Example 6 with CaStatus
use of org.xipki.ca.server.mgmt.api.CaStatus in project xipki by xipki.
the class CaManagerQueryExecutor method createCaInfo.
// method createResponder
X509CaInfo createCaInfo(String name, boolean masterMode, CertificateStore certstore) throws CaMgmtException {
final String sql = sqls.sqlSelectCa;
PreparedStatement stmt = null;
ResultSet rs = null;
try {
stmt = prepareStatement(sql);
stmt.setString(1, name);
rs = stmt.executeQuery();
if (!rs.next()) {
throw new CaMgmtException("uknown CA " + name);
}
int artCode = rs.getInt("ART");
if (artCode != CertArt.X509PKC.getCode()) {
throw new CaMgmtException("CA " + name + " is not X509CA, and is not supported");
}
String crlUris = rs.getString("CRL_URIS");
String deltaCrlUris = rs.getString("DELTACRL_URIS");
CertRevocationInfo revocationInfo = null;
boolean revoked = rs.getBoolean("REV");
if (revoked) {
int revReason = rs.getInt("RR");
long revTime = rs.getInt("RT");
long revInvalidityTime = rs.getInt("RIT");
Date revInvTime = (revInvalidityTime == 0) ? null : new Date(revInvalidityTime * 1000);
revocationInfo = new CertRevocationInfo(revReason, new Date(revTime * 1000), revInvTime);
}
List<String> tmpCrlUris = null;
if (StringUtil.isNotBlank(crlUris)) {
tmpCrlUris = StringUtil.splitByComma(crlUris);
}
List<String> tmpDeltaCrlUris = null;
if (StringUtil.isNotBlank(deltaCrlUris)) {
tmpDeltaCrlUris = StringUtil.splitByComma(deltaCrlUris);
}
String ocspUris = rs.getString("OCSP_URIS");
List<String> tmpOcspUris = null;
if (StringUtil.isNotBlank(ocspUris)) {
tmpOcspUris = StringUtil.splitByComma(ocspUris);
}
String caCertUris = rs.getString("CACERT_URIS");
List<String> tmpCaCertUris = null;
if (StringUtil.isNotBlank(caCertUris)) {
tmpCaCertUris = StringUtil.splitByComma(caCertUris);
}
X509CaUris caUris = new X509CaUris(tmpCaCertUris, tmpOcspUris, tmpCrlUris, tmpDeltaCrlUris);
int id = rs.getInt("ID");
int serialNoSize = rs.getInt("SN_SIZE");
long nextCrlNo = rs.getLong("NEXT_CRLNO");
String signerType = rs.getString("SIGNER_TYPE");
String signerConf = rs.getString("SIGNER_CONF");
int numCrls = rs.getInt("NUM_CRLS");
int expirationPeriod = rs.getInt("EXPIRATION_PERIOD");
X509CaEntry entry = new X509CaEntry(new NameId(id, name), serialNoSize, nextCrlNo, signerType, signerConf, caUris, numCrls, expirationPeriod);
String b64cert = rs.getString("CERT");
X509Certificate cert = generateCert(b64cert);
entry.setCert(cert);
String status = rs.getString("STATUS");
CaStatus caStatus = CaStatus.forName(status);
entry.setStatus(caStatus);
String maxValidityS = rs.getString("MAX_VALIDITY");
CertValidity maxValidity = CertValidity.getInstance(maxValidityS);
entry.setMaxValidity(maxValidity);
int keepExpiredCertDays = rs.getInt("KEEP_EXPIRED_CERT_DAYS");
entry.setKeepExpiredCertInDays(keepExpiredCertDays);
String crlsignerName = rs.getString("CRLSIGNER_NAME");
if (StringUtil.isNotBlank(crlsignerName)) {
entry.setCrlSignerName(crlsignerName);
}
String responderName = rs.getString("RESPONDER_NAME");
if (StringUtil.isNotBlank(responderName)) {
entry.setResponderName(responderName);
}
String extraControl = rs.getString("EXTRA_CONTROL");
if (StringUtil.isNotBlank(extraControl)) {
entry.setExtraControl(new ConfPairs(extraControl).unmodifiable());
}
String cmpcontrolName = rs.getString("CMPCONTROL_NAME");
if (StringUtil.isNotBlank(cmpcontrolName)) {
entry.setCmpControlName(cmpcontrolName);
}
boolean duplicateKeyPermitted = (rs.getInt("DUPLICATE_KEY") != 0);
entry.setDuplicateKeyPermitted(duplicateKeyPermitted);
boolean duplicateSubjectPermitted = (rs.getInt("DUPLICATE_SUBJECT") != 0);
entry.setDuplicateSubjectPermitted(duplicateSubjectPermitted);
boolean saveReq = (rs.getInt("SAVE_REQ") != 0);
entry.setSaveRequest(saveReq);
int permission = rs.getInt("PERMISSION");
entry.setPermission(permission);
entry.setRevocationInfo(revocationInfo);
String validityModeS = rs.getString("VALIDITY_MODE");
ValidityMode validityMode = null;
if (validityModeS != null) {
validityMode = ValidityMode.forName(validityModeS);
}
if (validityMode == null) {
validityMode = ValidityMode.STRICT;
}
entry.setValidityMode(validityMode);
try {
return new X509CaInfo(entry, certstore);
} catch (OperationException ex) {
throw new CaMgmtException(ex);
}
} catch (SQLException ex) {
throw new CaMgmtException(datasource, sql, ex);
} finally {
datasource.releaseResources(stmt, rs);
}
}
Also used :
NameId(org.xipki.ca.api.NameId)
CertValidity(org.xipki.ca.api.profile.CertValidity)
SQLException(java.sql.SQLException)
ConfPairs(org.xipki.common.ConfPairs)
PreparedStatement(java.sql.PreparedStatement)
CaStatus(org.xipki.ca.server.mgmt.api.CaStatus)
Date(java.util.Date)
X509Certificate(java.security.cert.X509Certificate)
CertRevocationInfo(org.xipki.security.CertRevocationInfo)
CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException)
X509CaUris(org.xipki.ca.server.mgmt.api.x509.X509CaUris)
ValidityMode(org.xipki.ca.server.mgmt.api.ValidityMode)
ResultSet(java.sql.ResultSet)
OperationException(org.xipki.ca.api.OperationException)
X509CaEntry(org.xipki.ca.server.mgmt.api.x509.X509CaEntry)
Example 7 with CaStatus
use of org.xipki.ca.server.mgmt.api.CaStatus in project xipki by xipki.
the class X509Ca method republishCertificates.
// method publishCertificate0
public boolean republishCertificates(List<String> publisherNames, int numThreads) {
List<IdentifiedX509CertPublisher> publishers;
if (publisherNames == null) {
publishers = publishers();
} else {
publishers = new ArrayList<>(publisherNames.size());
for (String publisherName : publisherNames) {
IdentifiedX509CertPublisher publisher = null;
for (IdentifiedX509CertPublisher p : publishers()) {
if (p.getIdent().getName().equals(publisherName)) {
publisher = p;
break;
}
}
if (publisher == null) {
throw new IllegalArgumentException("could not find publisher " + publisherName + " for CA " + caIdent);
}
publishers.add(publisher);
}
}
if (CollectionUtil.isEmpty(publishers)) {
return true;
}
CaStatus status = caInfo.getStatus();
caInfo.setStatus(CaStatus.INACTIVE);
boolean onlyRevokedCerts = true;
for (IdentifiedX509CertPublisher publisher : publishers) {
if (publisher.publishsGoodCert()) {
onlyRevokedCerts = false;
}
NameId publisherIdent = publisher.getIdent();
try {
LOG.info("clearing PublishQueue for publisher {}", publisherIdent);
certstore.clearPublishQueue(caIdent, publisherIdent);
LOG.info(" cleared PublishQueue for publisher {}", publisherIdent);
} catch (OperationException ex) {
LogUtil.error(LOG, ex, "could not clear PublishQueue for publisher");
}
}
try {
for (IdentifiedX509CertPublisher publisher : publishers) {
boolean successful = publisher.caAdded(caCert);
if (!successful) {
LOG.error("republish CA certificate {} to publisher {} failed", caIdent, publisher.getIdent());
return false;
}
}
if (caInfo.getRevocationInfo() != null) {
for (IdentifiedX509CertPublisher publisher : publishers) {
boolean successful = publisher.caRevoked(caCert, caInfo.getRevocationInfo());
if (!successful) {
LOG.error("republishing CA revocation to publisher {} failed", publisher.getIdent());
return false;
}
}
}
// end if
CertRepublisher republisher = new CertRepublisher(caIdent, caCert, caIdNameMap, certstore, publishers, onlyRevokedCerts, numThreads);
return republisher.republish();
} finally {
caInfo.setStatus(status);
}
}
Also used :
NameId(org.xipki.ca.api.NameId)
DERPrintableString(org.bouncycastle.asn1.DERPrintableString)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
CaStatus(org.xipki.ca.server.mgmt.api.CaStatus)
OperationException(org.xipki.ca.api.OperationException)
Aggregations
CaStatus (org.xipki.ca.server.mgmt.api.CaStatus)7
OperationException (org.xipki.ca.api.OperationException)5
NameId (org.xipki.ca.api.NameId)4
CaMgmtException (org.xipki.ca.server.mgmt.api.CaMgmtException)4
CertificateEncodingException (java.security.cert.CertificateEncodingException)3
CertificateException (java.security.cert.CertificateException)3
X509Certificate (java.security.cert.X509Certificate)3
CertValidity (org.xipki.ca.api.profile.CertValidity)3
ValidityMode (org.xipki.ca.server.mgmt.api.ValidityMode)3
X509CaEntry (org.xipki.ca.server.mgmt.api.x509.X509CaEntry)3
X509CaUris (org.xipki.ca.server.mgmt.api.x509.X509CaUris)3
ConfPairs (org.xipki.common.ConfPairs)3
ObjectCreationException (org.xipki.common.ObjectCreationException)3
DataAccessException (org.xipki.datasource.DataAccessException)3
XiSecurityException (org.xipki.security.exception.XiSecurityException)3
FileNotFoundException (java.io.FileNotFoundException)2
IOException (java.io.IOException)2
SocketException (java.net.SocketException)2
KeyStoreException (java.security.KeyStoreException)2
PreparedStatement (java.sql.PreparedStatement)2
