当前位置: 首页>>代码示例>>Java>>正文

Java PKIFailureInfo类代码示例

本文整理汇总了Java中org.bouncycastle.asn1.cmp.PKIFailureInfo的典型用法代码示例。如果您正苦于以下问题:Java PKIFailureInfo类的具体用法?Java PKIFailureInfo怎么用?Java PKIFailureInfo使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。


PKIFailureInfo类属于org.bouncycastle.asn1.cmp包,在下文中一共展示了PKIFailureInfo类的14个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。

示例1: addProtection

import org.bouncycastle.asn1.cmp.PKIFailureInfo; //导入依赖的package包/类
private PKIMessage addProtection(PKIMessage pkiMessage, AuditEvent event) {
    try {
        return CmpUtil.addProtection(pkiMessage, getSigner(), getSender(),
                getCmpControl().sendResponderCert());
    } catch (Exception ex) {
        LogUtil.error(LOG, ex, "could not add protection to the PKI message");
        PKIStatusInfo status = generateRejectionStatus(
                PKIFailureInfo.systemFailure, "could not sign the PKIMessage");

        event.setLevel(AuditLevel.ERROR);
        event.setStatus(AuditStatus.FAILED);
        event.addEventData(CaAuditConstants.NAME_message, "could not sign the PKIMessage");
        PKIBody body = new PKIBody(PKIBody.TYPE_ERROR, new ErrorMsgContent(status));
        return new PKIMessage(pkiMessage.getHeader(), body);
    }
}
开发者ID:xipki,项目名称:xipki,代码行数:17,代码来源:CmpResponder.java

示例2: unacceptableResponseParse

import org.bouncycastle.asn1.cmp.PKIFailureInfo; //导入依赖的package包/类
private void unacceptableResponseParse(
    byte[]  response) 
    throws Exception
{
    TimeStampResponse resp = new TimeStampResponse(response);

    if (resp.getStatus() != PKIStatus.REJECTION)
    {
        fail("request not rejected.");
    }
    
    if (resp.getFailInfo().intValue() != PKIFailureInfo.unacceptedPolicy)
    {
        fail("request not rejected.");
    }
}
开发者ID:credentials,项目名称:irma_future_id,代码行数:17,代码来源:ParseTest.java

示例3: performTest

import org.bouncycastle.asn1.cmp.PKIFailureInfo; //导入依赖的package包/类
public void performTest()
    throws IOException
{
    BitStringConstantTester.testFlagValueCorrect(0, PKIFailureInfo.badAlg);
    BitStringConstantTester.testFlagValueCorrect(1, PKIFailureInfo.badMessageCheck);
    BitStringConstantTester.testFlagValueCorrect(2, PKIFailureInfo.badRequest);
    BitStringConstantTester.testFlagValueCorrect(3, PKIFailureInfo.badTime);
    BitStringConstantTester.testFlagValueCorrect(4, PKIFailureInfo.badCertId);
    BitStringConstantTester.testFlagValueCorrect(5, PKIFailureInfo.badDataFormat);
    BitStringConstantTester.testFlagValueCorrect(6, PKIFailureInfo.wrongAuthority);
    BitStringConstantTester.testFlagValueCorrect(7, PKIFailureInfo.incorrectData);
    BitStringConstantTester.testFlagValueCorrect(8, PKIFailureInfo.missingTimeStamp);
    BitStringConstantTester.testFlagValueCorrect(9, PKIFailureInfo.badPOP);
    BitStringConstantTester.testFlagValueCorrect(14, PKIFailureInfo.timeNotAvailable);
    BitStringConstantTester.testFlagValueCorrect(15, PKIFailureInfo.unacceptedPolicy);
    BitStringConstantTester.testFlagValueCorrect(16, PKIFailureInfo.unacceptedExtension);
    BitStringConstantTester.testFlagValueCorrect(17, PKIFailureInfo.addInfoNotAvailable);
    BitStringConstantTester.testFlagValueCorrect(25, PKIFailureInfo.systemFailure);

    testEncoding();
}
开发者ID:credentials,项目名称:irma_future_id,代码行数:22,代码来源:PKIFailureInfoTest.java

示例4: getFailInfo

import org.bouncycastle.asn1.cmp.PKIFailureInfo; //导入依赖的package包/类
public PKIFailureInfo getFailInfo()
{
    if (resp.getStatus().getFailInfo() != null)
    {
        return new PKIFailureInfo(resp.getStatus().getFailInfo());
    }
    
    return null;
}
开发者ID:Appdome,项目名称:ipack,代码行数:10,代码来源:TimeStampResponse.java

示例5: generateRejectedResponse

import org.bouncycastle.asn1.cmp.PKIFailureInfo; //导入依赖的package包/类
/**
 * Generate a generic rejection response based on a TSPValidationException or
 * an Exception. Exceptions which are not an instance of TSPValidationException
 * will be treated as systemFailure. The return value of exception.getMessage() will
 * be used as the status string for the response.
 *
 * @param exception the exception thrown on validating the request.
 * @return a TimeStampResponse.
 * @throws TSPException if a failure response cannot be generated.
 */
public TimeStampResponse generateRejectedResponse(Exception exception)
    throws TSPException
{
    if (exception instanceof TSPValidationException)
    {
        return generateFailResponse(PKIStatus.REJECTION, ((TSPValidationException)exception).getFailureCode(), exception.getMessage());
    }
    else
    {
        return generateFailResponse(PKIStatus.REJECTION, PKIFailureInfo.systemFailure, exception.getMessage());
    }
}
开发者ID:Appdome,项目名称:ipack,代码行数:23,代码来源:TimeStampResponseGenerator.java

示例6: buildErrorMsgPkiBody

import org.bouncycastle.asn1.cmp.PKIFailureInfo; //导入依赖的package包/类
private static PKIBody buildErrorMsgPkiBody(PKIStatus pkiStatus, int failureInfo,
        String statusMessage) {
    PKIFreeText pkiStatusMsg = (statusMessage == null) ? null : new PKIFreeText(statusMessage);
    ErrorMsgContent emc = new ErrorMsgContent(
            new PKIStatusInfo(pkiStatus, pkiStatusMsg, new PKIFailureInfo(failureInfo)));
    return new PKIBody(PKIBody.TYPE_ERROR, emc);
}
开发者ID:xipki,项目名称:xipki,代码行数:8,代码来源:X509CaCmpResponderImpl.java

示例7: testEncoding

import org.bouncycastle.asn1.cmp.PKIFailureInfo; //导入依赖的package包/类
private void testEncoding()
    throws IOException
{
    DERBitString bitString = (DERBitString)new ASN1InputStream(CORRECT_FAILURE_INFO).readObject();
    PKIFailureInfo correct = new PKIFailureInfo(bitString);
                    
    PKIFailureInfo bug = new PKIFailureInfo(PKIFailureInfo.badRequest | PKIFailureInfo.badTime |PKIFailureInfo.badDataFormat | PKIFailureInfo.incorrectData);

    if (!areEqual(correct.getEncoded(ASN1Encoding.DER),bug.getEncoded(ASN1Encoding.DER)))
    {
        fail("encoding doesn't match");
    }
}
开发者ID:credentials,项目名称:irma_future_id,代码行数:14,代码来源:PKIFailureInfoTest.java

示例8: validate

import org.bouncycastle.asn1.cmp.PKIFailureInfo; //导入依赖的package包/类
/**
 * Validate the timestamp request, checking the digest to see if it is of an
 * accepted type and whether it is of the correct length for the algorithm specified.
 *
 * @param algorithms a set of OIDs giving accepted algorithms.
 * @param policies if non-null a set of policies OIDs we are willing to sign under.
 * @param extensions if non-null a set of extensions OIDs we are willing to accept.
 * @throws TSPException if the request is invalid, or processing fails.
 */
public void validate(
    Set    algorithms,
    Set    policies,
    Set    extensions)
    throws TSPException
{
    algorithms = convert(algorithms);
    policies = convert(policies);
    extensions = convert(extensions);

    if (!algorithms.contains(this.getMessageImprintAlgOID()))
    {
        throw new TSPValidationException("request contains unknown algorithm.", PKIFailureInfo.badAlg);
    }

    if (policies != null && this.getReqPolicy() != null && !policies.contains(this.getReqPolicy()))
    {
        throw new TSPValidationException("request contains unknown policy.", PKIFailureInfo.unacceptedPolicy);
    }

    if (this.getExtensions() != null && extensions != null)
    {
        Enumeration en = this.getExtensions().oids();
        while(en.hasMoreElements())
        {
            String  oid = ((DERObjectIdentifier)en.nextElement()).getId();
            if (!extensions.contains(oid))
            {
                throw new TSPValidationException("request contains unknown extension.", PKIFailureInfo.unacceptedExtension);
            }
        }
    }

    int digestLength = TSPUtil.getDigestLength(this.getMessageImprintAlgOID().getId());

    if (digestLength != this.getMessageImprintDigest().length)
    {
        throw new TSPValidationException("imprint digest the wrong length.", PKIFailureInfo.badDataFormat);
    }
}
开发者ID:Appdome,项目名称:ipack,代码行数:50,代码来源:TimeStampRequest.java

示例9: validate

import org.bouncycastle.asn1.cmp.PKIFailureInfo; //导入依赖的package包/类
/**
 * Validate the timestamp request, checking the digest to see if it is of an
 * accepted type and whether it is of the correct length for the algorithm specified.
 *
 * @param algorithms a set of OIDs giving accepted algorithms.
 * @param policies if non-null a set of policies OIDs we are willing to sign under.
 * @param extensions if non-null a set of extensions OIDs we are willing to accept.
 * @throws TSPException if the request is invalid, or processing fails.
 */
public void validate(
    Set    algorithms,
    Set    policies,
    Set    extensions)
    throws TSPException
{
    algorithms = convert(algorithms);
    policies = convert(policies);
    extensions = convert(extensions);

    if (!algorithms.contains(this.getMessageImprintAlgOID()))
    {
        throw new TSPValidationException("request contains unknown algorithm.", PKIFailureInfo.badAlg);
    }

    if (policies != null && this.getReqPolicy() != null && !policies.contains(this.getReqPolicy()))
    {
        throw new TSPValidationException("request contains unknown policy.", PKIFailureInfo.unacceptedPolicy);
    }

    if (this.getExtensions() != null && extensions != null)
    {
        Enumeration en = this.getExtensions().oids();
        while(en.hasMoreElements())
        {
            String  oid = ((ASN1ObjectIdentifier)en.nextElement()).getId();
            if (!extensions.contains(oid))
            {
                throw new TSPValidationException("request contains unknown extension.", PKIFailureInfo.unacceptedExtension);
            }
        }
    }

    int digestLength = TSPUtil.getDigestLength(this.getMessageImprintAlgOID().getId());

    if (digestLength != this.getMessageImprintDigest().length)
    {
        throw new TSPValidationException("imprint digest the wrong length.", PKIFailureInfo.badDataFormat);
    }
}
开发者ID:ttt43ttt,项目名称:gwt-crypto,代码行数:50,代码来源:TimeStampRequest.java

示例10: processP10cr

import org.bouncycastle.asn1.cmp.PKIFailureInfo; //导入依赖的package包/类
/**
 * handle the PKI body with the choice {@code p10cr}<br/>
 * Since it is not possible to add attribute to the PKCS#10 request (CSR), the certificate
 * profile must be specified in the attribute regInfo-utf8Pairs (1.3.6.1.5.5.7.5.2.1) within
 * PKIHeader.generalInfo
 *
 */
private PKIBody processP10cr(PKIMessage request, CmpRequestorInfo requestor,
        ASN1OctetString tid, PKIHeader reqHeader, CertificationRequest p10cr,
        CmpControl cmpControl, String msgId, AuditEvent event) {
    // verify the POP first
    CertResponse certResp;
    ASN1Integer certReqId = new ASN1Integer(-1);

    boolean certGenerated = false;
    X509Ca ca = getCa();

    if (!securityFactory.verifyPopo(p10cr, getCmpControl().popoAlgoValidator())) {
        LOG.warn("could not validate POP for the pkcs#10 requst");
        certResp = buildErrorCertResponse(certReqId, PKIFailureInfo.badPOP, "invalid POP");
    } else {
        CertificationRequestInfo certTemp = p10cr.getCertificationRequestInfo();
        Extensions extensions = CaUtil.getExtensions(certTemp);

        X500Name subject = certTemp.getSubject();
        SubjectPublicKeyInfo publicKeyInfo = certTemp.getSubjectPublicKeyInfo();

        CmpUtf8Pairs keyvalues = CmpUtil.extract(reqHeader.getGeneralInfo());
        String certprofileName = null;
        Date notBefore = null;
        Date notAfter = null;

        if (keyvalues != null) {
            certprofileName = keyvalues.value(CmpUtf8Pairs.KEY_CERT_PROFILE);

            String str = keyvalues.value(CmpUtf8Pairs.KEY_NOT_BEFORE);
            if (str != null) {
                notBefore = DateUtil.parseUtcTimeyyyyMMddhhmmss(str);
            }

            str = keyvalues.value(CmpUtf8Pairs.KEY_NOT_AFTER);
            if (str != null) {
                notAfter = DateUtil.parseUtcTimeyyyyMMddhhmmss(str);
            }
        }

        if (certprofileName == null) {
            certResp = buildErrorCertResponse(certReqId, PKIFailureInfo.badCertTemplate,
                    "badCertTemplate", null);
        } else {
            certprofileName = certprofileName.toUpperCase();
            if (!requestor.isCertProfilePermitted(certprofileName)) {
                String msg = "certprofile " + certprofileName + " is not allowed";
                certResp = buildErrorCertResponse(certReqId,
                        PKIFailureInfo.notAuthorized, msg);
            } else {
                CertTemplateData certTemplateData = new CertTemplateData(subject, publicKeyInfo,
                        notBefore, notAfter, extensions, certprofileName);

                certResp = generateCertificates(Arrays.asList(certTemplateData),
                        Arrays.asList(certReqId), requestor, tid, false, request,
                        cmpControl, msgId, event).get(0);
                certGenerated = true;
            }
        }
    }

    CMPCertificate[] caPubs = null;
    if (certGenerated && cmpControl.sendCaCert()) {
        caPubs = new CMPCertificate[]{ca.caInfo().certInCmpFormat()};
    }
    CertRepMessage repMessage = new CertRepMessage(caPubs, new CertResponse[]{certResp});

    return new PKIBody(PKIBody.TYPE_CERT_REP, repMessage);
}
开发者ID:xipki,项目名称:xipki,代码行数:76,代码来源:X509CaCmpResponderImpl.java

示例11: getPKiFailureInfo

import org.bouncycastle.asn1.cmp.PKIFailureInfo; //导入依赖的package包/类
private int getPKiFailureInfo(OperationException ex) {
    ErrorCode code = ex.errorCode();

    int failureInfo;
    switch (code) {
    case ALREADY_ISSUED:
        failureInfo = PKIFailureInfo.badRequest;
        break;
    case BAD_CERT_TEMPLATE:
        failureInfo = PKIFailureInfo.badCertTemplate;
        break;
    case BAD_REQUEST:
        failureInfo = PKIFailureInfo.badRequest;
        break;
    case CERT_REVOKED:
        failureInfo = PKIFailureInfo.certRevoked;
        break;
    case CERT_UNREVOKED:
        failureInfo = PKIFailureInfo.notAuthorized;
        break;
    case BAD_POP:
        failureInfo = PKIFailureInfo.badPOP;
        break;
    case CRL_FAILURE:
        failureInfo = PKIFailureInfo.systemFailure;
        break;
    case DATABASE_FAILURE:
        failureInfo = PKIFailureInfo.systemFailure;
        break;
    case NOT_PERMITTED:
        failureInfo = PKIFailureInfo.notAuthorized;
        break;
    case INVALID_EXTENSION:
        failureInfo = PKIFailureInfo.badRequest;
        break;
    case SYSTEM_FAILURE:
        failureInfo = PKIFailureInfo.systemFailure;
        break;
    case SYSTEM_UNAVAILABLE:
        failureInfo = PKIFailureInfo.systemUnavail;
        break;
    case UNKNOWN_CERT:
        failureInfo = PKIFailureInfo.badCertId;
        break;
    case UNKNOWN_CERT_PROFILE:
        failureInfo = PKIFailureInfo.badCertTemplate;
        break;
    default:
        failureInfo = PKIFailureInfo.systemFailure;
        break;
    } // end switch (code)

    return failureInfo;
}
开发者ID:xipki,项目名称:xipki,代码行数:55,代码来源:X509CaCmpResponderImpl.java

示例12: confirmCertificates

import org.bouncycastle.asn1.cmp.PKIFailureInfo; //导入依赖的package包/类
private PKIBody confirmCertificates(ASN1OctetString transactionId, CertConfirmContent certConf,
        String msgId) {
    CertStatus[] certStatuses = certConf.toCertStatusArray();

    boolean successful = true;
    for (CertStatus certStatus : certStatuses) {
        ASN1Integer certReqId = certStatus.getCertReqId();
        byte[] certHash = certStatus.getCertHash().getOctets();
        X509CertificateInfo certInfo = pendingCertPool.removeCertificate(
                transactionId.getOctets(), certReqId.getPositiveValue(), certHash);
        if (certInfo == null) {
            if (LOG.isWarnEnabled()) {
                LOG.warn("no cert under transactionId={}, certReqId={} and certHash=0X{}",
                        transactionId, certReqId.getPositiveValue(),
                        Hex.encode(certHash));
            }
            continue;
        }

        PKIStatusInfo statusInfo = certStatus.getStatusInfo();
        boolean accept = true;
        if (statusInfo != null) {
            int status = statusInfo.getStatus().intValue();
            if (PKIStatus.GRANTED != status && PKIStatus.GRANTED_WITH_MODS != status) {
                accept = false;
            }
        }

        if (accept) {
            continue;
        }

        BigInteger serialNumber = certInfo.cert().cert().getSerialNumber();
        X509Ca ca = getCa();
        try {
            ca.revokeCertificate(serialNumber, CrlReason.CESSATION_OF_OPERATION, new Date(),
                    msgId);
        } catch (OperationException ex) {
            LogUtil.warn(LOG, ex,
                    "could not revoke certificate ca=" + ca.caInfo().ident()
                    + " serialNumber=" + LogUtil.formatCsn(serialNumber));
        }

        successful = false;
    }

    // all other certificates should be revoked
    if (revokePendingCertificates(transactionId, msgId)) {
        successful = false;
    }

    if (successful) {
        return new PKIBody(PKIBody.TYPE_CONFIRM, DERNull.INSTANCE);
    }

    ErrorMsgContent emc = new ErrorMsgContent(
            new PKIStatusInfo(PKIStatus.rejection, null,
                    new PKIFailureInfo(PKIFailureInfo.systemFailure)));

    return new PKIBody(PKIBody.TYPE_ERROR, emc);
}
开发者ID:xipki,项目名称:xipki,代码行数:62,代码来源:X509CaCmpResponderImpl.java

示例13: cmpUnRevokeRemoveCertificates

import org.bouncycastle.asn1.cmp.PKIFailureInfo; //导入依赖的package包/类
private PKIBody cmpUnRevokeRemoveCertificates(PKIMessage request, PKIHeaderBuilder respHeader,
        CmpControl cmpControl, PKIHeader reqHeader, PKIBody reqBody, CmpRequestorInfo requestor,
        String msgId, AuditEvent event) {
    Integer requiredPermission = null;
    boolean allRevdetailsOfSameType = true;

    RevReqContent rr = RevReqContent.getInstance(reqBody.getContent());
    RevDetails[] revContent = rr.toRevDetailsArray();

    int len = revContent.length;
    for (int i = 0; i < len; i++) {
        RevDetails revDetails = revContent[i];
        Extensions crlDetails = revDetails.getCrlEntryDetails();
        int reasonCode = CrlReason.UNSPECIFIED.code();
        if (crlDetails != null) {
            ASN1ObjectIdentifier extId = Extension.reasonCode;
            ASN1Encodable extValue = crlDetails.getExtensionParsedValue(extId);
            if (extValue != null) {
                reasonCode = ASN1Enumerated.getInstance(extValue).getValue().intValue();
            }
        }

        if (reasonCode == XiSecurityConstants.CMP_CRL_REASON_REMOVE) {
            if (requiredPermission == null) {
                event.addEventType(CaAuditConstants.TYPE_CMP_rr_remove);
                requiredPermission = PermissionConstants.REMOVE_CERT;
            } else if (requiredPermission != PermissionConstants.REMOVE_CERT) {
                allRevdetailsOfSameType = false;
                break;
            }
        } else if (reasonCode == CrlReason.REMOVE_FROM_CRL.code()) {
            if (requiredPermission == null) {
                event.addEventType(CaAuditConstants.TYPE_CMP_rr_unrevoke);
                requiredPermission = PermissionConstants.UNREVOKE_CERT;
            } else if (requiredPermission != PermissionConstants.UNREVOKE_CERT) {
                allRevdetailsOfSameType = false;
                break;
            }
        } else {
            if (requiredPermission == null) {
                event.addEventType(CaAuditConstants.TYPE_CMP_rr_revoke);
                requiredPermission = PermissionConstants.REVOKE_CERT;
            } else if (requiredPermission != PermissionConstants.REVOKE_CERT) {
                allRevdetailsOfSameType = false;
                break;
            }
        }
    } // end for

    if (!allRevdetailsOfSameType) {
        ErrorMsgContent emc = new ErrorMsgContent(
                new PKIStatusInfo(PKIStatus.rejection,
                new PKIFreeText("not all revDetails are of the same type"),
                new PKIFailureInfo(PKIFailureInfo.badRequest)));

        return new PKIBody(PKIBody.TYPE_ERROR, emc);
    } else {
        try {
            checkPermission(requestor, requiredPermission);
        } catch (InsuffientPermissionException ex) {
            event.setStatus(AuditStatus.FAILED);
            event.addEventData(CaAuditConstants.NAME_message, "NOT_PERMITTED");
            return buildErrorMsgPkiBody(PKIStatus.rejection, PKIFailureInfo.notAuthorized,
                    null);
        }
        return unRevokeRemoveCertificates(request, rr, requiredPermission, cmpControl, msgId);
    }
}
开发者ID:xipki,项目名称:xipki,代码行数:69,代码来源:X509CaCmpResponderImpl.java

示例14: generateRejectionStatus

import org.bouncycastle.asn1.cmp.PKIFailureInfo; //导入依赖的package包/类
protected PKIStatusInfo generateRejectionStatus(PKIStatus status, Integer info,
        String errorMessage) {
    PKIFreeText statusMessage = (errorMessage == null) ? null : new PKIFreeText(errorMessage);
    PKIFailureInfo failureInfo = (info == null) ? null : new PKIFailureInfo(info);
    return new PKIStatusInfo(status, statusMessage, failureInfo);
}
开发者ID:xipki,项目名称:xipki,代码行数:7,代码来源:CmpResponder.java


注:本文中的org.bouncycastle.asn1.cmp.PKIFailureInfo类示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。