Search in sources :

Example 1 with RevokeCertResultType

use of org.xipki.ca.client.api.dto.RevokeCertResultType in project xipki by xipki.

the class X509CmpRequestor method parse.

private RevokeCertResultType parse(PkiResponse response, List<? extends IssuerSerialEntry> reqEntries) throws CmpRequestorException, PkiErrorException {
    ParamUtil.requireNonNull("response", response);
    checkProtection(response);
    PKIBody respBody = response.getPkiMessage().getBody();
    int bodyType = respBody.getType();
    if (PKIBody.TYPE_ERROR == bodyType) {
        ErrorMsgContent content = ErrorMsgContent.getInstance(respBody.getContent());
        throw new PkiErrorException(content.getPKIStatusInfo());
    } else if (PKIBody.TYPE_REVOCATION_REP != bodyType) {
        throw new CmpRequestorException(String.format("unknown PKI body type %s instead the expected [%s, %s]", bodyType, PKIBody.TYPE_REVOCATION_REP, PKIBody.TYPE_ERROR));
    }
    RevRepContent content = RevRepContent.getInstance(respBody.getContent());
    PKIStatusInfo[] statuses = content.getStatus();
    if (statuses == null || statuses.length != reqEntries.size()) {
        int statusesLen = 0;
        if (statuses != null) {
            statusesLen = statuses.length;
        }
        throw new CmpRequestorException(String.format("incorrect number of status entries in response '%s' instead the expected '%s'", statusesLen, reqEntries.size()));
    }
    CertId[] revCerts = content.getRevCerts();
    RevokeCertResultType result = new RevokeCertResultType();
    for (int i = 0; i < statuses.length; i++) {
        PKIStatusInfo statusInfo = statuses[i];
        int status = statusInfo.getStatus().intValue();
        IssuerSerialEntry re = reqEntries.get(i);
        if (status != PKIStatus.GRANTED && status != PKIStatus.GRANTED_WITH_MODS) {
            PKIFreeText text = statusInfo.getStatusString();
            String statusString = (text == null) ? null : text.getStringAt(0).getString();
            ResultEntry resultEntry = new ErrorResultEntry(re.getId(), status, statusInfo.getFailInfo().intValue(), statusString);
            result.addResultEntry(resultEntry);
            continue;
        }
        CertId certId = null;
        if (revCerts != null) {
            for (CertId entry : revCerts) {
                if (re.getIssuer().equals(entry.getIssuer().getName()) && re.getSerialNumber().equals(entry.getSerialNumber().getValue())) {
                    certId = entry;
                    break;
                }
            }
        }
        if (certId == null) {
            LOG.warn("certId is not present in response for (issuer='{}', serialNumber={})", X509Util.getRfc4519Name(re.getIssuer()), LogUtil.formatCsn(re.getSerialNumber()));
            certId = new CertId(new GeneralName(re.getIssuer()), re.getSerialNumber());
            continue;
        }
        ResultEntry resultEntry = new RevokeCertResultEntry(re.getId(), certId);
        result.addResultEntry(resultEntry);
    }
    return result;
}
Also used : ErrorResultEntry(org.xipki.ca.client.api.dto.ErrorResultEntry) RevokeCertResultEntry(org.xipki.ca.client.api.dto.RevokeCertResultEntry) EnrollCertResultEntry(org.xipki.ca.client.api.dto.EnrollCertResultEntry) ResultEntry(org.xipki.ca.client.api.dto.ResultEntry) PKIBody(org.bouncycastle.asn1.cmp.PKIBody) RevokeCertResultEntry(org.xipki.ca.client.api.dto.RevokeCertResultEntry) CertId(org.bouncycastle.asn1.crmf.CertId) PKIStatusInfo(org.bouncycastle.asn1.cmp.PKIStatusInfo) ErrorResultEntry(org.xipki.ca.client.api.dto.ErrorResultEntry) IssuerSerialEntry(org.xipki.ca.client.api.dto.IssuerSerialEntry) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) DEROctetString(org.bouncycastle.asn1.DEROctetString) RevRepContent(org.bouncycastle.asn1.cmp.RevRepContent) PKIFreeText(org.bouncycastle.asn1.cmp.PKIFreeText) PkiErrorException(org.xipki.ca.client.api.PkiErrorException) RevokeCertResultType(org.xipki.ca.client.api.dto.RevokeCertResultType) GeneralName(org.bouncycastle.asn1.x509.GeneralName) ErrorMsgContent(org.bouncycastle.asn1.cmp.ErrorMsgContent)

Example 2 with RevokeCertResultType

use of org.xipki.ca.client.api.dto.RevokeCertResultType in project xipki by xipki.

the class CaClientImpl method removeCerts.

@Override
public Map<String, CertIdOrError> removeCerts(UnrevokeOrRemoveCertRequest request, RequestResponseDebug debug) throws CaClientException, PkiErrorException {
    ParamUtil.requireNonNull("request", request);
    init0(false);
    List<UnrevokeOrRemoveCertEntry> requestEntries = request.getRequestEntries();
    if (CollectionUtil.isEmpty(requestEntries)) {
        return Collections.emptyMap();
    }
    X500Name issuer = requestEntries.get(0).getIssuer();
    for (int i = 1; i < requestEntries.size(); i++) {
        if (!issuer.equals(requestEntries.get(i).getIssuer())) {
            throw new PkiErrorException(PKIStatus.REJECTION, PKIFailureInfo.badRequest, "removing certificates issued by more than one CA is not allowed");
        }
    }
    final String caName = getCaNameByIssuer(issuer);
    X509CmpRequestor cmpRequestor = casMap.get(caName).getRequestor();
    RevokeCertResultType result;
    try {
        result = cmpRequestor.removeCertificate(request, debug);
    } catch (CmpRequestorException ex) {
        throw new CaClientException(ex.getMessage(), ex);
    }
    return parseRevokeCertResult(result);
}
Also used : PkiErrorException(org.xipki.ca.client.api.PkiErrorException) RevokeCertResultType(org.xipki.ca.client.api.dto.RevokeCertResultType) X500Name(org.bouncycastle.asn1.x500.X500Name) UnrevokeOrRemoveCertEntry(org.xipki.ca.client.api.dto.UnrevokeOrRemoveCertEntry) CaClientException(org.xipki.ca.client.api.CaClientException)

Example 3 with RevokeCertResultType

use of org.xipki.ca.client.api.dto.RevokeCertResultType in project xipki by xipki.

the class CaClientImpl method revokeCerts.

@Override
public Map<String, CertIdOrError> revokeCerts(RevokeCertRequest request, RequestResponseDebug debug) throws CaClientException, PkiErrorException {
    ParamUtil.requireNonNull("request", request);
    List<RevokeCertRequestEntry> requestEntries = request.getRequestEntries();
    if (CollectionUtil.isEmpty(requestEntries)) {
        return Collections.emptyMap();
    }
    X500Name issuer = requestEntries.get(0).getIssuer();
    for (int i = 1; i < requestEntries.size(); i++) {
        if (!issuer.equals(requestEntries.get(i).getIssuer())) {
            throw new PkiErrorException(PKIStatus.REJECTION, PKIFailureInfo.badRequest, "revoking certificates issued by more than one CA is not allowed");
        }
    }
    final String caName = getCaNameByIssuer(issuer);
    CaConf caConf = casMap.get(caName);
    if (caConf.getCmpControl().isRrAkiRequired()) {
        byte[] aki = caConf.getSubjectKeyIdentifier();
        List<RevokeCertRequestEntry> entries = request.getRequestEntries();
        for (RevokeCertRequestEntry entry : entries) {
            if (entry.getAuthorityKeyIdentifier() == null) {
                entry.setAuthorityKeyIdentifier(aki);
            }
        }
    }
    X509CmpRequestor cmpRequestor = caConf.getRequestor();
    RevokeCertResultType result;
    try {
        result = cmpRequestor.revokeCertificate(request, debug);
    } catch (CmpRequestorException ex) {
        throw new CaClientException(ex.getMessage(), ex);
    }
    return parseRevokeCertResult(result);
}
Also used : RevokeCertRequestEntry(org.xipki.ca.client.api.dto.RevokeCertRequestEntry) PkiErrorException(org.xipki.ca.client.api.PkiErrorException) RevokeCertResultType(org.xipki.ca.client.api.dto.RevokeCertResultType) X500Name(org.bouncycastle.asn1.x500.X500Name) CaClientException(org.xipki.ca.client.api.CaClientException)

Example 4 with RevokeCertResultType

use of org.xipki.ca.client.api.dto.RevokeCertResultType in project xipki by xipki.

the class CaClientImpl method unrevokeCerts.

@Override
public Map<String, CertIdOrError> unrevokeCerts(UnrevokeOrRemoveCertRequest request, RequestResponseDebug debug) throws CaClientException, PkiErrorException {
    ParamUtil.requireNonNull("request", request);
    init0(false);
    List<UnrevokeOrRemoveCertEntry> requestEntries = request.getRequestEntries();
    if (CollectionUtil.isEmpty(requestEntries)) {
        return Collections.emptyMap();
    }
    X500Name issuer = requestEntries.get(0).getIssuer();
    for (int i = 1; i < requestEntries.size(); i++) {
        if (!issuer.equals(requestEntries.get(i).getIssuer())) {
            throw new PkiErrorException(PKIStatus.REJECTION, PKIFailureInfo.badRequest, "unrevoking certificates issued by more than one CA is not allowed");
        }
    }
    final String caName = getCaNameByIssuer(issuer);
    X509CmpRequestor cmpRequestor = casMap.get(caName).getRequestor();
    RevokeCertResultType result;
    try {
        result = cmpRequestor.unrevokeCertificate(request, debug);
    } catch (CmpRequestorException ex) {
        throw new CaClientException(ex.getMessage(), ex);
    }
    return parseRevokeCertResult(result);
}
Also used : PkiErrorException(org.xipki.ca.client.api.PkiErrorException) RevokeCertResultType(org.xipki.ca.client.api.dto.RevokeCertResultType) X500Name(org.bouncycastle.asn1.x500.X500Name) UnrevokeOrRemoveCertEntry(org.xipki.ca.client.api.dto.UnrevokeOrRemoveCertEntry) CaClientException(org.xipki.ca.client.api.CaClientException)

Aggregations

PkiErrorException (org.xipki.ca.client.api.PkiErrorException)4 RevokeCertResultType (org.xipki.ca.client.api.dto.RevokeCertResultType)4 X500Name (org.bouncycastle.asn1.x500.X500Name)3 CaClientException (org.xipki.ca.client.api.CaClientException)3 UnrevokeOrRemoveCertEntry (org.xipki.ca.client.api.dto.UnrevokeOrRemoveCertEntry)2 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)1 DEROctetString (org.bouncycastle.asn1.DEROctetString)1 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)1 ErrorMsgContent (org.bouncycastle.asn1.cmp.ErrorMsgContent)1 PKIBody (org.bouncycastle.asn1.cmp.PKIBody)1 PKIFreeText (org.bouncycastle.asn1.cmp.PKIFreeText)1 PKIStatusInfo (org.bouncycastle.asn1.cmp.PKIStatusInfo)1 RevRepContent (org.bouncycastle.asn1.cmp.RevRepContent)1 CertId (org.bouncycastle.asn1.crmf.CertId)1 GeneralName (org.bouncycastle.asn1.x509.GeneralName)1 EnrollCertResultEntry (org.xipki.ca.client.api.dto.EnrollCertResultEntry)1 ErrorResultEntry (org.xipki.ca.client.api.dto.ErrorResultEntry)1 IssuerSerialEntry (org.xipki.ca.client.api.dto.IssuerSerialEntry)1 ResultEntry (org.xipki.ca.client.api.dto.ResultEntry)1 RevokeCertRequestEntry (org.xipki.ca.client.api.dto.RevokeCertRequestEntry)1