Example 1 with RevokeCertRequestEntry
use of org.xipki.ca.client.api.dto.RevokeCertRequestEntry in project xipki by xipki.
the class CaClientImpl method revokeCerts.
@Override
public Map<String, CertIdOrError> revokeCerts(RevokeCertRequest request, RequestResponseDebug debug) throws CaClientException, PkiErrorException {
ParamUtil.requireNonNull("request", request);
List<RevokeCertRequestEntry> requestEntries = request.getRequestEntries();
if (CollectionUtil.isEmpty(requestEntries)) {
return Collections.emptyMap();
}
X500Name issuer = requestEntries.get(0).getIssuer();
for (int i = 1; i < requestEntries.size(); i++) {
if (!issuer.equals(requestEntries.get(i).getIssuer())) {
throw new PkiErrorException(PKIStatus.REJECTION, PKIFailureInfo.badRequest, "revoking certificates issued by more than one CA is not allowed");
}
}
final String caName = getCaNameByIssuer(issuer);
CaConf caConf = casMap.get(caName);
if (caConf.getCmpControl().isRrAkiRequired()) {
byte[] aki = caConf.getSubjectKeyIdentifier();
List<RevokeCertRequestEntry> entries = request.getRequestEntries();
for (RevokeCertRequestEntry entry : entries) {
if (entry.getAuthorityKeyIdentifier() == null) {
entry.setAuthorityKeyIdentifier(aki);
}
}
}
X509CmpRequestor cmpRequestor = caConf.getRequestor();
RevokeCertResultType result;
try {
result = cmpRequestor.revokeCertificate(request, debug);
} catch (CmpRequestorException ex) {
throw new CaClientException(ex.getMessage(), ex);
}
return parseRevokeCertResult(result);
}
Also used :
RevokeCertRequestEntry(org.xipki.ca.client.api.dto.RevokeCertRequestEntry)
PkiErrorException(org.xipki.ca.client.api.PkiErrorException)
RevokeCertResultType(org.xipki.ca.client.api.dto.RevokeCertResultType)
X500Name(org.bouncycastle.asn1.x500.X500Name)
CaClientException(org.xipki.ca.client.api.CaClientException)
Example 2 with RevokeCertRequestEntry
use of org.xipki.ca.client.api.dto.RevokeCertRequestEntry in project xipki by xipki.
the class CaClientImpl method revokeCert.
private CertIdOrError revokeCert(CaConf ca, BigInteger serial, int reason, Date invalidityDate, RequestResponseDebug debug) throws CaClientException, PkiErrorException {
ParamUtil.requireNonNull("ca", ca);
ParamUtil.requireNonNull("serial", serial);
final String id = "cert-1";
RevokeCertRequestEntry entry = new RevokeCertRequestEntry(id, ca.getSubject(), serial, reason, invalidityDate);
if (ca.getCmpControl().isRrAkiRequired()) {
entry.setAuthorityKeyIdentifier(ca.getSubjectKeyIdentifier());
}
RevokeCertRequest request = new RevokeCertRequest();
request.addRequestEntry(entry);
Map<String, CertIdOrError> result = revokeCerts(request, debug);
return (result == null) ? null : result.get(id);
}
Also used :
RevokeCertRequestEntry(org.xipki.ca.client.api.dto.RevokeCertRequestEntry)
CertIdOrError(org.xipki.ca.client.api.CertIdOrError)
RevokeCertRequest(org.xipki.ca.client.api.dto.RevokeCertRequest)
Example 3 with RevokeCertRequestEntry
use of org.xipki.ca.client.api.dto.RevokeCertRequestEntry in project xipki by xipki.
the class X509CmpRequestor method buildRevokeCertRequest.
private PKIMessage buildRevokeCertRequest(RevokeCertRequest request) throws CmpRequestorException {
PKIHeader header = buildPkiHeader(null);
List<RevokeCertRequestEntry> requestEntries = request.getRequestEntries();
List<RevDetails> revDetailsArray = new ArrayList<>(requestEntries.size());
for (RevokeCertRequestEntry requestEntry : requestEntries) {
CertTemplateBuilder certTempBuilder = new CertTemplateBuilder();
certTempBuilder.setIssuer(requestEntry.getIssuer());
certTempBuilder.setSerialNumber(new ASN1Integer(requestEntry.getSerialNumber()));
byte[] aki = requestEntry.getAuthorityKeyIdentifier();
if (aki != null) {
Extensions certTempExts = getCertTempExtensions(aki);
certTempBuilder.setExtensions(certTempExts);
}
Date invalidityDate = requestEntry.getInvalidityDate();
int idx = (invalidityDate == null) ? 1 : 2;
Extension[] extensions = new Extension[idx];
try {
ASN1Enumerated reason = new ASN1Enumerated(requestEntry.getReason());
extensions[0] = new Extension(Extension.reasonCode, true, new DEROctetString(reason.getEncoded()));
if (invalidityDate != null) {
ASN1GeneralizedTime time = new ASN1GeneralizedTime(invalidityDate);
extensions[1] = new Extension(Extension.invalidityDate, true, new DEROctetString(time.getEncoded()));
}
} catch (IOException ex) {
throw new CmpRequestorException(ex.getMessage(), ex);
}
Extensions exts = new Extensions(extensions);
RevDetails revDetails = new RevDetails(certTempBuilder.build(), exts);
revDetailsArray.add(revDetails);
}
RevReqContent content = new RevReqContent(revDetailsArray.toArray(new RevDetails[0]));
PKIBody body = new PKIBody(PKIBody.TYPE_REVOCATION_REQ, content);
return new PKIMessage(header, body);
}
Also used :
PKIHeader(org.bouncycastle.asn1.cmp.PKIHeader)
PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage)
RevokeCertRequestEntry(org.xipki.ca.client.api.dto.RevokeCertRequestEntry)
PKIBody(org.bouncycastle.asn1.cmp.PKIBody)
ArrayList(java.util.ArrayList)
ASN1GeneralizedTime(org.bouncycastle.asn1.ASN1GeneralizedTime)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
IOException(java.io.IOException)
Extensions(org.bouncycastle.asn1.x509.Extensions)
RevReqContent(org.bouncycastle.asn1.cmp.RevReqContent)
Date(java.util.Date)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
Extension(org.bouncycastle.asn1.x509.Extension)
CertTemplateBuilder(org.bouncycastle.asn1.crmf.CertTemplateBuilder)
ASN1Enumerated(org.bouncycastle.asn1.ASN1Enumerated)
RevDetails(org.bouncycastle.asn1.cmp.RevDetails)
Example 4 with RevokeCertRequestEntry
use of org.xipki.ca.client.api.dto.RevokeCertRequestEntry in project xipki by xipki.
the class CaClientImpl method envelopeRevocation.
// method verify
@Override
public byte[] envelopeRevocation(X500Name issuer, BigInteger serial, int reason) throws CaClientException {
ParamUtil.requireNonNull("issuer", issuer);
init0(false);
final String id = "cert-1";
RevokeCertRequestEntry entry = new RevokeCertRequestEntry(id, issuer, serial, reason, null);
RevokeCertRequest request = new RevokeCertRequest();
request.addRequestEntry(entry);
String caName = getCaNameByIssuer(issuer);
X509CmpRequestor cmpRequestor = casMap.get(caName).getRequestor();
try {
PKIMessage pkiMessage = cmpRequestor.envelopeRevocation(request);
return pkiMessage.getEncoded();
} catch (CmpRequestorException | IOException ex) {
throw new CaClientException(ex.getMessage(), ex);
}
}
Also used :
PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage)
RevokeCertRequestEntry(org.xipki.ca.client.api.dto.RevokeCertRequestEntry)
IOException(java.io.IOException)
RevokeCertRequest(org.xipki.ca.client.api.dto.RevokeCertRequest)
CaClientException(org.xipki.ca.client.api.CaClientException)
Aggregations
RevokeCertRequestEntry (org.xipki.ca.client.api.dto.RevokeCertRequestEntry)4
IOException (java.io.IOException)2
PKIMessage (org.bouncycastle.asn1.cmp.PKIMessage)2
CaClientException (org.xipki.ca.client.api.CaClientException)2
RevokeCertRequest (org.xipki.ca.client.api.dto.RevokeCertRequest)2
ArrayList (java.util.ArrayList)1
Date (java.util.Date)1
ASN1Enumerated (org.bouncycastle.asn1.ASN1Enumerated)1
ASN1GeneralizedTime (org.bouncycastle.asn1.ASN1GeneralizedTime)1
ASN1Integer (org.bouncycastle.asn1.ASN1Integer)1
DEROctetString (org.bouncycastle.asn1.DEROctetString)1
PKIBody (org.bouncycastle.asn1.cmp.PKIBody)1
PKIHeader (org.bouncycastle.asn1.cmp.PKIHeader)1
RevDetails (org.bouncycastle.asn1.cmp.RevDetails)1
RevReqContent (org.bouncycastle.asn1.cmp.RevReqContent)1
CertTemplateBuilder (org.bouncycastle.asn1.crmf.CertTemplateBuilder)1
X500Name (org.bouncycastle.asn1.x500.X500Name)1
Extension (org.bouncycastle.asn1.x509.Extension)1
Extensions (org.bouncycastle.asn1.x509.Extensions)1
CertIdOrError (org.xipki.ca.client.api.CertIdOrError)1
