Examples with BadFormatException - org.xipki.ca.api.BadFormatException

Example 1 with BadFormatException

use of org.xipki.ca.api.BadFormatException in project xipki by xipki.

the class X509Ca method adaptGrantedSubejct.

// method generateCertificate0
private void adaptGrantedSubejct(GrantedCertTemplate gct) throws OperationException {
    boolean duplicateSubjectPermitted = caInfo.isDuplicateSubjectPermitted();
    if (duplicateSubjectPermitted && !gct.certprofile.isDuplicateSubjectPermitted()) {
        duplicateSubjectPermitted = false;
    }
    if (duplicateSubjectPermitted) {
        return;
    }
    long fpSubject = X509Util.fpCanonicalizedName(gct.grantedSubject);
    String grantedSubjectText = X509Util.getRfc4519Name(gct.grantedSubject);
    final boolean incSerial = gct.certprofile.incSerialNumberIfSubjectExists();
    final boolean certIssued = certstore.isCertForSubjectIssued(caIdent, fpSubject);
    if (certIssued && !incSerial) {
        throw new OperationException(ErrorCode.ALREADY_ISSUED, "certificate for the given subject " + grantedSubjectText + " already issued");
    }
    if (!certIssued) {
        return;
    }
    X500Name subject = gct.grantedSubject;
    String latestSn;
    try {
        Object[] objs = incSerialNumber(gct.certprofile, subject, null);
        latestSn = certstore.getLatestSerialNumber((X500Name) objs[0]);
    } catch (BadFormatException ex) {
        throw new OperationException(ErrorCode.SYSTEM_FAILURE, ex);
    }
    boolean foundUniqueSubject = false;
    // maximal 100 tries
    for (int i = 0; i < 100; i++) {
        try {
            Object[] objs = incSerialNumber(gct.certprofile, subject, latestSn);
            subject = (X500Name) objs[0];
            if (CompareUtil.equalsObject(latestSn, objs[1])) {
                break;
            }
            latestSn = (String) objs[1];
        } catch (BadFormatException ex) {
            throw new OperationException(ErrorCode.SYSTEM_FAILURE, ex);
        }
        foundUniqueSubject = !certstore.isCertForSubjectIssued(caIdent, X509Util.fpCanonicalizedName(subject));
        if (foundUniqueSubject) {
            break;
        }
    }
    if (!foundUniqueSubject) {
        throw new OperationException(ErrorCode.ALREADY_ISSUED, "certificate for the given subject " + grantedSubjectText + " and profile " + gct.certprofile.getIdent() + " already issued, and could not create new unique serial number");
    }
    gct.setGrantedSubject(subject);
}

Also used : BadFormatException(org.xipki.ca.api.BadFormatException) DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) X500Name(org.bouncycastle.asn1.x500.X500Name) OperationException(org.xipki.ca.api.OperationException) IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)

Aggregations

DERPrintableString (org.bouncycastle.asn1.DERPrintableString)1 DERTaggedObject (org.bouncycastle.asn1.DERTaggedObject)1 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)1 X500Name (org.bouncycastle.asn1.x500.X500Name)1 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)1 IssuingDistributionPoint (org.bouncycastle.asn1.x509.IssuingDistributionPoint)1 BadFormatException (org.xipki.ca.api.BadFormatException)1 OperationException (org.xipki.ca.api.OperationException)1