Search in sources :

Example 1 with MoreThanOneCertificateWithSameThumbprintException

use of com.venafi.vcert.sdk.connectors.ConnectorException.MoreThanOneCertificateWithSameThumbprintException in project vcert-java by Venafi.

the class TppTokenConnectorTest method renewCertificateWithFingerPrintMultipleCertificates.

@Test
@DisplayName("Renew Certificate multiple certificates for the fingerprint")
void renewCertificateWithFingerPrintMultipleCertificates() throws VCertException {
    final RenewalRequest renewalRequest = mock(RenewalRequest.class);
    final Tpp.CertificateSearchResponse certificateSearchResponse = mock(Tpp.CertificateSearchResponse.class);
    when(renewalRequest.thumbprint()).thenReturn("1111:1111:1111:1111");
    when(tpp.searchCertificatesToken(any(), eq(HEADER_AUTHORIZATION))).thenReturn(certificateSearchResponse);
    when(certificateSearchResponse.certificates()).thenReturn(Arrays.asList(new Tpp.Certificate(), new Tpp.Certificate()));
    final Throwable throwable = assertThrows(VCertException.class, () -> classUnderTest.renewCertificate(renewalRequest));
    // assertThat(throwable.getMessage()).contains("More than one certificate was found");
    assertThat(throwable instanceof MoreThanOneCertificateWithSameThumbprintException);
}
Also used : RenewalRequest(com.venafi.vcert.sdk.certificate.RenewalRequest) MoreThanOneCertificateWithSameThumbprintException(com.venafi.vcert.sdk.connectors.ConnectorException.MoreThanOneCertificateWithSameThumbprintException) Test(org.junit.jupiter.api.Test) DisplayName(org.junit.jupiter.api.DisplayName)

Example 2 with MoreThanOneCertificateWithSameThumbprintException

use of com.venafi.vcert.sdk.connectors.ConnectorException.MoreThanOneCertificateWithSameThumbprintException in project vcert-java by Venafi.

the class TppConnector method retrieveCertificate.

@Override
public PEMCollection retrieveCertificate(CertificateRequest request) throws VCertException {
    boolean includeChain = request.chainOption() != ChainOption.ChainOptionIgnore;
    boolean rootFirstOrder = includeChain && request.chainOption() == ChainOption.ChainOptionRootFirst;
    if (isNotBlank(request.pickupId()) && isNotBlank(request.thumbprint())) {
        Tpp.CertificateSearchResponse searchResult = searchCertificatesByFingerprint(request.thumbprint());
        if (searchResult.certificates().size() == 0)
            throw new CertificateNotFoundByThumbprintException(request.thumbprint());
        if (searchResult.certificates().size() > 1)
            throw new MoreThanOneCertificateWithSameThumbprintException(request.thumbprint());
        request.pickupId(searchResult.certificates().get(0).certificateRequestId());
    }
    CertificateRetrieveRequest certReq = new CertificateRetrieveRequest().certificateDN(request.pickupId()).format(request.dataFormat() == DataFormat.PKCS8 ? PKCS8_DATA_FORMAT : LEGACY_DATA_FORMAT).rootFirstOrder(rootFirstOrder).includeChain(includeChain);
    if (request.csrOrigin() == CsrOriginOption.ServiceGeneratedCSR || request.fetchPrivateKey()) {
        certReq.includePrivateKey(true);
        certReq.password(request.keyPassword());
    }
    // TODO move this retry logic to feign client
    Instant startTime = Instant.now();
    while (true) {
        Tpp.CertificateRetrieveResponse retrieveResponse = retrieveCertificateOnce(certReq);
        if (isNotBlank(retrieveResponse.certificateData())) {
            PEMCollection pemCollection = PEMCollection.fromStringPEMCollection(org.bouncycastle.util.Strings.fromByteArray(Base64.getDecoder().decode(retrieveResponse.certificateData())), request.chainOption(), request.privateKey(), request.keyPassword(), request.dataFormat());
            request.checkCertificate(pemCollection.certificate());
            return pemCollection;
        }
        if (ZERO.equals(request.timeout()))
            throw new CertificatePendingException(request.pickupId());
        if (Instant.now().isAfter(startTime.plus(request.timeout())))
            throw new RetrieveCertificateTimeoutException(request.pickupId());
        try {
            TimeUnit.SECONDS.sleep(2);
        } catch (InterruptedException e) {
            // Restore interrupted state...
            Thread.currentThread().interrupt();
            throw new AttemptToRetryException(e);
        }
    }
}
Also used : Instant(java.time.Instant) MoreThanOneCertificateWithSameThumbprintException(com.venafi.vcert.sdk.connectors.ConnectorException.MoreThanOneCertificateWithSameThumbprintException) CertificatePendingException(com.venafi.vcert.sdk.connectors.ConnectorException.CertificatePendingException) PEMCollection(com.venafi.vcert.sdk.certificate.PEMCollection) CertificateNotFoundByThumbprintException(com.venafi.vcert.sdk.connectors.ConnectorException.CertificateNotFoundByThumbprintException) AttemptToRetryException(com.venafi.vcert.sdk.connectors.ConnectorException.AttemptToRetryException) CertificateSearchResponse(com.venafi.vcert.sdk.connectors.tpp.Tpp.CertificateSearchResponse) CertificateRetrieveResponse(com.venafi.vcert.sdk.connectors.tpp.Tpp.CertificateRetrieveResponse) RetrieveCertificateTimeoutException(com.venafi.vcert.sdk.connectors.ConnectorException.RetrieveCertificateTimeoutException)

Example 3 with MoreThanOneCertificateWithSameThumbprintException

use of com.venafi.vcert.sdk.connectors.ConnectorException.MoreThanOneCertificateWithSameThumbprintException in project vcert-java by Venafi.

the class TppConnector method renewCertificate.

@Override
public String renewCertificate(RenewalRequest request) throws VCertException {
    String certificateDN;
    if (isNotBlank(request.thumbprint()) && isBlank(request.certificateDN())) {
        Tpp.CertificateSearchResponse searchResult = searchCertificatesByFingerprint(request.thumbprint());
        if (searchResult.certificates().isEmpty())
            throw new CertificateNotFoundByThumbprintException(request.thumbprint());
        if (searchResult.certificates().size() > 1)
            throw new MoreThanOneCertificateWithSameThumbprintException(request.thumbprint());
        certificateDN = searchResult.certificates().get(0).certificateRequestId();
    } else {
        certificateDN = request.certificateDN();
    }
    if (isNull(certificateDN))
        throw new CertificateDNOrThumbprintWasNotProvidedException();
    final CertificateRenewalRequest renewalRequest = new CertificateRenewalRequest();
    renewalRequest.certificateDN(certificateDN);
    if (nonNull(request.request()) && nonNull(request.request().csr()) && request.request().csr().length > 0) {
        String pkcs10 = org.bouncycastle.util.Strings.fromByteArray(request.request().csr());
        renewalRequest.PKCS10(pkcs10);
    }
    final Tpp.CertificateRenewalResponse response = tppAPI.renewCertificate(renewalRequest);
    if (!response.success())
        throw new RenewFailureException(response.error());
    return certificateDN;
}
Also used : CertificateNotFoundByThumbprintException(com.venafi.vcert.sdk.connectors.ConnectorException.CertificateNotFoundByThumbprintException) CertificateSearchResponse(com.venafi.vcert.sdk.connectors.tpp.Tpp.CertificateSearchResponse) CertificateDNOrThumbprintWasNotProvidedException(com.venafi.vcert.sdk.connectors.ConnectorException.CertificateDNOrThumbprintWasNotProvidedException) RenewFailureException(com.venafi.vcert.sdk.connectors.ConnectorException.RenewFailureException) CertificateRenewalResponse(com.venafi.vcert.sdk.connectors.tpp.Tpp.CertificateRenewalResponse) MoreThanOneCertificateWithSameThumbprintException(com.venafi.vcert.sdk.connectors.ConnectorException.MoreThanOneCertificateWithSameThumbprintException)

Example 4 with MoreThanOneCertificateWithSameThumbprintException

use of com.venafi.vcert.sdk.connectors.ConnectorException.MoreThanOneCertificateWithSameThumbprintException in project vcert-java by Venafi.

the class TppConnectorTest method renewCertificateWithFingerPrintMultipleCertificates.

@Test
@DisplayName("Renew Certificate multiple certificates for the fingerprint")
void renewCertificateWithFingerPrintMultipleCertificates() throws VCertException {
    final RenewalRequest renewalRequest = mock(RenewalRequest.class);
    final Tpp.CertificateSearchResponse certificateSearchResponse = mock(Tpp.CertificateSearchResponse.class);
    when(renewalRequest.thumbprint()).thenReturn("1111:1111:1111:1111");
    when(tpp.searchCertificates(any(), eq(API_KEY))).thenReturn(certificateSearchResponse);
    when(certificateSearchResponse.certificates()).thenReturn(Arrays.asList(new Tpp.Certificate(), new Tpp.Certificate()));
    final Throwable throwable = assertThrows(VCertException.class, () -> classUnderTest.renewCertificate(renewalRequest));
    // assertThat(throwable.getMessage()).contains("More than one certificate was found");
    assertThat(throwable instanceof MoreThanOneCertificateWithSameThumbprintException);
}
Also used : RenewalRequest(com.venafi.vcert.sdk.certificate.RenewalRequest) MoreThanOneCertificateWithSameThumbprintException(com.venafi.vcert.sdk.connectors.ConnectorException.MoreThanOneCertificateWithSameThumbprintException) Test(org.junit.jupiter.api.Test) DisplayName(org.junit.jupiter.api.DisplayName)

Aggregations

MoreThanOneCertificateWithSameThumbprintException (com.venafi.vcert.sdk.connectors.ConnectorException.MoreThanOneCertificateWithSameThumbprintException)4 RenewalRequest (com.venafi.vcert.sdk.certificate.RenewalRequest)2 CertificateNotFoundByThumbprintException (com.venafi.vcert.sdk.connectors.ConnectorException.CertificateNotFoundByThumbprintException)2 CertificateSearchResponse (com.venafi.vcert.sdk.connectors.tpp.Tpp.CertificateSearchResponse)2 DisplayName (org.junit.jupiter.api.DisplayName)2 Test (org.junit.jupiter.api.Test)2 PEMCollection (com.venafi.vcert.sdk.certificate.PEMCollection)1 AttemptToRetryException (com.venafi.vcert.sdk.connectors.ConnectorException.AttemptToRetryException)1 CertificateDNOrThumbprintWasNotProvidedException (com.venafi.vcert.sdk.connectors.ConnectorException.CertificateDNOrThumbprintWasNotProvidedException)1 CertificatePendingException (com.venafi.vcert.sdk.connectors.ConnectorException.CertificatePendingException)1 RenewFailureException (com.venafi.vcert.sdk.connectors.ConnectorException.RenewFailureException)1 RetrieveCertificateTimeoutException (com.venafi.vcert.sdk.connectors.ConnectorException.RetrieveCertificateTimeoutException)1 CertificateRenewalResponse (com.venafi.vcert.sdk.connectors.tpp.Tpp.CertificateRenewalResponse)1 CertificateRetrieveResponse (com.venafi.vcert.sdk.connectors.tpp.Tpp.CertificateRetrieveResponse)1 Instant (java.time.Instant)1