Search in sources :

Example 6 with CmpControl

use of org.xipki.ca.server.mgmt.api.CmpControl in project xipki by xipki.

the class CaManagerQueryExecutor method changeCmpControl.

// method changeCertprofile
CmpControl changeCmpControl(String name, String conf) throws CaMgmtException {
    ParamUtil.requireNonBlank("name", name);
    if (conf == null) {
        throw new IllegalArgumentException("nothing to change");
    }
    CmpControlEntry newDbEntry = new CmpControlEntry(name, conf);
    CmpControl cmpControl;
    try {
        cmpControl = new CmpControl(newDbEntry);
    } catch (InvalidConfException ex) {
        throw new CaMgmtException(ex);
    }
    final String sql = "UPDATE CMPCONTROL SET CONF=? WHERE NAME=?";
    PreparedStatement ps = null;
    try {
        ps = prepareStatement(sql);
        ps.setString(1, conf);
        ps.setString(2, name);
        if (ps.executeUpdate() == 0) {
            throw new CaMgmtException("could not CMP control " + name);
        }
        LOG.info("changed CMP control '{}': {}", name, conf);
        return cmpControl;
    } catch (SQLException ex) {
        throw new CaMgmtException(datasource, sql, ex);
    } finally {
        datasource.releaseResources(ps, null);
    }
}
Also used : CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException) SQLException(java.sql.SQLException) CmpControlEntry(org.xipki.ca.server.mgmt.api.CmpControlEntry) CmpControl(org.xipki.ca.server.mgmt.api.CmpControl) InvalidConfException(org.xipki.common.InvalidConfException) PreparedStatement(java.sql.PreparedStatement)

Example 7 with CmpControl

use of org.xipki.ca.server.mgmt.api.CmpControl in project xipki by xipki.

the class X509CaCmpResponderImpl method processPkiMessage0.

@Override
protected PKIMessage processPkiMessage0(PKIMessage request, RequestorInfo requestor, ASN1OctetString tid, GeneralPKIMessage message, String msgId, AuditEvent event) {
    if (!(requestor instanceof CmpRequestorInfo)) {
        throw new IllegalArgumentException("unknown requestor type " + requestor.getClass().getName());
    }
    CmpRequestorInfo tmpRequestor = (CmpRequestorInfo) requestor;
    event.addEventData(CaAuditConstants.NAME_requestor, tmpRequestor.getIdent().getName());
    PKIHeader reqHeader = message.getHeader();
    PKIHeaderBuilder respHeader = new PKIHeaderBuilder(reqHeader.getPvno().getValue().intValue(), getSender(), reqHeader.getSender());
    respHeader.setTransactionID(tid);
    ASN1OctetString senderNonce = reqHeader.getSenderNonce();
    if (senderNonce != null) {
        respHeader.setRecipNonce(senderNonce);
    }
    PKIBody respBody;
    PKIBody reqBody = message.getBody();
    final int type = reqBody.getType();
    CmpControl cmpControl = getCmpControl();
    try {
        switch(type) {
            case PKIBody.TYPE_CERT_REQ:
            case PKIBody.TYPE_KEY_UPDATE_REQ:
            case PKIBody.TYPE_P10_CERT_REQ:
            case PKIBody.TYPE_CROSS_CERT_REQ:
                String eventType = null;
                if (PKIBody.TYPE_CERT_REQ == type) {
                    eventType = CaAuditConstants.TYPE_CMP_cr;
                } else if (PKIBody.TYPE_KEY_UPDATE_REQ == type) {
                    eventType = CaAuditConstants.TYPE_CMP_kur;
                } else if (PKIBody.TYPE_P10_CERT_REQ == type) {
                    eventType = CaAuditConstants.TYPE_CMP_p10Cr;
                } else if (PKIBody.TYPE_CROSS_CERT_REQ == type) {
                    eventType = CaAuditConstants.TYPE_CMP_ccr;
                }
                if (eventType != null) {
                    event.addEventType(eventType);
                }
                respBody = cmpEnrollCert(request, respHeader, cmpControl, reqHeader, reqBody, tmpRequestor, tid, msgId, event);
                break;
            case PKIBody.TYPE_CERT_CONFIRM:
                event.addEventType(CaAuditConstants.TYPE_CMP_certConf);
                CertConfirmContent certConf = (CertConfirmContent) reqBody.getContent();
                respBody = confirmCertificates(tid, certConf, msgId);
                break;
            case PKIBody.TYPE_REVOCATION_REQ:
                respBody = cmpUnRevokeRemoveCertificates(request, respHeader, cmpControl, reqHeader, reqBody, tmpRequestor, msgId, event);
                break;
            case PKIBody.TYPE_CONFIRM:
                event.addEventType(CaAuditConstants.TYPE_CMP_pkiConf);
                respBody = new PKIBody(PKIBody.TYPE_CONFIRM, DERNull.INSTANCE);
                break;
            case PKIBody.TYPE_GEN_MSG:
                respBody = cmpGeneralMsg(respHeader, cmpControl, reqHeader, reqBody, tmpRequestor, tid, msgId, event);
                break;
            case PKIBody.TYPE_ERROR:
                event.addEventType(CaAuditConstants.TYPE_CMP_error);
                revokePendingCertificates(tid, msgId);
                respBody = new PKIBody(PKIBody.TYPE_CONFIRM, DERNull.INSTANCE);
                break;
            default:
                event.addEventType("PKIBody." + type);
                respBody = buildErrorMsgPkiBody(PKIStatus.rejection, PKIFailureInfo.badRequest, "unsupported type " + type);
                break;
        }
    // end switch (type)
    } catch (InsuffientPermissionException ex) {
        ErrorMsgContent emc = new ErrorMsgContent(new PKIStatusInfo(PKIStatus.rejection, new PKIFreeText(ex.getMessage()), new PKIFailureInfo(PKIFailureInfo.notAuthorized)));
        respBody = new PKIBody(PKIBody.TYPE_ERROR, emc);
    }
    if (respBody.getType() == PKIBody.TYPE_ERROR) {
        ErrorMsgContent errorMsgContent = (ErrorMsgContent) respBody.getContent();
        AuditStatus auditStatus = AuditStatus.FAILED;
        org.xipki.cmp.PkiStatusInfo pkiStatus = new org.xipki.cmp.PkiStatusInfo(errorMsgContent.getPKIStatusInfo());
        if (pkiStatus.pkiFailureInfo() == PKIFailureInfo.systemFailure) {
            auditStatus = AuditStatus.FAILED;
        }
        event.setStatus(auditStatus);
        String statusString = pkiStatus.statusMessage();
        if (statusString != null) {
            event.addEventData(CaAuditConstants.NAME_message, statusString);
        }
    } else if (event.getStatus() == null) {
        event.setStatus(AuditStatus.SUCCESSFUL);
    }
    return new PKIMessage(respHeader.build(), respBody);
}
Also used : PKIHeader(org.bouncycastle.asn1.cmp.PKIHeader) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage) GeneralPKIMessage(org.bouncycastle.cert.cmp.GeneralPKIMessage) PKIBody(org.bouncycastle.asn1.cmp.PKIBody) PKIHeaderBuilder(org.bouncycastle.asn1.cmp.PKIHeaderBuilder) PKIStatusInfo(org.bouncycastle.asn1.cmp.PKIStatusInfo) InsuffientPermissionException(org.xipki.ca.api.InsuffientPermissionException) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) PKIFreeText(org.bouncycastle.asn1.cmp.PKIFreeText) PKIFailureInfo(org.bouncycastle.asn1.cmp.PKIFailureInfo) CertConfirmContent(org.bouncycastle.asn1.cmp.CertConfirmContent) AuditStatus(org.xipki.audit.AuditStatus) CmpControl(org.xipki.ca.server.mgmt.api.CmpControl) ErrorMsgContent(org.bouncycastle.asn1.cmp.ErrorMsgContent)

Example 8 with CmpControl

use of org.xipki.ca.server.mgmt.api.CmpControl in project xipki by xipki.

the class CaManagerImpl method changeCmpControl.

// method removeCmpControl
@Override
public void changeCmpControl(String name, String conf) throws CaMgmtException {
    name = ParamUtil.requireNonBlank("name", name).toLowerCase();
    ParamUtil.requireNonBlank("conf", conf);
    asssertMasterMode();
    CmpControl newCmpControl = queryExecutor.changeCmpControl(name, conf);
    cmpControlDbEntries.put(name, newCmpControl.getDbEntry());
    cmpControls.put(name, newCmpControl);
}
Also used : CmpControl(org.xipki.ca.server.mgmt.api.CmpControl)

Aggregations

CmpControl (org.xipki.ca.server.mgmt.api.CmpControl)8 CmpControlEntry (org.xipki.ca.server.mgmt.api.CmpControlEntry)4 InvalidConfException (org.xipki.common.InvalidConfException)4 CaMgmtException (org.xipki.ca.server.mgmt.api.CaMgmtException)3 Date (java.util.Date)2 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)2 PKIHeader (org.bouncycastle.asn1.cmp.PKIHeader)2 PKIMessage (org.bouncycastle.asn1.cmp.PKIMessage)2 GeneralPKIMessage (org.bouncycastle.cert.cmp.GeneralPKIMessage)2 FileNotFoundException (java.io.FileNotFoundException)1 IOException (java.io.IOException)1 SocketException (java.net.SocketException)1 InvalidKeyException (java.security.InvalidKeyException)1 KeyStoreException (java.security.KeyStoreException)1 CertificateEncodingException (java.security.cert.CertificateEncodingException)1 CertificateException (java.security.cert.CertificateException)1 PreparedStatement (java.sql.PreparedStatement)1 SQLException (java.sql.SQLException)1 ParseException (java.text.ParseException)1 JAXBException (javax.xml.bind.JAXBException)1