Example 21 with NameId
use of org.xipki.ca.api.NameId in project xipki by xipki.
the class CaManagerImpl method addCa.
@Override
public void addCa(CaEntry caEntry) throws CaMgmtException {
ParamUtil.requireNonNull("caEntry", caEntry);
asssertMasterMode();
NameId ident = caEntry.getIdent();
String name = ident.getName();
if (caInfos.containsKey(name)) {
throw new CaMgmtException(concat("CA named ", name, " exists"));
}
String origSignerConf = caEntry.getSignerConf();
String newSignerConf = canonicalizeSignerConf(caEntry.getSignerType(), origSignerConf, null, securityFactory);
if (!origSignerConf.equals(newSignerConf)) {
caEntry.setSignerConf(newSignerConf);
}
if (caEntry instanceof X509CaEntry) {
try {
X509CaEntry tmpCaEntry = (X509CaEntry) caEntry;
List<String[]> signerConfs = CaEntry.splitCaSignerConfs(tmpCaEntry.getSignerConf());
ConcurrentContentSigner signer;
for (String[] m : signerConfs) {
SignerConf signerConf = new SignerConf(m[1]);
signer = securityFactory.createSigner(tmpCaEntry.getSignerType(), signerConf, tmpCaEntry.getCert());
if (tmpCaEntry.getCert() == null) {
if (signer.getCertificate() == null) {
throw new CaMgmtException("CA signer without certificate is not allowed");
}
tmpCaEntry.setCert(signer.getCertificate());
}
}
} catch (XiSecurityException | ObjectCreationException ex) {
throw new CaMgmtException(concat("could not create signer for new CA ", name, ": ", ex.getMessage()), ex);
}
}
queryExecutor.addCa(caEntry);
if (!createCa(name)) {
LOG.error("could not create CA {}", name);
} else {
if (startCa(name)) {
LOG.info("started CA {}", name);
} else {
LOG.error("could not start CA {}", name);
}
}
}
Also used :
CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException)
ConcurrentContentSigner(org.xipki.security.ConcurrentContentSigner)
XiSecurityException(org.xipki.security.exception.XiSecurityException)
NameId(org.xipki.ca.api.NameId)
ObjectCreationException(org.xipki.common.ObjectCreationException)
SignerConf(org.xipki.security.SignerConf)
X509CaEntry(org.xipki.ca.server.mgmt.api.x509.X509CaEntry)
Example 22 with NameId
use of org.xipki.ca.api.NameId in project xipki by xipki.
the class CaManagerImpl method getAliasesForCa.
@Override
public Set<String> getAliasesForCa(String caName) {
caName = ParamUtil.requireNonBlank("caName", caName).toLowerCase();
Set<String> aliases = new HashSet<>();
X509Ca ca = x509cas.get(caName);
if (ca == null) {
return aliases;
}
NameId caIdent = ca.getCaIdent();
for (String alias : caAliases.keySet()) {
Integer thisCaId = caAliases.get(alias);
if (caIdent.getId().equals(thisCaId)) {
aliases.add(alias);
}
}
return aliases;
}
Also used :
BigInteger(java.math.BigInteger)
NameId(org.xipki.ca.api.NameId)
HashSet(java.util.HashSet)
Example 23 with NameId
use of org.xipki.ca.api.NameId in project xipki by xipki.
the class CaManagerImpl method addPublisherToCa.
// method removePublisherFromCa
@Override
public void addPublisherToCa(String publisherName, String caName) throws CaMgmtException {
publisherName = ParamUtil.requireNonBlank("publisherName", publisherName).toLowerCase();
caName = ParamUtil.requireNonBlank("caName", caName).toLowerCase();
asssertMasterMode();
NameId ident = idNameMap.getPublisher(publisherName);
if (ident == null) {
String msg = concat("unknown publisher ", publisherName);
LOG.warn(msg);
throw new CaMgmtException(msg);
}
NameId caIdent = idNameMap.getCa(caName);
if (caIdent == null) {
String msg = concat("unknown CA ", caName);
LOG.warn(msg);
throw new CaMgmtException(msg);
}
Set<String> publisherNames = caHasPublishers.get(caName);
if (publisherNames == null) {
publisherNames = new HashSet<>();
caHasPublishers.put(caName, publisherNames);
} else {
if (publisherNames.contains(publisherName)) {
String msg = concat("publisher ", publisherName, " already associated with CA ", caName);
LOG.warn(msg);
throw new CaMgmtException(msg);
}
}
IdentifiedX509CertPublisher publisher = publishers.get(publisherName);
if (publisher == null) {
throw new CaMgmtException(concat("publisher '", publisherName, "' is faulty"));
}
queryExecutor.addPublisherToCa(idNameMap.getPublisher(publisherName), caIdent);
publisherNames.add(publisherName);
caHasPublishers.get(caName).add(publisherName);
publisher.caAdded(caInfos.get(caName).getCert());
}
Also used :
CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException)
NameId(org.xipki.ca.api.NameId)
Example 24 with NameId
use of org.xipki.ca.api.NameId in project xipki by xipki.
the class CaManagerImpl method changeScep.
// method removeScep
public void changeScep(ChangeScepEntry scepEntry) throws CaMgmtException {
ParamUtil.requireNonNull("scepEntry", scepEntry);
asssertMasterMode();
String name = scepEntry.getName();
NameId caId = scepEntry.getCaIdent();
Boolean active = scepEntry.getActive();
String responderName = scepEntry.getResponderName();
String control = scepEntry.getControl();
if (caId == null && responderName == null && control == null) {
throw new IllegalArgumentException("nothing to change or SCEP " + name);
}
if (caId != null && caId.getId() == null) {
String caName = caId.getName();
caId = idNameMap.getCa(caName);
if (caId == null) {
throw new CaMgmtException(concat("Unknown CA ", caName));
}
}
ScepImpl scep = queryExecutor.changeScep(name, caId, active, responderName, scepEntry.getCertProfiles(), control, this, securityFactory);
if (scep == null) {
throw new CaMgmtException("could not chagne SCEP " + name);
}
sceps.remove(name);
scepDbEntries.remove(name);
scepDbEntries.put(name, scep.getDbEntry());
sceps.put(name, scep);
}
Also used :
CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException)
NameId(org.xipki.ca.api.NameId)
ScepImpl(org.xipki.ca.server.impl.scep.ScepImpl)
Example 25 with NameId
use of org.xipki.ca.api.NameId in project xipki by xipki.
the class CaManagerQueryExecutor method createCaInfo.
// method createResponder
X509CaInfo createCaInfo(String name, boolean masterMode, CertificateStore certstore) throws CaMgmtException {
final String sql = sqls.sqlSelectCa;
PreparedStatement stmt = null;
ResultSet rs = null;
try {
stmt = prepareStatement(sql);
stmt.setString(1, name);
rs = stmt.executeQuery();
if (!rs.next()) {
throw new CaMgmtException("uknown CA " + name);
}
int artCode = rs.getInt("ART");
if (artCode != CertArt.X509PKC.getCode()) {
throw new CaMgmtException("CA " + name + " is not X509CA, and is not supported");
}
String crlUris = rs.getString("CRL_URIS");
String deltaCrlUris = rs.getString("DELTACRL_URIS");
CertRevocationInfo revocationInfo = null;
boolean revoked = rs.getBoolean("REV");
if (revoked) {
int revReason = rs.getInt("RR");
long revTime = rs.getInt("RT");
long revInvalidityTime = rs.getInt("RIT");
Date revInvTime = (revInvalidityTime == 0) ? null : new Date(revInvalidityTime * 1000);
revocationInfo = new CertRevocationInfo(revReason, new Date(revTime * 1000), revInvTime);
}
List<String> tmpCrlUris = null;
if (StringUtil.isNotBlank(crlUris)) {
tmpCrlUris = StringUtil.splitByComma(crlUris);
}
List<String> tmpDeltaCrlUris = null;
if (StringUtil.isNotBlank(deltaCrlUris)) {
tmpDeltaCrlUris = StringUtil.splitByComma(deltaCrlUris);
}
String ocspUris = rs.getString("OCSP_URIS");
List<String> tmpOcspUris = null;
if (StringUtil.isNotBlank(ocspUris)) {
tmpOcspUris = StringUtil.splitByComma(ocspUris);
}
String caCertUris = rs.getString("CACERT_URIS");
List<String> tmpCaCertUris = null;
if (StringUtil.isNotBlank(caCertUris)) {
tmpCaCertUris = StringUtil.splitByComma(caCertUris);
}
X509CaUris caUris = new X509CaUris(tmpCaCertUris, tmpOcspUris, tmpCrlUris, tmpDeltaCrlUris);
int id = rs.getInt("ID");
int serialNoSize = rs.getInt("SN_SIZE");
long nextCrlNo = rs.getLong("NEXT_CRLNO");
String signerType = rs.getString("SIGNER_TYPE");
String signerConf = rs.getString("SIGNER_CONF");
int numCrls = rs.getInt("NUM_CRLS");
int expirationPeriod = rs.getInt("EXPIRATION_PERIOD");
X509CaEntry entry = new X509CaEntry(new NameId(id, name), serialNoSize, nextCrlNo, signerType, signerConf, caUris, numCrls, expirationPeriod);
String b64cert = rs.getString("CERT");
X509Certificate cert = generateCert(b64cert);
entry.setCert(cert);
String status = rs.getString("STATUS");
CaStatus caStatus = CaStatus.forName(status);
entry.setStatus(caStatus);
String maxValidityS = rs.getString("MAX_VALIDITY");
CertValidity maxValidity = CertValidity.getInstance(maxValidityS);
entry.setMaxValidity(maxValidity);
int keepExpiredCertDays = rs.getInt("KEEP_EXPIRED_CERT_DAYS");
entry.setKeepExpiredCertInDays(keepExpiredCertDays);
String crlsignerName = rs.getString("CRLSIGNER_NAME");
if (StringUtil.isNotBlank(crlsignerName)) {
entry.setCrlSignerName(crlsignerName);
}
String responderName = rs.getString("RESPONDER_NAME");
if (StringUtil.isNotBlank(responderName)) {
entry.setResponderName(responderName);
}
String extraControl = rs.getString("EXTRA_CONTROL");
if (StringUtil.isNotBlank(extraControl)) {
entry.setExtraControl(new ConfPairs(extraControl).unmodifiable());
}
String cmpcontrolName = rs.getString("CMPCONTROL_NAME");
if (StringUtil.isNotBlank(cmpcontrolName)) {
entry.setCmpControlName(cmpcontrolName);
}
boolean duplicateKeyPermitted = (rs.getInt("DUPLICATE_KEY") != 0);
entry.setDuplicateKeyPermitted(duplicateKeyPermitted);
boolean duplicateSubjectPermitted = (rs.getInt("DUPLICATE_SUBJECT") != 0);
entry.setDuplicateSubjectPermitted(duplicateSubjectPermitted);
boolean saveReq = (rs.getInt("SAVE_REQ") != 0);
entry.setSaveRequest(saveReq);
int permission = rs.getInt("PERMISSION");
entry.setPermission(permission);
entry.setRevocationInfo(revocationInfo);
String validityModeS = rs.getString("VALIDITY_MODE");
ValidityMode validityMode = null;
if (validityModeS != null) {
validityMode = ValidityMode.forName(validityModeS);
}
if (validityMode == null) {
validityMode = ValidityMode.STRICT;
}
entry.setValidityMode(validityMode);
try {
return new X509CaInfo(entry, certstore);
} catch (OperationException ex) {
throw new CaMgmtException(ex);
}
} catch (SQLException ex) {
throw new CaMgmtException(datasource, sql, ex);
} finally {
datasource.releaseResources(stmt, rs);
}
}
Also used :
NameId(org.xipki.ca.api.NameId)
CertValidity(org.xipki.ca.api.profile.CertValidity)
SQLException(java.sql.SQLException)
ConfPairs(org.xipki.common.ConfPairs)
PreparedStatement(java.sql.PreparedStatement)
CaStatus(org.xipki.ca.server.mgmt.api.CaStatus)
Date(java.util.Date)
X509Certificate(java.security.cert.X509Certificate)
CertRevocationInfo(org.xipki.security.CertRevocationInfo)
CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException)
X509CaUris(org.xipki.ca.server.mgmt.api.x509.X509CaUris)
ValidityMode(org.xipki.ca.server.mgmt.api.ValidityMode)
ResultSet(java.sql.ResultSet)
OperationException(org.xipki.ca.api.OperationException)
X509CaEntry(org.xipki.ca.server.mgmt.api.x509.X509CaEntry)
Aggregations
NameId (org.xipki.ca.api.NameId)43
CaMgmtException (org.xipki.ca.server.mgmt.api.CaMgmtException)31
PreparedStatement (java.sql.PreparedStatement)12
SQLException (java.sql.SQLException)12
ResultSet (java.sql.ResultSet)9
OperationException (org.xipki.ca.api.OperationException)9
CmdFailure (org.xipki.console.karaf.CmdFailure)9
BigInteger (java.math.BigInteger)8
DERPrintableString (org.bouncycastle.asn1.DERPrintableString)6
CaHasRequestorEntry (org.xipki.ca.server.mgmt.api.CaHasRequestorEntry)6
X509Certificate (java.security.cert.X509Certificate)5
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)5
CaHasUserEntry (org.xipki.ca.server.mgmt.api.CaHasUserEntry)5
X509CaEntry (org.xipki.ca.server.mgmt.api.x509.X509CaEntry)5
Date (java.util.Date)4
AtomicInteger (java.util.concurrent.atomic.AtomicInteger)4
CaStatus (org.xipki.ca.server.mgmt.api.CaStatus)4
X509CaUris (org.xipki.ca.server.mgmt.api.x509.X509CaUris)4
ConfPairs (org.xipki.common.ConfPairs)4
IllegalCmdParamException (org.xipki.console.karaf.IllegalCmdParamException)4
