Search in sources :

Example 1 with X509CrlSignerEntry

use of org.xipki.ca.server.mgmt.api.x509.X509CrlSignerEntry in project xipki by xipki.

the class CaManagerImpl method initCrlSigners.

// method initPublishers
private void initCrlSigners() throws CaMgmtException {
    if (crlSignersInitialized) {
        return;
    }
    crlSigners.clear();
    crlSignerDbEntries.clear();
    List<String> names = queryExecutor.namesFromTable("CRLSIGNER");
    for (String name : names) {
        X509CrlSignerEntry dbEntry = queryExecutor.createCrlSigner(name);
        if (dbEntry == null) {
            LOG.error("could not initialize CRL signer '{}'", name);
            continue;
        }
        crlSignerDbEntries.put(name, dbEntry);
        X509CrlSignerEntryWrapper crlSigner = createX509CrlSigner(dbEntry);
        crlSigners.put(name, crlSigner);
    }
    crlSignersInitialized = true;
}
Also used : X509CrlSignerEntry(org.xipki.ca.server.mgmt.api.x509.X509CrlSignerEntry)

Example 2 with X509CrlSignerEntry

use of org.xipki.ca.server.mgmt.api.x509.X509CrlSignerEntry in project xipki by xipki.

the class CaManagerQueryExecutor method changeCrlSigner.

// method changeResponder
X509CrlSignerEntryWrapper changeCrlSigner(String name, String signerType, String signerConf, String base64Cert, String crlControl, CaManagerImpl caManager, SecurityFactory securityFactory) throws CaMgmtException {
    ParamUtil.requireNonBlank("name", name);
    ParamUtil.requireNonNull("caManager", caManager);
    StringBuilder sqlBuilder = new StringBuilder();
    sqlBuilder.append("UPDATE CRLSIGNER SET ");
    AtomicInteger index = new AtomicInteger(1);
    Integer idxSignerType = addToSqlIfNotNull(sqlBuilder, index, signerType, "SIGNER_TYPE");
    Integer idxSignerCert = addToSqlIfNotNull(sqlBuilder, index, base64Cert, "SIGNER_CERT");
    Integer idxCrlControl = addToSqlIfNotNull(sqlBuilder, index, crlControl, "CRL_CONTROL");
    Integer idxSignerConf = addToSqlIfNotNull(sqlBuilder, index, signerConf, "SIGNER_CONF");
    sqlBuilder.deleteCharAt(sqlBuilder.length() - 1);
    sqlBuilder.append(" WHERE NAME=?");
    if (index.get() == 1) {
        throw new IllegalArgumentException("nothing to change");
    }
    X509CrlSignerEntry dbEntry = createCrlSigner(name);
    String tmpSignerType = (signerType == null) ? dbEntry.getType() : signerType;
    String tmpCrlControl = crlControl;
    String tmpSignerConf;
    String tmpBase64Cert;
    if ("CA".equalsIgnoreCase(tmpSignerType)) {
        tmpSignerConf = null;
        tmpBase64Cert = null;
    } else {
        if (signerConf == null) {
            tmpSignerConf = dbEntry.getConf();
        } else {
            tmpSignerConf = CaManagerImpl.canonicalizeSignerConf(tmpSignerType, signerConf, null, securityFactory);
        }
        if (base64Cert == null) {
            tmpBase64Cert = dbEntry.getBase64Cert();
        } else {
            tmpBase64Cert = base64Cert;
        }
    }
    if (tmpCrlControl == null) {
        tmpCrlControl = dbEntry.crlControl();
    } else {
        // validate crlControl
        try {
            new CrlControl(tmpCrlControl);
        } catch (InvalidConfException ex) {
            throw new CaMgmtException(concat("invalid CRL control '", tmpCrlControl, "'"));
        }
    }
    try {
        dbEntry = new X509CrlSignerEntry(name, tmpSignerType, tmpSignerConf, tmpBase64Cert, tmpCrlControl);
    } catch (InvalidConfException ex) {
        throw new CaMgmtException(ex);
    }
    X509CrlSignerEntryWrapper crlSigner = caManager.createX509CrlSigner(dbEntry);
    final String sql = sqlBuilder.toString();
    PreparedStatement ps = null;
    try {
        StringBuilder sb = new StringBuilder();
        ps = prepareStatement(sql);
        if (idxSignerType != null) {
            sb.append("signerType: '").append(tmpSignerType).append("'; ");
            ps.setString(idxSignerType, tmpSignerType);
        }
        if (idxSignerConf != null) {
            String txt = getRealString(tmpSignerConf);
            sb.append("signerConf: '").append(SignerConf.toString(txt, false, true)).append("'; ");
            ps.setString(idxSignerConf, txt);
        }
        if (idxSignerCert != null) {
            String txt = getRealString(tmpBase64Cert);
            String subject = null;
            if (txt != null) {
                try {
                    subject = canonicalizName(X509Util.parseBase64EncodedCert(txt).getSubjectX500Principal());
                } catch (CertificateException ex) {
                    subject = "ERROR";
                }
            }
            sb.append("signerCert: '").append(subject).append("'; ");
            ps.setString(idxSignerCert, txt);
        }
        if (idxCrlControl != null) {
            sb.append("crlControl: '").append(tmpCrlControl).append("'; ");
            ps.setString(idxCrlControl, tmpCrlControl);
        }
        ps.setString(index.get(), name);
        if (ps.executeUpdate() == 0) {
            throw new CaMgmtException("could not change CRL signer " + name);
        }
        if (sb.length() > 0) {
            sb.deleteCharAt(sb.length() - 1).deleteCharAt(sb.length() - 1);
        }
        LOG.info("changed CRL signer '{}': {}", name, sb);
        return crlSigner;
    } catch (SQLException ex) {
        throw new CaMgmtException(datasource, sql, ex);
    } finally {
        datasource.releaseResources(ps, null);
    }
}
Also used : CrlControl(org.xipki.ca.server.mgmt.api.x509.CrlControl) SQLException(java.sql.SQLException) InvalidConfException(org.xipki.common.InvalidConfException) PreparedStatement(java.sql.PreparedStatement) CertificateException(java.security.cert.CertificateException) AtomicInteger(java.util.concurrent.atomic.AtomicInteger) CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException) AtomicInteger(java.util.concurrent.atomic.AtomicInteger) X509CrlSignerEntry(org.xipki.ca.server.mgmt.api.x509.X509CrlSignerEntry)

Example 3 with X509CrlSignerEntry

use of org.xipki.ca.server.mgmt.api.x509.X509CrlSignerEntry in project xipki by xipki.

the class X509CrlSignerEntryWrapper method setDbEntry.

public void setDbEntry(X509CrlSignerEntry dbEntry) throws InvalidConfException {
    this.dbEntry = dbEntry;
    this.crlControl = new CrlControl(dbEntry.crlControl());
}
Also used : CrlControl(org.xipki.ca.server.mgmt.api.x509.CrlControl)

Example 4 with X509CrlSignerEntry

use of org.xipki.ca.server.mgmt.api.x509.X509CrlSignerEntry in project xipki by xipki.

the class CaManagerImpl method addCrlSigner.

@Override
public void addCrlSigner(X509CrlSignerEntry dbEntry) throws CaMgmtException {
    ParamUtil.requireNonNull("dbEntry", dbEntry);
    asssertMasterMode();
    String name = dbEntry.getName();
    if (crlSigners.containsKey(name)) {
        throw new CaMgmtException(concat("CRL signer named ", name, " exists"));
    }
    String conf = dbEntry.getConf();
    if (conf != null) {
        String newConf = canonicalizeSignerConf(dbEntry.getType(), conf, null, securityFactory);
        if (!conf.equals(newConf)) {
            dbEntry.setConf(newConf);
        }
    }
    X509CrlSignerEntryWrapper crlSigner = createX509CrlSigner(dbEntry);
    X509CrlSignerEntry tmpDbEntry = crlSigner.getDbEntry();
    queryExecutor.addCrlSigner(tmpDbEntry);
    crlSigners.put(name, crlSigner);
    crlSignerDbEntries.put(name, tmpDbEntry);
}
Also used : CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException) X509CrlSignerEntry(org.xipki.ca.server.mgmt.api.x509.X509CrlSignerEntry)

Example 5 with X509CrlSignerEntry

use of org.xipki.ca.server.mgmt.api.x509.X509CrlSignerEntry in project xipki by xipki.

the class CrlSignerAddCmd method execute0.

@Override
protected Object execute0() throws Exception {
    String base64Cert = null;
    if (!"CA".equalsIgnoreCase(signerType)) {
        if (signerCertFile != null) {
            byte[] encodedCert = IoUtil.read(signerCertFile);
            base64Cert = IoUtil.base64Encode(encodedCert, false);
            X509Util.parseCert(encodedCert);
        }
        if (signerConf != null) {
            if ("PKCS12".equalsIgnoreCase(signerType) || "JKS".equalsIgnoreCase(signerType)) {
                signerConf = ShellUtil.canonicalizeSignerConf(signerType, signerConf, passwordResolver, securityFactory);
            }
        }
    }
    X509CrlSignerEntry entry = new X509CrlSignerEntry(name, signerType, signerConf, base64Cert, crlControl);
    String msg = "CRL signer " + name;
    try {
        caManager.addCrlSigner(entry);
        println("added " + msg);
        return null;
    } catch (CaMgmtException ex) {
        throw new CmdFailure("could not add " + msg + ", error: " + ex.getMessage(), ex);
    }
}
Also used : CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException) CmdFailure(org.xipki.console.karaf.CmdFailure) X509CrlSignerEntry(org.xipki.ca.server.mgmt.api.x509.X509CrlSignerEntry)

Aggregations

X509CrlSignerEntry (org.xipki.ca.server.mgmt.api.x509.X509CrlSignerEntry)11 CaMgmtException (org.xipki.ca.server.mgmt.api.CaMgmtException)7 InvalidConfException (org.xipki.common.InvalidConfException)4 CertificateEncodingException (java.security.cert.CertificateEncodingException)3 PreparedStatement (java.sql.PreparedStatement)3 SQLException (java.sql.SQLException)3 AddUserEntry (org.xipki.ca.server.mgmt.api.AddUserEntry)3 CaHasRequestorEntry (org.xipki.ca.server.mgmt.api.CaHasRequestorEntry)3 CaHasUserEntry (org.xipki.ca.server.mgmt.api.CaHasUserEntry)3 CertprofileEntry (org.xipki.ca.server.mgmt.api.CertprofileEntry)3 CmpControlEntry (org.xipki.ca.server.mgmt.api.CmpControlEntry)3 PublisherEntry (org.xipki.ca.server.mgmt.api.PublisherEntry)3 RequestorEntry (org.xipki.ca.server.mgmt.api.RequestorEntry)3 ResponderEntry (org.xipki.ca.server.mgmt.api.ResponderEntry)3 UserEntry (org.xipki.ca.server.mgmt.api.UserEntry)3 CrlControl (org.xipki.ca.server.mgmt.api.x509.CrlControl)3 ScepEntry (org.xipki.ca.server.mgmt.api.x509.ScepEntry)3 X509CaEntry (org.xipki.ca.server.mgmt.api.x509.X509CaEntry)3 CmdFailure (org.xipki.console.karaf.CmdFailure)3 IOException (java.io.IOException)2