Search in sources :

Example 6 with CertprofileEntry

use of org.xipki.ca.server.mgmt.api.CertprofileEntry in project xipki by xipki.

the class CaManagerImpl method loadConf.

@Override
public void loadConf(CaConf conf) throws CaMgmtException {
    ParamUtil.requireNonNull("conf", conf);
    if (!caSystemSetuped) {
        throw new CaMgmtException("CA system is not initialized yet.");
    }
    // CMP control
    for (String name : conf.getCmpControlNames()) {
        CmpControlEntry entry = conf.getCmpControl(name);
        CmpControlEntry entryB = cmpControlDbEntries.get(name);
        if (entryB != null) {
            if (entry.equals(entryB)) {
                LOG.info("ignore existed CMP control {}", name);
                continue;
            } else {
                String msg = concat("CMP control ", name, " existed, could not re-added it");
                LOG.error(msg);
                throw new CaMgmtException(msg);
            }
        }
        try {
            addCmpControl(entry);
            LOG.info("added CMP control {}", name);
        } catch (CaMgmtException ex) {
            String msg = concat("could not add CMP control ", name);
            LogUtil.error(LOG, ex, msg);
            throw new CaMgmtException(msg);
        }
    }
    // Responder
    for (String name : conf.getResponderNames()) {
        ResponderEntry entry = conf.getResponder(name);
        ResponderEntry entryB = responderDbEntries.get(name);
        if (entryB != null) {
            if (entry.equals(entryB)) {
                LOG.info("ignore existed CMP responder {}", name);
                continue;
            } else {
                String msg = concat("CMP responder ", name, " existed, could not re-added it");
                LOG.error(msg);
                throw new CaMgmtException(msg);
            }
        }
        try {
            addResponder(entry);
            LOG.info("added CMP responder {}", name);
        } catch (CaMgmtException ex) {
            String msg = concat("could not add CMP responder ", name);
            LogUtil.error(LOG, ex, msg);
            throw new CaMgmtException(msg);
        }
    }
    // Environment
    for (String name : conf.getEnvironmentNames()) {
        String entry = conf.getEnvironment(name);
        String entryB = envParameterResolver.getParameter(name);
        if (entryB != null) {
            if (entry.equals(entryB)) {
                LOG.info("ignore existed environment parameter {}", name);
                continue;
            } else {
                String msg = concat("environment parameter ", name, " existed, could not re-added it");
                LOG.error(msg);
                throw new CaMgmtException(msg);
            }
        }
        try {
            addEnvParam(name, entry);
            LOG.info("could not add environment parameter {}", name);
        } catch (CaMgmtException ex) {
            String msg = concat("could not add environment parameter ", name);
            LogUtil.error(LOG, ex, msg);
            throw new CaMgmtException(msg);
        }
    }
    // CRL signer
    for (String name : conf.getCrlSignerNames()) {
        X509CrlSignerEntry entry = conf.getCrlSigner(name);
        X509CrlSignerEntry entryB = crlSignerDbEntries.get(name);
        if (entryB != null) {
            if (entry.equals(entryB)) {
                LOG.info("ignore existed CRL signer {}", name);
                continue;
            } else {
                String msg = concat("CRL signer ", name, " existed, could not re-added it");
                LOG.error(msg);
                throw new CaMgmtException(msg);
            }
        }
        try {
            addCrlSigner(entry);
            LOG.info("added CRL signer {}", name);
        } catch (CaMgmtException ex) {
            String msg = concat("could not add CRL signer ", name);
            LogUtil.error(LOG, ex, msg);
            throw new CaMgmtException(msg);
        }
    }
    // Requestor
    for (String name : conf.getRequestorNames()) {
        RequestorEntry entry = conf.getRequestor(name);
        RequestorEntry entryB = requestorDbEntries.get(name);
        if (entryB != null) {
            if (entry.equals(entryB)) {
                LOG.info("ignore existed CMP requestor {}", name);
                continue;
            } else {
                String msg = concat("CMP requestor ", name, " existed, could not re-added it");
                LOG.error(msg);
                throw new CaMgmtException(msg);
            }
        }
        try {
            addRequestor(entry);
            LOG.info("added CMP requestor {}", name);
        } catch (CaMgmtException ex) {
            String msg = concat("could not add CMP requestor ", name);
            LogUtil.error(LOG, ex, msg);
            throw new CaMgmtException(msg);
        }
    }
    // Publisher
    for (String name : conf.getPublisherNames()) {
        PublisherEntry entry = conf.getPublisher(name);
        PublisherEntry entryB = publisherDbEntries.get(name);
        if (entryB != null) {
            if (entry.equals(entryB)) {
                LOG.info("ignore existed publisher {}", name);
                continue;
            } else {
                String msg = concat("publisher ", name, " existed, could not re-added it");
                LOG.error(msg);
                throw new CaMgmtException(msg);
            }
        }
        try {
            addPublisher(entry);
            LOG.info("added publisher {}", name);
        } catch (CaMgmtException ex) {
            String msg = "could not add publisher " + name;
            LogUtil.error(LOG, ex, msg);
            throw new CaMgmtException(msg);
        }
    }
    // CertProfile
    for (String name : conf.getCertProfileNames()) {
        CertprofileEntry entry = conf.getCertProfile(name);
        CertprofileEntry entryB = certprofileDbEntries.get(name);
        if (entryB != null) {
            if (entry.equals(entryB)) {
                LOG.info("ignore existed certProfile {}", name);
                continue;
            } else {
                String msg = concat("certProfile ", name, " existed, could not re-added it");
                LOG.error(msg);
                throw new CaMgmtException(msg);
            }
        }
        try {
            addCertprofile(entry);
            LOG.info("added certProfile {}", name);
        } catch (CaMgmtException ex) {
            String msg = concat("could not add certProfile ", name);
            LogUtil.error(LOG, ex, msg);
            throw new CaMgmtException(msg);
        }
    }
    // User
    for (String name : conf.getUserNames()) {
        Object obj = conf.getUser(name);
        UserEntry entryB = queryExecutor.getUser(name, true);
        if (entryB != null) {
            boolean equals = false;
            if (obj instanceof UserEntry) {
                UserEntry entry = (UserEntry) obj;
                equals = entry.equals(entryB);
            } else {
                AddUserEntry entry = (AddUserEntry) obj;
                equals = PasswordHash.validatePassword(entry.getPassword(), entryB.getHashedPassword());
            }
            if (equals) {
                LOG.info("ignore existed user {}", name);
                continue;
            } else {
                String msg = concat("user ", name, " existed, could not re-added it");
                LOG.error(msg);
                throw new CaMgmtException(msg);
            }
        }
        try {
            if (obj instanceof UserEntry) {
                queryExecutor.addUser((UserEntry) obj);
            } else {
                queryExecutor.addUser((AddUserEntry) obj);
            }
            LOG.info("added user {}", name);
        } catch (CaMgmtException ex) {
            String msg = concat("could not add user ", name);
            LogUtil.error(LOG, ex, msg);
            throw new CaMgmtException(msg);
        }
    }
    // CA
    for (String caName : conf.getCaNames()) {
        SingleCaConf scc = conf.getCa(caName);
        GenSelfIssued genSelfIssued = scc.getGenSelfIssued();
        CaEntry caEntry = scc.getCaEntry();
        if (caEntry != null) {
            if (!(caEntry instanceof X509CaEntry)) {
                throw new CaMgmtException(concat("Unsupported CaEntry ", caName, " (only X509CaEntry is supported"));
            }
            X509CaEntry entry = (X509CaEntry) caEntry;
            if (caInfos.containsKey(caName)) {
                CaEntry entryB = caInfos.get(caName).getCaEntry();
                if (entry.getCert() == null && genSelfIssued != null) {
                    SignerConf signerConf = new SignerConf(entry.getSignerConf());
                    ConcurrentContentSigner signer;
                    try {
                        signer = securityFactory.createSigner(entry.getSignerType(), signerConf, (X509Certificate) null);
                    } catch (ObjectCreationException ex) {
                        throw new CaMgmtException(concat("could not create signer for CA ", caName), ex);
                    }
                    entry.setCert(signer.getCertificate());
                }
                if (entry.equals(entryB, true)) {
                    LOG.info("ignore existed CA {}", caName);
                } else {
                    String msg = concat("CA ", caName, " existed, could not re-added it");
                    LOG.error(msg);
                    throw new CaMgmtException(msg);
                }
            } else {
                if (genSelfIssued != null) {
                    X509Certificate cert = generateRootCa(entry, genSelfIssued.getProfile(), genSelfIssued.getCsr(), genSelfIssued.getSerialNumber());
                    LOG.info("generated root CA {}", caName);
                    String fn = genSelfIssued.getCertFilename();
                    if (fn != null) {
                        try {
                            IoUtil.save(fn, cert.getEncoded());
                            LOG.info("saved generated certificate of root CA {} to {}", caName, fn);
                        } catch (CertificateEncodingException ex) {
                            LogUtil.error(LOG, ex, concat("could not encode certificate of CA ", caName));
                        } catch (IOException ex) {
                            LogUtil.error(LOG, ex, concat("error while saving certificate of root CA ", caName, " to ", fn));
                        }
                    }
                } else {
                    try {
                        addCa(entry);
                        LOG.info("added CA {}", caName);
                    } catch (CaMgmtException ex) {
                        String msg = concat("could not add CA ", caName);
                        LogUtil.error(LOG, ex, msg);
                        throw new CaMgmtException(msg);
                    }
                }
            }
        }
        if (scc.getAliases() != null) {
            Set<String> aliasesB = getAliasesForCa(caName);
            for (String aliasName : scc.getAliases()) {
                if (aliasesB != null && aliasesB.contains(aliasName)) {
                    LOG.info("ignored adding existing CA alias {} to CA {}", aliasName, caName);
                } else {
                    try {
                        addCaAlias(aliasName, caName);
                        LOG.info("associated alias {} to CA {}", aliasName, caName);
                    } catch (CaMgmtException ex) {
                        String msg = concat("could not associate alias ", aliasName, " to CA ", caName);
                        LogUtil.error(LOG, ex, msg);
                        throw new CaMgmtException(msg);
                    }
                }
            }
        }
        if (scc.getProfileNames() != null) {
            Set<String> profilesB = caHasProfiles.get(caName);
            for (String profileName : scc.getProfileNames()) {
                if (profilesB != null && profilesB.contains(profileName)) {
                    LOG.info("ignored adding certprofile {} to CA {}", profileName, caName);
                } else {
                    try {
                        addCertprofileToCa(profileName, caName);
                        LOG.info("added certprofile {} to CA {}", profileName, caName);
                    } catch (CaMgmtException ex) {
                        String msg = concat("could not add certprofile ", profileName, " to CA ", caName);
                        LogUtil.error(LOG, ex, msg);
                        throw new CaMgmtException(msg);
                    }
                }
            }
        }
        if (scc.getPublisherNames() != null) {
            Set<String> publishersB = caHasPublishers.get(caName);
            for (String publisherName : scc.getPublisherNames()) {
                if (publishersB != null && publishersB.contains(publisherName)) {
                    LOG.info("ignored adding publisher {} to CA {}", publisherName, caName);
                } else {
                    try {
                        addPublisherToCa(publisherName, caName);
                        LOG.info("added publisher {} to CA {}", publisherName, caName);
                    } catch (CaMgmtException ex) {
                        String msg = concat("could not add publisher ", publisherName, " to CA ", caName);
                        LogUtil.error(LOG, ex, msg);
                        throw new CaMgmtException(msg);
                    }
                }
            }
        }
        if (scc.getRequestors() != null) {
            Set<CaHasRequestorEntry> requestorsB = caHasRequestors.get(caName);
            for (CaHasRequestorEntry requestor : scc.getRequestors()) {
                String requestorName = requestor.getRequestorIdent().getName();
                CaHasRequestorEntry requestorB = null;
                if (requestorsB != null) {
                    for (CaHasRequestorEntry m : requestorsB) {
                        if (m.getRequestorIdent().getName().equals(requestorName)) {
                            requestorB = m;
                            break;
                        }
                    }
                }
                if (requestorB != null) {
                    if (requestor.equals(requestorB)) {
                        LOG.info("ignored adding requestor {} to CA {}", requestorName, caName);
                    } else {
                        String msg = concat("could not add requestor ", requestorName, " to CA", caName);
                        LOG.error(msg);
                        throw new CaMgmtException(msg);
                    }
                } else {
                    try {
                        addRequestorToCa(requestor, caName);
                        LOG.info("added publisher {} to CA {}", requestorName, caName);
                    } catch (CaMgmtException ex) {
                        String msg = concat("could not add requestor ", requestorName, " to CA ", caName);
                        LogUtil.error(LOG, ex, msg);
                        throw new CaMgmtException(msg);
                    }
                }
            }
        }
        if (scc.getUsers() != null) {
            List<CaHasUserEntry> usersB = queryExecutor.getCaHasUsersForCa(caName, idNameMap);
            for (CaHasUserEntry user : scc.getUsers()) {
                String userName = user.getUserIdent().getName();
                CaHasUserEntry userB = null;
                if (usersB != null) {
                    for (CaHasUserEntry m : usersB) {
                        if (m.getUserIdent().getName().equals(userName)) {
                            userB = m;
                            break;
                        }
                    }
                }
                if (userB != null) {
                    if (user.equals(userB)) {
                        LOG.info("ignored adding user {} to CA {}", userName, caName);
                    } else {
                        String msg = concat("could not add user ", userName, " to CA", caName);
                        LOG.error(msg);
                        throw new CaMgmtException(msg);
                    }
                } else {
                    try {
                        addUserToCa(user, caName);
                        LOG.info("added user {} to CA {}", userName, caName);
                    } catch (CaMgmtException ex) {
                        String msg = concat("could not add user ", userName, " to CA ", caName);
                        LogUtil.error(LOG, ex, msg);
                        throw new CaMgmtException(msg);
                    }
                }
            }
        }
    // scc.getUsers()
    }
    // SCEP
    for (String name : conf.getScepNames()) {
        ScepEntry entry = conf.getScep(name);
        ScepEntry entryB = scepDbEntries.get(name);
        if (entryB != null) {
            if (entry.equals(entryB)) {
                LOG.error("ignore existed SCEP {}", name);
                continue;
            } else {
                String msg = concat("SCEP ", name, " existed, could not re-added it");
                LOG.error(msg);
                throw new CaMgmtException(msg);
            }
        } else {
            try {
                addScep(entry);
                LOG.info("added SCEP {}", name);
            } catch (CaMgmtException ex) {
                String msg = concat("could not add SCEP ", name);
                LogUtil.error(LOG, ex, msg);
                throw new CaMgmtException(msg);
            }
        }
    }
}
Also used : CaHasUserEntry(org.xipki.ca.server.mgmt.api.CaHasUserEntry) RequestorEntry(org.xipki.ca.server.mgmt.api.RequestorEntry) CaHasRequestorEntry(org.xipki.ca.server.mgmt.api.CaHasRequestorEntry) X509CaEntry(org.xipki.ca.server.mgmt.api.x509.X509CaEntry) ChangeCaEntry(org.xipki.ca.server.mgmt.api.ChangeCaEntry) CaEntry(org.xipki.ca.server.mgmt.api.CaEntry) PublisherEntry(org.xipki.ca.server.mgmt.api.PublisherEntry) CmpControlEntry(org.xipki.ca.server.mgmt.api.CmpControlEntry) X509CrlSignerEntry(org.xipki.ca.server.mgmt.api.x509.X509CrlSignerEntry) ResponderEntry(org.xipki.ca.server.mgmt.api.ResponderEntry) SignerConf(org.xipki.security.SignerConf) CertificateEncodingException(java.security.cert.CertificateEncodingException) IOException(java.io.IOException) X509Certificate(java.security.cert.X509Certificate) CertprofileEntry(org.xipki.ca.server.mgmt.api.CertprofileEntry) ChangeScepEntry(org.xipki.ca.server.mgmt.api.x509.ChangeScepEntry) ScepEntry(org.xipki.ca.server.mgmt.api.x509.ScepEntry) CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException) ConcurrentContentSigner(org.xipki.security.ConcurrentContentSigner) ObjectCreationException(org.xipki.common.ObjectCreationException) SingleCaConf(org.xipki.ca.server.mgmt.api.conf.SingleCaConf) AddUserEntry(org.xipki.ca.server.mgmt.api.AddUserEntry) AddUserEntry(org.xipki.ca.server.mgmt.api.AddUserEntry) UserEntry(org.xipki.ca.server.mgmt.api.UserEntry) CaHasUserEntry(org.xipki.ca.server.mgmt.api.CaHasUserEntry) ChangeUserEntry(org.xipki.ca.server.mgmt.api.ChangeUserEntry) CaHasRequestorEntry(org.xipki.ca.server.mgmt.api.CaHasRequestorEntry) GenSelfIssued(org.xipki.ca.server.mgmt.api.conf.GenSelfIssued) X509CaEntry(org.xipki.ca.server.mgmt.api.x509.X509CaEntry)

Example 7 with CertprofileEntry

use of org.xipki.ca.server.mgmt.api.CertprofileEntry in project xipki by xipki.

the class CaManagerQueryExecutor method createCertprofile.

// method createCaAliases
CertprofileEntry createCertprofile(String name) throws CaMgmtException {
    PreparedStatement stmt = null;
    ResultSet rs = null;
    final String sql = sqls.sqlSelectProfile;
    try {
        stmt = prepareStatement(sql);
        stmt.setString(1, name);
        rs = stmt.executeQuery();
        if (!rs.next()) {
            throw new CaMgmtException("unknown CA " + name);
        }
        int id = rs.getInt("ID");
        String type = rs.getString("TYPE");
        String conf = rs.getString("CONF");
        return new CertprofileEntry(new NameId(id, name), type, conf);
    } catch (SQLException ex) {
        throw new CaMgmtException(datasource, sql, ex);
    } finally {
        datasource.releaseResources(stmt, rs);
    }
}
Also used : CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException) NameId(org.xipki.ca.api.NameId) SQLException(java.sql.SQLException) ResultSet(java.sql.ResultSet) PreparedStatement(java.sql.PreparedStatement) CertprofileEntry(org.xipki.ca.server.mgmt.api.CertprofileEntry)

Example 8 with CertprofileEntry

use of org.xipki.ca.server.mgmt.api.CertprofileEntry in project xipki by xipki.

the class CaManagerQueryExecutor method changeCertprofile.

// method commitNextCrlNoIfLess
IdentifiedX509Certprofile changeCertprofile(NameId nameId, String type, String conf, CaManagerImpl caManager) throws CaMgmtException {
    ParamUtil.requireNonNull("nameId", nameId);
    ParamUtil.requireNonNull("caManager", caManager);
    StringBuilder sqlBuilder = new StringBuilder();
    sqlBuilder.append("UPDATE PROFILE SET ");
    AtomicInteger index = new AtomicInteger(1);
    StringBuilder sb = new StringBuilder();
    String tmpType = type;
    String tmpConf = conf;
    if (tmpType != null) {
        sb.append("type: '").append(tmpType).append("'; ");
    }
    if (tmpConf != null) {
        sb.append("conf: '").append(tmpConf).append("'; ");
    }
    Integer idxType = addToSqlIfNotNull(sqlBuilder, index, tmpType, "TYPE");
    Integer idxConf = addToSqlIfNotNull(sqlBuilder, index, tmpConf, "CONF");
    sqlBuilder.deleteCharAt(sqlBuilder.length() - 1);
    sqlBuilder.append(" WHERE ID=?");
    if (index.get() == 1) {
        throw new IllegalArgumentException("nothing to change");
    }
    CertprofileEntry currentDbEntry = createCertprofile(nameId.getName());
    if (tmpType == null) {
        tmpType = currentDbEntry.getType();
    }
    if (tmpConf == null) {
        tmpConf = currentDbEntry.getConf();
    }
    tmpType = getRealString(tmpType);
    tmpConf = getRealString(tmpConf);
    CertprofileEntry newDbEntry = new CertprofileEntry(currentDbEntry.getIdent(), tmpType, tmpConf);
    IdentifiedX509Certprofile profile = caManager.createCertprofile(newDbEntry);
    if (profile == null) {
        throw new CaMgmtException("could not create CertProfile object");
    }
    final String sql = sqlBuilder.toString();
    boolean failed = true;
    PreparedStatement ps = null;
    try {
        ps = prepareStatement(sql);
        if (idxType != null) {
            ps.setString(idxType, tmpType);
        }
        if (idxConf != null) {
            ps.setString(idxConf, getRealString(tmpConf));
        }
        ps.setInt(index.get(), nameId.getId());
        if (ps.executeUpdate() == 0) {
            throw new CaMgmtException("could not change profile " + nameId);
        }
        if (sb.length() > 0) {
            sb.deleteCharAt(sb.length() - 1).deleteCharAt(sb.length() - 1);
        }
        LOG.info("changed profile '{}': {}", nameId, sb);
        failed = false;
        return profile;
    } catch (SQLException ex) {
        throw new CaMgmtException(datasource, sql, ex);
    } finally {
        datasource.releaseResources(ps, null);
        if (failed) {
            profile.shutdown();
        }
    }
}
Also used : AtomicInteger(java.util.concurrent.atomic.AtomicInteger) CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException) AtomicInteger(java.util.concurrent.atomic.AtomicInteger) SQLException(java.sql.SQLException) PreparedStatement(java.sql.PreparedStatement) CertprofileEntry(org.xipki.ca.server.mgmt.api.CertprofileEntry)

Example 9 with CertprofileEntry

use of org.xipki.ca.server.mgmt.api.CertprofileEntry in project xipki by xipki.

the class X509CaCmpResponderImpl method getSystemInfo.

// method checkPermission
private String getSystemInfo(CmpRequestorInfo requestor, Set<Integer> acceptVersions) throws OperationException {
    X509Ca ca = getCa();
    StringBuilder sb = new StringBuilder(2000);
    // current maximal support version is 2
    int version = 2;
    if (CollectionUtil.isNonEmpty(acceptVersions) && !acceptVersions.contains(version)) {
        Integer ver = null;
        for (Integer m : acceptVersions) {
            if (m < version) {
                ver = m;
            }
        }
        if (ver == null) {
            throw new OperationException(ErrorCode.BAD_REQUEST, "none of versions " + acceptVersions + " is supported");
        } else {
            version = ver;
        }
    }
    sb.append("<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>");
    sb.append("<systemInfo version=\"").append(version).append("\">");
    if (version == 2) {
        // CACert
        sb.append("<CACert>");
        sb.append(Base64.encodeToString(ca.getCaInfo().getCert().getEncodedCert()));
        sb.append("</CACert>");
        // CMP control
        sb.append("<cmpControl>");
        sb.append("<rrAkiRequired>").append(getCmpControl().isRrAkiRequired()).append("</rrAkiRequired>");
        sb.append("</cmpControl>");
        // Profiles
        Set<String> requestorProfiles = requestor.getCaHasRequestor().getProfiles();
        Set<String> supportedProfileNames = new HashSet<>();
        Set<String> caProfileNames = ca.caManager().getCertprofilesForCa(ca.getCaInfo().getIdent().getName());
        for (String caProfileName : caProfileNames) {
            if (requestorProfiles.contains("all") || requestorProfiles.contains(caProfileName)) {
                supportedProfileNames.add(caProfileName);
            }
        }
        if (CollectionUtil.isNonEmpty(supportedProfileNames)) {
            sb.append("<certprofiles>");
            for (String name : supportedProfileNames) {
                CertprofileEntry entry = ca.caManager().getCertprofile(name);
                if (entry.isFaulty()) {
                    continue;
                }
                sb.append("<certprofile>");
                sb.append("<name>").append(name).append("</name>");
                sb.append("<type>").append(entry.getType()).append("</type>");
                sb.append("<conf>");
                String conf = entry.getConf();
                if (StringUtil.isNotBlank(conf)) {
                    sb.append("<![CDATA[");
                    sb.append(conf);
                    sb.append("]]>");
                }
                sb.append("</conf>");
                sb.append("</certprofile>");
            }
            sb.append("</certprofiles>");
        }
        sb.append("</systemInfo>");
    } else {
        throw new OperationException(ErrorCode.BAD_REQUEST, "unsupported version " + version);
    }
    return sb.toString();
}
Also used : ASN1Integer(org.bouncycastle.asn1.ASN1Integer) BigInteger(java.math.BigInteger) X509Ca(org.xipki.ca.server.impl.X509Ca) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) OperationException(org.xipki.ca.api.OperationException) HashSet(java.util.HashSet) CertprofileEntry(org.xipki.ca.server.mgmt.api.CertprofileEntry)

Example 10 with CertprofileEntry

use of org.xipki.ca.server.mgmt.api.CertprofileEntry in project xipki by xipki.

the class CaConf method init.

private void init(CAConfType jaxb, String baseDir, ZipFile zipFile, SecurityFactory securityFactory) throws IOException, InvalidConfException, CaMgmtException {
    // Properties
    if (baseDir != null) {
        properties.put("baseDir", baseDir);
    }
    if (jaxb.getProperties() != null) {
        for (NameValueType m : jaxb.getProperties().getProperty()) {
            String name = m.getName();
            if (properties.containsKey(name)) {
                throw new InvalidConfException("Property " + name + " already defined");
            }
            properties.put(name, m.getValue());
        }
    }
    // CMP controls
    if (jaxb.getCmpcontrols() != null) {
        for (CmpcontrolType m : jaxb.getCmpcontrols().getCmpcontrol()) {
            CmpControlEntry en = new CmpControlEntry(m.getName(), getValue(m.getConf(), zipFile));
            addCmpControl(en);
        }
    }
    // Responders
    if (jaxb.getResponders() != null) {
        for (ResponderType m : jaxb.getResponders().getResponder()) {
            ResponderEntry en = new ResponderEntry(m.getName(), expandConf(m.getType()), getValue(m.getConf(), zipFile), getBase64Binary(m.getCert(), zipFile));
            addResponder(en);
        }
    }
    // Environments
    if (jaxb.getEnvironments() != null) {
        for (NameValueType m : jaxb.getEnvironments().getEnvironment()) {
            addEnvironment(m.getName(), expandConf(m.getValue()));
        }
    }
    // CRL signers
    if (jaxb.getCrlsigners() != null) {
        for (CrlsignerType m : jaxb.getCrlsigners().getCrlsigner()) {
            X509CrlSignerEntry en = new X509CrlSignerEntry(m.getName(), expandConf(m.getSignerType()), getValue(m.getSignerConf(), zipFile), getBase64Binary(m.getSignerCert(), zipFile), expandConf(m.getCrlControl()));
            addCrlSigner(en);
        }
    }
    // Requestors
    if (jaxb.getRequestors() != null) {
        for (RequestorType m : jaxb.getRequestors().getRequestor()) {
            RequestorEntry en = new RequestorEntry(new NameId(null, m.getName()), getBase64Binary(m.getCert(), zipFile));
            addRequestor(en);
        }
    }
    // Users
    if (jaxb.getUsers() != null) {
        for (UserType m : jaxb.getUsers().getUser()) {
            boolean active = (m.isActive() != null) ? m.isActive() : true;
            String password = m.getPassword();
            if (password != null) {
                AddUserEntry en = new AddUserEntry(new NameId(null, m.getName()), active, password);
                addUser(en);
            } else {
                UserEntry en = new UserEntry(new NameId(null, m.getName()), active, m.getHashedPassword());
                addUser(en);
            }
        }
    }
    // Publishers
    if (jaxb.getPublishers() != null) {
        for (PublisherType m : jaxb.getPublishers().getPublisher()) {
            PublisherEntry en = new PublisherEntry(new NameId(null, m.getName()), expandConf(m.getType()), getValue(m.getConf(), zipFile));
            addPublisher(en);
        }
    }
    // CertProfiles
    if (jaxb.getProfiles() != null) {
        for (ProfileType m : jaxb.getProfiles().getProfile()) {
            CertprofileEntry en = new CertprofileEntry(new NameId(null, m.getName()), expandConf(m.getType()), getValue(m.getConf(), zipFile));
            addProfile(en);
        }
    }
    // CAs
    if (jaxb.getCas() != null) {
        for (CaType m : jaxb.getCas().getCa()) {
            String name = m.getName();
            GenSelfIssued genSelfIssued = null;
            X509CaEntry caEntry = null;
            if (m.getCaInfo() != null) {
                X509CaInfoType ci = m.getCaInfo().getX509Ca();
                if (ci.getGenSelfIssued() != null) {
                    String certFilename = null;
                    if (ci.getCert() != null) {
                        if (ci.getCert().getFile() != null) {
                            certFilename = expandConf(ci.getCert().getFile());
                        } else {
                            throw new InvalidConfException("cert.file of CA " + name + " must not be null");
                        }
                    }
                    byte[] csr = getBinary(ci.getGenSelfIssued().getCsr(), zipFile);
                    BigInteger serialNumber = null;
                    String str = ci.getGenSelfIssued().getSerialNumber();
                    if (str != null) {
                        if (str.startsWith("0x") || str.startsWith("0X")) {
                            serialNumber = new BigInteger(str.substring(2), 16);
                        } else {
                            serialNumber = new BigInteger(str);
                        }
                    }
                    genSelfIssued = new GenSelfIssued(ci.getGenSelfIssued().getProfile(), csr, serialNumber, certFilename);
                }
                X509CaUris caUris = new X509CaUris(getStrings(ci.getCacertUris()), getStrings(ci.getOcspUris()), getStrings(ci.getCrlUris()), getStrings(ci.getDeltacrlUris()));
                int exprirationPeriod = (ci.getExpirationPeriod() == null) ? 365 : ci.getExpirationPeriod().intValue();
                int numCrls = (ci.getNumCrls() == null) ? 30 : ci.getNumCrls().intValue();
                caEntry = new X509CaEntry(new NameId(null, name), ci.getSnSize(), ci.getNextCrlNo(), expandConf(ci.getSignerType()), getValue(ci.getSignerConf(), zipFile), caUris, numCrls, exprirationPeriod);
                caEntry.setCmpControlName(ci.getCmpcontrolName());
                caEntry.setCrlSignerName(ci.getCrlsignerName());
                caEntry.setDuplicateKeyPermitted(ci.isDuplicateKey());
                caEntry.setDuplicateSubjectPermitted(ci.isDuplicateSubject());
                if (ci.getExtraControl() != null) {
                    String value = getValue(ci.getExtraControl(), zipFile);
                    if (value != null) {
                        caEntry.setExtraControl(new ConfPairs(value).unmodifiable());
                    }
                }
                int keepExpiredCertDays = (ci.getKeepExpiredCertDays() == null) ? -1 : ci.getKeepExpiredCertDays().intValue();
                caEntry.setKeepExpiredCertInDays(keepExpiredCertDays);
                caEntry.setMaxValidity(CertValidity.getInstance(ci.getMaxValidity()));
                caEntry.setPermission(ci.getPermission());
                caEntry.setResponderName(ci.getResponderName());
                caEntry.setSaveRequest(ci.isSaveReq());
                caEntry.setStatus(CaStatus.forName(ci.getStatus()));
                if (ci.getValidityMode() != null) {
                    caEntry.setValidityMode(ValidityMode.forName(ci.getValidityMode()));
                }
                if (ci.getGenSelfIssued() == null) {
                    X509Certificate caCert;
                    if (ci.getCert() != null) {
                        byte[] bytes = getBinary(ci.getCert(), zipFile);
                        try {
                            caCert = X509Util.parseCert(bytes);
                        } catch (CertificateException ex) {
                            throw new InvalidConfException("invalid certificate of CA " + name, ex);
                        }
                    } else {
                        // extract from the signer configuration
                        ConcurrentContentSigner signer;
                        try {
                            List<String[]> signerConfs = CaEntry.splitCaSignerConfs(getValue(ci.getSignerConf(), zipFile));
                            SignerConf signerConf = new SignerConf(signerConfs.get(0)[1]);
                            signer = securityFactory.createSigner(expandConf(ci.getSignerType()), signerConf, (X509Certificate) null);
                        } catch (ObjectCreationException | XiSecurityException ex) {
                            throw new InvalidConfException("could not create CA signer for CA " + name, ex);
                        }
                        caCert = signer.getCertificate();
                    }
                    caEntry.setCert(caCert);
                }
            }
            List<CaHasRequestorEntry> caHasRequestors = null;
            if (m.getRequestors() != null) {
                caHasRequestors = new LinkedList<>();
                for (CaHasRequestorType req : m.getRequestors().getRequestor()) {
                    CaHasRequestorEntry en = new CaHasRequestorEntry(new NameId(null, req.getRequestorName()));
                    en.setRa(req.isRa());
                    List<String> strs = getStrings(req.getProfiles());
                    if (strs != null) {
                        en.setProfiles(new HashSet<>(strs));
                    }
                    en.setPermission(req.getPermission());
                    caHasRequestors.add(en);
                }
            }
            List<CaHasUserEntry> caHasUsers = null;
            if (m.getUsers() != null) {
                caHasUsers = new LinkedList<>();
                for (CaHasUserType req : m.getUsers().getUser()) {
                    CaHasUserEntry en = new CaHasUserEntry(new NameId(null, req.getUserName()));
                    en.setPermission(req.getPermission());
                    List<String> strs = getStrings(req.getProfiles());
                    if (strs != null) {
                        en.setProfiles(new HashSet<>(strs));
                    }
                    caHasUsers.add(en);
                }
            }
            List<String> aliases = getStrings(m.getAliases());
            List<String> profileNames = getStrings(m.getProfiles());
            List<String> publisherNames = getStrings(m.getPublishers());
            SingleCaConf singleCa = new SingleCaConf(name, genSelfIssued, caEntry, aliases, profileNames, caHasRequestors, caHasUsers, publisherNames);
            addSingleCa(singleCa);
        }
    }
    // SCEPs
    if (jaxb.getSceps() != null) {
        for (ScepType m : jaxb.getSceps().getScep()) {
            String name = m.getName();
            NameId caIdent = new NameId(null, m.getCaName());
            List<String> certProfiles = getStrings(m.getProfiles());
            ScepEntry dbEntry = new ScepEntry(name, caIdent, true, m.getResponderName(), new HashSet<>(certProfiles), m.getControl());
            sceps.put(name, dbEntry);
        }
    }
}
Also used : CmpcontrolType(org.xipki.ca.server.mgmt.api.conf.jaxb.CmpcontrolType) CaHasUserEntry(org.xipki.ca.server.mgmt.api.CaHasUserEntry) NameValueType(org.xipki.ca.server.mgmt.api.conf.jaxb.NameValueType) NameId(org.xipki.ca.api.NameId) PublisherType(org.xipki.ca.server.mgmt.api.conf.jaxb.PublisherType) RequestorType(org.xipki.ca.server.mgmt.api.conf.jaxb.RequestorType) CaHasRequestorType(org.xipki.ca.server.mgmt.api.conf.jaxb.CaHasRequestorType) CertificateException(java.security.cert.CertificateException) CaHasRequestorType(org.xipki.ca.server.mgmt.api.conf.jaxb.CaHasRequestorType) CaType(org.xipki.ca.server.mgmt.api.conf.jaxb.CaType) PublisherEntry(org.xipki.ca.server.mgmt.api.PublisherEntry) CmpControlEntry(org.xipki.ca.server.mgmt.api.CmpControlEntry) ResponderEntry(org.xipki.ca.server.mgmt.api.ResponderEntry) SignerConf(org.xipki.security.SignerConf) ResponderType(org.xipki.ca.server.mgmt.api.conf.jaxb.ResponderType) X509Certificate(java.security.cert.X509Certificate) ScepEntry(org.xipki.ca.server.mgmt.api.x509.ScepEntry) AddUserEntry(org.xipki.ca.server.mgmt.api.AddUserEntry) BigInteger(java.math.BigInteger) UserType(org.xipki.ca.server.mgmt.api.conf.jaxb.UserType) CaHasUserType(org.xipki.ca.server.mgmt.api.conf.jaxb.CaHasUserType) CrlsignerType(org.xipki.ca.server.mgmt.api.conf.jaxb.CrlsignerType) X509CaEntry(org.xipki.ca.server.mgmt.api.x509.X509CaEntry) ScepType(org.xipki.ca.server.mgmt.api.conf.jaxb.ScepType) RequestorEntry(org.xipki.ca.server.mgmt.api.RequestorEntry) CaHasRequestorEntry(org.xipki.ca.server.mgmt.api.CaHasRequestorEntry) InvalidConfException(org.xipki.common.InvalidConfException) XiSecurityException(org.xipki.security.exception.XiSecurityException) X509CrlSignerEntry(org.xipki.ca.server.mgmt.api.x509.X509CrlSignerEntry) ProfileType(org.xipki.ca.server.mgmt.api.conf.jaxb.ProfileType) ConfPairs(org.xipki.common.ConfPairs) CertprofileEntry(org.xipki.ca.server.mgmt.api.CertprofileEntry) X509CaUris(org.xipki.ca.server.mgmt.api.x509.X509CaUris) ConcurrentContentSigner(org.xipki.security.ConcurrentContentSigner) ObjectCreationException(org.xipki.common.ObjectCreationException) CaHasUserType(org.xipki.ca.server.mgmt.api.conf.jaxb.CaHasUserType) X509CaInfoType(org.xipki.ca.server.mgmt.api.conf.jaxb.X509CaInfoType) CaHasUserEntry(org.xipki.ca.server.mgmt.api.CaHasUserEntry) AddUserEntry(org.xipki.ca.server.mgmt.api.AddUserEntry) UserEntry(org.xipki.ca.server.mgmt.api.UserEntry) CaHasRequestorEntry(org.xipki.ca.server.mgmt.api.CaHasRequestorEntry)

Aggregations

CertprofileEntry (org.xipki.ca.server.mgmt.api.CertprofileEntry)10 CaMgmtException (org.xipki.ca.server.mgmt.api.CaMgmtException)5 NameId (org.xipki.ca.api.NameId)3 AddUserEntry (org.xipki.ca.server.mgmt.api.AddUserEntry)3 CaHasRequestorEntry (org.xipki.ca.server.mgmt.api.CaHasRequestorEntry)3 CaHasUserEntry (org.xipki.ca.server.mgmt.api.CaHasUserEntry)3 CmpControlEntry (org.xipki.ca.server.mgmt.api.CmpControlEntry)3 PublisherEntry (org.xipki.ca.server.mgmt.api.PublisherEntry)3 RequestorEntry (org.xipki.ca.server.mgmt.api.RequestorEntry)3 ResponderEntry (org.xipki.ca.server.mgmt.api.ResponderEntry)3 UserEntry (org.xipki.ca.server.mgmt.api.UserEntry)3 ScepEntry (org.xipki.ca.server.mgmt.api.x509.ScepEntry)3 X509CaEntry (org.xipki.ca.server.mgmt.api.x509.X509CaEntry)3 X509CrlSignerEntry (org.xipki.ca.server.mgmt.api.x509.X509CrlSignerEntry)3 CmdFailure (org.xipki.console.karaf.CmdFailure)3 IOException (java.io.IOException)2 BigInteger (java.math.BigInteger)2 CertificateEncodingException (java.security.cert.CertificateEncodingException)2 X509Certificate (java.security.cert.X509Certificate)2 PreparedStatement (java.sql.PreparedStatement)2