Example 6 with CaHasRequestorEntry
use of org.xipki.ca.server.mgmt.api.CaHasRequestorEntry in project xipki by xipki.
the class CaManagerImpl method removeRequestor.
// method addRequestor
@Override
public void removeRequestor(String requestorName) throws CaMgmtException {
requestorName = ParamUtil.requireNonBlank("requestorName", requestorName).toLowerCase();
asssertMasterMode();
for (String caName : caHasRequestors.keySet()) {
boolean removeMe = false;
for (CaHasRequestorEntry caHasRequestor : caHasRequestors.get(caName)) {
if (caHasRequestor.getRequestorIdent().getName().equals(requestorName)) {
removeMe = true;
break;
}
}
if (removeMe) {
removeRequestorFromCa(requestorName, caName);
}
}
boolean bo = queryExecutor.deleteRowWithName(requestorName, "REQUESTOR");
if (!bo) {
throw new CaMgmtException("unknown requestor " + requestorName);
}
idNameMap.removeRequestor(requestorDbEntries.get(requestorName).getIdent().getId());
requestorDbEntries.remove(requestorName);
requestors.remove(requestorName);
LOG.info("removed requestor '{}'", requestorName);
}
Also used :
CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException)
CaHasRequestorEntry(org.xipki.ca.server.mgmt.api.CaHasRequestorEntry)
Example 7 with CaHasRequestorEntry
use of org.xipki.ca.server.mgmt.api.CaHasRequestorEntry in project xipki by xipki.
the class CaManagerImpl method addRequestorToCa.
// method removeRequestorFromCa
@Override
public void addRequestorToCa(CaHasRequestorEntry requestor, String caName) throws CaMgmtException {
ParamUtil.requireNonNull("requestor", requestor);
caName = ParamUtil.requireNonBlank("caName", caName).toLowerCase();
asssertMasterMode();
NameId requestorIdent = requestor.getRequestorIdent();
NameId ident = idNameMap.getRequestor(requestorIdent.getName());
if (ident == null) {
String msg = concat("unknown requestor ", requestorIdent.getName());
LOG.warn(msg);
throw new CaMgmtException(msg);
}
NameId caIdent = idNameMap.getCa(caName);
if (caIdent == null) {
String msg = concat("unknown CA ", caName);
LOG.warn(msg);
throw new CaMgmtException(msg);
}
// Set the ID of requestor
requestorIdent.setId(ident.getId());
Set<CaHasRequestorEntry> cmpRequestors = caHasRequestors.get(caName);
if (cmpRequestors == null) {
cmpRequestors = new HashSet<>();
caHasRequestors.put(caName, cmpRequestors);
} else {
for (CaHasRequestorEntry entry : cmpRequestors) {
String requestorName = requestorIdent.getName();
if (entry.getRequestorIdent().getName().equals(requestorName)) {
String msg = concat("Requestor ", requestorName, " already associated with CA ", caName);
LOG.warn(msg);
throw new CaMgmtException(msg);
}
}
}
cmpRequestors.add(requestor);
queryExecutor.addRequestorToCa(requestor, caIdent);
caHasRequestors.get(caName).add(requestor);
}
Also used :
CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException)
NameId(org.xipki.ca.api.NameId)
CaHasRequestorEntry(org.xipki.ca.server.mgmt.api.CaHasRequestorEntry)
Example 8 with CaHasRequestorEntry
use of org.xipki.ca.server.mgmt.api.CaHasRequestorEntry in project xipki by xipki.
the class CaRequestorCheckCmd method execute0.
@Override
protected Object execute0() throws Exception {
println("checking CA requestor CA='" + caName + "', requestor='" + requestorName + "'");
if (caManager.getCa(caName) == null) {
throw new UnexpectedException("could not find CA '" + caName + "'");
}
Set<CaHasRequestorEntry> entries = caManager.getRequestorsForCa(caName);
CaHasRequestorEntry entry = null;
String upRequestorName = requestorName.toLowerCase();
for (CaHasRequestorEntry m : entries) {
if (m.getRequestorIdent().getName().equals(upRequestorName)) {
entry = m;
break;
}
}
if (entry == null) {
throw new CmdFailure("CA is not associated with requestor '" + requestorName + "'");
}
boolean ra = isEnabled(raS, false, "ra");
boolean bo = entry.isRa();
if (ra != bo) {
throw new CmdFailure("ra: is '" + bo + "', expected '" + ra + "'");
}
if (permissions != null) {
int intPermission = ShellUtil.getPermission(permissions);
if (intPermission != entry.getPermission()) {
throw new CmdFailure("permissions: is '" + entry.getPermission() + "', but expected '" + intPermission + "'");
}
}
if (profiles != null) {
if (profiles.size() == 1) {
if (CaManager.NULL.equalsIgnoreCase(profiles.iterator().next())) {
profiles = Collections.emptySet();
}
}
if (!profiles.equals(entry.getProfiles())) {
throw new CmdFailure("profiles: is '" + entry.getProfiles() + "', but expected '" + profiles + "'");
}
}
println(" checked CA requestor CA='" + caName + "', requestor='" + requestorName + "'");
return null;
}
Also used :
UnexpectedException(java.rmi.UnexpectedException)
CmdFailure(org.xipki.console.karaf.CmdFailure)
CaHasRequestorEntry(org.xipki.ca.server.mgmt.api.CaHasRequestorEntry)
Example 9 with CaHasRequestorEntry
use of org.xipki.ca.server.mgmt.api.CaHasRequestorEntry in project xipki by xipki.
the class CaConf method init.
private void init(CAConfType jaxb, String baseDir, ZipFile zipFile, SecurityFactory securityFactory) throws IOException, InvalidConfException, CaMgmtException {
// Properties
if (baseDir != null) {
properties.put("baseDir", baseDir);
}
if (jaxb.getProperties() != null) {
for (NameValueType m : jaxb.getProperties().getProperty()) {
String name = m.getName();
if (properties.containsKey(name)) {
throw new InvalidConfException("Property " + name + " already defined");
}
properties.put(name, m.getValue());
}
}
// CMP controls
if (jaxb.getCmpcontrols() != null) {
for (CmpcontrolType m : jaxb.getCmpcontrols().getCmpcontrol()) {
CmpControlEntry en = new CmpControlEntry(m.getName(), getValue(m.getConf(), zipFile));
addCmpControl(en);
}
}
// Responders
if (jaxb.getResponders() != null) {
for (ResponderType m : jaxb.getResponders().getResponder()) {
ResponderEntry en = new ResponderEntry(m.getName(), expandConf(m.getType()), getValue(m.getConf(), zipFile), getBase64Binary(m.getCert(), zipFile));
addResponder(en);
}
}
// Environments
if (jaxb.getEnvironments() != null) {
for (NameValueType m : jaxb.getEnvironments().getEnvironment()) {
addEnvironment(m.getName(), expandConf(m.getValue()));
}
}
// CRL signers
if (jaxb.getCrlsigners() != null) {
for (CrlsignerType m : jaxb.getCrlsigners().getCrlsigner()) {
X509CrlSignerEntry en = new X509CrlSignerEntry(m.getName(), expandConf(m.getSignerType()), getValue(m.getSignerConf(), zipFile), getBase64Binary(m.getSignerCert(), zipFile), expandConf(m.getCrlControl()));
addCrlSigner(en);
}
}
// Requestors
if (jaxb.getRequestors() != null) {
for (RequestorType m : jaxb.getRequestors().getRequestor()) {
RequestorEntry en = new RequestorEntry(new NameId(null, m.getName()), getBase64Binary(m.getCert(), zipFile));
addRequestor(en);
}
}
// Users
if (jaxb.getUsers() != null) {
for (UserType m : jaxb.getUsers().getUser()) {
boolean active = (m.isActive() != null) ? m.isActive() : true;
String password = m.getPassword();
if (password != null) {
AddUserEntry en = new AddUserEntry(new NameId(null, m.getName()), active, password);
addUser(en);
} else {
UserEntry en = new UserEntry(new NameId(null, m.getName()), active, m.getHashedPassword());
addUser(en);
}
}
}
// Publishers
if (jaxb.getPublishers() != null) {
for (PublisherType m : jaxb.getPublishers().getPublisher()) {
PublisherEntry en = new PublisherEntry(new NameId(null, m.getName()), expandConf(m.getType()), getValue(m.getConf(), zipFile));
addPublisher(en);
}
}
// CertProfiles
if (jaxb.getProfiles() != null) {
for (ProfileType m : jaxb.getProfiles().getProfile()) {
CertprofileEntry en = new CertprofileEntry(new NameId(null, m.getName()), expandConf(m.getType()), getValue(m.getConf(), zipFile));
addProfile(en);
}
}
// CAs
if (jaxb.getCas() != null) {
for (CaType m : jaxb.getCas().getCa()) {
String name = m.getName();
GenSelfIssued genSelfIssued = null;
X509CaEntry caEntry = null;
if (m.getCaInfo() != null) {
X509CaInfoType ci = m.getCaInfo().getX509Ca();
if (ci.getGenSelfIssued() != null) {
String certFilename = null;
if (ci.getCert() != null) {
if (ci.getCert().getFile() != null) {
certFilename = expandConf(ci.getCert().getFile());
} else {
throw new InvalidConfException("cert.file of CA " + name + " must not be null");
}
}
byte[] csr = getBinary(ci.getGenSelfIssued().getCsr(), zipFile);
BigInteger serialNumber = null;
String str = ci.getGenSelfIssued().getSerialNumber();
if (str != null) {
if (str.startsWith("0x") || str.startsWith("0X")) {
serialNumber = new BigInteger(str.substring(2), 16);
} else {
serialNumber = new BigInteger(str);
}
}
genSelfIssued = new GenSelfIssued(ci.getGenSelfIssued().getProfile(), csr, serialNumber, certFilename);
}
X509CaUris caUris = new X509CaUris(getStrings(ci.getCacertUris()), getStrings(ci.getOcspUris()), getStrings(ci.getCrlUris()), getStrings(ci.getDeltacrlUris()));
int exprirationPeriod = (ci.getExpirationPeriod() == null) ? 365 : ci.getExpirationPeriod().intValue();
int numCrls = (ci.getNumCrls() == null) ? 30 : ci.getNumCrls().intValue();
caEntry = new X509CaEntry(new NameId(null, name), ci.getSnSize(), ci.getNextCrlNo(), expandConf(ci.getSignerType()), getValue(ci.getSignerConf(), zipFile), caUris, numCrls, exprirationPeriod);
caEntry.setCmpControlName(ci.getCmpcontrolName());
caEntry.setCrlSignerName(ci.getCrlsignerName());
caEntry.setDuplicateKeyPermitted(ci.isDuplicateKey());
caEntry.setDuplicateSubjectPermitted(ci.isDuplicateSubject());
if (ci.getExtraControl() != null) {
String value = getValue(ci.getExtraControl(), zipFile);
if (value != null) {
caEntry.setExtraControl(new ConfPairs(value).unmodifiable());
}
}
int keepExpiredCertDays = (ci.getKeepExpiredCertDays() == null) ? -1 : ci.getKeepExpiredCertDays().intValue();
caEntry.setKeepExpiredCertInDays(keepExpiredCertDays);
caEntry.setMaxValidity(CertValidity.getInstance(ci.getMaxValidity()));
caEntry.setPermission(ci.getPermission());
caEntry.setResponderName(ci.getResponderName());
caEntry.setSaveRequest(ci.isSaveReq());
caEntry.setStatus(CaStatus.forName(ci.getStatus()));
if (ci.getValidityMode() != null) {
caEntry.setValidityMode(ValidityMode.forName(ci.getValidityMode()));
}
if (ci.getGenSelfIssued() == null) {
X509Certificate caCert;
if (ci.getCert() != null) {
byte[] bytes = getBinary(ci.getCert(), zipFile);
try {
caCert = X509Util.parseCert(bytes);
} catch (CertificateException ex) {
throw new InvalidConfException("invalid certificate of CA " + name, ex);
}
} else {
// extract from the signer configuration
ConcurrentContentSigner signer;
try {
List<String[]> signerConfs = CaEntry.splitCaSignerConfs(getValue(ci.getSignerConf(), zipFile));
SignerConf signerConf = new SignerConf(signerConfs.get(0)[1]);
signer = securityFactory.createSigner(expandConf(ci.getSignerType()), signerConf, (X509Certificate) null);
} catch (ObjectCreationException | XiSecurityException ex) {
throw new InvalidConfException("could not create CA signer for CA " + name, ex);
}
caCert = signer.getCertificate();
}
caEntry.setCert(caCert);
}
}
List<CaHasRequestorEntry> caHasRequestors = null;
if (m.getRequestors() != null) {
caHasRequestors = new LinkedList<>();
for (CaHasRequestorType req : m.getRequestors().getRequestor()) {
CaHasRequestorEntry en = new CaHasRequestorEntry(new NameId(null, req.getRequestorName()));
en.setRa(req.isRa());
List<String> strs = getStrings(req.getProfiles());
if (strs != null) {
en.setProfiles(new HashSet<>(strs));
}
en.setPermission(req.getPermission());
caHasRequestors.add(en);
}
}
List<CaHasUserEntry> caHasUsers = null;
if (m.getUsers() != null) {
caHasUsers = new LinkedList<>();
for (CaHasUserType req : m.getUsers().getUser()) {
CaHasUserEntry en = new CaHasUserEntry(new NameId(null, req.getUserName()));
en.setPermission(req.getPermission());
List<String> strs = getStrings(req.getProfiles());
if (strs != null) {
en.setProfiles(new HashSet<>(strs));
}
caHasUsers.add(en);
}
}
List<String> aliases = getStrings(m.getAliases());
List<String> profileNames = getStrings(m.getProfiles());
List<String> publisherNames = getStrings(m.getPublishers());
SingleCaConf singleCa = new SingleCaConf(name, genSelfIssued, caEntry, aliases, profileNames, caHasRequestors, caHasUsers, publisherNames);
addSingleCa(singleCa);
}
}
// SCEPs
if (jaxb.getSceps() != null) {
for (ScepType m : jaxb.getSceps().getScep()) {
String name = m.getName();
NameId caIdent = new NameId(null, m.getCaName());
List<String> certProfiles = getStrings(m.getProfiles());
ScepEntry dbEntry = new ScepEntry(name, caIdent, true, m.getResponderName(), new HashSet<>(certProfiles), m.getControl());
sceps.put(name, dbEntry);
}
}
}
Also used :
CmpcontrolType(org.xipki.ca.server.mgmt.api.conf.jaxb.CmpcontrolType)
CaHasUserEntry(org.xipki.ca.server.mgmt.api.CaHasUserEntry)
NameValueType(org.xipki.ca.server.mgmt.api.conf.jaxb.NameValueType)
NameId(org.xipki.ca.api.NameId)
PublisherType(org.xipki.ca.server.mgmt.api.conf.jaxb.PublisherType)
RequestorType(org.xipki.ca.server.mgmt.api.conf.jaxb.RequestorType)
CaHasRequestorType(org.xipki.ca.server.mgmt.api.conf.jaxb.CaHasRequestorType)
CertificateException(java.security.cert.CertificateException)
CaHasRequestorType(org.xipki.ca.server.mgmt.api.conf.jaxb.CaHasRequestorType)
CaType(org.xipki.ca.server.mgmt.api.conf.jaxb.CaType)
PublisherEntry(org.xipki.ca.server.mgmt.api.PublisherEntry)
CmpControlEntry(org.xipki.ca.server.mgmt.api.CmpControlEntry)
ResponderEntry(org.xipki.ca.server.mgmt.api.ResponderEntry)
SignerConf(org.xipki.security.SignerConf)
ResponderType(org.xipki.ca.server.mgmt.api.conf.jaxb.ResponderType)
X509Certificate(java.security.cert.X509Certificate)
ScepEntry(org.xipki.ca.server.mgmt.api.x509.ScepEntry)
AddUserEntry(org.xipki.ca.server.mgmt.api.AddUserEntry)
BigInteger(java.math.BigInteger)
UserType(org.xipki.ca.server.mgmt.api.conf.jaxb.UserType)
CaHasUserType(org.xipki.ca.server.mgmt.api.conf.jaxb.CaHasUserType)
CrlsignerType(org.xipki.ca.server.mgmt.api.conf.jaxb.CrlsignerType)
X509CaEntry(org.xipki.ca.server.mgmt.api.x509.X509CaEntry)
ScepType(org.xipki.ca.server.mgmt.api.conf.jaxb.ScepType)
RequestorEntry(org.xipki.ca.server.mgmt.api.RequestorEntry)
CaHasRequestorEntry(org.xipki.ca.server.mgmt.api.CaHasRequestorEntry)
InvalidConfException(org.xipki.common.InvalidConfException)
XiSecurityException(org.xipki.security.exception.XiSecurityException)
X509CrlSignerEntry(org.xipki.ca.server.mgmt.api.x509.X509CrlSignerEntry)
ProfileType(org.xipki.ca.server.mgmt.api.conf.jaxb.ProfileType)
ConfPairs(org.xipki.common.ConfPairs)
CertprofileEntry(org.xipki.ca.server.mgmt.api.CertprofileEntry)
X509CaUris(org.xipki.ca.server.mgmt.api.x509.X509CaUris)
ConcurrentContentSigner(org.xipki.security.ConcurrentContentSigner)
ObjectCreationException(org.xipki.common.ObjectCreationException)
CaHasUserType(org.xipki.ca.server.mgmt.api.conf.jaxb.CaHasUserType)
X509CaInfoType(org.xipki.ca.server.mgmt.api.conf.jaxb.X509CaInfoType)
CaHasUserEntry(org.xipki.ca.server.mgmt.api.CaHasUserEntry)
AddUserEntry(org.xipki.ca.server.mgmt.api.AddUserEntry)
UserEntry(org.xipki.ca.server.mgmt.api.UserEntry)
CaHasRequestorEntry(org.xipki.ca.server.mgmt.api.CaHasRequestorEntry)
Example 10 with CaHasRequestorEntry
use of org.xipki.ca.server.mgmt.api.CaHasRequestorEntry in project xipki by xipki.
the class CaRequestorInfoCmd method execute0.
@Override
protected Object execute0() throws Exception {
if (caManager.getCa(caName) == null) {
throw new CmdFailure("could not find CA '" + caName + "'");
}
StringBuilder sb = new StringBuilder();
Set<CaHasRequestorEntry> entries = caManager.getRequestorsForCa(caName);
if (isNotEmpty(entries)) {
sb.append("requestors trusted by CA " + caName).append("\n");
for (CaHasRequestorEntry entry : entries) {
sb.append("\t").append(entry).append("\n");
}
} else {
sb.append("\tno requestor for CA " + caName + " is configured");
}
println(sb.toString());
return null;
}
Also used :
CmdFailure(org.xipki.console.karaf.CmdFailure)
CaHasRequestorEntry(org.xipki.ca.server.mgmt.api.CaHasRequestorEntry)
Aggregations
CaHasRequestorEntry (org.xipki.ca.server.mgmt.api.CaHasRequestorEntry)10
CaMgmtException (org.xipki.ca.server.mgmt.api.CaMgmtException)7
NameId (org.xipki.ca.api.NameId)4
AddUserEntry (org.xipki.ca.server.mgmt.api.AddUserEntry)3
CaHasUserEntry (org.xipki.ca.server.mgmt.api.CaHasUserEntry)3
CertprofileEntry (org.xipki.ca.server.mgmt.api.CertprofileEntry)3
CmpControlEntry (org.xipki.ca.server.mgmt.api.CmpControlEntry)3
PublisherEntry (org.xipki.ca.server.mgmt.api.PublisherEntry)3
RequestorEntry (org.xipki.ca.server.mgmt.api.RequestorEntry)3
ResponderEntry (org.xipki.ca.server.mgmt.api.ResponderEntry)3
UserEntry (org.xipki.ca.server.mgmt.api.UserEntry)3
ScepEntry (org.xipki.ca.server.mgmt.api.x509.ScepEntry)3
X509CaEntry (org.xipki.ca.server.mgmt.api.x509.X509CaEntry)3
X509CrlSignerEntry (org.xipki.ca.server.mgmt.api.x509.X509CrlSignerEntry)3
CmdFailure (org.xipki.console.karaf.CmdFailure)3
IOException (java.io.IOException)2
CertificateEncodingException (java.security.cert.CertificateEncodingException)2
X509Certificate (java.security.cert.X509Certificate)2
ChangeUserEntry (org.xipki.ca.server.mgmt.api.ChangeUserEntry)2
CaHasRequestorType (org.xipki.ca.server.mgmt.api.conf.jaxb.CaHasRequestorType)2
