use of org.xipki.ca.api.NameId in project xipki by xipki.
the class CaManagerQueryExecutor method addRequestorToCa.
void addRequestorToCa(CaHasRequestorEntry requestor, NameId ca) throws CaMgmtException {
ParamUtil.requireNonNull("requestor", requestor);
ParamUtil.requireNonNull("ca", ca);
final NameId requestorIdent = requestor.getRequestorIdent();
PreparedStatement ps = null;
final String sql = "INSERT INTO CA_HAS_REQUESTOR (CA_ID,REQUESTOR_ID,RA, PERMISSION,PROFILES)" + " VALUES (?,?,?,?,?)";
try {
ps = prepareStatement(sql);
int idx = 1;
ps.setInt(idx++, ca.getId());
ps.setInt(idx++, requestorIdent.getId());
boolean ra = requestor.isRa();
setBoolean(ps, idx++, ra);
int permission = requestor.getPermission();
ps.setInt(idx++, permission);
String profilesText = StringUtil.collectionAsStringByComma(requestor.getProfiles());
ps.setString(idx++, profilesText);
if (ps.executeUpdate() == 0) {
throw new CaMgmtException("could not add requestor " + requestorIdent + " to CA " + ca);
}
LOG.info("added requestor '{}' to CA '{}': ra: {}; permission: {}; profile: {}", requestorIdent, ca, ra, permission, profilesText);
} catch (SQLException ex) {
throw new CaMgmtException(datasource, sql, ex);
} finally {
datasource.releaseResources(ps, null);
}
}
use of org.xipki.ca.api.NameId in project xipki by xipki.
the class X509Ca method republishCertificates.
// method publishCertificate0
public boolean republishCertificates(List<String> publisherNames, int numThreads) {
List<IdentifiedX509CertPublisher> publishers;
if (publisherNames == null) {
publishers = publishers();
} else {
publishers = new ArrayList<>(publisherNames.size());
for (String publisherName : publisherNames) {
IdentifiedX509CertPublisher publisher = null;
for (IdentifiedX509CertPublisher p : publishers()) {
if (p.getIdent().getName().equals(publisherName)) {
publisher = p;
break;
}
}
if (publisher == null) {
throw new IllegalArgumentException("could not find publisher " + publisherName + " for CA " + caIdent);
}
publishers.add(publisher);
}
}
if (CollectionUtil.isEmpty(publishers)) {
return true;
}
CaStatus status = caInfo.getStatus();
caInfo.setStatus(CaStatus.INACTIVE);
boolean onlyRevokedCerts = true;
for (IdentifiedX509CertPublisher publisher : publishers) {
if (publisher.publishsGoodCert()) {
onlyRevokedCerts = false;
}
NameId publisherIdent = publisher.getIdent();
try {
LOG.info("clearing PublishQueue for publisher {}", publisherIdent);
certstore.clearPublishQueue(caIdent, publisherIdent);
LOG.info(" cleared PublishQueue for publisher {}", publisherIdent);
} catch (OperationException ex) {
LogUtil.error(LOG, ex, "could not clear PublishQueue for publisher");
}
}
try {
for (IdentifiedX509CertPublisher publisher : publishers) {
boolean successful = publisher.caAdded(caCert);
if (!successful) {
LOG.error("republish CA certificate {} to publisher {} failed", caIdent, publisher.getIdent());
return false;
}
}
if (caInfo.getRevocationInfo() != null) {
for (IdentifiedX509CertPublisher publisher : publishers) {
boolean successful = publisher.caRevoked(caCert, caInfo.getRevocationInfo());
if (!successful) {
LOG.error("republishing CA revocation to publisher {} failed", publisher.getIdent());
return false;
}
}
}
// end if
CertRepublisher republisher = new CertRepublisher(caIdent, caCert, caIdNameMap, certstore, publishers, onlyRevokedCerts, numThreads);
return republisher.republish();
} finally {
caInfo.setStatus(status);
}
}
use of org.xipki.ca.api.NameId in project xipki by xipki.
the class X509Ca method revokeCa.
// method shouldPublishToDeltaCrlCache
public void revokeCa(CertRevocationInfo revocationInfo, String msgId) throws OperationException {
ParamUtil.requireNonNull("revocationInfo", revocationInfo);
caInfo.setRevocationInfo(revocationInfo);
if (caInfo.isSelfSigned()) {
AuditEvent event = newPerfAuditEvent(CaAuditConstants.TYPE_revoke_cert, msgId);
boolean successful = true;
try {
X509CertWithRevocationInfo ret = revokeCertificate0(caInfo.getSerialNumber(), revocationInfo.getReason(), revocationInfo.getInvalidityTime(), true, event);
successful = (ret != null);
} finally {
finish(event, successful);
}
}
boolean failed = false;
for (IdentifiedX509CertPublisher publisher : publishers()) {
NameId ident = publisher.getIdent();
boolean successful = publisher.caRevoked(caCert, revocationInfo);
if (successful) {
LOG.info("published event caRevoked of CA {} to publisher {}", caIdent, ident);
} else {
failed = true;
LOG.error("could not publish event caRevoked of CA {} to publisher {}", caIdent, ident);
}
}
if (failed) {
final String message = "could not event caRevoked of CA " + caIdent + " to at least one publisher";
throw new OperationException(ErrorCode.SYSTEM_FAILURE, message);
}
}
use of org.xipki.ca.api.NameId in project xipki by xipki.
the class CaManagerImpl method changeCa.
@Override
public void changeCa(ChangeCaEntry entry) throws CaMgmtException {
ParamUtil.requireNonNull("entry", entry);
asssertMasterMode();
String name = entry.getIdent().getName();
NameId ident = idNameMap.getCa(name);
if (ident == null) {
throw new CaMgmtException("Unknown CA " + name);
}
entry.getIdent().setId(ident.getId());
queryExecutor.changeCa(entry, securityFactory);
if (!createCa(name)) {
LOG.error("could not create CA {}", name);
} else {
X509CaInfo caInfo = caInfos.get(name);
if (CaStatus.ACTIVE != caInfo.getCaEntry().getStatus()) {
return;
}
if (startCa(name)) {
LOG.info("started CA {}", name);
} else {
LOG.error("could not start CA {}", name);
}
}
}
use of org.xipki.ca.api.NameId in project xipki by xipki.
the class CaManagerImpl method addRequestorToCa.
// method removeRequestorFromCa
@Override
public void addRequestorToCa(CaHasRequestorEntry requestor, String caName) throws CaMgmtException {
ParamUtil.requireNonNull("requestor", requestor);
caName = ParamUtil.requireNonBlank("caName", caName).toLowerCase();
asssertMasterMode();
NameId requestorIdent = requestor.getRequestorIdent();
NameId ident = idNameMap.getRequestor(requestorIdent.getName());
if (ident == null) {
String msg = concat("unknown requestor ", requestorIdent.getName());
LOG.warn(msg);
throw new CaMgmtException(msg);
}
NameId caIdent = idNameMap.getCa(caName);
if (caIdent == null) {
String msg = concat("unknown CA ", caName);
LOG.warn(msg);
throw new CaMgmtException(msg);
}
// Set the ID of requestor
requestorIdent.setId(ident.getId());
Set<CaHasRequestorEntry> cmpRequestors = caHasRequestors.get(caName);
if (cmpRequestors == null) {
cmpRequestors = new HashSet<>();
caHasRequestors.put(caName, cmpRequestors);
} else {
for (CaHasRequestorEntry entry : cmpRequestors) {
String requestorName = requestorIdent.getName();
if (entry.getRequestorIdent().getName().equals(requestorName)) {
String msg = concat("Requestor ", requestorName, " already associated with CA ", caName);
LOG.warn(msg);
throw new CaMgmtException(msg);
}
}
}
cmpRequestors.add(requestor);
queryExecutor.addRequestorToCa(requestor, caIdent);
caHasRequestors.get(caName).add(requestor);
}
Aggregations