Example 41 with CaMgmtException
use of org.xipki.ca.server.mgmt.api.CaMgmtException in project xipki by xipki.
the class CaManagerImpl method addCertprofileToCa.
// method removeCertprofileFromCa
@Override
public void addCertprofileToCa(String profileName, String caName) throws CaMgmtException {
profileName = ParamUtil.requireNonBlank("profileName", profileName).toLowerCase();
caName = ParamUtil.requireNonBlank("caName", caName).toLowerCase();
asssertMasterMode();
NameId ident = idNameMap.getCertprofile(profileName);
if (ident == null) {
String msg = concat("unknown CertProfile ", profileName);
LOG.warn(msg);
throw new CaMgmtException(msg);
}
NameId caIdent = idNameMap.getCa(caName);
if (caIdent == null) {
String msg = concat("unknown CA ", caName);
LOG.warn(msg);
throw new CaMgmtException(msg);
}
Set<String> set = caHasProfiles.get(caName);
if (set == null) {
set = new HashSet<>();
caHasProfiles.put(caName, set);
} else {
if (set.contains(profileName)) {
String msg = concat("CertProfile ", profileName, " already associated with CA ", caName);
LOG.warn(msg);
throw new CaMgmtException(msg);
}
}
if (!certprofiles.containsKey(profileName)) {
throw new CaMgmtException(concat("certprofile '", profileName, "' is faulty"));
}
queryExecutor.addCertprofileToCa(ident, caIdent);
set.add(profileName);
}
Also used :
CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException)
NameId(org.xipki.ca.api.NameId)
Example 42 with CaMgmtException
use of org.xipki.ca.server.mgmt.api.CaMgmtException in project xipki by xipki.
the class CaManagerImpl method addCrlSigner.
@Override
public void addCrlSigner(X509CrlSignerEntry dbEntry) throws CaMgmtException {
ParamUtil.requireNonNull("dbEntry", dbEntry);
asssertMasterMode();
String name = dbEntry.getName();
if (crlSigners.containsKey(name)) {
throw new CaMgmtException(concat("CRL signer named ", name, " exists"));
}
String conf = dbEntry.getConf();
if (conf != null) {
String newConf = canonicalizeSignerConf(dbEntry.getType(), conf, null, securityFactory);
if (!conf.equals(newConf)) {
dbEntry.setConf(newConf);
}
}
X509CrlSignerEntryWrapper crlSigner = createX509CrlSigner(dbEntry);
X509CrlSignerEntry tmpDbEntry = crlSigner.getDbEntry();
queryExecutor.addCrlSigner(tmpDbEntry);
crlSigners.put(name, crlSigner);
crlSignerDbEntries.put(name, tmpDbEntry);
}
Also used :
CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException)
X509CrlSignerEntry(org.xipki.ca.server.mgmt.api.x509.X509CrlSignerEntry)
Example 43 with CaMgmtException
use of org.xipki.ca.server.mgmt.api.CaMgmtException in project xipki by xipki.
the class CaManagerImpl method init.
private void init() throws CaMgmtException {
if (securityFactory == null) {
throw new IllegalStateException("securityFactory is not set");
}
if (datasourceFactory == null) {
throw new IllegalStateException("datasourceFactory is not set");
}
if (x509CertProfileFactoryRegister == null) {
throw new IllegalStateException("x509CertProfileFactoryRegister is not set");
}
if (x509CertPublisherFactoryRegister == null) {
throw new IllegalStateException("x509CertPublisherFactoryRegister is not set");
}
if (caConfFile == null) {
throw new IllegalStateException("caConfFile is not set");
}
Properties caConfProps = new Properties();
try {
caConfProps.load(new FileInputStream(IoUtil.expandFilepath(caConfFile)));
} catch (IOException ex) {
throw new CaMgmtException("could not parse CA configuration" + caConfFile, ex);
}
String caModeStr = caConfProps.getProperty("ca.mode");
if (caModeStr != null) {
if ("slave".equalsIgnoreCase(caModeStr)) {
masterMode = false;
} else if ("master".equalsIgnoreCase(caModeStr)) {
masterMode = true;
} else {
throw new CaMgmtException(concat("invalid ca.mode '", caModeStr, "'"));
}
} else {
masterMode = true;
}
int shardId;
String shardIdStr = caConfProps.getProperty("ca.shardId");
if (StringUtil.isBlank(shardIdStr)) {
throw new CaMgmtException("ca.shardId is not set");
}
LOG.info("ca.shardId: {}", shardIdStr);
try {
shardId = Integer.parseInt(shardIdStr);
} catch (NumberFormatException ex) {
throw new CaMgmtException(concat("invalid ca.shardId '", shardIdStr, "'"));
}
if (shardId < 0 || shardId > 127) {
throw new CaMgmtException("ca.shardId is not in [0, 127]");
}
if (this.datasources == null) {
this.datasources = new ConcurrentHashMap<>();
for (Object objKey : caConfProps.keySet()) {
String key = (String) objKey;
if (!StringUtil.startsWithIgnoreCase(key, "datasource.")) {
continue;
}
String datasourceFile = caConfProps.getProperty(key);
try {
String datasourceName = key.substring("datasource.".length());
DataSourceWrapper datasource = datasourceFactory.createDataSourceForFile(datasourceName, datasourceFile, securityFactory.getPasswordResolver());
Connection conn = datasource.getConnection();
datasource.returnConnection(conn);
this.datasources.put(datasourceName, datasource);
} catch (DataAccessException | PasswordResolverException | IOException | RuntimeException ex) {
throw new CaMgmtException(concat(ex.getClass().getName(), " while parsing datasource ", datasourceFile, ": ", ex.getMessage()), ex);
}
}
this.datasource = this.datasources.get("ca");
}
if (this.datasource == null) {
throw new CaMgmtException("no datasource named 'ca' configured");
}
this.queryExecutor = new CaManagerQueryExecutor(this.datasource);
initEnvironmentParamters();
String envEpoch = envParameterResolver.getParameter(ENV_EPOCH);
if (masterMode) {
lockCa(true);
if (envEpoch == null) {
final long day = 24L * 60 * 60 * 1000;
envEpoch = queryExecutor.setEpoch(new Date(System.currentTimeMillis() - day));
LOG.info("set environment {} to {}", ENV_EPOCH, envEpoch);
}
queryExecutor.addRequestorIfNeeded(RequestorInfo.NAME_BY_CA);
queryExecutor.addRequestorIfNeeded(RequestorInfo.NAME_BY_USER);
} else {
if (envEpoch == null) {
throw new CaMgmtException("The CA system must be started first with ca.mode = master");
}
}
LOG.info("use EPOCH: {}", envEpoch);
long epoch = DateUtil.parseUtcTimeyyyyMMdd(envEpoch).getTime();
UniqueIdGenerator idGen = new UniqueIdGenerator(epoch, shardId);
try {
this.certstore = new CertificateStore(datasource, idGen);
} catch (DataAccessException ex) {
throw new CaMgmtException(ex.getMessage(), ex);
}
initCaAliases();
initCertprofiles();
initPublishers();
initCmpControls();
initRequestors();
initResponders();
initCrlSigners();
initCas();
initSceps();
}
Also used :
Connection(java.sql.Connection)
IOException(java.io.IOException)
Properties(java.util.Properties)
FileInputStream(java.io.FileInputStream)
Date(java.util.Date)
CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException)
CertificateStore(org.xipki.ca.server.impl.store.CertificateStore)
PasswordResolverException(org.xipki.password.PasswordResolverException)
DataSourceWrapper(org.xipki.datasource.DataSourceWrapper)
DataAccessException(org.xipki.datasource.DataAccessException)
Example 44 with CaMgmtException
use of org.xipki.ca.server.mgmt.api.CaMgmtException in project xipki by xipki.
the class CaManagerImpl method revokeCertificate.
// method shutdownScheduledThreadPoolExecutor
@Override
public void revokeCertificate(String caName, BigInteger serialNumber, CrlReason reason, Date invalidityTime) throws CaMgmtException {
caName = ParamUtil.requireNonBlank("caName", caName).toLowerCase();
ParamUtil.requireNonNull("serialNumber", serialNumber);
asssertMasterMode();
X509Ca ca = getX509Ca(caName);
try {
if (ca.revokeCertificate(serialNumber, reason, invalidityTime, CaAuditConstants.MSGID_ca_mgmt) == null) {
throw new CaMgmtException("could not revoke non-existing certificate");
}
} catch (OperationException ex) {
throw new CaMgmtException(ex.getMessage(), ex);
}
}
Also used :
CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException)
OperationException(org.xipki.ca.api.OperationException)
Example 45 with CaMgmtException
use of org.xipki.ca.server.mgmt.api.CaMgmtException in project xipki by xipki.
the class ScepImpl method refreshCa.
private void refreshCa() throws OperationException {
try {
X509Ca ca = caManager.getX509Ca(caIdent);
X509Cert currentCaCert = ca.getCaInfo().getCert();
if (currentCaCert.equals(caCert)) {
return;
}
caCert = currentCaCert;
caCertRespBytes = new ScepCaCertRespBytes(currentCaCert.getCert(), responderCert);
} catch (CaMgmtException | CertificateException | CMSException ex) {
throw new OperationException(ErrorCode.SYSTEM_FAILURE, ex.getMessage());
}
}
Also used :
ScepCaCertRespBytes(org.xipki.ca.server.api.ScepCaCertRespBytes)
CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException)
X509Cert(org.xipki.security.X509Cert)
X509Ca(org.xipki.ca.server.impl.X509Ca)
CertificateException(java.security.cert.CertificateException)
OperationException(org.xipki.ca.api.OperationException)
CMSException(org.bouncycastle.cms.CMSException)
Aggregations
CaMgmtException (org.xipki.ca.server.mgmt.api.CaMgmtException)157
PreparedStatement (java.sql.PreparedStatement)63
SQLException (java.sql.SQLException)63
CmdFailure (org.xipki.console.karaf.CmdFailure)52
NameId (org.xipki.ca.api.NameId)31
ResultSet (java.sql.ResultSet)24
OperationException (org.xipki.ca.api.OperationException)18
AtomicInteger (java.util.concurrent.atomic.AtomicInteger)16
InvalidConfException (org.xipki.common.InvalidConfException)11
DataAccessException (org.xipki.datasource.DataAccessException)11
CertificateEncodingException (java.security.cert.CertificateEncodingException)9
CaHasRequestorEntry (org.xipki.ca.server.mgmt.api.CaHasRequestorEntry)9
CertificateException (java.security.cert.CertificateException)8
ObjectCreationException (org.xipki.common.ObjectCreationException)8
X509Certificate (java.security.cert.X509Certificate)7
Date (java.util.Date)7
X509CaEntry (org.xipki.ca.server.mgmt.api.x509.X509CaEntry)7
IOException (java.io.IOException)6
Statement (java.sql.Statement)6
CaHasUserEntry (org.xipki.ca.server.mgmt.api.CaHasUserEntry)6
