Search in sources :

Example 1 with X509CertWithRevocationInfo

use of org.xipki.ca.server.impl.store.X509CertWithRevocationInfo in project xipki by xipki.

the class X509Ca method removeCertificate0.

// method removeCertificate
private X509CertWithDbId removeCertificate0(BigInteger serialNumber, AuditEvent event) throws OperationException {
    event.addEventData(CaAuditConstants.NAME_serial, LogUtil.formatCsn(serialNumber));
    X509CertWithRevocationInfo certWithRevInfo = certstore.getCertWithRevocationInfo(caIdent, serialNumber, caIdNameMap);
    if (certWithRevInfo == null) {
        return null;
    }
    boolean successful = true;
    X509CertWithDbId certToRemove = certWithRevInfo.getCert();
    for (IdentifiedX509CertPublisher publisher : publishers()) {
        boolean singleSuccessful;
        try {
            singleSuccessful = publisher.certificateRemoved(caCert, certToRemove);
        } catch (RuntimeException ex) {
            singleSuccessful = false;
            LogUtil.warn(LOG, ex, "could not remove certificate to the publisher " + publisher.getIdent());
        }
        if (singleSuccessful) {
            continue;
        }
        successful = false;
        X509Certificate cert = certToRemove.getCert();
        if (LOG.isErrorEnabled()) {
            LOG.error("removing certificate issuer='{}', serial={}, subject='{}' from publisher" + " {} failed.", X509Util.getRfc4519Name(cert.getIssuerX500Principal()), LogUtil.formatCsn(cert.getSerialNumber()), X509Util.getRfc4519Name(cert.getSubjectX500Principal()), publisher.getIdent());
        }
    }
    if (!successful) {
        return null;
    }
    certstore.removeCertificate(caIdent, serialNumber);
    return certToRemove;
}
Also used : X509CertWithDbId(org.xipki.ca.api.X509CertWithDbId) X509CertWithRevocationInfo(org.xipki.ca.server.impl.store.X509CertWithRevocationInfo) X509Certificate(java.security.cert.X509Certificate)

Example 2 with X509CertWithRevocationInfo

use of org.xipki.ca.server.impl.store.X509CertWithRevocationInfo in project xipki by xipki.

the class X509Ca method revokeCertificate.

// method publishCrl
public X509CertWithRevocationInfo revokeCertificate(BigInteger serialNumber, CrlReason reason, Date invalidityTime, String msgId) throws OperationException {
    if (caInfo.isSelfSigned() && caInfo.getSerialNumber().equals(serialNumber)) {
        throw new OperationException(ErrorCode.NOT_PERMITTED, "insufficient permission to revoke CA certificate");
    }
    CrlReason tmpReason = reason;
    if (tmpReason == null) {
        tmpReason = CrlReason.UNSPECIFIED;
    }
    switch(tmpReason) {
        case CA_COMPROMISE:
        case AA_COMPROMISE:
        case REMOVE_FROM_CRL:
            throw new OperationException(ErrorCode.NOT_PERMITTED, "Insufficient permission revoke certificate with reason " + tmpReason.getDescription());
        case UNSPECIFIED:
        case KEY_COMPROMISE:
        case AFFILIATION_CHANGED:
        case SUPERSEDED:
        case CESSATION_OF_OPERATION:
        case CERTIFICATE_HOLD:
        case PRIVILEGE_WITHDRAWN:
            break;
        default:
            throw new RuntimeException("unknown CRL reason " + tmpReason);
    }
    // switch (reason)
    AuditEvent event = newPerfAuditEvent(CaAuditConstants.TYPE_revoke_cert, msgId);
    boolean successful = true;
    try {
        X509CertWithRevocationInfo ret = revokeCertificate0(serialNumber, reason, invalidityTime, false, event);
        successful = (ret != null);
        return ret;
    } finally {
        finish(event, successful);
    }
}
Also used : AuditEvent(org.xipki.audit.AuditEvent) CrlReason(org.xipki.security.CrlReason) OperationException(org.xipki.ca.api.OperationException) X509CertWithRevocationInfo(org.xipki.ca.server.impl.store.X509CertWithRevocationInfo)

Example 3 with X509CertWithRevocationInfo

use of org.xipki.ca.server.impl.store.X509CertWithRevocationInfo in project xipki by xipki.

the class X509Ca method revokeCertificate0.

// method removeCertificate0
private X509CertWithRevocationInfo revokeCertificate0(BigInteger serialNumber, CrlReason reason, Date invalidityTime, boolean force, AuditEvent event) throws OperationException {
    String hexSerial = LogUtil.formatCsn(serialNumber);
    event.addEventData(CaAuditConstants.NAME_serial, hexSerial);
    event.addEventData(CaAuditConstants.NAME_reason, reason.getDescription());
    if (invalidityTime != null) {
        event.addEventData(CaAuditConstants.NAME_invalidityTime, DateUtil.toUtcTimeyyyyMMddhhmmss(invalidityTime));
    }
    LOG.info("     START revokeCertificate: ca={}, serialNumber={}, reason={}, invalidityTime={}", caIdent, hexSerial, reason.getDescription(), invalidityTime);
    X509CertWithRevocationInfo revokedCert = null;
    CertRevocationInfo revInfo = new CertRevocationInfo(reason, new Date(), invalidityTime);
    revokedCert = certstore.revokeCertificate(caIdent, serialNumber, revInfo, force, shouldPublishToDeltaCrlCache(), caIdNameMap);
    if (revokedCert == null) {
        return null;
    }
    for (IdentifiedX509CertPublisher publisher : publishers()) {
        if (!publisher.isAsyn()) {
            boolean successful;
            try {
                successful = publisher.certificateRevoked(caCert, revokedCert.getCert(), revokedCert.getCertprofile(), revokedCert.getRevInfo());
            } catch (RuntimeException ex) {
                successful = false;
                LogUtil.error(LOG, ex, "could not publish revocation of certificate to the publisher " + publisher.getIdent());
            }
            if (successful) {
                continue;
            }
        }
        // end if
        Long certId = revokedCert.getCert().getCertId();
        try {
            certstore.addToPublishQueue(publisher.getIdent(), certId.longValue(), caIdent);
        } catch (Throwable th) {
            LogUtil.error(LOG, th, "could not add entry to PublishQueue");
        }
    }
    if (LOG.isInfoEnabled()) {
        LOG.info("SUCCESSFUL revokeCertificate: ca={}, serialNumber={}, reason={}, invalidityTime={}," + " revocationResult=REVOKED", caIdent, hexSerial, reason.getDescription(), invalidityTime);
    }
    return revokedCert;
}
Also used : CertRevocationInfo(org.xipki.security.CertRevocationInfo) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) X509CertWithRevocationInfo(org.xipki.ca.server.impl.store.X509CertWithRevocationInfo) Date(java.util.Date)

Example 4 with X509CertWithRevocationInfo

use of org.xipki.ca.server.impl.store.X509CertWithRevocationInfo in project xipki by xipki.

the class X509Ca method revokeSuspendedCert.

// method revokeCertificate0
private X509CertWithRevocationInfo revokeSuspendedCert(BigInteger serialNumber, CrlReason reason, String msgId) throws OperationException {
    AuditEvent event = newPerfAuditEvent(CaAuditConstants.TYPE_revoke_suspendedCert, msgId);
    boolean successful = false;
    try {
        X509CertWithRevocationInfo ret = revokeSuspendedCert0(serialNumber, reason, event);
        successful = (ret != null);
        return ret;
    } finally {
        finish(event, successful);
    }
}
Also used : AuditEvent(org.xipki.audit.AuditEvent) X509CertWithRevocationInfo(org.xipki.ca.server.impl.store.X509CertWithRevocationInfo)

Example 5 with X509CertWithRevocationInfo

use of org.xipki.ca.server.impl.store.X509CertWithRevocationInfo in project xipki by xipki.

the class CaManagerImpl method getCert.

// method canonicalizeSignerConf
@Override
public CertWithStatusInfo getCert(String caName, BigInteger serialNumber) throws CaMgmtException {
    caName = ParamUtil.requireNonBlank("caName", caName).toLowerCase();
    ParamUtil.requireNonNull("serialNumber", serialNumber);
    X509Ca ca = getX509Ca(caName);
    X509CertWithRevocationInfo certInfo;
    try {
        certInfo = ca.getCertWithRevocationInfo(serialNumber);
    } catch (CertificateException | OperationException ex) {
        throw new CaMgmtException(ex.getMessage(), ex);
    }
    return (certInfo != null) ? certInfo.toCertWithStatusInfo() : new CertWithStatusInfo();
}
Also used : CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException) CertWithStatusInfo(org.xipki.ca.server.mgmt.api.x509.CertWithStatusInfo) CertificateException(java.security.cert.CertificateException) X509CertWithRevocationInfo(org.xipki.ca.server.impl.store.X509CertWithRevocationInfo) OperationException(org.xipki.ca.api.OperationException)

Aggregations

X509CertWithRevocationInfo (org.xipki.ca.server.impl.store.X509CertWithRevocationInfo)7 DERPrintableString (org.bouncycastle.asn1.DERPrintableString)3 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)3 AuditEvent (org.xipki.audit.AuditEvent)3 OperationException (org.xipki.ca.api.OperationException)3 CertificateException (java.security.cert.CertificateException)1 X509Certificate (java.security.cert.X509Certificate)1 Date (java.util.Date)1 NameId (org.xipki.ca.api.NameId)1 X509CertWithDbId (org.xipki.ca.api.X509CertWithDbId)1 CaMgmtException (org.xipki.ca.server.mgmt.api.CaMgmtException)1 CertWithStatusInfo (org.xipki.ca.server.mgmt.api.x509.CertWithStatusInfo)1 CertRevocationInfo (org.xipki.security.CertRevocationInfo)1 CrlReason (org.xipki.security.CrlReason)1