Example 81 with CaMgmtException
use of org.xipki.ca.server.mgmt.api.CaMgmtException in project xipki by xipki.
the class CaManagerImpl method unrevokeCertificate.
// method revokeCertificate
@Override
public void unrevokeCertificate(String caName, BigInteger serialNumber) throws CaMgmtException {
caName = ParamUtil.requireNonBlank("caName", caName).toLowerCase();
ParamUtil.requireNonNull("serialNumber", serialNumber);
X509Ca ca = getX509Ca(caName);
try {
if (ca.unrevokeCertificate(serialNumber, CaAuditConstants.MSGID_ca_mgmt) == null) {
throw new CaMgmtException("could not unrevoke non-existing certificate");
}
} catch (OperationException ex) {
throw new CaMgmtException(ex.getMessage(), ex);
}
}
Also used :
CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException)
OperationException(org.xipki.ca.api.OperationException)
Example 82 with CaMgmtException
use of org.xipki.ca.server.mgmt.api.CaMgmtException in project xipki by xipki.
the class CaManagerImpl method exportConf.
@Override
public void exportConf(String zipFilename, List<String> caNames) throws CaMgmtException, IOException {
ParamUtil.requireNonBlank("zipFilename", zipFilename);
if (!caSystemSetuped) {
throw new CaMgmtException("CA system is not initialized yet.");
}
zipFilename = IoUtil.expandFilepath(zipFilename);
if (caNames != null) {
List<String> tmpCaNames = new ArrayList<>(caNames.size());
for (String name : caNames) {
name = name.toLowerCase();
if (x509cas.containsKey(name)) {
tmpCaNames.add(name);
}
}
caNames = tmpCaNames;
} else {
List<String> tmpCaNames = new ArrayList<>(x509cas.size());
for (String name : x509cas.keySet()) {
tmpCaNames.add(name);
}
caNames = tmpCaNames;
}
File zipFile = new File(zipFilename);
if (zipFile.exists()) {
throw new IOException(concat("File ", zipFilename, " exists."));
}
File parentFile = zipFile.getParentFile();
if (parentFile != null && !parentFile.exists()) {
parentFile.mkdirs();
}
CAConfType root = new CAConfType();
root.setVersion(1);
ZipOutputStream zipStream = getZipOutputStream(zipFile);
try {
Set<String> includeCmpControlNames = new HashSet<>();
Set<String> includeResponderNames = new HashSet<>();
Set<String> includeRequestorNames = new HashSet<>();
Set<String> includeProfileNames = new HashSet<>();
Set<String> includePublisherNames = new HashSet<>();
Set<String> includeCrlSignerNames = new HashSet<>();
Set<String> includeUserNames = new HashSet<>();
// users
root.setUsers(new CAConfType.Users());
List<UserType> users = root.getUsers().getUser();
// cas
if (CollectionUtil.isNonEmpty(caNames)) {
List<CaType> list = new LinkedList<>();
for (String name : x509cas.keySet()) {
if (!caNames.contains(name)) {
continue;
}
CaType jaxb = new CaType();
jaxb.setName(name);
Set<String> strs = getAliasesForCa(name);
if (CollectionUtil.isNonEmpty(strs)) {
jaxb.setAliases(createStrings(strs));
}
strs = caHasProfiles.get(name);
if (CollectionUtil.isNonEmpty(strs)) {
includeProfileNames.addAll(strs);
jaxb.setProfiles(createStrings(strs));
}
strs = caHasPublishers.get(name);
if (CollectionUtil.isNonEmpty(strs)) {
includePublisherNames.addAll(strs);
jaxb.setPublishers(createStrings(strs));
}
// CaHasRequestors
Set<CaHasRequestorEntry> requestors = caHasRequestors.get(name);
if (CollectionUtil.isNonEmpty(requestors)) {
jaxb.setRequestors(new CaType.Requestors());
for (CaHasRequestorEntry m : requestors) {
String requestorName = m.getRequestorIdent().getName();
includeRequestorNames.add(requestorName);
CaHasRequestorType jaxb2 = new CaHasRequestorType();
jaxb2.setRequestorName(requestorName);
jaxb2.setRa(m.isRa());
jaxb2.setProfiles(createStrings(m.getProfiles()));
jaxb2.setPermission(m.getPermission());
jaxb.getRequestors().getRequestor().add(jaxb2);
}
}
// CaHasUsers
List<CaHasUserEntry> caHasUsers = queryExecutor.getCaHasUsersForCa(name, idNameMap);
if (CollectionUtil.isNonEmpty(caHasUsers)) {
jaxb.setUsers(new CaType.Users());
List<CaHasUserType> list2 = jaxb.getUsers().getUser();
for (CaHasUserEntry m : caHasUsers) {
String username = m.getUserIdent().getName();
CaHasUserType jaxb2 = new CaHasUserType();
jaxb2.setUserName(username);
jaxb2.setPermission(m.getPermission());
jaxb2.setProfiles(createStrings(m.getProfiles()));
list2.add(jaxb2);
if (includeUserNames.contains(username)) {
continue;
}
// add also the user to the users
UserEntry userEntry = queryExecutor.getUser(username);
UserType jaxb3 = new UserType();
if (!userEntry.isActive()) {
jaxb3.setActive(Boolean.FALSE);
}
jaxb3.setName(username);
jaxb3.setHashedPassword(userEntry.getHashedPassword());
users.add(jaxb3);
includeUserNames.add(username);
}
}
X509CaEntry entry = x509cas.get(name).getCaInfo().getCaEntry();
X509CaInfoType ciJaxb = new X509CaInfoType();
ciJaxb.setCacertUris(createStrings(entry.getCaCertUris()));
byte[] certBytes;
try {
certBytes = entry.getCert().getEncoded();
} catch (CertificateEncodingException ex) {
throw new CaMgmtException(concat("could not encode CA certificate ", name));
}
ciJaxb.setCert(createFileOrBinary(zipStream, certBytes, concat("files/ca-", name, "-cert.der")));
if (entry.getCmpControlName() != null) {
includeCmpControlNames.add(entry.getCmpControlName());
ciJaxb.setCmpcontrolName(entry.getCmpControlName());
}
if (entry.getCrlSignerName() != null) {
includeCrlSignerNames.add(entry.getCrlSignerName());
ciJaxb.setCrlsignerName(entry.getCrlSignerName());
}
ciJaxb.setCrlUris(createStrings(entry.getCrlUris()));
ciJaxb.setDeltacrlUris(createStrings(entry.getDeltaCrlUris()));
ciJaxb.setDuplicateKey(entry.isDuplicateKeyPermitted());
ciJaxb.setDuplicateSubject(entry.isDuplicateSubjectPermitted());
ciJaxb.setExpirationPeriod(entry.getExpirationPeriod());
if (entry.getExtraControl() != null) {
ciJaxb.setExtraControl(createFileOrValue(zipStream, entry.getExtraControl().getEncoded(), concat("files/ca-", name, "-extracontrol.conf")));
}
ciJaxb.setKeepExpiredCertDays(entry.getKeepExpiredCertInDays());
ciJaxb.setMaxValidity(entry.getMaxValidity().toString());
ciJaxb.setNextCrlNo(entry.getNextCrlNumber());
ciJaxb.setNumCrls(entry.getNumCrls());
ciJaxb.setOcspUris(createStrings(entry.getOcspUris()));
ciJaxb.setPermission(entry.getPermission());
if (entry.getResponderName() != null) {
includeResponderNames.add(entry.getResponderName());
ciJaxb.setResponderName(entry.getResponderName());
}
ciJaxb.setSaveReq(entry.isSaveRequest());
ciJaxb.setSignerConf(createFileOrValue(zipStream, entry.getSignerConf(), concat("files/ca-", name, "-signerconf.conf")));
ciJaxb.setSignerType(entry.getSignerType());
ciJaxb.setSnSize(entry.getSerialNoBitLen());
ciJaxb.setStatus(entry.getStatus().getStatus());
ciJaxb.setValidityMode(entry.getValidityMode().name());
jaxb.setCaInfo(new CaType.CaInfo());
jaxb.getCaInfo().setX509Ca(ciJaxb);
list.add(jaxb);
}
if (!list.isEmpty()) {
root.setCas(new CAConfType.Cas());
root.getCas().getCa().addAll(list);
}
}
// clear the users if the list is empty
if (users.isEmpty()) {
root.setUsers(null);
}
// cmp controls
if (CollectionUtil.isNonEmpty(cmpControlDbEntries)) {
List<CmpcontrolType> list = new LinkedList<>();
for (String name : cmpControlDbEntries.keySet()) {
if (!includeCmpControlNames.contains(name)) {
continue;
}
CmpcontrolType jaxb = new CmpcontrolType();
CmpControlEntry entry = cmpControlDbEntries.get(name);
jaxb.setName(name);
jaxb.setConf(createFileOrValue(zipStream, entry.getConf(), concat("files/cmpcontrol-", name, ".conf")));
list.add(jaxb);
}
if (!list.isEmpty()) {
root.setCmpcontrols(new CAConfType.Cmpcontrols());
root.getCmpcontrols().getCmpcontrol().addAll(list);
}
}
// environments
Set<String> names = envParameterResolver.allParameterNames();
if (CollectionUtil.isNonEmpty(names)) {
List<NameValueType> list = new LinkedList<>();
for (String name : names) {
if (ENV_EPOCH.equalsIgnoreCase(name)) {
continue;
}
NameValueType jaxb = new NameValueType();
jaxb.setName(name);
jaxb.setValue(envParameterResolver.getParameter(name));
list.add(jaxb);
}
if (!list.isEmpty()) {
root.setEnvironments(new CAConfType.Environments());
root.getEnvironments().getEnvironment().addAll(list);
}
}
// crlsigners
if (CollectionUtil.isNonEmpty(crlSignerDbEntries)) {
List<CrlsignerType> list = new LinkedList<>();
for (String name : crlSignerDbEntries.keySet()) {
if (!includeCrlSignerNames.contains(name)) {
continue;
}
X509CrlSignerEntry entry = crlSignerDbEntries.get(name);
CrlsignerType jaxb = new CrlsignerType();
jaxb.setName(name);
jaxb.setSignerType(entry.getType());
jaxb.setSignerConf(createFileOrValue(zipStream, entry.getConf(), concat("files/crlsigner-", name, ".conf")));
jaxb.setSignerCert(createFileOrBase64Value(zipStream, entry.getBase64Cert(), concat("files/crlsigner-", name, ".der")));
jaxb.setCrlControl(entry.crlControl());
list.add(jaxb);
}
if (!list.isEmpty()) {
root.setCrlsigners(new CAConfType.Crlsigners());
root.getCrlsigners().getCrlsigner().addAll(list);
}
}
// requestors
if (CollectionUtil.isNonEmpty(requestorDbEntries)) {
List<RequestorType> list = new LinkedList<>();
for (String name : requestorDbEntries.keySet()) {
if (!includeRequestorNames.contains(name)) {
continue;
}
RequestorEntry entry = requestorDbEntries.get(name);
RequestorType jaxb = new RequestorType();
jaxb.setName(name);
jaxb.setCert(createFileOrBase64Value(zipStream, entry.getBase64Cert(), concat("files/requestor-", name, ".der")));
list.add(jaxb);
}
if (!list.isEmpty()) {
root.setRequestors(new CAConfType.Requestors());
root.getRequestors().getRequestor().addAll(list);
}
}
// publishers
if (CollectionUtil.isNonEmpty(publisherDbEntries)) {
List<PublisherType> list = new LinkedList<>();
for (String name : publisherDbEntries.keySet()) {
if (!includePublisherNames.contains(name)) {
continue;
}
PublisherEntry entry = publisherDbEntries.get(name);
PublisherType jaxb = new PublisherType();
jaxb.setName(name);
jaxb.setType(entry.getType());
jaxb.setConf(createFileOrValue(zipStream, entry.getConf(), concat("files/publisher-", name, ".conf")));
list.add(jaxb);
}
if (!list.isEmpty()) {
root.setPublishers(new CAConfType.Publishers());
root.getPublishers().getPublisher().addAll(list);
}
}
// profiles
if (CollectionUtil.isNonEmpty(certprofileDbEntries)) {
List<ProfileType> list = new LinkedList<>();
for (String name : certprofileDbEntries.keySet()) {
if (!includeProfileNames.contains(name)) {
continue;
}
CertprofileEntry entry = certprofileDbEntries.get(name);
ProfileType jaxb = new ProfileType();
jaxb.setName(name);
jaxb.setType(entry.getType());
jaxb.setConf(createFileOrValue(zipStream, entry.getConf(), concat("files/certprofile-", name, ".conf")));
list.add(jaxb);
}
if (!list.isEmpty()) {
root.setProfiles(new CAConfType.Profiles());
root.getProfiles().getProfile().addAll(list);
}
}
// sceps
if (CollectionUtil.isNonEmpty(scepDbEntries)) {
List<ScepType> list = new LinkedList<>();
for (String name : scepDbEntries.keySet()) {
ScepEntry entry = scepDbEntries.get(name);
String caName = entry.getCaIdent().getName();
if (!caNames.contains(caName)) {
continue;
}
String responderName = entry.getResponderName();
includeResponderNames.add(responderName);
ScepType jaxb = new ScepType();
jaxb.setName(name);
jaxb.setCaName(caName);
jaxb.setResponderName(responderName);
jaxb.setProfiles(createStrings(entry.getCertProfiles()));
jaxb.setControl(entry.getControl());
list.add(jaxb);
}
if (!list.isEmpty()) {
root.setSceps(new CAConfType.Sceps());
root.getSceps().getScep().addAll(list);
}
}
// responders
if (CollectionUtil.isNonEmpty(responderDbEntries)) {
List<ResponderType> list = new LinkedList<>();
for (String name : responderDbEntries.keySet()) {
if (!includeResponderNames.contains(name)) {
continue;
}
ResponderEntry entry = responderDbEntries.get(name);
ResponderType jaxb = new ResponderType();
jaxb.setName(name);
jaxb.setType(entry.getType());
jaxb.setConf(createFileOrValue(zipStream, entry.getConf(), concat("files/responder-", name, ".conf")));
jaxb.setCert(createFileOrBase64Value(zipStream, entry.getBase64Cert(), concat("files/responder-", name, ".der")));
list.add(jaxb);
}
if (!list.isEmpty()) {
root.setResponders(new CAConfType.Responders());
root.getResponders().getResponder().addAll(list);
}
}
// add the CAConf XML file
ByteArrayOutputStream bout = new ByteArrayOutputStream();
try {
CaConf.marshal(root, bout);
} catch (JAXBException | SAXException ex) {
LogUtil.error(LOG, ex, "could not marshal CAConf");
throw new CaMgmtException(concat("could not marshal CAConf: ", ex.getMessage()), ex);
} finally {
bout.flush();
}
zipStream.putNextEntry(new ZipEntry("caconf.xml"));
try {
zipStream.write(bout.toByteArray());
} finally {
zipStream.closeEntry();
}
} finally {
zipStream.close();
}
}
Also used :
CaHasUserEntry(org.xipki.ca.server.mgmt.api.CaHasUserEntry)
CmpcontrolType(org.xipki.ca.server.mgmt.api.conf.jaxb.CmpcontrolType)
NameValueType(org.xipki.ca.server.mgmt.api.conf.jaxb.NameValueType)
PublisherType(org.xipki.ca.server.mgmt.api.conf.jaxb.PublisherType)
ArrayList(java.util.ArrayList)
CaHasRequestorType(org.xipki.ca.server.mgmt.api.conf.jaxb.CaHasRequestorType)
RequestorType(org.xipki.ca.server.mgmt.api.conf.jaxb.RequestorType)
CaHasRequestorType(org.xipki.ca.server.mgmt.api.conf.jaxb.CaHasRequestorType)
CaType(org.xipki.ca.server.mgmt.api.conf.jaxb.CaType)
SAXException(org.xml.sax.SAXException)
PublisherEntry(org.xipki.ca.server.mgmt.api.PublisherEntry)
CmpControlEntry(org.xipki.ca.server.mgmt.api.CmpControlEntry)
ResponderEntry(org.xipki.ca.server.mgmt.api.ResponderEntry)
HashSet(java.util.HashSet)
JAXBException(javax.xml.bind.JAXBException)
CAConfType(org.xipki.ca.server.mgmt.api.conf.jaxb.CAConfType)
ResponderType(org.xipki.ca.server.mgmt.api.conf.jaxb.ResponderType)
LinkedList(java.util.LinkedList)
ChangeScepEntry(org.xipki.ca.server.mgmt.api.x509.ChangeScepEntry)
ScepEntry(org.xipki.ca.server.mgmt.api.x509.ScepEntry)
File(java.io.File)
CaHasUserType(org.xipki.ca.server.mgmt.api.conf.jaxb.CaHasUserType)
UserType(org.xipki.ca.server.mgmt.api.conf.jaxb.UserType)
CrlsignerType(org.xipki.ca.server.mgmt.api.conf.jaxb.CrlsignerType)
X509CaEntry(org.xipki.ca.server.mgmt.api.x509.X509CaEntry)
ScepType(org.xipki.ca.server.mgmt.api.conf.jaxb.ScepType)
RequestorEntry(org.xipki.ca.server.mgmt.api.RequestorEntry)
CaHasRequestorEntry(org.xipki.ca.server.mgmt.api.CaHasRequestorEntry)
ZipEntry(java.util.zip.ZipEntry)
X509CrlSignerEntry(org.xipki.ca.server.mgmt.api.x509.X509CrlSignerEntry)
ProfileType(org.xipki.ca.server.mgmt.api.conf.jaxb.ProfileType)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
IOException(java.io.IOException)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
CertprofileEntry(org.xipki.ca.server.mgmt.api.CertprofileEntry)
CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException)
ZipOutputStream(java.util.zip.ZipOutputStream)
CaHasUserType(org.xipki.ca.server.mgmt.api.conf.jaxb.CaHasUserType)
X509CaInfoType(org.xipki.ca.server.mgmt.api.conf.jaxb.X509CaInfoType)
AddUserEntry(org.xipki.ca.server.mgmt.api.AddUserEntry)
UserEntry(org.xipki.ca.server.mgmt.api.UserEntry)
CaHasUserEntry(org.xipki.ca.server.mgmt.api.CaHasUserEntry)
ChangeUserEntry(org.xipki.ca.server.mgmt.api.ChangeUserEntry)
CaHasRequestorEntry(org.xipki.ca.server.mgmt.api.CaHasRequestorEntry)
Example 83 with CaMgmtException
use of org.xipki.ca.server.mgmt.api.CaMgmtException in project xipki by xipki.
the class CaManagerImpl method generateCertificate.
// method removeCertificate
@Override
public X509Certificate generateCertificate(String caName, String profileName, byte[] encodedCsr, Date notBefore, Date notAfter) throws CaMgmtException {
caName = ParamUtil.requireNonBlank("caName", caName).toLowerCase();
profileName = ParamUtil.requireNonBlank("profileName", profileName).toLowerCase();
ParamUtil.requireNonNull("encodedCsr", encodedCsr);
AuditEvent event = new AuditEvent(new Date());
event.setApplicationName(CaAuditConstants.APPNAME);
event.setName(CaAuditConstants.NAME_PERF);
event.addEventType("CAMGMT_CRL_GEN_ONDEMAND");
X509Ca ca = getX509Ca(caName);
CertificationRequest csr;
try {
csr = CertificationRequest.getInstance(encodedCsr);
} catch (Exception ex) {
throw new CaMgmtException(concat("invalid CSR request. ERROR: ", ex.getMessage()));
}
CmpControl cmpControl = getCmpControlObject(ca.getCaInfo().getCmpControlName());
if (!securityFactory.verifyPopo(csr, cmpControl.getPopoAlgoValidator())) {
throw new CaMgmtException("could not validate POP for the CSR");
}
CertificationRequestInfo certTemp = csr.getCertificationRequestInfo();
Extensions extensions = null;
ASN1Set attrs = certTemp.getAttributes();
for (int i = 0; i < attrs.size(); i++) {
Attribute attr = Attribute.getInstance(attrs.getObjectAt(i));
if (PKCSObjectIdentifiers.pkcs_9_at_extensionRequest.equals(attr.getAttrType())) {
extensions = Extensions.getInstance(attr.getAttributeValues()[0]);
}
}
X500Name subject = certTemp.getSubject();
SubjectPublicKeyInfo publicKeyInfo = certTemp.getSubjectPublicKeyInfo();
CertTemplateData certTemplateData = new CertTemplateData(subject, publicKeyInfo, notBefore, notAfter, extensions, profileName);
X509CertificateInfo certInfo;
try {
certInfo = ca.generateCertificate(certTemplateData, byCaRequestor, RequestType.CA, (byte[]) null, CaAuditConstants.MSGID_ca_mgmt);
} catch (OperationException ex) {
throw new CaMgmtException(ex.getMessage(), ex);
}
if (ca.getCaInfo().isSaveRequest()) {
try {
long dbId = ca.addRequest(encodedCsr);
ca.addRequestCert(dbId, certInfo.getCert().getCertId());
} catch (OperationException ex) {
LogUtil.warn(LOG, ex, "could not save request");
}
}
return certInfo.getCert().getCert();
}
Also used :
CertificationRequestInfo(org.bouncycastle.asn1.pkcs.CertificationRequestInfo)
Attribute(org.bouncycastle.asn1.pkcs.Attribute)
X509CertificateInfo(org.xipki.ca.api.publisher.x509.X509CertificateInfo)
X500Name(org.bouncycastle.asn1.x500.X500Name)
Extensions(org.bouncycastle.asn1.x509.Extensions)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
Date(java.util.Date)
CertprofileException(org.xipki.ca.api.profile.CertprofileException)
KeyStoreException(java.security.KeyStoreException)
XiSecurityException(org.xipki.security.exception.XiSecurityException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
InvalidConfException(org.xipki.common.InvalidConfException)
SocketException(java.net.SocketException)
IOException(java.io.IOException)
CertPublisherException(org.xipki.ca.api.publisher.CertPublisherException)
OperationException(org.xipki.ca.api.OperationException)
CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException)
ObjectCreationException(org.xipki.common.ObjectCreationException)
DataAccessException(org.xipki.datasource.DataAccessException)
JAXBException(javax.xml.bind.JAXBException)
FileNotFoundException(java.io.FileNotFoundException)
SAXException(org.xml.sax.SAXException)
CertificateException(java.security.cert.CertificateException)
PasswordResolverException(org.xipki.password.PasswordResolverException)
CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException)
ASN1Set(org.bouncycastle.asn1.ASN1Set)
CmpControl(org.xipki.ca.server.mgmt.api.CmpControl)
PciAuditEvent(org.xipki.audit.PciAuditEvent)
AuditEvent(org.xipki.audit.AuditEvent)
CertificationRequest(org.bouncycastle.asn1.pkcs.CertificationRequest)
OperationException(org.xipki.ca.api.OperationException)
Example 84 with CaMgmtException
use of org.xipki.ca.server.mgmt.api.CaMgmtException in project xipki by xipki.
the class CaManagerImpl method loadConf.
@Override
public void loadConf(CaConf conf) throws CaMgmtException {
ParamUtil.requireNonNull("conf", conf);
if (!caSystemSetuped) {
throw new CaMgmtException("CA system is not initialized yet.");
}
// CMP control
for (String name : conf.getCmpControlNames()) {
CmpControlEntry entry = conf.getCmpControl(name);
CmpControlEntry entryB = cmpControlDbEntries.get(name);
if (entryB != null) {
if (entry.equals(entryB)) {
LOG.info("ignore existed CMP control {}", name);
continue;
} else {
String msg = concat("CMP control ", name, " existed, could not re-added it");
LOG.error(msg);
throw new CaMgmtException(msg);
}
}
try {
addCmpControl(entry);
LOG.info("added CMP control {}", name);
} catch (CaMgmtException ex) {
String msg = concat("could not add CMP control ", name);
LogUtil.error(LOG, ex, msg);
throw new CaMgmtException(msg);
}
}
// Responder
for (String name : conf.getResponderNames()) {
ResponderEntry entry = conf.getResponder(name);
ResponderEntry entryB = responderDbEntries.get(name);
if (entryB != null) {
if (entry.equals(entryB)) {
LOG.info("ignore existed CMP responder {}", name);
continue;
} else {
String msg = concat("CMP responder ", name, " existed, could not re-added it");
LOG.error(msg);
throw new CaMgmtException(msg);
}
}
try {
addResponder(entry);
LOG.info("added CMP responder {}", name);
} catch (CaMgmtException ex) {
String msg = concat("could not add CMP responder ", name);
LogUtil.error(LOG, ex, msg);
throw new CaMgmtException(msg);
}
}
// Environment
for (String name : conf.getEnvironmentNames()) {
String entry = conf.getEnvironment(name);
String entryB = envParameterResolver.getParameter(name);
if (entryB != null) {
if (entry.equals(entryB)) {
LOG.info("ignore existed environment parameter {}", name);
continue;
} else {
String msg = concat("environment parameter ", name, " existed, could not re-added it");
LOG.error(msg);
throw new CaMgmtException(msg);
}
}
try {
addEnvParam(name, entry);
LOG.info("could not add environment parameter {}", name);
} catch (CaMgmtException ex) {
String msg = concat("could not add environment parameter ", name);
LogUtil.error(LOG, ex, msg);
throw new CaMgmtException(msg);
}
}
// CRL signer
for (String name : conf.getCrlSignerNames()) {
X509CrlSignerEntry entry = conf.getCrlSigner(name);
X509CrlSignerEntry entryB = crlSignerDbEntries.get(name);
if (entryB != null) {
if (entry.equals(entryB)) {
LOG.info("ignore existed CRL signer {}", name);
continue;
} else {
String msg = concat("CRL signer ", name, " existed, could not re-added it");
LOG.error(msg);
throw new CaMgmtException(msg);
}
}
try {
addCrlSigner(entry);
LOG.info("added CRL signer {}", name);
} catch (CaMgmtException ex) {
String msg = concat("could not add CRL signer ", name);
LogUtil.error(LOG, ex, msg);
throw new CaMgmtException(msg);
}
}
// Requestor
for (String name : conf.getRequestorNames()) {
RequestorEntry entry = conf.getRequestor(name);
RequestorEntry entryB = requestorDbEntries.get(name);
if (entryB != null) {
if (entry.equals(entryB)) {
LOG.info("ignore existed CMP requestor {}", name);
continue;
} else {
String msg = concat("CMP requestor ", name, " existed, could not re-added it");
LOG.error(msg);
throw new CaMgmtException(msg);
}
}
try {
addRequestor(entry);
LOG.info("added CMP requestor {}", name);
} catch (CaMgmtException ex) {
String msg = concat("could not add CMP requestor ", name);
LogUtil.error(LOG, ex, msg);
throw new CaMgmtException(msg);
}
}
// Publisher
for (String name : conf.getPublisherNames()) {
PublisherEntry entry = conf.getPublisher(name);
PublisherEntry entryB = publisherDbEntries.get(name);
if (entryB != null) {
if (entry.equals(entryB)) {
LOG.info("ignore existed publisher {}", name);
continue;
} else {
String msg = concat("publisher ", name, " existed, could not re-added it");
LOG.error(msg);
throw new CaMgmtException(msg);
}
}
try {
addPublisher(entry);
LOG.info("added publisher {}", name);
} catch (CaMgmtException ex) {
String msg = "could not add publisher " + name;
LogUtil.error(LOG, ex, msg);
throw new CaMgmtException(msg);
}
}
// CertProfile
for (String name : conf.getCertProfileNames()) {
CertprofileEntry entry = conf.getCertProfile(name);
CertprofileEntry entryB = certprofileDbEntries.get(name);
if (entryB != null) {
if (entry.equals(entryB)) {
LOG.info("ignore existed certProfile {}", name);
continue;
} else {
String msg = concat("certProfile ", name, " existed, could not re-added it");
LOG.error(msg);
throw new CaMgmtException(msg);
}
}
try {
addCertprofile(entry);
LOG.info("added certProfile {}", name);
} catch (CaMgmtException ex) {
String msg = concat("could not add certProfile ", name);
LogUtil.error(LOG, ex, msg);
throw new CaMgmtException(msg);
}
}
// User
for (String name : conf.getUserNames()) {
Object obj = conf.getUser(name);
UserEntry entryB = queryExecutor.getUser(name, true);
if (entryB != null) {
boolean equals = false;
if (obj instanceof UserEntry) {
UserEntry entry = (UserEntry) obj;
equals = entry.equals(entryB);
} else {
AddUserEntry entry = (AddUserEntry) obj;
equals = PasswordHash.validatePassword(entry.getPassword(), entryB.getHashedPassword());
}
if (equals) {
LOG.info("ignore existed user {}", name);
continue;
} else {
String msg = concat("user ", name, " existed, could not re-added it");
LOG.error(msg);
throw new CaMgmtException(msg);
}
}
try {
if (obj instanceof UserEntry) {
queryExecutor.addUser((UserEntry) obj);
} else {
queryExecutor.addUser((AddUserEntry) obj);
}
LOG.info("added user {}", name);
} catch (CaMgmtException ex) {
String msg = concat("could not add user ", name);
LogUtil.error(LOG, ex, msg);
throw new CaMgmtException(msg);
}
}
// CA
for (String caName : conf.getCaNames()) {
SingleCaConf scc = conf.getCa(caName);
GenSelfIssued genSelfIssued = scc.getGenSelfIssued();
CaEntry caEntry = scc.getCaEntry();
if (caEntry != null) {
if (!(caEntry instanceof X509CaEntry)) {
throw new CaMgmtException(concat("Unsupported CaEntry ", caName, " (only X509CaEntry is supported"));
}
X509CaEntry entry = (X509CaEntry) caEntry;
if (caInfos.containsKey(caName)) {
CaEntry entryB = caInfos.get(caName).getCaEntry();
if (entry.getCert() == null && genSelfIssued != null) {
SignerConf signerConf = new SignerConf(entry.getSignerConf());
ConcurrentContentSigner signer;
try {
signer = securityFactory.createSigner(entry.getSignerType(), signerConf, (X509Certificate) null);
} catch (ObjectCreationException ex) {
throw new CaMgmtException(concat("could not create signer for CA ", caName), ex);
}
entry.setCert(signer.getCertificate());
}
if (entry.equals(entryB, true)) {
LOG.info("ignore existed CA {}", caName);
} else {
String msg = concat("CA ", caName, " existed, could not re-added it");
LOG.error(msg);
throw new CaMgmtException(msg);
}
} else {
if (genSelfIssued != null) {
X509Certificate cert = generateRootCa(entry, genSelfIssued.getProfile(), genSelfIssued.getCsr(), genSelfIssued.getSerialNumber());
LOG.info("generated root CA {}", caName);
String fn = genSelfIssued.getCertFilename();
if (fn != null) {
try {
IoUtil.save(fn, cert.getEncoded());
LOG.info("saved generated certificate of root CA {} to {}", caName, fn);
} catch (CertificateEncodingException ex) {
LogUtil.error(LOG, ex, concat("could not encode certificate of CA ", caName));
} catch (IOException ex) {
LogUtil.error(LOG, ex, concat("error while saving certificate of root CA ", caName, " to ", fn));
}
}
} else {
try {
addCa(entry);
LOG.info("added CA {}", caName);
} catch (CaMgmtException ex) {
String msg = concat("could not add CA ", caName);
LogUtil.error(LOG, ex, msg);
throw new CaMgmtException(msg);
}
}
}
}
if (scc.getAliases() != null) {
Set<String> aliasesB = getAliasesForCa(caName);
for (String aliasName : scc.getAliases()) {
if (aliasesB != null && aliasesB.contains(aliasName)) {
LOG.info("ignored adding existing CA alias {} to CA {}", aliasName, caName);
} else {
try {
addCaAlias(aliasName, caName);
LOG.info("associated alias {} to CA {}", aliasName, caName);
} catch (CaMgmtException ex) {
String msg = concat("could not associate alias ", aliasName, " to CA ", caName);
LogUtil.error(LOG, ex, msg);
throw new CaMgmtException(msg);
}
}
}
}
if (scc.getProfileNames() != null) {
Set<String> profilesB = caHasProfiles.get(caName);
for (String profileName : scc.getProfileNames()) {
if (profilesB != null && profilesB.contains(profileName)) {
LOG.info("ignored adding certprofile {} to CA {}", profileName, caName);
} else {
try {
addCertprofileToCa(profileName, caName);
LOG.info("added certprofile {} to CA {}", profileName, caName);
} catch (CaMgmtException ex) {
String msg = concat("could not add certprofile ", profileName, " to CA ", caName);
LogUtil.error(LOG, ex, msg);
throw new CaMgmtException(msg);
}
}
}
}
if (scc.getPublisherNames() != null) {
Set<String> publishersB = caHasPublishers.get(caName);
for (String publisherName : scc.getPublisherNames()) {
if (publishersB != null && publishersB.contains(publisherName)) {
LOG.info("ignored adding publisher {} to CA {}", publisherName, caName);
} else {
try {
addPublisherToCa(publisherName, caName);
LOG.info("added publisher {} to CA {}", publisherName, caName);
} catch (CaMgmtException ex) {
String msg = concat("could not add publisher ", publisherName, " to CA ", caName);
LogUtil.error(LOG, ex, msg);
throw new CaMgmtException(msg);
}
}
}
}
if (scc.getRequestors() != null) {
Set<CaHasRequestorEntry> requestorsB = caHasRequestors.get(caName);
for (CaHasRequestorEntry requestor : scc.getRequestors()) {
String requestorName = requestor.getRequestorIdent().getName();
CaHasRequestorEntry requestorB = null;
if (requestorsB != null) {
for (CaHasRequestorEntry m : requestorsB) {
if (m.getRequestorIdent().getName().equals(requestorName)) {
requestorB = m;
break;
}
}
}
if (requestorB != null) {
if (requestor.equals(requestorB)) {
LOG.info("ignored adding requestor {} to CA {}", requestorName, caName);
} else {
String msg = concat("could not add requestor ", requestorName, " to CA", caName);
LOG.error(msg);
throw new CaMgmtException(msg);
}
} else {
try {
addRequestorToCa(requestor, caName);
LOG.info("added publisher {} to CA {}", requestorName, caName);
} catch (CaMgmtException ex) {
String msg = concat("could not add requestor ", requestorName, " to CA ", caName);
LogUtil.error(LOG, ex, msg);
throw new CaMgmtException(msg);
}
}
}
}
if (scc.getUsers() != null) {
List<CaHasUserEntry> usersB = queryExecutor.getCaHasUsersForCa(caName, idNameMap);
for (CaHasUserEntry user : scc.getUsers()) {
String userName = user.getUserIdent().getName();
CaHasUserEntry userB = null;
if (usersB != null) {
for (CaHasUserEntry m : usersB) {
if (m.getUserIdent().getName().equals(userName)) {
userB = m;
break;
}
}
}
if (userB != null) {
if (user.equals(userB)) {
LOG.info("ignored adding user {} to CA {}", userName, caName);
} else {
String msg = concat("could not add user ", userName, " to CA", caName);
LOG.error(msg);
throw new CaMgmtException(msg);
}
} else {
try {
addUserToCa(user, caName);
LOG.info("added user {} to CA {}", userName, caName);
} catch (CaMgmtException ex) {
String msg = concat("could not add user ", userName, " to CA ", caName);
LogUtil.error(LOG, ex, msg);
throw new CaMgmtException(msg);
}
}
}
}
// scc.getUsers()
}
// SCEP
for (String name : conf.getScepNames()) {
ScepEntry entry = conf.getScep(name);
ScepEntry entryB = scepDbEntries.get(name);
if (entryB != null) {
if (entry.equals(entryB)) {
LOG.error("ignore existed SCEP {}", name);
continue;
} else {
String msg = concat("SCEP ", name, " existed, could not re-added it");
LOG.error(msg);
throw new CaMgmtException(msg);
}
} else {
try {
addScep(entry);
LOG.info("added SCEP {}", name);
} catch (CaMgmtException ex) {
String msg = concat("could not add SCEP ", name);
LogUtil.error(LOG, ex, msg);
throw new CaMgmtException(msg);
}
}
}
}
Also used :
CaHasUserEntry(org.xipki.ca.server.mgmt.api.CaHasUserEntry)
RequestorEntry(org.xipki.ca.server.mgmt.api.RequestorEntry)
CaHasRequestorEntry(org.xipki.ca.server.mgmt.api.CaHasRequestorEntry)
X509CaEntry(org.xipki.ca.server.mgmt.api.x509.X509CaEntry)
ChangeCaEntry(org.xipki.ca.server.mgmt.api.ChangeCaEntry)
CaEntry(org.xipki.ca.server.mgmt.api.CaEntry)
PublisherEntry(org.xipki.ca.server.mgmt.api.PublisherEntry)
CmpControlEntry(org.xipki.ca.server.mgmt.api.CmpControlEntry)
X509CrlSignerEntry(org.xipki.ca.server.mgmt.api.x509.X509CrlSignerEntry)
ResponderEntry(org.xipki.ca.server.mgmt.api.ResponderEntry)
SignerConf(org.xipki.security.SignerConf)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
IOException(java.io.IOException)
X509Certificate(java.security.cert.X509Certificate)
CertprofileEntry(org.xipki.ca.server.mgmt.api.CertprofileEntry)
ChangeScepEntry(org.xipki.ca.server.mgmt.api.x509.ChangeScepEntry)
ScepEntry(org.xipki.ca.server.mgmt.api.x509.ScepEntry)
CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException)
ConcurrentContentSigner(org.xipki.security.ConcurrentContentSigner)
ObjectCreationException(org.xipki.common.ObjectCreationException)
SingleCaConf(org.xipki.ca.server.mgmt.api.conf.SingleCaConf)
AddUserEntry(org.xipki.ca.server.mgmt.api.AddUserEntry)
AddUserEntry(org.xipki.ca.server.mgmt.api.AddUserEntry)
UserEntry(org.xipki.ca.server.mgmt.api.UserEntry)
CaHasUserEntry(org.xipki.ca.server.mgmt.api.CaHasUserEntry)
ChangeUserEntry(org.xipki.ca.server.mgmt.api.ChangeUserEntry)
CaHasRequestorEntry(org.xipki.ca.server.mgmt.api.CaHasRequestorEntry)
GenSelfIssued(org.xipki.ca.server.mgmt.api.conf.GenSelfIssued)
X509CaEntry(org.xipki.ca.server.mgmt.api.x509.X509CaEntry)
Example 85 with CaMgmtException
use of org.xipki.ca.server.mgmt.api.CaMgmtException in project xipki by xipki.
the class CaManagerImpl method getCertRequest.
@Override
public byte[] getCertRequest(String caName, BigInteger serialNumber) throws CaMgmtException {
caName = ParamUtil.requireNonBlank("caName", caName).toLowerCase();
ParamUtil.requireNonNull("serialNumber", serialNumber);
X509Ca ca = getX509Ca(caName);
try {
return ca.getCertRequest(serialNumber);
} catch (OperationException ex) {
throw new CaMgmtException(ex.getMessage(), ex);
}
}
Also used :
CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException)
OperationException(org.xipki.ca.api.OperationException)
Aggregations
CaMgmtException (org.xipki.ca.server.mgmt.api.CaMgmtException)157
PreparedStatement (java.sql.PreparedStatement)63
SQLException (java.sql.SQLException)63
CmdFailure (org.xipki.console.karaf.CmdFailure)52
NameId (org.xipki.ca.api.NameId)31
ResultSet (java.sql.ResultSet)24
OperationException (org.xipki.ca.api.OperationException)18
AtomicInteger (java.util.concurrent.atomic.AtomicInteger)16
InvalidConfException (org.xipki.common.InvalidConfException)11
DataAccessException (org.xipki.datasource.DataAccessException)11
CertificateEncodingException (java.security.cert.CertificateEncodingException)9
CaHasRequestorEntry (org.xipki.ca.server.mgmt.api.CaHasRequestorEntry)9
CertificateException (java.security.cert.CertificateException)8
ObjectCreationException (org.xipki.common.ObjectCreationException)8
X509Certificate (java.security.cert.X509Certificate)7
Date (java.util.Date)7
X509CaEntry (org.xipki.ca.server.mgmt.api.x509.X509CaEntry)7
IOException (java.io.IOException)6
Statement (java.sql.Statement)6
CaHasUserEntry (org.xipki.ca.server.mgmt.api.CaHasUserEntry)6
