Search in sources :

Example 1 with CaClientException

use of org.xipki.ca.client.api.CaClientException in project xipki by xipki.

the class CaClientImpl method downloadCrl.

@Override
public X509CRL downloadCrl(String caName, BigInteger crlNumber, RequestResponseDebug debug) throws CaClientException, PkiErrorException {
    caName = ParamUtil.requireNonNull("caName", caName).toLowerCase();
    init0(false);
    CaConf ca = casMap.get(caName);
    if (ca == null) {
        throw new IllegalArgumentException("unknown CA " + caName);
    }
    X509CmpRequestor requestor = ca.getRequestor();
    X509CRL result;
    try {
        result = (crlNumber == null) ? requestor.downloadCurrentCrl(debug) : requestor.downloadCrl(crlNumber, debug);
    } catch (CmpRequestorException ex) {
        throw new CaClientException(ex.getMessage(), ex);
    }
    return result;
}
Also used : X509CRL(java.security.cert.X509CRL) CaClientException(org.xipki.ca.client.api.CaClientException)

Example 2 with CaClientException

use of org.xipki.ca.client.api.CaClientException in project xipki by xipki.

the class CaClientImpl method requestCerts.

// method requestCert
@Override
public EnrollCertResult requestCerts(String caName, EnrollCertRequest request, RequestResponseDebug debug) throws CaClientException, PkiErrorException {
    ParamUtil.requireNonNull("request", request);
    List<EnrollCertRequestEntry> requestEntries = request.getRequestEntries();
    if (CollectionUtil.isEmpty(requestEntries)) {
        return null;
    }
    boolean bo = (caName != null);
    if (caName == null) {
        // detect the CA name
        String profile = requestEntries.get(0).getCertprofile();
        caName = getCaNameForProfile(profile);
        if (caName == null) {
            throw new CaClientException("certprofile " + profile + " is not supported by any CA");
        }
    } else {
        caName = caName.toLowerCase();
    }
    if (bo || request.getRequestEntries().size() > 1) {
        // make sure that all requests are targeted on the same CA
        for (EnrollCertRequestEntry entry : request.getRequestEntries()) {
            String profile = entry.getCertprofile();
            checkCertprofileSupportInCa(profile, caName);
        }
    }
    CaConf ca = casMap.get(caName);
    if (ca == null) {
        throw new CaClientException("could not find CA named " + caName);
    }
    EnrollCertResultResp result;
    try {
        result = ca.getRequestor().requestCertificate(request, debug);
    } catch (CmpRequestorException ex) {
        throw new CaClientException(ex.getMessage(), ex);
    }
    return parseEnrollCertResult(result);
}
Also used : EnrollCertResultResp(org.xipki.ca.client.api.dto.EnrollCertResultResp) EnrollCertRequestEntry(org.xipki.ca.client.api.dto.EnrollCertRequestEntry) CaClientException(org.xipki.ca.client.api.CaClientException)

Example 3 with CaClientException

use of org.xipki.ca.client.api.CaClientException in project xipki by xipki.

the class CaClientImpl method generateCrl.

@Override
public X509CRL generateCrl(String caName, RequestResponseDebug debug) throws CaClientException, PkiErrorException {
    caName = ParamUtil.requireNonNull("caName", caName).toLowerCase();
    CaConf ca = casMap.get(caName);
    if (ca == null) {
        throw new IllegalArgumentException("unknown CA " + caName);
    }
    X509CmpRequestor requestor = ca.getRequestor();
    try {
        return requestor.generateCrl(debug);
    } catch (CmpRequestorException ex) {
        throw new CaClientException(ex.getMessage(), ex);
    }
}
Also used : CaClientException(org.xipki.ca.client.api.CaClientException)

Example 4 with CaClientException

use of org.xipki.ca.client.api.CaClientException in project xipki by xipki.

the class CaClientImpl method removeCerts.

@Override
public Map<String, CertIdOrError> removeCerts(UnrevokeOrRemoveCertRequest request, RequestResponseDebug debug) throws CaClientException, PkiErrorException {
    ParamUtil.requireNonNull("request", request);
    init0(false);
    List<UnrevokeOrRemoveCertEntry> requestEntries = request.getRequestEntries();
    if (CollectionUtil.isEmpty(requestEntries)) {
        return Collections.emptyMap();
    }
    X500Name issuer = requestEntries.get(0).getIssuer();
    for (int i = 1; i < requestEntries.size(); i++) {
        if (!issuer.equals(requestEntries.get(i).getIssuer())) {
            throw new PkiErrorException(PKIStatus.REJECTION, PKIFailureInfo.badRequest, "removing certificates issued by more than one CA is not allowed");
        }
    }
    final String caName = getCaNameByIssuer(issuer);
    X509CmpRequestor cmpRequestor = casMap.get(caName).getRequestor();
    RevokeCertResultType result;
    try {
        result = cmpRequestor.removeCertificate(request, debug);
    } catch (CmpRequestorException ex) {
        throw new CaClientException(ex.getMessage(), ex);
    }
    return parseRevokeCertResult(result);
}
Also used : PkiErrorException(org.xipki.ca.client.api.PkiErrorException) RevokeCertResultType(org.xipki.ca.client.api.dto.RevokeCertResultType) X500Name(org.bouncycastle.asn1.x500.X500Name) UnrevokeOrRemoveCertEntry(org.xipki.ca.client.api.dto.UnrevokeOrRemoveCertEntry) CaClientException(org.xipki.ca.client.api.CaClientException)

Example 5 with CaClientException

use of org.xipki.ca.client.api.CaClientException in project xipki by xipki.

the class CaClientImpl method parseEnrollCertResult.

// method getHealthCheckResult
private EnrollCertResult parseEnrollCertResult(EnrollCertResultResp result) throws CaClientException {
    Map<String, CertOrError> certOrErrors = new HashMap<>();
    for (ResultEntry resultEntry : result.getResultEntries()) {
        CertOrError certOrError;
        if (resultEntry instanceof EnrollCertResultEntry) {
            EnrollCertResultEntry entry = (EnrollCertResultEntry) resultEntry;
            try {
                java.security.cert.Certificate cert = getCertificate(entry.getCert());
                certOrError = new CertOrError(cert);
            } catch (CertificateException ex) {
                throw new CaClientException(String.format("CertificateParsingException for request (id=%s): %s", entry.getId(), ex.getMessage()));
            }
        } else if (resultEntry instanceof ErrorResultEntry) {
            certOrError = new CertOrError(((ErrorResultEntry) resultEntry).getStatusInfo());
        } else {
            certOrError = null;
        }
        certOrErrors.put(resultEntry.getId(), certOrError);
    }
    List<CMPCertificate> cmpCaPubs = result.getCaCertificates();
    if (CollectionUtil.isEmpty(cmpCaPubs)) {
        return new EnrollCertResult(null, certOrErrors);
    }
    List<java.security.cert.Certificate> caPubs = new ArrayList<>(cmpCaPubs.size());
    for (CMPCertificate cmpCaPub : cmpCaPubs) {
        try {
            caPubs.add(getCertificate(cmpCaPub));
        } catch (CertificateException ex) {
            LogUtil.error(LOG, ex, "could not extract the caPub from CMPCertificate");
        }
    }
    java.security.cert.Certificate caCert = null;
    for (CertOrError certOrError : certOrErrors.values()) {
        java.security.cert.Certificate cert = certOrError.getCertificate();
        if (cert == null) {
            continue;
        }
        for (java.security.cert.Certificate caPub : caPubs) {
            if (verify(caPub, cert)) {
                caCert = caPub;
                break;
            }
        }
        if (caCert != null) {
            break;
        }
    }
    if (caCert == null) {
        return new EnrollCertResult(null, certOrErrors);
    }
    for (CertOrError certOrError : certOrErrors.values()) {
        java.security.cert.Certificate cert = certOrError.getCertificate();
        if (cert == null) {
            continue;
        }
        if (!verify(caCert, cert)) {
            LOG.warn("not all certificates are issued by CA embedded in caPubs, ignore the caPubs");
            return new EnrollCertResult(null, certOrErrors);
        }
    }
    return new EnrollCertResult(caCert, certOrErrors);
}
Also used : ErrorResultEntry(org.xipki.ca.client.api.dto.ErrorResultEntry) RevokeCertResultEntry(org.xipki.ca.client.api.dto.RevokeCertResultEntry) ResultEntry(org.xipki.ca.client.api.dto.ResultEntry) EnrollCertResultEntry(org.xipki.ca.client.api.dto.EnrollCertResultEntry) HashMap(java.util.HashMap) ErrorResultEntry(org.xipki.ca.client.api.dto.ErrorResultEntry) ArrayList(java.util.ArrayList) CertificateException(java.security.cert.CertificateException) CertOrError(org.xipki.ca.client.api.CertOrError) CMPCertificate(org.bouncycastle.asn1.cmp.CMPCertificate) EnrollCertResultEntry(org.xipki.ca.client.api.dto.EnrollCertResultEntry) EnrollCertResult(org.xipki.ca.client.api.EnrollCertResult) CaClientException(org.xipki.ca.client.api.CaClientException) X509Certificate(java.security.cert.X509Certificate) CMPCertificate(org.bouncycastle.asn1.cmp.CMPCertificate) Certificate(org.bouncycastle.asn1.x509.Certificate)

Aggregations

CaClientException (org.xipki.ca.client.api.CaClientException)14 IOException (java.io.IOException)5 PkiErrorException (org.xipki.ca.client.api.PkiErrorException)4 HashMap (java.util.HashMap)3 X500Name (org.bouncycastle.asn1.x500.X500Name)3 RevokeCertResultType (org.xipki.ca.client.api.dto.RevokeCertResultType)3 FileInputStream (java.io.FileInputStream)2 MalformedURLException (java.net.MalformedURLException)2 URL (java.net.URL)2 CertificateException (java.security.cert.CertificateException)2 X509Certificate (java.security.cert.X509Certificate)2 JAXBException (javax.xml.bind.JAXBException)2 PKIMessage (org.bouncycastle.asn1.cmp.PKIMessage)2 EnrollCertResultEntry (org.xipki.ca.client.api.dto.EnrollCertResultEntry)2 EnrollCertResultResp (org.xipki.ca.client.api.dto.EnrollCertResultResp)2 RevokeCertRequestEntry (org.xipki.ca.client.api.dto.RevokeCertRequestEntry)2 CAClientType (org.xipki.ca.client.impl.jaxb.CAClientType)2 CAType (org.xipki.ca.client.impl.jaxb.CAType)2 RequestorType (org.xipki.ca.client.impl.jaxb.RequestorType)2 ResponderType (org.xipki.ca.client.impl.jaxb.ResponderType)2