Search in sources :

Example 41 with CertId

use of org.bouncycastle.asn1.crmf.CertId in project xipki by xipki.

the class CertStoreQueryExecutor method addToPublishQueue.

// method addCert
void addToPublishQueue(NameId publisher, long certId, NameId ca) throws DataAccessException {
    ParamUtil.requireNonNull("ca", ca);
    final String sql = SQLs.SQL_INSERT_PUBLISHQUEUE;
    PreparedStatement ps = borrowPreparedStatement(sql);
    try {
        ps.setInt(1, publisher.getId());
        ps.setInt(2, ca.getId());
        ps.setLong(3, certId);
        ps.executeUpdate();
    } catch (SQLException ex) {
        throw datasource.translate(sql, ex);
    } finally {
        releaseDbResources(ps, null);
    }
}
Also used : SQLException(java.sql.SQLException) PreparedStatement(java.sql.PreparedStatement) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DEROctetString(org.bouncycastle.asn1.DEROctetString)

Example 42 with CertId

use of org.bouncycastle.asn1.crmf.CertId in project xipki by xipki.

the class CertStoreQueryExecutor method addCert.

// constructor
void addCert(NameId ca, X509CertWithDbId certificate, byte[] encodedSubjectPublicKey, NameId certProfile, NameId requestor, Integer userId, RequestType reqType, byte[] transactionId, X500Name reqSubject) throws DataAccessException, OperationException {
    ParamUtil.requireNonNull("ca", ca);
    ParamUtil.requireNonNull("certificate", certificate);
    ParamUtil.requireNonNull("certProfile", certProfile);
    ParamUtil.requireNonNull("requestor", requestor);
    long certId = idGenerator.nextId();
    X509Certificate cert = certificate.getCert();
    long fpPk = FpIdCalculator.hash(encodedSubjectPublicKey);
    String subjectText = X509Util.cutText(certificate.getSubject(), maxX500nameLen);
    long fpSubject = X509Util.fpCanonicalizedName(cert.getSubjectX500Principal());
    String reqSubjectText = null;
    Long fpReqSubject = null;
    if (reqSubject != null) {
        fpReqSubject = X509Util.fpCanonicalizedName(reqSubject);
        if (fpSubject == fpReqSubject) {
            fpReqSubject = null;
        } else {
            reqSubjectText = X509Util.cutX500Name(CaUtil.sortX509Name(reqSubject), maxX500nameLen);
        }
    }
    String b64FpCert = base64Fp(certificate.getEncodedCert());
    String b64Cert = Base64.encodeToString(certificate.getEncodedCert());
    String tid = (transactionId == null) ? null : Base64.encodeToString(transactionId);
    long currentTimeSeconds = System.currentTimeMillis() / 1000;
    BigInteger serialNumber = cert.getSerialNumber();
    long notBeforeSeconds = cert.getNotBefore().getTime() / 1000;
    long notAfterSeconds = cert.getNotAfter().getTime() / 1000;
    Connection conn = null;
    PreparedStatement[] pss = borrowPreparedStatements(SQLs.SQL_ADD_CERT, SQLs.SQL_ADD_CRAW);
    try {
        PreparedStatement psAddcert = pss[0];
        // all statements have the same connection
        conn = psAddcert.getConnection();
        // cert
        int idx = 2;
        psAddcert.setInt(idx++, CertArt.X509PKC.getCode());
        psAddcert.setLong(idx++, currentTimeSeconds);
        psAddcert.setString(idx++, serialNumber.toString(16));
        psAddcert.setString(idx++, subjectText);
        psAddcert.setLong(idx++, fpSubject);
        setLong(psAddcert, idx++, fpReqSubject);
        psAddcert.setLong(idx++, notBeforeSeconds);
        psAddcert.setLong(idx++, notAfterSeconds);
        setBoolean(psAddcert, idx++, false);
        psAddcert.setInt(idx++, certProfile.getId());
        psAddcert.setInt(idx++, ca.getId());
        setInt(psAddcert, idx++, requestor.getId());
        setInt(psAddcert, idx++, userId);
        psAddcert.setLong(idx++, fpPk);
        boolean isEeCert = cert.getBasicConstraints() == -1;
        psAddcert.setInt(idx++, isEeCert ? 1 : 0);
        psAddcert.setInt(idx++, reqType.getCode());
        psAddcert.setString(idx++, tid);
        // rawcert
        PreparedStatement psAddRawcert = pss[1];
        idx = 2;
        psAddRawcert.setString(idx++, b64FpCert);
        psAddRawcert.setString(idx++, reqSubjectText);
        psAddRawcert.setString(idx++, b64Cert);
        certificate.setCertId(certId);
        psAddcert.setLong(1, certId);
        psAddRawcert.setLong(1, certId);
        final boolean origAutoCommit = conn.getAutoCommit();
        conn.setAutoCommit(false);
        String sql = null;
        try {
            sql = SQLs.SQL_ADD_CERT;
            psAddcert.executeUpdate();
            sql = SQLs.SQL_ADD_CRAW;
            psAddRawcert.executeUpdate();
            sql = "(commit add cert to CA certstore)";
            conn.commit();
        } catch (Throwable th) {
            conn.rollback();
            // more secure
            datasource.deleteFromTable(null, "CRAW", "CID", certId);
            datasource.deleteFromTable(null, "CERT", "ID", certId);
            if (th instanceof SQLException) {
                LOG.error("datasource {} could not add certificate with id {}: {}", datasource.getName(), certId, th.getMessage());
                throw datasource.translate(sql, (SQLException) th);
            } else {
                throw new OperationException(ErrorCode.SYSTEM_FAILURE, th);
            }
        } finally {
            conn.setAutoCommit(origAutoCommit);
        }
    } catch (SQLException ex) {
        throw datasource.translate(null, ex);
    } finally {
        try {
            for (PreparedStatement ps : pss) {
                releaseStatement(ps);
            }
        } finally {
            if (conn != null) {
                datasource.returnConnection(conn);
            }
        }
    }
}
Also used : SQLException(java.sql.SQLException) Connection(java.sql.Connection) PreparedStatement(java.sql.PreparedStatement) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DEROctetString(org.bouncycastle.asn1.DEROctetString) X509Certificate(java.security.cert.X509Certificate) BigInteger(java.math.BigInteger) OperationException(org.xipki.ca.api.OperationException)

Example 43 with CertId

use of org.bouncycastle.asn1.crmf.CertId in project xipki by xipki.

the class CertStoreQueryExecutor method getCertForId.

// method getCertForId
X509CertWithDbId getCertForId(long certId) throws DataAccessException, OperationException {
    final String sql = sqls.sqlRawCertForId;
    String b64Cert;
    ResultSet rs = null;
    PreparedStatement ps = borrowPreparedStatement(sql);
    try {
        ps.setLong(1, certId);
        rs = ps.executeQuery();
        if (!rs.next()) {
            return null;
        }
        b64Cert = rs.getString("CERT");
    } catch (SQLException ex) {
        throw datasource.translate(sql, ex);
    } finally {
        releaseDbResources(ps, rs);
    }
    if (b64Cert == null) {
        return null;
    }
    byte[] encodedCert = Base64.decodeFast(b64Cert);
    X509Certificate cert;
    try {
        cert = X509Util.parseCert(encodedCert);
    } catch (CertificateException ex) {
        throw new OperationException(ErrorCode.SYSTEM_FAILURE, ex);
    }
    return new X509CertWithDbId(cert, encodedCert);
}
Also used : SQLException(java.sql.SQLException) ResultSet(java.sql.ResultSet) PreparedStatement(java.sql.PreparedStatement) CertificateException(java.security.cert.CertificateException) X509CertWithDbId(org.xipki.ca.api.X509CertWithDbId) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DEROctetString(org.bouncycastle.asn1.DEROctetString) X509Certificate(java.security.cert.X509Certificate) OperationException(org.xipki.ca.api.OperationException)

Example 44 with CertId

use of org.bouncycastle.asn1.crmf.CertId in project xipki by xipki.

the class CertStoreQueryExecutor method removeFromPublishQueue.

void removeFromPublishQueue(NameId publisher, long certId) throws DataAccessException {
    final String sql = SQLs.SQL_REMOVE_PUBLISHQUEUE;
    PreparedStatement ps = borrowPreparedStatement(sql);
    try {
        ps.setInt(1, publisher.getId());
        ps.setLong(2, certId);
        ps.executeUpdate();
    } catch (SQLException ex) {
        throw datasource.translate(sql, ex);
    } finally {
        releaseDbResources(ps, null);
    }
}
Also used : SQLException(java.sql.SQLException) PreparedStatement(java.sql.PreparedStatement) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DEROctetString(org.bouncycastle.asn1.DEROctetString)

Example 45 with CertId

use of org.bouncycastle.asn1.crmf.CertId in project xipki by xipki.

the class CertStoreQueryExecutor method unrevokeCert.

// method revokeSuspendedCert
X509CertWithDbId unrevokeCert(NameId ca, BigInteger serialNumber, boolean force, boolean publishToDeltaCrlCache, CaIdNameMap idNamMap) throws OperationException, DataAccessException {
    ParamUtil.requireNonNull("ca", ca);
    ParamUtil.requireNonNull("serialNumber", serialNumber);
    X509CertWithRevocationInfo certWithRevInfo = getCertWithRevocationInfo(ca, serialNumber, idNamMap);
    if (certWithRevInfo == null) {
        LOG.warn("certificate with CA={} and serialNumber={} does not exist", ca.getName(), LogUtil.formatCsn(serialNumber));
        return null;
    }
    CertRevocationInfo currentRevInfo = certWithRevInfo.getRevInfo();
    if (currentRevInfo == null) {
        throw new OperationException(ErrorCode.CERT_UNREVOKED, "certificate is not revoked");
    }
    CrlReason currentReason = currentRevInfo.getReason();
    if (!force) {
        if (currentReason != CrlReason.CERTIFICATE_HOLD) {
            throw new OperationException(ErrorCode.NOT_PERMITTED, "could not unrevoke certificate revoked with reason " + currentReason.getDescription());
        }
    }
    final String sql = "UPDATE CERT SET LUPDATE=?,REV=?,RT=?,RIT=?,RR=? WHERE ID=?";
    long certId = certWithRevInfo.getCert().getCertId().longValue();
    long currentTimeSeconds = System.currentTimeMillis() / 1000;
    PreparedStatement ps = borrowPreparedStatement(sql);
    try {
        int idx = 1;
        ps.setLong(idx++, currentTimeSeconds);
        setBoolean(ps, idx++, false);
        ps.setNull(idx++, Types.INTEGER);
        ps.setNull(idx++, Types.INTEGER);
        ps.setNull(idx++, Types.INTEGER);
        ps.setLong(idx++, certId);
        int count = ps.executeUpdate();
        if (count != 1) {
            String message = (count > 1) ? count + " rows modified, but exactly one is expected" : "no row is modified, but exactly one is expected";
            throw new OperationException(ErrorCode.SYSTEM_FAILURE, message);
        }
    } catch (SQLException ex) {
        throw datasource.translate(sql, ex);
    } finally {
        releaseDbResources(ps, null);
    }
    if (publishToDeltaCrlCache) {
        publishToDeltaCrlCache(ca, certWithRevInfo.getCert().getCert().getSerialNumber());
    }
    return certWithRevInfo.getCert();
}
Also used : CertRevocationInfo(org.xipki.security.CertRevocationInfo) SQLException(java.sql.SQLException) PreparedStatement(java.sql.PreparedStatement) CrlReason(org.xipki.security.CrlReason) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DEROctetString(org.bouncycastle.asn1.DEROctetString) OperationException(org.xipki.ca.api.OperationException)

Aggregations

DEROctetString (org.bouncycastle.asn1.DEROctetString)26 X509Certificate (java.security.cert.X509Certificate)19 IOException (java.io.IOException)18 DERPrintableString (org.bouncycastle.asn1.DERPrintableString)15 CertificateException (java.security.cert.CertificateException)12 PreparedStatement (java.sql.PreparedStatement)12 SQLException (java.sql.SQLException)12 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)11 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)11 Extension (org.bouncycastle.asn1.x509.Extension)10 CertificateID (org.bouncycastle.cert.ocsp.CertificateID)10 BigInteger (java.math.BigInteger)9 CertificateEncodingException (java.security.cert.CertificateEncodingException)9 Date (java.util.Date)9 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)9 Certificate (java.security.cert.Certificate)8 CertID (org.bouncycastle.asn1.ocsp.CertID)8 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)8 OperationException (org.xipki.ca.api.OperationException)8 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)7