Example 11 with X509CertWithDbId
use of org.xipki.ca.api.X509CertWithDbId in project xipki by xipki.
the class X509CaCmpResponderImpl method removeCert.
public void removeCert(CmpRequestorInfo requestor, BigInteger serialNumber, RequestType reqType, String msgId) throws OperationException {
ParamUtil.requireNonNull("requestor", requestor);
try {
checkPermission(requestor, PermissionConstants.REMOVE_CERT);
} catch (InsuffientPermissionException ex) {
throw new OperationException(ErrorCode.NOT_PERMITTED, ex.getMessage());
}
X509Ca ca = getCa();
X509CertWithDbId returnedObj = ca.removeCertificate(serialNumber, msgId);
if (returnedObj == null) {
throw new OperationException(ErrorCode.UNKNOWN_CERT, "cert not exists");
}
}
Also used :
X509Ca(org.xipki.ca.server.impl.X509Ca)
InsuffientPermissionException(org.xipki.ca.api.InsuffientPermissionException)
X509CertWithDbId(org.xipki.ca.api.X509CertWithDbId)
OperationException(org.xipki.ca.api.OperationException)
Example 12 with X509CertWithDbId
use of org.xipki.ca.api.X509CertWithDbId in project xipki by xipki.
the class X509Ca method removeCertificate.
// method unrevokeCertificate
public X509CertWithDbId removeCertificate(BigInteger serialNumber, String msgId) throws OperationException {
if (caInfo.isSelfSigned() && caInfo.getSerialNumber().equals(serialNumber)) {
throw new OperationException(ErrorCode.NOT_PERMITTED, "insufficient permission remove CA certificate");
}
AuditEvent event = newPerfAuditEvent(CaAuditConstants.TYPE_remove_cert, msgId);
boolean successful = true;
try {
X509CertWithDbId ret = removeCertificate0(serialNumber, event);
successful = (ret != null);
return ret;
} finally {
finish(event, successful);
}
}
Also used :
AuditEvent(org.xipki.audit.AuditEvent)
X509CertWithDbId(org.xipki.ca.api.X509CertWithDbId)
OperationException(org.xipki.ca.api.OperationException)
Example 13 with X509CertWithDbId
use of org.xipki.ca.api.X509CertWithDbId in project xipki by xipki.
the class CertStoreQueryExecutor method getCertForId.
// method getCertForId
X509CertWithDbId getCertForId(long certId) throws DataAccessException, OperationException {
final String sql = sqls.sqlRawCertForId;
String b64Cert;
ResultSet rs = null;
PreparedStatement ps = borrowPreparedStatement(sql);
try {
ps.setLong(1, certId);
rs = ps.executeQuery();
if (!rs.next()) {
return null;
}
b64Cert = rs.getString("CERT");
} catch (SQLException ex) {
throw datasource.translate(sql, ex);
} finally {
releaseDbResources(ps, rs);
}
if (b64Cert == null) {
return null;
}
byte[] encodedCert = Base64.decodeFast(b64Cert);
X509Certificate cert;
try {
cert = X509Util.parseCert(encodedCert);
} catch (CertificateException ex) {
throw new OperationException(ErrorCode.SYSTEM_FAILURE, ex);
}
return new X509CertWithDbId(cert, encodedCert);
}
Also used :
SQLException(java.sql.SQLException)
ResultSet(java.sql.ResultSet)
PreparedStatement(java.sql.PreparedStatement)
CertificateException(java.security.cert.CertificateException)
X509CertWithDbId(org.xipki.ca.api.X509CertWithDbId)
DERPrintableString(org.bouncycastle.asn1.DERPrintableString)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
X509Certificate(java.security.cert.X509Certificate)
OperationException(org.xipki.ca.api.OperationException)
Example 14 with X509CertWithDbId
use of org.xipki.ca.api.X509CertWithDbId in project xipki by xipki.
the class CertStoreQueryExecutor method getCertificateInfo.
// method getCertWithRevocationInfo
X509CertificateInfo getCertificateInfo(NameId ca, X509Cert caCert, BigInteger serial, CaIdNameMap idNameMap) throws DataAccessException, OperationException, CertificateException {
ParamUtil.requireNonNull("ca", ca);
ParamUtil.requireNonNull("caCert", caCert);
ParamUtil.requireNonNull("idNameMap", idNameMap);
ParamUtil.requireNonNull("serial", serial);
final String sql = sqls.sqlCertInfo;
String b64Cert;
boolean revoked;
int revReason = 0;
long revTime = 0;
long revInvTime = 0;
int certprofileId;
int requestorId;
ResultSet rs = null;
PreparedStatement ps = borrowPreparedStatement(sql);
try {
int idx = 1;
ps.setInt(idx++, ca.getId());
ps.setString(idx++, serial.toString(16));
rs = ps.executeQuery();
if (!rs.next()) {
return null;
}
b64Cert = rs.getString("CERT");
certprofileId = rs.getInt("PID");
requestorId = rs.getInt("RID");
revoked = rs.getBoolean("REV");
if (revoked) {
revReason = rs.getInt("RR");
revTime = rs.getLong("RT");
revInvTime = rs.getLong("RIT");
}
} catch (SQLException ex) {
throw datasource.translate(sql, ex);
} finally {
releaseDbResources(ps, rs);
}
try {
byte[] encodedCert = Base64.decodeFast(b64Cert);
X509Certificate cert = X509Util.parseCert(encodedCert);
X509CertWithDbId certWithMeta = new X509CertWithDbId(cert, encodedCert);
byte[] subjectPublicKeyInfo = Certificate.getInstance(encodedCert).getTBSCertificate().getSubjectPublicKeyInfo().getEncoded();
X509CertificateInfo certInfo = new X509CertificateInfo(certWithMeta, ca, caCert, subjectPublicKeyInfo, idNameMap.getCertprofile(certprofileId), idNameMap.getRequestor(requestorId));
if (!revoked) {
return certInfo;
}
Date invalidityTime = (revInvTime == 0) ? null : new Date(revInvTime * 1000);
CertRevocationInfo revInfo = new CertRevocationInfo(revReason, new Date(revTime * 1000), invalidityTime);
certInfo.setRevocationInfo(revInfo);
return certInfo;
} catch (IOException ex) {
LOG.warn("getCertificateInfo()", ex);
throw new OperationException(ErrorCode.SYSTEM_FAILURE, ex);
}
}
Also used :
SQLException(java.sql.SQLException)
PreparedStatement(java.sql.PreparedStatement)
X509CertWithDbId(org.xipki.ca.api.X509CertWithDbId)
X509CertificateInfo(org.xipki.ca.api.publisher.x509.X509CertificateInfo)
DERPrintableString(org.bouncycastle.asn1.DERPrintableString)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
IOException(java.io.IOException)
X509Certificate(java.security.cert.X509Certificate)
Date(java.util.Date)
CertRevocationInfo(org.xipki.security.CertRevocationInfo)
ResultSet(java.sql.ResultSet)
OperationException(org.xipki.ca.api.OperationException)
Example 15 with X509CertWithDbId
use of org.xipki.ca.api.X509CertWithDbId in project xipki by xipki.
the class CertStoreQueryExecutor method getCertificate.
// method getCertProfileForSerial
/**
* TODO.
* @param subjectName Subject of Certificate or requested Subject.
* @param transactionId will only be considered if there are more than one certificate
* matches the subject.
*/
List<X509Certificate> getCertificate(X500Name subjectName, byte[] transactionId) throws DataAccessException, OperationException {
final String sql = (transactionId != null) ? "SELECT ID FROM CERT WHERE TID=? AND (FP_S=? OR FP_RS=?)" : "SELECT ID FROM CERT WHERE FP_S=? OR FP_RS=?";
long fpSubject = X509Util.fpCanonicalizedName(subjectName);
List<Long> certIds = new LinkedList<Long>();
ResultSet rs = null;
PreparedStatement ps = borrowPreparedStatement(sql);
try {
int idx = 1;
if (transactionId != null) {
ps.setString(idx++, Base64.encodeToString(transactionId));
}
ps.setLong(idx++, fpSubject);
ps.setLong(idx++, fpSubject);
rs = ps.executeQuery();
while (rs.next()) {
long id = rs.getLong("ID");
certIds.add(id);
}
} catch (SQLException ex) {
throw datasource.translate(sql, ex);
} finally {
releaseDbResources(ps, rs);
}
if (CollectionUtil.isEmpty(certIds)) {
return Collections.emptyList();
}
List<X509Certificate> certs = new ArrayList<X509Certificate>(certIds.size());
for (Long certId : certIds) {
X509CertWithDbId cert = getCertForId(certId);
if (cert != null) {
certs.add(cert.getCert());
}
}
return certs;
}
Also used :
SQLException(java.sql.SQLException)
ArrayList(java.util.ArrayList)
PreparedStatement(java.sql.PreparedStatement)
X509CertWithDbId(org.xipki.ca.api.X509CertWithDbId)
DERPrintableString(org.bouncycastle.asn1.DERPrintableString)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
LinkedList(java.util.LinkedList)
X509Certificate(java.security.cert.X509Certificate)
ResultSet(java.sql.ResultSet)
Aggregations
X509CertWithDbId (org.xipki.ca.api.X509CertWithDbId)15
DERPrintableString (org.bouncycastle.asn1.DERPrintableString)8
OperationException (org.xipki.ca.api.OperationException)8
X509Certificate (java.security.cert.X509Certificate)7
PreparedStatement (java.sql.PreparedStatement)5
ResultSet (java.sql.ResultSet)5
SQLException (java.sql.SQLException)5
DEROctetString (org.bouncycastle.asn1.DEROctetString)5
Date (java.util.Date)4
X509CertificateInfo (org.xipki.ca.api.publisher.x509.X509CertificateInfo)4
CertificateException (java.security.cert.CertificateException)3
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)3
AuditEvent (org.xipki.audit.AuditEvent)3
CertRevocationInfo (org.xipki.security.CertRevocationInfo)3
ArrayList (java.util.ArrayList)2
CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)2
IssuingDistributionPoint (org.bouncycastle.asn1.x509.IssuingDistributionPoint)2
IOException (java.io.IOException)1
BigInteger (java.math.BigInteger)1
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1
