use of org.xipki.ca.server.mgmt.api.CaMgmtException in project xipki by xipki.
the class CaManagerImpl method removeRequestorFromCa.
// method changeRequestor
@Override
public void removeRequestorFromCa(String requestorName, String caName) throws CaMgmtException {
requestorName = ParamUtil.requireNonBlank("requestorName", requestorName).toLowerCase();
caName = ParamUtil.requireNonBlank("caName", caName).toLowerCase();
asssertMasterMode();
if (requestorName.equals(RequestorInfo.NAME_BY_CA) || requestorName.equals(RequestorInfo.NAME_BY_USER)) {
throw new CaMgmtException(concat("removing requestor ", requestorName, " is not permitted"));
}
queryExecutor.removeRequestorFromCa(requestorName, caName);
if (caHasRequestors.containsKey(caName)) {
Set<CaHasRequestorEntry> entries = caHasRequestors.get(caName);
CaHasRequestorEntry entry = null;
for (CaHasRequestorEntry m : entries) {
if (m.getRequestorIdent().getName().equals(requestorName)) {
entry = m;
}
}
entries.remove(entry);
}
}
use of org.xipki.ca.server.mgmt.api.CaMgmtException in project xipki by xipki.
the class CaManagerImpl method addRequestor.
@Override
public void addRequestor(RequestorEntry dbEntry) throws CaMgmtException {
ParamUtil.requireNonNull("dbEntry", dbEntry);
asssertMasterMode();
String name = dbEntry.getIdent().getName();
if (requestorDbEntries.containsKey(name)) {
throw new CaMgmtException(concat("Requestor named ", name, " exists"));
}
RequestorEntryWrapper requestor = new RequestorEntryWrapper();
requestor.setDbEntry(dbEntry);
queryExecutor.addRequestor(dbEntry);
idNameMap.addRequestor(dbEntry.getIdent());
requestorDbEntries.put(name, dbEntry);
requestors.put(name, requestor);
}
use of org.xipki.ca.server.mgmt.api.CaMgmtException in project xipki by xipki.
the class CaManagerImpl method generateRootCa.
// method getIdentifiedPublishersForCa
@Override
public X509Certificate generateRootCa(X509CaEntry caEntry, String profileName, byte[] encodedCsr, BigInteger serialNumber) throws CaMgmtException {
ParamUtil.requireNonNull("caEntry", caEntry);
profileName = ParamUtil.requireNonBlank("profileName", profileName).toLowerCase();
ParamUtil.requireNonNull("encodedCsr", encodedCsr);
int numCrls = caEntry.getNumCrls();
List<String> crlUris = caEntry.getCrlUris();
List<String> deltaCrlUris = caEntry.getDeltaCrlUris();
List<String> ocspUris = caEntry.getOcspUris();
List<String> caCertUris = caEntry.getCaCertUris();
String signerType = caEntry.getSignerType();
asssertMasterMode();
if (numCrls < 0) {
System.err.println("invalid numCrls: " + numCrls);
return null;
}
int expirationPeriod = caEntry.getExpirationPeriod();
if (expirationPeriod < 0) {
System.err.println("invalid expirationPeriod: " + expirationPeriod);
return null;
}
CertificationRequest csr;
try {
csr = CertificationRequest.getInstance(encodedCsr);
} catch (Exception ex) {
System.err.println("invalid encodedCsr");
return null;
}
IdentifiedX509Certprofile certprofile = getIdentifiedCertprofile(profileName);
if (certprofile == null) {
throw new CaMgmtException(concat("unknown certprofile ", profileName));
}
BigInteger serialOfThisCert = (serialNumber != null) ? serialNumber : RandomSerialNumberGenerator.getInstance().nextSerialNumber(caEntry.getSerialNoBitLen());
GenerateSelfSignedResult result;
try {
result = X509SelfSignedCertBuilder.generateSelfSigned(securityFactory, signerType, caEntry.getSignerConf(), certprofile, csr, serialOfThisCert, caCertUris, ocspUris, crlUris, deltaCrlUris, caEntry.getExtraControl());
} catch (OperationException | InvalidConfException ex) {
throw new CaMgmtException(concat(ex.getClass().getName(), ": ", ex.getMessage()), ex);
}
String signerConf = result.getSignerConf();
X509Certificate caCert = result.getCert();
if ("PKCS12".equalsIgnoreCase(signerType) || "JKS".equalsIgnoreCase(signerType)) {
try {
signerConf = canonicalizeSignerConf(signerType, signerConf, new X509Certificate[] { caCert }, securityFactory);
} catch (Exception ex) {
throw new CaMgmtException(concat(ex.getClass().getName(), ": ", ex.getMessage()), ex);
}
}
X509CaUris caUris = new X509CaUris(caCertUris, ocspUris, crlUris, deltaCrlUris);
String name = caEntry.getIdent().getName();
long nextCrlNumber = caEntry.getNextCrlNumber();
CaStatus status = caEntry.getStatus();
X509CaEntry entry = new X509CaEntry(new NameId(null, name), caEntry.getSerialNoBitLen(), nextCrlNumber, signerType, signerConf, caUris, numCrls, expirationPeriod);
entry.setCert(caCert);
entry.setCmpControlName(caEntry.getCmpControlName());
entry.setCrlSignerName(caEntry.getCrlSignerName());
entry.setDuplicateKeyPermitted(caEntry.isDuplicateKeyPermitted());
entry.setDuplicateSubjectPermitted(caEntry.isDuplicateSubjectPermitted());
entry.setExtraControl(caEntry.getExtraControl());
entry.setKeepExpiredCertInDays(caEntry.getKeepExpiredCertInDays());
entry.setMaxValidity(caEntry.getMaxValidity());
entry.setPermission(caEntry.getPermission());
entry.setResponderName(caEntry.getResponderName());
entry.setSaveRequest(caEntry.isSaveRequest());
entry.setStatus(status);
entry.setValidityMode(caEntry.getValidityMode());
addCa(entry);
return caCert;
}
use of org.xipki.ca.server.mgmt.api.CaMgmtException in project xipki by xipki.
the class CaManagerImpl method changeCertprofile.
// method removeCertprofile
@Override
public void changeCertprofile(String name, String type, String conf) throws CaMgmtException {
name = ParamUtil.requireNonBlank("name", name).toLowerCase();
if (type == null && conf == null) {
throw new IllegalArgumentException("type and conf cannot be both null");
}
NameId ident = idNameMap.getCertprofile(name);
if (ident == null) {
String msg = concat("unknown Certprofile ", name);
LOG.warn(msg);
throw new CaMgmtException(msg);
}
asssertMasterMode();
IdentifiedX509Certprofile profile = queryExecutor.changeCertprofile(ident, type, conf, this);
certprofileDbEntries.remove(name);
IdentifiedX509Certprofile oldProfile = certprofiles.remove(name);
certprofileDbEntries.put(name, profile.getDbEntry());
certprofiles.put(name, profile);
if (oldProfile != null) {
shutdownCertprofile(oldProfile);
}
}
use of org.xipki.ca.server.mgmt.api.CaMgmtException in project xipki by xipki.
the class CaManagerImpl method changeRequestor.
// method removeRequestor
@Override
public void changeRequestor(String name, String base64Cert) throws CaMgmtException {
ParamUtil.requireNonNull("base64Cert", base64Cert);
name = ParamUtil.requireNonBlank("name", name).toLowerCase();
asssertMasterMode();
NameId ident = idNameMap.getRequestor(name);
if (ident == null) {
String msg = concat("unknown requestor ", name);
LOG.warn(msg);
throw new CaMgmtException(msg);
}
RequestorEntryWrapper requestor = queryExecutor.changeRequestor(ident, base64Cert);
requestorDbEntries.remove(name);
requestors.remove(name);
requestorDbEntries.put(name, requestor.getDbEntry());
requestors.put(name, requestor);
}
Aggregations