetails); builder.setBody(new PKIBody(PKIBody.TYPE_REVOCATION_REQ, content)); ProtectedPKIMessage request = build(builder); PKIMessage response = transmit(request, null); return parseRevocationResult(response, serialNumber); }
private PKIMessage addProtection(PKIMessage pkiMessage, AuditEvent event, CmpRequestorInfo requestor) { CmpControl control = getCmpControl(); try { if (requestor.getCert() != null) { return CmpUtil.addProtection(pkiMessage, getSigner(), getSender(), control.isSendResponderCert()); } else { PBMParameter parameter = new PBMParameter(randomSalt(), control.getResponsePbmOwf(), control.getResponsePbmIterationCount(), control.getResponsePbmMac()); return CmpUtil.addProtection(pkiMessage, requestor.getPassword(), parameter, getSender(), requestor.getKeyId()); } } catch (Exception ex) { LogUtil.error(LOG, ex, "could not add protection to the PKI message"); PKIStatusInfo status = generateRejectionStatus( PKIFailureInfo.systemFailure, "could not sign the PKIMessage"); event.setLevel(AuditLevel.ERROR); event.setStatus(AuditStatus.FAILED); event.addEventData(CaAuditConstants.NAME_message, "could not sign the PKIMessage"); PKIBody body = new PKIBody(PKIBody.TYPE_ERROR, new ErrorMsgContent(status)); return new PKIMessage(pkiMessage.getHeader(), body); } } // method addProtection