Search in sources :

Example 26 with OperationException

use of org.xipki.ca.api.OperationException in project xipki by xipki.

the class ScepImpl method refreshCa.

private void refreshCa() throws OperationException {
    try {
        X509Ca ca = caManager.getX509Ca(caIdent);
        X509Cert currentCaCert = ca.getCaInfo().getCert();
        if (currentCaCert.equals(caCert)) {
            return;
        }
        caCert = currentCaCert;
        caCertRespBytes = new ScepCaCertRespBytes(currentCaCert.getCert(), responderCert);
    } catch (CaMgmtException | CertificateException | CMSException ex) {
        throw new OperationException(ErrorCode.SYSTEM_FAILURE, ex.getMessage());
    }
}
Also used : ScepCaCertRespBytes(org.xipki.ca.server.api.ScepCaCertRespBytes) CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException) X509Cert(org.xipki.security.X509Cert) X509Ca(org.xipki.ca.server.impl.X509Ca) CertificateException(java.security.cert.CertificateException) OperationException(org.xipki.ca.api.OperationException) CMSException(org.bouncycastle.cms.CMSException)

Example 27 with OperationException

use of org.xipki.ca.api.OperationException in project xipki by xipki.

the class CertStoreQueryExecutor method revokeSuspendedCert.

// method revokeCert
X509CertWithRevocationInfo revokeSuspendedCert(NameId ca, BigInteger serialNumber, CrlReason reason, boolean publishToDeltaCrlCache, CaIdNameMap idNameMap) throws OperationException, DataAccessException {
    ParamUtil.requireNonNull("ca", ca);
    ParamUtil.requireNonNull("serialNumber", serialNumber);
    ParamUtil.requireNonNull("reason", reason);
    X509CertWithRevocationInfo certWithRevInfo = getCertWithRevocationInfo(ca, serialNumber, idNameMap);
    if (certWithRevInfo == null) {
        LOG.warn("certificate with CA={} and serialNumber={} does not exist", ca.getName(), LogUtil.formatCsn(serialNumber));
        return null;
    }
    CertRevocationInfo currentRevInfo = certWithRevInfo.getRevInfo();
    if (currentRevInfo == null) {
        throw new OperationException(ErrorCode.CERT_UNREVOKED, "certificate is not revoked");
    }
    CrlReason currentReason = currentRevInfo.getReason();
    if (currentReason != CrlReason.CERTIFICATE_HOLD) {
        throw new OperationException(ErrorCode.CERT_REVOKED, "certificate is revoked but not with reason " + CrlReason.CERTIFICATE_HOLD.getDescription());
    }
    long certId = certWithRevInfo.getCert().getCertId().longValue();
    PreparedStatement ps = borrowPreparedStatement(SQLs.SQL_REVOKE_SUSPENDED_CERT);
    try {
        int idx = 1;
        ps.setLong(idx++, System.currentTimeMillis() / 1000);
        ps.setInt(idx++, reason.getCode());
        ps.setLong(idx++, certId);
        int count = ps.executeUpdate();
        if (count != 1) {
            String message = (count > 1) ? count + " rows modified, but exactly one is expected" : "no row is modified, but exactly one is expected";
            throw new OperationException(ErrorCode.SYSTEM_FAILURE, message);
        }
    } catch (SQLException ex) {
        throw datasource.translate(SQLs.SQL_REVOKE_CERT, ex);
    } finally {
        releaseDbResources(ps, null);
    }
    if (publishToDeltaCrlCache) {
        publishToDeltaCrlCache(ca, certWithRevInfo.getCert().getCert().getSerialNumber());
    }
    currentRevInfo.setReason(reason);
    return certWithRevInfo;
}
Also used : CertRevocationInfo(org.xipki.security.CertRevocationInfo) SQLException(java.sql.SQLException) PreparedStatement(java.sql.PreparedStatement) CrlReason(org.xipki.security.CrlReason) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DEROctetString(org.bouncycastle.asn1.DEROctetString) OperationException(org.xipki.ca.api.OperationException)

Example 28 with OperationException

use of org.xipki.ca.api.OperationException in project xipki by xipki.

the class CertStoreQueryExecutor method listCertificates.

List<CertListInfo> listCertificates(NameId ca, X500Name subjectPattern, Date validFrom, Date validTo, CertListOrderBy orderBy, int numEntries) throws DataAccessException, OperationException {
    ParamUtil.requireNonNull("ca", ca);
    ParamUtil.requireMin("numEntries", numEntries, 1);
    StringBuilder sb = new StringBuilder(200);
    sb.append("SN,NBEFORE,NAFTER,SUBJECT FROM CERT WHERE CA_ID=?");
    // .append(caId)
    Integer idxNotBefore = null;
    Integer idxNotAfter = null;
    Integer idxSubject = null;
    int idx = 2;
    if (validFrom != null) {
        idxNotBefore = idx++;
        sb.append(" AND NBEFORE<?");
    }
    if (validTo != null) {
        idxNotAfter = idx++;
        sb.append(" AND NAFTER>?");
    }
    String subjectLike = null;
    if (subjectPattern != null) {
        idxSubject = idx++;
        sb.append(" AND SUBJECT LIKE ?");
        StringBuilder buffer = new StringBuilder(100);
        buffer.append("%");
        RDN[] rdns = subjectPattern.getRDNs();
        for (int i = 0; i < rdns.length; i++) {
            X500Name rdnName = new X500Name(new RDN[] { rdns[i] });
            String rdnStr = X509Util.getRfc4519Name(rdnName);
            if (rdnStr.indexOf('%') != -1) {
                throw new OperationException(ErrorCode.BAD_REQUEST, "the character '%' is not allowed in subjectPattern");
            }
            if (rdnStr.indexOf('*') != -1) {
                rdnStr = rdnStr.replace('*', '%');
            }
            buffer.append(rdnStr);
            buffer.append("%");
        }
        subjectLike = buffer.toString();
    }
    String sortByStr = null;
    if (orderBy != null) {
        switch(orderBy) {
            case NOT_BEFORE:
                sortByStr = "NBEFORE";
                break;
            case NOT_BEFORE_DESC:
                sortByStr = "NBEFORE DESC";
                break;
            case NOT_AFTER:
                sortByStr = "NAFTER";
                break;
            case NOT_AFTER_DESC:
                sortByStr = "NAFTER DESC";
                break;
            case SUBJECT:
                sortByStr = "SUBJECT";
                break;
            case SUBJECT_DESC:
                sortByStr = "SUBJECT DESC";
                break;
            default:
                throw new RuntimeException("unknown CertListOrderBy " + orderBy);
        }
    }
    final String sql = datasource.buildSelectFirstSql(numEntries, sortByStr, sb.toString());
    ResultSet rs = null;
    PreparedStatement ps = borrowPreparedStatement(sql);
    try {
        ps.setInt(1, ca.getId());
        if (idxNotBefore != null) {
            long time = validFrom.getTime() / 1000;
            ps.setLong(idxNotBefore, time - 1);
        }
        if (idxNotAfter != null) {
            long time = validTo.getTime() / 1000;
            ps.setLong(idxNotAfter, time);
        }
        if (idxSubject != null) {
            ps.setString(idxSubject, subjectLike);
        }
        rs = ps.executeQuery();
        List<CertListInfo> ret = new LinkedList<>();
        while (rs.next()) {
            String snStr = rs.getString("SN");
            BigInteger sn = new BigInteger(snStr, 16);
            Date notBefore = new Date(rs.getLong("NBEFORE") * 1000);
            Date notAfter = new Date(rs.getLong("NAFTER") * 1000);
            String subject = rs.getString("SUBJECT");
            CertListInfo info = new CertListInfo(sn, subject, notBefore, notAfter);
            ret.add(info);
        }
        return ret;
    } catch (SQLException ex) {
        throw datasource.translate(sql, ex);
    } finally {
        releaseDbResources(ps, rs);
    }
}
Also used : SQLException(java.sql.SQLException) CertListInfo(org.xipki.ca.server.mgmt.api.CertListInfo) PreparedStatement(java.sql.PreparedStatement) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DEROctetString(org.bouncycastle.asn1.DEROctetString) X500Name(org.bouncycastle.asn1.x500.X500Name) LinkedList(java.util.LinkedList) Date(java.util.Date) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) BigInteger(java.math.BigInteger) ResultSet(java.sql.ResultSet) BigInteger(java.math.BigInteger) RDN(org.bouncycastle.asn1.x500.RDN) OperationException(org.xipki.ca.api.OperationException)

Example 29 with OperationException

use of org.xipki.ca.api.OperationException in project xipki by xipki.

the class CertStoreQueryExecutor method getLatestSerialNumber.

// method isHealthy
String getLatestSerialNumber(X500Name nameWithSn) throws OperationException {
    RDN[] rdns1 = nameWithSn.getRDNs();
    RDN[] rdns2 = new RDN[rdns1.length];
    for (int i = 0; i < rdns1.length; i++) {
        RDN rdn = rdns1[i];
        rdns2[i] = rdn.getFirst().getType().equals(ObjectIdentifiers.DN_SERIALNUMBER) ? new RDN(ObjectIdentifiers.DN_SERIALNUMBER, new DERPrintableString("%")) : rdn;
    }
    String namePattern = X509Util.getRfc4519Name(new X500Name(rdns2));
    final String sql = sqls.sqlLatestSerialForSubjectLike;
    ResultSet rs = null;
    PreparedStatement ps;
    try {
        ps = borrowPreparedStatement(sql);
    } catch (DataAccessException ex) {
        throw new OperationException(ErrorCode.DATABASE_FAILURE, ex.getMessage());
    }
    String subjectStr;
    try {
        ps.setString(1, namePattern);
        rs = ps.executeQuery();
        if (!rs.next()) {
            return null;
        }
        subjectStr = rs.getString("SUBJECT");
    } catch (SQLException ex) {
        throw new OperationException(ErrorCode.DATABASE_FAILURE, ex.getMessage());
    } finally {
        releaseDbResources(ps, rs);
    }
    X500Name lastName = new X500Name(subjectStr);
    RDN[] rdns = lastName.getRDNs(ObjectIdentifiers.DN_SERIALNUMBER);
    if (rdns == null || rdns.length == 0) {
        return null;
    }
    return X509Util.rdnValueToString(rdns[0].getFirst().getValue());
}
Also used : SQLException(java.sql.SQLException) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) ResultSet(java.sql.ResultSet) PreparedStatement(java.sql.PreparedStatement) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DEROctetString(org.bouncycastle.asn1.DEROctetString) X500Name(org.bouncycastle.asn1.x500.X500Name) RDN(org.bouncycastle.asn1.x500.RDN) DataAccessException(org.xipki.datasource.DataAccessException) OperationException(org.xipki.ca.api.OperationException)

Example 30 with OperationException

use of org.xipki.ca.api.OperationException in project xipki by xipki.

the class CertStoreQueryExecutor method removeCertificate.

void removeCertificate(NameId ca, BigInteger serialNumber) throws OperationException, DataAccessException {
    ParamUtil.requireNonNull("ca", ca);
    ParamUtil.requireNonNull("serialNumber", serialNumber);
    final String sql = SQLs.SQL_REMOVE_CERT;
    PreparedStatement ps = borrowPreparedStatement(sql);
    try {
        ps.setInt(1, ca.getId());
        ps.setString(2, serialNumber.toString(16));
        int count = ps.executeUpdate();
        if (count != 1) {
            String message = (count > 1) ? count + " rows modified, but exactly one is expected" : "no row is modified, but exactly one is expected";
            throw new OperationException(ErrorCode.SYSTEM_FAILURE, message);
        }
    } catch (SQLException ex) {
        throw datasource.translate(sql, ex);
    } finally {
        releaseDbResources(ps, null);
    }
}
Also used : SQLException(java.sql.SQLException) PreparedStatement(java.sql.PreparedStatement) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DEROctetString(org.bouncycastle.asn1.DEROctetString) OperationException(org.xipki.ca.api.OperationException)

Aggregations

OperationException (org.xipki.ca.api.OperationException)70 DERPrintableString (org.bouncycastle.asn1.DERPrintableString)20 CaMgmtException (org.xipki.ca.server.mgmt.api.CaMgmtException)19 Date (java.util.Date)16 BigInteger (java.math.BigInteger)15 X509Certificate (java.security.cert.X509Certificate)15 CertificateException (java.security.cert.CertificateException)13 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)13 X509Ca (org.xipki.ca.server.impl.X509Ca)13 PreparedStatement (java.sql.PreparedStatement)12 SQLException (java.sql.SQLException)12 IOException (java.io.IOException)11 X509CertificateInfo (org.xipki.ca.api.publisher.x509.X509CertificateInfo)11 DEROctetString (org.bouncycastle.asn1.DEROctetString)10 X500Name (org.bouncycastle.asn1.x500.X500Name)10 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)10 IssuingDistributionPoint (org.bouncycastle.asn1.x509.IssuingDistributionPoint)10 CrlReason (org.xipki.security.CrlReason)10 AuditEvent (org.xipki.audit.AuditEvent)9 NameId (org.xipki.ca.api.NameId)9