Example 1 with CaClientException
use of org.xipki.ca.client.api.CaClientException in project xipki by xipki.
the class CaClientImpl method downloadCrl.
@Override
public X509CRL downloadCrl(String caName, BigInteger crlNumber, RequestResponseDebug debug) throws CaClientException, PkiErrorException {
caName = ParamUtil.requireNonNull("caName", caName).toLowerCase();
init0(false);
CaConf ca = casMap.get(caName);
if (ca == null) {
throw new IllegalArgumentException("unknown CA " + caName);
}
X509CmpRequestor requestor = ca.getRequestor();
X509CRL result;
try {
result = (crlNumber == null) ? requestor.downloadCurrentCrl(debug) : requestor.downloadCrl(crlNumber, debug);
} catch (CmpRequestorException ex) {
throw new CaClientException(ex.getMessage(), ex);
}
return result;
}
Also used :
X509CRL(java.security.cert.X509CRL)
CaClientException(org.xipki.ca.client.api.CaClientException)
Example 2 with CaClientException
use of org.xipki.ca.client.api.CaClientException in project xipki by xipki.
the class CaClientImpl method requestCerts.
// method requestCert
@Override
public EnrollCertResult requestCerts(String caName, EnrollCertRequest request, RequestResponseDebug debug) throws CaClientException, PkiErrorException {
ParamUtil.requireNonNull("request", request);
List<EnrollCertRequestEntry> requestEntries = request.getRequestEntries();
if (CollectionUtil.isEmpty(requestEntries)) {
return null;
}
boolean bo = (caName != null);
if (caName == null) {
// detect the CA name
String profile = requestEntries.get(0).getCertprofile();
caName = getCaNameForProfile(profile);
if (caName == null) {
throw new CaClientException("certprofile " + profile + " is not supported by any CA");
}
} else {
caName = caName.toLowerCase();
}
if (bo || request.getRequestEntries().size() > 1) {
// make sure that all requests are targeted on the same CA
for (EnrollCertRequestEntry entry : request.getRequestEntries()) {
String profile = entry.getCertprofile();
checkCertprofileSupportInCa(profile, caName);
}
}
CaConf ca = casMap.get(caName);
if (ca == null) {
throw new CaClientException("could not find CA named " + caName);
}
EnrollCertResultResp result;
try {
result = ca.getRequestor().requestCertificate(request, debug);
} catch (CmpRequestorException ex) {
throw new CaClientException(ex.getMessage(), ex);
}
return parseEnrollCertResult(result);
}
Also used :
EnrollCertResultResp(org.xipki.ca.client.api.dto.EnrollCertResultResp)
EnrollCertRequestEntry(org.xipki.ca.client.api.dto.EnrollCertRequestEntry)
CaClientException(org.xipki.ca.client.api.CaClientException)
Example 3 with CaClientException
use of org.xipki.ca.client.api.CaClientException in project xipki by xipki.
the class CaClientImpl method generateCrl.
@Override
public X509CRL generateCrl(String caName, RequestResponseDebug debug) throws CaClientException, PkiErrorException {
caName = ParamUtil.requireNonNull("caName", caName).toLowerCase();
CaConf ca = casMap.get(caName);
if (ca == null) {
throw new IllegalArgumentException("unknown CA " + caName);
}
X509CmpRequestor requestor = ca.getRequestor();
try {
return requestor.generateCrl(debug);
} catch (CmpRequestorException ex) {
throw new CaClientException(ex.getMessage(), ex);
}
}
Also used :
CaClientException(org.xipki.ca.client.api.CaClientException)
Example 4 with CaClientException
use of org.xipki.ca.client.api.CaClientException in project xipki by xipki.
the class CaClientImpl method removeCerts.
@Override
public Map<String, CertIdOrError> removeCerts(UnrevokeOrRemoveCertRequest request, RequestResponseDebug debug) throws CaClientException, PkiErrorException {
ParamUtil.requireNonNull("request", request);
init0(false);
List<UnrevokeOrRemoveCertEntry> requestEntries = request.getRequestEntries();
if (CollectionUtil.isEmpty(requestEntries)) {
return Collections.emptyMap();
}
X500Name issuer = requestEntries.get(0).getIssuer();
for (int i = 1; i < requestEntries.size(); i++) {
if (!issuer.equals(requestEntries.get(i).getIssuer())) {
throw new PkiErrorException(PKIStatus.REJECTION, PKIFailureInfo.badRequest, "removing certificates issued by more than one CA is not allowed");
}
}
final String caName = getCaNameByIssuer(issuer);
X509CmpRequestor cmpRequestor = casMap.get(caName).getRequestor();
RevokeCertResultType result;
try {
result = cmpRequestor.removeCertificate(request, debug);
} catch (CmpRequestorException ex) {
throw new CaClientException(ex.getMessage(), ex);
}
return parseRevokeCertResult(result);
}
Also used :
PkiErrorException(org.xipki.ca.client.api.PkiErrorException)
RevokeCertResultType(org.xipki.ca.client.api.dto.RevokeCertResultType)
X500Name(org.bouncycastle.asn1.x500.X500Name)
UnrevokeOrRemoveCertEntry(org.xipki.ca.client.api.dto.UnrevokeOrRemoveCertEntry)
CaClientException(org.xipki.ca.client.api.CaClientException)
Example 5 with CaClientException
use of org.xipki.ca.client.api.CaClientException in project xipki by xipki.
the class CaClientImpl method parseEnrollCertResult.
// method getHealthCheckResult
private EnrollCertResult parseEnrollCertResult(EnrollCertResultResp result) throws CaClientException {
Map<String, CertOrError> certOrErrors = new HashMap<>();
for (ResultEntry resultEntry : result.getResultEntries()) {
CertOrError certOrError;
if (resultEntry instanceof EnrollCertResultEntry) {
EnrollCertResultEntry entry = (EnrollCertResultEntry) resultEntry;
try {
java.security.cert.Certificate cert = getCertificate(entry.getCert());
certOrError = new CertOrError(cert);
} catch (CertificateException ex) {
throw new CaClientException(String.format("CertificateParsingException for request (id=%s): %s", entry.getId(), ex.getMessage()));
}
} else if (resultEntry instanceof ErrorResultEntry) {
certOrError = new CertOrError(((ErrorResultEntry) resultEntry).getStatusInfo());
} else {
certOrError = null;
}
certOrErrors.put(resultEntry.getId(), certOrError);
}
List<CMPCertificate> cmpCaPubs = result.getCaCertificates();
if (CollectionUtil.isEmpty(cmpCaPubs)) {
return new EnrollCertResult(null, certOrErrors);
}
List<java.security.cert.Certificate> caPubs = new ArrayList<>(cmpCaPubs.size());
for (CMPCertificate cmpCaPub : cmpCaPubs) {
try {
caPubs.add(getCertificate(cmpCaPub));
} catch (CertificateException ex) {
LogUtil.error(LOG, ex, "could not extract the caPub from CMPCertificate");
}
}
java.security.cert.Certificate caCert = null;
for (CertOrError certOrError : certOrErrors.values()) {
java.security.cert.Certificate cert = certOrError.getCertificate();
if (cert == null) {
continue;
}
for (java.security.cert.Certificate caPub : caPubs) {
if (verify(caPub, cert)) {
caCert = caPub;
break;
}
}
if (caCert != null) {
break;
}
}
if (caCert == null) {
return new EnrollCertResult(null, certOrErrors);
}
for (CertOrError certOrError : certOrErrors.values()) {
java.security.cert.Certificate cert = certOrError.getCertificate();
if (cert == null) {
continue;
}
if (!verify(caCert, cert)) {
LOG.warn("not all certificates are issued by CA embedded in caPubs, ignore the caPubs");
return new EnrollCertResult(null, certOrErrors);
}
}
return new EnrollCertResult(caCert, certOrErrors);
}
Also used :
ErrorResultEntry(org.xipki.ca.client.api.dto.ErrorResultEntry)
RevokeCertResultEntry(org.xipki.ca.client.api.dto.RevokeCertResultEntry)
ResultEntry(org.xipki.ca.client.api.dto.ResultEntry)
EnrollCertResultEntry(org.xipki.ca.client.api.dto.EnrollCertResultEntry)
HashMap(java.util.HashMap)
ErrorResultEntry(org.xipki.ca.client.api.dto.ErrorResultEntry)
ArrayList(java.util.ArrayList)
CertificateException(java.security.cert.CertificateException)
CertOrError(org.xipki.ca.client.api.CertOrError)
CMPCertificate(org.bouncycastle.asn1.cmp.CMPCertificate)
EnrollCertResultEntry(org.xipki.ca.client.api.dto.EnrollCertResultEntry)
EnrollCertResult(org.xipki.ca.client.api.EnrollCertResult)
CaClientException(org.xipki.ca.client.api.CaClientException)
X509Certificate(java.security.cert.X509Certificate)
CMPCertificate(org.bouncycastle.asn1.cmp.CMPCertificate)
Certificate(org.bouncycastle.asn1.x509.Certificate)
Aggregations
CaClientException (org.xipki.ca.client.api.CaClientException)14
IOException (java.io.IOException)5
PkiErrorException (org.xipki.ca.client.api.PkiErrorException)4
HashMap (java.util.HashMap)3
X500Name (org.bouncycastle.asn1.x500.X500Name)3
RevokeCertResultType (org.xipki.ca.client.api.dto.RevokeCertResultType)3
FileInputStream (java.io.FileInputStream)2
MalformedURLException (java.net.MalformedURLException)2
URL (java.net.URL)2
CertificateException (java.security.cert.CertificateException)2
X509Certificate (java.security.cert.X509Certificate)2
JAXBException (javax.xml.bind.JAXBException)2
PKIMessage (org.bouncycastle.asn1.cmp.PKIMessage)2
EnrollCertResultEntry (org.xipki.ca.client.api.dto.EnrollCertResultEntry)2
EnrollCertResultResp (org.xipki.ca.client.api.dto.EnrollCertResultResp)2
RevokeCertRequestEntry (org.xipki.ca.client.api.dto.RevokeCertRequestEntry)2
CAClientType (org.xipki.ca.client.impl.jaxb.CAClientType)2
CAType (org.xipki.ca.client.impl.jaxb.CAType)2
RequestorType (org.xipki.ca.client.impl.jaxb.RequestorType)2
ResponderType (org.xipki.ca.client.impl.jaxb.ResponderType)2
