Package org.certificateservices.messages.pkimessages

Interface PKIMessageParser

  • All Known Implementing Classes:
    DefaultPKIMessageParser
    public interface PKIMessageParser
    PKIMessage Parser reading and writing all types of PKI messages.

    • Method Detail

      • init

        void init​(MessageSecurityProvider securityProvider,
          java.util.Properties config)
   throws MessageException
        Method that initializes the PKIMessage parser with a security provider and properties.
        Parameters:
        securityProvider - the PKIMessage security provider to use.
        config - the configuration of the parser.
        Throws:
        MessageException - if configuration contained bad configuration of security provider.

      • parseMessage

        PKIMessage parseMessage​(byte[] messageData)
                 throws java.lang.IllegalArgumentException,
                        MessageException
        Method to parse the messageData into a PKI Message with validation according to the specification.
        Parameters:
        messageData - the message data to parse
        Returns:
        a PKIMessage that is valid, never null.
        Throws:
        java.lang.IllegalArgumentException - if PKI message contained invalid data not conforming to the standard.
        MessageException - if internal state occurred when processing the PKIMessage

      • genIssueTokenCredentialsRequest

        byte[] genIssueTokenCredentialsRequest​(java.lang.String requestId,
                                       java.lang.String destination,
                                       java.lang.String organisation,
                                       TokenRequest tokenRequest,
                                       Credential originator)
                                throws java.lang.IllegalArgumentException,
                                       MessageException
        Method to a IssueTokenCredentialRequest message and populating it with the tokenRequest.
        Parameters:
        requestId - the id of the request
        destination - the destinationId used in the PKIMessage.
        organisation - the related organisation
        tokenRequest - the tokenRequest to add to the PKIRequest.
        originator - the original requester of a message, null if not applicable
        Returns:
        generated and signed PKIMessage in byte[] format.
        Throws:
        java.lang.IllegalArgumentException - if PKI message contained invalid data not conforming to the standard.
        MessageException - if internal state occurred when processing the PKIMessage

      • genIssueTokenCredentialsResponse

        PKIMessageResponseData genIssueTokenCredentialsResponse​(java.lang.String relatedEndEntity,
                                                        PKIMessage request,
                                                        java.util.List<Credential> credentials,
                                                        java.util.List<Credential> revokedCredentials)
                                                 throws java.lang.IllegalArgumentException,
                                                        MessageException
        Method to a IssueTokenCredentialResponse message and populating it with the tokenRequest and the generated responses.
        Parameters:
        relatedEndEntity - the name of the related end entity (such as username of the related user)
        request - the request to populate the response with
        credentials - the credentials to populate the response with.
        revokedCredentials - credentials revoked in the operation or null, if no credentials where revoked.
        Returns:
        a generated message.
        Throws:
        java.lang.IllegalArgumentException - if PKI message contained invalid data not conforming to the standard.
        MessageException - if internal state occurred when processing the PKIMessage

      • genChangeCredentialStatusRequest

        byte[] genChangeCredentialStatusRequest​(java.lang.String requestId,
                                        java.lang.String destination,
                                        java.lang.String organisation,
                                        java.lang.String issuerId,
                                        java.lang.String serialNumber,
                                        int newCredentialStatus,
                                        java.lang.String reasonInformation,
                                        Credential originator)
                                 throws java.lang.IllegalArgumentException,
                                        MessageException
        Method to generate a ChangeCredentialStatusRequest
        Parameters:
        requestId - the id of the request
        destination - the destinationId used in the PKIMessage.
        organisation - the related organisation
        issuerId - The unique id of the issuer, usually the subject DN name of the issuer.
        serialNumber - The serial number of the credential in hexadecimal encoding lowercase (for X509 certificates).
        newCredentialStatus - The new credential status to set.
        reasonInformation - More detailed information about the revocation status
        originator - the original requester of a message, null if not applicable
        Returns:
        a generated message.
        Throws:
        java.lang.IllegalArgumentException - if PKI message contained invalid data not conforming to the standard.
        MessageException - if internal state occurred when processing the PKIMessage

      • genChangeCredentialStatusResponse

        PKIMessageResponseData genChangeCredentialStatusResponse​(java.lang.String relatedEndEntity,
                                                         PKIMessage request,
                                                         java.lang.String issuerId,
                                                         java.lang.String serialNumber,
                                                         int credentialStatus,
                                                         java.lang.String reasonInformation,
                                                         java.util.Date revocationDate)
                                                  throws java.lang.IllegalArgumentException,
                                                         MessageException
        Method to generate a ChangeCredentialStatusResponse
        Parameters:
        relatedEndEntity - the name of the related end entity (such as username of the related user)
        request - the request to populate the response with
        issuerId - The unique id of the issuer, usually the subject DN name of the issuer.
        serialNumber - The serial number of the credential in hexadecimal encoding lowercase (for X509 certificates).
        credentialStatus - the resulted credential status of the request
        reasonInformation - More detailed information about the revocation status
        revocationDate - the timestamp when the credential was revoked.
        Returns:
        a generated message.
        Throws:
        java.lang.IllegalArgumentException - if PKI message contained invalid data not conforming to the standard.
        MessageException - if internal state occurred when processing the PKIMessage

      • genGetCredentialRequest

        byte[] genGetCredentialRequest​(java.lang.String requestId,
                               java.lang.String destination,
                               java.lang.String organisation,
                               java.lang.String credentialSubType,
                               java.lang.String issuerId,
                               java.lang.String serialNumber,
                               Credential originator)
                        throws java.lang.IllegalArgumentException,
                               MessageException
        Method to generate a GetCredentialRequest
        Parameters:
        requestId - the id of the request
        destination - the destinationId used in the PKIMessage.
        organisation - the related organisation
        credentialSubType - the credential sub type of the credential.
        issuerId - The unique id of the issuer, usually the subject DN name of the issuer.
        serialNumber - The serial number of the credential in hexadecimal encoding lowercase (for X509 certificates).
        originator - the original requester of a message, null if not applicable.
        Returns:
        a generated message.
        Throws:
        java.lang.IllegalArgumentException - if PKI message contained invalid data not conforming to the standard.
        MessageException - if internal state occurred when processing the PKIMessage

      • genGetCredentialResponse

        PKIMessageResponseData genGetCredentialResponse​(java.lang.String relatedEndEntity,
                                                PKIMessage request,
                                                Credential credential)
                                         throws java.lang.IllegalArgumentException,
                                                MessageException
        Method to generate a GetCredentialResponse
        Parameters:
        relatedEndEntity - the name of the related end entity (such as username of the related user)
        request - the request to populate the response with
        credential - the matching credential of the issued id and serial number
        Returns:
        a generated message.
        Throws:
        java.lang.IllegalArgumentException - if PKI message contained invalid data not conforming to the standard.
        MessageException - if internal state occurred when processing the PKIMessage

      • genGetCredentialStatusListRequest

        byte[] genGetCredentialStatusListRequest​(java.lang.String requestId,
                                         java.lang.String destination,
                                         java.lang.String organisation,
                                         java.lang.String issuerId,
                                         java.lang.Long serialNumber,
                                         java.lang.String credentialStatusListType,
                                         Credential originator)
                                  throws java.lang.IllegalArgumentException,
                                         MessageException
        Method to generate a GetCredentialStatusListRequest
        Parameters:
        requestId - the id of the request
        destination - the destinationId used in the PKIMessage.
        organisation - the related organisation
        issuerId - The unique id of the issuer, usually the subject DN name of the issuer.
        serialNumber - The number of the credential status list in the request (Optional)
        credentialStatusListType - The type of status list to fetch
        originator - the original requester of a message, null if not applicable.
        Returns:
        a generated message.
        Throws:
        java.lang.IllegalArgumentException - if PKI message contained invalid data not conforming to the standard.
        MessageException - if internal state occurred when processing the PKIMessage

      • genGetCredentialStatusListResponse

        PKIMessageResponseData genGetCredentialStatusListResponse​(java.lang.String relatedEndEntity,
                                                          PKIMessage request,
                                                          CredentialStatusList credentialStatusList)
                                                   throws java.lang.IllegalArgumentException,
                                                          MessageException
        Method to generate a GetCredentialStatusListResponse
        Parameters:
        relatedEndEntity - the name of the related end entity (such as username of the related user)
        request - the request to populate the response with
        credentialStatusList - the matching credential status list
        Returns:
        a generated message.
        Throws:
        java.lang.IllegalArgumentException - if PKI message contained invalid data not conforming to the standard.
        MessageException - if internal state occurred when processing the PKIMessage

      • genGetIssuerCredentialsRequest

        byte[] genGetIssuerCredentialsRequest​(java.lang.String requestId,
                                      java.lang.String destination,
                                      java.lang.String organisation,
                                      java.lang.String issuerId,
                                      Credential originator)
                               throws java.lang.IllegalArgumentException,
                                      MessageException
        Method to generate a GetIssuerCredentialsRequest
        Parameters:
        requestId - the id of the request
        destination - the destinationId used in the PKIMessage.
        organisation - the related organisation
        issuerId - The unique id of the issuer, usually the subject DN name of the issuer.
        originator - the original requester of a message, null if not applicable.
        Returns:
        a generated message.
        Throws:
        java.lang.IllegalArgumentException - if PKI message contained invalid data not conforming to the standard.
        MessageException - if internal state occurred when processing the PKIMessage

      • genGetIssuerCredentialsResponse

        PKIMessageResponseData genGetIssuerCredentialsResponse​(java.lang.String relatedEndEntity,
                                                       PKIMessage request,
                                                       Credential issuerCredential)
                                                throws java.lang.IllegalArgumentException,
                                                       MessageException
        Method to generate a GetIssuerCredentialsResponse
        Parameters:
        relatedEndEntity - the name of the related end entity (such as username of the related user)
        request - the request to populate the response with
        issuerCredential - the issuers credential
        Returns:
        a generated message.
        Throws:
        java.lang.IllegalArgumentException - if PKI message contained invalid data not conforming to the standard.
        MessageException - if internal state occurred when processing the PKIMessage

      • genIsIssuerRequest

        byte[] genIsIssuerRequest​(java.lang.String requestId,
                          java.lang.String destination,
                          java.lang.String organisation,
                          java.lang.String issuerId,
                          Credential originator)
                   throws java.lang.IllegalArgumentException,
                          MessageException
        Method to generate a IsIssuerRequest
        Parameters:
        requestId - the id of the request
        destination - the destinationId used in the PKIMessage.
        organisation - the related organisation
        issuerId - The unique id of the issuer, usually the subject DN name of the issuer.
        originator - the original requester of a message, null if not applicable.
        Returns:
        a generated message.
        Throws:
        java.lang.IllegalArgumentException - if PKI message contained invalid data not conforming to the standard.
        MessageException - if internal state occurred when processing the PKIMessage

      • genIsIssuerResponse

        PKIMessageResponseData genIsIssuerResponse​(java.lang.String relatedEndEntity,
                                           PKIMessage request,
                                           boolean isIssuer)
                                    throws java.lang.IllegalArgumentException,
                                           MessageException
        Method to generate a IsIssuerResponse
        Parameters:
        relatedEndEntity - the name of the related end entity (such as username of the related user)
        request - the request to populate the response with
        isIssuer - indicating if current server is issuer or not
        Returns:
        a generated message.
        Throws:
        java.lang.IllegalArgumentException - if PKI message contained invalid data not conforming to the standard.
        MessageException - if internal state occurred when processing the PKIMessage

      • genIssueCredentialStatusListRequest

        byte[] genIssueCredentialStatusListRequest​(java.lang.String requestId,
                                           java.lang.String destination,
                                           java.lang.String organisation,
                                           java.lang.String issuerId,
                                           java.lang.String credentialStatusListType,
                                           java.lang.Boolean force,
                                           java.util.Date requestedValidFromDate,
                                           java.util.Date requestedNotAfterDate,
                                           Credential originator)
                                    throws java.lang.IllegalArgumentException,
                                           MessageException
        Method to generate a IssueCredentialStatusListRequest
        Parameters:
        requestId - the id of the request
        destination - the destinationId used in the PKIMessage.
        organisation - the related organisation
        issuerId - The unique id of the issuer, usually the subject DN name of the issuer.
        serialNumber - The number of the credential status list in the request (Optional)
        credentialStatusListType - The type of status list to fetch
        originator - the original requester of a message, null if not applicable.
        Returns:
        a generated message.
        Throws:
        java.lang.IllegalArgumentException
        MessageException

      • genIssueCredentialStatusListResponse

        PKIMessageResponseData genIssueCredentialStatusListResponse​(java.lang.String relatedEndEntity,
                                                            PKIMessage request,
                                                            CredentialStatusList credentialStatusList)
                                                     throws java.lang.IllegalArgumentException,
                                                            MessageException
        Method to generate a IssueCredentialStatusListResponse
        Parameters:
        relatedEndEntity - the name of the related end entity (such as username of the related user)
        requestId - the id of the request
        request - the request to populate the response with
        credentialStatusList - the new credential status list
        Returns:
        a generated message.
        Throws:
        java.lang.IllegalArgumentException - if PKI message contained invalid data not conforming to the standard.
        MessageException - if internal state occurred when processing the PKIMessage

      • genIssueCredentialStatusListResponseWithoutRequest

        PKIMessageResponseData genIssueCredentialStatusListResponseWithoutRequest​(java.lang.String relatedEndEntity,
                                                                          java.lang.String destination,
                                                                          java.lang.String requestName,
                                                                          java.lang.String organisation,
                                                                          CredentialStatusList credentialStatusList,
                                                                          Credential originator)
                                                                   throws java.lang.IllegalArgumentException,
                                                                          MessageException
        Method to generate a IssueCredentialStatusListResponse where there are no request, such as scheduled CRL issuing.
        Parameters:
        relatedEndEntity - the name of the related end entity (such as username of the related user)
        destination - the destination of the response set in the PKI message.
        requestName - the name of the request message this response whould normally reply to.
        organisation - the organisation set in the response message.
        credentialStatusList - the new credential status list
        originator - the original requester of a message, null if not applicable.
        Returns:
        a generated message.
        Throws:
        java.lang.IllegalArgumentException - if PKI message contained invalid data not conforming to the standard.
        MessageException - if internal state occurred when processing the PKIMessage

      • genRemoveCredentialRequest

        byte[] genRemoveCredentialRequest​(java.lang.String requestId,
                                  java.lang.String destination,
                                  java.lang.String organisation,
                                  java.lang.String issuerId,
                                  java.lang.String serialNumber,
                                  Credential originator)
                           throws java.lang.IllegalArgumentException,
                                  MessageException
        Method to generate a RemoveCredentialRequest
        Parameters:
        requestId - the id of the request
        destination - the destinationId used in the PKIMessage.
        organisation - the related organisation
        issuerId - The unique id of the issuer, usually the subject DN name of the issuer.
        serialNumber - The serial number of the credential in hexadecimal encoding lowercase (for X509 certificates).
        originator - the original requester of a message, null if not applicable.
        Returns:
        a generated message.
        Throws:
        java.lang.IllegalArgumentException - if PKI message contained invalid data not conforming to the standard.
        MessageException - if internal state occurred when processing the PKIMessage

      • genRemoveCredentialResponse

        PKIMessageResponseData genRemoveCredentialResponse​(java.lang.String relatedEndEntity,
                                                   PKIMessage request)
                                            throws java.lang.IllegalArgumentException,
                                                   MessageException
        Method to generate a RemoveCredentialResponse
        Parameters:
        relatedEndEntity - the name of the related end entity (such as username of the related user)
        request - the request to populate the response with
        Returns:
        a generated message.
        Throws:
        java.lang.IllegalArgumentException - if PKI message contained invalid data not conforming to the standard.
        MessageException - if internal state occurred when processing the PKIMessage

      • genFetchHardTokenDataRequest

        byte[] genFetchHardTokenDataRequest​(java.lang.String requestId,
                                    java.lang.String destination,
                                    java.lang.String organisation,
                                    java.lang.String tokenSerial,
                                    java.lang.String relatedCredentialSerialNumber,
                                    java.lang.String relatedCredentialIssuerId,
                                    Credential adminCredential,
                                    Credential originator)
                             throws java.lang.IllegalArgumentException,
                                    MessageException
        Method to generate a FetchHardTokenDataRequest
        Parameters:
        requestId - the id of the request
        destination - the destinationId used in the PKIMessage.
        organisation - the related organisation
        tokenSerial - The unique serial number of the hard token within the organisation
        relatedCredentialSerialNumber - The serial number of the most related credential in hexadecimal encoding lowercase (for X509 certificates).
        relatedCredentialIssuerId - The unique id of the issuer of the related credential, usually the subject DN name of the issuer.
        adminCredential - the credential of the requesting card administrator that need the hard token data. The response data is encrypted with this administrator as recipient.
        originator - the original requester of a message, null if not applicable.
        Returns:
        a generated message.
        Throws:
        java.lang.IllegalArgumentException - if PKI message contained invalid data not conforming to the standard.
        MessageException - if internal state occurred when processing the PKIMessage

      • genFetchHardTokenDataResponse

        PKIMessageResponseData genFetchHardTokenDataResponse​(java.lang.String relatedEndEntity,
                                                     PKIMessage request,
                                                     java.lang.String tokenSerial,
                                                     byte[] encryptedData)
                                              throws java.lang.IllegalArgumentException,
                                                     MessageException
        Method to generate a FetchHardTokenDataResponse
        Parameters:
        relatedEndEntity - the name of the related end entity (such as username of the related user)
        destination - the destinationId used in the PKIMessage.
        tokenSerial - The unique serial number of the hard token within the organisation.
        encryptedData - The token data encrypted with the token administrators credential sent in the request.
        Returns:
        a generated message.
        Throws:
        java.lang.IllegalArgumentException - if PKI message contained invalid data not conforming to the standard.
        MessageException - if internal state occurred when processing the PKIMessage

      • genStoreHardTokenDataRequest

        byte[] genStoreHardTokenDataRequest​(java.lang.String requestId,
                                    java.lang.String destination,
                                    java.lang.String organisation,
                                    java.lang.String tokenSerial,
                                    java.lang.String relatedCredentialSerialNumber,
                                    java.lang.String relatedCredentialIssuerId,
                                    byte[] encryptedData,
                                    Credential originator)
                             throws java.lang.IllegalArgumentException,
                                    MessageException
        Method to generate a StoreHardTokenDataRequest
        Parameters:
        requestId - the id of the request
        destination - the destinationId used in the PKIMessage.
        organisation - the related organisation
        tokenSerial - The unique serial number of the hard token within the organisation
        relatedCredentialSerialNumber - The serial number of the most related credential in hexadecimal encoding lowercase (for X509 certificates).
        relatedCredentialIssuerId - The unique id of the issuer of the related credential, usually the subject DN name of the issuer.
        encryptedData - The token data encrypted with a credential provided out-of-bands by the PKI administrator to protect the data during transport.
        originator - the original requester of a message, null if not applicable.
        Returns:
        a generated message.
        Throws:
        java.lang.IllegalArgumentException - if PKI message contained invalid data not conforming to the standard.
        MessageException - if internal state occurred when processing the PKIMessage

      • genStoreHardTokenDataResponse

        PKIMessageResponseData genStoreHardTokenDataResponse​(java.lang.String relatedEndEntity,
                                                     PKIMessage request)
                                              throws java.lang.IllegalArgumentException,
                                                     MessageException
        Method to generate a StoreHardTokenDataResponse
        Parameters:
        relatedEndEntity - the name of the related end entity (such as username of the related user)
        destination - the destinationId used in the PKIMessage.
        Returns:
        a generated message.
        Throws:
        java.lang.IllegalArgumentException - if PKI message contained invalid data not conforming to the standard.
        MessageException - if internal state occurred when processing the PKIMessage

      • genPKIResponse

        PKIMessageResponseData genPKIResponse​(java.lang.String relatedEndEntity,
                                      byte[] request,
                                      RequestStatus status,
                                      java.lang.String failureMessage,
                                      Credential originator)
                               throws java.lang.IllegalArgumentException,
                                      MessageException
        Method to generate a basic PKI Response used when sending a message with status of ILLEGALARGUMENT or ERROR and a failureMessage.

        This method is using the request sourceID as destinationID

        Parameters:
        relatedEndEntity - the name of the related end entity (such as username of the related user)
        request - the PKI Request data to generate a response for.
        status - the status to set in the request.
        failureMessage - the failure message sent in the request.
        originator - the original requester of a message, null if not applicable.
        Returns:
        generated and signed PKIMessage in byte[] format.
        Throws:
        java.lang.IllegalArgumentException - if PKI message contained invalid data not conforming to the standard.
        MessageException - if internal state occurred when processing the PKIMessage

      • genPKIResponse

        PKIMessageResponseData genPKIResponse​(java.lang.String relatedEndEntity,
                                      byte[] request,
                                      RequestStatus status,
                                      java.lang.String failureMessage,
                                      java.lang.String destinationId,
                                      Credential originator)
                               throws java.lang.IllegalArgumentException,
                                      MessageException
        Method to generate a basic PKI Response used when sending a message with status of ILLEGALARGUMENT or ERROR and a failureMessage with a custom defined destinationId.
        Parameters:
        relatedEndEntity - the name of the related end entity (such as username of the related user)
        request - the PKI Request data to generate a response for.
        status - the status to set in the request.
        failureMessage - the failure message sent in the request.
        destinationId - the destinationId to use.
        originator - the original requester of a message, null if not applicable.
        Returns:
        generated and signed PKIMessage in byte[] format.
        Throws:
        java.lang.IllegalArgumentException - if PKI message contained invalid data not conforming to the standard.
        MessageException - if internal state occurred when processing the PKIMessage

      • getSigningCertificate

        java.security.cert.X509Certificate getSigningCertificate​(byte[] request)
                                                  throws java.lang.IllegalArgumentException,
                                                         MessageException
        Fetches the signing certificate from the request.
        Parameters:
        request - the request to parse the certificate from.
        Returns:
        the signer certificate of null if no certificate is required by the parser.
        Throws:
        MessageException - if internal error occurred parsing the certificate.
        java.lang.IllegalArgumentException

      • marshallAndSignPKIMessage

        byte[] marshallAndSignPKIMessage​(PKIMessage pkiMessage)
                          throws MessageException
        Method that generates the signature and marshalls the message to byte array in UTF-8 format.
        Parameters:
        pkiMessage - the PKIMessage to sign and marshall, never null.
        Returns:
        a marshalled and signed message.
        Throws:
        MessageException - if problems occurred when processing the message.