use of org.xipki.ca.server.mgmt.api.CmpControl in project xipki by xipki.
the class CaManagerQueryExecutor method changeCmpControl.
// method changeCertprofile
CmpControl changeCmpControl(String name, String conf) throws CaMgmtException {
ParamUtil.requireNonBlank("name", name);
if (conf == null) {
throw new IllegalArgumentException("nothing to change");
}
CmpControlEntry newDbEntry = new CmpControlEntry(name, conf);
CmpControl cmpControl;
try {
cmpControl = new CmpControl(newDbEntry);
} catch (InvalidConfException ex) {
throw new CaMgmtException(ex);
}
final String sql = "UPDATE CMPCONTROL SET CONF=? WHERE NAME=?";
PreparedStatement ps = null;
try {
ps = prepareStatement(sql);
ps.setString(1, conf);
ps.setString(2, name);
if (ps.executeUpdate() == 0) {
throw new CaMgmtException("could not CMP control " + name);
}
LOG.info("changed CMP control '{}': {}", name, conf);
return cmpControl;
} catch (SQLException ex) {
throw new CaMgmtException(datasource, sql, ex);
} finally {
datasource.releaseResources(ps, null);
}
}
use of org.xipki.ca.server.mgmt.api.CmpControl in project xipki by xipki.
the class X509CaCmpResponderImpl method processPkiMessage0.
@Override
protected PKIMessage processPkiMessage0(PKIMessage request, RequestorInfo requestor, ASN1OctetString tid, GeneralPKIMessage message, String msgId, AuditEvent event) {
if (!(requestor instanceof CmpRequestorInfo)) {
throw new IllegalArgumentException("unknown requestor type " + requestor.getClass().getName());
}
CmpRequestorInfo tmpRequestor = (CmpRequestorInfo) requestor;
event.addEventData(CaAuditConstants.NAME_requestor, tmpRequestor.getIdent().getName());
PKIHeader reqHeader = message.getHeader();
PKIHeaderBuilder respHeader = new PKIHeaderBuilder(reqHeader.getPvno().getValue().intValue(), getSender(), reqHeader.getSender());
respHeader.setTransactionID(tid);
ASN1OctetString senderNonce = reqHeader.getSenderNonce();
if (senderNonce != null) {
respHeader.setRecipNonce(senderNonce);
}
PKIBody respBody;
PKIBody reqBody = message.getBody();
final int type = reqBody.getType();
CmpControl cmpControl = getCmpControl();
try {
switch(type) {
case PKIBody.TYPE_CERT_REQ:
case PKIBody.TYPE_KEY_UPDATE_REQ:
case PKIBody.TYPE_P10_CERT_REQ:
case PKIBody.TYPE_CROSS_CERT_REQ:
String eventType = null;
if (PKIBody.TYPE_CERT_REQ == type) {
eventType = CaAuditConstants.TYPE_CMP_cr;
} else if (PKIBody.TYPE_KEY_UPDATE_REQ == type) {
eventType = CaAuditConstants.TYPE_CMP_kur;
} else if (PKIBody.TYPE_P10_CERT_REQ == type) {
eventType = CaAuditConstants.TYPE_CMP_p10Cr;
} else if (PKIBody.TYPE_CROSS_CERT_REQ == type) {
eventType = CaAuditConstants.TYPE_CMP_ccr;
}
if (eventType != null) {
event.addEventType(eventType);
}
respBody = cmpEnrollCert(request, respHeader, cmpControl, reqHeader, reqBody, tmpRequestor, tid, msgId, event);
break;
case PKIBody.TYPE_CERT_CONFIRM:
event.addEventType(CaAuditConstants.TYPE_CMP_certConf);
CertConfirmContent certConf = (CertConfirmContent) reqBody.getContent();
respBody = confirmCertificates(tid, certConf, msgId);
break;
case PKIBody.TYPE_REVOCATION_REQ:
respBody = cmpUnRevokeRemoveCertificates(request, respHeader, cmpControl, reqHeader, reqBody, tmpRequestor, msgId, event);
break;
case PKIBody.TYPE_CONFIRM:
event.addEventType(CaAuditConstants.TYPE_CMP_pkiConf);
respBody = new PKIBody(PKIBody.TYPE_CONFIRM, DERNull.INSTANCE);
break;
case PKIBody.TYPE_GEN_MSG:
respBody = cmpGeneralMsg(respHeader, cmpControl, reqHeader, reqBody, tmpRequestor, tid, msgId, event);
break;
case PKIBody.TYPE_ERROR:
event.addEventType(CaAuditConstants.TYPE_CMP_error);
revokePendingCertificates(tid, msgId);
respBody = new PKIBody(PKIBody.TYPE_CONFIRM, DERNull.INSTANCE);
break;
default:
event.addEventType("PKIBody." + type);
respBody = buildErrorMsgPkiBody(PKIStatus.rejection, PKIFailureInfo.badRequest, "unsupported type " + type);
break;
}
// end switch (type)
} catch (InsuffientPermissionException ex) {
ErrorMsgContent emc = new ErrorMsgContent(new PKIStatusInfo(PKIStatus.rejection, new PKIFreeText(ex.getMessage()), new PKIFailureInfo(PKIFailureInfo.notAuthorized)));
respBody = new PKIBody(PKIBody.TYPE_ERROR, emc);
}
if (respBody.getType() == PKIBody.TYPE_ERROR) {
ErrorMsgContent errorMsgContent = (ErrorMsgContent) respBody.getContent();
AuditStatus auditStatus = AuditStatus.FAILED;
org.xipki.cmp.PkiStatusInfo pkiStatus = new org.xipki.cmp.PkiStatusInfo(errorMsgContent.getPKIStatusInfo());
if (pkiStatus.pkiFailureInfo() == PKIFailureInfo.systemFailure) {
auditStatus = AuditStatus.FAILED;
}
event.setStatus(auditStatus);
String statusString = pkiStatus.statusMessage();
if (statusString != null) {
event.addEventData(CaAuditConstants.NAME_message, statusString);
}
} else if (event.getStatus() == null) {
event.setStatus(AuditStatus.SUCCESSFUL);
}
return new PKIMessage(respHeader.build(), respBody);
}
use of org.xipki.ca.server.mgmt.api.CmpControl in project xipki by xipki.
the class CaManagerImpl method changeCmpControl.
// method removeCmpControl
@Override
public void changeCmpControl(String name, String conf) throws CaMgmtException {
name = ParamUtil.requireNonBlank("name", name).toLowerCase();
ParamUtil.requireNonBlank("conf", conf);
asssertMasterMode();
CmpControl newCmpControl = queryExecutor.changeCmpControl(name, conf);
cmpControlDbEntries.put(name, newCmpControl.getDbEntry());
cmpControls.put(name, newCmpControl);
}
Aggregations