use of org.xipki.ca.api.OperationException in project xipki by xipki.
the class ScepImpl method refreshCa.
private void refreshCa() throws OperationException {
try {
X509Ca ca = caManager.getX509Ca(caIdent);
X509Cert currentCaCert = ca.getCaInfo().getCert();
if (currentCaCert.equals(caCert)) {
return;
}
caCert = currentCaCert;
caCertRespBytes = new ScepCaCertRespBytes(currentCaCert.getCert(), responderCert);
} catch (CaMgmtException | CertificateException | CMSException ex) {
throw new OperationException(ErrorCode.SYSTEM_FAILURE, ex.getMessage());
}
}
use of org.xipki.ca.api.OperationException in project xipki by xipki.
the class CertStoreQueryExecutor method revokeSuspendedCert.
// method revokeCert
X509CertWithRevocationInfo revokeSuspendedCert(NameId ca, BigInteger serialNumber, CrlReason reason, boolean publishToDeltaCrlCache, CaIdNameMap idNameMap) throws OperationException, DataAccessException {
ParamUtil.requireNonNull("ca", ca);
ParamUtil.requireNonNull("serialNumber", serialNumber);
ParamUtil.requireNonNull("reason", reason);
X509CertWithRevocationInfo certWithRevInfo = getCertWithRevocationInfo(ca, serialNumber, idNameMap);
if (certWithRevInfo == null) {
LOG.warn("certificate with CA={} and serialNumber={} does not exist", ca.getName(), LogUtil.formatCsn(serialNumber));
return null;
}
CertRevocationInfo currentRevInfo = certWithRevInfo.getRevInfo();
if (currentRevInfo == null) {
throw new OperationException(ErrorCode.CERT_UNREVOKED, "certificate is not revoked");
}
CrlReason currentReason = currentRevInfo.getReason();
if (currentReason != CrlReason.CERTIFICATE_HOLD) {
throw new OperationException(ErrorCode.CERT_REVOKED, "certificate is revoked but not with reason " + CrlReason.CERTIFICATE_HOLD.getDescription());
}
long certId = certWithRevInfo.getCert().getCertId().longValue();
PreparedStatement ps = borrowPreparedStatement(SQLs.SQL_REVOKE_SUSPENDED_CERT);
try {
int idx = 1;
ps.setLong(idx++, System.currentTimeMillis() / 1000);
ps.setInt(idx++, reason.getCode());
ps.setLong(idx++, certId);
int count = ps.executeUpdate();
if (count != 1) {
String message = (count > 1) ? count + " rows modified, but exactly one is expected" : "no row is modified, but exactly one is expected";
throw new OperationException(ErrorCode.SYSTEM_FAILURE, message);
}
} catch (SQLException ex) {
throw datasource.translate(SQLs.SQL_REVOKE_CERT, ex);
} finally {
releaseDbResources(ps, null);
}
if (publishToDeltaCrlCache) {
publishToDeltaCrlCache(ca, certWithRevInfo.getCert().getCert().getSerialNumber());
}
currentRevInfo.setReason(reason);
return certWithRevInfo;
}
use of org.xipki.ca.api.OperationException in project xipki by xipki.
the class CertStoreQueryExecutor method listCertificates.
List<CertListInfo> listCertificates(NameId ca, X500Name subjectPattern, Date validFrom, Date validTo, CertListOrderBy orderBy, int numEntries) throws DataAccessException, OperationException {
ParamUtil.requireNonNull("ca", ca);
ParamUtil.requireMin("numEntries", numEntries, 1);
StringBuilder sb = new StringBuilder(200);
sb.append("SN,NBEFORE,NAFTER,SUBJECT FROM CERT WHERE CA_ID=?");
// .append(caId)
Integer idxNotBefore = null;
Integer idxNotAfter = null;
Integer idxSubject = null;
int idx = 2;
if (validFrom != null) {
idxNotBefore = idx++;
sb.append(" AND NBEFORE<?");
}
if (validTo != null) {
idxNotAfter = idx++;
sb.append(" AND NAFTER>?");
}
String subjectLike = null;
if (subjectPattern != null) {
idxSubject = idx++;
sb.append(" AND SUBJECT LIKE ?");
StringBuilder buffer = new StringBuilder(100);
buffer.append("%");
RDN[] rdns = subjectPattern.getRDNs();
for (int i = 0; i < rdns.length; i++) {
X500Name rdnName = new X500Name(new RDN[] { rdns[i] });
String rdnStr = X509Util.getRfc4519Name(rdnName);
if (rdnStr.indexOf('%') != -1) {
throw new OperationException(ErrorCode.BAD_REQUEST, "the character '%' is not allowed in subjectPattern");
}
if (rdnStr.indexOf('*') != -1) {
rdnStr = rdnStr.replace('*', '%');
}
buffer.append(rdnStr);
buffer.append("%");
}
subjectLike = buffer.toString();
}
String sortByStr = null;
if (orderBy != null) {
switch(orderBy) {
case NOT_BEFORE:
sortByStr = "NBEFORE";
break;
case NOT_BEFORE_DESC:
sortByStr = "NBEFORE DESC";
break;
case NOT_AFTER:
sortByStr = "NAFTER";
break;
case NOT_AFTER_DESC:
sortByStr = "NAFTER DESC";
break;
case SUBJECT:
sortByStr = "SUBJECT";
break;
case SUBJECT_DESC:
sortByStr = "SUBJECT DESC";
break;
default:
throw new RuntimeException("unknown CertListOrderBy " + orderBy);
}
}
final String sql = datasource.buildSelectFirstSql(numEntries, sortByStr, sb.toString());
ResultSet rs = null;
PreparedStatement ps = borrowPreparedStatement(sql);
try {
ps.setInt(1, ca.getId());
if (idxNotBefore != null) {
long time = validFrom.getTime() / 1000;
ps.setLong(idxNotBefore, time - 1);
}
if (idxNotAfter != null) {
long time = validTo.getTime() / 1000;
ps.setLong(idxNotAfter, time);
}
if (idxSubject != null) {
ps.setString(idxSubject, subjectLike);
}
rs = ps.executeQuery();
List<CertListInfo> ret = new LinkedList<>();
while (rs.next()) {
String snStr = rs.getString("SN");
BigInteger sn = new BigInteger(snStr, 16);
Date notBefore = new Date(rs.getLong("NBEFORE") * 1000);
Date notAfter = new Date(rs.getLong("NAFTER") * 1000);
String subject = rs.getString("SUBJECT");
CertListInfo info = new CertListInfo(sn, subject, notBefore, notAfter);
ret.add(info);
}
return ret;
} catch (SQLException ex) {
throw datasource.translate(sql, ex);
} finally {
releaseDbResources(ps, rs);
}
}
use of org.xipki.ca.api.OperationException in project xipki by xipki.
the class CertStoreQueryExecutor method getLatestSerialNumber.
// method isHealthy
String getLatestSerialNumber(X500Name nameWithSn) throws OperationException {
RDN[] rdns1 = nameWithSn.getRDNs();
RDN[] rdns2 = new RDN[rdns1.length];
for (int i = 0; i < rdns1.length; i++) {
RDN rdn = rdns1[i];
rdns2[i] = rdn.getFirst().getType().equals(ObjectIdentifiers.DN_SERIALNUMBER) ? new RDN(ObjectIdentifiers.DN_SERIALNUMBER, new DERPrintableString("%")) : rdn;
}
String namePattern = X509Util.getRfc4519Name(new X500Name(rdns2));
final String sql = sqls.sqlLatestSerialForSubjectLike;
ResultSet rs = null;
PreparedStatement ps;
try {
ps = borrowPreparedStatement(sql);
} catch (DataAccessException ex) {
throw new OperationException(ErrorCode.DATABASE_FAILURE, ex.getMessage());
}
String subjectStr;
try {
ps.setString(1, namePattern);
rs = ps.executeQuery();
if (!rs.next()) {
return null;
}
subjectStr = rs.getString("SUBJECT");
} catch (SQLException ex) {
throw new OperationException(ErrorCode.DATABASE_FAILURE, ex.getMessage());
} finally {
releaseDbResources(ps, rs);
}
X500Name lastName = new X500Name(subjectStr);
RDN[] rdns = lastName.getRDNs(ObjectIdentifiers.DN_SERIALNUMBER);
if (rdns == null || rdns.length == 0) {
return null;
}
return X509Util.rdnValueToString(rdns[0].getFirst().getValue());
}
use of org.xipki.ca.api.OperationException in project xipki by xipki.
the class CertStoreQueryExecutor method removeCertificate.
void removeCertificate(NameId ca, BigInteger serialNumber) throws OperationException, DataAccessException {
ParamUtil.requireNonNull("ca", ca);
ParamUtil.requireNonNull("serialNumber", serialNumber);
final String sql = SQLs.SQL_REMOVE_CERT;
PreparedStatement ps = borrowPreparedStatement(sql);
try {
ps.setInt(1, ca.getId());
ps.setString(2, serialNumber.toString(16));
int count = ps.executeUpdate();
if (count != 1) {
String message = (count > 1) ? count + " rows modified, but exactly one is expected" : "no row is modified, but exactly one is expected";
throw new OperationException(ErrorCode.SYSTEM_FAILURE, message);
}
} catch (SQLException ex) {
throw datasource.translate(sql, ex);
} finally {
releaseDbResources(ps, null);
}
}
Aggregations