Search in sources :

Example 1 with CmdFailure

use of org.xipki.console.karaf.CmdFailure in project xipki by xipki.

the class CsrEnrollCertCmd method execute0.

@Override
protected Object execute0() throws Exception {
    if (caName != null) {
        caName = caName.toLowerCase();
    }
    CertificationRequest csr = CertificationRequest.getInstance(IoUtil.read(csrFile));
    Date notBefore = StringUtil.isNotBlank(notBeforeS) ? DateUtil.parseUtcTimeyyyyMMddhhmmss(notBeforeS) : null;
    Date notAfter = StringUtil.isNotBlank(notAfterS) ? DateUtil.parseUtcTimeyyyyMMddhhmmss(notAfterS) : null;
    EnrollCertResult result;
    RequestResponseDebug debug = getRequestResponseDebug();
    try {
        result = caClient.requestCert(caName, csr, profile, notBefore, notAfter, debug);
    } finally {
        saveRequestResponse(debug);
    }
    X509Certificate cert = null;
    if (result != null) {
        String id = result.getAllIds().iterator().next();
        CertOrError certOrError = result.getCertOrError(id);
        cert = (X509Certificate) certOrError.getCertificate();
    }
    if (cert == null) {
        throw new CmdFailure("no certificate received from the server");
    }
    File certFile = new File(outputFile);
    saveVerbose("certificate saved to file", certFile, cert.getEncoded());
    return null;
}
Also used : RequestResponseDebug(org.xipki.common.RequestResponseDebug) CmdFailure(org.xipki.console.karaf.CmdFailure) EnrollCertResult(org.xipki.ca.client.api.EnrollCertResult) CertOrError(org.xipki.ca.client.api.CertOrError) File(java.io.File) CertificationRequest(org.bouncycastle.asn1.pkcs.CertificationRequest) Date(java.util.Date) X509Certificate(java.security.cert.X509Certificate)

Example 2 with CmdFailure

use of org.xipki.console.karaf.CmdFailure in project xipki by xipki.

the class GetCrlCmd method execute0.

@Override
protected Object execute0() throws Exception {
    if (caName != null) {
        caName = caName.toLowerCase();
    }
    Set<String> caNames = caClient.getCaNames();
    if (isEmpty(caNames)) {
        throw new IllegalCmdParamException("no CA is configured");
    }
    if (caName != null && !caNames.contains(caName)) {
        throw new IllegalCmdParamException("CA " + caName + " is not within the configured CAs " + caNames);
    }
    if (caName == null) {
        if (caNames.size() == 1) {
            caName = caNames.iterator().next();
        } else {
            throw new IllegalCmdParamException("no CA is specified, one of " + caNames + " is required");
        }
    }
    X509CRL crl = null;
    try {
        crl = retrieveCrl();
    } catch (PkiErrorException ex) {
        throw new CmdFailure("received no CRL from server: " + ex.getMessage());
    }
    if (crl == null) {
        throw new CmdFailure("received no CRL from server");
    }
    saveVerbose("saved CRL to file", new File(outFile), crl.getEncoded());
    if (!withBaseCrl.booleanValue()) {
        return null;
    }
    byte[] octetString = crl.getExtensionValue(Extension.deltaCRLIndicator.getId());
    if (octetString == null) {
        return null;
    }
    if (baseCrlOut == null) {
        baseCrlOut = outFile + "-baseCRL";
    }
    byte[] extnValue = DEROctetString.getInstance(octetString).getOctets();
    BigInteger baseCrlNumber = ASN1Integer.getInstance(extnValue).getPositiveValue();
    RequestResponseDebug debug = getRequestResponseDebug();
    try {
        crl = caClient.downloadCrl(caName, baseCrlNumber, debug);
    } catch (PkiErrorException ex) {
        throw new CmdFailure("received no baseCRL from server: " + ex.getMessage());
    } finally {
        saveRequestResponse(debug);
    }
    if (crl == null) {
        throw new CmdFailure("received no baseCRL from server");
    }
    saveVerbose("saved baseCRL to file", new File(baseCrlOut), crl.getEncoded());
    return null;
}
Also used : PkiErrorException(org.xipki.ca.client.api.PkiErrorException) X509CRL(java.security.cert.X509CRL) RequestResponseDebug(org.xipki.common.RequestResponseDebug) CmdFailure(org.xipki.console.karaf.CmdFailure) IllegalCmdParamException(org.xipki.console.karaf.IllegalCmdParamException) BigInteger(java.math.BigInteger) DEROctetString(org.bouncycastle.asn1.DEROctetString) File(java.io.File)

Example 3 with CmdFailure

use of org.xipki.console.karaf.CmdFailure in project xipki by xipki.

the class GetCrlCmd method execute0.

@Override
protected Object execute0() throws Exception {
    X509Certificate cert = X509Util.parseCert(new File(certFile));
    Client client = getScepClient();
    X509CRL crl = client.getRevocationList(getIdentityCert(), getIdentityKey(), cert.getIssuerX500Principal(), cert.getSerialNumber());
    if (crl == null) {
        throw new CmdFailure("received no CRL from server");
    }
    saveVerbose("saved CRL to file", new File(outputFile), crl.getEncoded());
    return null;
}
Also used : X509CRL(java.security.cert.X509CRL) CmdFailure(org.xipki.console.karaf.CmdFailure) Client(org.jscep.client.Client) File(java.io.File) X509Certificate(java.security.cert.X509Certificate)

Example 4 with CmdFailure

use of org.xipki.console.karaf.CmdFailure in project xipki by xipki.

the class OcspQaStatusCmd method processResponse.

// method checkParameters
@Override
protected Object processResponse(OCSPResp response, X509Certificate respIssuer, IssuerHash issuerHash, List<BigInteger> serialNumbers, Map<BigInteger, byte[]> encodedCerts) throws Exception {
    OcspResponseOption responseOption = new OcspResponseOption();
    responseOption.setNextUpdateOccurrence(expectedNextUpdateOccurrence);
    responseOption.setCerthashOccurrence(expectedCerthashOccurrence);
    responseOption.setNonceOccurrence(expectedNonceOccurrence);
    responseOption.setRespIssuer(respIssuer);
    responseOption.setSignatureAlgName(sigAlg);
    if (isNotBlank(certhashAlg)) {
        responseOption.setCerthashAlgId(AlgorithmUtil.getHashAlg(certhashAlg));
    }
    if (ocspQa == null) {
        ocspQa = new OcspQa(securityFactory);
    }
    ValidationResult result = ocspQa.checkOcsp(response, issuerHash, serialNumbers, encodedCerts, expectedOcspError, expectedStatuses, expecteRevTimes, responseOption, noSigVerify);
    StringBuilder sb = new StringBuilder(50);
    sb.append("OCSP response is ");
    String txt = result.isAllSuccessful() ? "valid" : "invalid";
    sb.append(txt);
    if (verbose.booleanValue()) {
        for (ValidationIssue issue : result.getValidationIssues()) {
            sb.append("\n");
            format(issue, "    ", sb);
        }
    }
    println(sb.toString());
    if (!result.isAllSuccessful()) {
        throw new CmdFailure("OCSP response is invalid");
    }
    return null;
}
Also used : OcspQa(org.xipki.ocsp.qa.OcspQa) CmdFailure(org.xipki.console.karaf.CmdFailure) OcspResponseOption(org.xipki.ocsp.qa.OcspResponseOption) ValidationResult(org.xipki.common.qa.ValidationResult) ValidationIssue(org.xipki.common.qa.ValidationIssue)

Example 5 with CmdFailure

use of org.xipki.console.karaf.CmdFailure in project xipki by xipki.

the class EnrollCertCmd method execute0.

@Override
protected Object execute0() throws Exception {
    ScepClient client = getScepClient();
    CertificationRequest csr = CertificationRequest.getInstance(IoUtil.read(csrFile));
    EnrolmentResponse resp;
    PrivateKey key0 = getIdentityKey();
    X509Certificate cert0 = getIdentityCert();
    if (StringUtil.isBlank(method)) {
        resp = client.scepEnrol(csr, key0, cert0);
    } else if ("pkcs".equalsIgnoreCase(method)) {
        resp = client.scepPkcsReq(csr, key0, cert0);
    } else if ("renewal".equalsIgnoreCase(method)) {
        resp = client.scepRenewalReq(csr, key0, cert0);
    } else if ("update".equalsIgnoreCase(method)) {
        resp = client.scepUpdateReq(csr, key0, cert0);
    } else {
        throw new CmdFailure("invalid enroll method");
    }
    if (resp.isFailure()) {
        throw new CmdFailure("server returned 'failure'");
    }
    if (resp.isPending()) {
        throw new CmdFailure("server returned 'pending'");
    }
    X509Certificate cert = resp.getCertificates().get(0);
    saveVerbose("saved enrolled certificate to file", new File(outputFile), cert.getEncoded());
    return null;
}
Also used : PrivateKey(java.security.PrivateKey) CmdFailure(org.xipki.console.karaf.CmdFailure) ScepClient(org.xipki.scep.client.ScepClient) EnrolmentResponse(org.xipki.scep.client.EnrolmentResponse) File(java.io.File) CertificationRequest(org.bouncycastle.asn1.pkcs.CertificationRequest) X509Certificate(java.security.cert.X509Certificate)

Aggregations

CmdFailure (org.xipki.console.karaf.CmdFailure)99 CaMgmtException (org.xipki.ca.server.mgmt.api.CaMgmtException)52 File (java.io.File)20 X509Certificate (java.security.cert.X509Certificate)20 IllegalCmdParamException (org.xipki.console.karaf.IllegalCmdParamException)15 BigInteger (java.math.BigInteger)9 NameId (org.xipki.ca.api.NameId)9 X509CRL (java.security.cert.X509CRL)7 ArrayList (java.util.ArrayList)6 Date (java.util.Date)6 CaEntry (org.xipki.ca.server.mgmt.api.CaEntry)6 RequestResponseDebug (org.xipki.common.RequestResponseDebug)6 PublisherEntry (org.xipki.ca.server.mgmt.api.PublisherEntry)5 ScepClient (org.xipki.scep.client.ScepClient)4 DEROctetString (org.bouncycastle.asn1.DEROctetString)3 CertificationRequest (org.bouncycastle.asn1.pkcs.CertificationRequest)3 X500Name (org.bouncycastle.asn1.x500.X500Name)3 Client (org.jscep.client.Client)3 CertprofileEntry (org.xipki.ca.server.mgmt.api.CertprofileEntry)3 X509CrlSignerEntry (org.xipki.ca.server.mgmt.api.x509.X509CrlSignerEntry)3