Example 1 with NameId
use of org.xipki.ca.api.NameId in project xipki by xipki.
the class CaManagerImpl method addScep.
// method getCurrentCrl
@Override
public void addScep(ScepEntry dbEntry) throws CaMgmtException {
ParamUtil.requireNonNull("dbEntry", dbEntry);
asssertMasterMode();
final String name = dbEntry.getName();
if (scepDbEntries.containsKey(name)) {
throw new CaMgmtException(concat("SCEP named ", name, " exists"));
}
String caName = dbEntry.getCaIdent().getName();
NameId caIdent = idNameMap.getCa(caName);
if (caIdent == null) {
String msg = concat("unknown CA ", caName);
LOG.warn(msg);
throw new CaMgmtException(msg);
}
dbEntry.getCaIdent().setId(caIdent.getId());
ScepImpl scep = new ScepImpl(dbEntry, this);
queryExecutor.addScep(dbEntry);
scepDbEntries.put(name, dbEntry);
sceps.put(name, scep);
}
Also used :
CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException)
NameId(org.xipki.ca.api.NameId)
ScepImpl(org.xipki.ca.server.impl.scep.ScepImpl)
Example 2 with NameId
use of org.xipki.ca.api.NameId in project xipki by xipki.
the class CaManagerImpl method generateRootCa.
// method getIdentifiedPublishersForCa
@Override
public X509Certificate generateRootCa(X509CaEntry caEntry, String profileName, byte[] encodedCsr, BigInteger serialNumber) throws CaMgmtException {
ParamUtil.requireNonNull("caEntry", caEntry);
profileName = ParamUtil.requireNonBlank("profileName", profileName).toLowerCase();
ParamUtil.requireNonNull("encodedCsr", encodedCsr);
int numCrls = caEntry.getNumCrls();
List<String> crlUris = caEntry.getCrlUris();
List<String> deltaCrlUris = caEntry.getDeltaCrlUris();
List<String> ocspUris = caEntry.getOcspUris();
List<String> caCertUris = caEntry.getCaCertUris();
String signerType = caEntry.getSignerType();
asssertMasterMode();
if (numCrls < 0) {
System.err.println("invalid numCrls: " + numCrls);
return null;
}
int expirationPeriod = caEntry.getExpirationPeriod();
if (expirationPeriod < 0) {
System.err.println("invalid expirationPeriod: " + expirationPeriod);
return null;
}
CertificationRequest csr;
try {
csr = CertificationRequest.getInstance(encodedCsr);
} catch (Exception ex) {
System.err.println("invalid encodedCsr");
return null;
}
IdentifiedX509Certprofile certprofile = getIdentifiedCertprofile(profileName);
if (certprofile == null) {
throw new CaMgmtException(concat("unknown certprofile ", profileName));
}
BigInteger serialOfThisCert = (serialNumber != null) ? serialNumber : RandomSerialNumberGenerator.getInstance().nextSerialNumber(caEntry.getSerialNoBitLen());
GenerateSelfSignedResult result;
try {
result = X509SelfSignedCertBuilder.generateSelfSigned(securityFactory, signerType, caEntry.getSignerConf(), certprofile, csr, serialOfThisCert, caCertUris, ocspUris, crlUris, deltaCrlUris, caEntry.getExtraControl());
} catch (OperationException | InvalidConfException ex) {
throw new CaMgmtException(concat(ex.getClass().getName(), ": ", ex.getMessage()), ex);
}
String signerConf = result.getSignerConf();
X509Certificate caCert = result.getCert();
if ("PKCS12".equalsIgnoreCase(signerType) || "JKS".equalsIgnoreCase(signerType)) {
try {
signerConf = canonicalizeSignerConf(signerType, signerConf, new X509Certificate[] { caCert }, securityFactory);
} catch (Exception ex) {
throw new CaMgmtException(concat(ex.getClass().getName(), ": ", ex.getMessage()), ex);
}
}
X509CaUris caUris = new X509CaUris(caCertUris, ocspUris, crlUris, deltaCrlUris);
String name = caEntry.getIdent().getName();
long nextCrlNumber = caEntry.getNextCrlNumber();
CaStatus status = caEntry.getStatus();
X509CaEntry entry = new X509CaEntry(new NameId(null, name), caEntry.getSerialNoBitLen(), nextCrlNumber, signerType, signerConf, caUris, numCrls, expirationPeriod);
entry.setCert(caCert);
entry.setCmpControlName(caEntry.getCmpControlName());
entry.setCrlSignerName(caEntry.getCrlSignerName());
entry.setDuplicateKeyPermitted(caEntry.isDuplicateKeyPermitted());
entry.setDuplicateSubjectPermitted(caEntry.isDuplicateSubjectPermitted());
entry.setExtraControl(caEntry.getExtraControl());
entry.setKeepExpiredCertInDays(caEntry.getKeepExpiredCertInDays());
entry.setMaxValidity(caEntry.getMaxValidity());
entry.setPermission(caEntry.getPermission());
entry.setResponderName(caEntry.getResponderName());
entry.setSaveRequest(caEntry.isSaveRequest());
entry.setStatus(status);
entry.setValidityMode(caEntry.getValidityMode());
addCa(entry);
return caCert;
}
Also used :
NameId(org.xipki.ca.api.NameId)
InvalidConfException(org.xipki.common.InvalidConfException)
CaStatus(org.xipki.ca.server.mgmt.api.CaStatus)
CertprofileException(org.xipki.ca.api.profile.CertprofileException)
KeyStoreException(java.security.KeyStoreException)
XiSecurityException(org.xipki.security.exception.XiSecurityException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
InvalidConfException(org.xipki.common.InvalidConfException)
SocketException(java.net.SocketException)
IOException(java.io.IOException)
CertPublisherException(org.xipki.ca.api.publisher.CertPublisherException)
OperationException(org.xipki.ca.api.OperationException)
CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException)
ObjectCreationException(org.xipki.common.ObjectCreationException)
DataAccessException(org.xipki.datasource.DataAccessException)
JAXBException(javax.xml.bind.JAXBException)
FileNotFoundException(java.io.FileNotFoundException)
SAXException(org.xml.sax.SAXException)
CertificateException(java.security.cert.CertificateException)
PasswordResolverException(org.xipki.password.PasswordResolverException)
X509Certificate(java.security.cert.X509Certificate)
CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException)
X509CaUris(org.xipki.ca.server.mgmt.api.x509.X509CaUris)
GenerateSelfSignedResult(org.xipki.ca.server.impl.X509SelfSignedCertBuilder.GenerateSelfSignedResult)
BigInteger(java.math.BigInteger)
CertificationRequest(org.bouncycastle.asn1.pkcs.CertificationRequest)
OperationException(org.xipki.ca.api.OperationException)
X509CaEntry(org.xipki.ca.server.mgmt.api.x509.X509CaEntry)
Example 3 with NameId
use of org.xipki.ca.api.NameId in project xipki by xipki.
the class CaManagerImpl method changeCertprofile.
// method removeCertprofile
@Override
public void changeCertprofile(String name, String type, String conf) throws CaMgmtException {
name = ParamUtil.requireNonBlank("name", name).toLowerCase();
if (type == null && conf == null) {
throw new IllegalArgumentException("type and conf cannot be both null");
}
NameId ident = idNameMap.getCertprofile(name);
if (ident == null) {
String msg = concat("unknown Certprofile ", name);
LOG.warn(msg);
throw new CaMgmtException(msg);
}
asssertMasterMode();
IdentifiedX509Certprofile profile = queryExecutor.changeCertprofile(ident, type, conf, this);
certprofileDbEntries.remove(name);
IdentifiedX509Certprofile oldProfile = certprofiles.remove(name);
certprofileDbEntries.put(name, profile.getDbEntry());
certprofiles.put(name, profile);
if (oldProfile != null) {
shutdownCertprofile(oldProfile);
}
}
Also used :
CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException)
NameId(org.xipki.ca.api.NameId)
Example 4 with NameId
use of org.xipki.ca.api.NameId in project xipki by xipki.
the class CaManagerImpl method changeRequestor.
// method removeRequestor
@Override
public void changeRequestor(String name, String base64Cert) throws CaMgmtException {
ParamUtil.requireNonNull("base64Cert", base64Cert);
name = ParamUtil.requireNonBlank("name", name).toLowerCase();
asssertMasterMode();
NameId ident = idNameMap.getRequestor(name);
if (ident == null) {
String msg = concat("unknown requestor ", name);
LOG.warn(msg);
throw new CaMgmtException(msg);
}
RequestorEntryWrapper requestor = queryExecutor.changeRequestor(ident, base64Cert);
requestorDbEntries.remove(name);
requestors.remove(name);
requestorDbEntries.put(name, requestor.getDbEntry());
requestors.put(name, requestor);
}
Also used :
CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException)
NameId(org.xipki.ca.api.NameId)
RequestorEntryWrapper(org.xipki.ca.server.impl.cmp.RequestorEntryWrapper)
Example 5 with NameId
use of org.xipki.ca.api.NameId in project xipki by xipki.
the class CaManagerQueryExecutor method createPublisher.
// method getNamesFromTable
PublisherEntry createPublisher(String name) throws CaMgmtException {
final String sql = sqls.sqlSelectPublisher;
PreparedStatement stmt = null;
ResultSet rs = null;
try {
stmt = prepareStatement(sql);
stmt.setString(1, name);
rs = stmt.executeQuery();
if (!rs.next()) {
throw new CaMgmtException("unkown Publisher " + name);
}
int id = rs.getInt("ID");
String type = rs.getString("TYPE");
String conf = rs.getString("CONF");
return new PublisherEntry(new NameId(id, name), type, conf);
} catch (SQLException ex) {
throw new CaMgmtException(datasource, sql, ex);
} finally {
datasource.releaseResources(stmt, rs);
}
}
Also used :
CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException)
PublisherEntry(org.xipki.ca.server.mgmt.api.PublisherEntry)
NameId(org.xipki.ca.api.NameId)
SQLException(java.sql.SQLException)
ResultSet(java.sql.ResultSet)
PreparedStatement(java.sql.PreparedStatement)
Aggregations
NameId (org.xipki.ca.api.NameId)43
CaMgmtException (org.xipki.ca.server.mgmt.api.CaMgmtException)31
PreparedStatement (java.sql.PreparedStatement)12
SQLException (java.sql.SQLException)12
ResultSet (java.sql.ResultSet)9
OperationException (org.xipki.ca.api.OperationException)9
CmdFailure (org.xipki.console.karaf.CmdFailure)9
BigInteger (java.math.BigInteger)8
DERPrintableString (org.bouncycastle.asn1.DERPrintableString)6
CaHasRequestorEntry (org.xipki.ca.server.mgmt.api.CaHasRequestorEntry)6
X509Certificate (java.security.cert.X509Certificate)5
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)5
CaHasUserEntry (org.xipki.ca.server.mgmt.api.CaHasUserEntry)5
X509CaEntry (org.xipki.ca.server.mgmt.api.x509.X509CaEntry)5
Date (java.util.Date)4
AtomicInteger (java.util.concurrent.atomic.AtomicInteger)4
CaStatus (org.xipki.ca.server.mgmt.api.CaStatus)4
X509CaUris (org.xipki.ca.server.mgmt.api.x509.X509CaUris)4
ConfPairs (org.xipki.common.ConfPairs)4
IllegalCmdParamException (org.xipki.console.karaf.IllegalCmdParamException)4
