Example 11 with AuditEvent
use of org.xipki.audit.AuditEvent in project xipki by xipki.
the class X509Ca method revokeCa.
// method shouldPublishToDeltaCrlCache
public void revokeCa(CertRevocationInfo revocationInfo, String msgId) throws OperationException {
ParamUtil.requireNonNull("revocationInfo", revocationInfo);
caInfo.setRevocationInfo(revocationInfo);
if (caInfo.isSelfSigned()) {
AuditEvent event = newPerfAuditEvent(CaAuditConstants.TYPE_revoke_cert, msgId);
boolean successful = true;
try {
X509CertWithRevocationInfo ret = revokeCertificate0(caInfo.getSerialNumber(), revocationInfo.getReason(), revocationInfo.getInvalidityTime(), true, event);
successful = (ret != null);
} finally {
finish(event, successful);
}
}
boolean failed = false;
for (IdentifiedX509CertPublisher publisher : publishers()) {
NameId ident = publisher.getIdent();
boolean successful = publisher.caRevoked(caCert, revocationInfo);
if (successful) {
LOG.info("published event caRevoked of CA {} to publisher {}", caIdent, ident);
} else {
failed = true;
LOG.error("could not publish event caRevoked of CA {} to publisher {}", caIdent, ident);
}
}
if (failed) {
final String message = "could not event caRevoked of CA " + caIdent + " to at least one publisher";
throw new OperationException(ErrorCode.SYSTEM_FAILURE, message);
}
}
Also used :
NameId(org.xipki.ca.api.NameId)
AuditEvent(org.xipki.audit.AuditEvent)
DERPrintableString(org.bouncycastle.asn1.DERPrintableString)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
X509CertWithRevocationInfo(org.xipki.ca.server.impl.store.X509CertWithRevocationInfo)
OperationException(org.xipki.ca.api.OperationException)
Example 12 with AuditEvent
use of org.xipki.audit.AuditEvent in project xipki by xipki.
the class X509Ca method removeCertificate.
// method unrevokeCertificate
public X509CertWithDbId removeCertificate(BigInteger serialNumber, String msgId) throws OperationException {
if (caInfo.isSelfSigned() && caInfo.getSerialNumber().equals(serialNumber)) {
throw new OperationException(ErrorCode.NOT_PERMITTED, "insufficient permission remove CA certificate");
}
AuditEvent event = newPerfAuditEvent(CaAuditConstants.TYPE_remove_cert, msgId);
boolean successful = true;
try {
X509CertWithDbId ret = removeCertificate0(serialNumber, event);
successful = (ret != null);
return ret;
} finally {
finish(event, successful);
}
}
Also used :
AuditEvent(org.xipki.audit.AuditEvent)
X509CertWithDbId(org.xipki.ca.api.X509CertWithDbId)
OperationException(org.xipki.ca.api.OperationException)
Example 13 with AuditEvent
use of org.xipki.audit.AuditEvent in project xipki by xipki.
the class X509Ca method generateCrl.
// method generateCrlOnDemand
private X509CRL generateCrl(boolean deltaCrl, Date thisUpdate, Date nextUpdate, String msgId) throws OperationException {
boolean successful = false;
AuditEvent event = newPerfAuditEvent(CaAuditConstants.TYPE_gen_crl, msgId);
try {
X509CRL crl = generateCrl0(deltaCrl, thisUpdate, nextUpdate, event, msgId);
successful = true;
return crl;
} finally {
finish(event, successful);
}
}
Also used :
X509CRL(java.security.cert.X509CRL)
AuditEvent(org.xipki.audit.AuditEvent)
Example 14 with AuditEvent
use of org.xipki.audit.AuditEvent in project xipki by xipki.
the class X509Ca method revokeSuspendedCerts.
// method removeExpirtedCerts
private int revokeSuspendedCerts(String msgId) throws OperationException {
LOG.debug("revoking suspended certificates");
AuditEvent event = newPerfAuditEvent(CaAuditConstants.TYPE_revoke_suspendedCert, msgId);
boolean successful = false;
try {
int num = revokeSuspendedCerts0(event, msgId);
LOG.info("revoked {} suspended certificates of CA {}", num, caIdent);
successful = true;
return num;
} finally {
finish(event, successful);
}
}
Also used :
AuditEvent(org.xipki.audit.AuditEvent)
IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
Example 15 with AuditEvent
use of org.xipki.audit.AuditEvent in project xipki by xipki.
the class X509Ca method generateCertificate.
private X509CertificateInfo generateCertificate(GrantedCertTemplate gct, RequestorInfo requestor, boolean keyUpdate, RequestType reqType, byte[] transactionId, String msgId) throws OperationException {
AuditEvent event = newPerfAuditEvent(CaAuditConstants.TYPE_gen_cert, msgId);
boolean successful = false;
try {
X509CertificateInfo ret = generateCertificate0(gct, requestor, keyUpdate, reqType, transactionId, event);
successful = (ret != null);
return ret;
} finally {
finish(event, successful);
}
}
Also used :
AuditEvent(org.xipki.audit.AuditEvent)
X509CertificateInfo(org.xipki.ca.api.publisher.x509.X509CertificateInfo)
Aggregations
AuditEvent (org.xipki.audit.AuditEvent)20
Date (java.util.Date)9
OperationException (org.xipki.ca.api.OperationException)9
AuditService (org.xipki.audit.AuditService)5
EOFException (java.io.EOFException)4
IOException (java.io.IOException)4
AuditLevel (org.xipki.audit.AuditLevel)4
AuditStatus (org.xipki.audit.AuditStatus)4
HttpMethod (io.netty.handler.codec.http.HttpMethod)3
HttpVersion (io.netty.handler.codec.http.HttpVersion)3
CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)3
IssuingDistributionPoint (org.bouncycastle.asn1.x509.IssuingDistributionPoint)3
AuditServiceRegister (org.xipki.audit.AuditServiceRegister)3
ResponderManager (org.xipki.ca.server.api.ResponderManager)3
HttpResponseStatus (io.netty.handler.codec.http.HttpResponseStatus)2
X509Certificate (java.security.cert.X509Certificate)2
ServletException (javax.servlet.ServletException)2
DERPrintableString (org.bouncycastle.asn1.DERPrintableString)2
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)2
PKIMessage (org.bouncycastle.asn1.cmp.PKIMessage)2
