Search in sources :

Example 1 with UnrevokeOrRemoveCertEntry

use of org.xipki.ca.client.api.dto.UnrevokeOrRemoveCertEntry in project xipki by xipki.

the class X509CmpRequestor method buildUnrevokeOrRemoveCertRequest.

// method buildRevokeCertRequest
private PKIMessage buildUnrevokeOrRemoveCertRequest(UnrevokeOrRemoveCertRequest request, int reasonCode) throws CmpRequestorException {
    PKIHeader header = buildPkiHeader(null);
    List<UnrevokeOrRemoveCertEntry> requestEntries = request.getRequestEntries();
    List<RevDetails> revDetailsArray = new ArrayList<>(requestEntries.size());
    for (UnrevokeOrRemoveCertEntry requestEntry : requestEntries) {
        CertTemplateBuilder certTempBuilder = new CertTemplateBuilder();
        certTempBuilder.setIssuer(requestEntry.getIssuer());
        certTempBuilder.setSerialNumber(new ASN1Integer(requestEntry.getSerialNumber()));
        byte[] aki = requestEntry.getAuthorityKeyIdentifier();
        if (aki != null) {
            Extensions certTempExts = getCertTempExtensions(aki);
            certTempBuilder.setExtensions(certTempExts);
        }
        Extension[] extensions = new Extension[1];
        try {
            ASN1Enumerated reason = new ASN1Enumerated(reasonCode);
            extensions[0] = new Extension(Extension.reasonCode, true, new DEROctetString(reason.getEncoded()));
        } catch (IOException ex) {
            throw new CmpRequestorException(ex.getMessage(), ex);
        }
        Extensions exts = new Extensions(extensions);
        RevDetails revDetails = new RevDetails(certTempBuilder.build(), exts);
        revDetailsArray.add(revDetails);
    }
    RevReqContent content = new RevReqContent(revDetailsArray.toArray(new RevDetails[0]));
    PKIBody body = new PKIBody(PKIBody.TYPE_REVOCATION_REQ, content);
    return new PKIMessage(header, body);
}
Also used : PKIHeader(org.bouncycastle.asn1.cmp.PKIHeader) PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage) PKIBody(org.bouncycastle.asn1.cmp.PKIBody) ArrayList(java.util.ArrayList) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) IOException(java.io.IOException) Extensions(org.bouncycastle.asn1.x509.Extensions) RevReqContent(org.bouncycastle.asn1.cmp.RevReqContent) DEROctetString(org.bouncycastle.asn1.DEROctetString) Extension(org.bouncycastle.asn1.x509.Extension) CertTemplateBuilder(org.bouncycastle.asn1.crmf.CertTemplateBuilder) ASN1Enumerated(org.bouncycastle.asn1.ASN1Enumerated) UnrevokeOrRemoveCertEntry(org.xipki.ca.client.api.dto.UnrevokeOrRemoveCertEntry) RevDetails(org.bouncycastle.asn1.cmp.RevDetails)

Example 2 with UnrevokeOrRemoveCertEntry

use of org.xipki.ca.client.api.dto.UnrevokeOrRemoveCertEntry in project xipki by xipki.

the class CaClientImpl method removeCerts.

@Override
public Map<String, CertIdOrError> removeCerts(UnrevokeOrRemoveCertRequest request, RequestResponseDebug debug) throws CaClientException, PkiErrorException {
    ParamUtil.requireNonNull("request", request);
    init0(false);
    List<UnrevokeOrRemoveCertEntry> requestEntries = request.getRequestEntries();
    if (CollectionUtil.isEmpty(requestEntries)) {
        return Collections.emptyMap();
    }
    X500Name issuer = requestEntries.get(0).getIssuer();
    for (int i = 1; i < requestEntries.size(); i++) {
        if (!issuer.equals(requestEntries.get(i).getIssuer())) {
            throw new PkiErrorException(PKIStatus.REJECTION, PKIFailureInfo.badRequest, "removing certificates issued by more than one CA is not allowed");
        }
    }
    final String caName = getCaNameByIssuer(issuer);
    X509CmpRequestor cmpRequestor = casMap.get(caName).getRequestor();
    RevokeCertResultType result;
    try {
        result = cmpRequestor.removeCertificate(request, debug);
    } catch (CmpRequestorException ex) {
        throw new CaClientException(ex.getMessage(), ex);
    }
    return parseRevokeCertResult(result);
}
Also used : PkiErrorException(org.xipki.ca.client.api.PkiErrorException) RevokeCertResultType(org.xipki.ca.client.api.dto.RevokeCertResultType) X500Name(org.bouncycastle.asn1.x500.X500Name) UnrevokeOrRemoveCertEntry(org.xipki.ca.client.api.dto.UnrevokeOrRemoveCertEntry) CaClientException(org.xipki.ca.client.api.CaClientException)

Example 3 with UnrevokeOrRemoveCertEntry

use of org.xipki.ca.client.api.dto.UnrevokeOrRemoveCertEntry in project xipki by xipki.

the class CaClientImpl method unrevokeCert.

private CertIdOrError unrevokeCert(CaConf ca, BigInteger serial, RequestResponseDebug debug) throws CaClientException, PkiErrorException {
    ParamUtil.requireNonNull("ca", ca);
    ParamUtil.requireNonNull("serial", serial);
    final String id = "cert-1";
    UnrevokeOrRemoveCertEntry entry = new UnrevokeOrRemoveCertEntry(id, ca.getSubject(), serial);
    if (ca.getCmpControl().isRrAkiRequired()) {
        entry.setAuthorityKeyIdentifier(ca.getSubjectKeyIdentifier());
    }
    UnrevokeOrRemoveCertRequest request = new UnrevokeOrRemoveCertRequest();
    request.addRequestEntry(entry);
    Map<String, CertIdOrError> result = unrevokeCerts(request, debug);
    return (result == null) ? null : result.get(id);
}
Also used : UnrevokeOrRemoveCertRequest(org.xipki.ca.client.api.dto.UnrevokeOrRemoveCertRequest) CertIdOrError(org.xipki.ca.client.api.CertIdOrError) UnrevokeOrRemoveCertEntry(org.xipki.ca.client.api.dto.UnrevokeOrRemoveCertEntry)

Example 4 with UnrevokeOrRemoveCertEntry

use of org.xipki.ca.client.api.dto.UnrevokeOrRemoveCertEntry in project xipki by xipki.

the class CaClientImpl method unrevokeCerts.

@Override
public Map<String, CertIdOrError> unrevokeCerts(UnrevokeOrRemoveCertRequest request, RequestResponseDebug debug) throws CaClientException, PkiErrorException {
    ParamUtil.requireNonNull("request", request);
    init0(false);
    List<UnrevokeOrRemoveCertEntry> requestEntries = request.getRequestEntries();
    if (CollectionUtil.isEmpty(requestEntries)) {
        return Collections.emptyMap();
    }
    X500Name issuer = requestEntries.get(0).getIssuer();
    for (int i = 1; i < requestEntries.size(); i++) {
        if (!issuer.equals(requestEntries.get(i).getIssuer())) {
            throw new PkiErrorException(PKIStatus.REJECTION, PKIFailureInfo.badRequest, "unrevoking certificates issued by more than one CA is not allowed");
        }
    }
    final String caName = getCaNameByIssuer(issuer);
    X509CmpRequestor cmpRequestor = casMap.get(caName).getRequestor();
    RevokeCertResultType result;
    try {
        result = cmpRequestor.unrevokeCertificate(request, debug);
    } catch (CmpRequestorException ex) {
        throw new CaClientException(ex.getMessage(), ex);
    }
    return parseRevokeCertResult(result);
}
Also used : PkiErrorException(org.xipki.ca.client.api.PkiErrorException) RevokeCertResultType(org.xipki.ca.client.api.dto.RevokeCertResultType) X500Name(org.bouncycastle.asn1.x500.X500Name) UnrevokeOrRemoveCertEntry(org.xipki.ca.client.api.dto.UnrevokeOrRemoveCertEntry) CaClientException(org.xipki.ca.client.api.CaClientException)

Example 5 with UnrevokeOrRemoveCertEntry

use of org.xipki.ca.client.api.dto.UnrevokeOrRemoveCertEntry in project xipki by xipki.

the class CaClientImpl method removeCert.

private CertIdOrError removeCert(CaConf ca, BigInteger serial, RequestResponseDebug debug) throws CaClientException, PkiErrorException {
    ParamUtil.requireNonNull("ca", ca);
    ParamUtil.requireNonNull("serial", serial);
    final String id = "cert-1";
    UnrevokeOrRemoveCertEntry entry = new UnrevokeOrRemoveCertEntry(id, ca.getSubject(), serial);
    if (ca.getCmpControl().isRrAkiRequired()) {
        entry.setAuthorityKeyIdentifier(ca.getSubjectKeyIdentifier());
    }
    UnrevokeOrRemoveCertRequest request = new UnrevokeOrRemoveCertRequest();
    request.addRequestEntry(entry);
    Map<String, CertIdOrError> result = removeCerts(request, debug);
    return (result == null) ? null : result.get(id);
}
Also used : UnrevokeOrRemoveCertRequest(org.xipki.ca.client.api.dto.UnrevokeOrRemoveCertRequest) CertIdOrError(org.xipki.ca.client.api.CertIdOrError) UnrevokeOrRemoveCertEntry(org.xipki.ca.client.api.dto.UnrevokeOrRemoveCertEntry)

Aggregations

UnrevokeOrRemoveCertEntry (org.xipki.ca.client.api.dto.UnrevokeOrRemoveCertEntry)5 X500Name (org.bouncycastle.asn1.x500.X500Name)2 CaClientException (org.xipki.ca.client.api.CaClientException)2 CertIdOrError (org.xipki.ca.client.api.CertIdOrError)2 PkiErrorException (org.xipki.ca.client.api.PkiErrorException)2 RevokeCertResultType (org.xipki.ca.client.api.dto.RevokeCertResultType)2 UnrevokeOrRemoveCertRequest (org.xipki.ca.client.api.dto.UnrevokeOrRemoveCertRequest)2 IOException (java.io.IOException)1 ArrayList (java.util.ArrayList)1 ASN1Enumerated (org.bouncycastle.asn1.ASN1Enumerated)1 ASN1Integer (org.bouncycastle.asn1.ASN1Integer)1 DEROctetString (org.bouncycastle.asn1.DEROctetString)1 PKIBody (org.bouncycastle.asn1.cmp.PKIBody)1 PKIHeader (org.bouncycastle.asn1.cmp.PKIHeader)1 PKIMessage (org.bouncycastle.asn1.cmp.PKIMessage)1 RevDetails (org.bouncycastle.asn1.cmp.RevDetails)1 RevReqContent (org.bouncycastle.asn1.cmp.RevReqContent)1 CertTemplateBuilder (org.bouncycastle.asn1.crmf.CertTemplateBuilder)1 Extension (org.bouncycastle.asn1.x509.Extension)1 Extensions (org.bouncycastle.asn1.x509.Extensions)1