Example 1 with CaStatus
use of org.xipki.ca.server.mgmt.api.CaStatus in project xipki by xipki.
the class CaManagerImpl method generateRootCa.
// method getIdentifiedPublishersForCa
@Override
public X509Certificate generateRootCa(X509CaEntry caEntry, String profileName, byte[] encodedCsr, BigInteger serialNumber) throws CaMgmtException {
ParamUtil.requireNonNull("caEntry", caEntry);
profileName = ParamUtil.requireNonBlank("profileName", profileName).toLowerCase();
ParamUtil.requireNonNull("encodedCsr", encodedCsr);
int numCrls = caEntry.getNumCrls();
List<String> crlUris = caEntry.getCrlUris();
List<String> deltaCrlUris = caEntry.getDeltaCrlUris();
List<String> ocspUris = caEntry.getOcspUris();
List<String> caCertUris = caEntry.getCaCertUris();
String signerType = caEntry.getSignerType();
asssertMasterMode();
if (numCrls < 0) {
System.err.println("invalid numCrls: " + numCrls);
return null;
}
int expirationPeriod = caEntry.getExpirationPeriod();
if (expirationPeriod < 0) {
System.err.println("invalid expirationPeriod: " + expirationPeriod);
return null;
}
CertificationRequest csr;
try {
csr = CertificationRequest.getInstance(encodedCsr);
} catch (Exception ex) {
System.err.println("invalid encodedCsr");
return null;
}
IdentifiedX509Certprofile certprofile = getIdentifiedCertprofile(profileName);
if (certprofile == null) {
throw new CaMgmtException(concat("unknown certprofile ", profileName));
}
BigInteger serialOfThisCert = (serialNumber != null) ? serialNumber : RandomSerialNumberGenerator.getInstance().nextSerialNumber(caEntry.getSerialNoBitLen());
GenerateSelfSignedResult result;
try {
result = X509SelfSignedCertBuilder.generateSelfSigned(securityFactory, signerType, caEntry.getSignerConf(), certprofile, csr, serialOfThisCert, caCertUris, ocspUris, crlUris, deltaCrlUris, caEntry.getExtraControl());
} catch (OperationException | InvalidConfException ex) {
throw new CaMgmtException(concat(ex.getClass().getName(), ": ", ex.getMessage()), ex);
}
String signerConf = result.getSignerConf();
X509Certificate caCert = result.getCert();
if ("PKCS12".equalsIgnoreCase(signerType) || "JKS".equalsIgnoreCase(signerType)) {
try {
signerConf = canonicalizeSignerConf(signerType, signerConf, new X509Certificate[] { caCert }, securityFactory);
} catch (Exception ex) {
throw new CaMgmtException(concat(ex.getClass().getName(), ": ", ex.getMessage()), ex);
}
}
X509CaUris caUris = new X509CaUris(caCertUris, ocspUris, crlUris, deltaCrlUris);
String name = caEntry.getIdent().getName();
long nextCrlNumber = caEntry.getNextCrlNumber();
CaStatus status = caEntry.getStatus();
X509CaEntry entry = new X509CaEntry(new NameId(null, name), caEntry.getSerialNoBitLen(), nextCrlNumber, signerType, signerConf, caUris, numCrls, expirationPeriod);
entry.setCert(caCert);
entry.setCmpControlName(caEntry.getCmpControlName());
entry.setCrlSignerName(caEntry.getCrlSignerName());
entry.setDuplicateKeyPermitted(caEntry.isDuplicateKeyPermitted());
entry.setDuplicateSubjectPermitted(caEntry.isDuplicateSubjectPermitted());
entry.setExtraControl(caEntry.getExtraControl());
entry.setKeepExpiredCertInDays(caEntry.getKeepExpiredCertInDays());
entry.setMaxValidity(caEntry.getMaxValidity());
entry.setPermission(caEntry.getPermission());
entry.setResponderName(caEntry.getResponderName());
entry.setSaveRequest(caEntry.isSaveRequest());
entry.setStatus(status);
entry.setValidityMode(caEntry.getValidityMode());
addCa(entry);
return caCert;
}
Also used :
NameId(org.xipki.ca.api.NameId)
InvalidConfException(org.xipki.common.InvalidConfException)
CaStatus(org.xipki.ca.server.mgmt.api.CaStatus)
CertprofileException(org.xipki.ca.api.profile.CertprofileException)
KeyStoreException(java.security.KeyStoreException)
XiSecurityException(org.xipki.security.exception.XiSecurityException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
InvalidConfException(org.xipki.common.InvalidConfException)
SocketException(java.net.SocketException)
IOException(java.io.IOException)
CertPublisherException(org.xipki.ca.api.publisher.CertPublisherException)
OperationException(org.xipki.ca.api.OperationException)
CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException)
ObjectCreationException(org.xipki.common.ObjectCreationException)
DataAccessException(org.xipki.datasource.DataAccessException)
JAXBException(javax.xml.bind.JAXBException)
FileNotFoundException(java.io.FileNotFoundException)
SAXException(org.xml.sax.SAXException)
CertificateException(java.security.cert.CertificateException)
PasswordResolverException(org.xipki.password.PasswordResolverException)
X509Certificate(java.security.cert.X509Certificate)
CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException)
X509CaUris(org.xipki.ca.server.mgmt.api.x509.X509CaUris)
GenerateSelfSignedResult(org.xipki.ca.server.impl.X509SelfSignedCertBuilder.GenerateSelfSignedResult)
BigInteger(java.math.BigInteger)
CertificationRequest(org.bouncycastle.asn1.pkcs.CertificationRequest)
OperationException(org.xipki.ca.api.OperationException)
X509CaEntry(org.xipki.ca.server.mgmt.api.x509.X509CaEntry)
Example 2 with CaStatus
use of org.xipki.ca.server.mgmt.api.CaStatus in project xipki by xipki.
the class CaManagerImpl method startCaSystem0.
// method startCaSystem
private boolean startCaSystem0() {
if (caSystemSetuped) {
return true;
}
initializing = true;
shutdownScheduledThreadPoolExecutor();
try {
LOG.info("starting CA system");
try {
init();
} catch (Exception ex) {
LogUtil.error(LOG, ex);
return false;
}
this.lastStartTime = new Date();
x509cas.clear();
x509Responders.clear();
scheduledThreadPoolExecutor = new ScheduledThreadPoolExecutor(10);
scheduledThreadPoolExecutor.setRemoveOnCancelPolicy(true);
List<String> startedCaNames = new LinkedList<>();
List<String> failedCaNames = new LinkedList<>();
// Add the CAs to the store
for (String caName : caInfos.keySet()) {
CaStatus status = caInfos.get(caName).getCaEntry().getStatus();
if (CaStatus.ACTIVE != status) {
continue;
}
if (startCa(caName)) {
startedCaNames.add(caName);
LOG.info("started CA {}", caName);
} else {
failedCaNames.add(caName);
LOG.error("could not start CA {}", caName);
}
}
caSystemSetuped = true;
StringBuilder sb = new StringBuilder();
sb.append("started CA system");
Set<String> caAliasNames = getCaAliasNames();
Set<String> names = new HashSet<>(getCaNames());
if (names.size() > 0) {
sb.append(" with following CAs: ");
for (String aliasName : caAliasNames) {
String name = getCaNameForAlias(aliasName);
names.remove(name);
sb.append(name).append(" (alias ").append(aliasName).append("), ");
}
for (String name : names) {
sb.append(name).append(", ");
}
int len = sb.length();
sb.delete(len - 2, len);
scheduledThreadPoolExecutor.scheduleAtFixedRate(new CertsInQueuePublisher(), 120, 120, TimeUnit.SECONDS);
scheduledThreadPoolExecutor.scheduleAtFixedRate(// 1 DAY
new UnreferencedRequstCleaner(), // 1 DAY
60, // 1 DAY
24L * 60 * 60, TimeUnit.SECONDS);
} else {
sb.append(": no CA is configured");
}
if (!failedCaNames.isEmpty()) {
sb.append(", and following CAs could not be started: ");
for (String aliasName : caAliasNames) {
String name = getCaNameForAlias(aliasName);
if (failedCaNames.remove(name)) {
sb.append(name).append(" (alias ").append(aliasName).append("), ");
}
}
for (String name : failedCaNames) {
sb.append(name).append(", ");
}
int len = sb.length();
sb.delete(len - 2, len);
}
LOG.info("{}", sb);
} finally {
initializing = false;
if (!masterMode && persistentScheduledThreadPoolExecutor == null) {
persistentScheduledThreadPoolExecutor = new ScheduledThreadPoolExecutor(1);
persistentScheduledThreadPoolExecutor.setRemoveOnCancelPolicy(true);
persistentScheduledThreadPoolExecutor.scheduleAtFixedRate(new CaRestarter(), 300, 300, TimeUnit.SECONDS);
}
}
return true;
}
Also used :
ScheduledThreadPoolExecutor(java.util.concurrent.ScheduledThreadPoolExecutor)
CaStatus(org.xipki.ca.server.mgmt.api.CaStatus)
CertprofileException(org.xipki.ca.api.profile.CertprofileException)
KeyStoreException(java.security.KeyStoreException)
XiSecurityException(org.xipki.security.exception.XiSecurityException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
InvalidConfException(org.xipki.common.InvalidConfException)
SocketException(java.net.SocketException)
IOException(java.io.IOException)
CertPublisherException(org.xipki.ca.api.publisher.CertPublisherException)
OperationException(org.xipki.ca.api.OperationException)
CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException)
ObjectCreationException(org.xipki.common.ObjectCreationException)
DataAccessException(org.xipki.datasource.DataAccessException)
JAXBException(javax.xml.bind.JAXBException)
FileNotFoundException(java.io.FileNotFoundException)
SAXException(org.xml.sax.SAXException)
CertificateException(java.security.cert.CertificateException)
PasswordResolverException(org.xipki.password.PasswordResolverException)
Date(java.util.Date)
LinkedList(java.util.LinkedList)
HashSet(java.util.HashSet)
Example 3 with CaStatus
use of org.xipki.ca.server.mgmt.api.CaStatus in project xipki by xipki.
the class ScepImpl method servicePkiOperation.
public ContentInfo servicePkiOperation(CMSSignedData requestContent, String certProfileName, String msgId, AuditEvent event) throws MessageDecodingException, OperationException {
CaStatus status = getStatus();
if (CaStatus.ACTIVE != status) {
LOG.warn("SCEP {} is not active", caIdent);
throw new OperationException(ErrorCode.SYSTEM_UNAVAILABLE);
}
DecodedPkiMessage req = DecodedPkiMessage.decode(requestContent, envelopedDataDecryptor, null);
PkiMessage rep = servicePkiOperation0(requestContent, req, certProfileName, msgId, event);
audit(event, CaAuditConstants.NAME_SCEP_pkiStatus, rep.getPkiStatus().toString());
if (rep.getPkiStatus() == PkiStatus.FAILURE) {
event.setStatus(AuditStatus.FAILED);
}
if (rep.getFailInfo() != null) {
audit(event, CaAuditConstants.NAME_SCEP_failInfo, rep.getFailInfo().toString());
}
return encodeResponse(rep, req);
}
Also used :
DecodedPkiMessage(org.xipki.scep.message.DecodedPkiMessage)
PkiMessage(org.xipki.scep.message.PkiMessage)
DecodedPkiMessage(org.xipki.scep.message.DecodedPkiMessage)
CaStatus(org.xipki.ca.server.mgmt.api.CaStatus)
OperationException(org.xipki.ca.api.OperationException)
Example 4 with CaStatus
use of org.xipki.ca.server.mgmt.api.CaStatus in project xipki by xipki.
the class CaAddOrGenAction method getCaEntry.
protected X509CaEntry getCaEntry() throws Exception {
ParamUtil.requireRange("sn-bitlen", snBitLen, 63, 159);
if (nextCrlNumber < 1) {
throw new IllegalCmdParamException("invalid CRL number: " + nextCrlNumber);
}
if (numCrls < 0) {
throw new IllegalCmdParamException("invalid numCrls: " + numCrls);
}
if (expirationPeriod < 0) {
throw new IllegalCmdParamException("invalid expirationPeriod: " + expirationPeriod);
}
if ("PKCS12".equalsIgnoreCase(signerType) || "JKS".equalsIgnoreCase(signerType)) {
signerConf = ShellUtil.canonicalizeSignerConf(signerType, signerConf, passwordResolver, securityFactory);
}
X509CaUris caUris = new X509CaUris(caCertUris, ocspUris, crlUris, deltaCrlUris);
X509CaEntry entry = new X509CaEntry(new NameId(null, caName), snBitLen, nextCrlNumber, signerType, signerConf, caUris, numCrls.intValue(), expirationPeriod.intValue());
entry.setKeepExpiredCertInDays(keepExpiredCertInDays.intValue());
boolean duplicateKeyPermitted = isEnabled(duplicateKeyS, true, "duplicate-key");
entry.setDuplicateKeyPermitted(duplicateKeyPermitted);
boolean duplicateSubjectPermitted = isEnabled(duplicateSubjectS, true, "duplicate-subject");
entry.setDuplicateSubjectPermitted(duplicateSubjectPermitted);
boolean saveReq = isEnabled(saveReqS, false, "save-req");
entry.setSaveRequest(saveReq);
ValidityMode validityMode = ValidityMode.forName(validityModeS);
entry.setValidityMode(validityMode);
CaStatus status = CaStatus.forName(caStatus);
entry.setStatus(status);
if (crlSignerName != null) {
entry.setCrlSignerName(crlSignerName);
}
if (responderName != null) {
entry.setResponderName(responderName);
}
CertValidity tmpMaxValidity = CertValidity.getInstance(maxValidity);
entry.setMaxValidity(tmpMaxValidity);
entry.setKeepExpiredCertInDays(keepExpiredCertInDays);
if (cmpControlName != null) {
entry.setCmpControlName(cmpControlName);
}
int intPermission = ShellUtil.getPermission(permissions);
entry.setPermission(intPermission);
if (extraControl != null) {
extraControl = extraControl.trim();
}
if (StringUtil.isNotBlank(extraControl)) {
entry.setExtraControl(new ConfPairs(extraControl).unmodifiable());
}
return entry;
}
Also used :
X509CaUris(org.xipki.ca.server.mgmt.api.x509.X509CaUris)
ValidityMode(org.xipki.ca.server.mgmt.api.ValidityMode)
NameId(org.xipki.ca.api.NameId)
CertValidity(org.xipki.ca.api.profile.CertValidity)
IllegalCmdParamException(org.xipki.console.karaf.IllegalCmdParamException)
ConfPairs(org.xipki.common.ConfPairs)
CaStatus(org.xipki.ca.server.mgmt.api.CaStatus)
X509CaEntry(org.xipki.ca.server.mgmt.api.x509.X509CaEntry)
Example 5 with CaStatus
use of org.xipki.ca.server.mgmt.api.CaStatus in project xipki by xipki.
the class CaManagerQueryExecutor method changeCa.
// method addPublisherToCa
void changeCa(ChangeCaEntry changeCaEntry, SecurityFactory securityFactory) throws CaMgmtException {
ParamUtil.requireNonNull("changeCaEntry", changeCaEntry);
ParamUtil.requireNonNull("securityFactory", securityFactory);
if (!(changeCaEntry instanceof X509ChangeCaEntry)) {
throw new CaMgmtException("unsupported ChangeCAEntry " + changeCaEntry.getClass().getName());
}
X509ChangeCaEntry entry = (X509ChangeCaEntry) changeCaEntry;
X509Certificate cert = entry.getCert();
if (cert != null) {
boolean anyCertIssued;
try {
anyCertIssued = datasource.columnExists(null, "CERT", "CA_ID", entry.getIdent().getId());
} catch (DataAccessException ex) {
throw new CaMgmtException(ex);
}
if (anyCertIssued) {
throw new CaMgmtException("Cannot change the certificate of CA, since it has issued certificates");
}
}
Integer serialNoBitLen = entry.getSerialNoBitLen();
CaStatus status = entry.getStatus();
List<String> crlUris = entry.getCrlUris();
List<String> deltaCrlUris = entry.getDeltaCrlUris();
List<String> ocspUris = entry.getOcspUris();
List<String> caCertUris = entry.getCaCertUris();
CertValidity maxValidity = entry.getMaxValidity();
String signerType = entry.getSignerType();
String signerConf = entry.getSignerConf();
String crlsignerName = entry.getCrlSignerName();
String responderName = entry.getResponderName();
String cmpcontrolName = entry.getCmpControlName();
Boolean duplicateKeyPermitted = entry.getDuplicateKeyPermitted();
Boolean duplicateSubjectPermitted = entry.getDuplicateSubjectPermitted();
Boolean saveReq = entry.getSaveRequest();
Integer permission = entry.getPermission();
Integer numCrls = entry.getNumCrls();
Integer expirationPeriod = entry.getExpirationPeriod();
Integer keepExpiredCertInDays = entry.getKeepExpiredCertInDays();
ValidityMode validityMode = entry.getValidityMode();
ConfPairs extraControl = entry.getExtraControl();
if (signerType != null || signerConf != null || cert != null) {
final String sql = "SELECT SIGNER_TYPE,CERT,SIGNER_CONF FROM CA WHERE ID=?";
PreparedStatement stmt = null;
ResultSet rs = null;
try {
stmt = prepareStatement(sql);
stmt.setInt(1, entry.getIdent().getId());
rs = stmt.executeQuery();
if (!rs.next()) {
throw new CaMgmtException("unknown CA '" + entry.getIdent());
}
String tmpSignerType = rs.getString("SIGNER_TYPE");
String tmpSignerConf = rs.getString("SIGNER_CONF");
String tmpB64Cert = rs.getString("CERT");
if (signerType != null) {
tmpSignerType = signerType;
}
if (signerConf != null) {
tmpSignerConf = getRealString(signerConf);
if (tmpSignerConf != null) {
tmpSignerConf = CaManagerImpl.canonicalizeSignerConf(tmpSignerType, tmpSignerConf, null, securityFactory);
}
}
X509Certificate tmpCert;
if (cert != null) {
tmpCert = cert;
} else {
try {
tmpCert = X509Util.parseBase64EncodedCert(tmpB64Cert);
} catch (CertificateException ex) {
throw new CaMgmtException("could not parse the stored certificate for CA '" + changeCaEntry.getIdent() + "'" + ex.getMessage(), ex);
}
}
try {
List<String[]> signerConfs = CaEntry.splitCaSignerConfs(tmpSignerConf);
for (String[] m : signerConfs) {
securityFactory.createSigner(tmpSignerType, new SignerConf(m[1]), tmpCert);
}
} catch (XiSecurityException | ObjectCreationException ex) {
throw new CaMgmtException("could not create signer for CA '" + changeCaEntry.getIdent() + "'" + ex.getMessage(), ex);
}
} catch (SQLException ex) {
throw new CaMgmtException(datasource, sql, ex);
} finally {
datasource.releaseResources(stmt, rs);
}
}
// end if (signerType)
StringBuilder sqlBuilder = new StringBuilder();
sqlBuilder.append("UPDATE CA SET ");
AtomicInteger index = new AtomicInteger(1);
Integer idxSnSize = addToSqlIfNotNull(sqlBuilder, index, serialNoBitLen, "SN_SIZE");
Integer idxStatus = addToSqlIfNotNull(sqlBuilder, index, status, "STATUS");
Integer idxSubject = addToSqlIfNotNull(sqlBuilder, index, cert, "SUBJECT");
Integer idxCert = addToSqlIfNotNull(sqlBuilder, index, cert, "CERT");
Integer idxCrlUris = addToSqlIfNotNull(sqlBuilder, index, crlUris, "CRL_URIS");
Integer idxDeltaCrlUris = addToSqlIfNotNull(sqlBuilder, index, deltaCrlUris, "DELTACRL_URIS");
Integer idxOcspUris = addToSqlIfNotNull(sqlBuilder, index, ocspUris, "OCSP_URIS");
Integer idxCaCertUris = addToSqlIfNotNull(sqlBuilder, index, caCertUris, "CACERT_URIS");
Integer idxMaxValidity = addToSqlIfNotNull(sqlBuilder, index, maxValidity, "MAX_VALIDITY");
Integer idxSignerType = addToSqlIfNotNull(sqlBuilder, index, signerType, "SIGNER_TYPE");
Integer idxCrlsignerName = addToSqlIfNotNull(sqlBuilder, index, crlsignerName, "CRLSIGNER_NAME");
Integer idxResponderName = addToSqlIfNotNull(sqlBuilder, index, responderName, "RESPONDER_NAME");
Integer idxCmpcontrolName = addToSqlIfNotNull(sqlBuilder, index, cmpcontrolName, "CMPCONTROL_NAME");
Integer idxDuplicateKey = addToSqlIfNotNull(sqlBuilder, index, duplicateKeyPermitted, "DUPLICATE_KEY");
Integer idxDuplicateSubject = addToSqlIfNotNull(sqlBuilder, index, duplicateKeyPermitted, "DUPLICATE_SUBJECT");
Integer idxSaveReq = addToSqlIfNotNull(sqlBuilder, index, saveReq, "SAVE_REQ");
Integer idxPermission = addToSqlIfNotNull(sqlBuilder, index, permission, "PERMISSION");
Integer idxNumCrls = addToSqlIfNotNull(sqlBuilder, index, numCrls, "NUM_CRLS");
Integer idxExpirationPeriod = addToSqlIfNotNull(sqlBuilder, index, expirationPeriod, "EXPIRATION_PERIOD");
Integer idxExpiredCerts = addToSqlIfNotNull(sqlBuilder, index, keepExpiredCertInDays, "KEEP_EXPIRED_CERT_DAYS");
Integer idxValidityMode = addToSqlIfNotNull(sqlBuilder, index, validityMode, "VALIDITY_MODE");
Integer idxExtraControl = addToSqlIfNotNull(sqlBuilder, index, extraControl, "EXTRA_CONTROL");
Integer idxSignerConf = addToSqlIfNotNull(sqlBuilder, index, signerConf, "SIGNER_CONF");
// delete the last ','
sqlBuilder.deleteCharAt(sqlBuilder.length() - 1);
sqlBuilder.append(" WHERE ID=?");
if (index.get() == 1) {
throw new IllegalArgumentException("nothing to change");
}
int idxId = index.get();
final String sql = sqlBuilder.toString();
StringBuilder sb = new StringBuilder();
PreparedStatement ps = null;
try {
ps = prepareStatement(sql);
if (idxSnSize != null) {
sb.append("sn_size: '").append(serialNoBitLen).append("'; ");
ps.setInt(idxSnSize, serialNoBitLen.intValue());
}
if (idxStatus != null) {
sb.append("status: '").append(status.name()).append("'; ");
ps.setString(idxStatus, status.name());
}
if (idxCert != null) {
String subject = X509Util.getRfc4519Name(cert.getSubjectX500Principal());
sb.append("cert: '").append(subject).append("'; ");
ps.setString(idxSubject, subject);
String base64Cert = Base64.encodeToString(cert.getEncoded());
ps.setString(idxCert, base64Cert);
}
if (idxCrlUris != null) {
String txt = StringUtil.collectionAsStringByComma(crlUris);
sb.append("crlUri: '").append(txt).append("'; ");
ps.setString(idxCrlUris, txt);
}
if (idxDeltaCrlUris != null) {
String txt = StringUtil.collectionAsStringByComma(deltaCrlUris);
sb.append("deltaCrlUri: '").append(txt).append("'; ");
ps.setString(idxDeltaCrlUris, txt);
}
if (idxOcspUris != null) {
String txt = StringUtil.collectionAsStringByComma(ocspUris);
sb.append("ocspUri: '").append(txt).append("'; ");
ps.setString(idxOcspUris, txt);
}
if (idxCaCertUris != null) {
String txt = StringUtil.collectionAsStringByComma(caCertUris);
sb.append("caCertUri: '").append(txt).append("'; ");
ps.setString(idxCaCertUris, txt);
}
if (idxMaxValidity != null) {
String txt = maxValidity.toString();
sb.append("maxValidity: '").append(txt).append("'; ");
ps.setString(idxMaxValidity, txt);
}
if (idxSignerType != null) {
sb.append("signerType: '").append(signerType).append("'; ");
ps.setString(idxSignerType, signerType);
}
if (idxSignerConf != null) {
sb.append("signerConf: '").append(SignerConf.toString(signerConf, false, true)).append("'; ");
ps.setString(idxSignerConf, signerConf);
}
if (idxCrlsignerName != null) {
String txt = getRealString(crlsignerName);
sb.append("crlSigner: '").append(txt).append("'; ");
ps.setString(idxCrlsignerName, txt);
}
if (idxResponderName != null) {
String txt = getRealString(responderName);
sb.append("responder: '").append(txt).append("'; ");
ps.setString(idxResponderName, txt);
}
if (idxCmpcontrolName != null) {
String txt = getRealString(cmpcontrolName);
sb.append("cmpControl: '").append(txt).append("'; ");
ps.setString(idxCmpcontrolName, txt);
}
if (idxDuplicateKey != null) {
sb.append("duplicateKey: '").append(duplicateKeyPermitted).append("'; ");
setBoolean(ps, idxDuplicateKey, duplicateKeyPermitted);
}
if (idxDuplicateSubject != null) {
sb.append("duplicateSubject: '").append(duplicateSubjectPermitted).append("'; ");
setBoolean(ps, idxDuplicateSubject, duplicateSubjectPermitted);
}
if (idxSaveReq != null) {
sb.append("saveReq: '").append(saveReq).append("'; ");
setBoolean(ps, idxSaveReq, saveReq);
}
if (idxPermission != null) {
sb.append("permission: '").append(permission).append("'; ");
ps.setInt(idxPermission, permission);
}
if (idxNumCrls != null) {
sb.append("numCrls: '").append(numCrls).append("'; ");
ps.setInt(idxNumCrls, numCrls);
}
if (idxExpirationPeriod != null) {
sb.append("expirationPeriod: '").append(expirationPeriod).append("'; ");
ps.setInt(idxExpirationPeriod, expirationPeriod);
}
if (idxExpiredCerts != null) {
sb.append("keepExpiredCertDays: '").append(keepExpiredCertInDays).append("'; ");
ps.setInt(idxExpiredCerts, keepExpiredCertInDays);
}
if (idxValidityMode != null) {
String txt = validityMode.name();
sb.append("validityMode: '").append(txt).append("'; ");
ps.setString(idxValidityMode, txt);
}
if (idxExtraControl != null) {
sb.append("extraControl: '").append(extraControl).append("'; ");
ps.setString(idxExtraControl, extraControl.getEncoded());
}
ps.setInt(idxId, changeCaEntry.getIdent().getId());
if (ps.executeUpdate() == 0) {
throw new CaMgmtException("could not change CA " + entry.getIdent());
}
if (sb.length() > 0) {
sb.deleteCharAt(sb.length() - 1).deleteCharAt(sb.length() - 1);
}
LOG.info("changed CA '{}': {}", changeCaEntry.getIdent(), sb);
} catch (SQLException ex) {
throw new CaMgmtException(datasource, sql, ex);
} catch (CertificateEncodingException ex) {
throw new CaMgmtException(ex);
} finally {
datasource.releaseResources(ps, null);
}
}
Also used :
CertValidity(org.xipki.ca.api.profile.CertValidity)
SQLException(java.sql.SQLException)
CertificateException(java.security.cert.CertificateException)
CaStatus(org.xipki.ca.server.mgmt.api.CaStatus)
ValidityMode(org.xipki.ca.server.mgmt.api.ValidityMode)
XiSecurityException(org.xipki.security.exception.XiSecurityException)
ResultSet(java.sql.ResultSet)
DataAccessException(org.xipki.datasource.DataAccessException)
ConfPairs(org.xipki.common.ConfPairs)
SignerConf(org.xipki.security.SignerConf)
PreparedStatement(java.sql.PreparedStatement)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
X509ChangeCaEntry(org.xipki.ca.server.mgmt.api.x509.X509ChangeCaEntry)
X509Certificate(java.security.cert.X509Certificate)
AtomicInteger(java.util.concurrent.atomic.AtomicInteger)
CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException)
AtomicInteger(java.util.concurrent.atomic.AtomicInteger)
ObjectCreationException(org.xipki.common.ObjectCreationException)
Aggregations
CaStatus (org.xipki.ca.server.mgmt.api.CaStatus)7
OperationException (org.xipki.ca.api.OperationException)5
NameId (org.xipki.ca.api.NameId)4
CaMgmtException (org.xipki.ca.server.mgmt.api.CaMgmtException)4
CertificateEncodingException (java.security.cert.CertificateEncodingException)3
CertificateException (java.security.cert.CertificateException)3
X509Certificate (java.security.cert.X509Certificate)3
CertValidity (org.xipki.ca.api.profile.CertValidity)3
ValidityMode (org.xipki.ca.server.mgmt.api.ValidityMode)3
X509CaEntry (org.xipki.ca.server.mgmt.api.x509.X509CaEntry)3
X509CaUris (org.xipki.ca.server.mgmt.api.x509.X509CaUris)3
ConfPairs (org.xipki.common.ConfPairs)3
ObjectCreationException (org.xipki.common.ObjectCreationException)3
DataAccessException (org.xipki.datasource.DataAccessException)3
XiSecurityException (org.xipki.security.exception.XiSecurityException)3
FileNotFoundException (java.io.FileNotFoundException)2
IOException (java.io.IOException)2
SocketException (java.net.SocketException)2
KeyStoreException (java.security.KeyStoreException)2
PreparedStatement (java.sql.PreparedStatement)2
