use of org.xipki.ca.server.mgmt.api.CertprofileEntry in project xipki by xipki.
the class CaManagerImpl method loadConf.
@Override
public void loadConf(CaConf conf) throws CaMgmtException {
ParamUtil.requireNonNull("conf", conf);
if (!caSystemSetuped) {
throw new CaMgmtException("CA system is not initialized yet.");
}
// CMP control
for (String name : conf.getCmpControlNames()) {
CmpControlEntry entry = conf.getCmpControl(name);
CmpControlEntry entryB = cmpControlDbEntries.get(name);
if (entryB != null) {
if (entry.equals(entryB)) {
LOG.info("ignore existed CMP control {}", name);
continue;
} else {
String msg = concat("CMP control ", name, " existed, could not re-added it");
LOG.error(msg);
throw new CaMgmtException(msg);
}
}
try {
addCmpControl(entry);
LOG.info("added CMP control {}", name);
} catch (CaMgmtException ex) {
String msg = concat("could not add CMP control ", name);
LogUtil.error(LOG, ex, msg);
throw new CaMgmtException(msg);
}
}
// Responder
for (String name : conf.getResponderNames()) {
ResponderEntry entry = conf.getResponder(name);
ResponderEntry entryB = responderDbEntries.get(name);
if (entryB != null) {
if (entry.equals(entryB)) {
LOG.info("ignore existed CMP responder {}", name);
continue;
} else {
String msg = concat("CMP responder ", name, " existed, could not re-added it");
LOG.error(msg);
throw new CaMgmtException(msg);
}
}
try {
addResponder(entry);
LOG.info("added CMP responder {}", name);
} catch (CaMgmtException ex) {
String msg = concat("could not add CMP responder ", name);
LogUtil.error(LOG, ex, msg);
throw new CaMgmtException(msg);
}
}
// Environment
for (String name : conf.getEnvironmentNames()) {
String entry = conf.getEnvironment(name);
String entryB = envParameterResolver.getParameter(name);
if (entryB != null) {
if (entry.equals(entryB)) {
LOG.info("ignore existed environment parameter {}", name);
continue;
} else {
String msg = concat("environment parameter ", name, " existed, could not re-added it");
LOG.error(msg);
throw new CaMgmtException(msg);
}
}
try {
addEnvParam(name, entry);
LOG.info("could not add environment parameter {}", name);
} catch (CaMgmtException ex) {
String msg = concat("could not add environment parameter ", name);
LogUtil.error(LOG, ex, msg);
throw new CaMgmtException(msg);
}
}
// CRL signer
for (String name : conf.getCrlSignerNames()) {
X509CrlSignerEntry entry = conf.getCrlSigner(name);
X509CrlSignerEntry entryB = crlSignerDbEntries.get(name);
if (entryB != null) {
if (entry.equals(entryB)) {
LOG.info("ignore existed CRL signer {}", name);
continue;
} else {
String msg = concat("CRL signer ", name, " existed, could not re-added it");
LOG.error(msg);
throw new CaMgmtException(msg);
}
}
try {
addCrlSigner(entry);
LOG.info("added CRL signer {}", name);
} catch (CaMgmtException ex) {
String msg = concat("could not add CRL signer ", name);
LogUtil.error(LOG, ex, msg);
throw new CaMgmtException(msg);
}
}
// Requestor
for (String name : conf.getRequestorNames()) {
RequestorEntry entry = conf.getRequestor(name);
RequestorEntry entryB = requestorDbEntries.get(name);
if (entryB != null) {
if (entry.equals(entryB)) {
LOG.info("ignore existed CMP requestor {}", name);
continue;
} else {
String msg = concat("CMP requestor ", name, " existed, could not re-added it");
LOG.error(msg);
throw new CaMgmtException(msg);
}
}
try {
addRequestor(entry);
LOG.info("added CMP requestor {}", name);
} catch (CaMgmtException ex) {
String msg = concat("could not add CMP requestor ", name);
LogUtil.error(LOG, ex, msg);
throw new CaMgmtException(msg);
}
}
// Publisher
for (String name : conf.getPublisherNames()) {
PublisherEntry entry = conf.getPublisher(name);
PublisherEntry entryB = publisherDbEntries.get(name);
if (entryB != null) {
if (entry.equals(entryB)) {
LOG.info("ignore existed publisher {}", name);
continue;
} else {
String msg = concat("publisher ", name, " existed, could not re-added it");
LOG.error(msg);
throw new CaMgmtException(msg);
}
}
try {
addPublisher(entry);
LOG.info("added publisher {}", name);
} catch (CaMgmtException ex) {
String msg = "could not add publisher " + name;
LogUtil.error(LOG, ex, msg);
throw new CaMgmtException(msg);
}
}
// CertProfile
for (String name : conf.getCertProfileNames()) {
CertprofileEntry entry = conf.getCertProfile(name);
CertprofileEntry entryB = certprofileDbEntries.get(name);
if (entryB != null) {
if (entry.equals(entryB)) {
LOG.info("ignore existed certProfile {}", name);
continue;
} else {
String msg = concat("certProfile ", name, " existed, could not re-added it");
LOG.error(msg);
throw new CaMgmtException(msg);
}
}
try {
addCertprofile(entry);
LOG.info("added certProfile {}", name);
} catch (CaMgmtException ex) {
String msg = concat("could not add certProfile ", name);
LogUtil.error(LOG, ex, msg);
throw new CaMgmtException(msg);
}
}
// User
for (String name : conf.getUserNames()) {
Object obj = conf.getUser(name);
UserEntry entryB = queryExecutor.getUser(name, true);
if (entryB != null) {
boolean equals = false;
if (obj instanceof UserEntry) {
UserEntry entry = (UserEntry) obj;
equals = entry.equals(entryB);
} else {
AddUserEntry entry = (AddUserEntry) obj;
equals = PasswordHash.validatePassword(entry.getPassword(), entryB.getHashedPassword());
}
if (equals) {
LOG.info("ignore existed user {}", name);
continue;
} else {
String msg = concat("user ", name, " existed, could not re-added it");
LOG.error(msg);
throw new CaMgmtException(msg);
}
}
try {
if (obj instanceof UserEntry) {
queryExecutor.addUser((UserEntry) obj);
} else {
queryExecutor.addUser((AddUserEntry) obj);
}
LOG.info("added user {}", name);
} catch (CaMgmtException ex) {
String msg = concat("could not add user ", name);
LogUtil.error(LOG, ex, msg);
throw new CaMgmtException(msg);
}
}
// CA
for (String caName : conf.getCaNames()) {
SingleCaConf scc = conf.getCa(caName);
GenSelfIssued genSelfIssued = scc.getGenSelfIssued();
CaEntry caEntry = scc.getCaEntry();
if (caEntry != null) {
if (!(caEntry instanceof X509CaEntry)) {
throw new CaMgmtException(concat("Unsupported CaEntry ", caName, " (only X509CaEntry is supported"));
}
X509CaEntry entry = (X509CaEntry) caEntry;
if (caInfos.containsKey(caName)) {
CaEntry entryB = caInfos.get(caName).getCaEntry();
if (entry.getCert() == null && genSelfIssued != null) {
SignerConf signerConf = new SignerConf(entry.getSignerConf());
ConcurrentContentSigner signer;
try {
signer = securityFactory.createSigner(entry.getSignerType(), signerConf, (X509Certificate) null);
} catch (ObjectCreationException ex) {
throw new CaMgmtException(concat("could not create signer for CA ", caName), ex);
}
entry.setCert(signer.getCertificate());
}
if (entry.equals(entryB, true)) {
LOG.info("ignore existed CA {}", caName);
} else {
String msg = concat("CA ", caName, " existed, could not re-added it");
LOG.error(msg);
throw new CaMgmtException(msg);
}
} else {
if (genSelfIssued != null) {
X509Certificate cert = generateRootCa(entry, genSelfIssued.getProfile(), genSelfIssued.getCsr(), genSelfIssued.getSerialNumber());
LOG.info("generated root CA {}", caName);
String fn = genSelfIssued.getCertFilename();
if (fn != null) {
try {
IoUtil.save(fn, cert.getEncoded());
LOG.info("saved generated certificate of root CA {} to {}", caName, fn);
} catch (CertificateEncodingException ex) {
LogUtil.error(LOG, ex, concat("could not encode certificate of CA ", caName));
} catch (IOException ex) {
LogUtil.error(LOG, ex, concat("error while saving certificate of root CA ", caName, " to ", fn));
}
}
} else {
try {
addCa(entry);
LOG.info("added CA {}", caName);
} catch (CaMgmtException ex) {
String msg = concat("could not add CA ", caName);
LogUtil.error(LOG, ex, msg);
throw new CaMgmtException(msg);
}
}
}
}
if (scc.getAliases() != null) {
Set<String> aliasesB = getAliasesForCa(caName);
for (String aliasName : scc.getAliases()) {
if (aliasesB != null && aliasesB.contains(aliasName)) {
LOG.info("ignored adding existing CA alias {} to CA {}", aliasName, caName);
} else {
try {
addCaAlias(aliasName, caName);
LOG.info("associated alias {} to CA {}", aliasName, caName);
} catch (CaMgmtException ex) {
String msg = concat("could not associate alias ", aliasName, " to CA ", caName);
LogUtil.error(LOG, ex, msg);
throw new CaMgmtException(msg);
}
}
}
}
if (scc.getProfileNames() != null) {
Set<String> profilesB = caHasProfiles.get(caName);
for (String profileName : scc.getProfileNames()) {
if (profilesB != null && profilesB.contains(profileName)) {
LOG.info("ignored adding certprofile {} to CA {}", profileName, caName);
} else {
try {
addCertprofileToCa(profileName, caName);
LOG.info("added certprofile {} to CA {}", profileName, caName);
} catch (CaMgmtException ex) {
String msg = concat("could not add certprofile ", profileName, " to CA ", caName);
LogUtil.error(LOG, ex, msg);
throw new CaMgmtException(msg);
}
}
}
}
if (scc.getPublisherNames() != null) {
Set<String> publishersB = caHasPublishers.get(caName);
for (String publisherName : scc.getPublisherNames()) {
if (publishersB != null && publishersB.contains(publisherName)) {
LOG.info("ignored adding publisher {} to CA {}", publisherName, caName);
} else {
try {
addPublisherToCa(publisherName, caName);
LOG.info("added publisher {} to CA {}", publisherName, caName);
} catch (CaMgmtException ex) {
String msg = concat("could not add publisher ", publisherName, " to CA ", caName);
LogUtil.error(LOG, ex, msg);
throw new CaMgmtException(msg);
}
}
}
}
if (scc.getRequestors() != null) {
Set<CaHasRequestorEntry> requestorsB = caHasRequestors.get(caName);
for (CaHasRequestorEntry requestor : scc.getRequestors()) {
String requestorName = requestor.getRequestorIdent().getName();
CaHasRequestorEntry requestorB = null;
if (requestorsB != null) {
for (CaHasRequestorEntry m : requestorsB) {
if (m.getRequestorIdent().getName().equals(requestorName)) {
requestorB = m;
break;
}
}
}
if (requestorB != null) {
if (requestor.equals(requestorB)) {
LOG.info("ignored adding requestor {} to CA {}", requestorName, caName);
} else {
String msg = concat("could not add requestor ", requestorName, " to CA", caName);
LOG.error(msg);
throw new CaMgmtException(msg);
}
} else {
try {
addRequestorToCa(requestor, caName);
LOG.info("added publisher {} to CA {}", requestorName, caName);
} catch (CaMgmtException ex) {
String msg = concat("could not add requestor ", requestorName, " to CA ", caName);
LogUtil.error(LOG, ex, msg);
throw new CaMgmtException(msg);
}
}
}
}
if (scc.getUsers() != null) {
List<CaHasUserEntry> usersB = queryExecutor.getCaHasUsersForCa(caName, idNameMap);
for (CaHasUserEntry user : scc.getUsers()) {
String userName = user.getUserIdent().getName();
CaHasUserEntry userB = null;
if (usersB != null) {
for (CaHasUserEntry m : usersB) {
if (m.getUserIdent().getName().equals(userName)) {
userB = m;
break;
}
}
}
if (userB != null) {
if (user.equals(userB)) {
LOG.info("ignored adding user {} to CA {}", userName, caName);
} else {
String msg = concat("could not add user ", userName, " to CA", caName);
LOG.error(msg);
throw new CaMgmtException(msg);
}
} else {
try {
addUserToCa(user, caName);
LOG.info("added user {} to CA {}", userName, caName);
} catch (CaMgmtException ex) {
String msg = concat("could not add user ", userName, " to CA ", caName);
LogUtil.error(LOG, ex, msg);
throw new CaMgmtException(msg);
}
}
}
}
// scc.getUsers()
}
// SCEP
for (String name : conf.getScepNames()) {
ScepEntry entry = conf.getScep(name);
ScepEntry entryB = scepDbEntries.get(name);
if (entryB != null) {
if (entry.equals(entryB)) {
LOG.error("ignore existed SCEP {}", name);
continue;
} else {
String msg = concat("SCEP ", name, " existed, could not re-added it");
LOG.error(msg);
throw new CaMgmtException(msg);
}
} else {
try {
addScep(entry);
LOG.info("added SCEP {}", name);
} catch (CaMgmtException ex) {
String msg = concat("could not add SCEP ", name);
LogUtil.error(LOG, ex, msg);
throw new CaMgmtException(msg);
}
}
}
}
use of org.xipki.ca.server.mgmt.api.CertprofileEntry in project xipki by xipki.
the class CaManagerQueryExecutor method createCertprofile.
// method createCaAliases
CertprofileEntry createCertprofile(String name) throws CaMgmtException {
PreparedStatement stmt = null;
ResultSet rs = null;
final String sql = sqls.sqlSelectProfile;
try {
stmt = prepareStatement(sql);
stmt.setString(1, name);
rs = stmt.executeQuery();
if (!rs.next()) {
throw new CaMgmtException("unknown CA " + name);
}
int id = rs.getInt("ID");
String type = rs.getString("TYPE");
String conf = rs.getString("CONF");
return new CertprofileEntry(new NameId(id, name), type, conf);
} catch (SQLException ex) {
throw new CaMgmtException(datasource, sql, ex);
} finally {
datasource.releaseResources(stmt, rs);
}
}
use of org.xipki.ca.server.mgmt.api.CertprofileEntry in project xipki by xipki.
the class CaManagerQueryExecutor method changeCertprofile.
// method commitNextCrlNoIfLess
IdentifiedX509Certprofile changeCertprofile(NameId nameId, String type, String conf, CaManagerImpl caManager) throws CaMgmtException {
ParamUtil.requireNonNull("nameId", nameId);
ParamUtil.requireNonNull("caManager", caManager);
StringBuilder sqlBuilder = new StringBuilder();
sqlBuilder.append("UPDATE PROFILE SET ");
AtomicInteger index = new AtomicInteger(1);
StringBuilder sb = new StringBuilder();
String tmpType = type;
String tmpConf = conf;
if (tmpType != null) {
sb.append("type: '").append(tmpType).append("'; ");
}
if (tmpConf != null) {
sb.append("conf: '").append(tmpConf).append("'; ");
}
Integer idxType = addToSqlIfNotNull(sqlBuilder, index, tmpType, "TYPE");
Integer idxConf = addToSqlIfNotNull(sqlBuilder, index, tmpConf, "CONF");
sqlBuilder.deleteCharAt(sqlBuilder.length() - 1);
sqlBuilder.append(" WHERE ID=?");
if (index.get() == 1) {
throw new IllegalArgumentException("nothing to change");
}
CertprofileEntry currentDbEntry = createCertprofile(nameId.getName());
if (tmpType == null) {
tmpType = currentDbEntry.getType();
}
if (tmpConf == null) {
tmpConf = currentDbEntry.getConf();
}
tmpType = getRealString(tmpType);
tmpConf = getRealString(tmpConf);
CertprofileEntry newDbEntry = new CertprofileEntry(currentDbEntry.getIdent(), tmpType, tmpConf);
IdentifiedX509Certprofile profile = caManager.createCertprofile(newDbEntry);
if (profile == null) {
throw new CaMgmtException("could not create CertProfile object");
}
final String sql = sqlBuilder.toString();
boolean failed = true;
PreparedStatement ps = null;
try {
ps = prepareStatement(sql);
if (idxType != null) {
ps.setString(idxType, tmpType);
}
if (idxConf != null) {
ps.setString(idxConf, getRealString(tmpConf));
}
ps.setInt(index.get(), nameId.getId());
if (ps.executeUpdate() == 0) {
throw new CaMgmtException("could not change profile " + nameId);
}
if (sb.length() > 0) {
sb.deleteCharAt(sb.length() - 1).deleteCharAt(sb.length() - 1);
}
LOG.info("changed profile '{}': {}", nameId, sb);
failed = false;
return profile;
} catch (SQLException ex) {
throw new CaMgmtException(datasource, sql, ex);
} finally {
datasource.releaseResources(ps, null);
if (failed) {
profile.shutdown();
}
}
}
use of org.xipki.ca.server.mgmt.api.CertprofileEntry in project xipki by xipki.
the class X509CaCmpResponderImpl method getSystemInfo.
// method checkPermission
private String getSystemInfo(CmpRequestorInfo requestor, Set<Integer> acceptVersions) throws OperationException {
X509Ca ca = getCa();
StringBuilder sb = new StringBuilder(2000);
// current maximal support version is 2
int version = 2;
if (CollectionUtil.isNonEmpty(acceptVersions) && !acceptVersions.contains(version)) {
Integer ver = null;
for (Integer m : acceptVersions) {
if (m < version) {
ver = m;
}
}
if (ver == null) {
throw new OperationException(ErrorCode.BAD_REQUEST, "none of versions " + acceptVersions + " is supported");
} else {
version = ver;
}
}
sb.append("<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>");
sb.append("<systemInfo version=\"").append(version).append("\">");
if (version == 2) {
// CACert
sb.append("<CACert>");
sb.append(Base64.encodeToString(ca.getCaInfo().getCert().getEncodedCert()));
sb.append("</CACert>");
// CMP control
sb.append("<cmpControl>");
sb.append("<rrAkiRequired>").append(getCmpControl().isRrAkiRequired()).append("</rrAkiRequired>");
sb.append("</cmpControl>");
// Profiles
Set<String> requestorProfiles = requestor.getCaHasRequestor().getProfiles();
Set<String> supportedProfileNames = new HashSet<>();
Set<String> caProfileNames = ca.caManager().getCertprofilesForCa(ca.getCaInfo().getIdent().getName());
for (String caProfileName : caProfileNames) {
if (requestorProfiles.contains("all") || requestorProfiles.contains(caProfileName)) {
supportedProfileNames.add(caProfileName);
}
}
if (CollectionUtil.isNonEmpty(supportedProfileNames)) {
sb.append("<certprofiles>");
for (String name : supportedProfileNames) {
CertprofileEntry entry = ca.caManager().getCertprofile(name);
if (entry.isFaulty()) {
continue;
}
sb.append("<certprofile>");
sb.append("<name>").append(name).append("</name>");
sb.append("<type>").append(entry.getType()).append("</type>");
sb.append("<conf>");
String conf = entry.getConf();
if (StringUtil.isNotBlank(conf)) {
sb.append("<![CDATA[");
sb.append(conf);
sb.append("]]>");
}
sb.append("</conf>");
sb.append("</certprofile>");
}
sb.append("</certprofiles>");
}
sb.append("</systemInfo>");
} else {
throw new OperationException(ErrorCode.BAD_REQUEST, "unsupported version " + version);
}
return sb.toString();
}
use of org.xipki.ca.server.mgmt.api.CertprofileEntry in project xipki by xipki.
the class CaConf method init.
private void init(CAConfType jaxb, String baseDir, ZipFile zipFile, SecurityFactory securityFactory) throws IOException, InvalidConfException, CaMgmtException {
// Properties
if (baseDir != null) {
properties.put("baseDir", baseDir);
}
if (jaxb.getProperties() != null) {
for (NameValueType m : jaxb.getProperties().getProperty()) {
String name = m.getName();
if (properties.containsKey(name)) {
throw new InvalidConfException("Property " + name + " already defined");
}
properties.put(name, m.getValue());
}
}
// CMP controls
if (jaxb.getCmpcontrols() != null) {
for (CmpcontrolType m : jaxb.getCmpcontrols().getCmpcontrol()) {
CmpControlEntry en = new CmpControlEntry(m.getName(), getValue(m.getConf(), zipFile));
addCmpControl(en);
}
}
// Responders
if (jaxb.getResponders() != null) {
for (ResponderType m : jaxb.getResponders().getResponder()) {
ResponderEntry en = new ResponderEntry(m.getName(), expandConf(m.getType()), getValue(m.getConf(), zipFile), getBase64Binary(m.getCert(), zipFile));
addResponder(en);
}
}
// Environments
if (jaxb.getEnvironments() != null) {
for (NameValueType m : jaxb.getEnvironments().getEnvironment()) {
addEnvironment(m.getName(), expandConf(m.getValue()));
}
}
// CRL signers
if (jaxb.getCrlsigners() != null) {
for (CrlsignerType m : jaxb.getCrlsigners().getCrlsigner()) {
X509CrlSignerEntry en = new X509CrlSignerEntry(m.getName(), expandConf(m.getSignerType()), getValue(m.getSignerConf(), zipFile), getBase64Binary(m.getSignerCert(), zipFile), expandConf(m.getCrlControl()));
addCrlSigner(en);
}
}
// Requestors
if (jaxb.getRequestors() != null) {
for (RequestorType m : jaxb.getRequestors().getRequestor()) {
RequestorEntry en = new RequestorEntry(new NameId(null, m.getName()), getBase64Binary(m.getCert(), zipFile));
addRequestor(en);
}
}
// Users
if (jaxb.getUsers() != null) {
for (UserType m : jaxb.getUsers().getUser()) {
boolean active = (m.isActive() != null) ? m.isActive() : true;
String password = m.getPassword();
if (password != null) {
AddUserEntry en = new AddUserEntry(new NameId(null, m.getName()), active, password);
addUser(en);
} else {
UserEntry en = new UserEntry(new NameId(null, m.getName()), active, m.getHashedPassword());
addUser(en);
}
}
}
// Publishers
if (jaxb.getPublishers() != null) {
for (PublisherType m : jaxb.getPublishers().getPublisher()) {
PublisherEntry en = new PublisherEntry(new NameId(null, m.getName()), expandConf(m.getType()), getValue(m.getConf(), zipFile));
addPublisher(en);
}
}
// CertProfiles
if (jaxb.getProfiles() != null) {
for (ProfileType m : jaxb.getProfiles().getProfile()) {
CertprofileEntry en = new CertprofileEntry(new NameId(null, m.getName()), expandConf(m.getType()), getValue(m.getConf(), zipFile));
addProfile(en);
}
}
// CAs
if (jaxb.getCas() != null) {
for (CaType m : jaxb.getCas().getCa()) {
String name = m.getName();
GenSelfIssued genSelfIssued = null;
X509CaEntry caEntry = null;
if (m.getCaInfo() != null) {
X509CaInfoType ci = m.getCaInfo().getX509Ca();
if (ci.getGenSelfIssued() != null) {
String certFilename = null;
if (ci.getCert() != null) {
if (ci.getCert().getFile() != null) {
certFilename = expandConf(ci.getCert().getFile());
} else {
throw new InvalidConfException("cert.file of CA " + name + " must not be null");
}
}
byte[] csr = getBinary(ci.getGenSelfIssued().getCsr(), zipFile);
BigInteger serialNumber = null;
String str = ci.getGenSelfIssued().getSerialNumber();
if (str != null) {
if (str.startsWith("0x") || str.startsWith("0X")) {
serialNumber = new BigInteger(str.substring(2), 16);
} else {
serialNumber = new BigInteger(str);
}
}
genSelfIssued = new GenSelfIssued(ci.getGenSelfIssued().getProfile(), csr, serialNumber, certFilename);
}
X509CaUris caUris = new X509CaUris(getStrings(ci.getCacertUris()), getStrings(ci.getOcspUris()), getStrings(ci.getCrlUris()), getStrings(ci.getDeltacrlUris()));
int exprirationPeriod = (ci.getExpirationPeriod() == null) ? 365 : ci.getExpirationPeriod().intValue();
int numCrls = (ci.getNumCrls() == null) ? 30 : ci.getNumCrls().intValue();
caEntry = new X509CaEntry(new NameId(null, name), ci.getSnSize(), ci.getNextCrlNo(), expandConf(ci.getSignerType()), getValue(ci.getSignerConf(), zipFile), caUris, numCrls, exprirationPeriod);
caEntry.setCmpControlName(ci.getCmpcontrolName());
caEntry.setCrlSignerName(ci.getCrlsignerName());
caEntry.setDuplicateKeyPermitted(ci.isDuplicateKey());
caEntry.setDuplicateSubjectPermitted(ci.isDuplicateSubject());
if (ci.getExtraControl() != null) {
String value = getValue(ci.getExtraControl(), zipFile);
if (value != null) {
caEntry.setExtraControl(new ConfPairs(value).unmodifiable());
}
}
int keepExpiredCertDays = (ci.getKeepExpiredCertDays() == null) ? -1 : ci.getKeepExpiredCertDays().intValue();
caEntry.setKeepExpiredCertInDays(keepExpiredCertDays);
caEntry.setMaxValidity(CertValidity.getInstance(ci.getMaxValidity()));
caEntry.setPermission(ci.getPermission());
caEntry.setResponderName(ci.getResponderName());
caEntry.setSaveRequest(ci.isSaveReq());
caEntry.setStatus(CaStatus.forName(ci.getStatus()));
if (ci.getValidityMode() != null) {
caEntry.setValidityMode(ValidityMode.forName(ci.getValidityMode()));
}
if (ci.getGenSelfIssued() == null) {
X509Certificate caCert;
if (ci.getCert() != null) {
byte[] bytes = getBinary(ci.getCert(), zipFile);
try {
caCert = X509Util.parseCert(bytes);
} catch (CertificateException ex) {
throw new InvalidConfException("invalid certificate of CA " + name, ex);
}
} else {
// extract from the signer configuration
ConcurrentContentSigner signer;
try {
List<String[]> signerConfs = CaEntry.splitCaSignerConfs(getValue(ci.getSignerConf(), zipFile));
SignerConf signerConf = new SignerConf(signerConfs.get(0)[1]);
signer = securityFactory.createSigner(expandConf(ci.getSignerType()), signerConf, (X509Certificate) null);
} catch (ObjectCreationException | XiSecurityException ex) {
throw new InvalidConfException("could not create CA signer for CA " + name, ex);
}
caCert = signer.getCertificate();
}
caEntry.setCert(caCert);
}
}
List<CaHasRequestorEntry> caHasRequestors = null;
if (m.getRequestors() != null) {
caHasRequestors = new LinkedList<>();
for (CaHasRequestorType req : m.getRequestors().getRequestor()) {
CaHasRequestorEntry en = new CaHasRequestorEntry(new NameId(null, req.getRequestorName()));
en.setRa(req.isRa());
List<String> strs = getStrings(req.getProfiles());
if (strs != null) {
en.setProfiles(new HashSet<>(strs));
}
en.setPermission(req.getPermission());
caHasRequestors.add(en);
}
}
List<CaHasUserEntry> caHasUsers = null;
if (m.getUsers() != null) {
caHasUsers = new LinkedList<>();
for (CaHasUserType req : m.getUsers().getUser()) {
CaHasUserEntry en = new CaHasUserEntry(new NameId(null, req.getUserName()));
en.setPermission(req.getPermission());
List<String> strs = getStrings(req.getProfiles());
if (strs != null) {
en.setProfiles(new HashSet<>(strs));
}
caHasUsers.add(en);
}
}
List<String> aliases = getStrings(m.getAliases());
List<String> profileNames = getStrings(m.getProfiles());
List<String> publisherNames = getStrings(m.getPublishers());
SingleCaConf singleCa = new SingleCaConf(name, genSelfIssued, caEntry, aliases, profileNames, caHasRequestors, caHasUsers, publisherNames);
addSingleCa(singleCa);
}
}
// SCEPs
if (jaxb.getSceps() != null) {
for (ScepType m : jaxb.getSceps().getScep()) {
String name = m.getName();
NameId caIdent = new NameId(null, m.getCaName());
List<String> certProfiles = getStrings(m.getProfiles());
ScepEntry dbEntry = new ScepEntry(name, caIdent, true, m.getResponderName(), new HashSet<>(certProfiles), m.getControl());
sceps.put(name, dbEntry);
}
}
}
Aggregations