Example 6 with PkiErrorException
use of org.xipki.ca.client.api.PkiErrorException in project xipki by xipki.
the class CmpRequestor method checkProtection.
protected void checkProtection(PkiResponse response) throws PkiErrorException {
ParamUtil.requireNonNull("response", response);
if (!response.hasProtection()) {
return;
}
ProtectionVerificationResult protectionVerificationResult = response.getProtectionVerificationResult();
if (protectionVerificationResult == null || protectionVerificationResult.getProtectionResult() != ProtectionResult.VALID) {
throw new PkiErrorException(ClientErrorCode.PKISTATUS_RESPONSE_ERROR, PKIFailureInfo.badMessageCheck, "message check of the response failed");
}
}
Also used :
PkiErrorException(org.xipki.ca.client.api.PkiErrorException)
ProtectionVerificationResult(org.xipki.cmp.ProtectionVerificationResult)
Example 7 with PkiErrorException
use of org.xipki.ca.client.api.PkiErrorException in project xipki by xipki.
the class X509CmpRequestor method evaluateCrlResponse.
private X509CRL evaluateCrlResponse(PkiResponse response, Integer xipkiAction) throws CmpRequestorException, PkiErrorException {
ParamUtil.requireNonNull("response", response);
checkProtection(response);
PKIBody respBody = response.getPkiMessage().getBody();
int bodyType = respBody.getType();
if (PKIBody.TYPE_ERROR == bodyType) {
ErrorMsgContent content = ErrorMsgContent.getInstance(respBody.getContent());
throw new PkiErrorException(content.getPKIStatusInfo());
} else if (PKIBody.TYPE_GEN_REP != bodyType) {
throw new CmpRequestorException(String.format("unknown PKI body type %s instead the expected [%s, %s]", bodyType, PKIBody.TYPE_GEN_REP, PKIBody.TYPE_ERROR));
}
ASN1ObjectIdentifier expectedType = (xipkiAction == null) ? CMPObjectIdentifiers.it_currentCRL : ObjectIdentifiers.id_xipki_cmp_cmpGenmsg;
GenRepContent genRep = GenRepContent.getInstance(respBody.getContent());
InfoTypeAndValue[] itvs = genRep.toInfoTypeAndValueArray();
InfoTypeAndValue itv = null;
if (itvs != null && itvs.length > 0) {
for (InfoTypeAndValue m : itvs) {
if (expectedType.equals(m.getInfoType())) {
itv = m;
break;
}
}
}
if (itv == null) {
throw new CmpRequestorException("the response does not contain InfoTypeAndValue " + expectedType);
}
ASN1Encodable certListAsn1Object = (xipkiAction == null) ? itv.getInfoValue() : extractXiActionContent(itv.getInfoValue(), xipkiAction);
CertificateList certList = CertificateList.getInstance(certListAsn1Object);
X509CRL crl;
try {
crl = X509Util.toX509Crl(certList);
} catch (CRLException | CertificateException ex) {
throw new CmpRequestorException("returned CRL is invalid: " + ex.getMessage());
}
return crl;
}
Also used :
PKIBody(org.bouncycastle.asn1.cmp.PKIBody)
X509CRL(java.security.cert.X509CRL)
GenRepContent(org.bouncycastle.asn1.cmp.GenRepContent)
CertificateList(org.bouncycastle.asn1.x509.CertificateList)
CertificateException(java.security.cert.CertificateException)
PkiErrorException(org.xipki.ca.client.api.PkiErrorException)
InfoTypeAndValue(org.bouncycastle.asn1.cmp.InfoTypeAndValue)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
ErrorMsgContent(org.bouncycastle.asn1.cmp.ErrorMsgContent)
CRLException(java.security.cert.CRLException)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 8 with PkiErrorException
use of org.xipki.ca.client.api.PkiErrorException in project xipki by xipki.
the class CrlAction method execute0.
@Override
protected Object execute0() throws Exception {
if (caName != null) {
caName = caName.toLowerCase();
}
Set<String> caNames = caClient.getCaNames();
if (isEmpty(caNames)) {
throw new CmdFailure("no CA is configured");
}
if (caName != null && !caNames.contains(caName)) {
throw new IllegalCmdParamException("CA " + caName + " is not within the configured CAs " + caNames);
}
if (caName == null) {
if (caNames.size() == 1) {
caName = caNames.iterator().next();
} else {
throw new IllegalCmdParamException("no CA is specified, one of " + caNames + " is required");
}
}
X509CRL crl = null;
try {
crl = retrieveCrl();
} catch (PkiErrorException ex) {
throw new CmdFailure("received no CRL from server: " + ex.getMessage());
}
if (crl == null) {
throw new CmdFailure("received no CRL from server");
}
saveVerbose("saved CRL to file", new File(outFile), crl.getEncoded());
return null;
}
Also used :
PkiErrorException(org.xipki.ca.client.api.PkiErrorException)
X509CRL(java.security.cert.X509CRL)
CmdFailure(org.xipki.console.karaf.CmdFailure)
IllegalCmdParamException(org.xipki.console.karaf.IllegalCmdParamException)
File(java.io.File)
Example 9 with PkiErrorException
use of org.xipki.ca.client.api.PkiErrorException in project xipki by xipki.
the class CaClientImpl method unrevokeCerts.
@Override
public Map<String, CertIdOrError> unrevokeCerts(UnrevokeOrRemoveCertRequest request, RequestResponseDebug debug) throws CaClientException, PkiErrorException {
ParamUtil.requireNonNull("request", request);
init0(false);
List<UnrevokeOrRemoveCertEntry> requestEntries = request.getRequestEntries();
if (CollectionUtil.isEmpty(requestEntries)) {
return Collections.emptyMap();
}
X500Name issuer = requestEntries.get(0).getIssuer();
for (int i = 1; i < requestEntries.size(); i++) {
if (!issuer.equals(requestEntries.get(i).getIssuer())) {
throw new PkiErrorException(PKIStatus.REJECTION, PKIFailureInfo.badRequest, "unrevoking certificates issued by more than one CA is not allowed");
}
}
final String caName = getCaNameByIssuer(issuer);
X509CmpRequestor cmpRequestor = casMap.get(caName).getRequestor();
RevokeCertResultType result;
try {
result = cmpRequestor.unrevokeCertificate(request, debug);
} catch (CmpRequestorException ex) {
throw new CaClientException(ex.getMessage(), ex);
}
return parseRevokeCertResult(result);
}
Also used :
PkiErrorException(org.xipki.ca.client.api.PkiErrorException)
RevokeCertResultType(org.xipki.ca.client.api.dto.RevokeCertResultType)
X500Name(org.bouncycastle.asn1.x500.X500Name)
UnrevokeOrRemoveCertEntry(org.xipki.ca.client.api.dto.UnrevokeOrRemoveCertEntry)
CaClientException(org.xipki.ca.client.api.CaClientException)
Aggregations
PkiErrorException (org.xipki.ca.client.api.PkiErrorException)9
RevokeCertResultType (org.xipki.ca.client.api.dto.RevokeCertResultType)4
X509CRL (java.security.cert.X509CRL)3
DEROctetString (org.bouncycastle.asn1.DEROctetString)3
ErrorMsgContent (org.bouncycastle.asn1.cmp.ErrorMsgContent)3
PKIBody (org.bouncycastle.asn1.cmp.PKIBody)3
X500Name (org.bouncycastle.asn1.x500.X500Name)3
CaClientException (org.xipki.ca.client.api.CaClientException)3
File (java.io.File)2
BigInteger (java.math.BigInteger)2
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)2
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)2
PKIFreeText (org.bouncycastle.asn1.cmp.PKIFreeText)2
PKIStatusInfo (org.bouncycastle.asn1.cmp.PKIStatusInfo)2
EnrollCertResultEntry (org.xipki.ca.client.api.dto.EnrollCertResultEntry)2
ErrorResultEntry (org.xipki.ca.client.api.dto.ErrorResultEntry)2
ResultEntry (org.xipki.ca.client.api.dto.ResultEntry)2
RevokeCertResultEntry (org.xipki.ca.client.api.dto.RevokeCertResultEntry)2
UnrevokeOrRemoveCertEntry (org.xipki.ca.client.api.dto.UnrevokeOrRemoveCertEntry)2
CmdFailure (org.xipki.console.karaf.CmdFailure)2
