Search in sources :

Example 1 with CrlControl

use of org.xipki.ca.server.mgmt.api.x509.CrlControl in project xipki by xipki.

the class CaManagerQueryExecutor method changeCrlSigner.

// method changeResponder
X509CrlSignerEntryWrapper changeCrlSigner(String name, String signerType, String signerConf, String base64Cert, String crlControl, CaManagerImpl caManager, SecurityFactory securityFactory) throws CaMgmtException {
    ParamUtil.requireNonBlank("name", name);
    ParamUtil.requireNonNull("caManager", caManager);
    StringBuilder sqlBuilder = new StringBuilder();
    sqlBuilder.append("UPDATE CRLSIGNER SET ");
    AtomicInteger index = new AtomicInteger(1);
    Integer idxSignerType = addToSqlIfNotNull(sqlBuilder, index, signerType, "SIGNER_TYPE");
    Integer idxSignerCert = addToSqlIfNotNull(sqlBuilder, index, base64Cert, "SIGNER_CERT");
    Integer idxCrlControl = addToSqlIfNotNull(sqlBuilder, index, crlControl, "CRL_CONTROL");
    Integer idxSignerConf = addToSqlIfNotNull(sqlBuilder, index, signerConf, "SIGNER_CONF");
    sqlBuilder.deleteCharAt(sqlBuilder.length() - 1);
    sqlBuilder.append(" WHERE NAME=?");
    if (index.get() == 1) {
        throw new IllegalArgumentException("nothing to change");
    }
    X509CrlSignerEntry dbEntry = createCrlSigner(name);
    String tmpSignerType = (signerType == null) ? dbEntry.getType() : signerType;
    String tmpCrlControl = crlControl;
    String tmpSignerConf;
    String tmpBase64Cert;
    if ("CA".equalsIgnoreCase(tmpSignerType)) {
        tmpSignerConf = null;
        tmpBase64Cert = null;
    } else {
        if (signerConf == null) {
            tmpSignerConf = dbEntry.getConf();
        } else {
            tmpSignerConf = CaManagerImpl.canonicalizeSignerConf(tmpSignerType, signerConf, null, securityFactory);
        }
        if (base64Cert == null) {
            tmpBase64Cert = dbEntry.getBase64Cert();
        } else {
            tmpBase64Cert = base64Cert;
        }
    }
    if (tmpCrlControl == null) {
        tmpCrlControl = dbEntry.crlControl();
    } else {
        // validate crlControl
        try {
            new CrlControl(tmpCrlControl);
        } catch (InvalidConfException ex) {
            throw new CaMgmtException(concat("invalid CRL control '", tmpCrlControl, "'"));
        }
    }
    try {
        dbEntry = new X509CrlSignerEntry(name, tmpSignerType, tmpSignerConf, tmpBase64Cert, tmpCrlControl);
    } catch (InvalidConfException ex) {
        throw new CaMgmtException(ex);
    }
    X509CrlSignerEntryWrapper crlSigner = caManager.createX509CrlSigner(dbEntry);
    final String sql = sqlBuilder.toString();
    PreparedStatement ps = null;
    try {
        StringBuilder sb = new StringBuilder();
        ps = prepareStatement(sql);
        if (idxSignerType != null) {
            sb.append("signerType: '").append(tmpSignerType).append("'; ");
            ps.setString(idxSignerType, tmpSignerType);
        }
        if (idxSignerConf != null) {
            String txt = getRealString(tmpSignerConf);
            sb.append("signerConf: '").append(SignerConf.toString(txt, false, true)).append("'; ");
            ps.setString(idxSignerConf, txt);
        }
        if (idxSignerCert != null) {
            String txt = getRealString(tmpBase64Cert);
            String subject = null;
            if (txt != null) {
                try {
                    subject = canonicalizName(X509Util.parseBase64EncodedCert(txt).getSubjectX500Principal());
                } catch (CertificateException ex) {
                    subject = "ERROR";
                }
            }
            sb.append("signerCert: '").append(subject).append("'; ");
            ps.setString(idxSignerCert, txt);
        }
        if (idxCrlControl != null) {
            sb.append("crlControl: '").append(tmpCrlControl).append("'; ");
            ps.setString(idxCrlControl, tmpCrlControl);
        }
        ps.setString(index.get(), name);
        if (ps.executeUpdate() == 0) {
            throw new CaMgmtException("could not change CRL signer " + name);
        }
        if (sb.length() > 0) {
            sb.deleteCharAt(sb.length() - 1).deleteCharAt(sb.length() - 1);
        }
        LOG.info("changed CRL signer '{}': {}", name, sb);
        return crlSigner;
    } catch (SQLException ex) {
        throw new CaMgmtException(datasource, sql, ex);
    } finally {
        datasource.releaseResources(ps, null);
    }
}
Also used : CrlControl(org.xipki.ca.server.mgmt.api.x509.CrlControl) SQLException(java.sql.SQLException) InvalidConfException(org.xipki.common.InvalidConfException) PreparedStatement(java.sql.PreparedStatement) CertificateException(java.security.cert.CertificateException) AtomicInteger(java.util.concurrent.atomic.AtomicInteger) CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException) AtomicInteger(java.util.concurrent.atomic.AtomicInteger) X509CrlSignerEntry(org.xipki.ca.server.mgmt.api.x509.X509CrlSignerEntry)

Example 2 with CrlControl

use of org.xipki.ca.server.mgmt.api.x509.CrlControl in project xipki by xipki.

the class X509CrlSignerEntryWrapper method setDbEntry.

public void setDbEntry(X509CrlSignerEntry dbEntry) throws InvalidConfException {
    this.dbEntry = dbEntry;
    this.crlControl = new CrlControl(dbEntry.crlControl());
}
Also used : CrlControl(org.xipki.ca.server.mgmt.api.x509.CrlControl)

Example 3 with CrlControl

use of org.xipki.ca.server.mgmt.api.x509.CrlControl in project xipki by xipki.

the class CrlSignerAddCmd method execute0.

@Override
protected Object execute0() throws Exception {
    String base64Cert = null;
    if (!"CA".equalsIgnoreCase(signerType)) {
        if (signerCertFile != null) {
            byte[] encodedCert = IoUtil.read(signerCertFile);
            base64Cert = IoUtil.base64Encode(encodedCert, false);
            X509Util.parseCert(encodedCert);
        }
        if (signerConf != null) {
            if ("PKCS12".equalsIgnoreCase(signerType) || "JKS".equalsIgnoreCase(signerType)) {
                signerConf = ShellUtil.canonicalizeSignerConf(signerType, signerConf, passwordResolver, securityFactory);
            }
        }
    }
    X509CrlSignerEntry entry = new X509CrlSignerEntry(name, signerType, signerConf, base64Cert, crlControl);
    String msg = "CRL signer " + name;
    try {
        caManager.addCrlSigner(entry);
        println("added " + msg);
        return null;
    } catch (CaMgmtException ex) {
        throw new CmdFailure("could not add " + msg + ", error: " + ex.getMessage(), ex);
    }
}
Also used : CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException) CmdFailure(org.xipki.console.karaf.CmdFailure) X509CrlSignerEntry(org.xipki.ca.server.mgmt.api.x509.X509CrlSignerEntry)

Example 4 with CrlControl

use of org.xipki.ca.server.mgmt.api.x509.CrlControl in project xipki by xipki.

the class CrlSignerCheckCmd method execute0.

@Override
protected Object execute0() throws Exception {
    X509ChangeCrlSignerEntry ey = getCrlSignerChangeEntry();
    String name = ey.getName();
    println("checking CRL signer " + name);
    X509CrlSignerEntry cs = caManager.getCrlSigner(name);
    if (cs == null) {
        throw new CmdFailure("CRL signer named '" + name + "' is not configured");
    }
    if (ey.getSignerType() != null) {
        MgmtQaShellUtil.assertEquals("signer type", ey.getSignerType(), cs.getType());
    }
    if (ey.getSignerConf() != null) {
        MgmtQaShellUtil.assertEquals("signer conf", ey.getSignerConf(), cs.getConf());
    }
    if (ey.getCrlControl() != null) {
        CrlControl ex = new CrlControl(ey.getCrlControl());
        CrlControl is = new CrlControl(cs.crlControl());
        if (!ex.equals(is)) {
            throw new CmdFailure("CRL control: is '" + is.getConf() + "', but expected '" + ex.getConf() + "'");
        }
    }
    if (ey.getBase64Cert() != null) {
        MgmtQaShellUtil.assertEquals("certificate", ey.getBase64Cert(), cs.getBase64Cert());
    }
    println(" checked CRL signer " + name);
    return null;
}
Also used : CrlControl(org.xipki.ca.server.mgmt.api.x509.CrlControl) CmdFailure(org.xipki.console.karaf.CmdFailure) X509CrlSignerEntry(org.xipki.ca.server.mgmt.api.x509.X509CrlSignerEntry) X509ChangeCrlSignerEntry(org.xipki.ca.server.mgmt.api.x509.X509ChangeCrlSignerEntry)

Example 5 with CrlControl

use of org.xipki.ca.server.mgmt.api.x509.CrlControl in project xipki by xipki.

the class CaManagerQueryExecutor method addCrlSigner.

// method addRequestorToCa
void addCrlSigner(X509CrlSignerEntry dbEntry) throws CaMgmtException {
    ParamUtil.requireNonNull("dbEntry", dbEntry);
    String crlControl = dbEntry.crlControl();
    // validate crlControl
    if (crlControl != null) {
        try {
            new CrlControl(crlControl);
        } catch (InvalidConfException ex) {
            throw new CaMgmtException(concat("invalid CRL control '", crlControl, "'"));
        }
    }
    String name = dbEntry.getName();
    String sql = "INSERT INTO CRLSIGNER (NAME,SIGNER_TYPE,SIGNER_CERT,CRL_CONTROL,SIGNER_CONF)" + " VALUES (?,?,?,?,?)";
    PreparedStatement ps = null;
    try {
        ps = prepareStatement(sql);
        int idx = 1;
        ps.setString(idx++, name);
        ps.setString(idx++, dbEntry.getType());
        ps.setString(idx++, (dbEntry.getCert() == null) ? null : Base64.encodeToString(dbEntry.getCert().getEncoded()));
        ps.setString(idx++, crlControl);
        ps.setString(idx++, dbEntry.getConf());
        if (ps.executeUpdate() == 0) {
            throw new CaMgmtException("could not add CRL signer " + name);
        }
        LOG.info("added CRL signer '{}': {}", name, dbEntry.toString(false, true));
    } catch (SQLException ex) {
        throw new CaMgmtException(datasource, sql, ex);
    } catch (CertificateEncodingException ex) {
        throw new CaMgmtException(ex);
    } finally {
        datasource.releaseResources(ps, null);
    }
}
Also used : CrlControl(org.xipki.ca.server.mgmt.api.x509.CrlControl) CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException) SQLException(java.sql.SQLException) InvalidConfException(org.xipki.common.InvalidConfException) PreparedStatement(java.sql.PreparedStatement) CertificateEncodingException(java.security.cert.CertificateEncodingException)

Aggregations

CrlControl (org.xipki.ca.server.mgmt.api.x509.CrlControl)7 X509CrlSignerEntry (org.xipki.ca.server.mgmt.api.x509.X509CrlSignerEntry)4 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)3 IssuingDistributionPoint (org.bouncycastle.asn1.x509.IssuingDistributionPoint)3 CaMgmtException (org.xipki.ca.server.mgmt.api.CaMgmtException)3 CertificateException (java.security.cert.CertificateException)2 PreparedStatement (java.sql.PreparedStatement)2 SQLException (java.sql.SQLException)2 Date (java.util.Date)2 X509ChangeCrlSignerEntry (org.xipki.ca.server.mgmt.api.x509.X509ChangeCrlSignerEntry)2 InvalidConfException (org.xipki.common.InvalidConfException)2 CmdFailure (org.xipki.console.karaf.CmdFailure)2 ByteArrayInputStream (java.io.ByteArrayInputStream)1 BigInteger (java.math.BigInteger)1 CRLException (java.security.cert.CRLException)1 CertificateEncodingException (java.security.cert.CertificateEncodingException)1 X509CRL (java.security.cert.X509CRL)1 ArrayList (java.util.ArrayList)1 Calendar (java.util.Calendar)1 LinkedList (java.util.LinkedList)1