Example 1 with CaType
use of org.xipki.ca.dbtool.jaxb.ca.CaType in project xipki by xipki.
the class OcspCertStoreFromCaDbImporter method importIssuer.
private List<Integer> importIssuer(List<CaType> cas) throws DataAccessException, CertificateException, IOException {
System.out.println("importing table ISSUER");
final String sql = SQL_ADD_ISSUER;
PreparedStatement ps = prepareStatement(sql);
List<Integer> relatedCaIds = new LinkedList<>();
try {
for (CaType issuer : cas) {
importIssuer0(issuer, sql, ps, cas, relatedCaIds);
}
} finally {
releaseResources(ps, null);
}
System.out.println(" imported table ISSUER");
return relatedCaIds;
}
Also used :
PreparedStatement(java.sql.PreparedStatement)
CaType(org.xipki.ca.dbtool.jaxb.ca.CaType)
LinkedList(java.util.LinkedList)
Example 2 with CaType
use of org.xipki.ca.dbtool.jaxb.ca.CaType in project xipki by xipki.
the class CaConfigurationDbExporter method exportCa.
// method exportProfile
private void exportCa(CAConfigurationType caconf) throws DataAccessException, IOException {
System.out.println("exporting table CA");
Cas cas = new Cas();
String sql = "SELECT ID,NAME,SN_SIZE,STATUS,CRL_URIS,OCSP_URIS,MAX_VALIDITY,CERT,SIGNER_TYPE," + "SIGNER_CONF,CRLSIGNER_NAME,PERMISSION,NUM_CRLS,EXPIRATION_PERIOD,KEEP_EXPIRED_CERT_DAYS," + "REV,RR,RT,RIT,DUPLICATE_KEY,DUPLICATE_SUBJECT,SAVE_REQ,DELTACRL_URIS,VALIDITY_MODE," + "CACERT_URIS,ART,NEXT_CRLNO,RESPONDER_NAME,CMPCONTROL_NAME,EXTRA_CONTROL FROM CA";
Statement stmt = null;
ResultSet rs = null;
try {
stmt = createStatement();
rs = stmt.executeQuery(sql);
while (rs.next()) {
String name = rs.getString("NAME");
CaType ca = new CaType();
ca.setId(rs.getInt("ID"));
ca.setName(name);
ca.setArt(rs.getInt("ART"));
ca.setSnSize(rs.getInt("SN_SIZE"));
ca.setNextCrlNo(rs.getLong("NEXT_CRLNO"));
ca.setStatus(rs.getString("STATUS"));
ca.setCrlUris(rs.getString("CRL_URIS"));
ca.setDeltacrlUris(rs.getString("DELTACRL_URIS"));
ca.setOcspUris(rs.getString("OCSP_URIS"));
ca.setCacertUris(rs.getString("CACERT_URIS"));
ca.setMaxValidity(rs.getString("MAX_VALIDITY"));
ca.setCert(buildFileOrBase64Binary(rs.getString("CERT"), "ca-conf/cert-ca-" + name + ".der"));
ca.setSignerType(rs.getString("SIGNER_TYPE"));
ca.setSignerConf(buildFileOrValue(rs.getString("SIGNER_CONF"), "ca-conf/signerconf-ca-" + name));
ca.setCrlsignerName(rs.getString("CRLSIGNER_NAME"));
ca.setResponderName(rs.getString("RESPONDER_NAME"));
ca.setCmpcontrolName(rs.getString("CMPCONTROL_NAME"));
ca.setDuplicateKey(rs.getInt("DUPLICATE_KEY"));
ca.setDuplicateSubject(rs.getInt("DUPLICATE_SUBJECT"));
ca.setSaveReq(rs.getInt("SAVE_REQ"));
ca.setPermission(rs.getInt("PERMISSION"));
ca.setExpirationPeriod(rs.getInt("EXPIRATION_PERIOD"));
ca.setKeepExpiredCertDays(rs.getInt("KEEP_EXPIRED_CERT_DAYS"));
ca.setValidityMode(rs.getString("VALIDITY_MODE"));
ca.setExtraControl(rs.getString("EXTRA_CONTROL"));
ca.setNumCrls(rs.getInt("NUM_CRLS"));
boolean revoked = rs.getBoolean("REV");
ca.setRevoked(revoked);
if (revoked) {
ca.setRevReason(rs.getInt("RR"));
ca.setRevTime(rs.getLong("RT"));
ca.setRevInvTime(rs.getLong("RIT"));
}
cas.getCa().add(ca);
}
} catch (SQLException ex) {
throw translate(sql, ex);
} finally {
releaseResources(stmt, rs);
}
caconf.setCas(cas);
System.out.println(" exported table CA");
}
Also used :
Cas(org.xipki.ca.dbtool.jaxb.ca.CAConfigurationType.Cas)
SQLException(java.sql.SQLException)
Statement(java.sql.Statement)
ResultSet(java.sql.ResultSet)
CaType(org.xipki.ca.dbtool.jaxb.ca.CaType)
Example 3 with CaType
use of org.xipki.ca.dbtool.jaxb.ca.CaType in project xipki by xipki.
the class OcspCertStoreFromCaDbImporter method importIssuer0.
private void importIssuer0(CaType issuer, String sql, PreparedStatement ps, List<CaType> cas, List<Integer> relatedCaIds) throws IOException, DataAccessException, CertificateException {
try {
byte[] encodedCert = binary(issuer.getCert());
// retrieve the revocation information of the CA, if possible
CaType ca = null;
for (CaType caType : cas) {
if (Arrays.equals(encodedCert, binary(caType.getCert()))) {
ca = caType;
break;
}
}
if (ca == null) {
return;
}
relatedCaIds.add(issuer.getId());
Certificate cert;
try {
cert = Certificate.getInstance(encodedCert);
} catch (RuntimeException ex) {
String msg = "could not parse certificate of issuer " + issuer.getId();
LogUtil.error(LOG, ex, msg);
throw new CertificateException(ex.getMessage(), ex);
}
int idx = 1;
ps.setInt(idx++, issuer.getId());
ps.setString(idx++, X509Util.cutX500Name(cert.getSubject(), maxX500nameLen));
ps.setLong(idx++, cert.getTBSCertificate().getStartDate().getDate().getTime() / 1000);
ps.setLong(idx++, cert.getTBSCertificate().getEndDate().getDate().getTime() / 1000);
ps.setString(idx++, HashAlgo.SHA1.base64Hash(encodedCert));
setBoolean(ps, idx++, ca.isRevoked());
setInt(ps, idx++, ca.getRevReason());
setLong(ps, idx++, ca.getRevTime());
setLong(ps, idx++, ca.getRevInvTime());
ps.setString(idx++, Base64.encodeToString(encodedCert));
ps.execute();
} catch (SQLException ex) {
System.err.println("could not import issuer with id=" + issuer.getId());
throw translate(sql, ex);
} catch (CertificateException ex) {
System.err.println("could not import issuer with id=" + issuer.getId());
throw ex;
}
}
Also used :
SQLException(java.sql.SQLException)
CertificateException(java.security.cert.CertificateException)
CaType(org.xipki.ca.dbtool.jaxb.ca.CaType)
TBSCertificate(org.bouncycastle.asn1.x509.TBSCertificate)
Certificate(org.bouncycastle.asn1.x509.Certificate)
Example 4 with CaType
use of org.xipki.ca.dbtool.jaxb.ca.CaType in project xipki by xipki.
the class OcspCertStoreFromCaDbImporter method importToDb.
public void importToDb() throws Exception {
CertStoreType certstore;
try {
@SuppressWarnings("unchecked") JAXBElement<CertStoreType> root = (JAXBElement<CertStoreType>) unmarshaller.unmarshal(new File(baseDir, FILENAME_CA_CERTSTORE));
certstore = root.getValue();
} catch (JAXBException ex) {
throw XmlUtil.convert(ex);
}
if (certstore.getVersion() > VERSION) {
throw new InvalidInputException("could not import CertStore greater than " + VERSION + ": " + certstore.getVersion());
}
CAConfigurationType caConf;
try {
File file = new File(baseDir + File.separator + FILENAME_CA_CONFIGURATION);
@SuppressWarnings("unchecked") JAXBElement<CAConfigurationType> rootCaConf = (JAXBElement<CAConfigurationType>) unmarshaller.unmarshal(file);
caConf = rootCaConf.getValue();
} catch (JAXBException ex) {
throw XmlUtil.convert(ex);
}
if (caConf.getVersion() > VERSION) {
throw new InvalidInputException("could not import CA Configuration greater than " + VERSION + ": " + certstore.getVersion());
}
System.out.println("importing CA certstore to OCSP database");
try {
if (!resume) {
dropIndexes();
}
PublisherType publisherType = null;
for (PublisherType type : caConf.getPublishers().getPublisher()) {
if (publisherName.equals(type.getName())) {
publisherType = type;
break;
}
}
if (publisherType == null) {
throw new InvalidInputException("unknown publisher " + publisherName);
}
String type = publisherType.getType();
if (!"ocsp".equalsIgnoreCase(type)) {
throw new InvalidInputException("Unkwown publisher type " + type);
}
ConfPairs confPairs = new ConfPairs(value(publisherType.getConf()));
String str = confPairs.value("publish.goodcerts");
boolean revokedOnly = false;
if (str != null) {
revokedOnly = !Boolean.parseBoolean(str);
}
Set<Integer> relatedCaIds = new HashSet<>();
for (CaHasPublisherType ctype : caConf.getCaHasPublishers().getCaHasPublisher()) {
if (ctype.getPublisherId() == publisherType.getId()) {
relatedCaIds.add(ctype.getCaId());
}
}
List<CaType> relatedCas = new LinkedList<>();
for (CaType m : caConf.getCas().getCa()) {
if (relatedCaIds.contains(m.getId())) {
relatedCas.add(m);
}
}
if (relatedCas.isEmpty()) {
System.out.println("No CA has publisher " + publisherName);
return;
}
Map<Integer, String> profileMap = new HashMap<Integer, String>();
for (ProfileType ni : caConf.getProfiles().getProfile()) {
profileMap.put(ni.getId(), ni.getName());
}
List<Integer> relatedCertStoreCaIds = resume ? getIssuerIds(relatedCas) : importIssuer(relatedCas);
File processLogFile = new File(baseDir, DbPorter.IMPORT_TO_OCSP_PROCESS_LOG_FILENAME);
importCert(certstore, profileMap, revokedOnly, relatedCertStoreCaIds, processLogFile);
recoverIndexes();
processLogFile.delete();
} catch (Exception ex) {
System.err.println("could not import OCSP certstore to database");
throw ex;
}
System.out.println(" imported OCSP certstore to database");
}
Also used :
CaHasPublisherType(org.xipki.ca.dbtool.jaxb.ca.CaHasPublisherType)
PublisherType(org.xipki.ca.dbtool.jaxb.ca.PublisherType)
HashMap(java.util.HashMap)
CaType(org.xipki.ca.dbtool.jaxb.ca.CaType)
CertStoreType(org.xipki.ca.dbtool.jaxb.ca.CertStoreType)
HashSet(java.util.HashSet)
CAConfigurationType(org.xipki.ca.dbtool.jaxb.ca.CAConfigurationType)
InvalidInputException(org.xipki.dbtool.InvalidInputException)
ProfileType(org.xipki.ca.dbtool.jaxb.ca.ProfileType)
JAXBException(javax.xml.bind.JAXBException)
ConfPairs(org.xipki.common.ConfPairs)
JAXBElement(javax.xml.bind.JAXBElement)
LinkedList(java.util.LinkedList)
InvalidInputException(org.xipki.dbtool.InvalidInputException)
SQLException(java.sql.SQLException)
DataAccessException(org.xipki.datasource.DataAccessException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
JAXBException(javax.xml.bind.JAXBException)
CaHasPublisherType(org.xipki.ca.dbtool.jaxb.ca.CaHasPublisherType)
ZipFile(java.util.zip.ZipFile)
File(java.io.File)
Example 5 with CaType
use of org.xipki.ca.dbtool.jaxb.ca.CaType in project xipki by xipki.
the class OcspCertStoreFromCaDbImporter method getIssuerIds.
// method importToDb
private List<Integer> getIssuerIds(List<CaType> cas) throws IOException {
List<Integer> relatedCaIds = new LinkedList<>();
for (CaType issuer : cas) {
byte[] encodedCert = binary(issuer.getCert());
// retrieve the revocation information of the CA, if possible
CaType ca = null;
for (CaType caType : cas) {
if (Arrays.equals(encodedCert, binary(caType.getCert()))) {
ca = caType;
break;
}
}
if (ca == null) {
continue;
}
relatedCaIds.add(issuer.getId());
}
return relatedCaIds;
}
Also used :
CaType(org.xipki.ca.dbtool.jaxb.ca.CaType)
LinkedList(java.util.LinkedList)
Aggregations
CaType (org.xipki.ca.dbtool.jaxb.ca.CaType)6
SQLException (java.sql.SQLException)4
CertificateException (java.security.cert.CertificateException)3
LinkedList (java.util.LinkedList)3
IOException (java.io.IOException)2
PreparedStatement (java.sql.PreparedStatement)2
File (java.io.File)1
X509Certificate (java.security.cert.X509Certificate)1
ResultSet (java.sql.ResultSet)1
Statement (java.sql.Statement)1
HashMap (java.util.HashMap)1
HashSet (java.util.HashSet)1
ZipFile (java.util.zip.ZipFile)1
JAXBElement (javax.xml.bind.JAXBElement)1
JAXBException (javax.xml.bind.JAXBException)1
Certificate (org.bouncycastle.asn1.x509.Certificate)1
TBSCertificate (org.bouncycastle.asn1.x509.TBSCertificate)1
CAConfigurationType (org.xipki.ca.dbtool.jaxb.ca.CAConfigurationType)1
Cas (org.xipki.ca.dbtool.jaxb.ca.CAConfigurationType.Cas)1
CaHasPublisherType (org.xipki.ca.dbtool.jaxb.ca.CaHasPublisherType)1
