Search in sources :

Example 11 with CaClientException

use of org.xipki.ca.client.api.CaClientException in project xipki by xipki.

the class CaClientImpl method parseRevokeCertResult.

private Map<String, CertIdOrError> parseRevokeCertResult(RevokeCertResultType result) throws CaClientException {
    Map<String, CertIdOrError> ret = new HashMap<>();
    for (ResultEntry re : result.getResultEntries()) {
        CertIdOrError certIdOrError;
        if (re instanceof RevokeCertResultEntry) {
            RevokeCertResultEntry entry = (RevokeCertResultEntry) re;
            certIdOrError = new CertIdOrError(entry.getCertId());
        } else if (re instanceof ErrorResultEntry) {
            ErrorResultEntry entry = (ErrorResultEntry) re;
            certIdOrError = new CertIdOrError(entry.getStatusInfo());
        } else {
            throw new CaClientException("unknown type " + re.getClass().getName());
        }
        ret.put(re.getId(), certIdOrError);
    }
    return ret;
}
Also used : ErrorResultEntry(org.xipki.ca.client.api.dto.ErrorResultEntry) RevokeCertResultEntry(org.xipki.ca.client.api.dto.RevokeCertResultEntry) ResultEntry(org.xipki.ca.client.api.dto.ResultEntry) EnrollCertResultEntry(org.xipki.ca.client.api.dto.EnrollCertResultEntry) RevokeCertResultEntry(org.xipki.ca.client.api.dto.RevokeCertResultEntry) HashMap(java.util.HashMap) ErrorResultEntry(org.xipki.ca.client.api.dto.ErrorResultEntry) CertIdOrError(org.xipki.ca.client.api.CertIdOrError) CaClientException(org.xipki.ca.client.api.CaClientException)

Example 12 with CaClientException

use of org.xipki.ca.client.api.CaClientException in project xipki by xipki.

the class CaClientImpl method parse.

// method parseEnrollCertResult
private static CAClientType parse(InputStream configStream) throws CaClientException {
    Object root;
    synchronized (jaxbUnmarshallerLock) {
        try {
            if (jaxbUnmarshaller == null) {
                JAXBContext context = JAXBContext.newInstance(ObjectFactory.class);
                jaxbUnmarshaller = context.createUnmarshaller();
                final SchemaFactory schemaFact = SchemaFactory.newInstance(javax.xml.XMLConstants.W3C_XML_SCHEMA_NS_URI);
                URL url = CAClientType.class.getResource("/xsd/caclient-conf.xsd");
                jaxbUnmarshaller.setSchema(schemaFact.newSchema(url));
            }
            root = jaxbUnmarshaller.unmarshal(configStream);
        } catch (SAXException ex) {
            throw new CaClientException("parsing profile failed, message: " + ex.getMessage(), ex);
        } catch (JAXBException ex) {
            throw new CaClientException("parsing profile failed, message: " + XmlUtil.getMessage(ex), ex);
        }
    }
    try {
        configStream.close();
    } catch (IOException ex) {
        LOG.warn("could not close xmlConfStream: {}", ex.getMessage());
    }
    if (!(root instanceof JAXBElement)) {
        throw new CaClientException("invalid root element type");
    }
    CAClientType conf = (CAClientType) ((JAXBElement<?>) root).getValue();
    // canonicalize the names
    for (RequestorType m : conf.getRequestors().getRequestor()) {
        m.setName(m.getName().toLowerCase());
    }
    for (ResponderType m : conf.getResponders().getResponder()) {
        m.setName(m.getName().toLowerCase());
    }
    for (CAType ca : conf.getCAs().getCA()) {
        ca.setName(ca.getName().toLowerCase());
        ca.setRequestor(ca.getRequestor().toLowerCase());
        ca.setResponder(ca.getResponder().toLowerCase());
    }
    return conf;
}
Also used : SchemaFactory(javax.xml.validation.SchemaFactory) JAXBException(javax.xml.bind.JAXBException) RequestorType(org.xipki.ca.client.impl.jaxb.RequestorType) CAType(org.xipki.ca.client.impl.jaxb.CAType) JAXBContext(javax.xml.bind.JAXBContext) IOException(java.io.IOException) JAXBElement(javax.xml.bind.JAXBElement) ResponderType(org.xipki.ca.client.impl.jaxb.ResponderType) URL(java.net.URL) SAXException(org.xml.sax.SAXException) CAClientType(org.xipki.ca.client.impl.jaxb.CAClientType) CaClientException(org.xipki.ca.client.api.CaClientException)

Example 13 with CaClientException

use of org.xipki.ca.client.api.CaClientException in project xipki by xipki.

the class CaClientImpl method envelope.

@Override
public byte[] envelope(CertRequest certRequest, ProofOfPossession pop, String profileName, String caName) throws CaClientException {
    ParamUtil.requireNonNull("certRequest", certRequest);
    ParamUtil.requireNonNull("pop", pop);
    profileName = ParamUtil.requireNonNull("profileName", profileName).toLowerCase();
    init0(false);
    if (caName == null) {
        // detect the CA name
        caName = getCaNameForProfile(profileName);
        if (caName == null) {
            throw new CaClientException("certprofile " + profileName + " is not supported by any CA");
        }
    } else {
        caName = caName.toLowerCase();
        checkCertprofileSupportInCa(profileName, caName);
    }
    CaConf ca = casMap.get(caName);
    if (ca == null) {
        throw new CaClientException("could not find CA named " + caName);
    }
    PKIMessage pkiMessage;
    try {
        pkiMessage = ca.getRequestor().envelope(certRequest, pop, profileName);
    } catch (CmpRequestorException ex) {
        throw new CaClientException("CmpRequestorException: " + ex.getMessage(), ex);
    }
    try {
        return pkiMessage.getEncoded();
    } catch (IOException ex) {
        throw new CaClientException("IOException: " + ex.getMessage(), ex);
    }
}
Also used : PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage) IOException(java.io.IOException) CaClientException(org.xipki.ca.client.api.CaClientException)

Example 14 with CaClientException

use of org.xipki.ca.client.api.CaClientException in project xipki by xipki.

the class CaClientImpl method unrevokeCerts.

@Override
public Map<String, CertIdOrError> unrevokeCerts(UnrevokeOrRemoveCertRequest request, RequestResponseDebug debug) throws CaClientException, PkiErrorException {
    ParamUtil.requireNonNull("request", request);
    init0(false);
    List<UnrevokeOrRemoveCertEntry> requestEntries = request.getRequestEntries();
    if (CollectionUtil.isEmpty(requestEntries)) {
        return Collections.emptyMap();
    }
    X500Name issuer = requestEntries.get(0).getIssuer();
    for (int i = 1; i < requestEntries.size(); i++) {
        if (!issuer.equals(requestEntries.get(i).getIssuer())) {
            throw new PkiErrorException(PKIStatus.REJECTION, PKIFailureInfo.badRequest, "unrevoking certificates issued by more than one CA is not allowed");
        }
    }
    final String caName = getCaNameByIssuer(issuer);
    X509CmpRequestor cmpRequestor = casMap.get(caName).getRequestor();
    RevokeCertResultType result;
    try {
        result = cmpRequestor.unrevokeCertificate(request, debug);
    } catch (CmpRequestorException ex) {
        throw new CaClientException(ex.getMessage(), ex);
    }
    return parseRevokeCertResult(result);
}
Also used : PkiErrorException(org.xipki.ca.client.api.PkiErrorException) RevokeCertResultType(org.xipki.ca.client.api.dto.RevokeCertResultType) X500Name(org.bouncycastle.asn1.x500.X500Name) UnrevokeOrRemoveCertEntry(org.xipki.ca.client.api.dto.UnrevokeOrRemoveCertEntry) CaClientException(org.xipki.ca.client.api.CaClientException)

Aggregations

CaClientException (org.xipki.ca.client.api.CaClientException)14 IOException (java.io.IOException)5 PkiErrorException (org.xipki.ca.client.api.PkiErrorException)4 HashMap (java.util.HashMap)3 X500Name (org.bouncycastle.asn1.x500.X500Name)3 RevokeCertResultType (org.xipki.ca.client.api.dto.RevokeCertResultType)3 FileInputStream (java.io.FileInputStream)2 MalformedURLException (java.net.MalformedURLException)2 URL (java.net.URL)2 CertificateException (java.security.cert.CertificateException)2 X509Certificate (java.security.cert.X509Certificate)2 JAXBException (javax.xml.bind.JAXBException)2 PKIMessage (org.bouncycastle.asn1.cmp.PKIMessage)2 EnrollCertResultEntry (org.xipki.ca.client.api.dto.EnrollCertResultEntry)2 EnrollCertResultResp (org.xipki.ca.client.api.dto.EnrollCertResultResp)2 RevokeCertRequestEntry (org.xipki.ca.client.api.dto.RevokeCertRequestEntry)2 CAClientType (org.xipki.ca.client.impl.jaxb.CAClientType)2 CAType (org.xipki.ca.client.impl.jaxb.CAType)2 RequestorType (org.xipki.ca.client.impl.jaxb.RequestorType)2 ResponderType (org.xipki.ca.client.impl.jaxb.ResponderType)2