Example 1 with EnrollCertResultResp
use of org.xipki.ca.client.api.dto.EnrollCertResultResp in project xipki by xipki.
the class CaClientImpl method requestCerts.
// method requestCert
@Override
public EnrollCertResult requestCerts(String caName, EnrollCertRequest request, RequestResponseDebug debug) throws CaClientException, PkiErrorException {
ParamUtil.requireNonNull("request", request);
List<EnrollCertRequestEntry> requestEntries = request.getRequestEntries();
if (CollectionUtil.isEmpty(requestEntries)) {
return null;
}
boolean bo = (caName != null);
if (caName == null) {
// detect the CA name
String profile = requestEntries.get(0).getCertprofile();
caName = getCaNameForProfile(profile);
if (caName == null) {
throw new CaClientException("certprofile " + profile + " is not supported by any CA");
}
} else {
caName = caName.toLowerCase();
}
if (bo || request.getRequestEntries().size() > 1) {
// make sure that all requests are targeted on the same CA
for (EnrollCertRequestEntry entry : request.getRequestEntries()) {
String profile = entry.getCertprofile();
checkCertprofileSupportInCa(profile, caName);
}
}
CaConf ca = casMap.get(caName);
if (ca == null) {
throw new CaClientException("could not find CA named " + caName);
}
EnrollCertResultResp result;
try {
result = ca.getRequestor().requestCertificate(request, debug);
} catch (CmpRequestorException ex) {
throw new CaClientException(ex.getMessage(), ex);
}
return parseEnrollCertResult(result);
}
Also used :
EnrollCertResultResp(org.xipki.ca.client.api.dto.EnrollCertResultResp)
EnrollCertRequestEntry(org.xipki.ca.client.api.dto.EnrollCertRequestEntry)
CaClientException(org.xipki.ca.client.api.CaClientException)
Example 2 with EnrollCertResultResp
use of org.xipki.ca.client.api.dto.EnrollCertResultResp in project xipki by xipki.
the class X509CmpRequestor method requestCertificate0.
private EnrollCertResultResp requestCertificate0(PKIMessage reqMessage, Map<BigInteger, String> reqIdIdMap, int expectedBodyType, RequestResponseDebug debug) throws CmpRequestorException, PkiErrorException {
PkiResponse response = signAndSend(reqMessage, debug);
checkProtection(response);
PKIBody respBody = response.getPkiMessage().getBody();
final int bodyType = respBody.getType();
if (PKIBody.TYPE_ERROR == bodyType) {
ErrorMsgContent content = ErrorMsgContent.getInstance(respBody.getContent());
throw new PkiErrorException(content.getPKIStatusInfo());
} else if (expectedBodyType != bodyType) {
throw new CmpRequestorException(String.format("unknown PKI body type %s instead the expected [%s, %s]", bodyType, expectedBodyType, PKIBody.TYPE_ERROR));
}
CertRepMessage certRep = CertRepMessage.getInstance(respBody.getContent());
CertResponse[] certResponses = certRep.getResponse();
EnrollCertResultResp result = new EnrollCertResultResp();
// CA certificates
CMPCertificate[] caPubs = certRep.getCaPubs();
if (caPubs != null && caPubs.length > 0) {
for (int i = 0; i < caPubs.length; i++) {
if (caPubs[i] != null) {
result.addCaCertificate(caPubs[i]);
}
}
}
CertificateConfirmationContentBuilder certConfirmBuilder = null;
if (!CmpUtil.isImplictConfirm(response.getPkiMessage().getHeader())) {
certConfirmBuilder = new CertificateConfirmationContentBuilder();
}
boolean requireConfirm = false;
// We only accept the certificates which are requested.
for (CertResponse certResp : certResponses) {
PKIStatusInfo statusInfo = certResp.getStatus();
int status = statusInfo.getStatus().intValue();
BigInteger certReqId = certResp.getCertReqId().getValue();
String thisId = reqIdIdMap.get(certReqId);
if (thisId != null) {
reqIdIdMap.remove(certReqId);
} else if (reqIdIdMap.size() == 1) {
thisId = reqIdIdMap.values().iterator().next();
reqIdIdMap.clear();
}
if (thisId == null) {
// ignore it. this cert is not requested by me
continue;
}
ResultEntry resultEntry;
if (status == PKIStatus.GRANTED || status == PKIStatus.GRANTED_WITH_MODS) {
CertifiedKeyPair cvk = certResp.getCertifiedKeyPair();
if (cvk == null) {
return null;
}
CMPCertificate cmpCert = cvk.getCertOrEncCert().getCertificate();
if (cmpCert == null) {
return null;
}
resultEntry = new EnrollCertResultEntry(thisId, cmpCert, status);
if (certConfirmBuilder != null) {
requireConfirm = true;
X509CertificateHolder certHolder = null;
try {
certHolder = new X509CertificateHolder(cmpCert.getEncoded());
} catch (IOException ex) {
resultEntry = new ErrorResultEntry(thisId, ClientErrorCode.PKISTATUS_RESPONSE_ERROR, PKIFailureInfo.systemFailure, "could not decode the certificate");
}
if (certHolder != null) {
certConfirmBuilder.addAcceptedCertificate(certHolder, certReqId);
}
}
} else {
PKIFreeText statusString = statusInfo.getStatusString();
String errorMessage = (statusString == null) ? null : statusString.getStringAt(0).getString();
int failureInfo = statusInfo.getFailInfo().intValue();
resultEntry = new ErrorResultEntry(thisId, status, failureInfo, errorMessage);
}
result.addResultEntry(resultEntry);
}
if (CollectionUtil.isNonEmpty(reqIdIdMap)) {
for (BigInteger reqId : reqIdIdMap.keySet()) {
ErrorResultEntry ere = new ErrorResultEntry(reqIdIdMap.get(reqId), ClientErrorCode.PKISTATUS_NO_ANSWER);
result.addResultEntry(ere);
}
}
if (!requireConfirm) {
return result;
}
PKIMessage confirmRequest = buildCertConfirmRequest(response.getPkiMessage().getHeader().getTransactionID(), certConfirmBuilder);
response = signAndSend(confirmRequest, debug);
checkProtection(response);
return result;
}
Also used :
ErrorResultEntry(org.xipki.ca.client.api.dto.ErrorResultEntry)
RevokeCertResultEntry(org.xipki.ca.client.api.dto.RevokeCertResultEntry)
EnrollCertResultEntry(org.xipki.ca.client.api.dto.EnrollCertResultEntry)
ResultEntry(org.xipki.ca.client.api.dto.ResultEntry)
PkiResponse(org.xipki.cmp.PkiResponse)
PKIStatusInfo(org.bouncycastle.asn1.cmp.PKIStatusInfo)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
CMPCertificate(org.bouncycastle.asn1.cmp.CMPCertificate)
PkiErrorException(org.xipki.ca.client.api.PkiErrorException)
CertifiedKeyPair(org.bouncycastle.asn1.cmp.CertifiedKeyPair)
PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage)
PKIBody(org.bouncycastle.asn1.cmp.PKIBody)
CertificateConfirmationContentBuilder(org.bouncycastle.cert.cmp.CertificateConfirmationContentBuilder)
CertResponse(org.bouncycastle.asn1.cmp.CertResponse)
ErrorResultEntry(org.xipki.ca.client.api.dto.ErrorResultEntry)
CertRepMessage(org.bouncycastle.asn1.cmp.CertRepMessage)
IOException(java.io.IOException)
PKIFreeText(org.bouncycastle.asn1.cmp.PKIFreeText)
EnrollCertResultResp(org.xipki.ca.client.api.dto.EnrollCertResultResp)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
BigInteger(java.math.BigInteger)
EnrollCertResultEntry(org.xipki.ca.client.api.dto.EnrollCertResultEntry)
ErrorMsgContent(org.bouncycastle.asn1.cmp.ErrorMsgContent)
Example 3 with EnrollCertResultResp
use of org.xipki.ca.client.api.dto.EnrollCertResultResp in project xipki by xipki.
the class CaClientImpl method requestCert.
@Override
public EnrollCertResult requestCert(String caName, CertificationRequest csr, String profile, Date notBefore, Date notAfter, RequestResponseDebug debug) throws CaClientException, PkiErrorException {
ParamUtil.requireNonNull("csr", csr);
if (caName == null) {
caName = getCaNameForProfile(profile);
} else {
caName = caName.toLowerCase();
}
if (caName == null) {
throw new CaClientException("certprofile " + profile + " is not supported by any CA");
}
CaConf ca = casMap.get(caName);
if (ca == null) {
throw new CaClientException("could not find CA named " + caName);
}
final String id = "cert-1";
CsrEnrollCertRequest request = new CsrEnrollCertRequest(id, profile, csr);
EnrollCertResultResp result;
try {
result = ca.getRequestor().requestCertificate(request, notBefore, notAfter, debug);
} catch (CmpRequestorException ex) {
throw new CaClientException(ex.getMessage(), ex);
}
return parseEnrollCertResult(result);
}
Also used :
CsrEnrollCertRequest(org.xipki.ca.client.api.dto.CsrEnrollCertRequest)
EnrollCertResultResp(org.xipki.ca.client.api.dto.EnrollCertResultResp)
CaClientException(org.xipki.ca.client.api.CaClientException)
Aggregations
EnrollCertResultResp (org.xipki.ca.client.api.dto.EnrollCertResultResp)3
CaClientException (org.xipki.ca.client.api.CaClientException)2
IOException (java.io.IOException)1
BigInteger (java.math.BigInteger)1
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)1
DEROctetString (org.bouncycastle.asn1.DEROctetString)1
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)1
CMPCertificate (org.bouncycastle.asn1.cmp.CMPCertificate)1
CertRepMessage (org.bouncycastle.asn1.cmp.CertRepMessage)1
CertResponse (org.bouncycastle.asn1.cmp.CertResponse)1
CertifiedKeyPair (org.bouncycastle.asn1.cmp.CertifiedKeyPair)1
ErrorMsgContent (org.bouncycastle.asn1.cmp.ErrorMsgContent)1
PKIBody (org.bouncycastle.asn1.cmp.PKIBody)1
PKIFreeText (org.bouncycastle.asn1.cmp.PKIFreeText)1
PKIMessage (org.bouncycastle.asn1.cmp.PKIMessage)1
PKIStatusInfo (org.bouncycastle.asn1.cmp.PKIStatusInfo)1
X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)1
CertificateConfirmationContentBuilder (org.bouncycastle.cert.cmp.CertificateConfirmationContentBuilder)1
PkiErrorException (org.xipki.ca.client.api.PkiErrorException)1
CsrEnrollCertRequest (org.xipki.ca.client.api.dto.CsrEnrollCertRequest)1
