Search in sources :

Example 6 with CmpControlEntry

use of org.xipki.ca.server.mgmt.api.CmpControlEntry in project xipki by xipki.

the class CaManagerImpl method addCmpControl.

@Override
public void addCmpControl(CmpControlEntry dbEntry) throws CaMgmtException {
    ParamUtil.requireNonNull("dbEntry", dbEntry);
    asssertMasterMode();
    final String name = dbEntry.getName();
    if (cmpControlDbEntries.containsKey(name)) {
        throw new CaMgmtException(concat("CMP control named ", name, " exists"));
    }
    CmpControl cmpControl;
    try {
        cmpControl = new CmpControl(dbEntry);
    } catch (InvalidConfException ex) {
        LogUtil.error(LOG, ex, "could not add CMP control to certStore");
        throw new CaMgmtException(ex);
    }
    CmpControlEntry tmpDbEntry = cmpControl.getDbEntry();
    queryExecutor.addCmpControl(tmpDbEntry);
    cmpControls.put(name, cmpControl);
    cmpControlDbEntries.put(name, tmpDbEntry);
}
Also used : CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException) CmpControlEntry(org.xipki.ca.server.mgmt.api.CmpControlEntry) CmpControl(org.xipki.ca.server.mgmt.api.CmpControl) InvalidConfException(org.xipki.common.InvalidConfException)

Example 7 with CmpControlEntry

use of org.xipki.ca.server.mgmt.api.CmpControlEntry in project xipki by xipki.

the class CaManagerQueryExecutor method createCmpControl.

// method createCrlSigner
CmpControlEntry createCmpControl(String name) throws CaMgmtException {
    final String sql = sqls.sqlSelectCmpControl;
    PreparedStatement stmt = null;
    ResultSet rs = null;
    try {
        stmt = prepareStatement(sql);
        stmt.setString(1, name);
        rs = stmt.executeQuery();
        if (!rs.next()) {
            throw new CaMgmtException("unknown CMP control " + name);
        }
        String conf = rs.getString("CONF");
        return new CmpControlEntry(name, conf);
    } catch (SQLException ex) {
        throw new CaMgmtException(datasource, sql, ex);
    } finally {
        datasource.releaseResources(stmt, rs);
    }
}
Also used : CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException) SQLException(java.sql.SQLException) CmpControlEntry(org.xipki.ca.server.mgmt.api.CmpControlEntry) ResultSet(java.sql.ResultSet) PreparedStatement(java.sql.PreparedStatement)

Example 8 with CmpControlEntry

use of org.xipki.ca.server.mgmt.api.CmpControlEntry in project xipki by xipki.

the class CaManagerQueryExecutor method changeCmpControl.

// method changeCertprofile
CmpControl changeCmpControl(String name, String conf) throws CaMgmtException {
    ParamUtil.requireNonBlank("name", name);
    if (conf == null) {
        throw new IllegalArgumentException("nothing to change");
    }
    CmpControlEntry newDbEntry = new CmpControlEntry(name, conf);
    CmpControl cmpControl;
    try {
        cmpControl = new CmpControl(newDbEntry);
    } catch (InvalidConfException ex) {
        throw new CaMgmtException(ex);
    }
    final String sql = "UPDATE CMPCONTROL SET CONF=? WHERE NAME=?";
    PreparedStatement ps = null;
    try {
        ps = prepareStatement(sql);
        ps.setString(1, conf);
        ps.setString(2, name);
        if (ps.executeUpdate() == 0) {
            throw new CaMgmtException("could not CMP control " + name);
        }
        LOG.info("changed CMP control '{}': {}", name, conf);
        return cmpControl;
    } catch (SQLException ex) {
        throw new CaMgmtException(datasource, sql, ex);
    } finally {
        datasource.releaseResources(ps, null);
    }
}
Also used : CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException) SQLException(java.sql.SQLException) CmpControlEntry(org.xipki.ca.server.mgmt.api.CmpControlEntry) CmpControl(org.xipki.ca.server.mgmt.api.CmpControl) InvalidConfException(org.xipki.common.InvalidConfException) PreparedStatement(java.sql.PreparedStatement)

Example 9 with CmpControlEntry

use of org.xipki.ca.server.mgmt.api.CmpControlEntry in project xipki by xipki.

the class CmpControlInfoCmd method execute0.

@Override
protected Object execute0() throws Exception {
    StringBuilder sb = new StringBuilder();
    if (name == null) {
        Set<String> names = caManager.getCmpControlNames();
        int size = names.size();
        if (size == 0 || size == 1) {
            sb.append((size == 0) ? "no" : "1");
            sb.append(" CMP control is configured\n");
        } else {
            sb.append(size).append(" CMP controls are configured:\n");
        }
        List<String> sorted = new ArrayList<>(names);
        Collections.sort(sorted);
        for (String m : sorted) {
            sb.append("\t").append(m).append("\n");
        }
    } else {
        CmpControlEntry entry = caManager.getCmpControl(name);
        if (entry == null) {
            throw new CmdFailure("\tno CMP control named '" + name + "' is configured");
        } else {
            sb.append(entry.toString());
        }
    }
    println(sb.toString());
    return null;
}
Also used : CmdFailure(org.xipki.console.karaf.CmdFailure) CmpControlEntry(org.xipki.ca.server.mgmt.api.CmpControlEntry) ArrayList(java.util.ArrayList)

Example 10 with CmpControlEntry

use of org.xipki.ca.server.mgmt.api.CmpControlEntry in project xipki by xipki.

the class CaConf method init.

private void init(CAConfType jaxb, String baseDir, ZipFile zipFile, SecurityFactory securityFactory) throws IOException, InvalidConfException, CaMgmtException {
    // Properties
    if (baseDir != null) {
        properties.put("baseDir", baseDir);
    }
    if (jaxb.getProperties() != null) {
        for (NameValueType m : jaxb.getProperties().getProperty()) {
            String name = m.getName();
            if (properties.containsKey(name)) {
                throw new InvalidConfException("Property " + name + " already defined");
            }
            properties.put(name, m.getValue());
        }
    }
    // CMP controls
    if (jaxb.getCmpcontrols() != null) {
        for (CmpcontrolType m : jaxb.getCmpcontrols().getCmpcontrol()) {
            CmpControlEntry en = new CmpControlEntry(m.getName(), getValue(m.getConf(), zipFile));
            addCmpControl(en);
        }
    }
    // Responders
    if (jaxb.getResponders() != null) {
        for (ResponderType m : jaxb.getResponders().getResponder()) {
            ResponderEntry en = new ResponderEntry(m.getName(), expandConf(m.getType()), getValue(m.getConf(), zipFile), getBase64Binary(m.getCert(), zipFile));
            addResponder(en);
        }
    }
    // Environments
    if (jaxb.getEnvironments() != null) {
        for (NameValueType m : jaxb.getEnvironments().getEnvironment()) {
            addEnvironment(m.getName(), expandConf(m.getValue()));
        }
    }
    // CRL signers
    if (jaxb.getCrlsigners() != null) {
        for (CrlsignerType m : jaxb.getCrlsigners().getCrlsigner()) {
            X509CrlSignerEntry en = new X509CrlSignerEntry(m.getName(), expandConf(m.getSignerType()), getValue(m.getSignerConf(), zipFile), getBase64Binary(m.getSignerCert(), zipFile), expandConf(m.getCrlControl()));
            addCrlSigner(en);
        }
    }
    // Requestors
    if (jaxb.getRequestors() != null) {
        for (RequestorType m : jaxb.getRequestors().getRequestor()) {
            RequestorEntry en = new RequestorEntry(new NameId(null, m.getName()), getBase64Binary(m.getCert(), zipFile));
            addRequestor(en);
        }
    }
    // Users
    if (jaxb.getUsers() != null) {
        for (UserType m : jaxb.getUsers().getUser()) {
            boolean active = (m.isActive() != null) ? m.isActive() : true;
            String password = m.getPassword();
            if (password != null) {
                AddUserEntry en = new AddUserEntry(new NameId(null, m.getName()), active, password);
                addUser(en);
            } else {
                UserEntry en = new UserEntry(new NameId(null, m.getName()), active, m.getHashedPassword());
                addUser(en);
            }
        }
    }
    // Publishers
    if (jaxb.getPublishers() != null) {
        for (PublisherType m : jaxb.getPublishers().getPublisher()) {
            PublisherEntry en = new PublisherEntry(new NameId(null, m.getName()), expandConf(m.getType()), getValue(m.getConf(), zipFile));
            addPublisher(en);
        }
    }
    // CertProfiles
    if (jaxb.getProfiles() != null) {
        for (ProfileType m : jaxb.getProfiles().getProfile()) {
            CertprofileEntry en = new CertprofileEntry(new NameId(null, m.getName()), expandConf(m.getType()), getValue(m.getConf(), zipFile));
            addProfile(en);
        }
    }
    // CAs
    if (jaxb.getCas() != null) {
        for (CaType m : jaxb.getCas().getCa()) {
            String name = m.getName();
            GenSelfIssued genSelfIssued = null;
            X509CaEntry caEntry = null;
            if (m.getCaInfo() != null) {
                X509CaInfoType ci = m.getCaInfo().getX509Ca();
                if (ci.getGenSelfIssued() != null) {
                    String certFilename = null;
                    if (ci.getCert() != null) {
                        if (ci.getCert().getFile() != null) {
                            certFilename = expandConf(ci.getCert().getFile());
                        } else {
                            throw new InvalidConfException("cert.file of CA " + name + " must not be null");
                        }
                    }
                    byte[] csr = getBinary(ci.getGenSelfIssued().getCsr(), zipFile);
                    BigInteger serialNumber = null;
                    String str = ci.getGenSelfIssued().getSerialNumber();
                    if (str != null) {
                        if (str.startsWith("0x") || str.startsWith("0X")) {
                            serialNumber = new BigInteger(str.substring(2), 16);
                        } else {
                            serialNumber = new BigInteger(str);
                        }
                    }
                    genSelfIssued = new GenSelfIssued(ci.getGenSelfIssued().getProfile(), csr, serialNumber, certFilename);
                }
                X509CaUris caUris = new X509CaUris(getStrings(ci.getCacertUris()), getStrings(ci.getOcspUris()), getStrings(ci.getCrlUris()), getStrings(ci.getDeltacrlUris()));
                int exprirationPeriod = (ci.getExpirationPeriod() == null) ? 365 : ci.getExpirationPeriod().intValue();
                int numCrls = (ci.getNumCrls() == null) ? 30 : ci.getNumCrls().intValue();
                caEntry = new X509CaEntry(new NameId(null, name), ci.getSnSize(), ci.getNextCrlNo(), expandConf(ci.getSignerType()), getValue(ci.getSignerConf(), zipFile), caUris, numCrls, exprirationPeriod);
                caEntry.setCmpControlName(ci.getCmpcontrolName());
                caEntry.setCrlSignerName(ci.getCrlsignerName());
                caEntry.setDuplicateKeyPermitted(ci.isDuplicateKey());
                caEntry.setDuplicateSubjectPermitted(ci.isDuplicateSubject());
                if (ci.getExtraControl() != null) {
                    String value = getValue(ci.getExtraControl(), zipFile);
                    if (value != null) {
                        caEntry.setExtraControl(new ConfPairs(value).unmodifiable());
                    }
                }
                int keepExpiredCertDays = (ci.getKeepExpiredCertDays() == null) ? -1 : ci.getKeepExpiredCertDays().intValue();
                caEntry.setKeepExpiredCertInDays(keepExpiredCertDays);
                caEntry.setMaxValidity(CertValidity.getInstance(ci.getMaxValidity()));
                caEntry.setPermission(ci.getPermission());
                caEntry.setResponderName(ci.getResponderName());
                caEntry.setSaveRequest(ci.isSaveReq());
                caEntry.setStatus(CaStatus.forName(ci.getStatus()));
                if (ci.getValidityMode() != null) {
                    caEntry.setValidityMode(ValidityMode.forName(ci.getValidityMode()));
                }
                if (ci.getGenSelfIssued() == null) {
                    X509Certificate caCert;
                    if (ci.getCert() != null) {
                        byte[] bytes = getBinary(ci.getCert(), zipFile);
                        try {
                            caCert = X509Util.parseCert(bytes);
                        } catch (CertificateException ex) {
                            throw new InvalidConfException("invalid certificate of CA " + name, ex);
                        }
                    } else {
                        // extract from the signer configuration
                        ConcurrentContentSigner signer;
                        try {
                            List<String[]> signerConfs = CaEntry.splitCaSignerConfs(getValue(ci.getSignerConf(), zipFile));
                            SignerConf signerConf = new SignerConf(signerConfs.get(0)[1]);
                            signer = securityFactory.createSigner(expandConf(ci.getSignerType()), signerConf, (X509Certificate) null);
                        } catch (ObjectCreationException | XiSecurityException ex) {
                            throw new InvalidConfException("could not create CA signer for CA " + name, ex);
                        }
                        caCert = signer.getCertificate();
                    }
                    caEntry.setCert(caCert);
                }
            }
            List<CaHasRequestorEntry> caHasRequestors = null;
            if (m.getRequestors() != null) {
                caHasRequestors = new LinkedList<>();
                for (CaHasRequestorType req : m.getRequestors().getRequestor()) {
                    CaHasRequestorEntry en = new CaHasRequestorEntry(new NameId(null, req.getRequestorName()));
                    en.setRa(req.isRa());
                    List<String> strs = getStrings(req.getProfiles());
                    if (strs != null) {
                        en.setProfiles(new HashSet<>(strs));
                    }
                    en.setPermission(req.getPermission());
                    caHasRequestors.add(en);
                }
            }
            List<CaHasUserEntry> caHasUsers = null;
            if (m.getUsers() != null) {
                caHasUsers = new LinkedList<>();
                for (CaHasUserType req : m.getUsers().getUser()) {
                    CaHasUserEntry en = new CaHasUserEntry(new NameId(null, req.getUserName()));
                    en.setPermission(req.getPermission());
                    List<String> strs = getStrings(req.getProfiles());
                    if (strs != null) {
                        en.setProfiles(new HashSet<>(strs));
                    }
                    caHasUsers.add(en);
                }
            }
            List<String> aliases = getStrings(m.getAliases());
            List<String> profileNames = getStrings(m.getProfiles());
            List<String> publisherNames = getStrings(m.getPublishers());
            SingleCaConf singleCa = new SingleCaConf(name, genSelfIssued, caEntry, aliases, profileNames, caHasRequestors, caHasUsers, publisherNames);
            addSingleCa(singleCa);
        }
    }
    // SCEPs
    if (jaxb.getSceps() != null) {
        for (ScepType m : jaxb.getSceps().getScep()) {
            String name = m.getName();
            NameId caIdent = new NameId(null, m.getCaName());
            List<String> certProfiles = getStrings(m.getProfiles());
            ScepEntry dbEntry = new ScepEntry(name, caIdent, true, m.getResponderName(), new HashSet<>(certProfiles), m.getControl());
            sceps.put(name, dbEntry);
        }
    }
}
Also used : CmpcontrolType(org.xipki.ca.server.mgmt.api.conf.jaxb.CmpcontrolType) CaHasUserEntry(org.xipki.ca.server.mgmt.api.CaHasUserEntry) NameValueType(org.xipki.ca.server.mgmt.api.conf.jaxb.NameValueType) NameId(org.xipki.ca.api.NameId) PublisherType(org.xipki.ca.server.mgmt.api.conf.jaxb.PublisherType) RequestorType(org.xipki.ca.server.mgmt.api.conf.jaxb.RequestorType) CaHasRequestorType(org.xipki.ca.server.mgmt.api.conf.jaxb.CaHasRequestorType) CertificateException(java.security.cert.CertificateException) CaHasRequestorType(org.xipki.ca.server.mgmt.api.conf.jaxb.CaHasRequestorType) CaType(org.xipki.ca.server.mgmt.api.conf.jaxb.CaType) PublisherEntry(org.xipki.ca.server.mgmt.api.PublisherEntry) CmpControlEntry(org.xipki.ca.server.mgmt.api.CmpControlEntry) ResponderEntry(org.xipki.ca.server.mgmt.api.ResponderEntry) SignerConf(org.xipki.security.SignerConf) ResponderType(org.xipki.ca.server.mgmt.api.conf.jaxb.ResponderType) X509Certificate(java.security.cert.X509Certificate) ScepEntry(org.xipki.ca.server.mgmt.api.x509.ScepEntry) AddUserEntry(org.xipki.ca.server.mgmt.api.AddUserEntry) BigInteger(java.math.BigInteger) UserType(org.xipki.ca.server.mgmt.api.conf.jaxb.UserType) CaHasUserType(org.xipki.ca.server.mgmt.api.conf.jaxb.CaHasUserType) CrlsignerType(org.xipki.ca.server.mgmt.api.conf.jaxb.CrlsignerType) X509CaEntry(org.xipki.ca.server.mgmt.api.x509.X509CaEntry) ScepType(org.xipki.ca.server.mgmt.api.conf.jaxb.ScepType) RequestorEntry(org.xipki.ca.server.mgmt.api.RequestorEntry) CaHasRequestorEntry(org.xipki.ca.server.mgmt.api.CaHasRequestorEntry) InvalidConfException(org.xipki.common.InvalidConfException) XiSecurityException(org.xipki.security.exception.XiSecurityException) X509CrlSignerEntry(org.xipki.ca.server.mgmt.api.x509.X509CrlSignerEntry) ProfileType(org.xipki.ca.server.mgmt.api.conf.jaxb.ProfileType) ConfPairs(org.xipki.common.ConfPairs) CertprofileEntry(org.xipki.ca.server.mgmt.api.CertprofileEntry) X509CaUris(org.xipki.ca.server.mgmt.api.x509.X509CaUris) ConcurrentContentSigner(org.xipki.security.ConcurrentContentSigner) ObjectCreationException(org.xipki.common.ObjectCreationException) CaHasUserType(org.xipki.ca.server.mgmt.api.conf.jaxb.CaHasUserType) X509CaInfoType(org.xipki.ca.server.mgmt.api.conf.jaxb.X509CaInfoType) CaHasUserEntry(org.xipki.ca.server.mgmt.api.CaHasUserEntry) AddUserEntry(org.xipki.ca.server.mgmt.api.AddUserEntry) UserEntry(org.xipki.ca.server.mgmt.api.UserEntry) CaHasRequestorEntry(org.xipki.ca.server.mgmt.api.CaHasRequestorEntry)

Aggregations

CmpControlEntry (org.xipki.ca.server.mgmt.api.CmpControlEntry)10 CaMgmtException (org.xipki.ca.server.mgmt.api.CaMgmtException)6 CmpControl (org.xipki.ca.server.mgmt.api.CmpControl)4 InvalidConfException (org.xipki.common.InvalidConfException)4 AddUserEntry (org.xipki.ca.server.mgmt.api.AddUserEntry)3 CaHasRequestorEntry (org.xipki.ca.server.mgmt.api.CaHasRequestorEntry)3 CaHasUserEntry (org.xipki.ca.server.mgmt.api.CaHasUserEntry)3 CertprofileEntry (org.xipki.ca.server.mgmt.api.CertprofileEntry)3 PublisherEntry (org.xipki.ca.server.mgmt.api.PublisherEntry)3 RequestorEntry (org.xipki.ca.server.mgmt.api.RequestorEntry)3 ResponderEntry (org.xipki.ca.server.mgmt.api.ResponderEntry)3 UserEntry (org.xipki.ca.server.mgmt.api.UserEntry)3 ScepEntry (org.xipki.ca.server.mgmt.api.x509.ScepEntry)3 X509CaEntry (org.xipki.ca.server.mgmt.api.x509.X509CaEntry)3 X509CrlSignerEntry (org.xipki.ca.server.mgmt.api.x509.X509CrlSignerEntry)3 IOException (java.io.IOException)2 CertificateEncodingException (java.security.cert.CertificateEncodingException)2 X509Certificate (java.security.cert.X509Certificate)2 PreparedStatement (java.sql.PreparedStatement)2 SQLException (java.sql.SQLException)2