Examples with X509CertWithDbId org.xipki.ca.api.X509CertWithDbId used on opensource projects

Example 1 with X509CertWithDbId

use of org.xipki.ca.api.X509CertWithDbId in project xipki by xipki.

the class RequestorEntryWrapper method setDbEntry.

public void setDbEntry(RequestorEntry dbEntry) {
    this.dbEntry = ParamUtil.requireNonNull("dbEntry", dbEntry);
    this.cert = new X509CertWithDbId(dbEntry.getCert());
}

Example 2 with X509CertWithDbId

use of org.xipki.ca.api.X509CertWithDbId in project xipki by xipki.

the class X509Ca method unrevokeCertificate0.

// method revokeSuspendedCert0
private X509CertWithDbId unrevokeCertificate0(BigInteger serialNumber, boolean force, AuditEvent event) throws OperationException {
    String hexSerial = LogUtil.formatCsn(serialNumber);
    event.addEventData(CaAuditConstants.NAME_serial, hexSerial);
    LOG.info("     START unrevokeCertificate: ca={}, serialNumber={}", caIdent, hexSerial);
    X509CertWithDbId unrevokedCert = certstore.unrevokeCertificate(caIdent, serialNumber, force, shouldPublishToDeltaCrlCache(), caIdNameMap);
    if (unrevokedCert == null) {
        return null;
    }
    for (IdentifiedX509CertPublisher publisher : publishers()) {
        if (!publisher.isAsyn()) {
            boolean successful;
            try {
                successful = publisher.certificateUnrevoked(caCert, unrevokedCert);
            } catch (RuntimeException ex) {
                successful = false;
                LogUtil.error(LOG, ex, "could not publish unrevocation of certificate to the publisher " + publisher.getIdent());
            }
            if (successful) {
                continue;
            }
        }
        // end if
        Long certId = unrevokedCert.getCertId();
        try {
            certstore.addToPublishQueue(publisher.getIdent(), certId.longValue(), caIdent);
        } catch (Throwable th) {
            LogUtil.error(LOG, th, "could not add entry to PublishQueue");
        }
    }
    // end for
    LOG.info("SUCCESSFUL unrevokeCertificate: ca={}, serialNumber={}, revocationResult=UNREVOKED", caIdent, hexSerial);
    return unrevokedCert;
}

Example 3 with X509CertWithDbId

use of org.xipki.ca.api.X509CertWithDbId in project xipki by xipki.

the class X509Ca method generateCertificates.

private List<X509CertificateInfo> generateCertificates(List<CertTemplateData> certTemplates, RequestorInfo requestor, boolean keyUpdate, RequestType reqType, byte[] transactionId, String msgId) throws OperationExceptionWithIndex {
    ParamUtil.requireNonEmpty("certTemplates", certTemplates);
    final int n = certTemplates.size();
    List<GrantedCertTemplate> gcts = new ArrayList<>(n);
    for (int i = 0; i < n; i++) {
        CertTemplateData certTemplate = certTemplates.get(i);
        try {
            GrantedCertTemplate gct = createGrantedCertTemplate(certTemplate, requestor, keyUpdate);
            gcts.add(gct);
        } catch (OperationException ex) {
            throw new OperationExceptionWithIndex(i, ex);
        }
    }
    List<X509CertificateInfo> certInfos = new ArrayList<>(n);
    OperationExceptionWithIndex exception = null;
    for (int i = 0; i < n; i++) {
        if (exception != null) {
            break;
        }
        GrantedCertTemplate gct = gcts.get(i);
        final NameId certprofilIdent = gct.certprofile.getIdent();
        final String subjectText = gct.grantedSubjectText;
        LOG.info("     START generateCertificate: CA={}, profile={}, subject='{}'", caIdent, certprofilIdent, subjectText);
        boolean successful = false;
        try {
            X509CertificateInfo certInfo = generateCertificate(gct, requestor, false, reqType, transactionId, msgId);
            successful = true;
            certInfos.add(certInfo);
            if (LOG.isInfoEnabled()) {
                String prefix = certInfo.isAlreadyIssued() ? "RETURN_OLD_CERT" : "SUCCESSFUL";
                X509CertWithDbId cert = certInfo.getCert();
                LOG.info("{} generateCertificate: CA={}, profile={}, subject='{}', serialNumber={}", prefix, caIdent, certprofilIdent, cert.getSubject(), LogUtil.formatCsn(cert.getCert().getSerialNumber()));
            }
        } catch (OperationException ex) {
            exception = new OperationExceptionWithIndex(i, ex);
        } catch (Throwable th) {
            exception = new OperationExceptionWithIndex(i, new OperationException(ErrorCode.SYSTEM_FAILURE, th));
        } finally {
            if (!successful) {
                LOG.warn("    FAILED generateCertificate: CA={}, profile={}, subject='{}'", caIdent, certprofilIdent, subjectText);
            }
        }
    }
    if (exception != null) {
        LOG.error("could not generate certificate for request[{}], reverted all generated" + " certificates", exception.getIndex());
        // delete generated certificates
        for (X509CertificateInfo m : certInfos) {
            BigInteger serial = m.getCert().getCert().getSerialNumber();
            try {
                removeCertificate(serial, msgId);
            } catch (Throwable thr) {
                LogUtil.error(LOG, thr, "could not delete certificate serial=" + serial);
            }
        }
        LogUtil.warn(LOG, exception);
        throw exception;
    }
    return certInfos;
}

Example 4 with X509CertWithDbId

use of org.xipki.ca.api.X509CertWithDbId in project xipki by xipki.

the class X509Ca method removeCertificate0.

// method removeCertificate
private X509CertWithDbId removeCertificate0(BigInteger serialNumber, AuditEvent event) throws OperationException {
    event.addEventData(CaAuditConstants.NAME_serial, LogUtil.formatCsn(serialNumber));
    X509CertWithRevocationInfo certWithRevInfo = certstore.getCertWithRevocationInfo(caIdent, serialNumber, caIdNameMap);
    if (certWithRevInfo == null) {
        return null;
    }
    boolean successful = true;
    X509CertWithDbId certToRemove = certWithRevInfo.getCert();
    for (IdentifiedX509CertPublisher publisher : publishers()) {
        boolean singleSuccessful;
        try {
            singleSuccessful = publisher.certificateRemoved(caCert, certToRemove);
        } catch (RuntimeException ex) {
            singleSuccessful = false;
            LogUtil.warn(LOG, ex, "could not remove certificate to the publisher " + publisher.getIdent());
        }
        if (singleSuccessful) {
            continue;
        }
        successful = false;
        X509Certificate cert = certToRemove.getCert();
        if (LOG.isErrorEnabled()) {
            LOG.error("removing certificate issuer='{}', serial={}, subject='{}' from publisher" + " {} failed.", X509Util.getRfc4519Name(cert.getIssuerX500Principal()), LogUtil.formatCsn(cert.getSerialNumber()), X509Util.getRfc4519Name(cert.getSubjectX500Principal()), publisher.getIdent());
        }
    }
    if (!successful) {
        return null;
    }
    certstore.removeCertificate(caIdent, serialNumber);
    return certToRemove;
}

Example 5 with X509CertWithDbId

use of org.xipki.ca.api.X509CertWithDbId in project xipki by xipki.

the class X509Ca method unrevokeCertificate.

// method revokeCertificate
public X509CertWithDbId unrevokeCertificate(BigInteger serialNumber, String msgId) throws OperationException {
    if (caInfo.isSelfSigned() && caInfo.getSerialNumber().equals(serialNumber)) {
        throw new OperationException(ErrorCode.NOT_PERMITTED, "insufficient permission unrevoke CA certificate");
    }
    AuditEvent event = newPerfAuditEvent(CaAuditConstants.TYPE_unrevoke_cert, msgId);
    boolean successful = true;
    try {
        X509CertWithDbId ret = unrevokeCertificate0(serialNumber, false, event);
        successful = true;
        return ret;
    } finally {
        finish(event, successful);
    }
}