Example 1 with CaEntry
use of org.xipki.ca.server.mgmt.api.CaEntry in project xipki by xipki.
the class EnrollCertCmd method execute0.
@Override
protected Object execute0() throws Exception {
CaEntry ca = caManager.getCa(caName);
if (ca == null) {
throw new CmdFailure("CA " + caName + " not available");
}
Date notBefore = StringUtil.isNotBlank(notBeforeS) ? DateUtil.parseUtcTimeyyyyMMddhhmmss(notBeforeS) : null;
Date notAfter = StringUtil.isNotBlank(notAfterS) ? DateUtil.parseUtcTimeyyyyMMddhhmmss(notAfterS) : null;
byte[] encodedCsr = IoUtil.read(csrFile);
X509Certificate cert = caManager.generateCertificate(caName, profileName, encodedCsr, notBefore, notAfter);
saveVerbose("saved certificate to file", new File(outFile), cert.getEncoded());
return null;
}
Also used :
CaEntry(org.xipki.ca.server.mgmt.api.CaEntry)
CmdFailure(org.xipki.console.karaf.CmdFailure)
File(java.io.File)
Date(java.util.Date)
X509Certificate(java.security.cert.X509Certificate)
Example 2 with CaEntry
use of org.xipki.ca.server.mgmt.api.CaEntry in project xipki by xipki.
the class CaUpdateCmd method getChangeCaEntry.
protected X509ChangeCaEntry getChangeCaEntry() throws Exception {
X509ChangeCaEntry entry = new X509ChangeCaEntry(new NameId(null, caName));
if (snBitLen != null) {
ParamUtil.requireRange("sn-bitlen", snBitLen, 63, 159);
entry.setSerialNoBitLen(snBitLen);
}
if (caStatus != null) {
entry.setStatus(CaStatus.forName(caStatus));
}
if (expirationPeriod != null && expirationPeriod < 0) {
throw new IllegalCmdParamException("invalid expirationPeriod: " + expirationPeriod);
} else {
entry.setExpirationPeriod(expirationPeriod);
}
if (keepExpiredCertInDays != null) {
entry.setKeepExpiredCertInDays(keepExpiredCertInDays);
}
if (certFile != null) {
entry.setCert(X509Util.parseCert(certFile));
}
if (signerConf != null) {
String tmpSignerType = signerType;
if (tmpSignerType == null) {
CaEntry caEntry = caManager.getCa(caName);
if (caEntry == null) {
throw new IllegalCmdParamException("please specify the signerType");
}
tmpSignerType = caEntry.getSignerType();
}
signerConf = ShellUtil.canonicalizeSignerConf(tmpSignerType, signerConf, passwordResolver, securityFactory);
entry.setSignerConf(signerConf);
}
if (duplicateKeyS != null) {
boolean permitted = isEnabled(duplicateKeyS, true, "duplicate-key");
entry.setDuplicateKeyPermitted(permitted);
}
if (duplicateSubjectS != null) {
boolean permitted = isEnabled(duplicateSubjectS, true, "duplicate-subject");
entry.setDuplicateSubjectPermitted(permitted);
}
if (saveReqS != null) {
boolean saveReq = isEnabled(saveReqS, true, "save-req");
entry.setSaveRequest(saveReq);
}
if (CollectionUtil.isNonEmpty(permissions)) {
int intPermission = ShellUtil.getPermission(permissions);
entry.setPermission(intPermission);
}
entry.setCrlUris(getUris(crlUris));
entry.setDeltaCrlUris(getUris(deltaCrlUris));
entry.setOcspUris(getUris(ocspUris));
entry.setCaCertUris(getUris(caCertUris));
if (validityModeS != null) {
ValidityMode validityMode = ValidityMode.forName(validityModeS);
entry.setValidityMode(validityMode);
}
if (maxValidity != null) {
entry.setMaxValidity(CertValidity.getInstance(maxValidity));
}
if (crlSignerName != null) {
entry.setCrlSignerName(crlSignerName);
}
if (cmpControlName != null) {
entry.setCmpControlName(cmpControlName);
}
if (responderName != null) {
entry.setResponderName(responderName);
}
if (extraControl != null) {
entry.setExtraControl(new ConfPairs(extraControl).unmodifiable());
}
if (numCrls != null) {
entry.setNumCrls(numCrls);
}
return entry;
}
Also used :
X509ChangeCaEntry(org.xipki.ca.server.mgmt.api.x509.X509ChangeCaEntry)
CaEntry(org.xipki.ca.server.mgmt.api.CaEntry)
ValidityMode(org.xipki.ca.server.mgmt.api.ValidityMode)
NameId(org.xipki.ca.api.NameId)
IllegalCmdParamException(org.xipki.console.karaf.IllegalCmdParamException)
ConfPairs(org.xipki.common.ConfPairs)
X509ChangeCaEntry(org.xipki.ca.server.mgmt.api.x509.X509ChangeCaEntry)
Example 3 with CaEntry
use of org.xipki.ca.server.mgmt.api.CaEntry in project xipki by xipki.
the class CaInfoCmd method execute0.
@Override
protected Object execute0() throws Exception {
StringBuilder sb = new StringBuilder();
if (name == null) {
sb.append("successful CAs:\n");
String prefix = " ";
printCaNames(sb, caManager.getSuccessfulCaNames(), prefix);
sb.append("failed CAs:\n");
printCaNames(sb, caManager.getFailedCaNames(), prefix);
sb.append("inactive CAs:\n");
printCaNames(sb, caManager.getInactiveCaNames(), prefix);
} else {
CaEntry entry = caManager.getCa(name);
if (entry == null) {
throw new CmdFailure("could not find CA '" + name + "'");
} else {
if (CaStatus.ACTIVE == entry.getStatus()) {
boolean started = caManager.getSuccessfulCaNames().contains(entry.getIdent().getName());
sb.append("started: ").append(started).append("\n");
}
Set<String> aliases = caManager.getAliasesForCa(name);
sb.append("aliases: ").append(toString(aliases)).append("\n");
sb.append(entry.toString(verbose.booleanValue()));
}
}
println(sb.toString());
return null;
}
Also used :
CaEntry(org.xipki.ca.server.mgmt.api.CaEntry)
CmdFailure(org.xipki.console.karaf.CmdFailure)
Example 4 with CaEntry
use of org.xipki.ca.server.mgmt.api.CaEntry in project xipki by xipki.
the class CrlAction method execute0.
@Override
protected Object execute0() throws Exception {
CaEntry ca = caManager.getCa(caName);
if (ca == null) {
throw new CmdFailure("CA " + caName + " not available");
}
X509CRL crl = null;
try {
crl = retrieveCrl();
} catch (Exception ex) {
throw new CmdFailure("received no CRL from server: " + ex.getMessage());
}
if (crl == null) {
throw new CmdFailure("received no CRL from server");
}
if (outFile != null) {
saveVerbose("saved CRL to file", new File(outFile), crl.getEncoded());
}
return null;
}
Also used :
CaEntry(org.xipki.ca.server.mgmt.api.CaEntry)
X509CRL(java.security.cert.X509CRL)
CmdFailure(org.xipki.console.karaf.CmdFailure)
File(java.io.File)
Example 5 with CaEntry
use of org.xipki.ca.server.mgmt.api.CaEntry in project xipki by xipki.
the class RcaNameCompleter method getEnums.
@Override
protected Set<String> getEnums() {
Set<String> ret = new HashSet<>();
for (String name : caManager.getCaNames()) {
CaEntry caEntry = caManager.getCa(name);
if (!(caEntry instanceof X509CaEntry)) {
continue;
}
X509Certificate cert = ((X509CaEntry) caEntry).getCert();
if (cert.getIssuerX500Principal().equals(cert.getSubjectX500Principal())) {
ret.add(name);
}
}
return ret;
}
Also used :
X509CaEntry(org.xipki.ca.server.mgmt.api.x509.X509CaEntry)
CaEntry(org.xipki.ca.server.mgmt.api.CaEntry)
X509Certificate(java.security.cert.X509Certificate)
HashSet(java.util.HashSet)
X509CaEntry(org.xipki.ca.server.mgmt.api.x509.X509CaEntry)
Aggregations
CaEntry (org.xipki.ca.server.mgmt.api.CaEntry)9
CmdFailure (org.xipki.console.karaf.CmdFailure)6
X509Certificate (java.security.cert.X509Certificate)4
X509CaEntry (org.xipki.ca.server.mgmt.api.x509.X509CaEntry)4
File (java.io.File)3
BigInteger (java.math.BigInteger)2
X509CRL (java.security.cert.X509CRL)2
X509ChangeCaEntry (org.xipki.ca.server.mgmt.api.x509.X509ChangeCaEntry)2
ConfPairs (org.xipki.common.ConfPairs)2
IllegalCmdParamException (org.xipki.console.karaf.IllegalCmdParamException)2
IOException (java.io.IOException)1
CertificateEncodingException (java.security.cert.CertificateEncodingException)1
Date (java.util.Date)1
HashSet (java.util.HashSet)1
NameId (org.xipki.ca.api.NameId)1
AddUserEntry (org.xipki.ca.server.mgmt.api.AddUserEntry)1
CaHasRequestorEntry (org.xipki.ca.server.mgmt.api.CaHasRequestorEntry)1
CaHasUserEntry (org.xipki.ca.server.mgmt.api.CaHasUserEntry)1
CaMgmtException (org.xipki.ca.server.mgmt.api.CaMgmtException)1
CertprofileEntry (org.xipki.ca.server.mgmt.api.CertprofileEntry)1
