Search in sources :

Example 1 with CAConfType

use of org.xipki.ca.server.mgmt.api.conf.jaxb.CAConfType in project xipki by xipki.

the class CaManagerImpl method exportConf.

@Override
public void exportConf(String zipFilename, List<String> caNames) throws CaMgmtException, IOException {
    ParamUtil.requireNonBlank("zipFilename", zipFilename);
    if (!caSystemSetuped) {
        throw new CaMgmtException("CA system is not initialized yet.");
    }
    zipFilename = IoUtil.expandFilepath(zipFilename);
    if (caNames != null) {
        List<String> tmpCaNames = new ArrayList<>(caNames.size());
        for (String name : caNames) {
            name = name.toLowerCase();
            if (x509cas.containsKey(name)) {
                tmpCaNames.add(name);
            }
        }
        caNames = tmpCaNames;
    } else {
        List<String> tmpCaNames = new ArrayList<>(x509cas.size());
        for (String name : x509cas.keySet()) {
            tmpCaNames.add(name);
        }
        caNames = tmpCaNames;
    }
    File zipFile = new File(zipFilename);
    if (zipFile.exists()) {
        throw new IOException(concat("File ", zipFilename, " exists."));
    }
    File parentFile = zipFile.getParentFile();
    if (parentFile != null && !parentFile.exists()) {
        parentFile.mkdirs();
    }
    CAConfType root = new CAConfType();
    root.setVersion(1);
    ZipOutputStream zipStream = getZipOutputStream(zipFile);
    try {
        Set<String> includeCmpControlNames = new HashSet<>();
        Set<String> includeResponderNames = new HashSet<>();
        Set<String> includeRequestorNames = new HashSet<>();
        Set<String> includeProfileNames = new HashSet<>();
        Set<String> includePublisherNames = new HashSet<>();
        Set<String> includeCrlSignerNames = new HashSet<>();
        Set<String> includeUserNames = new HashSet<>();
        // users
        root.setUsers(new CAConfType.Users());
        List<UserType> users = root.getUsers().getUser();
        // cas
        if (CollectionUtil.isNonEmpty(caNames)) {
            List<CaType> list = new LinkedList<>();
            for (String name : x509cas.keySet()) {
                if (!caNames.contains(name)) {
                    continue;
                }
                CaType jaxb = new CaType();
                jaxb.setName(name);
                Set<String> strs = getAliasesForCa(name);
                if (CollectionUtil.isNonEmpty(strs)) {
                    jaxb.setAliases(createStrings(strs));
                }
                strs = caHasProfiles.get(name);
                if (CollectionUtil.isNonEmpty(strs)) {
                    includeProfileNames.addAll(strs);
                    jaxb.setProfiles(createStrings(strs));
                }
                strs = caHasPublishers.get(name);
                if (CollectionUtil.isNonEmpty(strs)) {
                    includePublisherNames.addAll(strs);
                    jaxb.setPublishers(createStrings(strs));
                }
                // CaHasRequestors
                Set<CaHasRequestorEntry> requestors = caHasRequestors.get(name);
                if (CollectionUtil.isNonEmpty(requestors)) {
                    jaxb.setRequestors(new CaType.Requestors());
                    for (CaHasRequestorEntry m : requestors) {
                        String requestorName = m.getRequestorIdent().getName();
                        includeRequestorNames.add(requestorName);
                        CaHasRequestorType jaxb2 = new CaHasRequestorType();
                        jaxb2.setRequestorName(requestorName);
                        jaxb2.setRa(m.isRa());
                        jaxb2.setProfiles(createStrings(m.getProfiles()));
                        jaxb2.setPermission(m.getPermission());
                        jaxb.getRequestors().getRequestor().add(jaxb2);
                    }
                }
                // CaHasUsers
                List<CaHasUserEntry> caHasUsers = queryExecutor.getCaHasUsersForCa(name, idNameMap);
                if (CollectionUtil.isNonEmpty(caHasUsers)) {
                    jaxb.setUsers(new CaType.Users());
                    List<CaHasUserType> list2 = jaxb.getUsers().getUser();
                    for (CaHasUserEntry m : caHasUsers) {
                        String username = m.getUserIdent().getName();
                        CaHasUserType jaxb2 = new CaHasUserType();
                        jaxb2.setUserName(username);
                        jaxb2.setPermission(m.getPermission());
                        jaxb2.setProfiles(createStrings(m.getProfiles()));
                        list2.add(jaxb2);
                        if (includeUserNames.contains(username)) {
                            continue;
                        }
                        // add also the user to the users
                        UserEntry userEntry = queryExecutor.getUser(username);
                        UserType jaxb3 = new UserType();
                        if (!userEntry.isActive()) {
                            jaxb3.setActive(Boolean.FALSE);
                        }
                        jaxb3.setName(username);
                        jaxb3.setHashedPassword(userEntry.getHashedPassword());
                        users.add(jaxb3);
                        includeUserNames.add(username);
                    }
                }
                X509CaEntry entry = x509cas.get(name).getCaInfo().getCaEntry();
                X509CaInfoType ciJaxb = new X509CaInfoType();
                ciJaxb.setCacertUris(createStrings(entry.getCaCertUris()));
                byte[] certBytes;
                try {
                    certBytes = entry.getCert().getEncoded();
                } catch (CertificateEncodingException ex) {
                    throw new CaMgmtException(concat("could not encode CA certificate ", name));
                }
                ciJaxb.setCert(createFileOrBinary(zipStream, certBytes, concat("files/ca-", name, "-cert.der")));
                if (entry.getCmpControlName() != null) {
                    includeCmpControlNames.add(entry.getCmpControlName());
                    ciJaxb.setCmpcontrolName(entry.getCmpControlName());
                }
                if (entry.getCrlSignerName() != null) {
                    includeCrlSignerNames.add(entry.getCrlSignerName());
                    ciJaxb.setCrlsignerName(entry.getCrlSignerName());
                }
                ciJaxb.setCrlUris(createStrings(entry.getCrlUris()));
                ciJaxb.setDeltacrlUris(createStrings(entry.getDeltaCrlUris()));
                ciJaxb.setDuplicateKey(entry.isDuplicateKeyPermitted());
                ciJaxb.setDuplicateSubject(entry.isDuplicateSubjectPermitted());
                ciJaxb.setExpirationPeriod(entry.getExpirationPeriod());
                if (entry.getExtraControl() != null) {
                    ciJaxb.setExtraControl(createFileOrValue(zipStream, entry.getExtraControl().getEncoded(), concat("files/ca-", name, "-extracontrol.conf")));
                }
                ciJaxb.setKeepExpiredCertDays(entry.getKeepExpiredCertInDays());
                ciJaxb.setMaxValidity(entry.getMaxValidity().toString());
                ciJaxb.setNextCrlNo(entry.getNextCrlNumber());
                ciJaxb.setNumCrls(entry.getNumCrls());
                ciJaxb.setOcspUris(createStrings(entry.getOcspUris()));
                ciJaxb.setPermission(entry.getPermission());
                if (entry.getResponderName() != null) {
                    includeResponderNames.add(entry.getResponderName());
                    ciJaxb.setResponderName(entry.getResponderName());
                }
                ciJaxb.setSaveReq(entry.isSaveRequest());
                ciJaxb.setSignerConf(createFileOrValue(zipStream, entry.getSignerConf(), concat("files/ca-", name, "-signerconf.conf")));
                ciJaxb.setSignerType(entry.getSignerType());
                ciJaxb.setSnSize(entry.getSerialNoBitLen());
                ciJaxb.setStatus(entry.getStatus().getStatus());
                ciJaxb.setValidityMode(entry.getValidityMode().name());
                jaxb.setCaInfo(new CaType.CaInfo());
                jaxb.getCaInfo().setX509Ca(ciJaxb);
                list.add(jaxb);
            }
            if (!list.isEmpty()) {
                root.setCas(new CAConfType.Cas());
                root.getCas().getCa().addAll(list);
            }
        }
        // clear the users if the list is empty
        if (users.isEmpty()) {
            root.setUsers(null);
        }
        // cmp controls
        if (CollectionUtil.isNonEmpty(cmpControlDbEntries)) {
            List<CmpcontrolType> list = new LinkedList<>();
            for (String name : cmpControlDbEntries.keySet()) {
                if (!includeCmpControlNames.contains(name)) {
                    continue;
                }
                CmpcontrolType jaxb = new CmpcontrolType();
                CmpControlEntry entry = cmpControlDbEntries.get(name);
                jaxb.setName(name);
                jaxb.setConf(createFileOrValue(zipStream, entry.getConf(), concat("files/cmpcontrol-", name, ".conf")));
                list.add(jaxb);
            }
            if (!list.isEmpty()) {
                root.setCmpcontrols(new CAConfType.Cmpcontrols());
                root.getCmpcontrols().getCmpcontrol().addAll(list);
            }
        }
        // environments
        Set<String> names = envParameterResolver.allParameterNames();
        if (CollectionUtil.isNonEmpty(names)) {
            List<NameValueType> list = new LinkedList<>();
            for (String name : names) {
                if (ENV_EPOCH.equalsIgnoreCase(name)) {
                    continue;
                }
                NameValueType jaxb = new NameValueType();
                jaxb.setName(name);
                jaxb.setValue(envParameterResolver.getParameter(name));
                list.add(jaxb);
            }
            if (!list.isEmpty()) {
                root.setEnvironments(new CAConfType.Environments());
                root.getEnvironments().getEnvironment().addAll(list);
            }
        }
        // crlsigners
        if (CollectionUtil.isNonEmpty(crlSignerDbEntries)) {
            List<CrlsignerType> list = new LinkedList<>();
            for (String name : crlSignerDbEntries.keySet()) {
                if (!includeCrlSignerNames.contains(name)) {
                    continue;
                }
                X509CrlSignerEntry entry = crlSignerDbEntries.get(name);
                CrlsignerType jaxb = new CrlsignerType();
                jaxb.setName(name);
                jaxb.setSignerType(entry.getType());
                jaxb.setSignerConf(createFileOrValue(zipStream, entry.getConf(), concat("files/crlsigner-", name, ".conf")));
                jaxb.setSignerCert(createFileOrBase64Value(zipStream, entry.getBase64Cert(), concat("files/crlsigner-", name, ".der")));
                jaxb.setCrlControl(entry.crlControl());
                list.add(jaxb);
            }
            if (!list.isEmpty()) {
                root.setCrlsigners(new CAConfType.Crlsigners());
                root.getCrlsigners().getCrlsigner().addAll(list);
            }
        }
        // requestors
        if (CollectionUtil.isNonEmpty(requestorDbEntries)) {
            List<RequestorType> list = new LinkedList<>();
            for (String name : requestorDbEntries.keySet()) {
                if (!includeRequestorNames.contains(name)) {
                    continue;
                }
                RequestorEntry entry = requestorDbEntries.get(name);
                RequestorType jaxb = new RequestorType();
                jaxb.setName(name);
                jaxb.setCert(createFileOrBase64Value(zipStream, entry.getBase64Cert(), concat("files/requestor-", name, ".der")));
                list.add(jaxb);
            }
            if (!list.isEmpty()) {
                root.setRequestors(new CAConfType.Requestors());
                root.getRequestors().getRequestor().addAll(list);
            }
        }
        // publishers
        if (CollectionUtil.isNonEmpty(publisherDbEntries)) {
            List<PublisherType> list = new LinkedList<>();
            for (String name : publisherDbEntries.keySet()) {
                if (!includePublisherNames.contains(name)) {
                    continue;
                }
                PublisherEntry entry = publisherDbEntries.get(name);
                PublisherType jaxb = new PublisherType();
                jaxb.setName(name);
                jaxb.setType(entry.getType());
                jaxb.setConf(createFileOrValue(zipStream, entry.getConf(), concat("files/publisher-", name, ".conf")));
                list.add(jaxb);
            }
            if (!list.isEmpty()) {
                root.setPublishers(new CAConfType.Publishers());
                root.getPublishers().getPublisher().addAll(list);
            }
        }
        // profiles
        if (CollectionUtil.isNonEmpty(certprofileDbEntries)) {
            List<ProfileType> list = new LinkedList<>();
            for (String name : certprofileDbEntries.keySet()) {
                if (!includeProfileNames.contains(name)) {
                    continue;
                }
                CertprofileEntry entry = certprofileDbEntries.get(name);
                ProfileType jaxb = new ProfileType();
                jaxb.setName(name);
                jaxb.setType(entry.getType());
                jaxb.setConf(createFileOrValue(zipStream, entry.getConf(), concat("files/certprofile-", name, ".conf")));
                list.add(jaxb);
            }
            if (!list.isEmpty()) {
                root.setProfiles(new CAConfType.Profiles());
                root.getProfiles().getProfile().addAll(list);
            }
        }
        // sceps
        if (CollectionUtil.isNonEmpty(scepDbEntries)) {
            List<ScepType> list = new LinkedList<>();
            for (String name : scepDbEntries.keySet()) {
                ScepEntry entry = scepDbEntries.get(name);
                String caName = entry.getCaIdent().getName();
                if (!caNames.contains(caName)) {
                    continue;
                }
                String responderName = entry.getResponderName();
                includeResponderNames.add(responderName);
                ScepType jaxb = new ScepType();
                jaxb.setName(name);
                jaxb.setCaName(caName);
                jaxb.setResponderName(responderName);
                jaxb.setProfiles(createStrings(entry.getCertProfiles()));
                jaxb.setControl(entry.getControl());
                list.add(jaxb);
            }
            if (!list.isEmpty()) {
                root.setSceps(new CAConfType.Sceps());
                root.getSceps().getScep().addAll(list);
            }
        }
        // responders
        if (CollectionUtil.isNonEmpty(responderDbEntries)) {
            List<ResponderType> list = new LinkedList<>();
            for (String name : responderDbEntries.keySet()) {
                if (!includeResponderNames.contains(name)) {
                    continue;
                }
                ResponderEntry entry = responderDbEntries.get(name);
                ResponderType jaxb = new ResponderType();
                jaxb.setName(name);
                jaxb.setType(entry.getType());
                jaxb.setConf(createFileOrValue(zipStream, entry.getConf(), concat("files/responder-", name, ".conf")));
                jaxb.setCert(createFileOrBase64Value(zipStream, entry.getBase64Cert(), concat("files/responder-", name, ".der")));
                list.add(jaxb);
            }
            if (!list.isEmpty()) {
                root.setResponders(new CAConfType.Responders());
                root.getResponders().getResponder().addAll(list);
            }
        }
        // add the CAConf XML file
        ByteArrayOutputStream bout = new ByteArrayOutputStream();
        try {
            CaConf.marshal(root, bout);
        } catch (JAXBException | SAXException ex) {
            LogUtil.error(LOG, ex, "could not marshal CAConf");
            throw new CaMgmtException(concat("could not marshal CAConf: ", ex.getMessage()), ex);
        } finally {
            bout.flush();
        }
        zipStream.putNextEntry(new ZipEntry("caconf.xml"));
        try {
            zipStream.write(bout.toByteArray());
        } finally {
            zipStream.closeEntry();
        }
    } finally {
        zipStream.close();
    }
}
Also used : CaHasUserEntry(org.xipki.ca.server.mgmt.api.CaHasUserEntry) CmpcontrolType(org.xipki.ca.server.mgmt.api.conf.jaxb.CmpcontrolType) NameValueType(org.xipki.ca.server.mgmt.api.conf.jaxb.NameValueType) PublisherType(org.xipki.ca.server.mgmt.api.conf.jaxb.PublisherType) ArrayList(java.util.ArrayList) CaHasRequestorType(org.xipki.ca.server.mgmt.api.conf.jaxb.CaHasRequestorType) RequestorType(org.xipki.ca.server.mgmt.api.conf.jaxb.RequestorType) CaHasRequestorType(org.xipki.ca.server.mgmt.api.conf.jaxb.CaHasRequestorType) CaType(org.xipki.ca.server.mgmt.api.conf.jaxb.CaType) SAXException(org.xml.sax.SAXException) PublisherEntry(org.xipki.ca.server.mgmt.api.PublisherEntry) CmpControlEntry(org.xipki.ca.server.mgmt.api.CmpControlEntry) ResponderEntry(org.xipki.ca.server.mgmt.api.ResponderEntry) HashSet(java.util.HashSet) JAXBException(javax.xml.bind.JAXBException) CAConfType(org.xipki.ca.server.mgmt.api.conf.jaxb.CAConfType) ResponderType(org.xipki.ca.server.mgmt.api.conf.jaxb.ResponderType) LinkedList(java.util.LinkedList) ChangeScepEntry(org.xipki.ca.server.mgmt.api.x509.ChangeScepEntry) ScepEntry(org.xipki.ca.server.mgmt.api.x509.ScepEntry) File(java.io.File) CaHasUserType(org.xipki.ca.server.mgmt.api.conf.jaxb.CaHasUserType) UserType(org.xipki.ca.server.mgmt.api.conf.jaxb.UserType) CrlsignerType(org.xipki.ca.server.mgmt.api.conf.jaxb.CrlsignerType) X509CaEntry(org.xipki.ca.server.mgmt.api.x509.X509CaEntry) ScepType(org.xipki.ca.server.mgmt.api.conf.jaxb.ScepType) RequestorEntry(org.xipki.ca.server.mgmt.api.RequestorEntry) CaHasRequestorEntry(org.xipki.ca.server.mgmt.api.CaHasRequestorEntry) ZipEntry(java.util.zip.ZipEntry) X509CrlSignerEntry(org.xipki.ca.server.mgmt.api.x509.X509CrlSignerEntry) ProfileType(org.xipki.ca.server.mgmt.api.conf.jaxb.ProfileType) CertificateEncodingException(java.security.cert.CertificateEncodingException) IOException(java.io.IOException) ByteArrayOutputStream(java.io.ByteArrayOutputStream) CertprofileEntry(org.xipki.ca.server.mgmt.api.CertprofileEntry) CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException) ZipOutputStream(java.util.zip.ZipOutputStream) CaHasUserType(org.xipki.ca.server.mgmt.api.conf.jaxb.CaHasUserType) X509CaInfoType(org.xipki.ca.server.mgmt.api.conf.jaxb.X509CaInfoType) AddUserEntry(org.xipki.ca.server.mgmt.api.AddUserEntry) UserEntry(org.xipki.ca.server.mgmt.api.UserEntry) CaHasUserEntry(org.xipki.ca.server.mgmt.api.CaHasUserEntry) ChangeUserEntry(org.xipki.ca.server.mgmt.api.ChangeUserEntry) CaHasRequestorEntry(org.xipki.ca.server.mgmt.api.CaHasRequestorEntry)

Example 2 with CAConfType

use of org.xipki.ca.server.mgmt.api.conf.jaxb.CAConfType in project xipki by xipki.

the class CaConf method init.

private void init(File confFile, SecurityFactory securityFactory) throws IOException, InvalidConfException, CaMgmtException, JAXBException, SAXException {
    confFile = IoUtil.expandFilepath(confFile);
    String confFilename = confFile.getName();
    int fileExtIndex = confFilename.lastIndexOf('.');
    String fileExt = null;
    if (fileExtIndex != -1) {
        fileExt = confFilename.substring(fileExtIndex + 1);
    }
    ZipFile zipFile = null;
    InputStream caConfStream = null;
    try {
        if ("xml".equalsIgnoreCase(fileExt)) {
            LOG.info("read the configuration file {} as an XML file", confFilename);
            caConfStream = new FileInputStream(confFile);
        } else if ("zip".equalsIgnoreCase(fileExt)) {
            LOG.info("read the configuration file {} as a ZIP file", confFilename);
            zipFile = new ZipFile(confFile);
            caConfStream = zipFile.getInputStream(zipFile.getEntry("caconf.xml"));
        } else {
            try {
                LOG.info("try to read the configuration file {} as a ZIP file", confFilename);
                zipFile = new ZipFile(confFile);
                caConfStream = zipFile.getInputStream(zipFile.getEntry("caconf.xml"));
            } catch (ZipException ex) {
                LOG.info("the configuration file {} is not a ZIP file, try as an XML file", confFilename);
                zipFile = null;
                caConfStream = new FileInputStream(confFile);
            }
        }
        String baseDir = (zipFile == null) ? null : confFile.getParentFile().getPath();
        JAXBContext context = JAXBContext.newInstance(ObjectFactory.class);
        SchemaFactory schemaFact = SchemaFactory.newInstance(javax.xml.XMLConstants.W3C_XML_SCHEMA_NS_URI);
        URL url = CaConf.class.getResource("/xsd/caconf.xsd");
        Unmarshaller jaxbUnmarshaller = context.createUnmarshaller();
        jaxbUnmarshaller.setSchema(schemaFact.newSchema(url));
        CAConfType root = (CAConfType) ((JAXBElement<?>) jaxbUnmarshaller.unmarshal(caConfStream)).getValue();
        init(root, baseDir, zipFile, securityFactory);
    } catch (JAXBException ex) {
        throw XmlUtil.convert(ex);
    } finally {
        if (caConfStream != null) {
            try {
                caConfStream.close();
            } catch (IOException ex) {
                LOG.info("could not clonse caConfStream", ex.getMessage());
            }
        }
        if (zipFile != null) {
            try {
                zipFile.close();
            } catch (IOException ex) {
                LOG.info("could not clonse zipFile", ex.getMessage());
            }
        }
    }
}
Also used : SchemaFactory(javax.xml.validation.SchemaFactory) FileInputStream(java.io.FileInputStream) InputStream(java.io.InputStream) JAXBException(javax.xml.bind.JAXBException) CAConfType(org.xipki.ca.server.mgmt.api.conf.jaxb.CAConfType) ZipException(java.util.zip.ZipException) JAXBContext(javax.xml.bind.JAXBContext) IOException(java.io.IOException) FileInputStream(java.io.FileInputStream) URL(java.net.URL) ZipFile(java.util.zip.ZipFile) Unmarshaller(javax.xml.bind.Unmarshaller)

Aggregations

IOException (java.io.IOException)2 JAXBException (javax.xml.bind.JAXBException)2 CAConfType (org.xipki.ca.server.mgmt.api.conf.jaxb.CAConfType)2 ByteArrayOutputStream (java.io.ByteArrayOutputStream)1 File (java.io.File)1 FileInputStream (java.io.FileInputStream)1 InputStream (java.io.InputStream)1 URL (java.net.URL)1 CertificateEncodingException (java.security.cert.CertificateEncodingException)1 ArrayList (java.util.ArrayList)1 HashSet (java.util.HashSet)1 LinkedList (java.util.LinkedList)1 ZipEntry (java.util.zip.ZipEntry)1 ZipException (java.util.zip.ZipException)1 ZipFile (java.util.zip.ZipFile)1 ZipOutputStream (java.util.zip.ZipOutputStream)1 JAXBContext (javax.xml.bind.JAXBContext)1 Unmarshaller (javax.xml.bind.Unmarshaller)1 SchemaFactory (javax.xml.validation.SchemaFactory)1 AddUserEntry (org.xipki.ca.server.mgmt.api.AddUserEntry)1