Search in sources :

Example 6 with ScepEntry

use of org.xipki.ca.server.mgmt.api.x509.ScepEntry in project xipki by xipki.

the class CaManagerImpl method loadConf.

@Override
public void loadConf(CaConf conf) throws CaMgmtException {
    ParamUtil.requireNonNull("conf", conf);
    if (!caSystemSetuped) {
        throw new CaMgmtException("CA system is not initialized yet.");
    }
    // CMP control
    for (String name : conf.getCmpControlNames()) {
        CmpControlEntry entry = conf.getCmpControl(name);
        CmpControlEntry entryB = cmpControlDbEntries.get(name);
        if (entryB != null) {
            if (entry.equals(entryB)) {
                LOG.info("ignore existed CMP control {}", name);
                continue;
            } else {
                String msg = concat("CMP control ", name, " existed, could not re-added it");
                LOG.error(msg);
                throw new CaMgmtException(msg);
            }
        }
        try {
            addCmpControl(entry);
            LOG.info("added CMP control {}", name);
        } catch (CaMgmtException ex) {
            String msg = concat("could not add CMP control ", name);
            LogUtil.error(LOG, ex, msg);
            throw new CaMgmtException(msg);
        }
    }
    // Responder
    for (String name : conf.getResponderNames()) {
        ResponderEntry entry = conf.getResponder(name);
        ResponderEntry entryB = responderDbEntries.get(name);
        if (entryB != null) {
            if (entry.equals(entryB)) {
                LOG.info("ignore existed CMP responder {}", name);
                continue;
            } else {
                String msg = concat("CMP responder ", name, " existed, could not re-added it");
                LOG.error(msg);
                throw new CaMgmtException(msg);
            }
        }
        try {
            addResponder(entry);
            LOG.info("added CMP responder {}", name);
        } catch (CaMgmtException ex) {
            String msg = concat("could not add CMP responder ", name);
            LogUtil.error(LOG, ex, msg);
            throw new CaMgmtException(msg);
        }
    }
    // Environment
    for (String name : conf.getEnvironmentNames()) {
        String entry = conf.getEnvironment(name);
        String entryB = envParameterResolver.getParameter(name);
        if (entryB != null) {
            if (entry.equals(entryB)) {
                LOG.info("ignore existed environment parameter {}", name);
                continue;
            } else {
                String msg = concat("environment parameter ", name, " existed, could not re-added it");
                LOG.error(msg);
                throw new CaMgmtException(msg);
            }
        }
        try {
            addEnvParam(name, entry);
            LOG.info("could not add environment parameter {}", name);
        } catch (CaMgmtException ex) {
            String msg = concat("could not add environment parameter ", name);
            LogUtil.error(LOG, ex, msg);
            throw new CaMgmtException(msg);
        }
    }
    // CRL signer
    for (String name : conf.getCrlSignerNames()) {
        X509CrlSignerEntry entry = conf.getCrlSigner(name);
        X509CrlSignerEntry entryB = crlSignerDbEntries.get(name);
        if (entryB != null) {
            if (entry.equals(entryB)) {
                LOG.info("ignore existed CRL signer {}", name);
                continue;
            } else {
                String msg = concat("CRL signer ", name, " existed, could not re-added it");
                LOG.error(msg);
                throw new CaMgmtException(msg);
            }
        }
        try {
            addCrlSigner(entry);
            LOG.info("added CRL signer {}", name);
        } catch (CaMgmtException ex) {
            String msg = concat("could not add CRL signer ", name);
            LogUtil.error(LOG, ex, msg);
            throw new CaMgmtException(msg);
        }
    }
    // Requestor
    for (String name : conf.getRequestorNames()) {
        RequestorEntry entry = conf.getRequestor(name);
        RequestorEntry entryB = requestorDbEntries.get(name);
        if (entryB != null) {
            if (entry.equals(entryB)) {
                LOG.info("ignore existed CMP requestor {}", name);
                continue;
            } else {
                String msg = concat("CMP requestor ", name, " existed, could not re-added it");
                LOG.error(msg);
                throw new CaMgmtException(msg);
            }
        }
        try {
            addRequestor(entry);
            LOG.info("added CMP requestor {}", name);
        } catch (CaMgmtException ex) {
            String msg = concat("could not add CMP requestor ", name);
            LogUtil.error(LOG, ex, msg);
            throw new CaMgmtException(msg);
        }
    }
    // Publisher
    for (String name : conf.getPublisherNames()) {
        PublisherEntry entry = conf.getPublisher(name);
        PublisherEntry entryB = publisherDbEntries.get(name);
        if (entryB != null) {
            if (entry.equals(entryB)) {
                LOG.info("ignore existed publisher {}", name);
                continue;
            } else {
                String msg = concat("publisher ", name, " existed, could not re-added it");
                LOG.error(msg);
                throw new CaMgmtException(msg);
            }
        }
        try {
            addPublisher(entry);
            LOG.info("added publisher {}", name);
        } catch (CaMgmtException ex) {
            String msg = "could not add publisher " + name;
            LogUtil.error(LOG, ex, msg);
            throw new CaMgmtException(msg);
        }
    }
    // CertProfile
    for (String name : conf.getCertProfileNames()) {
        CertprofileEntry entry = conf.getCertProfile(name);
        CertprofileEntry entryB = certprofileDbEntries.get(name);
        if (entryB != null) {
            if (entry.equals(entryB)) {
                LOG.info("ignore existed certProfile {}", name);
                continue;
            } else {
                String msg = concat("certProfile ", name, " existed, could not re-added it");
                LOG.error(msg);
                throw new CaMgmtException(msg);
            }
        }
        try {
            addCertprofile(entry);
            LOG.info("added certProfile {}", name);
        } catch (CaMgmtException ex) {
            String msg = concat("could not add certProfile ", name);
            LogUtil.error(LOG, ex, msg);
            throw new CaMgmtException(msg);
        }
    }
    // User
    for (String name : conf.getUserNames()) {
        Object obj = conf.getUser(name);
        UserEntry entryB = queryExecutor.getUser(name, true);
        if (entryB != null) {
            boolean equals = false;
            if (obj instanceof UserEntry) {
                UserEntry entry = (UserEntry) obj;
                equals = entry.equals(entryB);
            } else {
                AddUserEntry entry = (AddUserEntry) obj;
                equals = PasswordHash.validatePassword(entry.getPassword(), entryB.getHashedPassword());
            }
            if (equals) {
                LOG.info("ignore existed user {}", name);
                continue;
            } else {
                String msg = concat("user ", name, " existed, could not re-added it");
                LOG.error(msg);
                throw new CaMgmtException(msg);
            }
        }
        try {
            if (obj instanceof UserEntry) {
                queryExecutor.addUser((UserEntry) obj);
            } else {
                queryExecutor.addUser((AddUserEntry) obj);
            }
            LOG.info("added user {}", name);
        } catch (CaMgmtException ex) {
            String msg = concat("could not add user ", name);
            LogUtil.error(LOG, ex, msg);
            throw new CaMgmtException(msg);
        }
    }
    // CA
    for (String caName : conf.getCaNames()) {
        SingleCaConf scc = conf.getCa(caName);
        GenSelfIssued genSelfIssued = scc.getGenSelfIssued();
        CaEntry caEntry = scc.getCaEntry();
        if (caEntry != null) {
            if (!(caEntry instanceof X509CaEntry)) {
                throw new CaMgmtException(concat("Unsupported CaEntry ", caName, " (only X509CaEntry is supported"));
            }
            X509CaEntry entry = (X509CaEntry) caEntry;
            if (caInfos.containsKey(caName)) {
                CaEntry entryB = caInfos.get(caName).getCaEntry();
                if (entry.getCert() == null && genSelfIssued != null) {
                    SignerConf signerConf = new SignerConf(entry.getSignerConf());
                    ConcurrentContentSigner signer;
                    try {
                        signer = securityFactory.createSigner(entry.getSignerType(), signerConf, (X509Certificate) null);
                    } catch (ObjectCreationException ex) {
                        throw new CaMgmtException(concat("could not create signer for CA ", caName), ex);
                    }
                    entry.setCert(signer.getCertificate());
                }
                if (entry.equals(entryB, true)) {
                    LOG.info("ignore existed CA {}", caName);
                } else {
                    String msg = concat("CA ", caName, " existed, could not re-added it");
                    LOG.error(msg);
                    throw new CaMgmtException(msg);
                }
            } else {
                if (genSelfIssued != null) {
                    X509Certificate cert = generateRootCa(entry, genSelfIssued.getProfile(), genSelfIssued.getCsr(), genSelfIssued.getSerialNumber());
                    LOG.info("generated root CA {}", caName);
                    String fn = genSelfIssued.getCertFilename();
                    if (fn != null) {
                        try {
                            IoUtil.save(fn, cert.getEncoded());
                            LOG.info("saved generated certificate of root CA {} to {}", caName, fn);
                        } catch (CertificateEncodingException ex) {
                            LogUtil.error(LOG, ex, concat("could not encode certificate of CA ", caName));
                        } catch (IOException ex) {
                            LogUtil.error(LOG, ex, concat("error while saving certificate of root CA ", caName, " to ", fn));
                        }
                    }
                } else {
                    try {
                        addCa(entry);
                        LOG.info("added CA {}", caName);
                    } catch (CaMgmtException ex) {
                        String msg = concat("could not add CA ", caName);
                        LogUtil.error(LOG, ex, msg);
                        throw new CaMgmtException(msg);
                    }
                }
            }
        }
        if (scc.getAliases() != null) {
            Set<String> aliasesB = getAliasesForCa(caName);
            for (String aliasName : scc.getAliases()) {
                if (aliasesB != null && aliasesB.contains(aliasName)) {
                    LOG.info("ignored adding existing CA alias {} to CA {}", aliasName, caName);
                } else {
                    try {
                        addCaAlias(aliasName, caName);
                        LOG.info("associated alias {} to CA {}", aliasName, caName);
                    } catch (CaMgmtException ex) {
                        String msg = concat("could not associate alias ", aliasName, " to CA ", caName);
                        LogUtil.error(LOG, ex, msg);
                        throw new CaMgmtException(msg);
                    }
                }
            }
        }
        if (scc.getProfileNames() != null) {
            Set<String> profilesB = caHasProfiles.get(caName);
            for (String profileName : scc.getProfileNames()) {
                if (profilesB != null && profilesB.contains(profileName)) {
                    LOG.info("ignored adding certprofile {} to CA {}", profileName, caName);
                } else {
                    try {
                        addCertprofileToCa(profileName, caName);
                        LOG.info("added certprofile {} to CA {}", profileName, caName);
                    } catch (CaMgmtException ex) {
                        String msg = concat("could not add certprofile ", profileName, " to CA ", caName);
                        LogUtil.error(LOG, ex, msg);
                        throw new CaMgmtException(msg);
                    }
                }
            }
        }
        if (scc.getPublisherNames() != null) {
            Set<String> publishersB = caHasPublishers.get(caName);
            for (String publisherName : scc.getPublisherNames()) {
                if (publishersB != null && publishersB.contains(publisherName)) {
                    LOG.info("ignored adding publisher {} to CA {}", publisherName, caName);
                } else {
                    try {
                        addPublisherToCa(publisherName, caName);
                        LOG.info("added publisher {} to CA {}", publisherName, caName);
                    } catch (CaMgmtException ex) {
                        String msg = concat("could not add publisher ", publisherName, " to CA ", caName);
                        LogUtil.error(LOG, ex, msg);
                        throw new CaMgmtException(msg);
                    }
                }
            }
        }
        if (scc.getRequestors() != null) {
            Set<CaHasRequestorEntry> requestorsB = caHasRequestors.get(caName);
            for (CaHasRequestorEntry requestor : scc.getRequestors()) {
                String requestorName = requestor.getRequestorIdent().getName();
                CaHasRequestorEntry requestorB = null;
                if (requestorsB != null) {
                    for (CaHasRequestorEntry m : requestorsB) {
                        if (m.getRequestorIdent().getName().equals(requestorName)) {
                            requestorB = m;
                            break;
                        }
                    }
                }
                if (requestorB != null) {
                    if (requestor.equals(requestorB)) {
                        LOG.info("ignored adding requestor {} to CA {}", requestorName, caName);
                    } else {
                        String msg = concat("could not add requestor ", requestorName, " to CA", caName);
                        LOG.error(msg);
                        throw new CaMgmtException(msg);
                    }
                } else {
                    try {
                        addRequestorToCa(requestor, caName);
                        LOG.info("added publisher {} to CA {}", requestorName, caName);
                    } catch (CaMgmtException ex) {
                        String msg = concat("could not add requestor ", requestorName, " to CA ", caName);
                        LogUtil.error(LOG, ex, msg);
                        throw new CaMgmtException(msg);
                    }
                }
            }
        }
        if (scc.getUsers() != null) {
            List<CaHasUserEntry> usersB = queryExecutor.getCaHasUsersForCa(caName, idNameMap);
            for (CaHasUserEntry user : scc.getUsers()) {
                String userName = user.getUserIdent().getName();
                CaHasUserEntry userB = null;
                if (usersB != null) {
                    for (CaHasUserEntry m : usersB) {
                        if (m.getUserIdent().getName().equals(userName)) {
                            userB = m;
                            break;
                        }
                    }
                }
                if (userB != null) {
                    if (user.equals(userB)) {
                        LOG.info("ignored adding user {} to CA {}", userName, caName);
                    } else {
                        String msg = concat("could not add user ", userName, " to CA", caName);
                        LOG.error(msg);
                        throw new CaMgmtException(msg);
                    }
                } else {
                    try {
                        addUserToCa(user, caName);
                        LOG.info("added user {} to CA {}", userName, caName);
                    } catch (CaMgmtException ex) {
                        String msg = concat("could not add user ", userName, " to CA ", caName);
                        LogUtil.error(LOG, ex, msg);
                        throw new CaMgmtException(msg);
                    }
                }
            }
        }
    // scc.getUsers()
    }
    // SCEP
    for (String name : conf.getScepNames()) {
        ScepEntry entry = conf.getScep(name);
        ScepEntry entryB = scepDbEntries.get(name);
        if (entryB != null) {
            if (entry.equals(entryB)) {
                LOG.error("ignore existed SCEP {}", name);
                continue;
            } else {
                String msg = concat("SCEP ", name, " existed, could not re-added it");
                LOG.error(msg);
                throw new CaMgmtException(msg);
            }
        } else {
            try {
                addScep(entry);
                LOG.info("added SCEP {}", name);
            } catch (CaMgmtException ex) {
                String msg = concat("could not add SCEP ", name);
                LogUtil.error(LOG, ex, msg);
                throw new CaMgmtException(msg);
            }
        }
    }
}
Also used : CaHasUserEntry(org.xipki.ca.server.mgmt.api.CaHasUserEntry) RequestorEntry(org.xipki.ca.server.mgmt.api.RequestorEntry) CaHasRequestorEntry(org.xipki.ca.server.mgmt.api.CaHasRequestorEntry) X509CaEntry(org.xipki.ca.server.mgmt.api.x509.X509CaEntry) ChangeCaEntry(org.xipki.ca.server.mgmt.api.ChangeCaEntry) CaEntry(org.xipki.ca.server.mgmt.api.CaEntry) PublisherEntry(org.xipki.ca.server.mgmt.api.PublisherEntry) CmpControlEntry(org.xipki.ca.server.mgmt.api.CmpControlEntry) X509CrlSignerEntry(org.xipki.ca.server.mgmt.api.x509.X509CrlSignerEntry) ResponderEntry(org.xipki.ca.server.mgmt.api.ResponderEntry) SignerConf(org.xipki.security.SignerConf) CertificateEncodingException(java.security.cert.CertificateEncodingException) IOException(java.io.IOException) X509Certificate(java.security.cert.X509Certificate) CertprofileEntry(org.xipki.ca.server.mgmt.api.CertprofileEntry) ChangeScepEntry(org.xipki.ca.server.mgmt.api.x509.ChangeScepEntry) ScepEntry(org.xipki.ca.server.mgmt.api.x509.ScepEntry) CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException) ConcurrentContentSigner(org.xipki.security.ConcurrentContentSigner) ObjectCreationException(org.xipki.common.ObjectCreationException) SingleCaConf(org.xipki.ca.server.mgmt.api.conf.SingleCaConf) AddUserEntry(org.xipki.ca.server.mgmt.api.AddUserEntry) AddUserEntry(org.xipki.ca.server.mgmt.api.AddUserEntry) UserEntry(org.xipki.ca.server.mgmt.api.UserEntry) CaHasUserEntry(org.xipki.ca.server.mgmt.api.CaHasUserEntry) ChangeUserEntry(org.xipki.ca.server.mgmt.api.ChangeUserEntry) CaHasRequestorEntry(org.xipki.ca.server.mgmt.api.CaHasRequestorEntry) GenSelfIssued(org.xipki.ca.server.mgmt.api.conf.GenSelfIssued) X509CaEntry(org.xipki.ca.server.mgmt.api.x509.X509CaEntry)

Example 7 with ScepEntry

use of org.xipki.ca.server.mgmt.api.x509.ScepEntry in project xipki by xipki.

the class CaManagerQueryExecutor method changeScep.

// method changeCrlSigner
ScepImpl changeScep(String name, NameId caIdent, Boolean active, String responderName, Set<String> certProfiles, String control, CaManagerImpl caManager, final SecurityFactory securityFactory) throws CaMgmtException {
    ParamUtil.requireNonBlank("name", name);
    ParamUtil.requireNonNull("caManager", caManager);
    StringBuilder sqlBuilder = new StringBuilder();
    sqlBuilder.append("UPDATE SCEP SET ");
    AtomicInteger index = new AtomicInteger(1);
    Integer idxCa = addToSqlIfNotNull(sqlBuilder, index, caIdent, "CA_ID");
    Integer idxActive = addToSqlIfNotNull(sqlBuilder, index, active, "ACTIVE");
    Integer idxName = addToSqlIfNotNull(sqlBuilder, index, responderName, "RESPONDER_NAME");
    Integer idxProfiles = addToSqlIfNotNull(sqlBuilder, index, certProfiles, "PROFILES");
    Integer idxControl = addToSqlIfNotNull(sqlBuilder, index, control, "CONTROL");
    sqlBuilder.deleteCharAt(sqlBuilder.length() - 1);
    sqlBuilder.append(" WHERE NAME=?");
    if (index.get() == 1) {
        throw new IllegalArgumentException("nothing to change");
    }
    ScepEntry dbEntry = getScep(name, caManager.idNameMap());
    boolean tmpActive = (active == null) ? dbEntry.isActive() : active;
    String tmpResponderName = (responderName == null) ? dbEntry.getResponderName() : responderName;
    NameId tmpCaIdent;
    if (caIdent == null) {
        tmpCaIdent = dbEntry.getCaIdent();
    } else {
        tmpCaIdent = caIdent;
    }
    Set<String> tmpCertProfiles;
    if (certProfiles == null) {
        tmpCertProfiles = dbEntry.getCertProfiles();
    } else {
        tmpCertProfiles = certProfiles;
    }
    String tmpControl;
    if (control == null) {
        tmpControl = dbEntry.getControl();
    } else if (CaManager.NULL.equals(control)) {
        tmpControl = null;
    } else {
        tmpControl = control;
    }
    ScepEntry newDbEntry;
    try {
        newDbEntry = new ScepEntry(name, tmpCaIdent, tmpActive, tmpResponderName, tmpCertProfiles, tmpControl);
    } catch (InvalidConfException ex) {
        throw new CaMgmtException(ex);
    }
    ScepImpl scep = new ScepImpl(newDbEntry, caManager);
    final String sql = sqlBuilder.toString();
    StringBuilder sb = new StringBuilder();
    PreparedStatement ps = null;
    try {
        ps = prepareStatement(sql);
        if (idxActive != null) {
            setBoolean(ps, idxActive, tmpActive);
            sb.append("active: '").append(tmpActive).append("'; ");
        }
        if (idxCa != null) {
            sb.append("ca: '").append(caIdent).append("'; ");
            ps.setInt(idxCa, caIdent.getId());
        }
        if (idxName != null) {
            String txt = getRealString(tmpResponderName);
            ps.setString(idxName, txt);
            sb.append("responder type: '").append(txt).append("'; ");
        }
        if (idxProfiles != null) {
            sb.append("profiles: '").append(certProfiles).append("'; ");
            ps.setString(idxProfiles, StringUtil.collectionAsStringByComma(certProfiles));
        }
        if (idxControl != null) {
            String txt = getRealString(tmpControl);
            sb.append("control: '").append(tmpControl);
            ps.setString(idxControl, txt);
        }
        if (idxCa != null) {
            sb.append("ca: ").append(caIdent);
            ps.setInt(idxCa, caIdent.getId());
        }
        ps.setString(index.get(), name);
        if (ps.executeUpdate() == 0) {
            throw new CaMgmtException("could not change SCEP " + name);
        }
        final int sbLen = sb.length();
        if (sbLen > 0) {
            sb.delete(sbLen - 2, sbLen);
        }
        LOG.info("changed SCEP: {}", sb);
        return scep;
    } catch (SQLException ex) {
        throw new CaMgmtException(datasource, sql, ex);
    } finally {
        datasource.releaseResources(ps, null);
    }
}
Also used : NameId(org.xipki.ca.api.NameId) SQLException(java.sql.SQLException) InvalidConfException(org.xipki.common.InvalidConfException) ScepImpl(org.xipki.ca.server.impl.scep.ScepImpl) PreparedStatement(java.sql.PreparedStatement) ScepEntry(org.xipki.ca.server.mgmt.api.x509.ScepEntry) AtomicInteger(java.util.concurrent.atomic.AtomicInteger) CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException) AtomicInteger(java.util.concurrent.atomic.AtomicInteger)

Example 8 with ScepEntry

use of org.xipki.ca.server.mgmt.api.x509.ScepEntry in project xipki by xipki.

the class CaConf method init.

private void init(CAConfType jaxb, String baseDir, ZipFile zipFile, SecurityFactory securityFactory) throws IOException, InvalidConfException, CaMgmtException {
    // Properties
    if (baseDir != null) {
        properties.put("baseDir", baseDir);
    }
    if (jaxb.getProperties() != null) {
        for (NameValueType m : jaxb.getProperties().getProperty()) {
            String name = m.getName();
            if (properties.containsKey(name)) {
                throw new InvalidConfException("Property " + name + " already defined");
            }
            properties.put(name, m.getValue());
        }
    }
    // CMP controls
    if (jaxb.getCmpcontrols() != null) {
        for (CmpcontrolType m : jaxb.getCmpcontrols().getCmpcontrol()) {
            CmpControlEntry en = new CmpControlEntry(m.getName(), getValue(m.getConf(), zipFile));
            addCmpControl(en);
        }
    }
    // Responders
    if (jaxb.getResponders() != null) {
        for (ResponderType m : jaxb.getResponders().getResponder()) {
            ResponderEntry en = new ResponderEntry(m.getName(), expandConf(m.getType()), getValue(m.getConf(), zipFile), getBase64Binary(m.getCert(), zipFile));
            addResponder(en);
        }
    }
    // Environments
    if (jaxb.getEnvironments() != null) {
        for (NameValueType m : jaxb.getEnvironments().getEnvironment()) {
            addEnvironment(m.getName(), expandConf(m.getValue()));
        }
    }
    // CRL signers
    if (jaxb.getCrlsigners() != null) {
        for (CrlsignerType m : jaxb.getCrlsigners().getCrlsigner()) {
            X509CrlSignerEntry en = new X509CrlSignerEntry(m.getName(), expandConf(m.getSignerType()), getValue(m.getSignerConf(), zipFile), getBase64Binary(m.getSignerCert(), zipFile), expandConf(m.getCrlControl()));
            addCrlSigner(en);
        }
    }
    // Requestors
    if (jaxb.getRequestors() != null) {
        for (RequestorType m : jaxb.getRequestors().getRequestor()) {
            RequestorEntry en = new RequestorEntry(new NameId(null, m.getName()), getBase64Binary(m.getCert(), zipFile));
            addRequestor(en);
        }
    }
    // Users
    if (jaxb.getUsers() != null) {
        for (UserType m : jaxb.getUsers().getUser()) {
            boolean active = (m.isActive() != null) ? m.isActive() : true;
            String password = m.getPassword();
            if (password != null) {
                AddUserEntry en = new AddUserEntry(new NameId(null, m.getName()), active, password);
                addUser(en);
            } else {
                UserEntry en = new UserEntry(new NameId(null, m.getName()), active, m.getHashedPassword());
                addUser(en);
            }
        }
    }
    // Publishers
    if (jaxb.getPublishers() != null) {
        for (PublisherType m : jaxb.getPublishers().getPublisher()) {
            PublisherEntry en = new PublisherEntry(new NameId(null, m.getName()), expandConf(m.getType()), getValue(m.getConf(), zipFile));
            addPublisher(en);
        }
    }
    // CertProfiles
    if (jaxb.getProfiles() != null) {
        for (ProfileType m : jaxb.getProfiles().getProfile()) {
            CertprofileEntry en = new CertprofileEntry(new NameId(null, m.getName()), expandConf(m.getType()), getValue(m.getConf(), zipFile));
            addProfile(en);
        }
    }
    // CAs
    if (jaxb.getCas() != null) {
        for (CaType m : jaxb.getCas().getCa()) {
            String name = m.getName();
            GenSelfIssued genSelfIssued = null;
            X509CaEntry caEntry = null;
            if (m.getCaInfo() != null) {
                X509CaInfoType ci = m.getCaInfo().getX509Ca();
                if (ci.getGenSelfIssued() != null) {
                    String certFilename = null;
                    if (ci.getCert() != null) {
                        if (ci.getCert().getFile() != null) {
                            certFilename = expandConf(ci.getCert().getFile());
                        } else {
                            throw new InvalidConfException("cert.file of CA " + name + " must not be null");
                        }
                    }
                    byte[] csr = getBinary(ci.getGenSelfIssued().getCsr(), zipFile);
                    BigInteger serialNumber = null;
                    String str = ci.getGenSelfIssued().getSerialNumber();
                    if (str != null) {
                        if (str.startsWith("0x") || str.startsWith("0X")) {
                            serialNumber = new BigInteger(str.substring(2), 16);
                        } else {
                            serialNumber = new BigInteger(str);
                        }
                    }
                    genSelfIssued = new GenSelfIssued(ci.getGenSelfIssued().getProfile(), csr, serialNumber, certFilename);
                }
                X509CaUris caUris = new X509CaUris(getStrings(ci.getCacertUris()), getStrings(ci.getOcspUris()), getStrings(ci.getCrlUris()), getStrings(ci.getDeltacrlUris()));
                int exprirationPeriod = (ci.getExpirationPeriod() == null) ? 365 : ci.getExpirationPeriod().intValue();
                int numCrls = (ci.getNumCrls() == null) ? 30 : ci.getNumCrls().intValue();
                caEntry = new X509CaEntry(new NameId(null, name), ci.getSnSize(), ci.getNextCrlNo(), expandConf(ci.getSignerType()), getValue(ci.getSignerConf(), zipFile), caUris, numCrls, exprirationPeriod);
                caEntry.setCmpControlName(ci.getCmpcontrolName());
                caEntry.setCrlSignerName(ci.getCrlsignerName());
                caEntry.setDuplicateKeyPermitted(ci.isDuplicateKey());
                caEntry.setDuplicateSubjectPermitted(ci.isDuplicateSubject());
                if (ci.getExtraControl() != null) {
                    String value = getValue(ci.getExtraControl(), zipFile);
                    if (value != null) {
                        caEntry.setExtraControl(new ConfPairs(value).unmodifiable());
                    }
                }
                int keepExpiredCertDays = (ci.getKeepExpiredCertDays() == null) ? -1 : ci.getKeepExpiredCertDays().intValue();
                caEntry.setKeepExpiredCertInDays(keepExpiredCertDays);
                caEntry.setMaxValidity(CertValidity.getInstance(ci.getMaxValidity()));
                caEntry.setPermission(ci.getPermission());
                caEntry.setResponderName(ci.getResponderName());
                caEntry.setSaveRequest(ci.isSaveReq());
                caEntry.setStatus(CaStatus.forName(ci.getStatus()));
                if (ci.getValidityMode() != null) {
                    caEntry.setValidityMode(ValidityMode.forName(ci.getValidityMode()));
                }
                if (ci.getGenSelfIssued() == null) {
                    X509Certificate caCert;
                    if (ci.getCert() != null) {
                        byte[] bytes = getBinary(ci.getCert(), zipFile);
                        try {
                            caCert = X509Util.parseCert(bytes);
                        } catch (CertificateException ex) {
                            throw new InvalidConfException("invalid certificate of CA " + name, ex);
                        }
                    } else {
                        // extract from the signer configuration
                        ConcurrentContentSigner signer;
                        try {
                            List<String[]> signerConfs = CaEntry.splitCaSignerConfs(getValue(ci.getSignerConf(), zipFile));
                            SignerConf signerConf = new SignerConf(signerConfs.get(0)[1]);
                            signer = securityFactory.createSigner(expandConf(ci.getSignerType()), signerConf, (X509Certificate) null);
                        } catch (ObjectCreationException | XiSecurityException ex) {
                            throw new InvalidConfException("could not create CA signer for CA " + name, ex);
                        }
                        caCert = signer.getCertificate();
                    }
                    caEntry.setCert(caCert);
                }
            }
            List<CaHasRequestorEntry> caHasRequestors = null;
            if (m.getRequestors() != null) {
                caHasRequestors = new LinkedList<>();
                for (CaHasRequestorType req : m.getRequestors().getRequestor()) {
                    CaHasRequestorEntry en = new CaHasRequestorEntry(new NameId(null, req.getRequestorName()));
                    en.setRa(req.isRa());
                    List<String> strs = getStrings(req.getProfiles());
                    if (strs != null) {
                        en.setProfiles(new HashSet<>(strs));
                    }
                    en.setPermission(req.getPermission());
                    caHasRequestors.add(en);
                }
            }
            List<CaHasUserEntry> caHasUsers = null;
            if (m.getUsers() != null) {
                caHasUsers = new LinkedList<>();
                for (CaHasUserType req : m.getUsers().getUser()) {
                    CaHasUserEntry en = new CaHasUserEntry(new NameId(null, req.getUserName()));
                    en.setPermission(req.getPermission());
                    List<String> strs = getStrings(req.getProfiles());
                    if (strs != null) {
                        en.setProfiles(new HashSet<>(strs));
                    }
                    caHasUsers.add(en);
                }
            }
            List<String> aliases = getStrings(m.getAliases());
            List<String> profileNames = getStrings(m.getProfiles());
            List<String> publisherNames = getStrings(m.getPublishers());
            SingleCaConf singleCa = new SingleCaConf(name, genSelfIssued, caEntry, aliases, profileNames, caHasRequestors, caHasUsers, publisherNames);
            addSingleCa(singleCa);
        }
    }
    // SCEPs
    if (jaxb.getSceps() != null) {
        for (ScepType m : jaxb.getSceps().getScep()) {
            String name = m.getName();
            NameId caIdent = new NameId(null, m.getCaName());
            List<String> certProfiles = getStrings(m.getProfiles());
            ScepEntry dbEntry = new ScepEntry(name, caIdent, true, m.getResponderName(), new HashSet<>(certProfiles), m.getControl());
            sceps.put(name, dbEntry);
        }
    }
}
Also used : CmpcontrolType(org.xipki.ca.server.mgmt.api.conf.jaxb.CmpcontrolType) CaHasUserEntry(org.xipki.ca.server.mgmt.api.CaHasUserEntry) NameValueType(org.xipki.ca.server.mgmt.api.conf.jaxb.NameValueType) NameId(org.xipki.ca.api.NameId) PublisherType(org.xipki.ca.server.mgmt.api.conf.jaxb.PublisherType) RequestorType(org.xipki.ca.server.mgmt.api.conf.jaxb.RequestorType) CaHasRequestorType(org.xipki.ca.server.mgmt.api.conf.jaxb.CaHasRequestorType) CertificateException(java.security.cert.CertificateException) CaHasRequestorType(org.xipki.ca.server.mgmt.api.conf.jaxb.CaHasRequestorType) CaType(org.xipki.ca.server.mgmt.api.conf.jaxb.CaType) PublisherEntry(org.xipki.ca.server.mgmt.api.PublisherEntry) CmpControlEntry(org.xipki.ca.server.mgmt.api.CmpControlEntry) ResponderEntry(org.xipki.ca.server.mgmt.api.ResponderEntry) SignerConf(org.xipki.security.SignerConf) ResponderType(org.xipki.ca.server.mgmt.api.conf.jaxb.ResponderType) X509Certificate(java.security.cert.X509Certificate) ScepEntry(org.xipki.ca.server.mgmt.api.x509.ScepEntry) AddUserEntry(org.xipki.ca.server.mgmt.api.AddUserEntry) BigInteger(java.math.BigInteger) UserType(org.xipki.ca.server.mgmt.api.conf.jaxb.UserType) CaHasUserType(org.xipki.ca.server.mgmt.api.conf.jaxb.CaHasUserType) CrlsignerType(org.xipki.ca.server.mgmt.api.conf.jaxb.CrlsignerType) X509CaEntry(org.xipki.ca.server.mgmt.api.x509.X509CaEntry) ScepType(org.xipki.ca.server.mgmt.api.conf.jaxb.ScepType) RequestorEntry(org.xipki.ca.server.mgmt.api.RequestorEntry) CaHasRequestorEntry(org.xipki.ca.server.mgmt.api.CaHasRequestorEntry) InvalidConfException(org.xipki.common.InvalidConfException) XiSecurityException(org.xipki.security.exception.XiSecurityException) X509CrlSignerEntry(org.xipki.ca.server.mgmt.api.x509.X509CrlSignerEntry) ProfileType(org.xipki.ca.server.mgmt.api.conf.jaxb.ProfileType) ConfPairs(org.xipki.common.ConfPairs) CertprofileEntry(org.xipki.ca.server.mgmt.api.CertprofileEntry) X509CaUris(org.xipki.ca.server.mgmt.api.x509.X509CaUris) ConcurrentContentSigner(org.xipki.security.ConcurrentContentSigner) ObjectCreationException(org.xipki.common.ObjectCreationException) CaHasUserType(org.xipki.ca.server.mgmt.api.conf.jaxb.CaHasUserType) X509CaInfoType(org.xipki.ca.server.mgmt.api.conf.jaxb.X509CaInfoType) CaHasUserEntry(org.xipki.ca.server.mgmt.api.CaHasUserEntry) AddUserEntry(org.xipki.ca.server.mgmt.api.AddUserEntry) UserEntry(org.xipki.ca.server.mgmt.api.UserEntry) CaHasRequestorEntry(org.xipki.ca.server.mgmt.api.CaHasRequestorEntry)

Aggregations

ScepEntry (org.xipki.ca.server.mgmt.api.x509.ScepEntry)8 CaMgmtException (org.xipki.ca.server.mgmt.api.CaMgmtException)6 NameId (org.xipki.ca.api.NameId)3 AddUserEntry (org.xipki.ca.server.mgmt.api.AddUserEntry)3 CaHasRequestorEntry (org.xipki.ca.server.mgmt.api.CaHasRequestorEntry)3 CaHasUserEntry (org.xipki.ca.server.mgmt.api.CaHasUserEntry)3 CertprofileEntry (org.xipki.ca.server.mgmt.api.CertprofileEntry)3 CmpControlEntry (org.xipki.ca.server.mgmt.api.CmpControlEntry)3 PublisherEntry (org.xipki.ca.server.mgmt.api.PublisherEntry)3 RequestorEntry (org.xipki.ca.server.mgmt.api.RequestorEntry)3 ResponderEntry (org.xipki.ca.server.mgmt.api.ResponderEntry)3 UserEntry (org.xipki.ca.server.mgmt.api.UserEntry)3 ChangeScepEntry (org.xipki.ca.server.mgmt.api.x509.ChangeScepEntry)3 X509CaEntry (org.xipki.ca.server.mgmt.api.x509.X509CaEntry)3 X509CrlSignerEntry (org.xipki.ca.server.mgmt.api.x509.X509CrlSignerEntry)3 InvalidConfException (org.xipki.common.InvalidConfException)3 IOException (java.io.IOException)2 CertificateEncodingException (java.security.cert.CertificateEncodingException)2 X509Certificate (java.security.cert.X509Certificate)2 ChangeUserEntry (org.xipki.ca.server.mgmt.api.ChangeUserEntry)2