Example 1 with CmdFailure
use of org.xipki.console.karaf.CmdFailure in project xipki by xipki.
the class CsrEnrollCertCmd method execute0.
@Override
protected Object execute0() throws Exception {
if (caName != null) {
caName = caName.toLowerCase();
}
CertificationRequest csr = CertificationRequest.getInstance(IoUtil.read(csrFile));
Date notBefore = StringUtil.isNotBlank(notBeforeS) ? DateUtil.parseUtcTimeyyyyMMddhhmmss(notBeforeS) : null;
Date notAfter = StringUtil.isNotBlank(notAfterS) ? DateUtil.parseUtcTimeyyyyMMddhhmmss(notAfterS) : null;
EnrollCertResult result;
RequestResponseDebug debug = getRequestResponseDebug();
try {
result = caClient.requestCert(caName, csr, profile, notBefore, notAfter, debug);
} finally {
saveRequestResponse(debug);
}
X509Certificate cert = null;
if (result != null) {
String id = result.getAllIds().iterator().next();
CertOrError certOrError = result.getCertOrError(id);
cert = (X509Certificate) certOrError.getCertificate();
}
if (cert == null) {
throw new CmdFailure("no certificate received from the server");
}
File certFile = new File(outputFile);
saveVerbose("certificate saved to file", certFile, cert.getEncoded());
return null;
}
Also used :
RequestResponseDebug(org.xipki.common.RequestResponseDebug)
CmdFailure(org.xipki.console.karaf.CmdFailure)
EnrollCertResult(org.xipki.ca.client.api.EnrollCertResult)
CertOrError(org.xipki.ca.client.api.CertOrError)
File(java.io.File)
CertificationRequest(org.bouncycastle.asn1.pkcs.CertificationRequest)
Date(java.util.Date)
X509Certificate(java.security.cert.X509Certificate)
Example 2 with CmdFailure
use of org.xipki.console.karaf.CmdFailure in project xipki by xipki.
the class GetCrlCmd method execute0.
@Override
protected Object execute0() throws Exception {
if (caName != null) {
caName = caName.toLowerCase();
}
Set<String> caNames = caClient.getCaNames();
if (isEmpty(caNames)) {
throw new IllegalCmdParamException("no CA is configured");
}
if (caName != null && !caNames.contains(caName)) {
throw new IllegalCmdParamException("CA " + caName + " is not within the configured CAs " + caNames);
}
if (caName == null) {
if (caNames.size() == 1) {
caName = caNames.iterator().next();
} else {
throw new IllegalCmdParamException("no CA is specified, one of " + caNames + " is required");
}
}
X509CRL crl = null;
try {
crl = retrieveCrl();
} catch (PkiErrorException ex) {
throw new CmdFailure("received no CRL from server: " + ex.getMessage());
}
if (crl == null) {
throw new CmdFailure("received no CRL from server");
}
saveVerbose("saved CRL to file", new File(outFile), crl.getEncoded());
if (!withBaseCrl.booleanValue()) {
return null;
}
byte[] octetString = crl.getExtensionValue(Extension.deltaCRLIndicator.getId());
if (octetString == null) {
return null;
}
if (baseCrlOut == null) {
baseCrlOut = outFile + "-baseCRL";
}
byte[] extnValue = DEROctetString.getInstance(octetString).getOctets();
BigInteger baseCrlNumber = ASN1Integer.getInstance(extnValue).getPositiveValue();
RequestResponseDebug debug = getRequestResponseDebug();
try {
crl = caClient.downloadCrl(caName, baseCrlNumber, debug);
} catch (PkiErrorException ex) {
throw new CmdFailure("received no baseCRL from server: " + ex.getMessage());
} finally {
saveRequestResponse(debug);
}
if (crl == null) {
throw new CmdFailure("received no baseCRL from server");
}
saveVerbose("saved baseCRL to file", new File(baseCrlOut), crl.getEncoded());
return null;
}
Also used :
PkiErrorException(org.xipki.ca.client.api.PkiErrorException)
X509CRL(java.security.cert.X509CRL)
RequestResponseDebug(org.xipki.common.RequestResponseDebug)
CmdFailure(org.xipki.console.karaf.CmdFailure)
IllegalCmdParamException(org.xipki.console.karaf.IllegalCmdParamException)
BigInteger(java.math.BigInteger)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
File(java.io.File)
Example 3 with CmdFailure
use of org.xipki.console.karaf.CmdFailure in project xipki by xipki.
the class GetCrlCmd method execute0.
@Override
protected Object execute0() throws Exception {
X509Certificate cert = X509Util.parseCert(new File(certFile));
Client client = getScepClient();
X509CRL crl = client.getRevocationList(getIdentityCert(), getIdentityKey(), cert.getIssuerX500Principal(), cert.getSerialNumber());
if (crl == null) {
throw new CmdFailure("received no CRL from server");
}
saveVerbose("saved CRL to file", new File(outputFile), crl.getEncoded());
return null;
}
Also used :
X509CRL(java.security.cert.X509CRL)
CmdFailure(org.xipki.console.karaf.CmdFailure)
Client(org.jscep.client.Client)
File(java.io.File)
X509Certificate(java.security.cert.X509Certificate)
Example 4 with CmdFailure
use of org.xipki.console.karaf.CmdFailure in project xipki by xipki.
the class OcspQaStatusCmd method processResponse.
// method checkParameters
@Override
protected Object processResponse(OCSPResp response, X509Certificate respIssuer, IssuerHash issuerHash, List<BigInteger> serialNumbers, Map<BigInteger, byte[]> encodedCerts) throws Exception {
OcspResponseOption responseOption = new OcspResponseOption();
responseOption.setNextUpdateOccurrence(expectedNextUpdateOccurrence);
responseOption.setCerthashOccurrence(expectedCerthashOccurrence);
responseOption.setNonceOccurrence(expectedNonceOccurrence);
responseOption.setRespIssuer(respIssuer);
responseOption.setSignatureAlgName(sigAlg);
if (isNotBlank(certhashAlg)) {
responseOption.setCerthashAlgId(AlgorithmUtil.getHashAlg(certhashAlg));
}
if (ocspQa == null) {
ocspQa = new OcspQa(securityFactory);
}
ValidationResult result = ocspQa.checkOcsp(response, issuerHash, serialNumbers, encodedCerts, expectedOcspError, expectedStatuses, expecteRevTimes, responseOption, noSigVerify);
StringBuilder sb = new StringBuilder(50);
sb.append("OCSP response is ");
String txt = result.isAllSuccessful() ? "valid" : "invalid";
sb.append(txt);
if (verbose.booleanValue()) {
for (ValidationIssue issue : result.getValidationIssues()) {
sb.append("\n");
format(issue, " ", sb);
}
}
println(sb.toString());
if (!result.isAllSuccessful()) {
throw new CmdFailure("OCSP response is invalid");
}
return null;
}
Also used :
OcspQa(org.xipki.ocsp.qa.OcspQa)
CmdFailure(org.xipki.console.karaf.CmdFailure)
OcspResponseOption(org.xipki.ocsp.qa.OcspResponseOption)
ValidationResult(org.xipki.common.qa.ValidationResult)
ValidationIssue(org.xipki.common.qa.ValidationIssue)
Example 5 with CmdFailure
use of org.xipki.console.karaf.CmdFailure in project xipki by xipki.
the class EnrollCertCmd method execute0.
@Override
protected Object execute0() throws Exception {
ScepClient client = getScepClient();
CertificationRequest csr = CertificationRequest.getInstance(IoUtil.read(csrFile));
EnrolmentResponse resp;
PrivateKey key0 = getIdentityKey();
X509Certificate cert0 = getIdentityCert();
if (StringUtil.isBlank(method)) {
resp = client.scepEnrol(csr, key0, cert0);
} else if ("pkcs".equalsIgnoreCase(method)) {
resp = client.scepPkcsReq(csr, key0, cert0);
} else if ("renewal".equalsIgnoreCase(method)) {
resp = client.scepRenewalReq(csr, key0, cert0);
} else if ("update".equalsIgnoreCase(method)) {
resp = client.scepUpdateReq(csr, key0, cert0);
} else {
throw new CmdFailure("invalid enroll method");
}
if (resp.isFailure()) {
throw new CmdFailure("server returned 'failure'");
}
if (resp.isPending()) {
throw new CmdFailure("server returned 'pending'");
}
X509Certificate cert = resp.getCertificates().get(0);
saveVerbose("saved enrolled certificate to file", new File(outputFile), cert.getEncoded());
return null;
}
Also used :
PrivateKey(java.security.PrivateKey)
CmdFailure(org.xipki.console.karaf.CmdFailure)
ScepClient(org.xipki.scep.client.ScepClient)
EnrolmentResponse(org.xipki.scep.client.EnrolmentResponse)
File(java.io.File)
CertificationRequest(org.bouncycastle.asn1.pkcs.CertificationRequest)
X509Certificate(java.security.cert.X509Certificate)
Aggregations
CmdFailure (org.xipki.console.karaf.CmdFailure)99
CaMgmtException (org.xipki.ca.server.mgmt.api.CaMgmtException)52
File (java.io.File)20
X509Certificate (java.security.cert.X509Certificate)20
IllegalCmdParamException (org.xipki.console.karaf.IllegalCmdParamException)15
BigInteger (java.math.BigInteger)9
NameId (org.xipki.ca.api.NameId)9
X509CRL (java.security.cert.X509CRL)7
ArrayList (java.util.ArrayList)6
Date (java.util.Date)6
CaEntry (org.xipki.ca.server.mgmt.api.CaEntry)6
RequestResponseDebug (org.xipki.common.RequestResponseDebug)6
PublisherEntry (org.xipki.ca.server.mgmt.api.PublisherEntry)5
ScepClient (org.xipki.scep.client.ScepClient)4
DEROctetString (org.bouncycastle.asn1.DEROctetString)3
CertificationRequest (org.bouncycastle.asn1.pkcs.CertificationRequest)3
X500Name (org.bouncycastle.asn1.x500.X500Name)3
Client (org.jscep.client.Client)3
CertprofileEntry (org.xipki.ca.server.mgmt.api.CertprofileEntry)3
X509CrlSignerEntry (org.xipki.ca.server.mgmt.api.x509.X509CrlSignerEntry)3
