Example 1 with X509CertprofileType
use of org.xipki.ca.qa.jaxb.X509CertprofileType in project xipki by xipki.
the class QaSystemManagerImpl method init.
public void init() {
if (StringUtil.isBlank(confFile)) {
throw new IllegalStateException("confFile must not be null and empty");
}
LOG.info("initializing ...");
if (initialized.get()) {
LOG.info("already initialized, skipping ...");
return;
}
QAConfType qaConf;
try {
FileInputStream issuerConfStream = new FileInputStream(confFile);
qaConf = parseQaConf(issuerConfStream);
} catch (IOException | JAXBException | SAXException ex) {
final String message = "could not parse the QA configuration";
LogUtil.error(LOG, ex, message);
return;
}
if (qaConf.getX509Issuers() != null) {
List<X509IssuerType> x509IssuerTypes = qaConf.getX509Issuers().getX509Issuer();
for (X509IssuerType issuerType : x509IssuerTypes) {
byte[] certBytes;
try {
certBytes = readData(issuerType.getCert());
} catch (IOException ex) {
LogUtil.error(LOG, ex, "could not read the certificate bytes of issuer " + issuerType.getName());
continue;
}
String str = issuerType.getValidityMode();
boolean cutoffNotAfter;
if (StringUtil.isBlank(str) || "CUTOFF".equalsIgnoreCase(str)) {
cutoffNotAfter = true;
} else if ("LAX".equalsIgnoreCase(str)) {
cutoffNotAfter = false;
} else {
LOG.error("invalid validityMode {}", str);
return;
}
X509IssuerInfo issuerInfo;
try {
issuerInfo = new X509IssuerInfo(issuerType.getCaIssuerUrl(), issuerType.getOcspUrl(), issuerType.getCrlUrl(), issuerType.getDeltaCrlUrl(), certBytes, cutoffNotAfter);
} catch (CertificateException ex) {
LogUtil.error(LOG, ex, "could not parse certificate of issuer " + issuerType.getName());
continue;
}
x509IssuerInfoMap.put(issuerType.getName(), issuerInfo);
LOG.info("configured X509 issuer {}", issuerType.getName());
}
}
if (qaConf.getX509Certprofiles() != null) {
List<X509CertprofileType> certprofileTypes = qaConf.getX509Certprofiles().getX509Certprofile();
for (X509CertprofileType type : certprofileTypes) {
String name = type.getName();
try {
byte[] content = readData(type);
x509ProfileMap.put(name, new X509CertprofileQa(content));
LOG.info("configured X509 certificate profile {}", name);
} catch (IOException | CertprofileException ex) {
LogUtil.error(LOG, ex, "could not parse QA certificate profile " + name);
continue;
}
}
}
initialized.set(true);
LOG.info("initialized");
}
Also used :
JAXBException(javax.xml.bind.JAXBException)
CertificateException(java.security.cert.CertificateException)
IOException(java.io.IOException)
FileInputStream(java.io.FileInputStream)
SAXException(org.xml.sax.SAXException)
X509CertprofileType(org.xipki.ca.qa.jaxb.X509CertprofileType)
X509IssuerType(org.xipki.ca.qa.jaxb.X509IssuerType)
CertprofileException(org.xipki.ca.api.profile.CertprofileException)
QAConfType(org.xipki.ca.qa.jaxb.QAConfType)
Aggregations
FileInputStream (java.io.FileInputStream)1
IOException (java.io.IOException)1
CertificateException (java.security.cert.CertificateException)1
JAXBException (javax.xml.bind.JAXBException)1
CertprofileException (org.xipki.ca.api.profile.CertprofileException)1
QAConfType (org.xipki.ca.qa.jaxb.QAConfType)1
X509CertprofileType (org.xipki.ca.qa.jaxb.X509CertprofileType)1
X509IssuerType (org.xipki.ca.qa.jaxb.X509IssuerType)1
SAXException (org.xml.sax.SAXException)1
