Example 1 with X509CertprofileQa
use of org.xipki.ca.qa.X509CertprofileQa in project xipki by xipki.
the class CheckCertCmd method execute0.
@Override
protected Object execute0() throws Exception {
Set<String> issuerNames = qaSystemManager.getIssuerNames();
if (isEmpty(issuerNames)) {
throw new IllegalCmdParamException("no issuer is configured");
}
if (issuerName == null) {
if (issuerNames.size() != 1) {
throw new IllegalCmdParamException("no issuer is specified");
}
issuerName = issuerNames.iterator().next();
}
if (!issuerNames.contains(issuerName)) {
throw new IllegalCmdParamException("issuer " + issuerName + " is not within the configured issuers " + issuerNames);
}
X509IssuerInfo issuerInfo = qaSystemManager.getIssuer(issuerName);
X509CertprofileQa qa = qaSystemManager.getCertprofile(profileName);
if (qa == null) {
throw new IllegalCmdParamException("found no certificate profile named '" + profileName + "'");
}
CertificationRequest csr = CertificationRequest.getInstance(IoUtil.read(csrFile));
Extensions extensions = null;
CertificationRequestInfo reqInfo = csr.getCertificationRequestInfo();
ASN1Set attrs = reqInfo.getAttributes();
for (int i = 0; i < attrs.size(); i++) {
Attribute attr = Attribute.getInstance(attrs.getObjectAt(i));
if (PKCSObjectIdentifiers.pkcs_9_at_extensionRequest.equals(attr.getAttrType())) {
extensions = Extensions.getInstance(attr.getAttributeValues()[0]);
}
}
byte[] certBytes = IoUtil.read(certFile);
ValidationResult result = qa.checkCert(certBytes, issuerInfo, reqInfo.getSubject(), reqInfo.getSubjectPublicKeyInfo(), extensions);
StringBuilder sb = new StringBuilder();
sb.append(certFile).append(" (certprofile ").append(profileName).append(")\n");
sb.append("\tcertificate is ");
sb.append(result.isAllSuccessful() ? "valid" : "invalid");
if (verbose.booleanValue()) {
for (ValidationIssue issue : result.getValidationIssues()) {
sb.append("\n");
format(issue, " ", sb);
}
}
println(sb.toString());
if (!result.isAllSuccessful()) {
throw new CmdFailure("certificate is invalid");
}
return null;
}
Also used :
X509CertprofileQa(org.xipki.ca.qa.X509CertprofileQa)
CertificationRequestInfo(org.bouncycastle.asn1.pkcs.CertificationRequestInfo)
Attribute(org.bouncycastle.asn1.pkcs.Attribute)
X509IssuerInfo(org.xipki.ca.qa.X509IssuerInfo)
Extensions(org.bouncycastle.asn1.x509.Extensions)
ValidationResult(org.xipki.common.qa.ValidationResult)
ValidationIssue(org.xipki.common.qa.ValidationIssue)
ASN1Set(org.bouncycastle.asn1.ASN1Set)
CmdFailure(org.xipki.console.karaf.CmdFailure)
IllegalCmdParamException(org.xipki.console.karaf.IllegalCmdParamException)
CertificationRequest(org.bouncycastle.asn1.pkcs.CertificationRequest)
Aggregations
ASN1Set (org.bouncycastle.asn1.ASN1Set)1
Attribute (org.bouncycastle.asn1.pkcs.Attribute)1
CertificationRequest (org.bouncycastle.asn1.pkcs.CertificationRequest)1
CertificationRequestInfo (org.bouncycastle.asn1.pkcs.CertificationRequestInfo)1
Extensions (org.bouncycastle.asn1.x509.Extensions)1
X509CertprofileQa (org.xipki.ca.qa.X509CertprofileQa)1
X509IssuerInfo (org.xipki.ca.qa.X509IssuerInfo)1
ValidationIssue (org.xipki.common.qa.ValidationIssue)1
ValidationResult (org.xipki.common.qa.ValidationResult)1
CmdFailure (org.xipki.console.karaf.CmdFailure)1
IllegalCmdParamException (org.xipki.console.karaf.IllegalCmdParamException)1
