public boolean isSuccess() { return pkcsRep.getPkiStatus() == PkiStatus.SUCCESS; }
/** * Returns <tt>true</tt> for a pending response, <tt>false</tt> otherwise. * * @return <tt>true</tt> for a pending response, <tt>false</tt> otherwise. */ public boolean isPending() { return pkcsRep.getPkiStatus() == PkiStatus.PENDING; }
public boolean isFailure() { return pkcsRep.getPkiStatus() == PkiStatus.FAILURE; }
public ContentInfo servicePkiOperation(CMSSignedData requestContent, String certprofileName, String msgId, AuditEvent event) throws MessageDecodingException, OperationException { if (!isOnService()) { LOG.warn("SCEP {} is not active", caIdent.getName()); throw new OperationException(ErrorCode.SYSTEM_UNAVAILABLE); } DecodedPkiMessage req = DecodedPkiMessage.decode(requestContent, envelopedDataDecryptor, null); PkiMessage rep = servicePkiOperation0(requestContent, req, certprofileName, msgId, event); audit(event, CaAuditConstants.NAME_SCEP_pki_status, rep.getPkiStatus().toString()); if (rep.getPkiStatus() == PkiStatus.FAILURE) { event.setStatus(AuditStatus.FAILED); } if (rep.getFailInfo() != null) { audit(event, CaAuditConstants.NAME_SCEP_fail_info, rep.getFailInfo().toString()); } return encodeResponse(rep, req); } // method servicePkiOperation
public EnrolmentResponse(PkiMessage pkcsRep) throws ScepClientException { ScepUtil.requireNonNull("pkcsRep", pkcsRep); MessageType messageType = pkcsRep.getMessageType(); if (MessageType.CertRep != messageType) { throw new ScepClientException("messageType must not be other than CertRep: " + messageType); } this.pkcsRep = pkcsRep; if (PkiStatus.SUCCESS != pkcsRep.getPkiStatus()) { return; } ASN1Encodable messageData = pkcsRep.getMessageData(); if (!(messageData instanceof ContentInfo)) { throw new ScepClientException("pkcsRep is not a ContentInfo"); } ContentInfo ci = (ContentInfo) messageData; SignedData sd = SignedData.getInstance(ci.getContent()); ASN1Set asn1Certs = sd.getCertificates(); if (asn1Certs == null || asn1Certs.size() == 0) { throw new ScepClientException("no certificate is embedded in pkcsRep"); } List<X509Certificate> certs; try { certs = ScepUtil.getCertsFromSignedData(sd); } catch (CertificateException ex) { throw new ScepClientException(ex.getMessage(), ex); } this.certificates = Collections.unmodifiableList(certs); }
public X509CRL scepGetCrl(PrivateKey identityKey, X509Certificate identityCert, X500Name issuer, BigInteger serialNumber) throws ScepClientException { ScepUtil.requireNonNull("identityKey", identityKey); ScepUtil.requireNonNull("identityCert", identityCert); ScepUtil.requireNonNull("issuer", issuer); ScepUtil.requireNonNull("serialNumber", serialNumber); initIfNotInited(); PkiMessage pkiMessage = new PkiMessage(TransactionId.randomTransactionId(), MessageType.GetCRL); IssuerAndSerialNumber isn = new IssuerAndSerialNumber(issuer, serialNumber); pkiMessage.setMessageData(isn); ContentInfo request = encryptThenSign(pkiMessage, identityKey, identityCert); ScepHttpResponse httpResp = httpSend(Operation.PKIOperation, request); CMSSignedData cmsSignedData = parsePkiMessage(httpResp.getContentBytes()); PkiMessage response = decode(cmsSignedData, identityKey, identityCert); if (response.getPkiStatus() != PkiStatus.SUCCESS) { throw new ScepClientException("server returned " + response.getPkiStatus()); } ContentInfo messageData = ContentInfo.getInstance(response.getMessageData()); try { return ScepUtil.getCrlFromPkiMessage(SignedData.getInstance(messageData.getContent())); } catch (CRLException ex) { throw new ScepClientException(ex.getMessage(), ex); } }
if (rep.getPkiStatus() == PkiStatus.FAILURE) { return rep;
event.putEventData(ScepAuditConstants.NAME_pkiStatus, rep.getPkiStatus()); if (rep.getPkiStatus() == PkiStatus.FAILURE) { event.setLevel(AuditLevel.ERROR);