List of usage examples for org.bouncycastle.asn1.cmp PKIFailureInfo badRequest
int badRequest
To view the source code for org.bouncycastle.asn1.cmp PKIFailureInfo badRequest.
Click Source Link
From source file:org.ejbca.core.protocol.cmp.CmpTestCase.java
License:Open Source License
/** * /*from w w w .ja v a 2s. com*/ * @param retMsg * @param failMsg expected fail message * @param tag 1 is answer to initialisation resp, 3 certification resp etc, 23 is error * @param err a number from FailInfo * @throws IOException */ protected static void checkCmpFailMessage(byte[] retMsg, String failMsg, int exptag, int requestId, int err, int expectedPKIFailInfo) throws IOException { // // Parse response message // PKIMessage respObject = null; ASN1InputStream asn1InputStream = new ASN1InputStream(new ByteArrayInputStream(retMsg)); try { respObject = PKIMessage.getInstance(asn1InputStream.readObject()); } finally { asn1InputStream.close(); } assertNotNull(respObject); final PKIBody body = respObject.getBody(); final int tag = body.getType(); assertEquals(exptag, tag); final PKIStatusInfo info; if (exptag == CmpPKIBodyConstants.ERRORMESSAGE) { ErrorMsgContent c = (ErrorMsgContent) body.getContent(); assertNotNull(c); info = c.getPKIStatusInfo(); assertNotNull(info); assertEquals(ResponseStatus.FAILURE.getValue(), info.getStatus().intValue()); int i = info.getFailInfo().intValue(); assertEquals(err, i); } else if (exptag == CmpPKIBodyConstants.REVOCATIONRESPONSE) { RevRepContent rrc = (RevRepContent) body.getContent(); assertNotNull(rrc); info = rrc.getStatus()[0]; assertNotNull(info); assertEquals(ResponseStatus.FAILURE.getValue(), info.getStatus().intValue()); assertEquals(PKIFailureInfo.badRequest, info.getFailInfo().intValue()); } else { CertRepMessage c = null; if (exptag == CmpPKIBodyConstants.INITIALIZATIONRESPONSE || exptag == CmpPKIBodyConstants.CERTIFICATIONRESPONSE) { c = (CertRepMessage) body.getContent(); } assertNotNull(c); CertResponse resp = c.getResponse()[0]; assertNotNull(resp); assertEquals(resp.getCertReqId().getValue().intValue(), requestId); info = resp.getStatus(); assertNotNull(info); int error = info.getStatus().intValue(); assertEquals(ResponseStatus.FAILURE.getValue(), error); // 2 is // rejection assertEquals(expectedPKIFailInfo, info.getFailInfo().intValue()); } log.debug("expected fail message: '" + failMsg + "'. received fail message: '" + info.getStatusString().getStringAt(0).getString() + "'."); assertEquals(failMsg, info.getStatusString().getStringAt(0).getString()); }
From source file:org.ejbca.core.protocol.cmp.CrmfRARequestCustomSerialNoTest.java
License:Open Source License
/** * @param userDN//from w w w. ja v a 2 s. c om * for new certificate. * @param keys * key of the new certificate. * @param sFailMessage * if !=null then EJBCA is expected to fail. The failure response * message string is checked against this parameter. * @return If it is a certificate request that results in a successful certificate issuance, this certificate is returned * @throws Exception */ private X509Certificate crmfHttpUserTest(X500Name userDN, KeyPair keys, String sFailMessage, BigInteger customCertSerno) throws Exception { X509Certificate ret = null; final byte[] nonce = CmpMessageHelper.createSenderNonce(); final byte[] transid = CmpMessageHelper.createSenderNonce(); final int reqId; { final PKIMessage one = genCertReq(this.issuerDN, userDN, keys, this.cacert, nonce, transid, true, null, null, null, customCertSerno, null, null); final PKIMessage req = protectPKIMessage(one, false, PBEPASSWORD, 567); CertReqMessages ir = (CertReqMessages) req.getBody().getContent(); reqId = ir.toCertReqMsgArray()[0].getCertReq().getCertReqId().getValue().intValue(); assertNotNull(req); final ByteArrayOutputStream bao = new ByteArrayOutputStream(); final DEROutputStream out = new DEROutputStream(bao); out.writeObject(req); final byte[] ba = bao.toByteArray(); // Send request and receive response final byte[] resp = sendCmpHttp(ba, 200, cmpAlias); // do not check signing if we expect a failure (sFailMessage==null) checkCmpResponseGeneral(resp, this.issuerDN, userDN, this.cacert, nonce, transid, sFailMessage == null, null, PKCSObjectIdentifiers.sha1WithRSAEncryption.getId()); if (sFailMessage == null) { ret = checkCmpCertRepMessage(userDN, this.cacert, resp, reqId); // verify if custom cert serial number was used if (customCertSerno != null) { assertTrue(ret.getSerialNumber().toString(16) + " is not same as expected " + customCertSerno.toString(16), ret.getSerialNumber().equals(customCertSerno)); } } else { checkCmpFailMessage(resp, sFailMessage, CmpPKIBodyConstants.ERRORMESSAGE, reqId, PKIFailureInfo.badRequest, PKIFailureInfo.incorrectData); } } { // Send a confirm message to the CA final String hash = "foo123"; final PKIMessage con = genCertConfirm(userDN, this.cacert, nonce, transid, hash, reqId); assertNotNull(con); PKIMessage confirm = protectPKIMessage(con, false, PBEPASSWORD, 567); final ByteArrayOutputStream bao = new ByteArrayOutputStream(); final DEROutputStream out = new DEROutputStream(bao); out.writeObject(confirm); final byte[] ba = bao.toByteArray(); // Send request and receive response final byte[] resp = sendCmpHttp(ba, 200, cmpAlias); checkCmpResponseGeneral(resp, this.issuerDN, userDN, this.cacert, nonce, transid, false, null, PKCSObjectIdentifiers.sha1WithRSAEncryption.getId()); checkCmpPKIConfirmMessage(userDN, this.cacert, resp); } return ret; }
From source file:org.ejbca.core.protocol.cmp.CrmfRARequestTest.java
License:Open Source License
/** * @param userDN for new certificate.//from www . j ava 2 s . co m * @param keys key of the new certificate. * @param sFailMessage if !=null then EJBCA is expected to fail. The failure response message string is checked against this parameter. * @return X509Certificate the cert produced if test was successful, null for a test that resulted in failure (can be expected if sFailMessage != null) * @throws Exception */ private X509Certificate crmfHttpUserTest(X500Name userDN, KeyPair keys, String sFailMessage, BigInteger customCertSerno, String sigAlg, X509Certificate caCert, String issuerDN) throws Exception { // Create a new good user X509Certificate cert = null; final byte[] nonce = CmpMessageHelper.createSenderNonce(); final byte[] transid = CmpMessageHelper.createSenderNonce(); final int reqId; { final PKIMessage one = genCertReq(issuerDN, userDN, keys, caCert, nonce, transid, true, null, null, null, customCertSerno, null, null); final PKIMessage req = protectPKIMessage(one, false, PBEPASSWORD, 567); CertReqMessages ir = (CertReqMessages) req.getBody().getContent(); reqId = ir.toCertReqMsgArray()[0].getCertReq().getCertReqId().getValue().intValue(); Assert.assertNotNull(req); final ByteArrayOutputStream bao = new ByteArrayOutputStream(); final DEROutputStream out = new DEROutputStream(bao); out.writeObject(req); final byte[] ba = bao.toByteArray(); // Send request and receive response final byte[] resp = sendCmpHttp(ba, 200, cmpAlias); // do not check signing if we expect a failure (sFailMessage==null) checkCmpResponseGeneral(resp, issuerDN, userDN, caCert, nonce, transid, sFailMessage == null, null, sigAlg); if (sFailMessage == null) { cert = checkCmpCertRepMessage(userDN, caCert, resp, reqId); // verify if custom cert serial number was used if (customCertSerno != null) { Assert.assertTrue(cert.getSerialNumber().toString(16) + " is not same as expected " + customCertSerno.toString(16), cert.getSerialNumber().equals(customCertSerno)); } } else { checkCmpFailMessage(resp, sFailMessage, CmpPKIBodyConstants.ERRORMESSAGE, reqId, PKIFailureInfo.badRequest, PKIFailureInfo.incorrectData); } } { // Send a confirm message to the CA final String hash = "foo123"; final PKIMessage con = genCertConfirm(userDN, caCert, nonce, transid, hash, reqId); Assert.assertNotNull(con); PKIMessage confirm = protectPKIMessage(con, false, PBEPASSWORD, 567); final ByteArrayOutputStream bao = new ByteArrayOutputStream(); final DEROutputStream out = new DEROutputStream(bao); out.writeObject(confirm); final byte[] ba = bao.toByteArray(); // Send request and receive response final byte[] resp = sendCmpHttp(ba, 200, cmpAlias); checkCmpResponseGeneral(resp, issuerDN, userDN, caCert, nonce, transid, false, null, PKCSObjectIdentifiers.sha1WithRSAEncryption.getId()); checkCmpPKIConfirmMessage(userDN, caCert, resp); } return cert; }
From source file:org.ejbca.core.protocol.cmp.CrmfRARequestTest.java
License:Open Source License
@Test public void test03UseKeyID() throws Exception { GlobalConfiguration gc = (GlobalConfiguration) this.globalConfSession .getCachedConfiguration(GlobalConfiguration.GLOBAL_CONFIGURATION_ID); gc.setEnableEndEntityProfileLimitations(true); this.globalConfSession.saveConfiguration(ADMIN, gc); this.cmpConfiguration.setRAEEProfile(cmpAlias, "KeyId"); this.cmpConfiguration.setRACertProfile(cmpAlias, "KeyId"); this.globalConfSession.saveConfiguration(ADMIN, this.cmpConfiguration); try {// w w w . j a v a2 s . c om this.certProfileSession.removeCertificateProfile(ADMIN, "CMPKEYIDTESTPROFILE"); this.endEntityProfileSession.removeEndEntityProfile(ADMIN, "CMPKEYIDTESTPROFILE"); } catch (Exception e) { /*Do nothing.*/} // Configure CMP for this test, we allow custom certificate serial numbers CertificateProfile profile = new CertificateProfile(CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER); try { this.certProfileSession.addCertificateProfile(ADMIN, "CMPKEYIDTESTPROFILE", profile); } catch (CertificateProfileExistsException e) { log.error("Could not create certificate profile.", e); } int cpId = this.certProfileSession.getCertificateProfileId("CMPKEYIDTESTPROFILE"); EndEntityProfile eep = new EndEntityProfile(); eep.setValue(EndEntityProfile.DEFAULTCERTPROFILE, 0, "" + cpId); eep.setValue(EndEntityProfile.AVAILCERTPROFILES, 0, "" + cpId); eep.setValue(EndEntityProfile.DEFAULTCA, 0, "" + this.caid); eep.setValue(EndEntityProfile.AVAILCAS, 0, "" + this.caid); eep.addField(DnComponents.ORGANIZATION); eep.setRequired(DnComponents.ORGANIZATION, 0, true); eep.addField(DnComponents.RFC822NAME); eep.addField(DnComponents.UPN); eep.setModifyable(DnComponents.RFC822NAME, 0, true); eep.setUse(DnComponents.RFC822NAME, 0, false); // Don't use field from "email" data try { this.endEntityProfileSession.addEndEntityProfile(ADMIN, "CMPKEYIDTESTPROFILE", eep); } catch (EndEntityProfileExistsException e) { log.error("Could not create end entity profile.", e); } // Create a new user that does not fulfill the end entity profile X500Name userDN = new X500Name("CN=keyIDTestUser,C=SE"); final KeyPair keys = KeyTools.genKeys("512", AlgorithmConstants.KEYALGORITHM_RSA); final byte[] nonce = CmpMessageHelper.createSenderNonce(); final byte[] transid = CmpMessageHelper.createSenderNonce(); final int reqId; try { this.endEntityManagementSession.deleteUser(ADMIN, "keyIDTestUser"); } catch (NotFoundException e) { // NOPMD } try { this.endEntityManagementSession.deleteUser(ADMIN, "keyidtest2"); } catch (NotFoundException e) { // NOPMD } try { final PKIMessage one = genCertReq(ISSUER_DN, userDN, keys, this.cacert, nonce, transid, true, null, null, null, null, null, null); final PKIMessage req = protectPKIMessage(one, false, PBEPASSWORD, "CMPKEYIDTESTPROFILE", 567); CertReqMessages ir = (CertReqMessages) req.getBody().getContent(); reqId = ir.toCertReqMsgArray()[0].getCertReq().getCertReqId().getValue().intValue(); Assert.assertNotNull(req); final ByteArrayOutputStream bao = new ByteArrayOutputStream(); final DEROutputStream out = new DEROutputStream(bao); out.writeObject(req); final byte[] ba = bao.toByteArray(); // Send request and receive response final byte[] resp = sendCmpHttp(ba, 200, cmpAlias); // do not check signing if we expect a failure (sFailMessage==null) checkCmpResponseGeneral(resp, ISSUER_DN, userDN, this.cacert, nonce, transid, false, null, PKCSObjectIdentifiers.sha1WithRSAEncryption.getId()); checkCmpFailMessage(resp, "Subject DN field 'ORGANIZATION' must exist.", CmpPKIBodyConstants.INITIALIZATIONRESPONSE, reqId, PKIFailureInfo.badRequest, PKIFailureInfo.incorrectData); // Create a new user that fulfills the end entity profile userDN = new X500Name("CN=keyidtest2,O=org"); final KeyPair keys2 = KeyTools.genKeys("512", AlgorithmConstants.KEYALGORITHM_RSA); final byte[] nonce2 = CmpMessageHelper.createSenderNonce(); final byte[] transid2 = CmpMessageHelper.createSenderNonce(); final int reqId2; final PKIMessage one2 = genCertReq(ISSUER_DN, userDN, keys2, this.cacert, nonce2, transid2, true, null, null, null, null, null, null); final PKIMessage req2 = protectPKIMessage(one2, false, PBEPASSWORD, "CMPKEYIDTESTPROFILE", 567); ir = (CertReqMessages) req2.getBody().getContent(); reqId2 = ir.toCertReqMsgArray()[0].getCertReq().getCertReqId().getValue().intValue(); Assert.assertNotNull(req2); final ByteArrayOutputStream bao2 = new ByteArrayOutputStream(); final DEROutputStream out2 = new DEROutputStream(bao2); out2.writeObject(req2); final byte[] ba2 = bao2.toByteArray(); // Send request and receive response final byte[] resp2 = sendCmpHttp(ba2, 200, cmpAlias); // do not check signing if we expect a failure (sFailMessage==null) checkCmpResponseGeneral(resp2, ISSUER_DN, userDN, this.cacert, nonce2, transid2, true, null, PKCSObjectIdentifiers.sha1WithRSAEncryption.getId()); X509Certificate cert = checkCmpCertRepMessage(userDN, this.cacert, resp2, reqId2); BigInteger serialnumber = cert.getSerialNumber(); EndEntityInformation ee = this.eeAccessSession.findUser(ADMIN, "keyidtest2"); Assert.assertEquals("Wrong certificate profile", cpId, ee.getCertificateProfileId()); // Revoke the created certificate and use keyid final PKIMessage con = genRevReq(ISSUER_DN, userDN, serialnumber, this.cacert, nonce2, transid2, false, null, null); Assert.assertNotNull(con); PKIMessage revmsg = protectPKIMessage(con, false, PBEPASSWORD, "CMPKEYIDTESTPROFILE", 567); final ByteArrayOutputStream baorev = new ByteArrayOutputStream(); final DEROutputStream outrev = new DEROutputStream(baorev); outrev.writeObject(revmsg); final byte[] barev = baorev.toByteArray(); // Send request and receive response final byte[] resprev = sendCmpHttp(barev, 200, cmpAlias); checkCmpResponseGeneral(resprev, ISSUER_DN, userDN, this.cacert, nonce2, transid2, true, null, PKCSObjectIdentifiers.sha1WithRSAEncryption.getId()); int revstatus = checkRevokeStatus(ISSUER_DN, serialnumber); Assert.assertEquals("Certificate revocation failed.", RevokedCertInfo.REVOCATION_REASON_KEYCOMPROMISE, revstatus); } finally { try { this.endEntityManagementSession.deleteUser(ADMIN, "keyIDTestUser"); } catch (NotFoundException e) { // NOPMD } try { this.endEntityManagementSession.deleteUser(ADMIN, "keyidtest2"); } catch (NotFoundException e) { // NOPMD } } }
From source file:org.ejbca.core.protocol.cmp.CrmfRARequestTest.java
License:Open Source License
@Test public void test05SubjectSerialNumber() throws Exception { // Set requirement of unique subjectDN serialnumber to be true CAInfo cainfo = this.caSession.getCAInfo(ADMIN, this.caid); boolean requiredUniqueSerialnumber = cainfo.isDoEnforceUniqueSubjectDNSerialnumber(); // Set the CA to enforce unique serialnumber cainfo.setDoEnforceUniqueSubjectDNSerialnumber(true); CAAdminSessionRemote caAdminSession = EjbRemoteHelper.INSTANCE.getRemoteSession(CAAdminSessionRemote.class); caAdminSession.editCA(ADMIN, cainfo); // Create a new good user final String username = "subjectsnuser"; X500Name userDN = new X500Name("CN=" + username + ",SN=1234567,C=SE"); try {/*from www. ja v a 2 s . c o m*/ KeyPair keys = KeyTools.genKeys("512", AlgorithmConstants.KEYALGORITHM_RSA); final byte[] nonce = CmpMessageHelper.createSenderNonce(); final byte[] transid = CmpMessageHelper.createSenderNonce(); int reqId; PKIMessage one = genCertReq(ISSUER_DN, userDN, keys, this.cacert, nonce, transid, true, null, null, null, null, null, null); PKIMessage req = protectPKIMessage(one, false, PBEPASSWORD, null, 567); Assert.assertNotNull(req); CertReqMessages ir = (CertReqMessages) req.getBody().getContent(); reqId = ir.toCertReqMsgArray()[0].getCertReq().getCertReqId().getValue().intValue(); ByteArrayOutputStream bao = new ByteArrayOutputStream(); DEROutputStream out = new DEROutputStream(bao); out.writeObject(req); byte[] ba = bao.toByteArray(); // Send request and receive response byte[] resp = sendCmpHttp(ba, 200, cmpAlias); // do not check signing if we expect a failure (sFailMessage==null) checkCmpResponseGeneral(resp, ISSUER_DN, userDN, this.cacert, nonce, transid, true, null, PKCSObjectIdentifiers.sha1WithRSAEncryption.getId()); X509Certificate cert = checkCmpCertRepMessage(userDN, this.cacert, resp, reqId); BigInteger serialnumber = cert.getSerialNumber(); // create a second user with the same serialnumber, but spelled "SERIALNUMBER" instead of "SN" userDN = new X500Name("CN=subjectsnuser2,SERIALNUMBER=1234567,C=SE"); keys = KeyTools.genKeys("512", AlgorithmConstants.KEYALGORITHM_RSA); one = genCertReq(ISSUER_DN, userDN, keys, this.cacert, nonce, transid, true, null, null, null, null, null, null); req = protectPKIMessage(one, false, PBEPASSWORD, null, 567); Assert.assertNotNull(req); ir = (CertReqMessages) req.getBody().getContent(); reqId = ir.toCertReqMsgArray()[0].getCertReq().getCertReqId().getValue().intValue(); bao = new ByteArrayOutputStream(); out = new DEROutputStream(bao); out.writeObject(req); ba = bao.toByteArray(); // Send request and receive response resp = sendCmpHttp(ba, 200, cmpAlias); // do not check signing if we expect a failure (sFailMessage==null) checkCmpResponseGeneral(resp, ISSUER_DN, userDN, this.cacert, nonce, transid, false, null, PKCSObjectIdentifiers.sha1WithRSAEncryption.getId()); checkCmpFailMessage(resp, "Error: SubjectDN Serialnumber already exists.", CmpPKIBodyConstants.ERRORMESSAGE, reqId, PKIFailureInfo.badRequest, PKIFailureInfo.incorrectData); // Revoke the created certificate final PKIMessage con = genRevReq(ISSUER_DN, userDN, serialnumber, this.cacert, nonce, transid, false, null, null); Assert.assertNotNull(con); PKIMessage revmsg = protectPKIMessage(con, false, PBEPASSWORD, null, 567); final ByteArrayOutputStream baorev = new ByteArrayOutputStream(); final DEROutputStream outrev = new DEROutputStream(baorev); outrev.writeObject(revmsg); final byte[] barev = baorev.toByteArray(); // Send request and receive response final byte[] resprev = sendCmpHttp(barev, 200, cmpAlias); checkCmpResponseGeneral(resprev, ISSUER_DN, userDN, this.cacert, nonce, transid, false, null, PKCSObjectIdentifiers.sha1WithRSAEncryption.getId()); int revstatus = checkRevokeStatus(ISSUER_DN, serialnumber); Assert.assertEquals("Certificate revocation failed.", RevokedCertInfo.REVOCATION_REASON_KEYCOMPROMISE, revstatus); cainfo.setDoEnforceUniqueSubjectDNSerialnumber(requiredUniqueSerialnumber); caAdminSession.editCA(ADMIN, cainfo); } finally { this.endEntityManagementSession.deleteUser(ADMIN, username); } }
From source file:org.jnotary.dvcs.SimpleResponseTest.java
License:Open Source License
@Test public void errorResponse() throws IOException { PKIStatus status = PKIStatus.getInstance(new DERInteger(PKIStatus.REJECTION)); PKIFreeText statusString = new PKIFreeText("Free text"); PKIFailureInfo failInfo = new PKIFailureInfo(PKIFailureInfo.badRequest); PKIStatusInfo transactionStatus = new PKIStatusInfo(status, statusString, failInfo); DVCSErrorNotice dvErrorNote = new DVCSErrorNotice(transactionStatus); DVCSResponse respOut = new DVCSResponse(dvErrorNote); DVCSResponse respIn = DVCSResponse.getInstance(respOut.getEncoded()); assertTrue("Status igetInstances incorrect", respIn.getDvErrorNote().getTransactionStatus().getStatus() .equals(respOut.getDvErrorNote().getTransactionStatus().getStatus())); assertTrue("Status string is incorrect", respIn.getDvErrorNote().getTransactionStatus().getStatusString() .equals(respOut.getDvErrorNote().getTransactionStatus().getStatusString())); assertTrue("Status is incorrect", respIn.getDvErrorNote().getTransactionStatus().getFailInfo() .equals(respOut.getDvErrorNote().getTransactionStatus().getFailInfo())); }
From source file:org.jnotary.service.dvcs.DvcsHandler.java
License:Open Source License
private java.security.cert.X509Certificate getCertificate(DVCSRequest request) throws DVCSException { if (request.getData().getCerts() == null || request.getData().getCerts().length == 0) { throw new DVCSException(PKIStatus.REJECTION, "No certificates in request", PKIFailureInfo.badRequest); }//from ww w . ja v a 2s .c o m CertEtcToken targetIn = request.getData().getCerts()[0].getTarget(); if (targetIn == null) throw new DVCSException(PKIStatus.REJECTION, "No certificates in request", PKIFailureInfo.badRequest); java.security.cert.X509Certificate certificate = null; try { CertificateFactory rd = CertificateFactory.getInstance("X.509"); InputStream in = new ByteArrayInputStream(targetIn.getCertificate().getEncoded()); certificate = (X509Certificate) rd.generateCertificate(in); } catch (Exception e) { throw new DVCSException(PKIStatus.REJECTION, e.getLocalizedMessage(), PKIFailureInfo.badRequest); } return certificate; }
From source file:org.jnotary.service.rest.DvcsRequestHandler.java
License:Open Source License
public DVCSRequest getDVCSRequest(byte[] requestBlob) throws DVCSException { try {// w ww.ja v a 2 s. c om return DVCSRequest.getInstance(requestBlob); } catch (Exception e) { throw new DVCSException(PKIStatus.REJECTION, e.getLocalizedMessage(), PKIFailureInfo.badRequest); } }
From source file:org.xipki.ca.client.impl.CAClientImpl.java
License:Open Source License
@Override public Map<String, CertIdOrError> revokeCerts(final RevokeCertRequestType request, final RequestResponseDebug debug) throws CAClientException, PKIErrorException { ParamChecker.assertNotNull("request", request); List<RevokeCertRequestEntryType> requestEntries = request.getRequestEntries(); if (CollectionUtil.isEmpty(requestEntries)) { return Collections.emptyMap(); }//from w w w . j a va2 s. c om X500Name issuer = requestEntries.get(0).getIssuer(); for (int i = 1; i < requestEntries.size(); i++) { if (issuer.equals(requestEntries.get(i).getIssuer()) == false) { throw new PKIErrorException(PKIStatus.REJECTION, PKIFailureInfo.badRequest, "revoking certificates issued by more than one CA is not allowed"); } } final String caName = getCaNameByIssuer(issuer); X509CmpRequestor cmpRequestor = casMap.get(caName).getRequestor(); RevokeCertResultType result; try { result = cmpRequestor.revokeCertificate(request, debug); } catch (CmpRequestorException e) { throw new CAClientException(e.getMessage(), e); } return parseRevokeCertResult(result); }
From source file:org.xipki.ca.client.impl.CAClientImpl.java
License:Open Source License
@Override public Map<String, CertIdOrError> unrevokeCerts(final UnrevokeOrRemoveCertRequestType request, final RequestResponseDebug debug) throws CAClientException, PKIErrorException { ParamChecker.assertNotNull("request", request); List<IssuerSerialEntryType> requestEntries = request.getRequestEntries(); if (CollectionUtil.isEmpty(requestEntries)) { return Collections.emptyMap(); }/*from ww w. j av a2s .c o m*/ X500Name issuer = requestEntries.get(0).getIssuer(); for (int i = 1; i < requestEntries.size(); i++) { if (issuer.equals(requestEntries.get(i).getIssuer()) == false) { throw new PKIErrorException(PKIStatus.REJECTION, PKIFailureInfo.badRequest, "unrevoking certificates issued by more than one CA is not allowed"); } } final String caName = getCaNameByIssuer(issuer); X509CmpRequestor cmpRequestor = casMap.get(caName).getRequestor(); RevokeCertResultType result; try { result = cmpRequestor.unrevokeCertificate(request, debug); } catch (CmpRequestorException e) { throw new CAClientException(e.getMessage(), e); } return parseRevokeCertResult(result); }