org.xipki.ca.server.cmp

Class CmpResponder

java.lang.Object

org.xipki.ca.server.cmp.CmpResponder

public class CmpResponder
extends Object

CMP responder.

Since:

2.0.0

Author:

Lijun Liao

Field Summary

Fields

Modifier and Type	Field and Description
protected CaManagerImpl	caManager
protected static Set<String>	KNOWN_GENMSG_IDS
protected static Set<String>	kupCertExtnIds

Constructor Summary

Constructors

Constructor and Description
CmpResponder(CaManagerImpl caManager, String caName)

Method Summary

Modifier and Type	Method and Description
protected static void	addErrCertResp(List<org.bouncycastle.asn1.cmp.CertResponse> resps, org.bouncycastle.asn1.ASN1Integer certReqId, int pkiFailureInfo, String pkiStatusText)
protected static org.bouncycastle.asn1.cmp.CertResponse	buildErrCertResp(org.bouncycastle.asn1.ASN1Integer certReqId, int pkiFailureInfo, String pkiStatusText)
protected static org.bouncycastle.asn1.cmp.PKIBody	buildErrorMsgPkiBody(org.bouncycastle.asn1.cmp.PKIStatus pkiStatus, int failureInfo, String statusMessage)
protected void	checkPermission(org.xipki.ca.api.mgmt.RequestorInfo.CmpRequestorInfo requestor, int requiredPermission)
protected org.bouncycastle.asn1.cmp.PKIBody	cmpEnrollCert(String dfltCertprofileName, Boolean dfltCaGenKeypair, org.bouncycastle.asn1.cmp.PKIMessage request, org.bouncycastle.asn1.cmp.PKIHeaderBuilder respHeader, org.xipki.ca.api.mgmt.CmpControl cmpControl, org.bouncycastle.asn1.cmp.PKIHeader reqHeader, org.bouncycastle.asn1.cmp.PKIBody reqBody, org.xipki.ca.api.mgmt.RequestorInfo.CmpRequestorInfo requestor, org.bouncycastle.asn1.ASN1OctetString tid, String msgId, org.xipki.audit.AuditEvent event)
protected org.bouncycastle.asn1.cmp.PKIBody	cmpGeneralMsg(org.bouncycastle.asn1.cmp.PKIHeaderBuilder respHeader, org.xipki.ca.api.mgmt.CmpControl cmpControl, org.bouncycastle.asn1.cmp.PKIHeader reqHeader, org.bouncycastle.asn1.cmp.PKIBody reqBody, org.xipki.ca.api.mgmt.RequestorInfo.CmpRequestorInfo requestor, org.bouncycastle.asn1.ASN1OctetString tid, String msgId, org.xipki.audit.AuditEvent event)
protected org.bouncycastle.asn1.cmp.PKIBody	cmpUnRevokeRemoveCertificates(org.bouncycastle.asn1.cmp.PKIMessage request, org.bouncycastle.asn1.cmp.PKIHeaderBuilder respHeader, org.xipki.ca.api.mgmt.CmpControl cmpControl, org.bouncycastle.asn1.cmp.PKIHeader reqHeader, org.bouncycastle.asn1.cmp.PKIBody reqBody, org.xipki.ca.api.mgmt.RequestorInfo.CmpRequestorInfo requestor, String msgId, org.xipki.audit.AuditEvent event)
protected org.bouncycastle.asn1.cmp.PKIBody	confirmCertificates(org.bouncycastle.asn1.ASN1OctetString transactionId, org.bouncycastle.asn1.cmp.CertConfirmContent certConf, String msgId)
protected static org.bouncycastle.asn1.cmp.PKIStatusInfo	generateRejectionStatus(Integer info, String errorMessage)
protected static org.bouncycastle.asn1.cmp.PKIStatusInfo	generateRejectionStatus(org.bouncycastle.asn1.cmp.PKIStatus status, Integer info, String errorMessage)
X509Ca	getCa()
String	getCaName()
protected static int	getPKiFailureInfo(org.xipki.ca.api.OperationException ex)
protected String	getSystemInfo(org.xipki.ca.api.mgmt.RequestorInfo.CmpRequestorInfo requestor, Set<Integer> acceptVersions)
org.xipki.util.HealthCheckResult	healthCheck()
boolean	isOnService()
protected org.bouncycastle.asn1.cmp.CertResponse	postProcessCertInfo(org.bouncycastle.asn1.ASN1Integer certReqId, org.xipki.ca.api.mgmt.RequestorInfo.CmpRequestorInfo requestor, org.xipki.ca.api.CertificateInfo certInfo)
protected static org.bouncycastle.asn1.cmp.CertResponse	postProcessException(org.bouncycastle.asn1.ASN1Integer certReqId, org.xipki.ca.api.OperationException ex)
org.bouncycastle.asn1.cmp.PKIMessage	processPkiMessage(org.bouncycastle.asn1.cmp.PKIMessage pkiMessage, org.xipki.security.X509Cert tlsClientCert, Map<String,String> parameters, org.xipki.audit.AuditEvent event)
protected boolean	revokePendingCertificates(org.bouncycastle.asn1.ASN1OctetString transactionId, String msgId)
protected boolean	verifyPopo(org.bouncycastle.cert.crmf.CertificateRequestMessage certRequest, org.bouncycastle.asn1.x509.SubjectPublicKeyInfo spki, boolean allowRaPopo)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

KNOWN_GENMSG_IDS

protected static final Set<String> KNOWN_GENMSG_IDS

kupCertExtnIds

protected static final Set<String> kupCertExtnIds

caManager

protected final CaManagerImpl caManager

Constructor Detail

CmpResponder

public CmpResponder(CaManagerImpl caManager,
                    String caName)
             throws NoSuchAlgorithmException

Throws:

NoSuchAlgorithmException

Method Detail

confirmCertificates

protected org.bouncycastle.asn1.cmp.PKIBody confirmCertificates(org.bouncycastle.asn1.ASN1OctetString transactionId,
                                                                org.bouncycastle.asn1.cmp.CertConfirmContent certConf,
                                                                String msgId)

revokePendingCertificates

protected boolean revokePendingCertificates(org.bouncycastle.asn1.ASN1OctetString transactionId,
                                            String msgId)

cmpEnrollCert

protected org.bouncycastle.asn1.cmp.PKIBody cmpEnrollCert(String dfltCertprofileName,
                                                          Boolean dfltCaGenKeypair,
                                                          org.bouncycastle.asn1.cmp.PKIMessage request,
                                                          org.bouncycastle.asn1.cmp.PKIHeaderBuilder respHeader,
                                                          org.xipki.ca.api.mgmt.CmpControl cmpControl,
                                                          org.bouncycastle.asn1.cmp.PKIHeader reqHeader,
                                                          org.bouncycastle.asn1.cmp.PKIBody reqBody,
                                                          org.xipki.ca.api.mgmt.RequestorInfo.CmpRequestorInfo requestor,
                                                          org.bouncycastle.asn1.ASN1OctetString tid,
                                                          String msgId,
                                                          org.xipki.audit.AuditEvent event)
                                                   throws org.xipki.ca.api.InsufficientPermissionException

Throws:

org.xipki.ca.api.InsufficientPermissionException

cmpUnRevokeRemoveCertificates

protected org.bouncycastle.asn1.cmp.PKIBody cmpUnRevokeRemoveCertificates(org.bouncycastle.asn1.cmp.PKIMessage request,
                                                                          org.bouncycastle.asn1.cmp.PKIHeaderBuilder respHeader,
                                                                          org.xipki.ca.api.mgmt.CmpControl cmpControl,
                                                                          org.bouncycastle.asn1.cmp.PKIHeader reqHeader,
                                                                          org.bouncycastle.asn1.cmp.PKIBody reqBody,
                                                                          org.xipki.ca.api.mgmt.RequestorInfo.CmpRequestorInfo requestor,
                                                                          String msgId,
                                                                          org.xipki.audit.AuditEvent event)

cmpGeneralMsg

protected org.bouncycastle.asn1.cmp.PKIBody cmpGeneralMsg(org.bouncycastle.asn1.cmp.PKIHeaderBuilder respHeader,
                                                          org.xipki.ca.api.mgmt.CmpControl cmpControl,
                                                          org.bouncycastle.asn1.cmp.PKIHeader reqHeader,
                                                          org.bouncycastle.asn1.cmp.PKIBody reqBody,
                                                          org.xipki.ca.api.mgmt.RequestorInfo.CmpRequestorInfo requestor,
                                                          org.bouncycastle.asn1.ASN1OctetString tid,
                                                          String msgId,
                                                          org.xipki.audit.AuditEvent event)
                                                   throws org.xipki.ca.api.InsufficientPermissionException

Throws:

org.xipki.ca.api.InsufficientPermissionException

getCa

public X509Ca getCa()

isOnService

public boolean isOnService()

healthCheck

public org.xipki.util.HealthCheckResult healthCheck()

getCaName

public String getCaName()

processPkiMessage

public org.bouncycastle.asn1.cmp.PKIMessage processPkiMessage(org.bouncycastle.asn1.cmp.PKIMessage pkiMessage,
                                                              org.xipki.security.X509Cert tlsClientCert,
                                                              Map<String,String> parameters,
                                                              org.xipki.audit.AuditEvent event)

generateRejectionStatus

protected static org.bouncycastle.asn1.cmp.PKIStatusInfo generateRejectionStatus(Integer info,
                                                                                 String errorMessage)

generateRejectionStatus

protected static org.bouncycastle.asn1.cmp.PKIStatusInfo generateRejectionStatus(org.bouncycastle.asn1.cmp.PKIStatus status,
                                                                                 Integer info,
                                                                                 String errorMessage)

getPKiFailureInfo

protected static int getPKiFailureInfo(org.xipki.ca.api.OperationException ex)

getSystemInfo

protected String getSystemInfo(org.xipki.ca.api.mgmt.RequestorInfo.CmpRequestorInfo requestor,
                               Set<Integer> acceptVersions)
                        throws org.xipki.ca.api.OperationException

Throws:

org.xipki.ca.api.OperationException

checkPermission

protected void checkPermission(org.xipki.ca.api.mgmt.RequestorInfo.CmpRequestorInfo requestor,
                               int requiredPermission)
                        throws org.xipki.ca.api.InsufficientPermissionException

Throws:

org.xipki.ca.api.InsufficientPermissionException

buildErrorMsgPkiBody

protected static org.bouncycastle.asn1.cmp.PKIBody buildErrorMsgPkiBody(org.bouncycastle.asn1.cmp.PKIStatus pkiStatus,
                                                                        int failureInfo,
                                                                        String statusMessage)

buildErrCertResp

protected static org.bouncycastle.asn1.cmp.CertResponse buildErrCertResp(org.bouncycastle.asn1.ASN1Integer certReqId,
                                                                         int pkiFailureInfo,
                                                                         String pkiStatusText)

addErrCertResp

protected static void addErrCertResp(List<org.bouncycastle.asn1.cmp.CertResponse> resps,
                                     org.bouncycastle.asn1.ASN1Integer certReqId,
                                     int pkiFailureInfo,
                                     String pkiStatusText)

verifyPopo

protected boolean verifyPopo(org.bouncycastle.cert.crmf.CertificateRequestMessage certRequest,
                             org.bouncycastle.asn1.x509.SubjectPublicKeyInfo spki,
                             boolean allowRaPopo)

postProcessException

protected static org.bouncycastle.asn1.cmp.CertResponse postProcessException(org.bouncycastle.asn1.ASN1Integer certReqId,
                                                                             org.xipki.ca.api.OperationException ex)

postProcessCertInfo

protected org.bouncycastle.asn1.cmp.CertResponse postProcessCertInfo(org.bouncycastle.asn1.ASN1Integer certReqId,
                                                                     org.xipki.ca.api.mgmt.RequestorInfo.CmpRequestorInfo requestor,
                                                                     org.xipki.ca.api.CertificateInfo certInfo)