use of org.xipki.console.karaf.IllegalCmdParamException in project xipki by xipki.
the class CaAddOrGenAction method getCaEntry.
protected X509CaEntry getCaEntry() throws Exception {
ParamUtil.requireRange("sn-bitlen", snBitLen, 63, 159);
if (nextCrlNumber < 1) {
throw new IllegalCmdParamException("invalid CRL number: " + nextCrlNumber);
}
if (numCrls < 0) {
throw new IllegalCmdParamException("invalid numCrls: " + numCrls);
}
if (expirationPeriod < 0) {
throw new IllegalCmdParamException("invalid expirationPeriod: " + expirationPeriod);
}
if ("PKCS12".equalsIgnoreCase(signerType) || "JKS".equalsIgnoreCase(signerType)) {
signerConf = ShellUtil.canonicalizeSignerConf(signerType, signerConf, passwordResolver, securityFactory);
}
X509CaUris caUris = new X509CaUris(caCertUris, ocspUris, crlUris, deltaCrlUris);
X509CaEntry entry = new X509CaEntry(new NameId(null, caName), snBitLen, nextCrlNumber, signerType, signerConf, caUris, numCrls.intValue(), expirationPeriod.intValue());
entry.setKeepExpiredCertInDays(keepExpiredCertInDays.intValue());
boolean duplicateKeyPermitted = isEnabled(duplicateKeyS, true, "duplicate-key");
entry.setDuplicateKeyPermitted(duplicateKeyPermitted);
boolean duplicateSubjectPermitted = isEnabled(duplicateSubjectS, true, "duplicate-subject");
entry.setDuplicateSubjectPermitted(duplicateSubjectPermitted);
boolean saveReq = isEnabled(saveReqS, false, "save-req");
entry.setSaveRequest(saveReq);
ValidityMode validityMode = ValidityMode.forName(validityModeS);
entry.setValidityMode(validityMode);
CaStatus status = CaStatus.forName(caStatus);
entry.setStatus(status);
if (crlSignerName != null) {
entry.setCrlSignerName(crlSignerName);
}
if (responderName != null) {
entry.setResponderName(responderName);
}
CertValidity tmpMaxValidity = CertValidity.getInstance(maxValidity);
entry.setMaxValidity(tmpMaxValidity);
entry.setKeepExpiredCertInDays(keepExpiredCertInDays);
if (cmpControlName != null) {
entry.setCmpControlName(cmpControlName);
}
int intPermission = ShellUtil.getPermission(permissions);
entry.setPermission(intPermission);
if (extraControl != null) {
extraControl = extraControl.trim();
}
if (StringUtil.isNotBlank(extraControl)) {
entry.setExtraControl(new ConfPairs(extraControl).unmodifiable());
}
return entry;
}
use of org.xipki.console.karaf.IllegalCmdParamException in project xipki by xipki.
the class ProfileUpdateCmd method execute0.
@Override
protected Object execute0() throws Exception {
if (type == null && conf == null && confFile == null) {
throw new IllegalCmdParamException("nothing to update");
}
if (conf == null && confFile != null) {
conf = new String(IoUtil.read(confFile));
}
String msg = "certificate profile " + name;
try {
caManager.changeCertprofile(name, type, conf);
println("updated " + msg);
return null;
} catch (CaMgmtException ex) {
throw new CmdFailure("could not update " + msg + ", error: " + ex.getMessage(), ex);
}
}
use of org.xipki.console.karaf.IllegalCmdParamException in project xipki by xipki.
the class GetCaCertCmd method execute0.
@Override
protected Object execute0() throws Exception {
if (caName != null) {
caName = caName.toLowerCase();
}
Set<String> caNames = caClient.getCaNames();
if (isEmpty(caNames)) {
throw new CmdFailure("no CA is configured");
}
if (caName != null && !caNames.contains(caName)) {
throw new IllegalCmdParamException("CA " + caName + " is not within the configured CAs " + caNames);
}
if (caName == null) {
if (caNames.size() == 1) {
caName = caNames.iterator().next();
} else {
throw new IllegalCmdParamException("no CA is specified, one of " + caNames + " is required");
}
}
Certificate caCert;
try {
caCert = caClient.getCaCert(caName);
} catch (Exception ex) {
throw new CmdFailure("Error while retrieving CA certificate: " + ex.getMessage());
}
if (caCert == null) {
throw new CmdFailure("received no CA certificate");
}
saveVerbose("saved CA certificate to file", new File(outFile), caCert.getEncoded());
return null;
}
use of org.xipki.console.karaf.IllegalCmdParamException in project xipki by xipki.
the class HealthCmd method execute0.
@Override
protected Object execute0() throws Exception {
if (caName != null) {
caName = caName.toLowerCase();
}
Set<String> caNames = caClient.getCaNames();
if (isEmpty(caNames)) {
throw new IllegalCmdParamException("no CA is configured");
}
if (caName != null && !caNames.contains(caName)) {
throw new IllegalCmdParamException("CA " + caName + " is not within the configured CAs " + caNames);
}
if (caName == null) {
if (caNames.size() == 1) {
caName = caNames.iterator().next();
} else {
throw new IllegalCmdParamException("no CA is specified, one of " + caNames + " is required");
}
}
HealthCheckResult healthResult = caClient.getHealthCheckResult(caName);
String str = StringUtil.concat("healthy status for CA ", caName, ": ", (healthResult.isHealthy() ? "healthy" : "not healthy"));
if (verbose) {
str = StringUtil.concat(str, "\n", healthResult.toJsonMessage(true));
}
System.out.println(str);
return null;
}
use of org.xipki.console.karaf.IllegalCmdParamException in project xipki by xipki.
the class RevokeCertCmd method execute0.
@Override
protected Object execute0() throws Exception {
if (!(certFile == null ^ getSerialNumber() == null)) {
throw new IllegalCmdParamException("exactly one of cert and serial must be specified");
}
CrlReason crlReason = CrlReason.forNameOrText(reason);
if (!CrlReason.PERMITTED_CLIENT_CRLREASONS.contains(crlReason)) {
throw new IllegalCmdParamException("reason " + reason + " is not permitted");
}
CertIdOrError certIdOrError;
Date invalidityDate = null;
if (isNotBlank(invalidityDateS)) {
invalidityDate = DateUtil.parseUtcTimeyyyyMMddhhmmss(invalidityDateS);
}
if (certFile != null) {
X509Certificate cert = X509Util.parseCert(certFile);
RequestResponseDebug debug = getRequestResponseDebug();
try {
certIdOrError = caClient.revokeCert(caName, cert, crlReason.getCode(), invalidityDate, debug);
} finally {
saveRequestResponse(debug);
}
} else {
RequestResponseDebug debug = getRequestResponseDebug();
try {
certIdOrError = caClient.revokeCert(caName, getSerialNumber(), crlReason.getCode(), invalidityDate, debug);
} finally {
saveRequestResponse(debug);
}
}
if (certIdOrError.getError() != null) {
PkiStatusInfo error = certIdOrError.getError();
throw new CmdFailure("revocation failed: " + error);
} else {
println("revoked certificate");
}
return null;
}
Aggregations