Package com.novosec.pkix.asn1.cmp

Examples of com.novosec.pkix.asn1.cmp.ErrorMsgContent


      assertTrue("Response was of 0 length.", retMsg.length > 0);
      boolean pbe = (pbeSecret!=null);
        //
        // Parse response message
        //
        PKIMessage respObject = PKIMessage.getInstance(new ASN1InputStream(new ByteArrayInputStream(retMsg)).readObject());
        assertNotNull(respObject);

        // The signer, i.e. the CA, check it's the right CA
        PKIHeader header = respObject.getHeader();

        // Check that the message is signed with the correct digest alg
        if (signed) {
            AlgorithmIdentifier algId = header.getProtectionAlg();
            assertNotNull("The AlgorithmIdentifier in the response signature could not be read.", algId);
            assertEquals(PKCSObjectIdentifiers.sha1WithRSAEncryption.getId(), algId.getObjectId().getId());
        }
        if (pbe) {
            AlgorithmIdentifier algId = header.getProtectionAlg();
            assertNotNull("Protection algorithm was null.", algId);
            assertEquals("Protection algorithm id: " + algId.getObjectId().getId(), CMPObjectIdentifiers.passwordBasedMac.getId(), algId.getObjectId().getId())//1.2.840.113549.1.1.5 - SHA-1 with RSA Encryption
        }

        // Check that the signer is the expected CA
        assertEquals(header.getSender().getTagNo(), 4);
        X509Name name = X509Name.getInstance(header.getSender().getName());
        assertEquals(name.toString(), issuerDN);

        if (signed) {
            // Verify the signature
            byte[] protBytes = respObject.getProtectedBytes();
            DERBitString bs = respObject.getProtection();
            Signature sig;
            try {
                sig = Signature.getInstance(PKCSObjectIdentifiers.sha1WithRSAEncryption.getId(), "BC");
                sig.initVerify(cacert);
                sig.update(protBytes);
                boolean ret = sig.verify(bs.getBytes());
                assertTrue(ret);
            } catch (NoSuchAlgorithmException e) {
                e.printStackTrace();
                assertTrue(false);
            } catch (NoSuchProviderException e) {
                e.printStackTrace();
                assertTrue(false);
            } catch (InvalidKeyException e) {
                e.printStackTrace();
                assertTrue(false);
            } catch (SignatureException e) {
                e.printStackTrace();
                assertTrue(false);
            }
        }
        if (pbe) {
            DEROctetString os = header.getSenderKID();
            assertNotNull(os);
            String keyId = new String(os.getOctets());
            log.debug("Found a sender keyId: " + keyId);
            // Verify the PasswordBased protection of the message
            byte[] protectedBytes = respObject.getProtectedBytes();
            DERBitString protection = respObject.getProtection();
            AlgorithmIdentifier pAlg = header.getProtectionAlg();
            log.debug("Protection type is: " + pAlg.getObjectId().getId());
            PBMParameter pp = PBMParameter.getInstance(pAlg.getParameters());
            int iterationCount = pp.getIterationCount().getPositiveValue().intValue();
            log.debug("Iteration count is: " + iterationCount);
View Full Code Here


    protected X509Certificate checkCmpCertRepMessage(String userDN, Certificate cacert, byte[] retMsg, int requestId) throws IOException,
            CertificateException {
        //
        // Parse response message
        //
        PKIMessage respObject = PKIMessage.getInstance(new ASN1InputStream(new ByteArrayInputStream(retMsg)).readObject());
        assertNotNull(respObject);

        PKIBody body = respObject.getBody();
        int tag = body.getTagNo();
        assertEquals(tag, 1);
        CertRepMessage c = body.getIp();
        assertNotNull(c);
        CertResponse resp = c.getResponse(0);
View Full Code Here

    protected void checkCmpPKIConfirmMessage(String userDN, Certificate cacert, byte[] retMsg) throws IOException {
        //
        // Parse response message
        //
        PKIMessage respObject = PKIMessage.getInstance(new ASN1InputStream(new ByteArrayInputStream(retMsg)).readObject());
        assertNotNull(respObject);
        PKIHeader header = respObject.getHeader();
        assertEquals(header.getSender().getTagNo(), 4);
        X509Name name = X509Name.getInstance(header.getSender().getName());
        assertEquals(name.toString(), ((X509Certificate)cacert).getSubjectDN().getName());
        name = X509Name.getInstance(header.getRecipient().getName());
        assertEquals(name.toString(), userDN);

        PKIBody body = respObject.getBody();
        int tag = body.getTagNo();
        assertEquals(tag, 19);
        DERNull n = body.getConf();
        assertNotNull(n);
    }
View Full Code Here

    protected void checkCmpRevokeConfirmMessage(String issuerDN, String userDN, BigInteger serno, Certificate cacert, byte[] retMsg, boolean success)
            throws IOException {
        //
        // Parse response message
        //
        PKIMessage respObject = PKIMessage.getInstance(new ASN1InputStream(new ByteArrayInputStream(retMsg)).readObject());
        assertNotNull(respObject);
        PKIHeader header = respObject.getHeader();
        assertEquals(header.getSender().getTagNo(), 4);
        X509Name name = X509Name.getInstance(header.getSender().getName());
        assertEquals(name.toString(), ((X509Certificate)cacert).getSubjectDN().getName());
        name = X509Name.getInstance(header.getRecipient().getName());
        assertEquals(name.toString(), userDN);

        PKIBody body = respObject.getBody();
        int tag = body.getTagNo();
        assertEquals(tag, 12);
        RevRepContent n = body.getRp();
        assertNotNull(n);
        PKIStatusInfo info = n.getPKIStatusInfo(0);
View Full Code Here

     */
    protected void checkCmpFailMessage(byte[] retMsg, String failMsg, int exptag, int requestId, int err) throws IOException {
        //
        // Parse response message
        //
        final PKIMessage respObject = PKIMessage.getInstance(new ASN1InputStream(new ByteArrayInputStream(retMsg)).readObject());
        assertNotNull(respObject);

        final PKIBody body = respObject.getBody();
        final int tag = body.getTagNo();
        assertEquals(exptag, tag);
        final PKIStatusInfo info;
        if (exptag == CmpPKIBodyConstants.ERRORMESSAGE) {
            ErrorMsgContent c = body.getError();
View Full Code Here

    protected void checkCmpPKIErrorMessage(byte[] retMsg, String sender, String recipient, int errorCode, String errorMsg) throws IOException {
        //
        // Parse response message
        //
        PKIMessage respObject = PKIMessage.getInstance(new ASN1InputStream(new ByteArrayInputStream(retMsg)).readObject());
        assertNotNull(respObject);
        PKIHeader header = respObject.getHeader();
        assertEquals(header.getSender().getTagNo(), 4);
        X509Name name = X509Name.getInstance(header.getSender().getName());
        assertEquals(name.toString(), sender);
        name = X509Name.getInstance(header.getRecipient().getName());
        assertEquals(name.toString(), recipient);

        PKIBody body = respObject.getBody();
        int tag = body.getTagNo();
        assertEquals(tag, 23);
        ErrorMsgContent n = body.getError();
        assertNotNull(n);
        PKIStatusInfo info = n.getPKIStatus();
View Full Code Here

        byte[] nonce = CmpMessageHelper.createSenderNonce();
        byte[] transid = CmpMessageHelper.createSenderNonce();

        // A message with the KeyId "foobarfoobar" should not be known by this
        PKIMessage one = genCertReq(issuerDN1, userDN1, keys, cacert1, nonce, transid, true, null, null, null, null);
        PKIMessage req = protectPKIMessage(one, false, PBEPASSWORD, "foobarfoobar", 567);

        int reqId = req.getBody().getIr().getCertReqMsg(0).getCertReq().getCertReqId().getValue().intValue();
        assertNotNull(req);
        ByteArrayOutputStream bao = new ByteArrayOutputStream();
        DEROutputStream out = new DEROutputStream(bao);
        out.writeObject(req);
        byte[] ba = bao.toByteArray();
View Full Code Here

      NoSuchAlgorithmException, NoSuchProviderException,
      SignRequestException, NotFoundException {
    X509Name sender = X509Name.getInstance(getSender().getName());
    X509Name recipient = X509Name.getInstance(getRecipient().getName());
    PKIHeader myPKIHeader = CmpMessageHelper.createPKIHeader(sender, recipient, getSenderNonce(), getRecipientNonce(), getTransactionId());
    PKIStatusInfo myPKIStatusInfo = new PKIStatusInfo(new DERInteger(2)); // 2 = rejection
    if (failInfo != null) {
      myPKIStatusInfo.setFailInfo(failInfo.getAsBitString());     
    }
    if (failText != null) {   
      myPKIStatusInfo.setStatusString(new PKIFreeText(new DERUTF8String(failText)));
    }
    PKIBody myPKIBody = null;
    log.debug("Create error message from requestType: "+requestType);
    if (requestType==0 || requestType==2) {
      myPKIBody = CmpMessageHelper.createCertRequestRejectBody(myPKIHeader, myPKIStatusInfo, requestId, requestType);
View Full Code Here

        assertNotNull(respObject);

        final PKIBody body = respObject.getBody();
        final int tag = body.getTagNo();
        assertEquals(exptag, tag);
        final PKIStatusInfo info;
        if (exptag == CmpPKIBodyConstants.ERRORMESSAGE) {
            ErrorMsgContent c = body.getError();
            assertNotNull(c);
            info = c.getPKIStatus();
            assertNotNull(info);
            assertEquals(ResponseStatus.FAILURE.getIntValue(), info.getStatus().getValue().intValue());
            int i = info.getFailInfo().intValue();
            assertEquals(i, 1 << err);
        } else if (exptag == CmpPKIBodyConstants.REVOCATIONRESPONSE) {
            RevRepContent rrc = body.getRp();
            assertNotNull(rrc);
            info = rrc.getPKIStatusInfo(0);
            assertNotNull(info);
            assertEquals(ResponseStatus.FAILURE.getIntValue(), info.getStatus().getValue().intValue());
            assertEquals(FailInfo.BAD_REQUEST.getAsBitString(), info.getFailInfo());
        } else {
            CertRepMessage c = null;
            if (exptag == CmpPKIBodyConstants.INITIALIZATIONRESPONSE) {
                c = body.getIp();
            } else if (exptag == CmpPKIBodyConstants.CERTIFICATIONRESPONSE) {
                c = body.getCp();
            }
            assertNotNull(c);
            CertResponse resp = c.getResponse(0);
            assertNotNull(resp);
            assertEquals(resp.getCertReqId().getValue().intValue(), requestId);
            info = resp.getStatus();
            assertNotNull(info);
            int error = info.getStatus().getValue().intValue();
            assertEquals(ResponseStatus.FAILURE.getIntValue(), error); // 2 is
                                                                       // rejection
            assertEquals(FailInfo.INCORRECT_DATA.getAsBitString(), info.getFailInfo());
        }
        log.debug("expected fail message: '" + failMsg + "'. received fail message: '" + info.getStatusString().getString(0).getString() + "'.");
        assertEquals(failMsg, info.getStatusString().getString(0).getString());
    }
View Full Code Here

        PKIBody body = respObject.getBody();
        int tag = body.getTagNo();
        assertEquals(tag, 23);
        ErrorMsgContent n = body.getError();
        assertNotNull(n);
        PKIStatusInfo info = n.getPKIStatus();
        assertNotNull(info);
        DERInteger i = info.getStatus();
        assertEquals(i.getValue().intValue(), 2);
        DERBitString b = info.getFailInfo();
        assertEquals("Return wrong error code.", errorCode, b.intValue());
        if (errorMsg != null) {
            PKIFreeText freeText = info.getStatusString();
            DERUTF8String utf = freeText.getString(0);
            assertEquals(errorMsg, utf.getString());
        }
    }
View Full Code Here

TOP

Related Classes of com.novosec.pkix.asn1.cmp.ErrorMsgContent

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.