use of org.xipki.ca.client.api.dto.UnrevokeOrRemoveCertEntry in project xipki by xipki.
the class X509CmpRequestor method buildUnrevokeOrRemoveCertRequest.
// method buildRevokeCertRequest
private PKIMessage buildUnrevokeOrRemoveCertRequest(UnrevokeOrRemoveCertRequest request, int reasonCode) throws CmpRequestorException {
PKIHeader header = buildPkiHeader(null);
List<UnrevokeOrRemoveCertEntry> requestEntries = request.getRequestEntries();
List<RevDetails> revDetailsArray = new ArrayList<>(requestEntries.size());
for (UnrevokeOrRemoveCertEntry requestEntry : requestEntries) {
CertTemplateBuilder certTempBuilder = new CertTemplateBuilder();
certTempBuilder.setIssuer(requestEntry.getIssuer());
certTempBuilder.setSerialNumber(new ASN1Integer(requestEntry.getSerialNumber()));
byte[] aki = requestEntry.getAuthorityKeyIdentifier();
if (aki != null) {
Extensions certTempExts = getCertTempExtensions(aki);
certTempBuilder.setExtensions(certTempExts);
}
Extension[] extensions = new Extension[1];
try {
ASN1Enumerated reason = new ASN1Enumerated(reasonCode);
extensions[0] = new Extension(Extension.reasonCode, true, new DEROctetString(reason.getEncoded()));
} catch (IOException ex) {
throw new CmpRequestorException(ex.getMessage(), ex);
}
Extensions exts = new Extensions(extensions);
RevDetails revDetails = new RevDetails(certTempBuilder.build(), exts);
revDetailsArray.add(revDetails);
}
RevReqContent content = new RevReqContent(revDetailsArray.toArray(new RevDetails[0]));
PKIBody body = new PKIBody(PKIBody.TYPE_REVOCATION_REQ, content);
return new PKIMessage(header, body);
}
use of org.xipki.ca.client.api.dto.UnrevokeOrRemoveCertEntry in project xipki by xipki.
the class CaClientImpl method removeCerts.
@Override
public Map<String, CertIdOrError> removeCerts(UnrevokeOrRemoveCertRequest request, RequestResponseDebug debug) throws CaClientException, PkiErrorException {
ParamUtil.requireNonNull("request", request);
init0(false);
List<UnrevokeOrRemoveCertEntry> requestEntries = request.getRequestEntries();
if (CollectionUtil.isEmpty(requestEntries)) {
return Collections.emptyMap();
}
X500Name issuer = requestEntries.get(0).getIssuer();
for (int i = 1; i < requestEntries.size(); i++) {
if (!issuer.equals(requestEntries.get(i).getIssuer())) {
throw new PkiErrorException(PKIStatus.REJECTION, PKIFailureInfo.badRequest, "removing certificates issued by more than one CA is not allowed");
}
}
final String caName = getCaNameByIssuer(issuer);
X509CmpRequestor cmpRequestor = casMap.get(caName).getRequestor();
RevokeCertResultType result;
try {
result = cmpRequestor.removeCertificate(request, debug);
} catch (CmpRequestorException ex) {
throw new CaClientException(ex.getMessage(), ex);
}
return parseRevokeCertResult(result);
}
use of org.xipki.ca.client.api.dto.UnrevokeOrRemoveCertEntry in project xipki by xipki.
the class CaClientImpl method unrevokeCert.
private CertIdOrError unrevokeCert(CaConf ca, BigInteger serial, RequestResponseDebug debug) throws CaClientException, PkiErrorException {
ParamUtil.requireNonNull("ca", ca);
ParamUtil.requireNonNull("serial", serial);
final String id = "cert-1";
UnrevokeOrRemoveCertEntry entry = new UnrevokeOrRemoveCertEntry(id, ca.getSubject(), serial);
if (ca.getCmpControl().isRrAkiRequired()) {
entry.setAuthorityKeyIdentifier(ca.getSubjectKeyIdentifier());
}
UnrevokeOrRemoveCertRequest request = new UnrevokeOrRemoveCertRequest();
request.addRequestEntry(entry);
Map<String, CertIdOrError> result = unrevokeCerts(request, debug);
return (result == null) ? null : result.get(id);
}
use of org.xipki.ca.client.api.dto.UnrevokeOrRemoveCertEntry in project xipki by xipki.
the class CaClientImpl method unrevokeCerts.
@Override
public Map<String, CertIdOrError> unrevokeCerts(UnrevokeOrRemoveCertRequest request, RequestResponseDebug debug) throws CaClientException, PkiErrorException {
ParamUtil.requireNonNull("request", request);
init0(false);
List<UnrevokeOrRemoveCertEntry> requestEntries = request.getRequestEntries();
if (CollectionUtil.isEmpty(requestEntries)) {
return Collections.emptyMap();
}
X500Name issuer = requestEntries.get(0).getIssuer();
for (int i = 1; i < requestEntries.size(); i++) {
if (!issuer.equals(requestEntries.get(i).getIssuer())) {
throw new PkiErrorException(PKIStatus.REJECTION, PKIFailureInfo.badRequest, "unrevoking certificates issued by more than one CA is not allowed");
}
}
final String caName = getCaNameByIssuer(issuer);
X509CmpRequestor cmpRequestor = casMap.get(caName).getRequestor();
RevokeCertResultType result;
try {
result = cmpRequestor.unrevokeCertificate(request, debug);
} catch (CmpRequestorException ex) {
throw new CaClientException(ex.getMessage(), ex);
}
return parseRevokeCertResult(result);
}
use of org.xipki.ca.client.api.dto.UnrevokeOrRemoveCertEntry in project xipki by xipki.
the class CaClientImpl method removeCert.
private CertIdOrError removeCert(CaConf ca, BigInteger serial, RequestResponseDebug debug) throws CaClientException, PkiErrorException {
ParamUtil.requireNonNull("ca", ca);
ParamUtil.requireNonNull("serial", serial);
final String id = "cert-1";
UnrevokeOrRemoveCertEntry entry = new UnrevokeOrRemoveCertEntry(id, ca.getSubject(), serial);
if (ca.getCmpControl().isRrAkiRequired()) {
entry.setAuthorityKeyIdentifier(ca.getSubjectKeyIdentifier());
}
UnrevokeOrRemoveCertRequest request = new UnrevokeOrRemoveCertRequest();
request.addRequestEntry(entry);
Map<String, CertIdOrError> result = removeCerts(request, debug);
return (result == null) ? null : result.get(id);
}
Aggregations