Search in sources :

Example 1 with QAConfType

use of org.xipki.ca.qa.jaxb.QAConfType in project xipki by xipki.

the class QaSystemManagerImpl method init.

public void init() {
    if (StringUtil.isBlank(confFile)) {
        throw new IllegalStateException("confFile must not be null and empty");
    }
    LOG.info("initializing ...");
    if (initialized.get()) {
        LOG.info("already initialized, skipping ...");
        return;
    }
    QAConfType qaConf;
    try {
        FileInputStream issuerConfStream = new FileInputStream(confFile);
        qaConf = parseQaConf(issuerConfStream);
    } catch (IOException | JAXBException | SAXException ex) {
        final String message = "could not parse the QA configuration";
        LogUtil.error(LOG, ex, message);
        return;
    }
    if (qaConf.getX509Issuers() != null) {
        List<X509IssuerType> x509IssuerTypes = qaConf.getX509Issuers().getX509Issuer();
        for (X509IssuerType issuerType : x509IssuerTypes) {
            byte[] certBytes;
            try {
                certBytes = readData(issuerType.getCert());
            } catch (IOException ex) {
                LogUtil.error(LOG, ex, "could not read the certificate bytes of issuer " + issuerType.getName());
                continue;
            }
            String str = issuerType.getValidityMode();
            boolean cutoffNotAfter;
            if (StringUtil.isBlank(str) || "CUTOFF".equalsIgnoreCase(str)) {
                cutoffNotAfter = true;
            } else if ("LAX".equalsIgnoreCase(str)) {
                cutoffNotAfter = false;
            } else {
                LOG.error("invalid validityMode {}", str);
                return;
            }
            X509IssuerInfo issuerInfo;
            try {
                issuerInfo = new X509IssuerInfo(issuerType.getCaIssuerUrl(), issuerType.getOcspUrl(), issuerType.getCrlUrl(), issuerType.getDeltaCrlUrl(), certBytes, cutoffNotAfter);
            } catch (CertificateException ex) {
                LogUtil.error(LOG, ex, "could not parse certificate of issuer " + issuerType.getName());
                continue;
            }
            x509IssuerInfoMap.put(issuerType.getName(), issuerInfo);
            LOG.info("configured X509 issuer {}", issuerType.getName());
        }
    }
    if (qaConf.getX509Certprofiles() != null) {
        List<X509CertprofileType> certprofileTypes = qaConf.getX509Certprofiles().getX509Certprofile();
        for (X509CertprofileType type : certprofileTypes) {
            String name = type.getName();
            try {
                byte[] content = readData(type);
                x509ProfileMap.put(name, new X509CertprofileQa(content));
                LOG.info("configured X509 certificate profile {}", name);
            } catch (IOException | CertprofileException ex) {
                LogUtil.error(LOG, ex, "could not parse QA certificate profile " + name);
                continue;
            }
        }
    }
    initialized.set(true);
    LOG.info("initialized");
}
Also used : JAXBException(javax.xml.bind.JAXBException) CertificateException(java.security.cert.CertificateException) IOException(java.io.IOException) FileInputStream(java.io.FileInputStream) SAXException(org.xml.sax.SAXException) X509CertprofileType(org.xipki.ca.qa.jaxb.X509CertprofileType) X509IssuerType(org.xipki.ca.qa.jaxb.X509IssuerType) CertprofileException(org.xipki.ca.api.profile.CertprofileException) QAConfType(org.xipki.ca.qa.jaxb.QAConfType)

Aggregations

FileInputStream (java.io.FileInputStream)1 IOException (java.io.IOException)1 CertificateException (java.security.cert.CertificateException)1 JAXBException (javax.xml.bind.JAXBException)1 CertprofileException (org.xipki.ca.api.profile.CertprofileException)1 QAConfType (org.xipki.ca.qa.jaxb.QAConfType)1 X509CertprofileType (org.xipki.ca.qa.jaxb.X509CertprofileType)1 X509IssuerType (org.xipki.ca.qa.jaxb.X509IssuerType)1 SAXException (org.xml.sax.SAXException)1