Example 41 with CertID
use of org.bouncycastle.asn1.ocsp.CertID in project xipki by xipki.
the class CertStoreQueryExecutor method addCert.
// constructor
void addCert(NameId ca, X509CertWithDbId certificate, byte[] encodedSubjectPublicKey, NameId certProfile, NameId requestor, Integer userId, RequestType reqType, byte[] transactionId, X500Name reqSubject) throws DataAccessException, OperationException {
ParamUtil.requireNonNull("ca", ca);
ParamUtil.requireNonNull("certificate", certificate);
ParamUtil.requireNonNull("certProfile", certProfile);
ParamUtil.requireNonNull("requestor", requestor);
long certId = idGenerator.nextId();
X509Certificate cert = certificate.getCert();
long fpPk = FpIdCalculator.hash(encodedSubjectPublicKey);
String subjectText = X509Util.cutText(certificate.getSubject(), maxX500nameLen);
long fpSubject = X509Util.fpCanonicalizedName(cert.getSubjectX500Principal());
String reqSubjectText = null;
Long fpReqSubject = null;
if (reqSubject != null) {
fpReqSubject = X509Util.fpCanonicalizedName(reqSubject);
if (fpSubject == fpReqSubject) {
fpReqSubject = null;
} else {
reqSubjectText = X509Util.cutX500Name(CaUtil.sortX509Name(reqSubject), maxX500nameLen);
}
}
String b64FpCert = base64Fp(certificate.getEncodedCert());
String b64Cert = Base64.encodeToString(certificate.getEncodedCert());
String tid = (transactionId == null) ? null : Base64.encodeToString(transactionId);
long currentTimeSeconds = System.currentTimeMillis() / 1000;
BigInteger serialNumber = cert.getSerialNumber();
long notBeforeSeconds = cert.getNotBefore().getTime() / 1000;
long notAfterSeconds = cert.getNotAfter().getTime() / 1000;
Connection conn = null;
PreparedStatement[] pss = borrowPreparedStatements(SQLs.SQL_ADD_CERT, SQLs.SQL_ADD_CRAW);
try {
PreparedStatement psAddcert = pss[0];
// all statements have the same connection
conn = psAddcert.getConnection();
// cert
int idx = 2;
psAddcert.setInt(idx++, CertArt.X509PKC.getCode());
psAddcert.setLong(idx++, currentTimeSeconds);
psAddcert.setString(idx++, serialNumber.toString(16));
psAddcert.setString(idx++, subjectText);
psAddcert.setLong(idx++, fpSubject);
setLong(psAddcert, idx++, fpReqSubject);
psAddcert.setLong(idx++, notBeforeSeconds);
psAddcert.setLong(idx++, notAfterSeconds);
setBoolean(psAddcert, idx++, false);
psAddcert.setInt(idx++, certProfile.getId());
psAddcert.setInt(idx++, ca.getId());
setInt(psAddcert, idx++, requestor.getId());
setInt(psAddcert, idx++, userId);
psAddcert.setLong(idx++, fpPk);
boolean isEeCert = cert.getBasicConstraints() == -1;
psAddcert.setInt(idx++, isEeCert ? 1 : 0);
psAddcert.setInt(idx++, reqType.getCode());
psAddcert.setString(idx++, tid);
// rawcert
PreparedStatement psAddRawcert = pss[1];
idx = 2;
psAddRawcert.setString(idx++, b64FpCert);
psAddRawcert.setString(idx++, reqSubjectText);
psAddRawcert.setString(idx++, b64Cert);
certificate.setCertId(certId);
psAddcert.setLong(1, certId);
psAddRawcert.setLong(1, certId);
final boolean origAutoCommit = conn.getAutoCommit();
conn.setAutoCommit(false);
String sql = null;
try {
sql = SQLs.SQL_ADD_CERT;
psAddcert.executeUpdate();
sql = SQLs.SQL_ADD_CRAW;
psAddRawcert.executeUpdate();
sql = "(commit add cert to CA certstore)";
conn.commit();
} catch (Throwable th) {
conn.rollback();
// more secure
datasource.deleteFromTable(null, "CRAW", "CID", certId);
datasource.deleteFromTable(null, "CERT", "ID", certId);
if (th instanceof SQLException) {
LOG.error("datasource {} could not add certificate with id {}: {}", datasource.getName(), certId, th.getMessage());
throw datasource.translate(sql, (SQLException) th);
} else {
throw new OperationException(ErrorCode.SYSTEM_FAILURE, th);
}
} finally {
conn.setAutoCommit(origAutoCommit);
}
} catch (SQLException ex) {
throw datasource.translate(null, ex);
} finally {
try {
for (PreparedStatement ps : pss) {
releaseStatement(ps);
}
} finally {
if (conn != null) {
datasource.returnConnection(conn);
}
}
}
}
Also used :
SQLException(java.sql.SQLException)
Connection(java.sql.Connection)
PreparedStatement(java.sql.PreparedStatement)
DERPrintableString(org.bouncycastle.asn1.DERPrintableString)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
X509Certificate(java.security.cert.X509Certificate)
BigInteger(java.math.BigInteger)
OperationException(org.xipki.ca.api.OperationException)
Example 42 with CertID
use of org.bouncycastle.asn1.ocsp.CertID in project xipki by xipki.
the class CertStoreQueryExecutor method getCertForId.
// method getCertForId
X509CertWithDbId getCertForId(long certId) throws DataAccessException, OperationException {
final String sql = sqls.sqlRawCertForId;
String b64Cert;
ResultSet rs = null;
PreparedStatement ps = borrowPreparedStatement(sql);
try {
ps.setLong(1, certId);
rs = ps.executeQuery();
if (!rs.next()) {
return null;
}
b64Cert = rs.getString("CERT");
} catch (SQLException ex) {
throw datasource.translate(sql, ex);
} finally {
releaseDbResources(ps, rs);
}
if (b64Cert == null) {
return null;
}
byte[] encodedCert = Base64.decodeFast(b64Cert);
X509Certificate cert;
try {
cert = X509Util.parseCert(encodedCert);
} catch (CertificateException ex) {
throw new OperationException(ErrorCode.SYSTEM_FAILURE, ex);
}
return new X509CertWithDbId(cert, encodedCert);
}
Also used :
SQLException(java.sql.SQLException)
ResultSet(java.sql.ResultSet)
PreparedStatement(java.sql.PreparedStatement)
CertificateException(java.security.cert.CertificateException)
X509CertWithDbId(org.xipki.ca.api.X509CertWithDbId)
DERPrintableString(org.bouncycastle.asn1.DERPrintableString)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
X509Certificate(java.security.cert.X509Certificate)
OperationException(org.xipki.ca.api.OperationException)
Example 43 with CertID
use of org.bouncycastle.asn1.ocsp.CertID in project xipki by xipki.
the class CertStoreQueryExecutor method removeFromPublishQueue.
void removeFromPublishQueue(NameId publisher, long certId) throws DataAccessException {
final String sql = SQLs.SQL_REMOVE_PUBLISHQUEUE;
PreparedStatement ps = borrowPreparedStatement(sql);
try {
ps.setInt(1, publisher.getId());
ps.setLong(2, certId);
ps.executeUpdate();
} catch (SQLException ex) {
throw datasource.translate(sql, ex);
} finally {
releaseDbResources(ps, null);
}
}
Also used :
SQLException(java.sql.SQLException)
PreparedStatement(java.sql.PreparedStatement)
DERPrintableString(org.bouncycastle.asn1.DERPrintableString)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
Example 44 with CertID
use of org.bouncycastle.asn1.ocsp.CertID in project xipki by xipki.
the class CertStoreQueryExecutor method unrevokeCert.
// method revokeSuspendedCert
X509CertWithDbId unrevokeCert(NameId ca, BigInteger serialNumber, boolean force, boolean publishToDeltaCrlCache, CaIdNameMap idNamMap) throws OperationException, DataAccessException {
ParamUtil.requireNonNull("ca", ca);
ParamUtil.requireNonNull("serialNumber", serialNumber);
X509CertWithRevocationInfo certWithRevInfo = getCertWithRevocationInfo(ca, serialNumber, idNamMap);
if (certWithRevInfo == null) {
LOG.warn("certificate with CA={} and serialNumber={} does not exist", ca.getName(), LogUtil.formatCsn(serialNumber));
return null;
}
CertRevocationInfo currentRevInfo = certWithRevInfo.getRevInfo();
if (currentRevInfo == null) {
throw new OperationException(ErrorCode.CERT_UNREVOKED, "certificate is not revoked");
}
CrlReason currentReason = currentRevInfo.getReason();
if (!force) {
if (currentReason != CrlReason.CERTIFICATE_HOLD) {
throw new OperationException(ErrorCode.NOT_PERMITTED, "could not unrevoke certificate revoked with reason " + currentReason.getDescription());
}
}
final String sql = "UPDATE CERT SET LUPDATE=?,REV=?,RT=?,RIT=?,RR=? WHERE ID=?";
long certId = certWithRevInfo.getCert().getCertId().longValue();
long currentTimeSeconds = System.currentTimeMillis() / 1000;
PreparedStatement ps = borrowPreparedStatement(sql);
try {
int idx = 1;
ps.setLong(idx++, currentTimeSeconds);
setBoolean(ps, idx++, false);
ps.setNull(idx++, Types.INTEGER);
ps.setNull(idx++, Types.INTEGER);
ps.setNull(idx++, Types.INTEGER);
ps.setLong(idx++, certId);
int count = ps.executeUpdate();
if (count != 1) {
String message = (count > 1) ? count + " rows modified, but exactly one is expected" : "no row is modified, but exactly one is expected";
throw new OperationException(ErrorCode.SYSTEM_FAILURE, message);
}
} catch (SQLException ex) {
throw datasource.translate(sql, ex);
} finally {
releaseDbResources(ps, null);
}
if (publishToDeltaCrlCache) {
publishToDeltaCrlCache(ca, certWithRevInfo.getCert().getCert().getSerialNumber());
}
return certWithRevInfo.getCert();
}
Also used :
CertRevocationInfo(org.xipki.security.CertRevocationInfo)
SQLException(java.sql.SQLException)
PreparedStatement(java.sql.PreparedStatement)
CrlReason(org.xipki.security.CrlReason)
DERPrintableString(org.bouncycastle.asn1.DERPrintableString)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
OperationException(org.xipki.ca.api.OperationException)
Example 45 with CertID
use of org.bouncycastle.asn1.ocsp.CertID in project xipki by xipki.
the class CertStoreQueryExecutor method getCertificate.
// method getCertProfileForSerial
/**
* TODO.
* @param subjectName Subject of Certificate or requested Subject.
* @param transactionId will only be considered if there are more than one certificate
* matches the subject.
*/
List<X509Certificate> getCertificate(X500Name subjectName, byte[] transactionId) throws DataAccessException, OperationException {
final String sql = (transactionId != null) ? "SELECT ID FROM CERT WHERE TID=? AND (FP_S=? OR FP_RS=?)" : "SELECT ID FROM CERT WHERE FP_S=? OR FP_RS=?";
long fpSubject = X509Util.fpCanonicalizedName(subjectName);
List<Long> certIds = new LinkedList<Long>();
ResultSet rs = null;
PreparedStatement ps = borrowPreparedStatement(sql);
try {
int idx = 1;
if (transactionId != null) {
ps.setString(idx++, Base64.encodeToString(transactionId));
}
ps.setLong(idx++, fpSubject);
ps.setLong(idx++, fpSubject);
rs = ps.executeQuery();
while (rs.next()) {
long id = rs.getLong("ID");
certIds.add(id);
}
} catch (SQLException ex) {
throw datasource.translate(sql, ex);
} finally {
releaseDbResources(ps, rs);
}
if (CollectionUtil.isEmpty(certIds)) {
return Collections.emptyList();
}
List<X509Certificate> certs = new ArrayList<X509Certificate>(certIds.size());
for (Long certId : certIds) {
X509CertWithDbId cert = getCertForId(certId);
if (cert != null) {
certs.add(cert.getCert());
}
}
return certs;
}
Also used :
SQLException(java.sql.SQLException)
ArrayList(java.util.ArrayList)
PreparedStatement(java.sql.PreparedStatement)
X509CertWithDbId(org.xipki.ca.api.X509CertWithDbId)
DERPrintableString(org.bouncycastle.asn1.DERPrintableString)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
LinkedList(java.util.LinkedList)
X509Certificate(java.security.cert.X509Certificate)
ResultSet(java.sql.ResultSet)
Aggregations
DEROctetString (org.bouncycastle.asn1.DEROctetString)25
X509Certificate (java.security.cert.X509Certificate)18
IOException (java.io.IOException)17
DERPrintableString (org.bouncycastle.asn1.DERPrintableString)15
CertificateException (java.security.cert.CertificateException)12
PreparedStatement (java.sql.PreparedStatement)12
SQLException (java.sql.SQLException)12
ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)11
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)11
CertificateEncodingException (java.security.cert.CertificateEncodingException)9
Date (java.util.Date)9
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)9
Extension (org.bouncycastle.asn1.x509.Extension)9
BigInteger (java.math.BigInteger)8
Certificate (java.security.cert.Certificate)8
CertID (org.bouncycastle.asn1.ocsp.CertID)8
AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)8
CertificateID (org.bouncycastle.cert.ocsp.CertificateID)8
OperationException (org.xipki.ca.api.OperationException)8
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)7
