Example 1 with CrlControl
use of org.xipki.ca.server.mgmt.api.x509.CrlControl in project xipki by xipki.
the class CaManagerQueryExecutor method changeCrlSigner.
// method changeResponder
X509CrlSignerEntryWrapper changeCrlSigner(String name, String signerType, String signerConf, String base64Cert, String crlControl, CaManagerImpl caManager, SecurityFactory securityFactory) throws CaMgmtException {
ParamUtil.requireNonBlank("name", name);
ParamUtil.requireNonNull("caManager", caManager);
StringBuilder sqlBuilder = new StringBuilder();
sqlBuilder.append("UPDATE CRLSIGNER SET ");
AtomicInteger index = new AtomicInteger(1);
Integer idxSignerType = addToSqlIfNotNull(sqlBuilder, index, signerType, "SIGNER_TYPE");
Integer idxSignerCert = addToSqlIfNotNull(sqlBuilder, index, base64Cert, "SIGNER_CERT");
Integer idxCrlControl = addToSqlIfNotNull(sqlBuilder, index, crlControl, "CRL_CONTROL");
Integer idxSignerConf = addToSqlIfNotNull(sqlBuilder, index, signerConf, "SIGNER_CONF");
sqlBuilder.deleteCharAt(sqlBuilder.length() - 1);
sqlBuilder.append(" WHERE NAME=?");
if (index.get() == 1) {
throw new IllegalArgumentException("nothing to change");
}
X509CrlSignerEntry dbEntry = createCrlSigner(name);
String tmpSignerType = (signerType == null) ? dbEntry.getType() : signerType;
String tmpCrlControl = crlControl;
String tmpSignerConf;
String tmpBase64Cert;
if ("CA".equalsIgnoreCase(tmpSignerType)) {
tmpSignerConf = null;
tmpBase64Cert = null;
} else {
if (signerConf == null) {
tmpSignerConf = dbEntry.getConf();
} else {
tmpSignerConf = CaManagerImpl.canonicalizeSignerConf(tmpSignerType, signerConf, null, securityFactory);
}
if (base64Cert == null) {
tmpBase64Cert = dbEntry.getBase64Cert();
} else {
tmpBase64Cert = base64Cert;
}
}
if (tmpCrlControl == null) {
tmpCrlControl = dbEntry.crlControl();
} else {
// validate crlControl
try {
new CrlControl(tmpCrlControl);
} catch (InvalidConfException ex) {
throw new CaMgmtException(concat("invalid CRL control '", tmpCrlControl, "'"));
}
}
try {
dbEntry = new X509CrlSignerEntry(name, tmpSignerType, tmpSignerConf, tmpBase64Cert, tmpCrlControl);
} catch (InvalidConfException ex) {
throw new CaMgmtException(ex);
}
X509CrlSignerEntryWrapper crlSigner = caManager.createX509CrlSigner(dbEntry);
final String sql = sqlBuilder.toString();
PreparedStatement ps = null;
try {
StringBuilder sb = new StringBuilder();
ps = prepareStatement(sql);
if (idxSignerType != null) {
sb.append("signerType: '").append(tmpSignerType).append("'; ");
ps.setString(idxSignerType, tmpSignerType);
}
if (idxSignerConf != null) {
String txt = getRealString(tmpSignerConf);
sb.append("signerConf: '").append(SignerConf.toString(txt, false, true)).append("'; ");
ps.setString(idxSignerConf, txt);
}
if (idxSignerCert != null) {
String txt = getRealString(tmpBase64Cert);
String subject = null;
if (txt != null) {
try {
subject = canonicalizName(X509Util.parseBase64EncodedCert(txt).getSubjectX500Principal());
} catch (CertificateException ex) {
subject = "ERROR";
}
}
sb.append("signerCert: '").append(subject).append("'; ");
ps.setString(idxSignerCert, txt);
}
if (idxCrlControl != null) {
sb.append("crlControl: '").append(tmpCrlControl).append("'; ");
ps.setString(idxCrlControl, tmpCrlControl);
}
ps.setString(index.get(), name);
if (ps.executeUpdate() == 0) {
throw new CaMgmtException("could not change CRL signer " + name);
}
if (sb.length() > 0) {
sb.deleteCharAt(sb.length() - 1).deleteCharAt(sb.length() - 1);
}
LOG.info("changed CRL signer '{}': {}", name, sb);
return crlSigner;
} catch (SQLException ex) {
throw new CaMgmtException(datasource, sql, ex);
} finally {
datasource.releaseResources(ps, null);
}
}
Also used :
CrlControl(org.xipki.ca.server.mgmt.api.x509.CrlControl)
SQLException(java.sql.SQLException)
InvalidConfException(org.xipki.common.InvalidConfException)
PreparedStatement(java.sql.PreparedStatement)
CertificateException(java.security.cert.CertificateException)
AtomicInteger(java.util.concurrent.atomic.AtomicInteger)
CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException)
AtomicInteger(java.util.concurrent.atomic.AtomicInteger)
X509CrlSignerEntry(org.xipki.ca.server.mgmt.api.x509.X509CrlSignerEntry)
Example 2 with CrlControl
use of org.xipki.ca.server.mgmt.api.x509.CrlControl in project xipki by xipki.
the class X509CrlSignerEntryWrapper method setDbEntry.
public void setDbEntry(X509CrlSignerEntry dbEntry) throws InvalidConfException {
this.dbEntry = dbEntry;
this.crlControl = new CrlControl(dbEntry.crlControl());
}
Also used :
CrlControl(org.xipki.ca.server.mgmt.api.x509.CrlControl)
Example 3 with CrlControl
use of org.xipki.ca.server.mgmt.api.x509.CrlControl in project xipki by xipki.
the class CrlSignerAddCmd method execute0.
@Override
protected Object execute0() throws Exception {
String base64Cert = null;
if (!"CA".equalsIgnoreCase(signerType)) {
if (signerCertFile != null) {
byte[] encodedCert = IoUtil.read(signerCertFile);
base64Cert = IoUtil.base64Encode(encodedCert, false);
X509Util.parseCert(encodedCert);
}
if (signerConf != null) {
if ("PKCS12".equalsIgnoreCase(signerType) || "JKS".equalsIgnoreCase(signerType)) {
signerConf = ShellUtil.canonicalizeSignerConf(signerType, signerConf, passwordResolver, securityFactory);
}
}
}
X509CrlSignerEntry entry = new X509CrlSignerEntry(name, signerType, signerConf, base64Cert, crlControl);
String msg = "CRL signer " + name;
try {
caManager.addCrlSigner(entry);
println("added " + msg);
return null;
} catch (CaMgmtException ex) {
throw new CmdFailure("could not add " + msg + ", error: " + ex.getMessage(), ex);
}
}
Also used :
CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException)
CmdFailure(org.xipki.console.karaf.CmdFailure)
X509CrlSignerEntry(org.xipki.ca.server.mgmt.api.x509.X509CrlSignerEntry)
Example 4 with CrlControl
use of org.xipki.ca.server.mgmt.api.x509.CrlControl in project xipki by xipki.
the class CrlSignerCheckCmd method execute0.
@Override
protected Object execute0() throws Exception {
X509ChangeCrlSignerEntry ey = getCrlSignerChangeEntry();
String name = ey.getName();
println("checking CRL signer " + name);
X509CrlSignerEntry cs = caManager.getCrlSigner(name);
if (cs == null) {
throw new CmdFailure("CRL signer named '" + name + "' is not configured");
}
if (ey.getSignerType() != null) {
MgmtQaShellUtil.assertEquals("signer type", ey.getSignerType(), cs.getType());
}
if (ey.getSignerConf() != null) {
MgmtQaShellUtil.assertEquals("signer conf", ey.getSignerConf(), cs.getConf());
}
if (ey.getCrlControl() != null) {
CrlControl ex = new CrlControl(ey.getCrlControl());
CrlControl is = new CrlControl(cs.crlControl());
if (!ex.equals(is)) {
throw new CmdFailure("CRL control: is '" + is.getConf() + "', but expected '" + ex.getConf() + "'");
}
}
if (ey.getBase64Cert() != null) {
MgmtQaShellUtil.assertEquals("certificate", ey.getBase64Cert(), cs.getBase64Cert());
}
println(" checked CRL signer " + name);
return null;
}
Also used :
CrlControl(org.xipki.ca.server.mgmt.api.x509.CrlControl)
CmdFailure(org.xipki.console.karaf.CmdFailure)
X509CrlSignerEntry(org.xipki.ca.server.mgmt.api.x509.X509CrlSignerEntry)
X509ChangeCrlSignerEntry(org.xipki.ca.server.mgmt.api.x509.X509ChangeCrlSignerEntry)
Example 5 with CrlControl
use of org.xipki.ca.server.mgmt.api.x509.CrlControl in project xipki by xipki.
the class CaManagerQueryExecutor method addCrlSigner.
// method addRequestorToCa
void addCrlSigner(X509CrlSignerEntry dbEntry) throws CaMgmtException {
ParamUtil.requireNonNull("dbEntry", dbEntry);
String crlControl = dbEntry.crlControl();
// validate crlControl
if (crlControl != null) {
try {
new CrlControl(crlControl);
} catch (InvalidConfException ex) {
throw new CaMgmtException(concat("invalid CRL control '", crlControl, "'"));
}
}
String name = dbEntry.getName();
String sql = "INSERT INTO CRLSIGNER (NAME,SIGNER_TYPE,SIGNER_CERT,CRL_CONTROL,SIGNER_CONF)" + " VALUES (?,?,?,?,?)";
PreparedStatement ps = null;
try {
ps = prepareStatement(sql);
int idx = 1;
ps.setString(idx++, name);
ps.setString(idx++, dbEntry.getType());
ps.setString(idx++, (dbEntry.getCert() == null) ? null : Base64.encodeToString(dbEntry.getCert().getEncoded()));
ps.setString(idx++, crlControl);
ps.setString(idx++, dbEntry.getConf());
if (ps.executeUpdate() == 0) {
throw new CaMgmtException("could not add CRL signer " + name);
}
LOG.info("added CRL signer '{}': {}", name, dbEntry.toString(false, true));
} catch (SQLException ex) {
throw new CaMgmtException(datasource, sql, ex);
} catch (CertificateEncodingException ex) {
throw new CaMgmtException(ex);
} finally {
datasource.releaseResources(ps, null);
}
}
Also used :
CrlControl(org.xipki.ca.server.mgmt.api.x509.CrlControl)
CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException)
SQLException(java.sql.SQLException)
InvalidConfException(org.xipki.common.InvalidConfException)
PreparedStatement(java.sql.PreparedStatement)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
Aggregations
CrlControl (org.xipki.ca.server.mgmt.api.x509.CrlControl)7
X509CrlSignerEntry (org.xipki.ca.server.mgmt.api.x509.X509CrlSignerEntry)4
CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)3
IssuingDistributionPoint (org.bouncycastle.asn1.x509.IssuingDistributionPoint)3
CaMgmtException (org.xipki.ca.server.mgmt.api.CaMgmtException)3
CertificateException (java.security.cert.CertificateException)2
PreparedStatement (java.sql.PreparedStatement)2
SQLException (java.sql.SQLException)2
Date (java.util.Date)2
X509ChangeCrlSignerEntry (org.xipki.ca.server.mgmt.api.x509.X509ChangeCrlSignerEntry)2
InvalidConfException (org.xipki.common.InvalidConfException)2
CmdFailure (org.xipki.console.karaf.CmdFailure)2
ByteArrayInputStream (java.io.ByteArrayInputStream)1
BigInteger (java.math.BigInteger)1
CRLException (java.security.cert.CRLException)1
CertificateEncodingException (java.security.cert.CertificateEncodingException)1
X509CRL (java.security.cert.X509CRL)1
ArrayList (java.util.ArrayList)1
Calendar (java.util.Calendar)1
LinkedList (java.util.LinkedList)1
