use of org.xipki.ca.dbtool.jaxb.ca.CaType in project xipki by xipki.
the class OcspCertStoreFromCaDbImporter method importIssuer.
private List<Integer> importIssuer(List<CaType> cas) throws DataAccessException, CertificateException, IOException {
System.out.println("importing table ISSUER");
final String sql = SQL_ADD_ISSUER;
PreparedStatement ps = prepareStatement(sql);
List<Integer> relatedCaIds = new LinkedList<>();
try {
for (CaType issuer : cas) {
importIssuer0(issuer, sql, ps, cas, relatedCaIds);
}
} finally {
releaseResources(ps, null);
}
System.out.println(" imported table ISSUER");
return relatedCaIds;
}
use of org.xipki.ca.dbtool.jaxb.ca.CaType in project xipki by xipki.
the class CaConfigurationDbExporter method exportCa.
// method exportProfile
private void exportCa(CAConfigurationType caconf) throws DataAccessException, IOException {
System.out.println("exporting table CA");
Cas cas = new Cas();
String sql = "SELECT ID,NAME,SN_SIZE,STATUS,CRL_URIS,OCSP_URIS,MAX_VALIDITY,CERT,SIGNER_TYPE," + "SIGNER_CONF,CRLSIGNER_NAME,PERMISSION,NUM_CRLS,EXPIRATION_PERIOD,KEEP_EXPIRED_CERT_DAYS," + "REV,RR,RT,RIT,DUPLICATE_KEY,DUPLICATE_SUBJECT,SAVE_REQ,DELTACRL_URIS,VALIDITY_MODE," + "CACERT_URIS,ART,NEXT_CRLNO,RESPONDER_NAME,CMPCONTROL_NAME,EXTRA_CONTROL FROM CA";
Statement stmt = null;
ResultSet rs = null;
try {
stmt = createStatement();
rs = stmt.executeQuery(sql);
while (rs.next()) {
String name = rs.getString("NAME");
CaType ca = new CaType();
ca.setId(rs.getInt("ID"));
ca.setName(name);
ca.setArt(rs.getInt("ART"));
ca.setSnSize(rs.getInt("SN_SIZE"));
ca.setNextCrlNo(rs.getLong("NEXT_CRLNO"));
ca.setStatus(rs.getString("STATUS"));
ca.setCrlUris(rs.getString("CRL_URIS"));
ca.setDeltacrlUris(rs.getString("DELTACRL_URIS"));
ca.setOcspUris(rs.getString("OCSP_URIS"));
ca.setCacertUris(rs.getString("CACERT_URIS"));
ca.setMaxValidity(rs.getString("MAX_VALIDITY"));
ca.setCert(buildFileOrBase64Binary(rs.getString("CERT"), "ca-conf/cert-ca-" + name + ".der"));
ca.setSignerType(rs.getString("SIGNER_TYPE"));
ca.setSignerConf(buildFileOrValue(rs.getString("SIGNER_CONF"), "ca-conf/signerconf-ca-" + name));
ca.setCrlsignerName(rs.getString("CRLSIGNER_NAME"));
ca.setResponderName(rs.getString("RESPONDER_NAME"));
ca.setCmpcontrolName(rs.getString("CMPCONTROL_NAME"));
ca.setDuplicateKey(rs.getInt("DUPLICATE_KEY"));
ca.setDuplicateSubject(rs.getInt("DUPLICATE_SUBJECT"));
ca.setSaveReq(rs.getInt("SAVE_REQ"));
ca.setPermission(rs.getInt("PERMISSION"));
ca.setExpirationPeriod(rs.getInt("EXPIRATION_PERIOD"));
ca.setKeepExpiredCertDays(rs.getInt("KEEP_EXPIRED_CERT_DAYS"));
ca.setValidityMode(rs.getString("VALIDITY_MODE"));
ca.setExtraControl(rs.getString("EXTRA_CONTROL"));
ca.setNumCrls(rs.getInt("NUM_CRLS"));
boolean revoked = rs.getBoolean("REV");
ca.setRevoked(revoked);
if (revoked) {
ca.setRevReason(rs.getInt("RR"));
ca.setRevTime(rs.getLong("RT"));
ca.setRevInvTime(rs.getLong("RIT"));
}
cas.getCa().add(ca);
}
} catch (SQLException ex) {
throw translate(sql, ex);
} finally {
releaseResources(stmt, rs);
}
caconf.setCas(cas);
System.out.println(" exported table CA");
}
use of org.xipki.ca.dbtool.jaxb.ca.CaType in project xipki by xipki.
the class OcspCertStoreFromCaDbImporter method importIssuer0.
private void importIssuer0(CaType issuer, String sql, PreparedStatement ps, List<CaType> cas, List<Integer> relatedCaIds) throws IOException, DataAccessException, CertificateException {
try {
byte[] encodedCert = binary(issuer.getCert());
// retrieve the revocation information of the CA, if possible
CaType ca = null;
for (CaType caType : cas) {
if (Arrays.equals(encodedCert, binary(caType.getCert()))) {
ca = caType;
break;
}
}
if (ca == null) {
return;
}
relatedCaIds.add(issuer.getId());
Certificate cert;
try {
cert = Certificate.getInstance(encodedCert);
} catch (RuntimeException ex) {
String msg = "could not parse certificate of issuer " + issuer.getId();
LogUtil.error(LOG, ex, msg);
throw new CertificateException(ex.getMessage(), ex);
}
int idx = 1;
ps.setInt(idx++, issuer.getId());
ps.setString(idx++, X509Util.cutX500Name(cert.getSubject(), maxX500nameLen));
ps.setLong(idx++, cert.getTBSCertificate().getStartDate().getDate().getTime() / 1000);
ps.setLong(idx++, cert.getTBSCertificate().getEndDate().getDate().getTime() / 1000);
ps.setString(idx++, HashAlgo.SHA1.base64Hash(encodedCert));
setBoolean(ps, idx++, ca.isRevoked());
setInt(ps, idx++, ca.getRevReason());
setLong(ps, idx++, ca.getRevTime());
setLong(ps, idx++, ca.getRevInvTime());
ps.setString(idx++, Base64.encodeToString(encodedCert));
ps.execute();
} catch (SQLException ex) {
System.err.println("could not import issuer with id=" + issuer.getId());
throw translate(sql, ex);
} catch (CertificateException ex) {
System.err.println("could not import issuer with id=" + issuer.getId());
throw ex;
}
}
use of org.xipki.ca.dbtool.jaxb.ca.CaType in project xipki by xipki.
the class OcspCertStoreFromCaDbImporter method importToDb.
public void importToDb() throws Exception {
CertStoreType certstore;
try {
@SuppressWarnings("unchecked") JAXBElement<CertStoreType> root = (JAXBElement<CertStoreType>) unmarshaller.unmarshal(new File(baseDir, FILENAME_CA_CERTSTORE));
certstore = root.getValue();
} catch (JAXBException ex) {
throw XmlUtil.convert(ex);
}
if (certstore.getVersion() > VERSION) {
throw new InvalidInputException("could not import CertStore greater than " + VERSION + ": " + certstore.getVersion());
}
CAConfigurationType caConf;
try {
File file = new File(baseDir + File.separator + FILENAME_CA_CONFIGURATION);
@SuppressWarnings("unchecked") JAXBElement<CAConfigurationType> rootCaConf = (JAXBElement<CAConfigurationType>) unmarshaller.unmarshal(file);
caConf = rootCaConf.getValue();
} catch (JAXBException ex) {
throw XmlUtil.convert(ex);
}
if (caConf.getVersion() > VERSION) {
throw new InvalidInputException("could not import CA Configuration greater than " + VERSION + ": " + certstore.getVersion());
}
System.out.println("importing CA certstore to OCSP database");
try {
if (!resume) {
dropIndexes();
}
PublisherType publisherType = null;
for (PublisherType type : caConf.getPublishers().getPublisher()) {
if (publisherName.equals(type.getName())) {
publisherType = type;
break;
}
}
if (publisherType == null) {
throw new InvalidInputException("unknown publisher " + publisherName);
}
String type = publisherType.getType();
if (!"ocsp".equalsIgnoreCase(type)) {
throw new InvalidInputException("Unkwown publisher type " + type);
}
ConfPairs confPairs = new ConfPairs(value(publisherType.getConf()));
String str = confPairs.value("publish.goodcerts");
boolean revokedOnly = false;
if (str != null) {
revokedOnly = !Boolean.parseBoolean(str);
}
Set<Integer> relatedCaIds = new HashSet<>();
for (CaHasPublisherType ctype : caConf.getCaHasPublishers().getCaHasPublisher()) {
if (ctype.getPublisherId() == publisherType.getId()) {
relatedCaIds.add(ctype.getCaId());
}
}
List<CaType> relatedCas = new LinkedList<>();
for (CaType m : caConf.getCas().getCa()) {
if (relatedCaIds.contains(m.getId())) {
relatedCas.add(m);
}
}
if (relatedCas.isEmpty()) {
System.out.println("No CA has publisher " + publisherName);
return;
}
Map<Integer, String> profileMap = new HashMap<Integer, String>();
for (ProfileType ni : caConf.getProfiles().getProfile()) {
profileMap.put(ni.getId(), ni.getName());
}
List<Integer> relatedCertStoreCaIds = resume ? getIssuerIds(relatedCas) : importIssuer(relatedCas);
File processLogFile = new File(baseDir, DbPorter.IMPORT_TO_OCSP_PROCESS_LOG_FILENAME);
importCert(certstore, profileMap, revokedOnly, relatedCertStoreCaIds, processLogFile);
recoverIndexes();
processLogFile.delete();
} catch (Exception ex) {
System.err.println("could not import OCSP certstore to database");
throw ex;
}
System.out.println(" imported OCSP certstore to database");
}
use of org.xipki.ca.dbtool.jaxb.ca.CaType in project xipki by xipki.
the class OcspCertStoreFromCaDbImporter method getIssuerIds.
// method importToDb
private List<Integer> getIssuerIds(List<CaType> cas) throws IOException {
List<Integer> relatedCaIds = new LinkedList<>();
for (CaType issuer : cas) {
byte[] encodedCert = binary(issuer.getCert());
// retrieve the revocation information of the CA, if possible
CaType ca = null;
for (CaType caType : cas) {
if (Arrays.equals(encodedCert, binary(caType.getCert()))) {
ca = caType;
break;
}
}
if (ca == null) {
continue;
}
relatedCaIds.add(issuer.getId());
}
return relatedCaIds;
}
Aggregations