use of org.xipki.ca.server.mgmt.api.conf.jaxb.X509CaInfoType in project xipki by xipki.
the class CaManagerImpl method exportConf.
@Override
public void exportConf(String zipFilename, List<String> caNames) throws CaMgmtException, IOException {
ParamUtil.requireNonBlank("zipFilename", zipFilename);
if (!caSystemSetuped) {
throw new CaMgmtException("CA system is not initialized yet.");
}
zipFilename = IoUtil.expandFilepath(zipFilename);
if (caNames != null) {
List<String> tmpCaNames = new ArrayList<>(caNames.size());
for (String name : caNames) {
name = name.toLowerCase();
if (x509cas.containsKey(name)) {
tmpCaNames.add(name);
}
}
caNames = tmpCaNames;
} else {
List<String> tmpCaNames = new ArrayList<>(x509cas.size());
for (String name : x509cas.keySet()) {
tmpCaNames.add(name);
}
caNames = tmpCaNames;
}
File zipFile = new File(zipFilename);
if (zipFile.exists()) {
throw new IOException(concat("File ", zipFilename, " exists."));
}
File parentFile = zipFile.getParentFile();
if (parentFile != null && !parentFile.exists()) {
parentFile.mkdirs();
}
CAConfType root = new CAConfType();
root.setVersion(1);
ZipOutputStream zipStream = getZipOutputStream(zipFile);
try {
Set<String> includeCmpControlNames = new HashSet<>();
Set<String> includeResponderNames = new HashSet<>();
Set<String> includeRequestorNames = new HashSet<>();
Set<String> includeProfileNames = new HashSet<>();
Set<String> includePublisherNames = new HashSet<>();
Set<String> includeCrlSignerNames = new HashSet<>();
Set<String> includeUserNames = new HashSet<>();
// users
root.setUsers(new CAConfType.Users());
List<UserType> users = root.getUsers().getUser();
// cas
if (CollectionUtil.isNonEmpty(caNames)) {
List<CaType> list = new LinkedList<>();
for (String name : x509cas.keySet()) {
if (!caNames.contains(name)) {
continue;
}
CaType jaxb = new CaType();
jaxb.setName(name);
Set<String> strs = getAliasesForCa(name);
if (CollectionUtil.isNonEmpty(strs)) {
jaxb.setAliases(createStrings(strs));
}
strs = caHasProfiles.get(name);
if (CollectionUtil.isNonEmpty(strs)) {
includeProfileNames.addAll(strs);
jaxb.setProfiles(createStrings(strs));
}
strs = caHasPublishers.get(name);
if (CollectionUtil.isNonEmpty(strs)) {
includePublisherNames.addAll(strs);
jaxb.setPublishers(createStrings(strs));
}
// CaHasRequestors
Set<CaHasRequestorEntry> requestors = caHasRequestors.get(name);
if (CollectionUtil.isNonEmpty(requestors)) {
jaxb.setRequestors(new CaType.Requestors());
for (CaHasRequestorEntry m : requestors) {
String requestorName = m.getRequestorIdent().getName();
includeRequestorNames.add(requestorName);
CaHasRequestorType jaxb2 = new CaHasRequestorType();
jaxb2.setRequestorName(requestorName);
jaxb2.setRa(m.isRa());
jaxb2.setProfiles(createStrings(m.getProfiles()));
jaxb2.setPermission(m.getPermission());
jaxb.getRequestors().getRequestor().add(jaxb2);
}
}
// CaHasUsers
List<CaHasUserEntry> caHasUsers = queryExecutor.getCaHasUsersForCa(name, idNameMap);
if (CollectionUtil.isNonEmpty(caHasUsers)) {
jaxb.setUsers(new CaType.Users());
List<CaHasUserType> list2 = jaxb.getUsers().getUser();
for (CaHasUserEntry m : caHasUsers) {
String username = m.getUserIdent().getName();
CaHasUserType jaxb2 = new CaHasUserType();
jaxb2.setUserName(username);
jaxb2.setPermission(m.getPermission());
jaxb2.setProfiles(createStrings(m.getProfiles()));
list2.add(jaxb2);
if (includeUserNames.contains(username)) {
continue;
}
// add also the user to the users
UserEntry userEntry = queryExecutor.getUser(username);
UserType jaxb3 = new UserType();
if (!userEntry.isActive()) {
jaxb3.setActive(Boolean.FALSE);
}
jaxb3.setName(username);
jaxb3.setHashedPassword(userEntry.getHashedPassword());
users.add(jaxb3);
includeUserNames.add(username);
}
}
X509CaEntry entry = x509cas.get(name).getCaInfo().getCaEntry();
X509CaInfoType ciJaxb = new X509CaInfoType();
ciJaxb.setCacertUris(createStrings(entry.getCaCertUris()));
byte[] certBytes;
try {
certBytes = entry.getCert().getEncoded();
} catch (CertificateEncodingException ex) {
throw new CaMgmtException(concat("could not encode CA certificate ", name));
}
ciJaxb.setCert(createFileOrBinary(zipStream, certBytes, concat("files/ca-", name, "-cert.der")));
if (entry.getCmpControlName() != null) {
includeCmpControlNames.add(entry.getCmpControlName());
ciJaxb.setCmpcontrolName(entry.getCmpControlName());
}
if (entry.getCrlSignerName() != null) {
includeCrlSignerNames.add(entry.getCrlSignerName());
ciJaxb.setCrlsignerName(entry.getCrlSignerName());
}
ciJaxb.setCrlUris(createStrings(entry.getCrlUris()));
ciJaxb.setDeltacrlUris(createStrings(entry.getDeltaCrlUris()));
ciJaxb.setDuplicateKey(entry.isDuplicateKeyPermitted());
ciJaxb.setDuplicateSubject(entry.isDuplicateSubjectPermitted());
ciJaxb.setExpirationPeriod(entry.getExpirationPeriod());
if (entry.getExtraControl() != null) {
ciJaxb.setExtraControl(createFileOrValue(zipStream, entry.getExtraControl().getEncoded(), concat("files/ca-", name, "-extracontrol.conf")));
}
ciJaxb.setKeepExpiredCertDays(entry.getKeepExpiredCertInDays());
ciJaxb.setMaxValidity(entry.getMaxValidity().toString());
ciJaxb.setNextCrlNo(entry.getNextCrlNumber());
ciJaxb.setNumCrls(entry.getNumCrls());
ciJaxb.setOcspUris(createStrings(entry.getOcspUris()));
ciJaxb.setPermission(entry.getPermission());
if (entry.getResponderName() != null) {
includeResponderNames.add(entry.getResponderName());
ciJaxb.setResponderName(entry.getResponderName());
}
ciJaxb.setSaveReq(entry.isSaveRequest());
ciJaxb.setSignerConf(createFileOrValue(zipStream, entry.getSignerConf(), concat("files/ca-", name, "-signerconf.conf")));
ciJaxb.setSignerType(entry.getSignerType());
ciJaxb.setSnSize(entry.getSerialNoBitLen());
ciJaxb.setStatus(entry.getStatus().getStatus());
ciJaxb.setValidityMode(entry.getValidityMode().name());
jaxb.setCaInfo(new CaType.CaInfo());
jaxb.getCaInfo().setX509Ca(ciJaxb);
list.add(jaxb);
}
if (!list.isEmpty()) {
root.setCas(new CAConfType.Cas());
root.getCas().getCa().addAll(list);
}
}
// clear the users if the list is empty
if (users.isEmpty()) {
root.setUsers(null);
}
// cmp controls
if (CollectionUtil.isNonEmpty(cmpControlDbEntries)) {
List<CmpcontrolType> list = new LinkedList<>();
for (String name : cmpControlDbEntries.keySet()) {
if (!includeCmpControlNames.contains(name)) {
continue;
}
CmpcontrolType jaxb = new CmpcontrolType();
CmpControlEntry entry = cmpControlDbEntries.get(name);
jaxb.setName(name);
jaxb.setConf(createFileOrValue(zipStream, entry.getConf(), concat("files/cmpcontrol-", name, ".conf")));
list.add(jaxb);
}
if (!list.isEmpty()) {
root.setCmpcontrols(new CAConfType.Cmpcontrols());
root.getCmpcontrols().getCmpcontrol().addAll(list);
}
}
// environments
Set<String> names = envParameterResolver.allParameterNames();
if (CollectionUtil.isNonEmpty(names)) {
List<NameValueType> list = new LinkedList<>();
for (String name : names) {
if (ENV_EPOCH.equalsIgnoreCase(name)) {
continue;
}
NameValueType jaxb = new NameValueType();
jaxb.setName(name);
jaxb.setValue(envParameterResolver.getParameter(name));
list.add(jaxb);
}
if (!list.isEmpty()) {
root.setEnvironments(new CAConfType.Environments());
root.getEnvironments().getEnvironment().addAll(list);
}
}
// crlsigners
if (CollectionUtil.isNonEmpty(crlSignerDbEntries)) {
List<CrlsignerType> list = new LinkedList<>();
for (String name : crlSignerDbEntries.keySet()) {
if (!includeCrlSignerNames.contains(name)) {
continue;
}
X509CrlSignerEntry entry = crlSignerDbEntries.get(name);
CrlsignerType jaxb = new CrlsignerType();
jaxb.setName(name);
jaxb.setSignerType(entry.getType());
jaxb.setSignerConf(createFileOrValue(zipStream, entry.getConf(), concat("files/crlsigner-", name, ".conf")));
jaxb.setSignerCert(createFileOrBase64Value(zipStream, entry.getBase64Cert(), concat("files/crlsigner-", name, ".der")));
jaxb.setCrlControl(entry.crlControl());
list.add(jaxb);
}
if (!list.isEmpty()) {
root.setCrlsigners(new CAConfType.Crlsigners());
root.getCrlsigners().getCrlsigner().addAll(list);
}
}
// requestors
if (CollectionUtil.isNonEmpty(requestorDbEntries)) {
List<RequestorType> list = new LinkedList<>();
for (String name : requestorDbEntries.keySet()) {
if (!includeRequestorNames.contains(name)) {
continue;
}
RequestorEntry entry = requestorDbEntries.get(name);
RequestorType jaxb = new RequestorType();
jaxb.setName(name);
jaxb.setCert(createFileOrBase64Value(zipStream, entry.getBase64Cert(), concat("files/requestor-", name, ".der")));
list.add(jaxb);
}
if (!list.isEmpty()) {
root.setRequestors(new CAConfType.Requestors());
root.getRequestors().getRequestor().addAll(list);
}
}
// publishers
if (CollectionUtil.isNonEmpty(publisherDbEntries)) {
List<PublisherType> list = new LinkedList<>();
for (String name : publisherDbEntries.keySet()) {
if (!includePublisherNames.contains(name)) {
continue;
}
PublisherEntry entry = publisherDbEntries.get(name);
PublisherType jaxb = new PublisherType();
jaxb.setName(name);
jaxb.setType(entry.getType());
jaxb.setConf(createFileOrValue(zipStream, entry.getConf(), concat("files/publisher-", name, ".conf")));
list.add(jaxb);
}
if (!list.isEmpty()) {
root.setPublishers(new CAConfType.Publishers());
root.getPublishers().getPublisher().addAll(list);
}
}
// profiles
if (CollectionUtil.isNonEmpty(certprofileDbEntries)) {
List<ProfileType> list = new LinkedList<>();
for (String name : certprofileDbEntries.keySet()) {
if (!includeProfileNames.contains(name)) {
continue;
}
CertprofileEntry entry = certprofileDbEntries.get(name);
ProfileType jaxb = new ProfileType();
jaxb.setName(name);
jaxb.setType(entry.getType());
jaxb.setConf(createFileOrValue(zipStream, entry.getConf(), concat("files/certprofile-", name, ".conf")));
list.add(jaxb);
}
if (!list.isEmpty()) {
root.setProfiles(new CAConfType.Profiles());
root.getProfiles().getProfile().addAll(list);
}
}
// sceps
if (CollectionUtil.isNonEmpty(scepDbEntries)) {
List<ScepType> list = new LinkedList<>();
for (String name : scepDbEntries.keySet()) {
ScepEntry entry = scepDbEntries.get(name);
String caName = entry.getCaIdent().getName();
if (!caNames.contains(caName)) {
continue;
}
String responderName = entry.getResponderName();
includeResponderNames.add(responderName);
ScepType jaxb = new ScepType();
jaxb.setName(name);
jaxb.setCaName(caName);
jaxb.setResponderName(responderName);
jaxb.setProfiles(createStrings(entry.getCertProfiles()));
jaxb.setControl(entry.getControl());
list.add(jaxb);
}
if (!list.isEmpty()) {
root.setSceps(new CAConfType.Sceps());
root.getSceps().getScep().addAll(list);
}
}
// responders
if (CollectionUtil.isNonEmpty(responderDbEntries)) {
List<ResponderType> list = new LinkedList<>();
for (String name : responderDbEntries.keySet()) {
if (!includeResponderNames.contains(name)) {
continue;
}
ResponderEntry entry = responderDbEntries.get(name);
ResponderType jaxb = new ResponderType();
jaxb.setName(name);
jaxb.setType(entry.getType());
jaxb.setConf(createFileOrValue(zipStream, entry.getConf(), concat("files/responder-", name, ".conf")));
jaxb.setCert(createFileOrBase64Value(zipStream, entry.getBase64Cert(), concat("files/responder-", name, ".der")));
list.add(jaxb);
}
if (!list.isEmpty()) {
root.setResponders(new CAConfType.Responders());
root.getResponders().getResponder().addAll(list);
}
}
// add the CAConf XML file
ByteArrayOutputStream bout = new ByteArrayOutputStream();
try {
CaConf.marshal(root, bout);
} catch (JAXBException | SAXException ex) {
LogUtil.error(LOG, ex, "could not marshal CAConf");
throw new CaMgmtException(concat("could not marshal CAConf: ", ex.getMessage()), ex);
} finally {
bout.flush();
}
zipStream.putNextEntry(new ZipEntry("caconf.xml"));
try {
zipStream.write(bout.toByteArray());
} finally {
zipStream.closeEntry();
}
} finally {
zipStream.close();
}
}
use of org.xipki.ca.server.mgmt.api.conf.jaxb.X509CaInfoType in project xipki by xipki.
the class CaConf method init.
private void init(CAConfType jaxb, String baseDir, ZipFile zipFile, SecurityFactory securityFactory) throws IOException, InvalidConfException, CaMgmtException {
// Properties
if (baseDir != null) {
properties.put("baseDir", baseDir);
}
if (jaxb.getProperties() != null) {
for (NameValueType m : jaxb.getProperties().getProperty()) {
String name = m.getName();
if (properties.containsKey(name)) {
throw new InvalidConfException("Property " + name + " already defined");
}
properties.put(name, m.getValue());
}
}
// CMP controls
if (jaxb.getCmpcontrols() != null) {
for (CmpcontrolType m : jaxb.getCmpcontrols().getCmpcontrol()) {
CmpControlEntry en = new CmpControlEntry(m.getName(), getValue(m.getConf(), zipFile));
addCmpControl(en);
}
}
// Responders
if (jaxb.getResponders() != null) {
for (ResponderType m : jaxb.getResponders().getResponder()) {
ResponderEntry en = new ResponderEntry(m.getName(), expandConf(m.getType()), getValue(m.getConf(), zipFile), getBase64Binary(m.getCert(), zipFile));
addResponder(en);
}
}
// Environments
if (jaxb.getEnvironments() != null) {
for (NameValueType m : jaxb.getEnvironments().getEnvironment()) {
addEnvironment(m.getName(), expandConf(m.getValue()));
}
}
// CRL signers
if (jaxb.getCrlsigners() != null) {
for (CrlsignerType m : jaxb.getCrlsigners().getCrlsigner()) {
X509CrlSignerEntry en = new X509CrlSignerEntry(m.getName(), expandConf(m.getSignerType()), getValue(m.getSignerConf(), zipFile), getBase64Binary(m.getSignerCert(), zipFile), expandConf(m.getCrlControl()));
addCrlSigner(en);
}
}
// Requestors
if (jaxb.getRequestors() != null) {
for (RequestorType m : jaxb.getRequestors().getRequestor()) {
RequestorEntry en = new RequestorEntry(new NameId(null, m.getName()), getBase64Binary(m.getCert(), zipFile));
addRequestor(en);
}
}
// Users
if (jaxb.getUsers() != null) {
for (UserType m : jaxb.getUsers().getUser()) {
boolean active = (m.isActive() != null) ? m.isActive() : true;
String password = m.getPassword();
if (password != null) {
AddUserEntry en = new AddUserEntry(new NameId(null, m.getName()), active, password);
addUser(en);
} else {
UserEntry en = new UserEntry(new NameId(null, m.getName()), active, m.getHashedPassword());
addUser(en);
}
}
}
// Publishers
if (jaxb.getPublishers() != null) {
for (PublisherType m : jaxb.getPublishers().getPublisher()) {
PublisherEntry en = new PublisherEntry(new NameId(null, m.getName()), expandConf(m.getType()), getValue(m.getConf(), zipFile));
addPublisher(en);
}
}
// CertProfiles
if (jaxb.getProfiles() != null) {
for (ProfileType m : jaxb.getProfiles().getProfile()) {
CertprofileEntry en = new CertprofileEntry(new NameId(null, m.getName()), expandConf(m.getType()), getValue(m.getConf(), zipFile));
addProfile(en);
}
}
// CAs
if (jaxb.getCas() != null) {
for (CaType m : jaxb.getCas().getCa()) {
String name = m.getName();
GenSelfIssued genSelfIssued = null;
X509CaEntry caEntry = null;
if (m.getCaInfo() != null) {
X509CaInfoType ci = m.getCaInfo().getX509Ca();
if (ci.getGenSelfIssued() != null) {
String certFilename = null;
if (ci.getCert() != null) {
if (ci.getCert().getFile() != null) {
certFilename = expandConf(ci.getCert().getFile());
} else {
throw new InvalidConfException("cert.file of CA " + name + " must not be null");
}
}
byte[] csr = getBinary(ci.getGenSelfIssued().getCsr(), zipFile);
BigInteger serialNumber = null;
String str = ci.getGenSelfIssued().getSerialNumber();
if (str != null) {
if (str.startsWith("0x") || str.startsWith("0X")) {
serialNumber = new BigInteger(str.substring(2), 16);
} else {
serialNumber = new BigInteger(str);
}
}
genSelfIssued = new GenSelfIssued(ci.getGenSelfIssued().getProfile(), csr, serialNumber, certFilename);
}
X509CaUris caUris = new X509CaUris(getStrings(ci.getCacertUris()), getStrings(ci.getOcspUris()), getStrings(ci.getCrlUris()), getStrings(ci.getDeltacrlUris()));
int exprirationPeriod = (ci.getExpirationPeriod() == null) ? 365 : ci.getExpirationPeriod().intValue();
int numCrls = (ci.getNumCrls() == null) ? 30 : ci.getNumCrls().intValue();
caEntry = new X509CaEntry(new NameId(null, name), ci.getSnSize(), ci.getNextCrlNo(), expandConf(ci.getSignerType()), getValue(ci.getSignerConf(), zipFile), caUris, numCrls, exprirationPeriod);
caEntry.setCmpControlName(ci.getCmpcontrolName());
caEntry.setCrlSignerName(ci.getCrlsignerName());
caEntry.setDuplicateKeyPermitted(ci.isDuplicateKey());
caEntry.setDuplicateSubjectPermitted(ci.isDuplicateSubject());
if (ci.getExtraControl() != null) {
String value = getValue(ci.getExtraControl(), zipFile);
if (value != null) {
caEntry.setExtraControl(new ConfPairs(value).unmodifiable());
}
}
int keepExpiredCertDays = (ci.getKeepExpiredCertDays() == null) ? -1 : ci.getKeepExpiredCertDays().intValue();
caEntry.setKeepExpiredCertInDays(keepExpiredCertDays);
caEntry.setMaxValidity(CertValidity.getInstance(ci.getMaxValidity()));
caEntry.setPermission(ci.getPermission());
caEntry.setResponderName(ci.getResponderName());
caEntry.setSaveRequest(ci.isSaveReq());
caEntry.setStatus(CaStatus.forName(ci.getStatus()));
if (ci.getValidityMode() != null) {
caEntry.setValidityMode(ValidityMode.forName(ci.getValidityMode()));
}
if (ci.getGenSelfIssued() == null) {
X509Certificate caCert;
if (ci.getCert() != null) {
byte[] bytes = getBinary(ci.getCert(), zipFile);
try {
caCert = X509Util.parseCert(bytes);
} catch (CertificateException ex) {
throw new InvalidConfException("invalid certificate of CA " + name, ex);
}
} else {
// extract from the signer configuration
ConcurrentContentSigner signer;
try {
List<String[]> signerConfs = CaEntry.splitCaSignerConfs(getValue(ci.getSignerConf(), zipFile));
SignerConf signerConf = new SignerConf(signerConfs.get(0)[1]);
signer = securityFactory.createSigner(expandConf(ci.getSignerType()), signerConf, (X509Certificate) null);
} catch (ObjectCreationException | XiSecurityException ex) {
throw new InvalidConfException("could not create CA signer for CA " + name, ex);
}
caCert = signer.getCertificate();
}
caEntry.setCert(caCert);
}
}
List<CaHasRequestorEntry> caHasRequestors = null;
if (m.getRequestors() != null) {
caHasRequestors = new LinkedList<>();
for (CaHasRequestorType req : m.getRequestors().getRequestor()) {
CaHasRequestorEntry en = new CaHasRequestorEntry(new NameId(null, req.getRequestorName()));
en.setRa(req.isRa());
List<String> strs = getStrings(req.getProfiles());
if (strs != null) {
en.setProfiles(new HashSet<>(strs));
}
en.setPermission(req.getPermission());
caHasRequestors.add(en);
}
}
List<CaHasUserEntry> caHasUsers = null;
if (m.getUsers() != null) {
caHasUsers = new LinkedList<>();
for (CaHasUserType req : m.getUsers().getUser()) {
CaHasUserEntry en = new CaHasUserEntry(new NameId(null, req.getUserName()));
en.setPermission(req.getPermission());
List<String> strs = getStrings(req.getProfiles());
if (strs != null) {
en.setProfiles(new HashSet<>(strs));
}
caHasUsers.add(en);
}
}
List<String> aliases = getStrings(m.getAliases());
List<String> profileNames = getStrings(m.getProfiles());
List<String> publisherNames = getStrings(m.getPublishers());
SingleCaConf singleCa = new SingleCaConf(name, genSelfIssued, caEntry, aliases, profileNames, caHasRequestors, caHasUsers, publisherNames);
addSingleCa(singleCa);
}
}
// SCEPs
if (jaxb.getSceps() != null) {
for (ScepType m : jaxb.getSceps().getScep()) {
String name = m.getName();
NameId caIdent = new NameId(null, m.getCaName());
List<String> certProfiles = getStrings(m.getProfiles());
ScepEntry dbEntry = new ScepEntry(name, caIdent, true, m.getResponderName(), new HashSet<>(certProfiles), m.getControl());
sceps.put(name, dbEntry);
}
}
}
Aggregations