Example 1 with X509CaEntry
use of org.xipki.ca.server.mgmt.api.x509.X509CaEntry in project xipki by xipki.
the class CaManagerImpl method generateRootCa.
// method getIdentifiedPublishersForCa
@Override
public X509Certificate generateRootCa(X509CaEntry caEntry, String profileName, byte[] encodedCsr, BigInteger serialNumber) throws CaMgmtException {
ParamUtil.requireNonNull("caEntry", caEntry);
profileName = ParamUtil.requireNonBlank("profileName", profileName).toLowerCase();
ParamUtil.requireNonNull("encodedCsr", encodedCsr);
int numCrls = caEntry.getNumCrls();
List<String> crlUris = caEntry.getCrlUris();
List<String> deltaCrlUris = caEntry.getDeltaCrlUris();
List<String> ocspUris = caEntry.getOcspUris();
List<String> caCertUris = caEntry.getCaCertUris();
String signerType = caEntry.getSignerType();
asssertMasterMode();
if (numCrls < 0) {
System.err.println("invalid numCrls: " + numCrls);
return null;
}
int expirationPeriod = caEntry.getExpirationPeriod();
if (expirationPeriod < 0) {
System.err.println("invalid expirationPeriod: " + expirationPeriod);
return null;
}
CertificationRequest csr;
try {
csr = CertificationRequest.getInstance(encodedCsr);
} catch (Exception ex) {
System.err.println("invalid encodedCsr");
return null;
}
IdentifiedX509Certprofile certprofile = getIdentifiedCertprofile(profileName);
if (certprofile == null) {
throw new CaMgmtException(concat("unknown certprofile ", profileName));
}
BigInteger serialOfThisCert = (serialNumber != null) ? serialNumber : RandomSerialNumberGenerator.getInstance().nextSerialNumber(caEntry.getSerialNoBitLen());
GenerateSelfSignedResult result;
try {
result = X509SelfSignedCertBuilder.generateSelfSigned(securityFactory, signerType, caEntry.getSignerConf(), certprofile, csr, serialOfThisCert, caCertUris, ocspUris, crlUris, deltaCrlUris, caEntry.getExtraControl());
} catch (OperationException | InvalidConfException ex) {
throw new CaMgmtException(concat(ex.getClass().getName(), ": ", ex.getMessage()), ex);
}
String signerConf = result.getSignerConf();
X509Certificate caCert = result.getCert();
if ("PKCS12".equalsIgnoreCase(signerType) || "JKS".equalsIgnoreCase(signerType)) {
try {
signerConf = canonicalizeSignerConf(signerType, signerConf, new X509Certificate[] { caCert }, securityFactory);
} catch (Exception ex) {
throw new CaMgmtException(concat(ex.getClass().getName(), ": ", ex.getMessage()), ex);
}
}
X509CaUris caUris = new X509CaUris(caCertUris, ocspUris, crlUris, deltaCrlUris);
String name = caEntry.getIdent().getName();
long nextCrlNumber = caEntry.getNextCrlNumber();
CaStatus status = caEntry.getStatus();
X509CaEntry entry = new X509CaEntry(new NameId(null, name), caEntry.getSerialNoBitLen(), nextCrlNumber, signerType, signerConf, caUris, numCrls, expirationPeriod);
entry.setCert(caCert);
entry.setCmpControlName(caEntry.getCmpControlName());
entry.setCrlSignerName(caEntry.getCrlSignerName());
entry.setDuplicateKeyPermitted(caEntry.isDuplicateKeyPermitted());
entry.setDuplicateSubjectPermitted(caEntry.isDuplicateSubjectPermitted());
entry.setExtraControl(caEntry.getExtraControl());
entry.setKeepExpiredCertInDays(caEntry.getKeepExpiredCertInDays());
entry.setMaxValidity(caEntry.getMaxValidity());
entry.setPermission(caEntry.getPermission());
entry.setResponderName(caEntry.getResponderName());
entry.setSaveRequest(caEntry.isSaveRequest());
entry.setStatus(status);
entry.setValidityMode(caEntry.getValidityMode());
addCa(entry);
return caCert;
}
Also used :
NameId(org.xipki.ca.api.NameId)
InvalidConfException(org.xipki.common.InvalidConfException)
CaStatus(org.xipki.ca.server.mgmt.api.CaStatus)
CertprofileException(org.xipki.ca.api.profile.CertprofileException)
KeyStoreException(java.security.KeyStoreException)
XiSecurityException(org.xipki.security.exception.XiSecurityException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
InvalidConfException(org.xipki.common.InvalidConfException)
SocketException(java.net.SocketException)
IOException(java.io.IOException)
CertPublisherException(org.xipki.ca.api.publisher.CertPublisherException)
OperationException(org.xipki.ca.api.OperationException)
CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException)
ObjectCreationException(org.xipki.common.ObjectCreationException)
DataAccessException(org.xipki.datasource.DataAccessException)
JAXBException(javax.xml.bind.JAXBException)
FileNotFoundException(java.io.FileNotFoundException)
SAXException(org.xml.sax.SAXException)
CertificateException(java.security.cert.CertificateException)
PasswordResolverException(org.xipki.password.PasswordResolverException)
X509Certificate(java.security.cert.X509Certificate)
CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException)
X509CaUris(org.xipki.ca.server.mgmt.api.x509.X509CaUris)
GenerateSelfSignedResult(org.xipki.ca.server.impl.X509SelfSignedCertBuilder.GenerateSelfSignedResult)
BigInteger(java.math.BigInteger)
CertificationRequest(org.bouncycastle.asn1.pkcs.CertificationRequest)
OperationException(org.xipki.ca.api.OperationException)
X509CaEntry(org.xipki.ca.server.mgmt.api.x509.X509CaEntry)
Example 2 with X509CaEntry
use of org.xipki.ca.server.mgmt.api.x509.X509CaEntry in project xipki by xipki.
the class CaAddOrGenAction method getCaEntry.
protected X509CaEntry getCaEntry() throws Exception {
ParamUtil.requireRange("sn-bitlen", snBitLen, 63, 159);
if (nextCrlNumber < 1) {
throw new IllegalCmdParamException("invalid CRL number: " + nextCrlNumber);
}
if (numCrls < 0) {
throw new IllegalCmdParamException("invalid numCrls: " + numCrls);
}
if (expirationPeriod < 0) {
throw new IllegalCmdParamException("invalid expirationPeriod: " + expirationPeriod);
}
if ("PKCS12".equalsIgnoreCase(signerType) || "JKS".equalsIgnoreCase(signerType)) {
signerConf = ShellUtil.canonicalizeSignerConf(signerType, signerConf, passwordResolver, securityFactory);
}
X509CaUris caUris = new X509CaUris(caCertUris, ocspUris, crlUris, deltaCrlUris);
X509CaEntry entry = new X509CaEntry(new NameId(null, caName), snBitLen, nextCrlNumber, signerType, signerConf, caUris, numCrls.intValue(), expirationPeriod.intValue());
entry.setKeepExpiredCertInDays(keepExpiredCertInDays.intValue());
boolean duplicateKeyPermitted = isEnabled(duplicateKeyS, true, "duplicate-key");
entry.setDuplicateKeyPermitted(duplicateKeyPermitted);
boolean duplicateSubjectPermitted = isEnabled(duplicateSubjectS, true, "duplicate-subject");
entry.setDuplicateSubjectPermitted(duplicateSubjectPermitted);
boolean saveReq = isEnabled(saveReqS, false, "save-req");
entry.setSaveRequest(saveReq);
ValidityMode validityMode = ValidityMode.forName(validityModeS);
entry.setValidityMode(validityMode);
CaStatus status = CaStatus.forName(caStatus);
entry.setStatus(status);
if (crlSignerName != null) {
entry.setCrlSignerName(crlSignerName);
}
if (responderName != null) {
entry.setResponderName(responderName);
}
CertValidity tmpMaxValidity = CertValidity.getInstance(maxValidity);
entry.setMaxValidity(tmpMaxValidity);
entry.setKeepExpiredCertInDays(keepExpiredCertInDays);
if (cmpControlName != null) {
entry.setCmpControlName(cmpControlName);
}
int intPermission = ShellUtil.getPermission(permissions);
entry.setPermission(intPermission);
if (extraControl != null) {
extraControl = extraControl.trim();
}
if (StringUtil.isNotBlank(extraControl)) {
entry.setExtraControl(new ConfPairs(extraControl).unmodifiable());
}
return entry;
}
Also used :
X509CaUris(org.xipki.ca.server.mgmt.api.x509.X509CaUris)
ValidityMode(org.xipki.ca.server.mgmt.api.ValidityMode)
NameId(org.xipki.ca.api.NameId)
CertValidity(org.xipki.ca.api.profile.CertValidity)
IllegalCmdParamException(org.xipki.console.karaf.IllegalCmdParamException)
ConfPairs(org.xipki.common.ConfPairs)
CaStatus(org.xipki.ca.server.mgmt.api.CaStatus)
X509CaEntry(org.xipki.ca.server.mgmt.api.x509.X509CaEntry)
Example 3 with X509CaEntry
use of org.xipki.ca.server.mgmt.api.x509.X509CaEntry in project xipki by xipki.
the class CaGenRcaCmd method execute0.
@Override
protected Object execute0() throws Exception {
X509CaEntry caEntry = getCaEntry();
byte[] csr = IoUtil.read(csrFile);
BigInteger serialNumber = null;
if (serialS != null) {
serialNumber = toBigInt(serialS);
}
X509Certificate rootcaCert = caManager.generateRootCa(caEntry, rootcaProfile, csr, serialNumber);
if (rootcaCertOutFile != null) {
saveVerbose("saved root certificate to file", new File(rootcaCertOutFile), rootcaCert.getEncoded());
}
println("generated root CA " + caEntry.getIdent().getName());
return null;
}
Also used :
BigInteger(java.math.BigInteger)
File(java.io.File)
X509Certificate(java.security.cert.X509Certificate)
X509CaEntry(org.xipki.ca.server.mgmt.api.x509.X509CaEntry)
Example 4 with X509CaEntry
use of org.xipki.ca.server.mgmt.api.x509.X509CaEntry in project xipki by xipki.
the class CaAddCmd method execute0.
@Override
protected Object execute0() throws Exception {
X509CaEntry caEntry = getCaEntry();
if (certFile != null) {
X509Certificate caCert = X509Util.parseCert(certFile);
caEntry.setCert(caCert);
}
String msg = "CA " + caEntry.getIdent().getName();
try {
caManager.addCa(caEntry);
println("added " + msg);
return null;
} catch (CaMgmtException ex) {
throw new CmdFailure("could not add " + msg + ", error: " + ex.getMessage(), ex);
}
}
Also used :
CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException)
CmdFailure(org.xipki.console.karaf.CmdFailure)
X509Certificate(java.security.cert.X509Certificate)
X509CaEntry(org.xipki.ca.server.mgmt.api.x509.X509CaEntry)
Example 5 with X509CaEntry
use of org.xipki.ca.server.mgmt.api.x509.X509CaEntry in project xipki by xipki.
the class RcaNameCompleter method getEnums.
@Override
protected Set<String> getEnums() {
Set<String> ret = new HashSet<>();
for (String name : caManager.getCaNames()) {
CaEntry caEntry = caManager.getCa(name);
if (!(caEntry instanceof X509CaEntry)) {
continue;
}
X509Certificate cert = ((X509CaEntry) caEntry).getCert();
if (cert.getIssuerX500Principal().equals(cert.getSubjectX500Principal())) {
ret.add(name);
}
}
return ret;
}
Also used :
X509CaEntry(org.xipki.ca.server.mgmt.api.x509.X509CaEntry)
CaEntry(org.xipki.ca.server.mgmt.api.CaEntry)
X509Certificate(java.security.cert.X509Certificate)
HashSet(java.util.HashSet)
X509CaEntry(org.xipki.ca.server.mgmt.api.x509.X509CaEntry)
Aggregations
X509CaEntry (org.xipki.ca.server.mgmt.api.x509.X509CaEntry)13
X509Certificate (java.security.cert.X509Certificate)8
CaMgmtException (org.xipki.ca.server.mgmt.api.CaMgmtException)7
NameId (org.xipki.ca.api.NameId)5
ConfPairs (org.xipki.common.ConfPairs)5
BigInteger (java.math.BigInteger)4
CertificateEncodingException (java.security.cert.CertificateEncodingException)4
CaEntry (org.xipki.ca.server.mgmt.api.CaEntry)4
ObjectCreationException (org.xipki.common.ObjectCreationException)4
IOException (java.io.IOException)3
AddUserEntry (org.xipki.ca.server.mgmt.api.AddUserEntry)3
CaHasRequestorEntry (org.xipki.ca.server.mgmt.api.CaHasRequestorEntry)3
CaHasUserEntry (org.xipki.ca.server.mgmt.api.CaHasUserEntry)3
CertprofileEntry (org.xipki.ca.server.mgmt.api.CertprofileEntry)3
CmpControlEntry (org.xipki.ca.server.mgmt.api.CmpControlEntry)3
PublisherEntry (org.xipki.ca.server.mgmt.api.PublisherEntry)3
RequestorEntry (org.xipki.ca.server.mgmt.api.RequestorEntry)3
ResponderEntry (org.xipki.ca.server.mgmt.api.ResponderEntry)3
UserEntry (org.xipki.ca.server.mgmt.api.UserEntry)3
ScepEntry (org.xipki.ca.server.mgmt.api.x509.ScepEntry)3
