*
* @param kRSSCall, regenerated certificate return all valid
* @param cert
*/
private StatusType getStatus(X509Certificate cert, boolean kRSSCall) {
StatusType retval = xkmsFactory.createStatusType();
if(kRSSCall){
retval.setStatusValue(XKMSConstants.STATUSVALUE_VALID);
retval.getValidReason().add(XKMSConstants.STATUSREASON_VALIDITYINTERVAL);
retval.getValidReason().add(XKMSConstants.STATUSREASON_ISSUERTRUST);
retval.getValidReason().add(XKMSConstants.STATUSREASON_SIGNATURE);
retval.getValidReason().add(XKMSConstants.STATUSREASON_REVOCATIONSTATUS);
}else{
boolean allValid = true;
boolean inValidSet = false;
//Check validity
try{
cert.checkValidity( new Date());
retval.getValidReason().add(XKMSConstants.STATUSREASON_VALIDITYINTERVAL);
}catch(Exception e){
retval.getInvalidReason().add(XKMSConstants.STATUSREASON_VALIDITYINTERVAL);
allValid = false;
inValidSet = true;
}
// Check Issuer Trust
try{
int caid = CertTools.getIssuerDN(cert).hashCode();
CAInfo cAInfo = caAdminSession.getCAInfo(pubAdmin, caid);
if(cAInfo != null){
retval.getValidReason().add(XKMSConstants.STATUSREASON_ISSUERTRUST);
// Check signature
try{
if(CertTools.verify(cert, cAInfo.getCertificateChain())){
retval.getValidReason().add(XKMSConstants.STATUSREASON_SIGNATURE);
}else{
retval.getInvalidReason().add(XKMSConstants.STATUSREASON_SIGNATURE);
allValid = false;
inValidSet = true;
}
}catch(Exception e){
retval.getInvalidReason().add(XKMSConstants.STATUSREASON_SIGNATURE);
allValid = false;
inValidSet = true;
}
}else{
retval.getInvalidReason().add(XKMSConstants.STATUSREASON_ISSUERTRUST);
retval.getIndeterminateReason().add(XKMSConstants.STATUSREASON_SIGNATURE);
allValid = false;
inValidSet = true;
}
// Check RevocationReason
CertificateStatus status = certificateStoreSession.getStatus(CertTools.getIssuerDN(cert), CertTools.getSerialNumber(cert));
if(status != CertificateStatus.NOT_AVAILABLE){
if(status.revocationReason == RevokedCertInfo.NOT_REVOKED){
retval.getValidReason().add(XKMSConstants.STATUSREASON_REVOCATIONSTATUS);
}else{
retval.getInvalidReason().add(XKMSConstants.STATUSREASON_REVOCATIONSTATUS);
allValid = false;
inValidSet = true;
}
}else{
retval.getIndeterminateReason().add(XKMSConstants.STATUSREASON_REVOCATIONSTATUS);
allValid = false;
}
} catch (ClassCastException e) {
log.error(intres.getLocalizedMessage("xkms.errorcreatesession"),e);
resultMajor = XKMSConstants.RESULTMAJOR_RECIEVER;
resultMinor = XKMSConstants.RESULTMINOR_FAILURE;
}
if(allValid){
retval.setStatusValue(XKMSConstants.STATUSVALUE_VALID);
}else{
if(inValidSet){
retval.setStatusValue(XKMSConstants.STATUSVALUE_INVALID);
}else{
retval.setStatusValue(XKMSConstants.STATUSVALUE_INDETERMINATE);
}
}
}
return retval;
}