use of org.xipki.ca.server.impl.store.X509CertWithRevocationInfo in project xipki by xipki.
the class X509Ca method removeCertificate0.
// method removeCertificate
private X509CertWithDbId removeCertificate0(BigInteger serialNumber, AuditEvent event) throws OperationException {
event.addEventData(CaAuditConstants.NAME_serial, LogUtil.formatCsn(serialNumber));
X509CertWithRevocationInfo certWithRevInfo = certstore.getCertWithRevocationInfo(caIdent, serialNumber, caIdNameMap);
if (certWithRevInfo == null) {
return null;
}
boolean successful = true;
X509CertWithDbId certToRemove = certWithRevInfo.getCert();
for (IdentifiedX509CertPublisher publisher : publishers()) {
boolean singleSuccessful;
try {
singleSuccessful = publisher.certificateRemoved(caCert, certToRemove);
} catch (RuntimeException ex) {
singleSuccessful = false;
LogUtil.warn(LOG, ex, "could not remove certificate to the publisher " + publisher.getIdent());
}
if (singleSuccessful) {
continue;
}
successful = false;
X509Certificate cert = certToRemove.getCert();
if (LOG.isErrorEnabled()) {
LOG.error("removing certificate issuer='{}', serial={}, subject='{}' from publisher" + " {} failed.", X509Util.getRfc4519Name(cert.getIssuerX500Principal()), LogUtil.formatCsn(cert.getSerialNumber()), X509Util.getRfc4519Name(cert.getSubjectX500Principal()), publisher.getIdent());
}
}
if (!successful) {
return null;
}
certstore.removeCertificate(caIdent, serialNumber);
return certToRemove;
}
use of org.xipki.ca.server.impl.store.X509CertWithRevocationInfo in project xipki by xipki.
the class X509Ca method revokeCertificate.
// method publishCrl
public X509CertWithRevocationInfo revokeCertificate(BigInteger serialNumber, CrlReason reason, Date invalidityTime, String msgId) throws OperationException {
if (caInfo.isSelfSigned() && caInfo.getSerialNumber().equals(serialNumber)) {
throw new OperationException(ErrorCode.NOT_PERMITTED, "insufficient permission to revoke CA certificate");
}
CrlReason tmpReason = reason;
if (tmpReason == null) {
tmpReason = CrlReason.UNSPECIFIED;
}
switch(tmpReason) {
case CA_COMPROMISE:
case AA_COMPROMISE:
case REMOVE_FROM_CRL:
throw new OperationException(ErrorCode.NOT_PERMITTED, "Insufficient permission revoke certificate with reason " + tmpReason.getDescription());
case UNSPECIFIED:
case KEY_COMPROMISE:
case AFFILIATION_CHANGED:
case SUPERSEDED:
case CESSATION_OF_OPERATION:
case CERTIFICATE_HOLD:
case PRIVILEGE_WITHDRAWN:
break;
default:
throw new RuntimeException("unknown CRL reason " + tmpReason);
}
// switch (reason)
AuditEvent event = newPerfAuditEvent(CaAuditConstants.TYPE_revoke_cert, msgId);
boolean successful = true;
try {
X509CertWithRevocationInfo ret = revokeCertificate0(serialNumber, reason, invalidityTime, false, event);
successful = (ret != null);
return ret;
} finally {
finish(event, successful);
}
}
use of org.xipki.ca.server.impl.store.X509CertWithRevocationInfo in project xipki by xipki.
the class X509Ca method revokeCertificate0.
// method removeCertificate0
private X509CertWithRevocationInfo revokeCertificate0(BigInteger serialNumber, CrlReason reason, Date invalidityTime, boolean force, AuditEvent event) throws OperationException {
String hexSerial = LogUtil.formatCsn(serialNumber);
event.addEventData(CaAuditConstants.NAME_serial, hexSerial);
event.addEventData(CaAuditConstants.NAME_reason, reason.getDescription());
if (invalidityTime != null) {
event.addEventData(CaAuditConstants.NAME_invalidityTime, DateUtil.toUtcTimeyyyyMMddhhmmss(invalidityTime));
}
LOG.info(" START revokeCertificate: ca={}, serialNumber={}, reason={}, invalidityTime={}", caIdent, hexSerial, reason.getDescription(), invalidityTime);
X509CertWithRevocationInfo revokedCert = null;
CertRevocationInfo revInfo = new CertRevocationInfo(reason, new Date(), invalidityTime);
revokedCert = certstore.revokeCertificate(caIdent, serialNumber, revInfo, force, shouldPublishToDeltaCrlCache(), caIdNameMap);
if (revokedCert == null) {
return null;
}
for (IdentifiedX509CertPublisher publisher : publishers()) {
if (!publisher.isAsyn()) {
boolean successful;
try {
successful = publisher.certificateRevoked(caCert, revokedCert.getCert(), revokedCert.getCertprofile(), revokedCert.getRevInfo());
} catch (RuntimeException ex) {
successful = false;
LogUtil.error(LOG, ex, "could not publish revocation of certificate to the publisher " + publisher.getIdent());
}
if (successful) {
continue;
}
}
// end if
Long certId = revokedCert.getCert().getCertId();
try {
certstore.addToPublishQueue(publisher.getIdent(), certId.longValue(), caIdent);
} catch (Throwable th) {
LogUtil.error(LOG, th, "could not add entry to PublishQueue");
}
}
if (LOG.isInfoEnabled()) {
LOG.info("SUCCESSFUL revokeCertificate: ca={}, serialNumber={}, reason={}, invalidityTime={}," + " revocationResult=REVOKED", caIdent, hexSerial, reason.getDescription(), invalidityTime);
}
return revokedCert;
}
use of org.xipki.ca.server.impl.store.X509CertWithRevocationInfo in project xipki by xipki.
the class X509Ca method revokeSuspendedCert.
// method revokeCertificate0
private X509CertWithRevocationInfo revokeSuspendedCert(BigInteger serialNumber, CrlReason reason, String msgId) throws OperationException {
AuditEvent event = newPerfAuditEvent(CaAuditConstants.TYPE_revoke_suspendedCert, msgId);
boolean successful = false;
try {
X509CertWithRevocationInfo ret = revokeSuspendedCert0(serialNumber, reason, event);
successful = (ret != null);
return ret;
} finally {
finish(event, successful);
}
}
use of org.xipki.ca.server.impl.store.X509CertWithRevocationInfo in project xipki by xipki.
the class CaManagerImpl method getCert.
// method canonicalizeSignerConf
@Override
public CertWithStatusInfo getCert(String caName, BigInteger serialNumber) throws CaMgmtException {
caName = ParamUtil.requireNonBlank("caName", caName).toLowerCase();
ParamUtil.requireNonNull("serialNumber", serialNumber);
X509Ca ca = getX509Ca(caName);
X509CertWithRevocationInfo certInfo;
try {
certInfo = ca.getCertWithRevocationInfo(serialNumber);
} catch (CertificateException | OperationException ex) {
throw new CaMgmtException(ex.getMessage(), ex);
}
return (certInfo != null) ? certInfo.toCertWithStatusInfo() : new CertWithStatusInfo();
}
Aggregations