Search in sources :

Example 6 with CaMgmtException

use of org.xipki.ca.server.mgmt.api.CaMgmtException in project xipki by xipki.

the class CaManagerImpl method removeRequestorFromCa.

// method changeRequestor
@Override
public void removeRequestorFromCa(String requestorName, String caName) throws CaMgmtException {
    requestorName = ParamUtil.requireNonBlank("requestorName", requestorName).toLowerCase();
    caName = ParamUtil.requireNonBlank("caName", caName).toLowerCase();
    asssertMasterMode();
    if (requestorName.equals(RequestorInfo.NAME_BY_CA) || requestorName.equals(RequestorInfo.NAME_BY_USER)) {
        throw new CaMgmtException(concat("removing requestor ", requestorName, " is not permitted"));
    }
    queryExecutor.removeRequestorFromCa(requestorName, caName);
    if (caHasRequestors.containsKey(caName)) {
        Set<CaHasRequestorEntry> entries = caHasRequestors.get(caName);
        CaHasRequestorEntry entry = null;
        for (CaHasRequestorEntry m : entries) {
            if (m.getRequestorIdent().getName().equals(requestorName)) {
                entry = m;
            }
        }
        entries.remove(entry);
    }
}
Also used : CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException) CaHasRequestorEntry(org.xipki.ca.server.mgmt.api.CaHasRequestorEntry)

Example 7 with CaMgmtException

use of org.xipki.ca.server.mgmt.api.CaMgmtException in project xipki by xipki.

the class CaManagerImpl method addRequestor.

@Override
public void addRequestor(RequestorEntry dbEntry) throws CaMgmtException {
    ParamUtil.requireNonNull("dbEntry", dbEntry);
    asssertMasterMode();
    String name = dbEntry.getIdent().getName();
    if (requestorDbEntries.containsKey(name)) {
        throw new CaMgmtException(concat("Requestor named ", name, " exists"));
    }
    RequestorEntryWrapper requestor = new RequestorEntryWrapper();
    requestor.setDbEntry(dbEntry);
    queryExecutor.addRequestor(dbEntry);
    idNameMap.addRequestor(dbEntry.getIdent());
    requestorDbEntries.put(name, dbEntry);
    requestors.put(name, requestor);
}
Also used : CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException) RequestorEntryWrapper(org.xipki.ca.server.impl.cmp.RequestorEntryWrapper)

Example 8 with CaMgmtException

use of org.xipki.ca.server.mgmt.api.CaMgmtException in project xipki by xipki.

the class CaManagerImpl method generateRootCa.

// method getIdentifiedPublishersForCa
@Override
public X509Certificate generateRootCa(X509CaEntry caEntry, String profileName, byte[] encodedCsr, BigInteger serialNumber) throws CaMgmtException {
    ParamUtil.requireNonNull("caEntry", caEntry);
    profileName = ParamUtil.requireNonBlank("profileName", profileName).toLowerCase();
    ParamUtil.requireNonNull("encodedCsr", encodedCsr);
    int numCrls = caEntry.getNumCrls();
    List<String> crlUris = caEntry.getCrlUris();
    List<String> deltaCrlUris = caEntry.getDeltaCrlUris();
    List<String> ocspUris = caEntry.getOcspUris();
    List<String> caCertUris = caEntry.getCaCertUris();
    String signerType = caEntry.getSignerType();
    asssertMasterMode();
    if (numCrls < 0) {
        System.err.println("invalid numCrls: " + numCrls);
        return null;
    }
    int expirationPeriod = caEntry.getExpirationPeriod();
    if (expirationPeriod < 0) {
        System.err.println("invalid expirationPeriod: " + expirationPeriod);
        return null;
    }
    CertificationRequest csr;
    try {
        csr = CertificationRequest.getInstance(encodedCsr);
    } catch (Exception ex) {
        System.err.println("invalid encodedCsr");
        return null;
    }
    IdentifiedX509Certprofile certprofile = getIdentifiedCertprofile(profileName);
    if (certprofile == null) {
        throw new CaMgmtException(concat("unknown certprofile ", profileName));
    }
    BigInteger serialOfThisCert = (serialNumber != null) ? serialNumber : RandomSerialNumberGenerator.getInstance().nextSerialNumber(caEntry.getSerialNoBitLen());
    GenerateSelfSignedResult result;
    try {
        result = X509SelfSignedCertBuilder.generateSelfSigned(securityFactory, signerType, caEntry.getSignerConf(), certprofile, csr, serialOfThisCert, caCertUris, ocspUris, crlUris, deltaCrlUris, caEntry.getExtraControl());
    } catch (OperationException | InvalidConfException ex) {
        throw new CaMgmtException(concat(ex.getClass().getName(), ": ", ex.getMessage()), ex);
    }
    String signerConf = result.getSignerConf();
    X509Certificate caCert = result.getCert();
    if ("PKCS12".equalsIgnoreCase(signerType) || "JKS".equalsIgnoreCase(signerType)) {
        try {
            signerConf = canonicalizeSignerConf(signerType, signerConf, new X509Certificate[] { caCert }, securityFactory);
        } catch (Exception ex) {
            throw new CaMgmtException(concat(ex.getClass().getName(), ": ", ex.getMessage()), ex);
        }
    }
    X509CaUris caUris = new X509CaUris(caCertUris, ocspUris, crlUris, deltaCrlUris);
    String name = caEntry.getIdent().getName();
    long nextCrlNumber = caEntry.getNextCrlNumber();
    CaStatus status = caEntry.getStatus();
    X509CaEntry entry = new X509CaEntry(new NameId(null, name), caEntry.getSerialNoBitLen(), nextCrlNumber, signerType, signerConf, caUris, numCrls, expirationPeriod);
    entry.setCert(caCert);
    entry.setCmpControlName(caEntry.getCmpControlName());
    entry.setCrlSignerName(caEntry.getCrlSignerName());
    entry.setDuplicateKeyPermitted(caEntry.isDuplicateKeyPermitted());
    entry.setDuplicateSubjectPermitted(caEntry.isDuplicateSubjectPermitted());
    entry.setExtraControl(caEntry.getExtraControl());
    entry.setKeepExpiredCertInDays(caEntry.getKeepExpiredCertInDays());
    entry.setMaxValidity(caEntry.getMaxValidity());
    entry.setPermission(caEntry.getPermission());
    entry.setResponderName(caEntry.getResponderName());
    entry.setSaveRequest(caEntry.isSaveRequest());
    entry.setStatus(status);
    entry.setValidityMode(caEntry.getValidityMode());
    addCa(entry);
    return caCert;
}
Also used : NameId(org.xipki.ca.api.NameId) InvalidConfException(org.xipki.common.InvalidConfException) CaStatus(org.xipki.ca.server.mgmt.api.CaStatus) CertprofileException(org.xipki.ca.api.profile.CertprofileException) KeyStoreException(java.security.KeyStoreException) XiSecurityException(org.xipki.security.exception.XiSecurityException) CertificateEncodingException(java.security.cert.CertificateEncodingException) InvalidConfException(org.xipki.common.InvalidConfException) SocketException(java.net.SocketException) IOException(java.io.IOException) CertPublisherException(org.xipki.ca.api.publisher.CertPublisherException) OperationException(org.xipki.ca.api.OperationException) CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException) ObjectCreationException(org.xipki.common.ObjectCreationException) DataAccessException(org.xipki.datasource.DataAccessException) JAXBException(javax.xml.bind.JAXBException) FileNotFoundException(java.io.FileNotFoundException) SAXException(org.xml.sax.SAXException) CertificateException(java.security.cert.CertificateException) PasswordResolverException(org.xipki.password.PasswordResolverException) X509Certificate(java.security.cert.X509Certificate) CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException) X509CaUris(org.xipki.ca.server.mgmt.api.x509.X509CaUris) GenerateSelfSignedResult(org.xipki.ca.server.impl.X509SelfSignedCertBuilder.GenerateSelfSignedResult) BigInteger(java.math.BigInteger) CertificationRequest(org.bouncycastle.asn1.pkcs.CertificationRequest) OperationException(org.xipki.ca.api.OperationException) X509CaEntry(org.xipki.ca.server.mgmt.api.x509.X509CaEntry)

Example 9 with CaMgmtException

use of org.xipki.ca.server.mgmt.api.CaMgmtException in project xipki by xipki.

the class CaManagerImpl method changeCertprofile.

// method removeCertprofile
@Override
public void changeCertprofile(String name, String type, String conf) throws CaMgmtException {
    name = ParamUtil.requireNonBlank("name", name).toLowerCase();
    if (type == null && conf == null) {
        throw new IllegalArgumentException("type and conf cannot be both null");
    }
    NameId ident = idNameMap.getCertprofile(name);
    if (ident == null) {
        String msg = concat("unknown Certprofile ", name);
        LOG.warn(msg);
        throw new CaMgmtException(msg);
    }
    asssertMasterMode();
    IdentifiedX509Certprofile profile = queryExecutor.changeCertprofile(ident, type, conf, this);
    certprofileDbEntries.remove(name);
    IdentifiedX509Certprofile oldProfile = certprofiles.remove(name);
    certprofileDbEntries.put(name, profile.getDbEntry());
    certprofiles.put(name, profile);
    if (oldProfile != null) {
        shutdownCertprofile(oldProfile);
    }
}
Also used : CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException) NameId(org.xipki.ca.api.NameId)

Example 10 with CaMgmtException

use of org.xipki.ca.server.mgmt.api.CaMgmtException in project xipki by xipki.

the class CaManagerImpl method changeRequestor.

// method removeRequestor
@Override
public void changeRequestor(String name, String base64Cert) throws CaMgmtException {
    ParamUtil.requireNonNull("base64Cert", base64Cert);
    name = ParamUtil.requireNonBlank("name", name).toLowerCase();
    asssertMasterMode();
    NameId ident = idNameMap.getRequestor(name);
    if (ident == null) {
        String msg = concat("unknown requestor ", name);
        LOG.warn(msg);
        throw new CaMgmtException(msg);
    }
    RequestorEntryWrapper requestor = queryExecutor.changeRequestor(ident, base64Cert);
    requestorDbEntries.remove(name);
    requestors.remove(name);
    requestorDbEntries.put(name, requestor.getDbEntry());
    requestors.put(name, requestor);
}
Also used : CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException) NameId(org.xipki.ca.api.NameId) RequestorEntryWrapper(org.xipki.ca.server.impl.cmp.RequestorEntryWrapper)

Aggregations

CaMgmtException (org.xipki.ca.server.mgmt.api.CaMgmtException)157 PreparedStatement (java.sql.PreparedStatement)63 SQLException (java.sql.SQLException)63 CmdFailure (org.xipki.console.karaf.CmdFailure)52 NameId (org.xipki.ca.api.NameId)31 ResultSet (java.sql.ResultSet)24 OperationException (org.xipki.ca.api.OperationException)18 AtomicInteger (java.util.concurrent.atomic.AtomicInteger)16 InvalidConfException (org.xipki.common.InvalidConfException)11 DataAccessException (org.xipki.datasource.DataAccessException)11 CertificateEncodingException (java.security.cert.CertificateEncodingException)9 CaHasRequestorEntry (org.xipki.ca.server.mgmt.api.CaHasRequestorEntry)9 CertificateException (java.security.cert.CertificateException)8 ObjectCreationException (org.xipki.common.ObjectCreationException)8 X509Certificate (java.security.cert.X509Certificate)7 Date (java.util.Date)7 X509CaEntry (org.xipki.ca.server.mgmt.api.x509.X509CaEntry)7 IOException (java.io.IOException)6 Statement (java.sql.Statement)6 CaHasUserEntry (org.xipki.ca.server.mgmt.api.CaHasUserEntry)6