use of org.xipki.console.karaf.CmdFailure in project xipki by xipki.
the class CsrEnrollCertCmd method execute0.
@Override
protected Object execute0() throws Exception {
if (caName != null) {
caName = caName.toLowerCase();
}
CertificationRequest csr = CertificationRequest.getInstance(IoUtil.read(csrFile));
Date notBefore = StringUtil.isNotBlank(notBeforeS) ? DateUtil.parseUtcTimeyyyyMMddhhmmss(notBeforeS) : null;
Date notAfter = StringUtil.isNotBlank(notAfterS) ? DateUtil.parseUtcTimeyyyyMMddhhmmss(notAfterS) : null;
EnrollCertResult result;
RequestResponseDebug debug = getRequestResponseDebug();
try {
result = caClient.requestCert(caName, csr, profile, notBefore, notAfter, debug);
} finally {
saveRequestResponse(debug);
}
X509Certificate cert = null;
if (result != null) {
String id = result.getAllIds().iterator().next();
CertOrError certOrError = result.getCertOrError(id);
cert = (X509Certificate) certOrError.getCertificate();
}
if (cert == null) {
throw new CmdFailure("no certificate received from the server");
}
File certFile = new File(outputFile);
saveVerbose("certificate saved to file", certFile, cert.getEncoded());
return null;
}
use of org.xipki.console.karaf.CmdFailure in project xipki by xipki.
the class GetCrlCmd method execute0.
@Override
protected Object execute0() throws Exception {
if (caName != null) {
caName = caName.toLowerCase();
}
Set<String> caNames = caClient.getCaNames();
if (isEmpty(caNames)) {
throw new IllegalCmdParamException("no CA is configured");
}
if (caName != null && !caNames.contains(caName)) {
throw new IllegalCmdParamException("CA " + caName + " is not within the configured CAs " + caNames);
}
if (caName == null) {
if (caNames.size() == 1) {
caName = caNames.iterator().next();
} else {
throw new IllegalCmdParamException("no CA is specified, one of " + caNames + " is required");
}
}
X509CRL crl = null;
try {
crl = retrieveCrl();
} catch (PkiErrorException ex) {
throw new CmdFailure("received no CRL from server: " + ex.getMessage());
}
if (crl == null) {
throw new CmdFailure("received no CRL from server");
}
saveVerbose("saved CRL to file", new File(outFile), crl.getEncoded());
if (!withBaseCrl.booleanValue()) {
return null;
}
byte[] octetString = crl.getExtensionValue(Extension.deltaCRLIndicator.getId());
if (octetString == null) {
return null;
}
if (baseCrlOut == null) {
baseCrlOut = outFile + "-baseCRL";
}
byte[] extnValue = DEROctetString.getInstance(octetString).getOctets();
BigInteger baseCrlNumber = ASN1Integer.getInstance(extnValue).getPositiveValue();
RequestResponseDebug debug = getRequestResponseDebug();
try {
crl = caClient.downloadCrl(caName, baseCrlNumber, debug);
} catch (PkiErrorException ex) {
throw new CmdFailure("received no baseCRL from server: " + ex.getMessage());
} finally {
saveRequestResponse(debug);
}
if (crl == null) {
throw new CmdFailure("received no baseCRL from server");
}
saveVerbose("saved baseCRL to file", new File(baseCrlOut), crl.getEncoded());
return null;
}
use of org.xipki.console.karaf.CmdFailure in project xipki by xipki.
the class GetCrlCmd method execute0.
@Override
protected Object execute0() throws Exception {
X509Certificate cert = X509Util.parseCert(new File(certFile));
Client client = getScepClient();
X509CRL crl = client.getRevocationList(getIdentityCert(), getIdentityKey(), cert.getIssuerX500Principal(), cert.getSerialNumber());
if (crl == null) {
throw new CmdFailure("received no CRL from server");
}
saveVerbose("saved CRL to file", new File(outputFile), crl.getEncoded());
return null;
}
use of org.xipki.console.karaf.CmdFailure in project xipki by xipki.
the class OcspQaStatusCmd method processResponse.
// method checkParameters
@Override
protected Object processResponse(OCSPResp response, X509Certificate respIssuer, IssuerHash issuerHash, List<BigInteger> serialNumbers, Map<BigInteger, byte[]> encodedCerts) throws Exception {
OcspResponseOption responseOption = new OcspResponseOption();
responseOption.setNextUpdateOccurrence(expectedNextUpdateOccurrence);
responseOption.setCerthashOccurrence(expectedCerthashOccurrence);
responseOption.setNonceOccurrence(expectedNonceOccurrence);
responseOption.setRespIssuer(respIssuer);
responseOption.setSignatureAlgName(sigAlg);
if (isNotBlank(certhashAlg)) {
responseOption.setCerthashAlgId(AlgorithmUtil.getHashAlg(certhashAlg));
}
if (ocspQa == null) {
ocspQa = new OcspQa(securityFactory);
}
ValidationResult result = ocspQa.checkOcsp(response, issuerHash, serialNumbers, encodedCerts, expectedOcspError, expectedStatuses, expecteRevTimes, responseOption, noSigVerify);
StringBuilder sb = new StringBuilder(50);
sb.append("OCSP response is ");
String txt = result.isAllSuccessful() ? "valid" : "invalid";
sb.append(txt);
if (verbose.booleanValue()) {
for (ValidationIssue issue : result.getValidationIssues()) {
sb.append("\n");
format(issue, " ", sb);
}
}
println(sb.toString());
if (!result.isAllSuccessful()) {
throw new CmdFailure("OCSP response is invalid");
}
return null;
}
use of org.xipki.console.karaf.CmdFailure in project xipki by xipki.
the class EnrollCertCmd method execute0.
@Override
protected Object execute0() throws Exception {
ScepClient client = getScepClient();
CertificationRequest csr = CertificationRequest.getInstance(IoUtil.read(csrFile));
EnrolmentResponse resp;
PrivateKey key0 = getIdentityKey();
X509Certificate cert0 = getIdentityCert();
if (StringUtil.isBlank(method)) {
resp = client.scepEnrol(csr, key0, cert0);
} else if ("pkcs".equalsIgnoreCase(method)) {
resp = client.scepPkcsReq(csr, key0, cert0);
} else if ("renewal".equalsIgnoreCase(method)) {
resp = client.scepRenewalReq(csr, key0, cert0);
} else if ("update".equalsIgnoreCase(method)) {
resp = client.scepUpdateReq(csr, key0, cert0);
} else {
throw new CmdFailure("invalid enroll method");
}
if (resp.isFailure()) {
throw new CmdFailure("server returned 'failure'");
}
if (resp.isPending()) {
throw new CmdFailure("server returned 'pending'");
}
X509Certificate cert = resp.getCertificates().get(0);
saveVerbose("saved enrolled certificate to file", new File(outputFile), cert.getEncoded());
return null;
}
Aggregations