Example 11 with CaClientException
use of org.xipki.ca.client.api.CaClientException in project xipki by xipki.
the class CaClientImpl method parseRevokeCertResult.
private Map<String, CertIdOrError> parseRevokeCertResult(RevokeCertResultType result) throws CaClientException {
Map<String, CertIdOrError> ret = new HashMap<>();
for (ResultEntry re : result.getResultEntries()) {
CertIdOrError certIdOrError;
if (re instanceof RevokeCertResultEntry) {
RevokeCertResultEntry entry = (RevokeCertResultEntry) re;
certIdOrError = new CertIdOrError(entry.getCertId());
} else if (re instanceof ErrorResultEntry) {
ErrorResultEntry entry = (ErrorResultEntry) re;
certIdOrError = new CertIdOrError(entry.getStatusInfo());
} else {
throw new CaClientException("unknown type " + re.getClass().getName());
}
ret.put(re.getId(), certIdOrError);
}
return ret;
}
Also used :
ErrorResultEntry(org.xipki.ca.client.api.dto.ErrorResultEntry)
RevokeCertResultEntry(org.xipki.ca.client.api.dto.RevokeCertResultEntry)
ResultEntry(org.xipki.ca.client.api.dto.ResultEntry)
EnrollCertResultEntry(org.xipki.ca.client.api.dto.EnrollCertResultEntry)
RevokeCertResultEntry(org.xipki.ca.client.api.dto.RevokeCertResultEntry)
HashMap(java.util.HashMap)
ErrorResultEntry(org.xipki.ca.client.api.dto.ErrorResultEntry)
CertIdOrError(org.xipki.ca.client.api.CertIdOrError)
CaClientException(org.xipki.ca.client.api.CaClientException)
Example 12 with CaClientException
use of org.xipki.ca.client.api.CaClientException in project xipki by xipki.
the class CaClientImpl method parse.
// method parseEnrollCertResult
private static CAClientType parse(InputStream configStream) throws CaClientException {
Object root;
synchronized (jaxbUnmarshallerLock) {
try {
if (jaxbUnmarshaller == null) {
JAXBContext context = JAXBContext.newInstance(ObjectFactory.class);
jaxbUnmarshaller = context.createUnmarshaller();
final SchemaFactory schemaFact = SchemaFactory.newInstance(javax.xml.XMLConstants.W3C_XML_SCHEMA_NS_URI);
URL url = CAClientType.class.getResource("/xsd/caclient-conf.xsd");
jaxbUnmarshaller.setSchema(schemaFact.newSchema(url));
}
root = jaxbUnmarshaller.unmarshal(configStream);
} catch (SAXException ex) {
throw new CaClientException("parsing profile failed, message: " + ex.getMessage(), ex);
} catch (JAXBException ex) {
throw new CaClientException("parsing profile failed, message: " + XmlUtil.getMessage(ex), ex);
}
}
try {
configStream.close();
} catch (IOException ex) {
LOG.warn("could not close xmlConfStream: {}", ex.getMessage());
}
if (!(root instanceof JAXBElement)) {
throw new CaClientException("invalid root element type");
}
CAClientType conf = (CAClientType) ((JAXBElement<?>) root).getValue();
// canonicalize the names
for (RequestorType m : conf.getRequestors().getRequestor()) {
m.setName(m.getName().toLowerCase());
}
for (ResponderType m : conf.getResponders().getResponder()) {
m.setName(m.getName().toLowerCase());
}
for (CAType ca : conf.getCAs().getCA()) {
ca.setName(ca.getName().toLowerCase());
ca.setRequestor(ca.getRequestor().toLowerCase());
ca.setResponder(ca.getResponder().toLowerCase());
}
return conf;
}
Also used :
SchemaFactory(javax.xml.validation.SchemaFactory)
JAXBException(javax.xml.bind.JAXBException)
RequestorType(org.xipki.ca.client.impl.jaxb.RequestorType)
CAType(org.xipki.ca.client.impl.jaxb.CAType)
JAXBContext(javax.xml.bind.JAXBContext)
IOException(java.io.IOException)
JAXBElement(javax.xml.bind.JAXBElement)
ResponderType(org.xipki.ca.client.impl.jaxb.ResponderType)
URL(java.net.URL)
SAXException(org.xml.sax.SAXException)
CAClientType(org.xipki.ca.client.impl.jaxb.CAClientType)
CaClientException(org.xipki.ca.client.api.CaClientException)
Example 13 with CaClientException
use of org.xipki.ca.client.api.CaClientException in project xipki by xipki.
the class CaClientImpl method envelope.
@Override
public byte[] envelope(CertRequest certRequest, ProofOfPossession pop, String profileName, String caName) throws CaClientException {
ParamUtil.requireNonNull("certRequest", certRequest);
ParamUtil.requireNonNull("pop", pop);
profileName = ParamUtil.requireNonNull("profileName", profileName).toLowerCase();
init0(false);
if (caName == null) {
// detect the CA name
caName = getCaNameForProfile(profileName);
if (caName == null) {
throw new CaClientException("certprofile " + profileName + " is not supported by any CA");
}
} else {
caName = caName.toLowerCase();
checkCertprofileSupportInCa(profileName, caName);
}
CaConf ca = casMap.get(caName);
if (ca == null) {
throw new CaClientException("could not find CA named " + caName);
}
PKIMessage pkiMessage;
try {
pkiMessage = ca.getRequestor().envelope(certRequest, pop, profileName);
} catch (CmpRequestorException ex) {
throw new CaClientException("CmpRequestorException: " + ex.getMessage(), ex);
}
try {
return pkiMessage.getEncoded();
} catch (IOException ex) {
throw new CaClientException("IOException: " + ex.getMessage(), ex);
}
}
Also used :
PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage)
IOException(java.io.IOException)
CaClientException(org.xipki.ca.client.api.CaClientException)
Example 14 with CaClientException
use of org.xipki.ca.client.api.CaClientException in project xipki by xipki.
the class CaClientImpl method unrevokeCerts.
@Override
public Map<String, CertIdOrError> unrevokeCerts(UnrevokeOrRemoveCertRequest request, RequestResponseDebug debug) throws CaClientException, PkiErrorException {
ParamUtil.requireNonNull("request", request);
init0(false);
List<UnrevokeOrRemoveCertEntry> requestEntries = request.getRequestEntries();
if (CollectionUtil.isEmpty(requestEntries)) {
return Collections.emptyMap();
}
X500Name issuer = requestEntries.get(0).getIssuer();
for (int i = 1; i < requestEntries.size(); i++) {
if (!issuer.equals(requestEntries.get(i).getIssuer())) {
throw new PkiErrorException(PKIStatus.REJECTION, PKIFailureInfo.badRequest, "unrevoking certificates issued by more than one CA is not allowed");
}
}
final String caName = getCaNameByIssuer(issuer);
X509CmpRequestor cmpRequestor = casMap.get(caName).getRequestor();
RevokeCertResultType result;
try {
result = cmpRequestor.unrevokeCertificate(request, debug);
} catch (CmpRequestorException ex) {
throw new CaClientException(ex.getMessage(), ex);
}
return parseRevokeCertResult(result);
}
Also used :
PkiErrorException(org.xipki.ca.client.api.PkiErrorException)
RevokeCertResultType(org.xipki.ca.client.api.dto.RevokeCertResultType)
X500Name(org.bouncycastle.asn1.x500.X500Name)
UnrevokeOrRemoveCertEntry(org.xipki.ca.client.api.dto.UnrevokeOrRemoveCertEntry)
CaClientException(org.xipki.ca.client.api.CaClientException)
Aggregations
CaClientException (org.xipki.ca.client.api.CaClientException)14
IOException (java.io.IOException)5
PkiErrorException (org.xipki.ca.client.api.PkiErrorException)4
HashMap (java.util.HashMap)3
X500Name (org.bouncycastle.asn1.x500.X500Name)3
RevokeCertResultType (org.xipki.ca.client.api.dto.RevokeCertResultType)3
FileInputStream (java.io.FileInputStream)2
MalformedURLException (java.net.MalformedURLException)2
URL (java.net.URL)2
CertificateException (java.security.cert.CertificateException)2
X509Certificate (java.security.cert.X509Certificate)2
JAXBException (javax.xml.bind.JAXBException)2
PKIMessage (org.bouncycastle.asn1.cmp.PKIMessage)2
EnrollCertResultEntry (org.xipki.ca.client.api.dto.EnrollCertResultEntry)2
EnrollCertResultResp (org.xipki.ca.client.api.dto.EnrollCertResultResp)2
RevokeCertRequestEntry (org.xipki.ca.client.api.dto.RevokeCertRequestEntry)2
CAClientType (org.xipki.ca.client.impl.jaxb.CAClientType)2
CAType (org.xipki.ca.client.impl.jaxb.CAType)2
RequestorType (org.xipki.ca.client.impl.jaxb.RequestorType)2
ResponderType (org.xipki.ca.client.impl.jaxb.ResponderType)2
