Search in sources :

Example 11 with IllegalCmdParamException

use of org.xipki.console.karaf.IllegalCmdParamException in project xipki by xipki.

the class CaAddOrGenAction method getCaEntry.

protected X509CaEntry getCaEntry() throws Exception {
    ParamUtil.requireRange("sn-bitlen", snBitLen, 63, 159);
    if (nextCrlNumber < 1) {
        throw new IllegalCmdParamException("invalid CRL number: " + nextCrlNumber);
    }
    if (numCrls < 0) {
        throw new IllegalCmdParamException("invalid numCrls: " + numCrls);
    }
    if (expirationPeriod < 0) {
        throw new IllegalCmdParamException("invalid expirationPeriod: " + expirationPeriod);
    }
    if ("PKCS12".equalsIgnoreCase(signerType) || "JKS".equalsIgnoreCase(signerType)) {
        signerConf = ShellUtil.canonicalizeSignerConf(signerType, signerConf, passwordResolver, securityFactory);
    }
    X509CaUris caUris = new X509CaUris(caCertUris, ocspUris, crlUris, deltaCrlUris);
    X509CaEntry entry = new X509CaEntry(new NameId(null, caName), snBitLen, nextCrlNumber, signerType, signerConf, caUris, numCrls.intValue(), expirationPeriod.intValue());
    entry.setKeepExpiredCertInDays(keepExpiredCertInDays.intValue());
    boolean duplicateKeyPermitted = isEnabled(duplicateKeyS, true, "duplicate-key");
    entry.setDuplicateKeyPermitted(duplicateKeyPermitted);
    boolean duplicateSubjectPermitted = isEnabled(duplicateSubjectS, true, "duplicate-subject");
    entry.setDuplicateSubjectPermitted(duplicateSubjectPermitted);
    boolean saveReq = isEnabled(saveReqS, false, "save-req");
    entry.setSaveRequest(saveReq);
    ValidityMode validityMode = ValidityMode.forName(validityModeS);
    entry.setValidityMode(validityMode);
    CaStatus status = CaStatus.forName(caStatus);
    entry.setStatus(status);
    if (crlSignerName != null) {
        entry.setCrlSignerName(crlSignerName);
    }
    if (responderName != null) {
        entry.setResponderName(responderName);
    }
    CertValidity tmpMaxValidity = CertValidity.getInstance(maxValidity);
    entry.setMaxValidity(tmpMaxValidity);
    entry.setKeepExpiredCertInDays(keepExpiredCertInDays);
    if (cmpControlName != null) {
        entry.setCmpControlName(cmpControlName);
    }
    int intPermission = ShellUtil.getPermission(permissions);
    entry.setPermission(intPermission);
    if (extraControl != null) {
        extraControl = extraControl.trim();
    }
    if (StringUtil.isNotBlank(extraControl)) {
        entry.setExtraControl(new ConfPairs(extraControl).unmodifiable());
    }
    return entry;
}
Also used : X509CaUris(org.xipki.ca.server.mgmt.api.x509.X509CaUris) ValidityMode(org.xipki.ca.server.mgmt.api.ValidityMode) NameId(org.xipki.ca.api.NameId) CertValidity(org.xipki.ca.api.profile.CertValidity) IllegalCmdParamException(org.xipki.console.karaf.IllegalCmdParamException) ConfPairs(org.xipki.common.ConfPairs) CaStatus(org.xipki.ca.server.mgmt.api.CaStatus) X509CaEntry(org.xipki.ca.server.mgmt.api.x509.X509CaEntry)

Example 12 with IllegalCmdParamException

use of org.xipki.console.karaf.IllegalCmdParamException in project xipki by xipki.

the class ProfileUpdateCmd method execute0.

@Override
protected Object execute0() throws Exception {
    if (type == null && conf == null && confFile == null) {
        throw new IllegalCmdParamException("nothing to update");
    }
    if (conf == null && confFile != null) {
        conf = new String(IoUtil.read(confFile));
    }
    String msg = "certificate profile " + name;
    try {
        caManager.changeCertprofile(name, type, conf);
        println("updated " + msg);
        return null;
    } catch (CaMgmtException ex) {
        throw new CmdFailure("could not update " + msg + ", error: " + ex.getMessage(), ex);
    }
}
Also used : CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException) CmdFailure(org.xipki.console.karaf.CmdFailure) IllegalCmdParamException(org.xipki.console.karaf.IllegalCmdParamException)

Example 13 with IllegalCmdParamException

use of org.xipki.console.karaf.IllegalCmdParamException in project xipki by xipki.

the class GetCaCertCmd method execute0.

@Override
protected Object execute0() throws Exception {
    if (caName != null) {
        caName = caName.toLowerCase();
    }
    Set<String> caNames = caClient.getCaNames();
    if (isEmpty(caNames)) {
        throw new CmdFailure("no CA is configured");
    }
    if (caName != null && !caNames.contains(caName)) {
        throw new IllegalCmdParamException("CA " + caName + " is not within the configured CAs " + caNames);
    }
    if (caName == null) {
        if (caNames.size() == 1) {
            caName = caNames.iterator().next();
        } else {
            throw new IllegalCmdParamException("no CA is specified, one of " + caNames + " is required");
        }
    }
    Certificate caCert;
    try {
        caCert = caClient.getCaCert(caName);
    } catch (Exception ex) {
        throw new CmdFailure("Error while retrieving CA certificate: " + ex.getMessage());
    }
    if (caCert == null) {
        throw new CmdFailure("received no CA certificate");
    }
    saveVerbose("saved CA certificate to file", new File(outFile), caCert.getEncoded());
    return null;
}
Also used : CmdFailure(org.xipki.console.karaf.CmdFailure) IllegalCmdParamException(org.xipki.console.karaf.IllegalCmdParamException) File(java.io.File) IllegalCmdParamException(org.xipki.console.karaf.IllegalCmdParamException) Certificate(java.security.cert.Certificate)

Example 14 with IllegalCmdParamException

use of org.xipki.console.karaf.IllegalCmdParamException in project xipki by xipki.

the class HealthCmd method execute0.

@Override
protected Object execute0() throws Exception {
    if (caName != null) {
        caName = caName.toLowerCase();
    }
    Set<String> caNames = caClient.getCaNames();
    if (isEmpty(caNames)) {
        throw new IllegalCmdParamException("no CA is configured");
    }
    if (caName != null && !caNames.contains(caName)) {
        throw new IllegalCmdParamException("CA " + caName + " is not within the configured CAs " + caNames);
    }
    if (caName == null) {
        if (caNames.size() == 1) {
            caName = caNames.iterator().next();
        } else {
            throw new IllegalCmdParamException("no CA is specified, one of " + caNames + " is required");
        }
    }
    HealthCheckResult healthResult = caClient.getHealthCheckResult(caName);
    String str = StringUtil.concat("healthy status for CA ", caName, ": ", (healthResult.isHealthy() ? "healthy" : "not healthy"));
    if (verbose) {
        str = StringUtil.concat(str, "\n", healthResult.toJsonMessage(true));
    }
    System.out.println(str);
    return null;
}
Also used : IllegalCmdParamException(org.xipki.console.karaf.IllegalCmdParamException) HealthCheckResult(org.xipki.common.HealthCheckResult)

Example 15 with IllegalCmdParamException

use of org.xipki.console.karaf.IllegalCmdParamException in project xipki by xipki.

the class RevokeCertCmd method execute0.

@Override
protected Object execute0() throws Exception {
    if (!(certFile == null ^ getSerialNumber() == null)) {
        throw new IllegalCmdParamException("exactly one of cert and serial must be specified");
    }
    CrlReason crlReason = CrlReason.forNameOrText(reason);
    if (!CrlReason.PERMITTED_CLIENT_CRLREASONS.contains(crlReason)) {
        throw new IllegalCmdParamException("reason " + reason + " is not permitted");
    }
    CertIdOrError certIdOrError;
    Date invalidityDate = null;
    if (isNotBlank(invalidityDateS)) {
        invalidityDate = DateUtil.parseUtcTimeyyyyMMddhhmmss(invalidityDateS);
    }
    if (certFile != null) {
        X509Certificate cert = X509Util.parseCert(certFile);
        RequestResponseDebug debug = getRequestResponseDebug();
        try {
            certIdOrError = caClient.revokeCert(caName, cert, crlReason.getCode(), invalidityDate, debug);
        } finally {
            saveRequestResponse(debug);
        }
    } else {
        RequestResponseDebug debug = getRequestResponseDebug();
        try {
            certIdOrError = caClient.revokeCert(caName, getSerialNumber(), crlReason.getCode(), invalidityDate, debug);
        } finally {
            saveRequestResponse(debug);
        }
    }
    if (certIdOrError.getError() != null) {
        PkiStatusInfo error = certIdOrError.getError();
        throw new CmdFailure("revocation failed: " + error);
    } else {
        println("revoked certificate");
    }
    return null;
}
Also used : RequestResponseDebug(org.xipki.common.RequestResponseDebug) CmdFailure(org.xipki.console.karaf.CmdFailure) IllegalCmdParamException(org.xipki.console.karaf.IllegalCmdParamException) CertIdOrError(org.xipki.ca.client.api.CertIdOrError) PkiStatusInfo(org.xipki.cmp.PkiStatusInfo) CrlReason(org.xipki.security.CrlReason) Date(java.util.Date) X509Certificate(java.security.cert.X509Certificate)

Aggregations

IllegalCmdParamException (org.xipki.console.karaf.IllegalCmdParamException)42 CmdFailure (org.xipki.console.karaf.CmdFailure)15 File (java.io.File)8 X509Certificate (java.security.cert.X509Certificate)6 CaMgmtException (org.xipki.ca.server.mgmt.api.CaMgmtException)6 P11Slot (org.xipki.security.pkcs11.P11Slot)6 BigInteger (java.math.BigInteger)5 RequestResponseDebug (org.xipki.common.RequestResponseDebug)5 P11ObjectIdentifier (org.xipki.security.pkcs11.P11ObjectIdentifier)5 FileInputStream (java.io.FileInputStream)4 NameId (org.xipki.ca.api.NameId)4 X509CRL (java.security.cert.X509CRL)3 Date (java.util.Date)3 LinkedList (java.util.LinkedList)3 Certificate (org.bouncycastle.asn1.x509.Certificate)3 CertIdOrError (org.xipki.ca.client.api.CertIdOrError)3 ByteArrayOutputStream (java.io.ByteArrayOutputStream)2 InputStream (java.io.InputStream)2 URL (java.net.URL)2 Key (java.security.Key)2