use of org.xipki.ca.client.api.CaClientException in project xipki by xipki.
the class CaClientImpl method parseRevokeCertResult.
private Map<String, CertIdOrError> parseRevokeCertResult(RevokeCertResultType result) throws CaClientException {
Map<String, CertIdOrError> ret = new HashMap<>();
for (ResultEntry re : result.getResultEntries()) {
CertIdOrError certIdOrError;
if (re instanceof RevokeCertResultEntry) {
RevokeCertResultEntry entry = (RevokeCertResultEntry) re;
certIdOrError = new CertIdOrError(entry.getCertId());
} else if (re instanceof ErrorResultEntry) {
ErrorResultEntry entry = (ErrorResultEntry) re;
certIdOrError = new CertIdOrError(entry.getStatusInfo());
} else {
throw new CaClientException("unknown type " + re.getClass().getName());
}
ret.put(re.getId(), certIdOrError);
}
return ret;
}
use of org.xipki.ca.client.api.CaClientException in project xipki by xipki.
the class CaClientImpl method parse.
// method parseEnrollCertResult
private static CAClientType parse(InputStream configStream) throws CaClientException {
Object root;
synchronized (jaxbUnmarshallerLock) {
try {
if (jaxbUnmarshaller == null) {
JAXBContext context = JAXBContext.newInstance(ObjectFactory.class);
jaxbUnmarshaller = context.createUnmarshaller();
final SchemaFactory schemaFact = SchemaFactory.newInstance(javax.xml.XMLConstants.W3C_XML_SCHEMA_NS_URI);
URL url = CAClientType.class.getResource("/xsd/caclient-conf.xsd");
jaxbUnmarshaller.setSchema(schemaFact.newSchema(url));
}
root = jaxbUnmarshaller.unmarshal(configStream);
} catch (SAXException ex) {
throw new CaClientException("parsing profile failed, message: " + ex.getMessage(), ex);
} catch (JAXBException ex) {
throw new CaClientException("parsing profile failed, message: " + XmlUtil.getMessage(ex), ex);
}
}
try {
configStream.close();
} catch (IOException ex) {
LOG.warn("could not close xmlConfStream: {}", ex.getMessage());
}
if (!(root instanceof JAXBElement)) {
throw new CaClientException("invalid root element type");
}
CAClientType conf = (CAClientType) ((JAXBElement<?>) root).getValue();
// canonicalize the names
for (RequestorType m : conf.getRequestors().getRequestor()) {
m.setName(m.getName().toLowerCase());
}
for (ResponderType m : conf.getResponders().getResponder()) {
m.setName(m.getName().toLowerCase());
}
for (CAType ca : conf.getCAs().getCA()) {
ca.setName(ca.getName().toLowerCase());
ca.setRequestor(ca.getRequestor().toLowerCase());
ca.setResponder(ca.getResponder().toLowerCase());
}
return conf;
}
use of org.xipki.ca.client.api.CaClientException in project xipki by xipki.
the class CaClientImpl method envelope.
@Override
public byte[] envelope(CertRequest certRequest, ProofOfPossession pop, String profileName, String caName) throws CaClientException {
ParamUtil.requireNonNull("certRequest", certRequest);
ParamUtil.requireNonNull("pop", pop);
profileName = ParamUtil.requireNonNull("profileName", profileName).toLowerCase();
init0(false);
if (caName == null) {
// detect the CA name
caName = getCaNameForProfile(profileName);
if (caName == null) {
throw new CaClientException("certprofile " + profileName + " is not supported by any CA");
}
} else {
caName = caName.toLowerCase();
checkCertprofileSupportInCa(profileName, caName);
}
CaConf ca = casMap.get(caName);
if (ca == null) {
throw new CaClientException("could not find CA named " + caName);
}
PKIMessage pkiMessage;
try {
pkiMessage = ca.getRequestor().envelope(certRequest, pop, profileName);
} catch (CmpRequestorException ex) {
throw new CaClientException("CmpRequestorException: " + ex.getMessage(), ex);
}
try {
return pkiMessage.getEncoded();
} catch (IOException ex) {
throw new CaClientException("IOException: " + ex.getMessage(), ex);
}
}
use of org.xipki.ca.client.api.CaClientException in project xipki by xipki.
the class CaClientImpl method unrevokeCerts.
@Override
public Map<String, CertIdOrError> unrevokeCerts(UnrevokeOrRemoveCertRequest request, RequestResponseDebug debug) throws CaClientException, PkiErrorException {
ParamUtil.requireNonNull("request", request);
init0(false);
List<UnrevokeOrRemoveCertEntry> requestEntries = request.getRequestEntries();
if (CollectionUtil.isEmpty(requestEntries)) {
return Collections.emptyMap();
}
X500Name issuer = requestEntries.get(0).getIssuer();
for (int i = 1; i < requestEntries.size(); i++) {
if (!issuer.equals(requestEntries.get(i).getIssuer())) {
throw new PkiErrorException(PKIStatus.REJECTION, PKIFailureInfo.badRequest, "unrevoking certificates issued by more than one CA is not allowed");
}
}
final String caName = getCaNameByIssuer(issuer);
X509CmpRequestor cmpRequestor = casMap.get(caName).getRequestor();
RevokeCertResultType result;
try {
result = cmpRequestor.unrevokeCertificate(request, debug);
} catch (CmpRequestorException ex) {
throw new CaClientException(ex.getMessage(), ex);
}
return parseRevokeCertResult(result);
}
Aggregations