public CertificateConfirmationContent build(DigestCalculatorProvider digesterProvider) throws CMPException { ASN1EncodableVector v = new ASN1EncodableVector(); for (int i = 0; i != acceptedCerts.size(); i++) { X509CertificateHolder certHolder = (X509CertificateHolder)acceptedCerts.get(i); BigInteger reqID = (BigInteger)acceptedReqIds.get(i); AlgorithmIdentifier digAlg = digestAlgFinder.find(certHolder.toASN1Structure().getSignatureAlgorithm()); if (digAlg == null) { throw new CMPException("cannot find algorithm for digest from signature"); } DigestCalculator digester; try { digester = digesterProvider.get(digAlg); } catch (OperatorCreationException e) { throw new CMPException("unable to create digest: " + e.getMessage(), e); } CMPUtil.derEncodeToStream(certHolder.toASN1Structure(), digester.getOutputStream()); v.add(new CertStatus(digester.getDigest(), reqID)); } return new CertificateConfirmationContent(CertConfirmContent.getInstance(new DERSequence(v)), digestAlgFinder); }
public CertificateStatus[] getStatusMessages() { CertStatus[] statusArray = content.toCertStatusArray(); CertificateStatus[] ret = new CertificateStatus[statusArray.length]; for (int i = 0; i != ret.length; i++) { ret[i] = new CertificateStatus(digestAlgFinder, statusArray[i]); } return ret; }
CertificateStatus(DigestAlgorithmIdentifierFinder digestAlgFinder, CertStatus certStatus) { this.digestAlgFinder = digestAlgFinder; this.certStatus = certStatus; }
private PKIBody confirmCertificates(ASN1OctetString transactionId, CertConfirmContent certConf, String msgId) { CertStatus[] certStatuses = certConf.toCertStatusArray(); boolean successful = true; for (CertStatus certStatus : certStatuses) { ASN1Integer certReqId = certStatus.getCertReqId(); byte[] certHash = certStatus.getCertHash().getOctets(); X509CertificateInfo certInfo = pendingCertPool.removeCertificate( transactionId.getOctets(), certReqId.getPositiveValue(), certHash); if (certInfo == null) { if (LOG.isWarnEnabled()) { LOG.warn("no cert under transactionId={}, certReqId={} and certHash=0X{}", transactionId, certReqId.getPositiveValue(), Hex.encode(certHash)); } continue; } PKIStatusInfo statusInfo = certStatus.getStatusInfo(); boolean accept = true; if (statusInfo != null) { int status = statusInfo.getStatus().intValue(); if (PKIStatus.GRANTED != status && PKIStatus.GRANTED_WITH_MODS != status) { accept = false; } } if (accept) { continue; } BigInteger serialNumber = certInfo.cert().cert().getSerialNumber(); X509Ca ca = getCa(); try { ca.revokeCertificate(serialNumber, CrlReason.CESSATION_OF_OPERATION, new Date(), msgId); } catch (OperationException ex) { LogUtil.warn(LOG, ex, "could not revoke certificate ca=" + ca.caInfo().ident() + " serialNumber=" + LogUtil.formatCsn(serialNumber)); } successful = false; } // all other certificates should be revoked if (revokePendingCertificates(transactionId, msgId)) { successful = false; } if (successful) { return new PKIBody(PKIBody.TYPE_CONFIRM, DERNull.INSTANCE); } ErrorMsgContent emc = new ErrorMsgContent( new PKIStatusInfo(PKIStatus.rejection, null, new PKIFailureInfo(PKIFailureInfo.systemFailure))); return new PKIBody(PKIBody.TYPE_ERROR, emc); }
