Package org.xipki.ca.gateway.cmp

Class BaseCmpResponder

java.lang.Object

org.xipki.ca.gateway.cmp.BaseCmpResponder

Direct Known Subclasses:

CmpResponder

public abstract class BaseCmpResponder
extends Object

Base CMP responder.

Since:

6.0.0

Author:

Lijun Liao (xipki)

Field Summary

Fields

Modifier and Type	Field	Description
protected CmpControl	cmpControl
static String	HTTP_HEADER_certprofile
static String	HTTP_HEADER_groupenroll
protected org.xipki.ca.gateway.PopControl	popControl
protected org.xipki.ca.sdk.SdkClient	sdk
protected org.xipki.security.SecurityFactory	securityFactory
static String	TYPE_ccr
static String	TYPE_certConf
static String	TYPE_cr
static String	TYPE_error
static String	TYPE_genm_cacerts
static String	TYPE_genm_current_crl
static String	TYPE_ir
static String	TYPE_kur
static String	TYPE_p10cr
static String	TYPE_pkiconf
static String	TYPE_rr_revoke
static String	TYPE_rr_unrevoke

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	BaseCmpResponder(CmpControl cmpControl, org.xipki.ca.sdk.SdkClient sdk, org.xipki.security.SecurityFactory securityFactory, org.xipki.ca.gateway.CaNameSigners signers, org.xipki.ca.gateway.RequestorAuthenticator authenticator, org.xipki.ca.gateway.PopControl popControl)

Method Summary

Modifier and Type	Method	Description
protected static void	addErrCertResp(Map<Integer,org.bouncycastle.asn1.cmp.CertResponse> resps, int index, org.bouncycastle.asn1.ASN1Integer certReqId, int pkiFailureInfo, String pkiStatusText)
protected static org.bouncycastle.asn1.cmp.CertRepMessage	buildErrCertResp(org.bouncycastle.asn1.ASN1Integer certReqId, int pkiFailureInfo, String pkiStatusText)
protected static org.bouncycastle.asn1.cmp.PKIBody	buildErrorMsgPkiBody(org.bouncycastle.asn1.cmp.PKIStatus pkiStatus, int failureInfo, String statusMessage)
protected void	checkPermission(org.xipki.ca.gateway.Requestor requestor, org.xipki.ca.gateway.Requestor.Permission requiredPermission)
protected abstract org.bouncycastle.asn1.cmp.PKIBody	cmpEnrollCert(String caName, String dfltCertprofileName, boolean groupEnroll, org.bouncycastle.asn1.cmp.PKIMessage request, org.bouncycastle.asn1.cmp.PKIHeaderBuilder respHeader, org.bouncycastle.asn1.cmp.PKIHeader reqHeader, org.bouncycastle.asn1.cmp.PKIBody reqBody, org.xipki.ca.gateway.Requestor requestor, org.bouncycastle.asn1.ASN1OctetString tid, org.xipki.audit.AuditEvent event)
protected org.bouncycastle.asn1.cmp.PKIBody	cmpGeneralMsg(String caName, org.bouncycastle.asn1.cmp.PKIBody reqBody, org.xipki.audit.AuditEvent event)
protected abstract org.bouncycastle.asn1.cmp.PKIBody	cmpUnRevokeCertificates(String caName, org.bouncycastle.asn1.cmp.PKIMessage request, org.bouncycastle.asn1.cmp.PKIHeaderBuilder respHeader, org.bouncycastle.asn1.cmp.PKIHeader reqHeader, org.bouncycastle.asn1.cmp.PKIBody reqBody, org.xipki.ca.gateway.Requestor requestor, org.xipki.audit.AuditEvent event)
protected abstract org.bouncycastle.asn1.cmp.PKIBody	confirmCertificates(String caName, org.bouncycastle.asn1.ASN1OctetString transactionId, org.bouncycastle.asn1.cmp.CertConfirmContent certConf)
protected static org.bouncycastle.asn1.cmp.PKIStatusInfo	generateRejectionStatus(Integer info, String errorMessage)
protected static org.bouncycastle.asn1.cmp.PKIStatusInfo	generateRejectionStatus(org.bouncycastle.asn1.cmp.PKIStatus status, Integer info, String errorMessage)
protected static int	getPKiFailureInfo(org.xipki.pki.OperationException ex)
protected static org.bouncycastle.asn1.x500.X500Name	getX500Name(org.bouncycastle.asn1.x509.GeneralName name)
protected org.bouncycastle.asn1.cmp.CertResponse	postProcessCertInfo(org.bouncycastle.asn1.ASN1Integer certReqId, org.xipki.ca.gateway.Requestor requestor, byte[] cert, byte[] privateKeyinfo)
org.bouncycastle.asn1.cmp.PKIMessage	processPkiMessage(String caName, org.bouncycastle.asn1.cmp.PKIMessage pkiMessage, org.xipki.security.X509Cert tlsClientCert, Map<String,String> parameters, org.xipki.audit.AuditEvent event)
protected abstract org.bouncycastle.asn1.cmp.PKIBody	revokePendingCertificates(String caName, org.bouncycastle.asn1.ASN1OctetString transactionId)
protected boolean	verifyPop(org.bouncycastle.cert.crmf.CertificateRequestMessage certRequest, org.bouncycastle.asn1.x509.SubjectPublicKeyInfo spki)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

HTTP_HEADER_certprofile

public static final String HTTP_HEADER_certprofile

See Also:

Constant Field Values

HTTP_HEADER_groupenroll

public static final String HTTP_HEADER_groupenroll

See Also:

Constant Field Values

TYPE_ccr

public static final String TYPE_ccr

See Also:

Constant Field Values

TYPE_certConf

public static final String TYPE_certConf

See Also:

Constant Field Values

TYPE_ir

public static final String TYPE_ir

See Also:

Constant Field Values

TYPE_cr

public static final String TYPE_cr

See Also:

Constant Field Values

TYPE_error

public static final String TYPE_error

See Also:

Constant Field Values

TYPE_genm_cacerts

public static final String TYPE_genm_cacerts

See Also:

Constant Field Values

TYPE_genm_current_crl

public static final String TYPE_genm_current_crl

See Also:

Constant Field Values

TYPE_kur

public static final String TYPE_kur

See Also:

Constant Field Values

TYPE_p10cr

public static final String TYPE_p10cr

See Also:

Constant Field Values

TYPE_pkiconf

public static final String TYPE_pkiconf

See Also:

Constant Field Values

TYPE_rr_revoke

public static final String TYPE_rr_revoke

See Also:

Constant Field Values

TYPE_rr_unrevoke

public static final String TYPE_rr_unrevoke

See Also:

Constant Field Values

securityFactory

protected final org.xipki.security.SecurityFactory securityFactory

sdk

protected final org.xipki.ca.sdk.SdkClient sdk

cmpControl

protected final CmpControl cmpControl

popControl

protected final org.xipki.ca.gateway.PopControl popControl

Constructor Detail

BaseCmpResponder

protected BaseCmpResponder(CmpControl cmpControl,
                           org.xipki.ca.sdk.SdkClient sdk,
                           org.xipki.security.SecurityFactory securityFactory,
                           org.xipki.ca.gateway.CaNameSigners signers,
                           org.xipki.ca.gateway.RequestorAuthenticator authenticator,
                           org.xipki.ca.gateway.PopControl popControl)
                    throws NoSuchAlgorithmException

Throws:

NoSuchAlgorithmException

Method Detail

cmpEnrollCert

protected abstract org.bouncycastle.asn1.cmp.PKIBody cmpEnrollCert(String caName,
                                                                   String dfltCertprofileName,
                                                                   boolean groupEnroll,
                                                                   org.bouncycastle.asn1.cmp.PKIMessage request,
                                                                   org.bouncycastle.asn1.cmp.PKIHeaderBuilder respHeader,
                                                                   org.bouncycastle.asn1.cmp.PKIHeader reqHeader,
                                                                   org.bouncycastle.asn1.cmp.PKIBody reqBody,
                                                                   org.xipki.ca.gateway.Requestor requestor,
                                                                   org.bouncycastle.asn1.ASN1OctetString tid,
                                                                   org.xipki.audit.AuditEvent event)
                                                            throws org.xipki.util.exception.InsufficientPermissionException,
                                                                   org.xipki.ca.sdk.SdkErrorResponseException

Throws:

org.xipki.util.exception.InsufficientPermissionException

org.xipki.ca.sdk.SdkErrorResponseException

cmpUnRevokeCertificates

protected abstract org.bouncycastle.asn1.cmp.PKIBody cmpUnRevokeCertificates(String caName,
                                                                             org.bouncycastle.asn1.cmp.PKIMessage request,
                                                                             org.bouncycastle.asn1.cmp.PKIHeaderBuilder respHeader,
                                                                             org.bouncycastle.asn1.cmp.PKIHeader reqHeader,
                                                                             org.bouncycastle.asn1.cmp.PKIBody reqBody,
                                                                             org.xipki.ca.gateway.Requestor requestor,
                                                                             org.xipki.audit.AuditEvent event)
                                                                      throws org.xipki.ca.sdk.SdkErrorResponseException

Throws:

org.xipki.ca.sdk.SdkErrorResponseException

confirmCertificates

protected abstract org.bouncycastle.asn1.cmp.PKIBody confirmCertificates(String caName,
                                                                         org.bouncycastle.asn1.ASN1OctetString transactionId,
                                                                         org.bouncycastle.asn1.cmp.CertConfirmContent certConf)
                                                                  throws org.xipki.ca.sdk.SdkErrorResponseException

Throws:

org.xipki.ca.sdk.SdkErrorResponseException

revokePendingCertificates

protected abstract org.bouncycastle.asn1.cmp.PKIBody revokePendingCertificates(String caName,
                                                                               org.bouncycastle.asn1.ASN1OctetString transactionId)
                                                                        throws org.xipki.ca.sdk.SdkErrorResponseException

Throws:

org.xipki.ca.sdk.SdkErrorResponseException

getX500Name

protected static org.bouncycastle.asn1.x500.X500Name getX500Name(org.bouncycastle.asn1.x509.GeneralName name)

processPkiMessage

public org.bouncycastle.asn1.cmp.PKIMessage processPkiMessage(String caName,
                                                              org.bouncycastle.asn1.cmp.PKIMessage pkiMessage,
                                                              org.xipki.security.X509Cert tlsClientCert,
                                                              Map<String,String> parameters,
                                                              org.xipki.audit.AuditEvent event)

generateRejectionStatus

protected static org.bouncycastle.asn1.cmp.PKIStatusInfo generateRejectionStatus(Integer info,
                                                                                 String errorMessage)

generateRejectionStatus

protected static org.bouncycastle.asn1.cmp.PKIStatusInfo generateRejectionStatus(org.bouncycastle.asn1.cmp.PKIStatus status,
                                                                                 Integer info,
                                                                                 String errorMessage)

getPKiFailureInfo

protected static int getPKiFailureInfo(org.xipki.pki.OperationException ex)

checkPermission

protected void checkPermission(org.xipki.ca.gateway.Requestor requestor,
                               org.xipki.ca.gateway.Requestor.Permission requiredPermission)
                        throws org.xipki.util.exception.InsufficientPermissionException

Throws:

org.xipki.util.exception.InsufficientPermissionException

buildErrorMsgPkiBody

protected static org.bouncycastle.asn1.cmp.PKIBody buildErrorMsgPkiBody(org.bouncycastle.asn1.cmp.PKIStatus pkiStatus,
                                                                        int failureInfo,
                                                                        String statusMessage)

buildErrCertResp

protected static org.bouncycastle.asn1.cmp.CertRepMessage buildErrCertResp(org.bouncycastle.asn1.ASN1Integer certReqId,
                                                                           int pkiFailureInfo,
                                                                           String pkiStatusText)

addErrCertResp

protected static void addErrCertResp(Map<Integer,org.bouncycastle.asn1.cmp.CertResponse> resps,
                                     int index,
                                     org.bouncycastle.asn1.ASN1Integer certReqId,
                                     int pkiFailureInfo,
                                     String pkiStatusText)

verifyPop

protected boolean verifyPop(org.bouncycastle.cert.crmf.CertificateRequestMessage certRequest,
                            org.bouncycastle.asn1.x509.SubjectPublicKeyInfo spki)

postProcessCertInfo

protected org.bouncycastle.asn1.cmp.CertResponse postProcessCertInfo(org.bouncycastle.asn1.ASN1Integer certReqId,
                                                                     org.xipki.ca.gateway.Requestor requestor,
                                                                     byte[] cert,
                                                                     byte[] privateKeyinfo)

cmpGeneralMsg

protected org.bouncycastle.asn1.cmp.PKIBody cmpGeneralMsg(String caName,
                                                          org.bouncycastle.asn1.cmp.PKIBody reqBody,
                                                          org.xipki.audit.AuditEvent event)
                                                   throws org.xipki.ca.sdk.SdkErrorResponseException

Throws:

org.xipki.ca.sdk.SdkErrorResponseException