本文整理汇总了Java中org.bouncycastle.asn1.cmp.PKIFailureInfo类的典型用法代码示例。如果您正苦于以下问题:Java PKIFailureInfo类的具体用法?Java PKIFailureInfo怎么用?Java PKIFailureInfo使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
PKIFailureInfo类属于org.bouncycastle.asn1.cmp包,在下文中一共展示了PKIFailureInfo类的14个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Java代码示例。
示例1: addProtection
import org.bouncycastle.asn1.cmp.PKIFailureInfo; //导入依赖的package包/类
private PKIMessage addProtection(PKIMessage pkiMessage, AuditEvent event) {
try {
return CmpUtil.addProtection(pkiMessage, getSigner(), getSender(),
getCmpControl().sendResponderCert());
} catch (Exception ex) {
LogUtil.error(LOG, ex, "could not add protection to the PKI message");
PKIStatusInfo status = generateRejectionStatus(
PKIFailureInfo.systemFailure, "could not sign the PKIMessage");
event.setLevel(AuditLevel.ERROR);
event.setStatus(AuditStatus.FAILED);
event.addEventData(CaAuditConstants.NAME_message, "could not sign the PKIMessage");
PKIBody body = new PKIBody(PKIBody.TYPE_ERROR, new ErrorMsgContent(status));
return new PKIMessage(pkiMessage.getHeader(), body);
}
}
开发者ID:xipki,项目名称:xipki,代码行数:17,代码来源:CmpResponder.java
示例2: unacceptableResponseParse
import org.bouncycastle.asn1.cmp.PKIFailureInfo; //导入依赖的package包/类
private void unacceptableResponseParse(
byte[] response)
throws Exception
{
TimeStampResponse resp = new TimeStampResponse(response);
if (resp.getStatus() != PKIStatus.REJECTION)
{
fail("request not rejected.");
}
if (resp.getFailInfo().intValue() != PKIFailureInfo.unacceptedPolicy)
{
fail("request not rejected.");
}
}
开发者ID:credentials,项目名称:irma_future_id,代码行数:17,代码来源:ParseTest.java
示例3: performTest
import org.bouncycastle.asn1.cmp.PKIFailureInfo; //导入依赖的package包/类
public void performTest()
throws IOException
{
BitStringConstantTester.testFlagValueCorrect(0, PKIFailureInfo.badAlg);
BitStringConstantTester.testFlagValueCorrect(1, PKIFailureInfo.badMessageCheck);
BitStringConstantTester.testFlagValueCorrect(2, PKIFailureInfo.badRequest);
BitStringConstantTester.testFlagValueCorrect(3, PKIFailureInfo.badTime);
BitStringConstantTester.testFlagValueCorrect(4, PKIFailureInfo.badCertId);
BitStringConstantTester.testFlagValueCorrect(5, PKIFailureInfo.badDataFormat);
BitStringConstantTester.testFlagValueCorrect(6, PKIFailureInfo.wrongAuthority);
BitStringConstantTester.testFlagValueCorrect(7, PKIFailureInfo.incorrectData);
BitStringConstantTester.testFlagValueCorrect(8, PKIFailureInfo.missingTimeStamp);
BitStringConstantTester.testFlagValueCorrect(9, PKIFailureInfo.badPOP);
BitStringConstantTester.testFlagValueCorrect(14, PKIFailureInfo.timeNotAvailable);
BitStringConstantTester.testFlagValueCorrect(15, PKIFailureInfo.unacceptedPolicy);
BitStringConstantTester.testFlagValueCorrect(16, PKIFailureInfo.unacceptedExtension);
BitStringConstantTester.testFlagValueCorrect(17, PKIFailureInfo.addInfoNotAvailable);
BitStringConstantTester.testFlagValueCorrect(25, PKIFailureInfo.systemFailure);
testEncoding();
}
开发者ID:credentials,项目名称:irma_future_id,代码行数:22,代码来源:PKIFailureInfoTest.java
示例4: getFailInfo
import org.bouncycastle.asn1.cmp.PKIFailureInfo; //导入依赖的package包/类
public PKIFailureInfo getFailInfo()
{
if (resp.getStatus().getFailInfo() != null)
{
return new PKIFailureInfo(resp.getStatus().getFailInfo());
}
return null;
}
开发者ID:Appdome,项目名称:ipack,代码行数:10,代码来源:TimeStampResponse.java
示例5: generateRejectedResponse
import org.bouncycastle.asn1.cmp.PKIFailureInfo; //导入依赖的package包/类
/**
* Generate a generic rejection response based on a TSPValidationException or
* an Exception. Exceptions which are not an instance of TSPValidationException
* will be treated as systemFailure. The return value of exception.getMessage() will
* be used as the status string for the response.
*
* @param exception the exception thrown on validating the request.
* @return a TimeStampResponse.
* @throws TSPException if a failure response cannot be generated.
*/
public TimeStampResponse generateRejectedResponse(Exception exception)
throws TSPException
{
if (exception instanceof TSPValidationException)
{
return generateFailResponse(PKIStatus.REJECTION, ((TSPValidationException)exception).getFailureCode(), exception.getMessage());
}
else
{
return generateFailResponse(PKIStatus.REJECTION, PKIFailureInfo.systemFailure, exception.getMessage());
}
}
开发者ID:Appdome,项目名称:ipack,代码行数:23,代码来源:TimeStampResponseGenerator.java
示例6: buildErrorMsgPkiBody
import org.bouncycastle.asn1.cmp.PKIFailureInfo; //导入依赖的package包/类
private static PKIBody buildErrorMsgPkiBody(PKIStatus pkiStatus, int failureInfo,
String statusMessage) {
PKIFreeText pkiStatusMsg = (statusMessage == null) ? null : new PKIFreeText(statusMessage);
ErrorMsgContent emc = new ErrorMsgContent(
new PKIStatusInfo(pkiStatus, pkiStatusMsg, new PKIFailureInfo(failureInfo)));
return new PKIBody(PKIBody.TYPE_ERROR, emc);
}
开发者ID:xipki,项目名称:xipki,代码行数:8,代码来源:X509CaCmpResponderImpl.java
示例7: testEncoding
import org.bouncycastle.asn1.cmp.PKIFailureInfo; //导入依赖的package包/类
private void testEncoding()
throws IOException
{
DERBitString bitString = (DERBitString)new ASN1InputStream(CORRECT_FAILURE_INFO).readObject();
PKIFailureInfo correct = new PKIFailureInfo(bitString);
PKIFailureInfo bug = new PKIFailureInfo(PKIFailureInfo.badRequest | PKIFailureInfo.badTime |PKIFailureInfo.badDataFormat | PKIFailureInfo.incorrectData);
if (!areEqual(correct.getEncoded(ASN1Encoding.DER),bug.getEncoded(ASN1Encoding.DER)))
{
fail("encoding doesn't match");
}
}
开发者ID:credentials,项目名称:irma_future_id,代码行数:14,代码来源:PKIFailureInfoTest.java
示例8: validate
import org.bouncycastle.asn1.cmp.PKIFailureInfo; //导入依赖的package包/类
/**
* Validate the timestamp request, checking the digest to see if it is of an
* accepted type and whether it is of the correct length for the algorithm specified.
*
* @param algorithms a set of OIDs giving accepted algorithms.
* @param policies if non-null a set of policies OIDs we are willing to sign under.
* @param extensions if non-null a set of extensions OIDs we are willing to accept.
* @throws TSPException if the request is invalid, or processing fails.
*/
public void validate(
Set algorithms,
Set policies,
Set extensions)
throws TSPException
{
algorithms = convert(algorithms);
policies = convert(policies);
extensions = convert(extensions);
if (!algorithms.contains(this.getMessageImprintAlgOID()))
{
throw new TSPValidationException("request contains unknown algorithm.", PKIFailureInfo.badAlg);
}
if (policies != null && this.getReqPolicy() != null && !policies.contains(this.getReqPolicy()))
{
throw new TSPValidationException("request contains unknown policy.", PKIFailureInfo.unacceptedPolicy);
}
if (this.getExtensions() != null && extensions != null)
{
Enumeration en = this.getExtensions().oids();
while(en.hasMoreElements())
{
String oid = ((DERObjectIdentifier)en.nextElement()).getId();
if (!extensions.contains(oid))
{
throw new TSPValidationException("request contains unknown extension.", PKIFailureInfo.unacceptedExtension);
}
}
}
int digestLength = TSPUtil.getDigestLength(this.getMessageImprintAlgOID().getId());
if (digestLength != this.getMessageImprintDigest().length)
{
throw new TSPValidationException("imprint digest the wrong length.", PKIFailureInfo.badDataFormat);
}
}
开发者ID:Appdome,项目名称:ipack,代码行数:50,代码来源:TimeStampRequest.java
示例9: validate
import org.bouncycastle.asn1.cmp.PKIFailureInfo; //导入依赖的package包/类
/**
* Validate the timestamp request, checking the digest to see if it is of an
* accepted type and whether it is of the correct length for the algorithm specified.
*
* @param algorithms a set of OIDs giving accepted algorithms.
* @param policies if non-null a set of policies OIDs we are willing to sign under.
* @param extensions if non-null a set of extensions OIDs we are willing to accept.
* @throws TSPException if the request is invalid, or processing fails.
*/
public void validate(
Set algorithms,
Set policies,
Set extensions)
throws TSPException
{
algorithms = convert(algorithms);
policies = convert(policies);
extensions = convert(extensions);
if (!algorithms.contains(this.getMessageImprintAlgOID()))
{
throw new TSPValidationException("request contains unknown algorithm.", PKIFailureInfo.badAlg);
}
if (policies != null && this.getReqPolicy() != null && !policies.contains(this.getReqPolicy()))
{
throw new TSPValidationException("request contains unknown policy.", PKIFailureInfo.unacceptedPolicy);
}
if (this.getExtensions() != null && extensions != null)
{
Enumeration en = this.getExtensions().oids();
while(en.hasMoreElements())
{
String oid = ((ASN1ObjectIdentifier)en.nextElement()).getId();
if (!extensions.contains(oid))
{
throw new TSPValidationException("request contains unknown extension.", PKIFailureInfo.unacceptedExtension);
}
}
}
int digestLength = TSPUtil.getDigestLength(this.getMessageImprintAlgOID().getId());
if (digestLength != this.getMessageImprintDigest().length)
{
throw new TSPValidationException("imprint digest the wrong length.", PKIFailureInfo.badDataFormat);
}
}
开发者ID:ttt43ttt,项目名称:gwt-crypto,代码行数:50,代码来源:TimeStampRequest.java
示例10: processP10cr
import org.bouncycastle.asn1.cmp.PKIFailureInfo; //导入依赖的package包/类
/**
* handle the PKI body with the choice {@code p10cr}<br/>
* Since it is not possible to add attribute to the PKCS#10 request (CSR), the certificate
* profile must be specified in the attribute regInfo-utf8Pairs (1.3.6.1.5.5.7.5.2.1) within
* PKIHeader.generalInfo
*
*/
private PKIBody processP10cr(PKIMessage request, CmpRequestorInfo requestor,
ASN1OctetString tid, PKIHeader reqHeader, CertificationRequest p10cr,
CmpControl cmpControl, String msgId, AuditEvent event) {
// verify the POP first
CertResponse certResp;
ASN1Integer certReqId = new ASN1Integer(-1);
boolean certGenerated = false;
X509Ca ca = getCa();
if (!securityFactory.verifyPopo(p10cr, getCmpControl().popoAlgoValidator())) {
LOG.warn("could not validate POP for the pkcs#10 requst");
certResp = buildErrorCertResponse(certReqId, PKIFailureInfo.badPOP, "invalid POP");
} else {
CertificationRequestInfo certTemp = p10cr.getCertificationRequestInfo();
Extensions extensions = CaUtil.getExtensions(certTemp);
X500Name subject = certTemp.getSubject();
SubjectPublicKeyInfo publicKeyInfo = certTemp.getSubjectPublicKeyInfo();
CmpUtf8Pairs keyvalues = CmpUtil.extract(reqHeader.getGeneralInfo());
String certprofileName = null;
Date notBefore = null;
Date notAfter = null;
if (keyvalues != null) {
certprofileName = keyvalues.value(CmpUtf8Pairs.KEY_CERT_PROFILE);
String str = keyvalues.value(CmpUtf8Pairs.KEY_NOT_BEFORE);
if (str != null) {
notBefore = DateUtil.parseUtcTimeyyyyMMddhhmmss(str);
}
str = keyvalues.value(CmpUtf8Pairs.KEY_NOT_AFTER);
if (str != null) {
notAfter = DateUtil.parseUtcTimeyyyyMMddhhmmss(str);
}
}
if (certprofileName == null) {
certResp = buildErrorCertResponse(certReqId, PKIFailureInfo.badCertTemplate,
"badCertTemplate", null);
} else {
certprofileName = certprofileName.toUpperCase();
if (!requestor.isCertProfilePermitted(certprofileName)) {
String msg = "certprofile " + certprofileName + " is not allowed";
certResp = buildErrorCertResponse(certReqId,
PKIFailureInfo.notAuthorized, msg);
} else {
CertTemplateData certTemplateData = new CertTemplateData(subject, publicKeyInfo,
notBefore, notAfter, extensions, certprofileName);
certResp = generateCertificates(Arrays.asList(certTemplateData),
Arrays.asList(certReqId), requestor, tid, false, request,
cmpControl, msgId, event).get(0);
certGenerated = true;
}
}
}
CMPCertificate[] caPubs = null;
if (certGenerated && cmpControl.sendCaCert()) {
caPubs = new CMPCertificate[]{ca.caInfo().certInCmpFormat()};
}
CertRepMessage repMessage = new CertRepMessage(caPubs, new CertResponse[]{certResp});
return new PKIBody(PKIBody.TYPE_CERT_REP, repMessage);
}
开发者ID:xipki,项目名称:xipki,代码行数:76,代码来源:X509CaCmpResponderImpl.java
示例11: getPKiFailureInfo
import org.bouncycastle.asn1.cmp.PKIFailureInfo; //导入依赖的package包/类
private int getPKiFailureInfo(OperationException ex) {
ErrorCode code = ex.errorCode();
int failureInfo;
switch (code) {
case ALREADY_ISSUED:
failureInfo = PKIFailureInfo.badRequest;
break;
case BAD_CERT_TEMPLATE:
failureInfo = PKIFailureInfo.badCertTemplate;
break;
case BAD_REQUEST:
failureInfo = PKIFailureInfo.badRequest;
break;
case CERT_REVOKED:
failureInfo = PKIFailureInfo.certRevoked;
break;
case CERT_UNREVOKED:
failureInfo = PKIFailureInfo.notAuthorized;
break;
case BAD_POP:
failureInfo = PKIFailureInfo.badPOP;
break;
case CRL_FAILURE:
failureInfo = PKIFailureInfo.systemFailure;
break;
case DATABASE_FAILURE:
failureInfo = PKIFailureInfo.systemFailure;
break;
case NOT_PERMITTED:
failureInfo = PKIFailureInfo.notAuthorized;
break;
case INVALID_EXTENSION:
failureInfo = PKIFailureInfo.badRequest;
break;
case SYSTEM_FAILURE:
failureInfo = PKIFailureInfo.systemFailure;
break;
case SYSTEM_UNAVAILABLE:
failureInfo = PKIFailureInfo.systemUnavail;
break;
case UNKNOWN_CERT:
failureInfo = PKIFailureInfo.badCertId;
break;
case UNKNOWN_CERT_PROFILE:
failureInfo = PKIFailureInfo.badCertTemplate;
break;
default:
failureInfo = PKIFailureInfo.systemFailure;
break;
} // end switch (code)
return failureInfo;
}
开发者ID:xipki,项目名称:xipki,代码行数:55,代码来源:X509CaCmpResponderImpl.java
示例12: confirmCertificates
import org.bouncycastle.asn1.cmp.PKIFailureInfo; //导入依赖的package包/类
private PKIBody confirmCertificates(ASN1OctetString transactionId, CertConfirmContent certConf,
String msgId) {
CertStatus[] certStatuses = certConf.toCertStatusArray();
boolean successful = true;
for (CertStatus certStatus : certStatuses) {
ASN1Integer certReqId = certStatus.getCertReqId();
byte[] certHash = certStatus.getCertHash().getOctets();
X509CertificateInfo certInfo = pendingCertPool.removeCertificate(
transactionId.getOctets(), certReqId.getPositiveValue(), certHash);
if (certInfo == null) {
if (LOG.isWarnEnabled()) {
LOG.warn("no cert under transactionId={}, certReqId={} and certHash=0X{}",
transactionId, certReqId.getPositiveValue(),
Hex.encode(certHash));
}
continue;
}
PKIStatusInfo statusInfo = certStatus.getStatusInfo();
boolean accept = true;
if (statusInfo != null) {
int status = statusInfo.getStatus().intValue();
if (PKIStatus.GRANTED != status && PKIStatus.GRANTED_WITH_MODS != status) {
accept = false;
}
}
if (accept) {
continue;
}
BigInteger serialNumber = certInfo.cert().cert().getSerialNumber();
X509Ca ca = getCa();
try {
ca.revokeCertificate(serialNumber, CrlReason.CESSATION_OF_OPERATION, new Date(),
msgId);
} catch (OperationException ex) {
LogUtil.warn(LOG, ex,
"could not revoke certificate ca=" + ca.caInfo().ident()
+ " serialNumber=" + LogUtil.formatCsn(serialNumber));
}
successful = false;
}
// all other certificates should be revoked
if (revokePendingCertificates(transactionId, msgId)) {
successful = false;
}
if (successful) {
return new PKIBody(PKIBody.TYPE_CONFIRM, DERNull.INSTANCE);
}
ErrorMsgContent emc = new ErrorMsgContent(
new PKIStatusInfo(PKIStatus.rejection, null,
new PKIFailureInfo(PKIFailureInfo.systemFailure)));
return new PKIBody(PKIBody.TYPE_ERROR, emc);
}
开发者ID:xipki,项目名称:xipki,代码行数:62,代码来源:X509CaCmpResponderImpl.java
示例13: cmpUnRevokeRemoveCertificates
import org.bouncycastle.asn1.cmp.PKIFailureInfo; //导入依赖的package包/类
private PKIBody cmpUnRevokeRemoveCertificates(PKIMessage request, PKIHeaderBuilder respHeader,
CmpControl cmpControl, PKIHeader reqHeader, PKIBody reqBody, CmpRequestorInfo requestor,
String msgId, AuditEvent event) {
Integer requiredPermission = null;
boolean allRevdetailsOfSameType = true;
RevReqContent rr = RevReqContent.getInstance(reqBody.getContent());
RevDetails[] revContent = rr.toRevDetailsArray();
int len = revContent.length;
for (int i = 0; i < len; i++) {
RevDetails revDetails = revContent[i];
Extensions crlDetails = revDetails.getCrlEntryDetails();
int reasonCode = CrlReason.UNSPECIFIED.code();
if (crlDetails != null) {
ASN1ObjectIdentifier extId = Extension.reasonCode;
ASN1Encodable extValue = crlDetails.getExtensionParsedValue(extId);
if (extValue != null) {
reasonCode = ASN1Enumerated.getInstance(extValue).getValue().intValue();
}
}
if (reasonCode == XiSecurityConstants.CMP_CRL_REASON_REMOVE) {
if (requiredPermission == null) {
event.addEventType(CaAuditConstants.TYPE_CMP_rr_remove);
requiredPermission = PermissionConstants.REMOVE_CERT;
} else if (requiredPermission != PermissionConstants.REMOVE_CERT) {
allRevdetailsOfSameType = false;
break;
}
} else if (reasonCode == CrlReason.REMOVE_FROM_CRL.code()) {
if (requiredPermission == null) {
event.addEventType(CaAuditConstants.TYPE_CMP_rr_unrevoke);
requiredPermission = PermissionConstants.UNREVOKE_CERT;
} else if (requiredPermission != PermissionConstants.UNREVOKE_CERT) {
allRevdetailsOfSameType = false;
break;
}
} else {
if (requiredPermission == null) {
event.addEventType(CaAuditConstants.TYPE_CMP_rr_revoke);
requiredPermission = PermissionConstants.REVOKE_CERT;
} else if (requiredPermission != PermissionConstants.REVOKE_CERT) {
allRevdetailsOfSameType = false;
break;
}
}
} // end for
if (!allRevdetailsOfSameType) {
ErrorMsgContent emc = new ErrorMsgContent(
new PKIStatusInfo(PKIStatus.rejection,
new PKIFreeText("not all revDetails are of the same type"),
new PKIFailureInfo(PKIFailureInfo.badRequest)));
return new PKIBody(PKIBody.TYPE_ERROR, emc);
} else {
try {
checkPermission(requestor, requiredPermission);
} catch (InsuffientPermissionException ex) {
event.setStatus(AuditStatus.FAILED);
event.addEventData(CaAuditConstants.NAME_message, "NOT_PERMITTED");
return buildErrorMsgPkiBody(PKIStatus.rejection, PKIFailureInfo.notAuthorized,
null);
}
return unRevokeRemoveCertificates(request, rr, requiredPermission, cmpControl, msgId);
}
}
开发者ID:xipki,项目名称:xipki,代码行数:69,代码来源:X509CaCmpResponderImpl.java
示例14: generateRejectionStatus
import org.bouncycastle.asn1.cmp.PKIFailureInfo; //导入依赖的package包/类
protected PKIStatusInfo generateRejectionStatus(PKIStatus status, Integer info,
String errorMessage) {
PKIFreeText statusMessage = (errorMessage == null) ? null : new PKIFreeText(errorMessage);
PKIFailureInfo failureInfo = (info == null) ? null : new PKIFailureInfo(info);
return new PKIStatusInfo(status, statusMessage, failureInfo);
}
开发者ID:xipki,项目名称:xipki,代码行数:7,代码来源:CmpResponder.java
注:本文中的org.bouncycastle.asn1.cmp.PKIFailureInfo类示例整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
客服电话
APP下载
官方微信
请发表评论