Examples with ScepClientException - org.xipki.scep.client.exception.ScepClientException

Example 11 with ScepClientException

use of org.xipki.scep.client.exception.ScepClientException in project xipki by xipki.

the class Client method retrieveNextCaAuthorityCertStore.

private AuthorityCertStore retrieveNextCaAuthorityCertStore(ScepHttpResponse httpResp) throws ScepClientException {
    String ct = httpResp.getContentType();
    if (!ScepConstants.CT_X509_NEXT_CA_CERT.equalsIgnoreCase(ct)) {
        throw new ScepClientException("invalid Content-Type '" + ct + "'");
    }
    CMSSignedData cmsSignedData;
    try {
        cmsSignedData = new CMSSignedData(httpResp.getContentBytes());
    } catch (CMSException ex) {
        throw new ScepClientException("invalid SignedData message: " + ex.getMessage(), ex);
    } catch (IllegalArgumentException ex) {
        throw new ScepClientException("invalid SignedData message: " + ex.getMessage(), ex);
    }
    DecodedNextCaMessage resp;
    try {
        resp = DecodedNextCaMessage.decode(cmsSignedData, responseSignerCerts);
    } catch (MessageDecodingException ex) {
        throw new ScepClientException("could not decode response: " + ex.getMessage(), ex);
    }
    if (resp.getFailureMessage() != null) {
        throw new ScepClientException("Error: " + resp.getFailureMessage());
    }
    Boolean bo = resp.isSignatureValid();
    if (bo != null && !bo.booleanValue()) {
        throw new ScepClientException("Signature is invalid");
    }
    Date signingTime = resp.getSigningTime();
    long maxSigningTimeBias = getMaxSigningTimeBiasInMs();
    if (maxSigningTimeBias > 0) {
        if (signingTime == null) {
            throw new ScepClientException("CMS signingTime attribute is not present");
        }
        long now = System.currentTimeMillis();
        long diff = now - signingTime.getTime();
        if (diff < 0) {
            diff = -1 * diff;
        }
        if (diff > maxSigningTimeBias) {
            throw new ScepClientException("CMS signingTime is out of permitted period");
        }
    }
    if (!resp.getSignatureCert().equals(authorityCertStore.getSignatureCert())) {
        throw new ScepClientException("the signature certificate must not be trusted");
    }
    return resp.getAuthorityCertStore();
}

Also used : DecodedNextCaMessage(org.xipki.scep.message.DecodedNextCaMessage) MessageDecodingException(org.xipki.scep.exception.MessageDecodingException) ScepClientException(org.xipki.scep.client.exception.ScepClientException) CMSSignedData(org.bouncycastle.cms.CMSSignedData) Date(java.util.Date) CMSException(org.bouncycastle.cms.CMSException)

Example 12 with ScepClientException

use of org.xipki.scep.client.exception.ScepClientException in project xipki by xipki.

the class ScepHttpResponse method getContentBytes.

public byte[] getContentBytes() throws ScepClientException {
    if (content == null) {
        return null;
    }
    try {
        ByteArrayOutputStream bout = new ByteArrayOutputStream();
        int readed = 0;
        byte[] buffer = new byte[2048];
        while ((readed = content.read(buffer)) != -1) {
            bout.write(buffer, 0, readed);
        }
        return bout.toByteArray();
    } catch (IOException ex) {
        throw new ScepClientException(ex);
    } finally {
        if (content != null) {
            try {
                content.close();
            } catch (IOException ex) {
                LOG.error("could not close stream: {}", ex.getMessage());
            }
        }
    }
}

Also used : ScepClientException(org.xipki.scep.client.exception.ScepClientException) ByteArrayOutputStream(java.io.ByteArrayOutputStream) IOException(java.io.IOException)

Example 13 with ScepClientException

use of org.xipki.scep.client.exception.ScepClientException in project xipki by xipki.

the class ScepClient method httpGet.

@Override
protected ScepHttpResponse httpGet(String url) throws ScepClientException {
    ScepUtil.requireNonNull("url", url);
    try {
        HttpURLConnection httpConn = openHttpConn(new URL(url));
        httpConn.setRequestMethod("GET");
        return parseResponse(httpConn);
    } catch (IOException ex) {
        throw new ScepClientException(ex);
    }
}

Also used : HttpURLConnection(java.net.HttpURLConnection) ScepClientException(org.xipki.scep.client.exception.ScepClientException) IOException(java.io.IOException) URL(java.net.URL)

Aggregations

ScepClientException (org.xipki.scep.client.exception.ScepClientException)13 IOException (java.io.IOException)5 CMSSignedData (org.bouncycastle.cms.CMSSignedData)5 ContentInfo (org.bouncycastle.asn1.cms.ContentInfo)4 DecodedPkiMessage (org.xipki.scep.message.DecodedPkiMessage)4 PkiMessage (org.xipki.scep.message.PkiMessage)3 HttpURLConnection (java.net.HttpURLConnection)2 URL (java.net.URL)2 CertificateException (java.security.cert.CertificateException)2 InvalidKeySpecException (java.security.spec.InvalidKeySpecException)2 Date (java.util.Date)2 IssuerAndSerialNumber (org.bouncycastle.asn1.cms.IssuerAndSerialNumber)2 MessageDecodingException (org.xipki.scep.exception.MessageDecodingException)2 TransactionId (org.xipki.scep.transaction.TransactionId)2 ByteArrayOutputStream (java.io.ByteArrayOutputStream)1 InputStream (java.io.InputStream)1 OutputStream (java.io.OutputStream)1 CRLException (java.security.cert.CRLException)1 CertificateEncodingException (java.security.cert.CertificateEncodingException)1 X509Certificate (java.security.cert.X509Certificate)1