Example 1 with RevokeSuspendedCertsControl
use of org.xipki.ca.server.mgmt.api.x509.RevokeSuspendedCertsControl in project xipki by xipki.
the class CaManagerImpl method startCa.
// method startCaSystem0
private boolean startCa(String caName) {
X509CaInfo caEntry = caInfos.get(caName);
ConfPairs extraControl = caEntry.getCaEntry().getExtraControl();
if (extraControl != null) {
String str = extraControl.value(RevokeSuspendedCertsControl.KEY_REVOCATION_ENABLED);
boolean enabled = false;
if (str != null) {
enabled = Boolean.parseBoolean(str);
}
if (enabled) {
str = extraControl.value(RevokeSuspendedCertsControl.KEY_REVOCATION_REASON);
CrlReason reason = (str == null) ? CrlReason.CESSATION_OF_OPERATION : CrlReason.forNameOrText(str);
str = extraControl.value(RevokeSuspendedCertsControl.KEY_UNCHANGED_SINCE);
CertValidity unchangedSince = (str == null) ? new CertValidity(15, Unit.DAY) : CertValidity.getInstance(str);
RevokeSuspendedCertsControl control = new RevokeSuspendedCertsControl(reason, unchangedSince);
caEntry.setRevokeSuspendedCertsControl(control);
}
}
boolean signerRequired = caEntry.isSignerRequired();
X509CrlSignerEntryWrapper crlSignerEntry = null;
String crlSignerName = caEntry.getCrlSignerName();
// CRL will be generated only in master mode
if (signerRequired && masterMode && crlSignerName != null) {
crlSignerEntry = crlSigners.get(crlSignerName);
try {
crlSignerEntry.getDbEntry().setConfFaulty(true);
crlSignerEntry.initSigner(securityFactory);
crlSignerEntry.getDbEntry().setConfFaulty(false);
} catch (XiSecurityException | OperationException | InvalidConfException ex) {
LogUtil.error(LOG, ex, concat("X09CrlSignerEntryWrapper.initSigner (name=", crlSignerName, ")"));
return false;
}
}
X509Ca ca;
try {
ca = new X509Ca(this, caEntry, certstore);
ca.setAuditServiceRegister(auditServiceRegister);
} catch (OperationException ex) {
LogUtil.error(LOG, ex, concat("X509CA.<init> (ca=", caName, ")"));
return false;
}
x509cas.put(caName, ca);
X509CaCmpResponderImpl caResponder = new X509CaCmpResponderImpl(this, caName);
x509Responders.put(caName, caResponder);
return true;
}
Also used :
X509CaCmpResponderImpl(org.xipki.ca.server.impl.cmp.X509CaCmpResponderImpl)
CertValidity(org.xipki.ca.api.profile.CertValidity)
RevokeSuspendedCertsControl(org.xipki.ca.server.mgmt.api.x509.RevokeSuspendedCertsControl)
ConfPairs(org.xipki.common.ConfPairs)
InvalidConfException(org.xipki.common.InvalidConfException)
XiSecurityException(org.xipki.security.exception.XiSecurityException)
CrlReason(org.xipki.security.CrlReason)
OperationException(org.xipki.ca.api.OperationException)
Aggregations
OperationException (org.xipki.ca.api.OperationException)1
CertValidity (org.xipki.ca.api.profile.CertValidity)1
X509CaCmpResponderImpl (org.xipki.ca.server.impl.cmp.X509CaCmpResponderImpl)1
RevokeSuspendedCertsControl (org.xipki.ca.server.mgmt.api.x509.RevokeSuspendedCertsControl)1
ConfPairs (org.xipki.common.ConfPairs)1
InvalidConfException (org.xipki.common.InvalidConfException)1
CrlReason (org.xipki.security.CrlReason)1
XiSecurityException (org.xipki.security.exception.XiSecurityException)1
