use of org.xipki.ca.client.api.CaClientException in project xipki by xipki.
the class CaClientImpl method downloadCrl.
@Override
public X509CRL downloadCrl(String caName, BigInteger crlNumber, RequestResponseDebug debug) throws CaClientException, PkiErrorException {
caName = ParamUtil.requireNonNull("caName", caName).toLowerCase();
init0(false);
CaConf ca = casMap.get(caName);
if (ca == null) {
throw new IllegalArgumentException("unknown CA " + caName);
}
X509CmpRequestor requestor = ca.getRequestor();
X509CRL result;
try {
result = (crlNumber == null) ? requestor.downloadCurrentCrl(debug) : requestor.downloadCrl(crlNumber, debug);
} catch (CmpRequestorException ex) {
throw new CaClientException(ex.getMessage(), ex);
}
return result;
}
use of org.xipki.ca.client.api.CaClientException in project xipki by xipki.
the class CaClientImpl method requestCerts.
// method requestCert
@Override
public EnrollCertResult requestCerts(String caName, EnrollCertRequest request, RequestResponseDebug debug) throws CaClientException, PkiErrorException {
ParamUtil.requireNonNull("request", request);
List<EnrollCertRequestEntry> requestEntries = request.getRequestEntries();
if (CollectionUtil.isEmpty(requestEntries)) {
return null;
}
boolean bo = (caName != null);
if (caName == null) {
// detect the CA name
String profile = requestEntries.get(0).getCertprofile();
caName = getCaNameForProfile(profile);
if (caName == null) {
throw new CaClientException("certprofile " + profile + " is not supported by any CA");
}
} else {
caName = caName.toLowerCase();
}
if (bo || request.getRequestEntries().size() > 1) {
// make sure that all requests are targeted on the same CA
for (EnrollCertRequestEntry entry : request.getRequestEntries()) {
String profile = entry.getCertprofile();
checkCertprofileSupportInCa(profile, caName);
}
}
CaConf ca = casMap.get(caName);
if (ca == null) {
throw new CaClientException("could not find CA named " + caName);
}
EnrollCertResultResp result;
try {
result = ca.getRequestor().requestCertificate(request, debug);
} catch (CmpRequestorException ex) {
throw new CaClientException(ex.getMessage(), ex);
}
return parseEnrollCertResult(result);
}
use of org.xipki.ca.client.api.CaClientException in project xipki by xipki.
the class CaClientImpl method generateCrl.
@Override
public X509CRL generateCrl(String caName, RequestResponseDebug debug) throws CaClientException, PkiErrorException {
caName = ParamUtil.requireNonNull("caName", caName).toLowerCase();
CaConf ca = casMap.get(caName);
if (ca == null) {
throw new IllegalArgumentException("unknown CA " + caName);
}
X509CmpRequestor requestor = ca.getRequestor();
try {
return requestor.generateCrl(debug);
} catch (CmpRequestorException ex) {
throw new CaClientException(ex.getMessage(), ex);
}
}
use of org.xipki.ca.client.api.CaClientException in project xipki by xipki.
the class CaClientImpl method removeCerts.
@Override
public Map<String, CertIdOrError> removeCerts(UnrevokeOrRemoveCertRequest request, RequestResponseDebug debug) throws CaClientException, PkiErrorException {
ParamUtil.requireNonNull("request", request);
init0(false);
List<UnrevokeOrRemoveCertEntry> requestEntries = request.getRequestEntries();
if (CollectionUtil.isEmpty(requestEntries)) {
return Collections.emptyMap();
}
X500Name issuer = requestEntries.get(0).getIssuer();
for (int i = 1; i < requestEntries.size(); i++) {
if (!issuer.equals(requestEntries.get(i).getIssuer())) {
throw new PkiErrorException(PKIStatus.REJECTION, PKIFailureInfo.badRequest, "removing certificates issued by more than one CA is not allowed");
}
}
final String caName = getCaNameByIssuer(issuer);
X509CmpRequestor cmpRequestor = casMap.get(caName).getRequestor();
RevokeCertResultType result;
try {
result = cmpRequestor.removeCertificate(request, debug);
} catch (CmpRequestorException ex) {
throw new CaClientException(ex.getMessage(), ex);
}
return parseRevokeCertResult(result);
}
use of org.xipki.ca.client.api.CaClientException in project xipki by xipki.
the class CaClientImpl method parseEnrollCertResult.
// method getHealthCheckResult
private EnrollCertResult parseEnrollCertResult(EnrollCertResultResp result) throws CaClientException {
Map<String, CertOrError> certOrErrors = new HashMap<>();
for (ResultEntry resultEntry : result.getResultEntries()) {
CertOrError certOrError;
if (resultEntry instanceof EnrollCertResultEntry) {
EnrollCertResultEntry entry = (EnrollCertResultEntry) resultEntry;
try {
java.security.cert.Certificate cert = getCertificate(entry.getCert());
certOrError = new CertOrError(cert);
} catch (CertificateException ex) {
throw new CaClientException(String.format("CertificateParsingException for request (id=%s): %s", entry.getId(), ex.getMessage()));
}
} else if (resultEntry instanceof ErrorResultEntry) {
certOrError = new CertOrError(((ErrorResultEntry) resultEntry).getStatusInfo());
} else {
certOrError = null;
}
certOrErrors.put(resultEntry.getId(), certOrError);
}
List<CMPCertificate> cmpCaPubs = result.getCaCertificates();
if (CollectionUtil.isEmpty(cmpCaPubs)) {
return new EnrollCertResult(null, certOrErrors);
}
List<java.security.cert.Certificate> caPubs = new ArrayList<>(cmpCaPubs.size());
for (CMPCertificate cmpCaPub : cmpCaPubs) {
try {
caPubs.add(getCertificate(cmpCaPub));
} catch (CertificateException ex) {
LogUtil.error(LOG, ex, "could not extract the caPub from CMPCertificate");
}
}
java.security.cert.Certificate caCert = null;
for (CertOrError certOrError : certOrErrors.values()) {
java.security.cert.Certificate cert = certOrError.getCertificate();
if (cert == null) {
continue;
}
for (java.security.cert.Certificate caPub : caPubs) {
if (verify(caPub, cert)) {
caCert = caPub;
break;
}
}
if (caCert != null) {
break;
}
}
if (caCert == null) {
return new EnrollCertResult(null, certOrErrors);
}
for (CertOrError certOrError : certOrErrors.values()) {
java.security.cert.Certificate cert = certOrError.getCertificate();
if (cert == null) {
continue;
}
if (!verify(caCert, cert)) {
LOG.warn("not all certificates are issued by CA embedded in caPubs, ignore the caPubs");
return new EnrollCertResult(null, certOrErrors);
}
}
return new EnrollCertResult(caCert, certOrErrors);
}
Aggregations