use of org.hyperledger.fabric_ca.sdk.exception.InvalidArgumentException in project fabric-sdk-java by hyperledger.
the class HFCAClient method revokeInternal.
private String revokeInternal(User revoker, String serial, String aki, String reason, boolean genCRL) throws RevocationException, InvalidArgumentException {
if (cryptoSuite == null) {
throw new InvalidArgumentException("Crypto primitives not set.");
}
if (Utils.isNullOrEmpty(serial)) {
throw new IllegalArgumentException("Serial number id required to revoke ceritificate");
}
if (Utils.isNullOrEmpty(aki)) {
throw new IllegalArgumentException("AKI is required to revoke certificate");
}
if (revoker == null) {
throw new InvalidArgumentException("revoker is not set");
}
logger.debug(format("revoke revoker: %s, reason: %s, url: %s", revoker.getName(), reason, url));
try {
setUpSSL();
// build request body
RevocationRequest req = new RevocationRequest(caName, null, serial, aki, reason, genCRL);
String body = req.toJson();
// send revoke request
JsonObject resp = httpPost(url + HFCA_REVOKE, body, revoker);
logger.debug("revoke done");
if (genCRL) {
if (resp.isEmpty()) {
throw new RevocationException("Failed to return CRL, revoke response is empty");
}
if (resp.isNull("CRL")) {
throw new RevocationException("Failed to return CRL");
}
return resp.getString("CRL");
}
return null;
} catch (CertificateException e) {
logger.error("Cannot validate certificate. Error is: " + e.getMessage());
throw new RevocationException("Error while revoking cert. " + e.getMessage(), e);
} catch (Exception e) {
logger.error(e.getMessage(), e);
throw new RevocationException("Error while revoking the user. " + e.getMessage(), e);
}
}
use of org.hyperledger.fabric_ca.sdk.exception.InvalidArgumentException in project fabric-sdk-java by hyperledger.
the class HFCAClient method setUpSSL.
private void setUpSSL() throws InvalidArgumentException {
if (cryptoPrimitives == null) {
try {
cryptoPrimitives = new CryptoPrimitives();
cryptoPrimitives.init();
} catch (Exception e) {
throw new InvalidArgumentException(e);
}
}
if (isSSL && null == registry) {
if (properties.containsKey("pemBytes") && properties.containsKey("pemFile")) {
throw new InvalidArgumentException("Properties can not have both \"pemBytes\" and \"pemFile\" specified. ");
}
try {
if (properties.containsKey("pemBytes")) {
byte[] pemBytes = (byte[]) properties.get("pemBytes");
cryptoPrimitives.addCACertificateToTrustStore(pemBytes, pemBytes.toString());
} else {
String pemFile = properties.getProperty("pemFile");
if (pemFile != null) {
cryptoPrimitives.addCACertificateToTrustStore(new File(pemFile), pemFile);
}
}
SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(cryptoPrimitives.getTrustStore(), null).build();
ConnectionSocketFactory sf;
if (null != properties && "true".equals(properties.getProperty("allowAllHostNames"))) {
AllHostsSSLSocketFactory msf = new AllHostsSSLSocketFactory(cryptoPrimitives.getTrustStore());
msf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
sf = msf;
} else {
sf = new SSLConnectionSocketFactory(sslContext);
}
registry = RegistryBuilder.<ConnectionSocketFactory>create().register("https", sf).register("http", new PlainConnectionSocketFactory()).build();
} catch (Exception e) {
logger.error(e);
throw new InvalidArgumentException(e);
}
}
}
use of org.hyperledger.fabric_ca.sdk.exception.InvalidArgumentException in project fabric-sdk-java by hyperledger.
the class HFCAClient method generateCRL.
/**
* Generate certificate revocation list.
*
* @param registrar admin user configured in CA-server
* @param revokedBefore Restrict certificates returned to revoked before this date if not null.
* @param revokedAfter Restrict certificates returned to revoked after this date if not null.
* @param expireBefore Restrict certificates returned to expired before this date if not null.
* @param expireAfter Restrict certificates returned to expired after this date if not null.
* @throws InvalidArgumentException
*/
public String generateCRL(User registrar, Date revokedBefore, Date revokedAfter, Date expireBefore, Date expireAfter) throws InvalidArgumentException, GenerateCRLException {
if (cryptoSuite == null) {
throw new InvalidArgumentException("Crypto primitives not set.");
}
if (registrar == null) {
throw new InvalidArgumentException("registrar is not set");
}
try {
setUpSSL();
// ---------------------------------------
JsonObjectBuilder factory = Json.createObjectBuilder();
if (revokedBefore != null) {
factory.add("revokedBefore", toJson(revokedBefore));
}
if (revokedAfter != null) {
factory.add("revokedAfter", toJson(revokedAfter));
}
if (expireBefore != null) {
factory.add("expireBefore", toJson(expireBefore));
}
if (expireAfter != null) {
factory.add("expireAfter", toJson(expireAfter));
}
if (caName != null) {
factory.add(HFCAClient.FABRIC_CA_REQPROP, caName);
}
JsonObject jsonObject = factory.build();
StringWriter stringWriter = new StringWriter();
JsonWriter jsonWriter = Json.createWriter(new PrintWriter(stringWriter));
jsonWriter.writeObject(jsonObject);
jsonWriter.close();
String body = stringWriter.toString();
// ---------------------------------------
// send revoke request
JsonObject ret = httpPost(url + HFCA_GENCRL, body, registrar);
return ret.getString("CRL");
} catch (Exception e) {
logger.error(e.getMessage(), e);
throw new GenerateCRLException(e.getMessage(), e);
}
}
use of org.hyperledger.fabric_ca.sdk.exception.InvalidArgumentException in project fabric-sdk-java by hyperledger.
the class HFCAClient method getHFCAIdentities.
/**
* gets all identities that the registrar is allowed to see
*
* @param registrar The identity of the registrar (i.e. who is performing the registration).
* @return the identity that was requested
* @throws IdentityException if adding an identity fails.
* @throws InvalidArgumentException Invalid (null) argument specified
*/
public Collection<HFCAIdentity> getHFCAIdentities(User registrar) throws IdentityException, InvalidArgumentException {
if (registrar == null) {
throw new InvalidArgumentException("Registrar should be a valid member");
}
logger.debug(format("identity url: %s, registrar: %s", url, registrar.getName()));
try {
JsonObject result = httpGet(HFCAIdentity.HFCA_IDENTITY, registrar);
Collection<HFCAIdentity> allIdentities = new ArrayList<HFCAIdentity>();
JsonArray identities = result.getJsonArray("identities");
if (identities != null && !identities.isEmpty()) {
for (int i = 0; i < identities.size(); i++) {
JsonObject identity = identities.getJsonObject(i);
HFCAIdentity idObj = new HFCAIdentity(identity);
allIdentities.add(idObj);
}
}
logger.debug(format("identity url: %s, registrar: %s done.", url, registrar));
return allIdentities;
} catch (HTTPException e) {
String msg = format("[HTTP Status Code: %d] - Error while getting all users from url '%s': %s", e.getStatusCode(), url, e.getMessage());
IdentityException identityException = new IdentityException(msg, e);
logger.error(msg);
throw identityException;
} catch (Exception e) {
String msg = format("Error while getting all users from url '%s': %s", url, e.getMessage());
IdentityException identityException = new IdentityException(msg, e);
logger.error(msg);
throw identityException;
}
}
use of org.hyperledger.fabric_ca.sdk.exception.InvalidArgumentException in project fabric-sdk-java by hyperledger.
the class HFCAIdentity method read.
/**
* read retrieves a specific identity
*
* @param registrar The identity of the registrar (i.e. who is performing the registration).
* @return statusCode The HTTP status code in the response
* @throws IdentityException if retrieving an identity fails.
* @throws InvalidArgumentException Invalid (null) argument specified
*/
public int read(User registrar) throws IdentityException, InvalidArgumentException {
if (registrar == null) {
throw new InvalidArgumentException("Registrar should be a valid member");
}
String readIdURL = "";
try {
readIdURL = HFCA_IDENTITY + "/" + enrollmentID;
logger.debug(format("identity url: %s, registrar: %s", readIdURL, registrar.getName()));
JsonObject result = client.httpGet(readIdURL, registrar);
statusCode = result.getInt("statusCode");
if (statusCode < 400) {
type = result.getString("type");
maxEnrollments = result.getInt("max_enrollments");
affiliation = result.getString("affiliation");
JsonArray attributes = result.getJsonArray("attrs");
Collection<Attribute> attrs = new ArrayList<Attribute>();
if (attributes != null && !attributes.isEmpty()) {
for (int i = 0; i < attributes.size(); i++) {
JsonObject attribute = attributes.getJsonObject(i);
Attribute attr = new Attribute(attribute.getString("name"), attribute.getString("value"), attribute.getBoolean("ecert", false));
attrs.add(attr);
}
}
this.attrs = attrs;
logger.debug(format("identity url: %s, registrar: %s done.", readIdURL, registrar));
}
this.deleted = false;
return statusCode;
} catch (HTTPException e) {
String msg = format("[Code: %d] - Error while getting user '%s' from url '%s': %s", e.getStatusCode(), getEnrollmentId(), readIdURL, e.getMessage());
IdentityException identityException = new IdentityException(msg, e);
logger.error(msg);
throw identityException;
} catch (Exception e) {
String msg = format("Error while getting user '%s' from url '%s': %s", enrollmentID, readIdURL, e.getMessage());
IdentityException identityException = new IdentityException(msg, e);
logger.error(msg);
throw identityException;
}
}
Aggregations