Search in sources :

Example 91 with CaMgmtException

use of org.xipki.ca.server.mgmt.api.CaMgmtException in project xipki by xipki.

the class CaManagerImpl method changeScep.

// method removeScep
public void changeScep(ChangeScepEntry scepEntry) throws CaMgmtException {
    ParamUtil.requireNonNull("scepEntry", scepEntry);
    asssertMasterMode();
    String name = scepEntry.getName();
    NameId caId = scepEntry.getCaIdent();
    Boolean active = scepEntry.getActive();
    String responderName = scepEntry.getResponderName();
    String control = scepEntry.getControl();
    if (caId == null && responderName == null && control == null) {
        throw new IllegalArgumentException("nothing to change or SCEP " + name);
    }
    if (caId != null && caId.getId() == null) {
        String caName = caId.getName();
        caId = idNameMap.getCa(caName);
        if (caId == null) {
            throw new CaMgmtException(concat("Unknown CA ", caName));
        }
    }
    ScepImpl scep = queryExecutor.changeScep(name, caId, active, responderName, scepEntry.getCertProfiles(), control, this, securityFactory);
    if (scep == null) {
        throw new CaMgmtException("could not chagne SCEP " + name);
    }
    sceps.remove(name);
    scepDbEntries.remove(name);
    scepDbEntries.put(name, scep.getDbEntry());
    sceps.put(name, scep);
}
Also used : CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException) NameId(org.xipki.ca.api.NameId) ScepImpl(org.xipki.ca.server.impl.scep.ScepImpl)

Example 92 with CaMgmtException

use of org.xipki.ca.server.mgmt.api.CaMgmtException in project xipki by xipki.

the class CaManagerImpl method getCert.

// method canonicalizeSignerConf
@Override
public CertWithStatusInfo getCert(String caName, BigInteger serialNumber) throws CaMgmtException {
    caName = ParamUtil.requireNonBlank("caName", caName).toLowerCase();
    ParamUtil.requireNonNull("serialNumber", serialNumber);
    X509Ca ca = getX509Ca(caName);
    X509CertWithRevocationInfo certInfo;
    try {
        certInfo = ca.getCertWithRevocationInfo(serialNumber);
    } catch (CertificateException | OperationException ex) {
        throw new CaMgmtException(ex.getMessage(), ex);
    }
    return (certInfo != null) ? certInfo.toCertWithStatusInfo() : new CertWithStatusInfo();
}
Also used : CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException) CertWithStatusInfo(org.xipki.ca.server.mgmt.api.x509.CertWithStatusInfo) CertificateException(java.security.cert.CertificateException) X509CertWithRevocationInfo(org.xipki.ca.server.impl.store.X509CertWithRevocationInfo) OperationException(org.xipki.ca.api.OperationException)

Example 93 with CaMgmtException

use of org.xipki.ca.server.mgmt.api.CaMgmtException in project xipki by xipki.

the class CaManagerQueryExecutor method getRequestorId.

// method createPublisher
Integer getRequestorId(String requestorName) throws CaMgmtException {
    final String sql = sqls.sqlSelectRequestorId;
    PreparedStatement stmt = null;
    ResultSet rs = null;
    try {
        stmt = prepareStatement(sql);
        stmt.setString(1, requestorName);
        rs = stmt.executeQuery();
        if (!rs.next()) {
            return null;
        }
        return rs.getInt("ID");
    } catch (SQLException ex) {
        throw new CaMgmtException(datasource, sql, ex);
    } finally {
        datasource.releaseResources(stmt, rs);
    }
}
Also used : CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException) SQLException(java.sql.SQLException) ResultSet(java.sql.ResultSet) PreparedStatement(java.sql.PreparedStatement)

Example 94 with CaMgmtException

use of org.xipki.ca.server.mgmt.api.CaMgmtException in project xipki by xipki.

the class CaManagerQueryExecutor method addCrlSigner.

// method addRequestorToCa
void addCrlSigner(X509CrlSignerEntry dbEntry) throws CaMgmtException {
    ParamUtil.requireNonNull("dbEntry", dbEntry);
    String crlControl = dbEntry.crlControl();
    // validate crlControl
    if (crlControl != null) {
        try {
            new CrlControl(crlControl);
        } catch (InvalidConfException ex) {
            throw new CaMgmtException(concat("invalid CRL control '", crlControl, "'"));
        }
    }
    String name = dbEntry.getName();
    String sql = "INSERT INTO CRLSIGNER (NAME,SIGNER_TYPE,SIGNER_CERT,CRL_CONTROL,SIGNER_CONF)" + " VALUES (?,?,?,?,?)";
    PreparedStatement ps = null;
    try {
        ps = prepareStatement(sql);
        int idx = 1;
        ps.setString(idx++, name);
        ps.setString(idx++, dbEntry.getType());
        ps.setString(idx++, (dbEntry.getCert() == null) ? null : Base64.encodeToString(dbEntry.getCert().getEncoded()));
        ps.setString(idx++, crlControl);
        ps.setString(idx++, dbEntry.getConf());
        if (ps.executeUpdate() == 0) {
            throw new CaMgmtException("could not add CRL signer " + name);
        }
        LOG.info("added CRL signer '{}': {}", name, dbEntry.toString(false, true));
    } catch (SQLException ex) {
        throw new CaMgmtException(datasource, sql, ex);
    } catch (CertificateEncodingException ex) {
        throw new CaMgmtException(ex);
    } finally {
        datasource.releaseResources(ps, null);
    }
}
Also used : CrlControl(org.xipki.ca.server.mgmt.api.x509.CrlControl) CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException) SQLException(java.sql.SQLException) InvalidConfException(org.xipki.common.InvalidConfException) PreparedStatement(java.sql.PreparedStatement) CertificateEncodingException(java.security.cert.CertificateEncodingException)

Example 95 with CaMgmtException

use of org.xipki.ca.server.mgmt.api.CaMgmtException in project xipki by xipki.

the class CaManagerQueryExecutor method changeCa.

// method addPublisherToCa
void changeCa(ChangeCaEntry changeCaEntry, SecurityFactory securityFactory) throws CaMgmtException {
    ParamUtil.requireNonNull("changeCaEntry", changeCaEntry);
    ParamUtil.requireNonNull("securityFactory", securityFactory);
    if (!(changeCaEntry instanceof X509ChangeCaEntry)) {
        throw new CaMgmtException("unsupported ChangeCAEntry " + changeCaEntry.getClass().getName());
    }
    X509ChangeCaEntry entry = (X509ChangeCaEntry) changeCaEntry;
    X509Certificate cert = entry.getCert();
    if (cert != null) {
        boolean anyCertIssued;
        try {
            anyCertIssued = datasource.columnExists(null, "CERT", "CA_ID", entry.getIdent().getId());
        } catch (DataAccessException ex) {
            throw new CaMgmtException(ex);
        }
        if (anyCertIssued) {
            throw new CaMgmtException("Cannot change the certificate of CA, since it has issued certificates");
        }
    }
    Integer serialNoBitLen = entry.getSerialNoBitLen();
    CaStatus status = entry.getStatus();
    List<String> crlUris = entry.getCrlUris();
    List<String> deltaCrlUris = entry.getDeltaCrlUris();
    List<String> ocspUris = entry.getOcspUris();
    List<String> caCertUris = entry.getCaCertUris();
    CertValidity maxValidity = entry.getMaxValidity();
    String signerType = entry.getSignerType();
    String signerConf = entry.getSignerConf();
    String crlsignerName = entry.getCrlSignerName();
    String responderName = entry.getResponderName();
    String cmpcontrolName = entry.getCmpControlName();
    Boolean duplicateKeyPermitted = entry.getDuplicateKeyPermitted();
    Boolean duplicateSubjectPermitted = entry.getDuplicateSubjectPermitted();
    Boolean saveReq = entry.getSaveRequest();
    Integer permission = entry.getPermission();
    Integer numCrls = entry.getNumCrls();
    Integer expirationPeriod = entry.getExpirationPeriod();
    Integer keepExpiredCertInDays = entry.getKeepExpiredCertInDays();
    ValidityMode validityMode = entry.getValidityMode();
    ConfPairs extraControl = entry.getExtraControl();
    if (signerType != null || signerConf != null || cert != null) {
        final String sql = "SELECT SIGNER_TYPE,CERT,SIGNER_CONF FROM CA WHERE ID=?";
        PreparedStatement stmt = null;
        ResultSet rs = null;
        try {
            stmt = prepareStatement(sql);
            stmt.setInt(1, entry.getIdent().getId());
            rs = stmt.executeQuery();
            if (!rs.next()) {
                throw new CaMgmtException("unknown CA '" + entry.getIdent());
            }
            String tmpSignerType = rs.getString("SIGNER_TYPE");
            String tmpSignerConf = rs.getString("SIGNER_CONF");
            String tmpB64Cert = rs.getString("CERT");
            if (signerType != null) {
                tmpSignerType = signerType;
            }
            if (signerConf != null) {
                tmpSignerConf = getRealString(signerConf);
                if (tmpSignerConf != null) {
                    tmpSignerConf = CaManagerImpl.canonicalizeSignerConf(tmpSignerType, tmpSignerConf, null, securityFactory);
                }
            }
            X509Certificate tmpCert;
            if (cert != null) {
                tmpCert = cert;
            } else {
                try {
                    tmpCert = X509Util.parseBase64EncodedCert(tmpB64Cert);
                } catch (CertificateException ex) {
                    throw new CaMgmtException("could not parse the stored certificate for CA '" + changeCaEntry.getIdent() + "'" + ex.getMessage(), ex);
                }
            }
            try {
                List<String[]> signerConfs = CaEntry.splitCaSignerConfs(tmpSignerConf);
                for (String[] m : signerConfs) {
                    securityFactory.createSigner(tmpSignerType, new SignerConf(m[1]), tmpCert);
                }
            } catch (XiSecurityException | ObjectCreationException ex) {
                throw new CaMgmtException("could not create signer for CA '" + changeCaEntry.getIdent() + "'" + ex.getMessage(), ex);
            }
        } catch (SQLException ex) {
            throw new CaMgmtException(datasource, sql, ex);
        } finally {
            datasource.releaseResources(stmt, rs);
        }
    }
    // end if (signerType)
    StringBuilder sqlBuilder = new StringBuilder();
    sqlBuilder.append("UPDATE CA SET ");
    AtomicInteger index = new AtomicInteger(1);
    Integer idxSnSize = addToSqlIfNotNull(sqlBuilder, index, serialNoBitLen, "SN_SIZE");
    Integer idxStatus = addToSqlIfNotNull(sqlBuilder, index, status, "STATUS");
    Integer idxSubject = addToSqlIfNotNull(sqlBuilder, index, cert, "SUBJECT");
    Integer idxCert = addToSqlIfNotNull(sqlBuilder, index, cert, "CERT");
    Integer idxCrlUris = addToSqlIfNotNull(sqlBuilder, index, crlUris, "CRL_URIS");
    Integer idxDeltaCrlUris = addToSqlIfNotNull(sqlBuilder, index, deltaCrlUris, "DELTACRL_URIS");
    Integer idxOcspUris = addToSqlIfNotNull(sqlBuilder, index, ocspUris, "OCSP_URIS");
    Integer idxCaCertUris = addToSqlIfNotNull(sqlBuilder, index, caCertUris, "CACERT_URIS");
    Integer idxMaxValidity = addToSqlIfNotNull(sqlBuilder, index, maxValidity, "MAX_VALIDITY");
    Integer idxSignerType = addToSqlIfNotNull(sqlBuilder, index, signerType, "SIGNER_TYPE");
    Integer idxCrlsignerName = addToSqlIfNotNull(sqlBuilder, index, crlsignerName, "CRLSIGNER_NAME");
    Integer idxResponderName = addToSqlIfNotNull(sqlBuilder, index, responderName, "RESPONDER_NAME");
    Integer idxCmpcontrolName = addToSqlIfNotNull(sqlBuilder, index, cmpcontrolName, "CMPCONTROL_NAME");
    Integer idxDuplicateKey = addToSqlIfNotNull(sqlBuilder, index, duplicateKeyPermitted, "DUPLICATE_KEY");
    Integer idxDuplicateSubject = addToSqlIfNotNull(sqlBuilder, index, duplicateKeyPermitted, "DUPLICATE_SUBJECT");
    Integer idxSaveReq = addToSqlIfNotNull(sqlBuilder, index, saveReq, "SAVE_REQ");
    Integer idxPermission = addToSqlIfNotNull(sqlBuilder, index, permission, "PERMISSION");
    Integer idxNumCrls = addToSqlIfNotNull(sqlBuilder, index, numCrls, "NUM_CRLS");
    Integer idxExpirationPeriod = addToSqlIfNotNull(sqlBuilder, index, expirationPeriod, "EXPIRATION_PERIOD");
    Integer idxExpiredCerts = addToSqlIfNotNull(sqlBuilder, index, keepExpiredCertInDays, "KEEP_EXPIRED_CERT_DAYS");
    Integer idxValidityMode = addToSqlIfNotNull(sqlBuilder, index, validityMode, "VALIDITY_MODE");
    Integer idxExtraControl = addToSqlIfNotNull(sqlBuilder, index, extraControl, "EXTRA_CONTROL");
    Integer idxSignerConf = addToSqlIfNotNull(sqlBuilder, index, signerConf, "SIGNER_CONF");
    // delete the last ','
    sqlBuilder.deleteCharAt(sqlBuilder.length() - 1);
    sqlBuilder.append(" WHERE ID=?");
    if (index.get() == 1) {
        throw new IllegalArgumentException("nothing to change");
    }
    int idxId = index.get();
    final String sql = sqlBuilder.toString();
    StringBuilder sb = new StringBuilder();
    PreparedStatement ps = null;
    try {
        ps = prepareStatement(sql);
        if (idxSnSize != null) {
            sb.append("sn_size: '").append(serialNoBitLen).append("'; ");
            ps.setInt(idxSnSize, serialNoBitLen.intValue());
        }
        if (idxStatus != null) {
            sb.append("status: '").append(status.name()).append("'; ");
            ps.setString(idxStatus, status.name());
        }
        if (idxCert != null) {
            String subject = X509Util.getRfc4519Name(cert.getSubjectX500Principal());
            sb.append("cert: '").append(subject).append("'; ");
            ps.setString(idxSubject, subject);
            String base64Cert = Base64.encodeToString(cert.getEncoded());
            ps.setString(idxCert, base64Cert);
        }
        if (idxCrlUris != null) {
            String txt = StringUtil.collectionAsStringByComma(crlUris);
            sb.append("crlUri: '").append(txt).append("'; ");
            ps.setString(idxCrlUris, txt);
        }
        if (idxDeltaCrlUris != null) {
            String txt = StringUtil.collectionAsStringByComma(deltaCrlUris);
            sb.append("deltaCrlUri: '").append(txt).append("'; ");
            ps.setString(idxDeltaCrlUris, txt);
        }
        if (idxOcspUris != null) {
            String txt = StringUtil.collectionAsStringByComma(ocspUris);
            sb.append("ocspUri: '").append(txt).append("'; ");
            ps.setString(idxOcspUris, txt);
        }
        if (idxCaCertUris != null) {
            String txt = StringUtil.collectionAsStringByComma(caCertUris);
            sb.append("caCertUri: '").append(txt).append("'; ");
            ps.setString(idxCaCertUris, txt);
        }
        if (idxMaxValidity != null) {
            String txt = maxValidity.toString();
            sb.append("maxValidity: '").append(txt).append("'; ");
            ps.setString(idxMaxValidity, txt);
        }
        if (idxSignerType != null) {
            sb.append("signerType: '").append(signerType).append("'; ");
            ps.setString(idxSignerType, signerType);
        }
        if (idxSignerConf != null) {
            sb.append("signerConf: '").append(SignerConf.toString(signerConf, false, true)).append("'; ");
            ps.setString(idxSignerConf, signerConf);
        }
        if (idxCrlsignerName != null) {
            String txt = getRealString(crlsignerName);
            sb.append("crlSigner: '").append(txt).append("'; ");
            ps.setString(idxCrlsignerName, txt);
        }
        if (idxResponderName != null) {
            String txt = getRealString(responderName);
            sb.append("responder: '").append(txt).append("'; ");
            ps.setString(idxResponderName, txt);
        }
        if (idxCmpcontrolName != null) {
            String txt = getRealString(cmpcontrolName);
            sb.append("cmpControl: '").append(txt).append("'; ");
            ps.setString(idxCmpcontrolName, txt);
        }
        if (idxDuplicateKey != null) {
            sb.append("duplicateKey: '").append(duplicateKeyPermitted).append("'; ");
            setBoolean(ps, idxDuplicateKey, duplicateKeyPermitted);
        }
        if (idxDuplicateSubject != null) {
            sb.append("duplicateSubject: '").append(duplicateSubjectPermitted).append("'; ");
            setBoolean(ps, idxDuplicateSubject, duplicateSubjectPermitted);
        }
        if (idxSaveReq != null) {
            sb.append("saveReq: '").append(saveReq).append("'; ");
            setBoolean(ps, idxSaveReq, saveReq);
        }
        if (idxPermission != null) {
            sb.append("permission: '").append(permission).append("'; ");
            ps.setInt(idxPermission, permission);
        }
        if (idxNumCrls != null) {
            sb.append("numCrls: '").append(numCrls).append("'; ");
            ps.setInt(idxNumCrls, numCrls);
        }
        if (idxExpirationPeriod != null) {
            sb.append("expirationPeriod: '").append(expirationPeriod).append("'; ");
            ps.setInt(idxExpirationPeriod, expirationPeriod);
        }
        if (idxExpiredCerts != null) {
            sb.append("keepExpiredCertDays: '").append(keepExpiredCertInDays).append("'; ");
            ps.setInt(idxExpiredCerts, keepExpiredCertInDays);
        }
        if (idxValidityMode != null) {
            String txt = validityMode.name();
            sb.append("validityMode: '").append(txt).append("'; ");
            ps.setString(idxValidityMode, txt);
        }
        if (idxExtraControl != null) {
            sb.append("extraControl: '").append(extraControl).append("'; ");
            ps.setString(idxExtraControl, extraControl.getEncoded());
        }
        ps.setInt(idxId, changeCaEntry.getIdent().getId());
        if (ps.executeUpdate() == 0) {
            throw new CaMgmtException("could not change CA " + entry.getIdent());
        }
        if (sb.length() > 0) {
            sb.deleteCharAt(sb.length() - 1).deleteCharAt(sb.length() - 1);
        }
        LOG.info("changed CA '{}': {}", changeCaEntry.getIdent(), sb);
    } catch (SQLException ex) {
        throw new CaMgmtException(datasource, sql, ex);
    } catch (CertificateEncodingException ex) {
        throw new CaMgmtException(ex);
    } finally {
        datasource.releaseResources(ps, null);
    }
}
Also used : CertValidity(org.xipki.ca.api.profile.CertValidity) SQLException(java.sql.SQLException) CertificateException(java.security.cert.CertificateException) CaStatus(org.xipki.ca.server.mgmt.api.CaStatus) ValidityMode(org.xipki.ca.server.mgmt.api.ValidityMode) XiSecurityException(org.xipki.security.exception.XiSecurityException) ResultSet(java.sql.ResultSet) DataAccessException(org.xipki.datasource.DataAccessException) ConfPairs(org.xipki.common.ConfPairs) SignerConf(org.xipki.security.SignerConf) PreparedStatement(java.sql.PreparedStatement) CertificateEncodingException(java.security.cert.CertificateEncodingException) X509ChangeCaEntry(org.xipki.ca.server.mgmt.api.x509.X509ChangeCaEntry) X509Certificate(java.security.cert.X509Certificate) AtomicInteger(java.util.concurrent.atomic.AtomicInteger) CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException) AtomicInteger(java.util.concurrent.atomic.AtomicInteger) ObjectCreationException(org.xipki.common.ObjectCreationException)

Aggregations

CaMgmtException (org.xipki.ca.server.mgmt.api.CaMgmtException)157 PreparedStatement (java.sql.PreparedStatement)63 SQLException (java.sql.SQLException)63 CmdFailure (org.xipki.console.karaf.CmdFailure)52 NameId (org.xipki.ca.api.NameId)31 ResultSet (java.sql.ResultSet)24 OperationException (org.xipki.ca.api.OperationException)18 AtomicInteger (java.util.concurrent.atomic.AtomicInteger)16 InvalidConfException (org.xipki.common.InvalidConfException)11 DataAccessException (org.xipki.datasource.DataAccessException)11 CertificateEncodingException (java.security.cert.CertificateEncodingException)9 CaHasRequestorEntry (org.xipki.ca.server.mgmt.api.CaHasRequestorEntry)9 CertificateException (java.security.cert.CertificateException)8 ObjectCreationException (org.xipki.common.ObjectCreationException)8 X509Certificate (java.security.cert.X509Certificate)7 Date (java.util.Date)7 X509CaEntry (org.xipki.ca.server.mgmt.api.x509.X509CaEntry)7 IOException (java.io.IOException)6 Statement (java.sql.Statement)6 CaHasUserEntry (org.xipki.ca.server.mgmt.api.CaHasUserEntry)6