Search in sources :

Example 1 with RevokeSuspendedCertsControl

use of org.xipki.ca.server.mgmt.api.x509.RevokeSuspendedCertsControl in project xipki by xipki.

the class CaManagerImpl method startCa.

// method startCaSystem0
private boolean startCa(String caName) {
    X509CaInfo caEntry = caInfos.get(caName);
    ConfPairs extraControl = caEntry.getCaEntry().getExtraControl();
    if (extraControl != null) {
        String str = extraControl.value(RevokeSuspendedCertsControl.KEY_REVOCATION_ENABLED);
        boolean enabled = false;
        if (str != null) {
            enabled = Boolean.parseBoolean(str);
        }
        if (enabled) {
            str = extraControl.value(RevokeSuspendedCertsControl.KEY_REVOCATION_REASON);
            CrlReason reason = (str == null) ? CrlReason.CESSATION_OF_OPERATION : CrlReason.forNameOrText(str);
            str = extraControl.value(RevokeSuspendedCertsControl.KEY_UNCHANGED_SINCE);
            CertValidity unchangedSince = (str == null) ? new CertValidity(15, Unit.DAY) : CertValidity.getInstance(str);
            RevokeSuspendedCertsControl control = new RevokeSuspendedCertsControl(reason, unchangedSince);
            caEntry.setRevokeSuspendedCertsControl(control);
        }
    }
    boolean signerRequired = caEntry.isSignerRequired();
    X509CrlSignerEntryWrapper crlSignerEntry = null;
    String crlSignerName = caEntry.getCrlSignerName();
    // CRL will be generated only in master mode
    if (signerRequired && masterMode && crlSignerName != null) {
        crlSignerEntry = crlSigners.get(crlSignerName);
        try {
            crlSignerEntry.getDbEntry().setConfFaulty(true);
            crlSignerEntry.initSigner(securityFactory);
            crlSignerEntry.getDbEntry().setConfFaulty(false);
        } catch (XiSecurityException | OperationException | InvalidConfException ex) {
            LogUtil.error(LOG, ex, concat("X09CrlSignerEntryWrapper.initSigner (name=", crlSignerName, ")"));
            return false;
        }
    }
    X509Ca ca;
    try {
        ca = new X509Ca(this, caEntry, certstore);
        ca.setAuditServiceRegister(auditServiceRegister);
    } catch (OperationException ex) {
        LogUtil.error(LOG, ex, concat("X509CA.<init> (ca=", caName, ")"));
        return false;
    }
    x509cas.put(caName, ca);
    X509CaCmpResponderImpl caResponder = new X509CaCmpResponderImpl(this, caName);
    x509Responders.put(caName, caResponder);
    return true;
}
Also used : X509CaCmpResponderImpl(org.xipki.ca.server.impl.cmp.X509CaCmpResponderImpl) CertValidity(org.xipki.ca.api.profile.CertValidity) RevokeSuspendedCertsControl(org.xipki.ca.server.mgmt.api.x509.RevokeSuspendedCertsControl) ConfPairs(org.xipki.common.ConfPairs) InvalidConfException(org.xipki.common.InvalidConfException) XiSecurityException(org.xipki.security.exception.XiSecurityException) CrlReason(org.xipki.security.CrlReason) OperationException(org.xipki.ca.api.OperationException)

Aggregations

OperationException (org.xipki.ca.api.OperationException)1 CertValidity (org.xipki.ca.api.profile.CertValidity)1 X509CaCmpResponderImpl (org.xipki.ca.server.impl.cmp.X509CaCmpResponderImpl)1 RevokeSuspendedCertsControl (org.xipki.ca.server.mgmt.api.x509.RevokeSuspendedCertsControl)1 ConfPairs (org.xipki.common.ConfPairs)1 InvalidConfException (org.xipki.common.InvalidConfException)1 CrlReason (org.xipki.security.CrlReason)1 XiSecurityException (org.xipki.security.exception.XiSecurityException)1