[Pki-devel] [Pki-users] Cannot revoke user certificate becouse of nonce

John Magne jmagne at redhat.com
Mon Oct 26 17:20:35 UTC 2015 

Looks like the "reviewCert" sets off a chain of events that includes the nonce in the return data.
For some reason getCert does no such thing.


----- Original Message -----
From: "Marcin Mierzejewski" <marcinmierzejewski1024 at gmail.com>
To: "John Magne" <jmagne at redhat.com>
Cc: pki-users at redhat.com, pki-devel at redhat.com
Sent: Saturday, October 24, 2015 12:38:43 AM
Subject: Re: [Pki-users] Cannot revoke user certificate becouse of nonce

problem was using certClient.getCert() instead of certClient.reviewCert().
What is diffrence between those methods, and when use first and when
second? I check javadoc, nothing found.

2015-10-23 19:49 GMT+02:00 John Magne <jmagne at redhat.com>:

> See CertHoldCLI.java
>
> Which has an example of doing what you are trying to do.
>
> ----- Original Message -----
> From: "Marcin Mierzejewski" <marcinmierzejewski1024 at gmail.com>
> To: pki-users at redhat.com, pki-devel at redhat.com
> Sent: Friday, October 23, 2015 8:34:45 AM
> Subject: [Pki-users] Cannot revoke user certificate becouse of nonce
>
> I try to revoke certificate from code I got exception with info about
> nonce.
>
>
> public void revokeAndApprove( int certificateId) {
>
> CertId certId = new CertId(certificateId);
> long nonce = new Random().nextLong();
> CertRevokeRequest revokeRequest = new CertRevokeRequest();
> revokeRequest.setReason(RevocationReason. KEY_COMPROMISE );
> revokeRequest.setComments( "user request revoke" );
> revokeRequest.setNonce(nonce);
>
> CertRequestInfo revokeInfo = certClient .revokeCert(certId,
> revokeRequest);// here comes an exception
>
> CertReviewResponse reviewData = certClient
> .reviewRequest(revokeInfo.getRequestId());
> reviewData.setNonce( "" +nonce);
> log (reviewData.toString());
> reviewData.setRequestNotes( "revoke approved" );
> certClient .approveRequest(reviewData.getRequestId(), reviewData);
> }
>
>
>
>
> when I use this I get exception on line(certClient.revokeCert(...))
>
>
>
> com.netscape.certsrv.base.BadRequestException: Nonce for cert-revoke 64
> does not exist.
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
> at
> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
> at
> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
> at java.lang.reflect.Constructor.newInstance(Constructor.java:422)
> at
> com.netscape.certsrv.client.PKIConnection.getEntity(PKIConnection.java:436)
> at com.netscape.certsrv.client.PKIClient.getEntity(PKIClient.java:112)
> at com.netscape.certsrv.cert.CertClient.revokeCert(CertClient.java:75)
> at com.company.CAManager.revokeAndApprove(CAManager.java:186)
>
> and few other options I'v tried
>
>
>
> 1. Long nonce = transportCert.getNonce(); // null
>
>
>
> 2. Long nonce = certClient .getCert(certId).getNonce() //also a null
>
> puting null to setNonce, or not setting it at all give me:
>
>
> com.netscape.certsrv.base.BadRequestException: Missing nonce.
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
> at
> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
> at
> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
> at java.lang.reflect.Constructor.newInstance(Constructor.java:422)
> at
> com.netscape.certsrv.client.PKIConnection.getEntity(PKIConnection.java:436)
> at com.netscape.certsrv.client.PKIClient.getEntity(PKIClient.java:112)
> at com.netscape.certsrv.cert.CertClient.revokeCert(CertClient.java:75)
> at com.company.CAManager.revokeAndApprove(CAManager.java:187)
> at com.company.Main.main(Main.java:21)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:497)
> at com.intellij.rt.execution.application.AppMain.main(AppMain.java:140)
>
> I check browser form from enduser entity and nonce value looks like
> this:"certId:someLongRandomNumber"
> Am I not understanding usage of nonce or something in my code is wrong?
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
>

More information about the Pki-devel mailing list