1. 包列表
  2. 类列表
  3. org.bouncycastle.asn1.cmp.CertResponse

Java 类org.bouncycastle.asn1.cmp.CertResponse 实例源码

项目:xipki    文件:X509CaCmpResponderImpl.java    
/**
 * handle the PKI body with the choice {@code p10cr}<br/>
 * Since it is not possible to add attribute to the PKCS#10 request (CSR), the certificate
 * profile must be specified in the attribute regInfo-utf8Pairs (1.3.6.1.5.5.7.5.2.1) within
 * PKIHeader.generalInfo
 *
 */
private PKIBody processP10cr(PKIMessage request, CmpRequestorInfo requestor,
        ASN1OctetString tid, PKIHeader reqHeader, CertificationRequest p10cr,
        CmpControl cmpControl, String msgId, AuditEvent event) {
    // verify the POP first
    CertResponse certResp;
    ASN1Integer certReqId = new ASN1Integer(-1);

    boolean certGenerated = false;
    X509Ca ca = getCa();

    if (!securityFactory.verifyPopo(p10cr, getCmpControl().popoAlgoValidator())) {
        LOG.warn("could not validate POP for the pkcs#10 requst");
        certResp = buildErrorCertResponse(certReqId, PKIFailureInfo.badPOP, "invalid POP");
    } else {
        CertificationRequestInfo certTemp = p10cr.getCertificationRequestInfo();
        Extensions extensions = CaUtil.getExtensions(certTemp);

        X500Name subject = certTemp.getSubject();
        SubjectPublicKeyInfo publicKeyInfo = certTemp.getSubjectPublicKeyInfo();

        CmpUtf8Pairs keyvalues = CmpUtil.extract(reqHeader.getGeneralInfo());
        String certprofileName = null;
        Date notBefore = null;
        Date notAfter = null;

        if (keyvalues != null) {
            certprofileName = keyvalues.value(CmpUtf8Pairs.KEY_CERT_PROFILE);

            String str = keyvalues.value(CmpUtf8Pairs.KEY_NOT_BEFORE);
            if (str != null) {
                notBefore = DateUtil.parseUtcTimeyyyyMMddhhmmss(str);
            }

            str = keyvalues.value(CmpUtf8Pairs.KEY_NOT_AFTER);
            if (str != null) {
                notAfter = DateUtil.parseUtcTimeyyyyMMddhhmmss(str);
            }
        }

        if (certprofileName == null) {
            certResp = buildErrorCertResponse(certReqId, PKIFailureInfo.badCertTemplate,
                    "badCertTemplate", null);
        } else {
            certprofileName = certprofileName.toUpperCase();
            if (!requestor.isCertProfilePermitted(certprofileName)) {
                String msg = "certprofile " + certprofileName + " is not allowed";
                certResp = buildErrorCertResponse(certReqId,
                        PKIFailureInfo.notAuthorized, msg);
            } else {
                CertTemplateData certTemplateData = new CertTemplateData(subject, publicKeyInfo,
                        notBefore, notAfter, extensions, certprofileName);

                certResp = generateCertificates(Arrays.asList(certTemplateData),
                        Arrays.asList(certReqId), requestor, tid, false, request,
                        cmpControl, msgId, event).get(0);
                certGenerated = true;
            }
        }
    }

    CMPCertificate[] caPubs = null;
    if (certGenerated && cmpControl.sendCaCert()) {
        caPubs = new CMPCertificate[]{ca.caInfo().certInCmpFormat()};
    }
    CertRepMessage repMessage = new CertRepMessage(caPubs, new CertResponse[]{certResp});

    return new PKIBody(PKIBody.TYPE_CERT_REP, repMessage);
}
项目:xipki    文件:X509CaCmpResponderImpl.java    
private CertResponse buildErrorCertResponse(ASN1Integer certReqId, int pkiFailureInfo,
        String msg) {
    return buildErrorCertResponse(certReqId, pkiFailureInfo, msg, msg);
}
项目:xipki    文件:X509CaCmpResponderImpl.java    
private CertResponse buildErrorCertResponse(ASN1Integer certReqId, int pkiFailureInfo,
        String msg, String pkiStatusText) {
    return new CertResponse(certReqId, generateRejectionStatus(pkiFailureInfo, pkiStatusText));
}