[Pki-devel] Cannot revoke user certificate becouse of nonce

[Marcin Mierzejewski]

I try to revoke certificate from code I got exception with info about nonce.

public void revokeAndApprove(int certificateId) {

CertId certId = new CertId(certificateId);
long nonce = new Random().nextLong();
CertRevokeRequest revokeRequest = new CertRevokeRequest();
revokeRequest.setReason(RevocationReason.KEY_COMPROMISE);
revokeRequest.setComments("user request revoke");
revokeRequest.setNonce(nonce);

*CertRequestInfo revokeInfo = certClient.revokeCert(certId,
revokeRequest);// here comes an exception*

CertReviewResponse reviewData = certClient
.reviewRequest(revokeInfo.getRequestId());
reviewData.setNonce(""+nonce);
log(reviewData.toString());
reviewData.setRequestNotes("revoke approved");
certClient.approveRequest(reviewData.getRequestId(), reviewData);
}


when I use this I get exception on line(certClient.revokeCert(...))
>
>
com.netscape.certsrv.base.BadRequestException: Nonce for cert-revoke 64
does not exist.
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:422)
at
com.netscape.certsrv.client.PKIConnection.getEntity(PKIConnection.java:436)
at com.netscape.certsrv.client.PKIClient.getEntity(PKIClient.java:112)
at com.netscape.certsrv.cert.CertClient.revokeCert(CertClient.java:75)
at com.company.CAManager.revokeAndApprove(CAManager.java:186)


and few other options I'v tried

1. Long nonce = transportCert.getNonce(); // null
>
> 2. Long nonce = certClient.getCert(certId).getNonce() //also a null
>
>
puting null to setNonce, or not setting it at all give me:

com.netscape.certsrv.base.BadRequestException: Missing nonce.
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
> at
> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
> at
> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
> at java.lang.reflect.Constructor.newInstance(Constructor.java:422)
> at
> com.netscape.certsrv.client.PKIConnection.getEntity(PKIConnection.java:436)
> at com.netscape.certsrv.client.PKIClient.getEntity(PKIClient.java:112)
> at com.netscape.certsrv.cert.CertClient.revokeCert(CertClient.java:75)
> at com.company.CAManager.revokeAndApprove(CAManager.java:187)
> at com.company.Main.main(Main.java:21)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:497)
> at com.intellij.rt.execution.application.AppMain.main(AppMain.java:140)
>

I check browser form from enduser entity and nonce value looks like
this:"certId:someLongRandomNumber"

Am I not understanding usage of nonce or something in my code is wrong?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20151023/f38beb1a/attachment.htm>