Example 51 with CmdFailure
use of org.xipki.console.karaf.CmdFailure in project xipki by xipki.
the class ResponderAddCmd method execute0.
@Override
protected Object execute0() throws Exception {
String base64Cert = null;
X509Certificate signerCert = null;
if (certFile != null) {
signerCert = X509Util.parseCert(certFile);
base64Cert = IoUtil.base64Encode(signerCert.getEncoded(), false);
}
if ("PKCS12".equalsIgnoreCase(signerType) || "JKS".equalsIgnoreCase(signerType)) {
signerConf = ShellUtil.canonicalizeSignerConf(signerType, signerConf, passwordResolver, securityFactory);
}
ResponderEntry entry = new ResponderEntry(name, signerType, signerConf, base64Cert);
String msg = "CMP responder " + name;
try {
caManager.addResponder(entry);
println("added " + msg);
return null;
} catch (CaMgmtException ex) {
throw new CmdFailure("could not add " + msg + ", error: " + ex.getMessage(), ex);
}
}
Also used :
CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException)
CmdFailure(org.xipki.console.karaf.CmdFailure)
ResponderEntry(org.xipki.ca.server.mgmt.api.ResponderEntry)
X509Certificate(java.security.cert.X509Certificate)
Example 52 with CmdFailure
use of org.xipki.console.karaf.CmdFailure in project xipki by xipki.
the class ScepAddCmd method execute0.
@Override
protected Object execute0() throws Exception {
ScepEntry entry = new ScepEntry(name, new NameId(null, caName), !inactive, responderName, profiles, scepControl);
String msg = "SCEP " + name;
try {
caManager.addScep(entry);
println("added " + msg);
return null;
} catch (CaMgmtException ex) {
throw new CmdFailure("could not add " + msg + ", error: " + ex.getMessage(), ex);
}
}
Also used :
CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException)
NameId(org.xipki.ca.api.NameId)
CmdFailure(org.xipki.console.karaf.CmdFailure)
ScepEntry(org.xipki.ca.server.mgmt.api.x509.ScepEntry)
Example 53 with CmdFailure
use of org.xipki.console.karaf.CmdFailure in project xipki by xipki.
the class ProfileCheckCmd method execute0.
@Override
protected Object execute0() throws Exception {
println("checking profile " + name);
if (type == null && conf == null && confFile == null) {
System.out.println("nothing to update");
return null;
}
if (conf == null && confFile != null) {
conf = new String(IoUtil.read(confFile));
}
CertprofileEntry cp = caManager.getCertprofile(name);
if (cp == null) {
throw new CmdFailure("certificate profile named '" + name + "' is not configured");
}
if (cp.getType() != null) {
MgmtQaShellUtil.assertEquals("type", type, cp.getType());
}
MgmtQaShellUtil.assertEquals("conf", conf, cp.getConf());
println(" checked profile " + name);
return null;
}
Also used :
CmdFailure(org.xipki.console.karaf.CmdFailure)
CertprofileEntry(org.xipki.ca.server.mgmt.api.CertprofileEntry)
Example 54 with CmdFailure
use of org.xipki.console.karaf.CmdFailure in project xipki by xipki.
the class RequestorCheckCmd method execute0.
@Override
protected Object execute0() throws Exception {
println("checking requestor " + name);
RequestorEntry cr = caManager.getRequestor(name);
if (cr == null) {
throw new CmdFailure("requestor named '" + name + "' is not configured");
}
byte[] ex = IoUtil.read(certFile);
if (cr.getBase64Cert() == null) {
throw new CmdFailure("Cert: is not configured explicitly as expected");
}
if (!Arrays.equals(ex, Base64.decode(cr.getBase64Cert()))) {
throw new CmdFailure("Cert: the expected one and the actual one differ");
}
println(" checked requestor " + name);
return null;
}
Also used :
CmdFailure(org.xipki.console.karaf.CmdFailure)
RequestorEntry(org.xipki.ca.server.mgmt.api.RequestorEntry)
Example 55 with CmdFailure
use of org.xipki.console.karaf.CmdFailure in project xipki by xipki.
the class CheckCertCmd method execute0.
@Override
protected Object execute0() throws Exception {
Set<String> issuerNames = qaSystemManager.getIssuerNames();
if (isEmpty(issuerNames)) {
throw new IllegalCmdParamException("no issuer is configured");
}
if (issuerName == null) {
if (issuerNames.size() != 1) {
throw new IllegalCmdParamException("no issuer is specified");
}
issuerName = issuerNames.iterator().next();
}
if (!issuerNames.contains(issuerName)) {
throw new IllegalCmdParamException("issuer " + issuerName + " is not within the configured issuers " + issuerNames);
}
X509IssuerInfo issuerInfo = qaSystemManager.getIssuer(issuerName);
X509CertprofileQa qa = qaSystemManager.getCertprofile(profileName);
if (qa == null) {
throw new IllegalCmdParamException("found no certificate profile named '" + profileName + "'");
}
CertificationRequest csr = CertificationRequest.getInstance(IoUtil.read(csrFile));
Extensions extensions = null;
CertificationRequestInfo reqInfo = csr.getCertificationRequestInfo();
ASN1Set attrs = reqInfo.getAttributes();
for (int i = 0; i < attrs.size(); i++) {
Attribute attr = Attribute.getInstance(attrs.getObjectAt(i));
if (PKCSObjectIdentifiers.pkcs_9_at_extensionRequest.equals(attr.getAttrType())) {
extensions = Extensions.getInstance(attr.getAttributeValues()[0]);
}
}
byte[] certBytes = IoUtil.read(certFile);
ValidationResult result = qa.checkCert(certBytes, issuerInfo, reqInfo.getSubject(), reqInfo.getSubjectPublicKeyInfo(), extensions);
StringBuilder sb = new StringBuilder();
sb.append(certFile).append(" (certprofile ").append(profileName).append(")\n");
sb.append("\tcertificate is ");
sb.append(result.isAllSuccessful() ? "valid" : "invalid");
if (verbose.booleanValue()) {
for (ValidationIssue issue : result.getValidationIssues()) {
sb.append("\n");
format(issue, " ", sb);
}
}
println(sb.toString());
if (!result.isAllSuccessful()) {
throw new CmdFailure("certificate is invalid");
}
return null;
}
Also used :
X509CertprofileQa(org.xipki.ca.qa.X509CertprofileQa)
CertificationRequestInfo(org.bouncycastle.asn1.pkcs.CertificationRequestInfo)
Attribute(org.bouncycastle.asn1.pkcs.Attribute)
X509IssuerInfo(org.xipki.ca.qa.X509IssuerInfo)
Extensions(org.bouncycastle.asn1.x509.Extensions)
ValidationResult(org.xipki.common.qa.ValidationResult)
ValidationIssue(org.xipki.common.qa.ValidationIssue)
ASN1Set(org.bouncycastle.asn1.ASN1Set)
CmdFailure(org.xipki.console.karaf.CmdFailure)
IllegalCmdParamException(org.xipki.console.karaf.IllegalCmdParamException)
CertificationRequest(org.bouncycastle.asn1.pkcs.CertificationRequest)
Aggregations
CmdFailure (org.xipki.console.karaf.CmdFailure)99
CaMgmtException (org.xipki.ca.server.mgmt.api.CaMgmtException)52
File (java.io.File)20
X509Certificate (java.security.cert.X509Certificate)20
IllegalCmdParamException (org.xipki.console.karaf.IllegalCmdParamException)15
BigInteger (java.math.BigInteger)9
NameId (org.xipki.ca.api.NameId)9
X509CRL (java.security.cert.X509CRL)7
ArrayList (java.util.ArrayList)6
Date (java.util.Date)6
CaEntry (org.xipki.ca.server.mgmt.api.CaEntry)6
RequestResponseDebug (org.xipki.common.RequestResponseDebug)6
PublisherEntry (org.xipki.ca.server.mgmt.api.PublisherEntry)5
ScepClient (org.xipki.scep.client.ScepClient)4
DEROctetString (org.bouncycastle.asn1.DEROctetString)3
CertificationRequest (org.bouncycastle.asn1.pkcs.CertificationRequest)3
X500Name (org.bouncycastle.asn1.x500.X500Name)3
Client (org.jscep.client.Client)3
CertprofileEntry (org.xipki.ca.server.mgmt.api.CertprofileEntry)3
X509CrlSignerEntry (org.xipki.ca.server.mgmt.api.x509.X509CrlSignerEntry)3
