use of com.venafi.vcert.sdk.connectors.ConnectorException.MoreThanOneCertificateWithSameThumbprintException in project vcert-java by Venafi.
the class TppTokenConnectorTest method renewCertificateWithFingerPrintMultipleCertificates.
@Test
@DisplayName("Renew Certificate multiple certificates for the fingerprint")
void renewCertificateWithFingerPrintMultipleCertificates() throws VCertException {
final RenewalRequest renewalRequest = mock(RenewalRequest.class);
final Tpp.CertificateSearchResponse certificateSearchResponse = mock(Tpp.CertificateSearchResponse.class);
when(renewalRequest.thumbprint()).thenReturn("1111:1111:1111:1111");
when(tpp.searchCertificatesToken(any(), eq(HEADER_AUTHORIZATION))).thenReturn(certificateSearchResponse);
when(certificateSearchResponse.certificates()).thenReturn(Arrays.asList(new Tpp.Certificate(), new Tpp.Certificate()));
final Throwable throwable = assertThrows(VCertException.class, () -> classUnderTest.renewCertificate(renewalRequest));
// assertThat(throwable.getMessage()).contains("More than one certificate was found");
assertThat(throwable instanceof MoreThanOneCertificateWithSameThumbprintException);
}
use of com.venafi.vcert.sdk.connectors.ConnectorException.MoreThanOneCertificateWithSameThumbprintException in project vcert-java by Venafi.
the class TppConnector method retrieveCertificate.
@Override
public PEMCollection retrieveCertificate(CertificateRequest request) throws VCertException {
boolean includeChain = request.chainOption() != ChainOption.ChainOptionIgnore;
boolean rootFirstOrder = includeChain && request.chainOption() == ChainOption.ChainOptionRootFirst;
if (isNotBlank(request.pickupId()) && isNotBlank(request.thumbprint())) {
Tpp.CertificateSearchResponse searchResult = searchCertificatesByFingerprint(request.thumbprint());
if (searchResult.certificates().size() == 0)
throw new CertificateNotFoundByThumbprintException(request.thumbprint());
if (searchResult.certificates().size() > 1)
throw new MoreThanOneCertificateWithSameThumbprintException(request.thumbprint());
request.pickupId(searchResult.certificates().get(0).certificateRequestId());
}
CertificateRetrieveRequest certReq = new CertificateRetrieveRequest().certificateDN(request.pickupId()).format(request.dataFormat() == DataFormat.PKCS8 ? PKCS8_DATA_FORMAT : LEGACY_DATA_FORMAT).rootFirstOrder(rootFirstOrder).includeChain(includeChain);
if (request.csrOrigin() == CsrOriginOption.ServiceGeneratedCSR || request.fetchPrivateKey()) {
certReq.includePrivateKey(true);
certReq.password(request.keyPassword());
}
// TODO move this retry logic to feign client
Instant startTime = Instant.now();
while (true) {
Tpp.CertificateRetrieveResponse retrieveResponse = retrieveCertificateOnce(certReq);
if (isNotBlank(retrieveResponse.certificateData())) {
PEMCollection pemCollection = PEMCollection.fromStringPEMCollection(org.bouncycastle.util.Strings.fromByteArray(Base64.getDecoder().decode(retrieveResponse.certificateData())), request.chainOption(), request.privateKey(), request.keyPassword(), request.dataFormat());
request.checkCertificate(pemCollection.certificate());
return pemCollection;
}
if (ZERO.equals(request.timeout()))
throw new CertificatePendingException(request.pickupId());
if (Instant.now().isAfter(startTime.plus(request.timeout())))
throw new RetrieveCertificateTimeoutException(request.pickupId());
try {
TimeUnit.SECONDS.sleep(2);
} catch (InterruptedException e) {
// Restore interrupted state...
Thread.currentThread().interrupt();
throw new AttemptToRetryException(e);
}
}
}
use of com.venafi.vcert.sdk.connectors.ConnectorException.MoreThanOneCertificateWithSameThumbprintException in project vcert-java by Venafi.
the class TppConnector method renewCertificate.
@Override
public String renewCertificate(RenewalRequest request) throws VCertException {
String certificateDN;
if (isNotBlank(request.thumbprint()) && isBlank(request.certificateDN())) {
Tpp.CertificateSearchResponse searchResult = searchCertificatesByFingerprint(request.thumbprint());
if (searchResult.certificates().isEmpty())
throw new CertificateNotFoundByThumbprintException(request.thumbprint());
if (searchResult.certificates().size() > 1)
throw new MoreThanOneCertificateWithSameThumbprintException(request.thumbprint());
certificateDN = searchResult.certificates().get(0).certificateRequestId();
} else {
certificateDN = request.certificateDN();
}
if (isNull(certificateDN))
throw new CertificateDNOrThumbprintWasNotProvidedException();
final CertificateRenewalRequest renewalRequest = new CertificateRenewalRequest();
renewalRequest.certificateDN(certificateDN);
if (nonNull(request.request()) && nonNull(request.request().csr()) && request.request().csr().length > 0) {
String pkcs10 = org.bouncycastle.util.Strings.fromByteArray(request.request().csr());
renewalRequest.PKCS10(pkcs10);
}
final Tpp.CertificateRenewalResponse response = tppAPI.renewCertificate(renewalRequest);
if (!response.success())
throw new RenewFailureException(response.error());
return certificateDN;
}
use of com.venafi.vcert.sdk.connectors.ConnectorException.MoreThanOneCertificateWithSameThumbprintException in project vcert-java by Venafi.
the class TppConnectorTest method renewCertificateWithFingerPrintMultipleCertificates.
@Test
@DisplayName("Renew Certificate multiple certificates for the fingerprint")
void renewCertificateWithFingerPrintMultipleCertificates() throws VCertException {
final RenewalRequest renewalRequest = mock(RenewalRequest.class);
final Tpp.CertificateSearchResponse certificateSearchResponse = mock(Tpp.CertificateSearchResponse.class);
when(renewalRequest.thumbprint()).thenReturn("1111:1111:1111:1111");
when(tpp.searchCertificates(any(), eq(API_KEY))).thenReturn(certificateSearchResponse);
when(certificateSearchResponse.certificates()).thenReturn(Arrays.asList(new Tpp.Certificate(), new Tpp.Certificate()));
final Throwable throwable = assertThrows(VCertException.class, () -> classUnderTest.renewCertificate(renewalRequest));
// assertThat(throwable.getMessage()).contains("More than one certificate was found");
assertThat(throwable instanceof MoreThanOneCertificateWithSameThumbprintException);
}
Aggregations