Package org.xipki.ca.gateway.cmp
Class CmpResponder
- java.lang.Object
-
- org.xipki.ca.gateway.cmp.CmpResponder
-
public class CmpResponder extends Object
CMP responder.- Since:
- 6.0.0
- Author:
- Lijun Liao (xipki)
-
-
Field Summary
Fields Modifier and Type Field Description protected CmpControlcmpControlstatic StringHTTP_HEADER_certprofilestatic StringHTTP_HEADER_groupenrollprotected org.xipki.ca.gateway.PopControlpopControlprotected org.xipki.ca.sdk.SdkClientsdkprotected org.xipki.security.SecurityFactorysecurityFactorystatic StringTYPE_ccrstatic StringTYPE_certConfstatic StringTYPE_crstatic StringTYPE_errorstatic StringTYPE_genm_cacertsstatic StringTYPE_genm_current_crlstatic StringTYPE_irstatic StringTYPE_kurstatic StringTYPE_p10crstatic StringTYPE_pkiconfstatic StringTYPE_rr_revokestatic StringTYPE_rr_unrevoke
-
Constructor Summary
Constructors Constructor Description CmpResponder(CmpControl cmpControl, org.xipki.ca.sdk.SdkClient sdk, org.xipki.security.SecurityFactory securityFactory, org.xipki.ca.gateway.CaNameSigners signers, org.xipki.ca.gateway.RequestorAuthenticator authenticator, org.xipki.ca.gateway.PopControl popControl)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description protected static voidaddErrCertResp(Map<Integer,org.bouncycastle.asn1.cmp.CertResponse> resps, int index, org.bouncycastle.asn1.ASN1Integer certReqId, int pkiFailureInfo, String pkiStatusText)protected static org.bouncycastle.asn1.cmp.CertRepMessagebuildErrCertResp(org.bouncycastle.asn1.ASN1Integer certReqId, int pkiFailureInfo, String pkiStatusText)protected static org.bouncycastle.asn1.cmp.PKIBodybuildErrorMsgPkiBody(org.bouncycastle.asn1.cmp.PKIStatus pkiStatus, int failureInfo, String statusMessage)protected voidcheckPermission(org.xipki.ca.gateway.Requestor requestor, int requiredPermission)protected org.bouncycastle.asn1.cmp.PKIBodycmpEnrollCert(String caName, String dfltCertprofileName, boolean groupEnroll, org.bouncycastle.asn1.cmp.PKIMessage request, org.bouncycastle.asn1.cmp.PKIHeaderBuilder respHeader, org.bouncycastle.asn1.cmp.PKIHeader reqHeader, org.bouncycastle.asn1.cmp.PKIBody reqBody, org.xipki.ca.gateway.Requestor requestor, org.bouncycastle.asn1.ASN1OctetString tid, org.xipki.audit.AuditEvent event)protected org.bouncycastle.asn1.cmp.PKIBodycmpGeneralMsg(String caName, org.bouncycastle.asn1.cmp.PKIBody reqBody, org.xipki.audit.AuditEvent event)protected org.bouncycastle.asn1.cmp.PKIBodycmpUnRevokeCertificates(String caName, org.bouncycastle.asn1.cmp.PKIMessage request, org.bouncycastle.asn1.cmp.PKIHeaderBuilder respHeader, org.bouncycastle.asn1.cmp.PKIHeader reqHeader, org.bouncycastle.asn1.cmp.PKIBody reqBody, org.xipki.ca.gateway.Requestor requestor, org.xipki.audit.AuditEvent event)protected org.bouncycastle.asn1.cmp.PKIBodyconfirmCertificates(String caName, org.bouncycastle.asn1.ASN1OctetString transactionId, org.bouncycastle.asn1.cmp.CertConfirmContent certConf)protected static org.bouncycastle.asn1.cmp.PKIStatusInfogenerateRejectionStatus(Integer info, String errorMessage)protected static org.bouncycastle.asn1.cmp.PKIStatusInfogenerateRejectionStatus(org.bouncycastle.asn1.cmp.PKIStatus status, Integer info, String errorMessage)protected static intgetPKiFailureInfo(org.xipki.util.exception.OperationException ex)protected static org.bouncycastle.asn1.x500.X500NamegetX500Name(org.bouncycastle.asn1.x509.GeneralName name)protected org.bouncycastle.asn1.cmp.CertResponsepostProcessCertInfo(org.bouncycastle.asn1.ASN1Integer certReqId, org.xipki.ca.gateway.Requestor requestor, byte[] cert, byte[] privateKeyinfo)org.bouncycastle.asn1.cmp.PKIMessageprocessPkiMessage(String caName, org.bouncycastle.asn1.cmp.PKIMessage pkiMessage, org.xipki.security.X509Cert tlsClientCert, Map<String,String> parameters, org.xipki.audit.AuditEvent event)protected org.bouncycastle.asn1.cmp.PKIBodyrevokePendingCertificates(String caName, org.bouncycastle.asn1.ASN1OctetString transactionId)protected booleanverifyPop(org.bouncycastle.cert.crmf.CertificateRequestMessage certRequest, org.bouncycastle.asn1.x509.SubjectPublicKeyInfo spki)
-
-
-
Field Detail
-
HTTP_HEADER_certprofile
public static final String HTTP_HEADER_certprofile
- See Also:
- Constant Field Values
-
HTTP_HEADER_groupenroll
public static final String HTTP_HEADER_groupenroll
- See Also:
- Constant Field Values
-
TYPE_ccr
public static final String TYPE_ccr
- See Also:
- Constant Field Values
-
TYPE_certConf
public static final String TYPE_certConf
- See Also:
- Constant Field Values
-
TYPE_ir
public static final String TYPE_ir
- See Also:
- Constant Field Values
-
TYPE_cr
public static final String TYPE_cr
- See Also:
- Constant Field Values
-
TYPE_error
public static final String TYPE_error
- See Also:
- Constant Field Values
-
TYPE_genm_cacerts
public static final String TYPE_genm_cacerts
- See Also:
- Constant Field Values
-
TYPE_genm_current_crl
public static final String TYPE_genm_current_crl
- See Also:
- Constant Field Values
-
TYPE_kur
public static final String TYPE_kur
- See Also:
- Constant Field Values
-
TYPE_p10cr
public static final String TYPE_p10cr
- See Also:
- Constant Field Values
-
TYPE_pkiconf
public static final String TYPE_pkiconf
- See Also:
- Constant Field Values
-
TYPE_rr_revoke
public static final String TYPE_rr_revoke
- See Also:
- Constant Field Values
-
TYPE_rr_unrevoke
public static final String TYPE_rr_unrevoke
- See Also:
- Constant Field Values
-
securityFactory
protected final org.xipki.security.SecurityFactory securityFactory
-
sdk
protected final org.xipki.ca.sdk.SdkClient sdk
-
cmpControl
protected final CmpControl cmpControl
-
popControl
protected final org.xipki.ca.gateway.PopControl popControl
-
-
Constructor Detail
-
CmpResponder
public CmpResponder(CmpControl cmpControl, org.xipki.ca.sdk.SdkClient sdk, org.xipki.security.SecurityFactory securityFactory, org.xipki.ca.gateway.CaNameSigners signers, org.xipki.ca.gateway.RequestorAuthenticator authenticator, org.xipki.ca.gateway.PopControl popControl) throws NoSuchAlgorithmException
- Throws:
NoSuchAlgorithmException
-
-
Method Detail
-
confirmCertificates
protected org.bouncycastle.asn1.cmp.PKIBody confirmCertificates(String caName, org.bouncycastle.asn1.ASN1OctetString transactionId, org.bouncycastle.asn1.cmp.CertConfirmContent certConf) throws org.xipki.ca.sdk.SdkErrorResponseException
- Throws:
org.xipki.ca.sdk.SdkErrorResponseException
-
revokePendingCertificates
protected org.bouncycastle.asn1.cmp.PKIBody revokePendingCertificates(String caName, org.bouncycastle.asn1.ASN1OctetString transactionId) throws org.xipki.ca.sdk.SdkErrorResponseException
- Throws:
org.xipki.ca.sdk.SdkErrorResponseException
-
cmpEnrollCert
protected org.bouncycastle.asn1.cmp.PKIBody cmpEnrollCert(String caName, String dfltCertprofileName, boolean groupEnroll, org.bouncycastle.asn1.cmp.PKIMessage request, org.bouncycastle.asn1.cmp.PKIHeaderBuilder respHeader, org.bouncycastle.asn1.cmp.PKIHeader reqHeader, org.bouncycastle.asn1.cmp.PKIBody reqBody, org.xipki.ca.gateway.Requestor requestor, org.bouncycastle.asn1.ASN1OctetString tid, org.xipki.audit.AuditEvent event) throws org.xipki.util.exception.InsufficientPermissionException, org.xipki.ca.sdk.SdkErrorResponseException
- Throws:
org.xipki.util.exception.InsufficientPermissionExceptionorg.xipki.ca.sdk.SdkErrorResponseException
-
cmpUnRevokeCertificates
protected org.bouncycastle.asn1.cmp.PKIBody cmpUnRevokeCertificates(String caName, org.bouncycastle.asn1.cmp.PKIMessage request, org.bouncycastle.asn1.cmp.PKIHeaderBuilder respHeader, org.bouncycastle.asn1.cmp.PKIHeader reqHeader, org.bouncycastle.asn1.cmp.PKIBody reqBody, org.xipki.ca.gateway.Requestor requestor, org.xipki.audit.AuditEvent event) throws org.xipki.ca.sdk.SdkErrorResponseException
- Throws:
org.xipki.ca.sdk.SdkErrorResponseException
-
getX500Name
protected static org.bouncycastle.asn1.x500.X500Name getX500Name(org.bouncycastle.asn1.x509.GeneralName name)
-
processPkiMessage
public org.bouncycastle.asn1.cmp.PKIMessage processPkiMessage(String caName, org.bouncycastle.asn1.cmp.PKIMessage pkiMessage, org.xipki.security.X509Cert tlsClientCert, Map<String,String> parameters, org.xipki.audit.AuditEvent event)
-
generateRejectionStatus
protected static org.bouncycastle.asn1.cmp.PKIStatusInfo generateRejectionStatus(Integer info, String errorMessage)
-
generateRejectionStatus
protected static org.bouncycastle.asn1.cmp.PKIStatusInfo generateRejectionStatus(org.bouncycastle.asn1.cmp.PKIStatus status, Integer info, String errorMessage)
-
getPKiFailureInfo
protected static int getPKiFailureInfo(org.xipki.util.exception.OperationException ex)
-
checkPermission
protected void checkPermission(org.xipki.ca.gateway.Requestor requestor, int requiredPermission) throws org.xipki.util.exception.InsufficientPermissionException- Throws:
org.xipki.util.exception.InsufficientPermissionException
-
buildErrorMsgPkiBody
protected static org.bouncycastle.asn1.cmp.PKIBody buildErrorMsgPkiBody(org.bouncycastle.asn1.cmp.PKIStatus pkiStatus, int failureInfo, String statusMessage)
-
buildErrCertResp
protected static org.bouncycastle.asn1.cmp.CertRepMessage buildErrCertResp(org.bouncycastle.asn1.ASN1Integer certReqId, int pkiFailureInfo, String pkiStatusText)
-
addErrCertResp
protected static void addErrCertResp(Map<Integer,org.bouncycastle.asn1.cmp.CertResponse> resps, int index, org.bouncycastle.asn1.ASN1Integer certReqId, int pkiFailureInfo, String pkiStatusText)
-
verifyPop
protected boolean verifyPop(org.bouncycastle.cert.crmf.CertificateRequestMessage certRequest, org.bouncycastle.asn1.x509.SubjectPublicKeyInfo spki)
-
postProcessCertInfo
protected org.bouncycastle.asn1.cmp.CertResponse postProcessCertInfo(org.bouncycastle.asn1.ASN1Integer certReqId, org.xipki.ca.gateway.Requestor requestor, byte[] cert, byte[] privateKeyinfo)
-
cmpGeneralMsg
protected org.bouncycastle.asn1.cmp.PKIBody cmpGeneralMsg(String caName, org.bouncycastle.asn1.cmp.PKIBody reqBody, org.xipki.audit.AuditEvent event) throws org.xipki.util.exception.InsufficientPermissionException, org.xipki.ca.sdk.SdkErrorResponseException
- Throws:
org.xipki.util.exception.InsufficientPermissionExceptionorg.xipki.ca.sdk.SdkErrorResponseException
-
-