[Pki-devel] [Pki-users] Cannot revoke user certificate becouse of nonce

[John Magne]

See CertHoldCLI.java

Which has an example of doing what you are trying to do.

----- Original Message -----
From: "Marcin Mierzejewski" <marcinmierzejewski1024 at gmail.com>
To: pki-users at redhat.com, pki-devel at redhat.com
Sent: Friday, October 23, 2015 8:34:45 AM
Subject: [Pki-users] Cannot revoke user certificate becouse of nonce

I try to revoke certificate from code I got exception with info about nonce. 


public void revokeAndApprove( int certificateId) { 

CertId certId = new CertId(certificateId); 
long nonce = new Random().nextLong(); 
CertRevokeRequest revokeRequest = new CertRevokeRequest(); 
revokeRequest.setReason(RevocationReason. KEY_COMPROMISE ); 
revokeRequest.setComments( "user request revoke" ); 
revokeRequest.setNonce(nonce); 

CertRequestInfo revokeInfo = certClient .revokeCert(certId, revokeRequest);// here comes an exception 

CertReviewResponse reviewData = certClient .reviewRequest(revokeInfo.getRequestId()); 
reviewData.setNonce( "" +nonce); 
log (reviewData.toString()); 
reviewData.setRequestNotes( "revoke approved" ); 
certClient .approveRequest(reviewData.getRequestId(), reviewData); 
} 




when I use this I get exception on line(certClient.revokeCert(...)) 



com.netscape.certsrv.base.BadRequestException: Nonce for cert-revoke 64 does not exist. 
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) 
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) 
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) 
at java.lang.reflect.Constructor.newInstance(Constructor.java:422) 
at com.netscape.certsrv.client.PKIConnection.getEntity(PKIConnection.java:436) 
at com.netscape.certsrv.client.PKIClient.getEntity(PKIClient.java:112) 
at com.netscape.certsrv.cert.CertClient.revokeCert(CertClient.java:75) 
at com.company.CAManager.revokeAndApprove(CAManager.java:186) 

and few other options I'v tried 



1. Long nonce = transportCert.getNonce(); // null 



2. Long nonce = certClient .getCert(certId).getNonce() //also a null 

puting null to setNonce, or not setting it at all give me: 


com.netscape.certsrv.base.BadRequestException: Missing nonce. 
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) 
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) 
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) 
at java.lang.reflect.Constructor.newInstance(Constructor.java:422) 
at com.netscape.certsrv.client.PKIConnection.getEntity(PKIConnection.java:436) 
at com.netscape.certsrv.client.PKIClient.getEntity(PKIClient.java:112) 
at com.netscape.certsrv.cert.CertClient.revokeCert(CertClient.java:75) 
at com.company.CAManager.revokeAndApprove(CAManager.java:187) 
at com.company.Main.main(Main.java:21) 
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) 
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) 
at java.lang.reflect.Method.invoke(Method.java:497) 
at com.intellij.rt.execution.application.AppMain.main(AppMain.java:140) 

I check browser form from enduser entity and nonce value looks like this:"certId:someLongRandomNumber" 
Am I not understanding usage of nonce or something in my code is wrong? 

_______________________________________________
Pki-users mailing list
Pki-users at redhat.com
https://www.redhat.com/mailman/listinfo/pki-users