use of org.xipki.ca.server.mgmt.api.x509.X509CrlSignerEntry in project xipki by xipki.
the class CaManagerImpl method initCrlSigners.
// method initPublishers
private void initCrlSigners() throws CaMgmtException {
if (crlSignersInitialized) {
return;
}
crlSigners.clear();
crlSignerDbEntries.clear();
List<String> names = queryExecutor.namesFromTable("CRLSIGNER");
for (String name : names) {
X509CrlSignerEntry dbEntry = queryExecutor.createCrlSigner(name);
if (dbEntry == null) {
LOG.error("could not initialize CRL signer '{}'", name);
continue;
}
crlSignerDbEntries.put(name, dbEntry);
X509CrlSignerEntryWrapper crlSigner = createX509CrlSigner(dbEntry);
crlSigners.put(name, crlSigner);
}
crlSignersInitialized = true;
}
use of org.xipki.ca.server.mgmt.api.x509.X509CrlSignerEntry in project xipki by xipki.
the class CaManagerQueryExecutor method changeCrlSigner.
// method changeResponder
X509CrlSignerEntryWrapper changeCrlSigner(String name, String signerType, String signerConf, String base64Cert, String crlControl, CaManagerImpl caManager, SecurityFactory securityFactory) throws CaMgmtException {
ParamUtil.requireNonBlank("name", name);
ParamUtil.requireNonNull("caManager", caManager);
StringBuilder sqlBuilder = new StringBuilder();
sqlBuilder.append("UPDATE CRLSIGNER SET ");
AtomicInteger index = new AtomicInteger(1);
Integer idxSignerType = addToSqlIfNotNull(sqlBuilder, index, signerType, "SIGNER_TYPE");
Integer idxSignerCert = addToSqlIfNotNull(sqlBuilder, index, base64Cert, "SIGNER_CERT");
Integer idxCrlControl = addToSqlIfNotNull(sqlBuilder, index, crlControl, "CRL_CONTROL");
Integer idxSignerConf = addToSqlIfNotNull(sqlBuilder, index, signerConf, "SIGNER_CONF");
sqlBuilder.deleteCharAt(sqlBuilder.length() - 1);
sqlBuilder.append(" WHERE NAME=?");
if (index.get() == 1) {
throw new IllegalArgumentException("nothing to change");
}
X509CrlSignerEntry dbEntry = createCrlSigner(name);
String tmpSignerType = (signerType == null) ? dbEntry.getType() : signerType;
String tmpCrlControl = crlControl;
String tmpSignerConf;
String tmpBase64Cert;
if ("CA".equalsIgnoreCase(tmpSignerType)) {
tmpSignerConf = null;
tmpBase64Cert = null;
} else {
if (signerConf == null) {
tmpSignerConf = dbEntry.getConf();
} else {
tmpSignerConf = CaManagerImpl.canonicalizeSignerConf(tmpSignerType, signerConf, null, securityFactory);
}
if (base64Cert == null) {
tmpBase64Cert = dbEntry.getBase64Cert();
} else {
tmpBase64Cert = base64Cert;
}
}
if (tmpCrlControl == null) {
tmpCrlControl = dbEntry.crlControl();
} else {
// validate crlControl
try {
new CrlControl(tmpCrlControl);
} catch (InvalidConfException ex) {
throw new CaMgmtException(concat("invalid CRL control '", tmpCrlControl, "'"));
}
}
try {
dbEntry = new X509CrlSignerEntry(name, tmpSignerType, tmpSignerConf, tmpBase64Cert, tmpCrlControl);
} catch (InvalidConfException ex) {
throw new CaMgmtException(ex);
}
X509CrlSignerEntryWrapper crlSigner = caManager.createX509CrlSigner(dbEntry);
final String sql = sqlBuilder.toString();
PreparedStatement ps = null;
try {
StringBuilder sb = new StringBuilder();
ps = prepareStatement(sql);
if (idxSignerType != null) {
sb.append("signerType: '").append(tmpSignerType).append("'; ");
ps.setString(idxSignerType, tmpSignerType);
}
if (idxSignerConf != null) {
String txt = getRealString(tmpSignerConf);
sb.append("signerConf: '").append(SignerConf.toString(txt, false, true)).append("'; ");
ps.setString(idxSignerConf, txt);
}
if (idxSignerCert != null) {
String txt = getRealString(tmpBase64Cert);
String subject = null;
if (txt != null) {
try {
subject = canonicalizName(X509Util.parseBase64EncodedCert(txt).getSubjectX500Principal());
} catch (CertificateException ex) {
subject = "ERROR";
}
}
sb.append("signerCert: '").append(subject).append("'; ");
ps.setString(idxSignerCert, txt);
}
if (idxCrlControl != null) {
sb.append("crlControl: '").append(tmpCrlControl).append("'; ");
ps.setString(idxCrlControl, tmpCrlControl);
}
ps.setString(index.get(), name);
if (ps.executeUpdate() == 0) {
throw new CaMgmtException("could not change CRL signer " + name);
}
if (sb.length() > 0) {
sb.deleteCharAt(sb.length() - 1).deleteCharAt(sb.length() - 1);
}
LOG.info("changed CRL signer '{}': {}", name, sb);
return crlSigner;
} catch (SQLException ex) {
throw new CaMgmtException(datasource, sql, ex);
} finally {
datasource.releaseResources(ps, null);
}
}
use of org.xipki.ca.server.mgmt.api.x509.X509CrlSignerEntry in project xipki by xipki.
the class X509CrlSignerEntryWrapper method setDbEntry.
public void setDbEntry(X509CrlSignerEntry dbEntry) throws InvalidConfException {
this.dbEntry = dbEntry;
this.crlControl = new CrlControl(dbEntry.crlControl());
}
use of org.xipki.ca.server.mgmt.api.x509.X509CrlSignerEntry in project xipki by xipki.
the class CaManagerImpl method addCrlSigner.
@Override
public void addCrlSigner(X509CrlSignerEntry dbEntry) throws CaMgmtException {
ParamUtil.requireNonNull("dbEntry", dbEntry);
asssertMasterMode();
String name = dbEntry.getName();
if (crlSigners.containsKey(name)) {
throw new CaMgmtException(concat("CRL signer named ", name, " exists"));
}
String conf = dbEntry.getConf();
if (conf != null) {
String newConf = canonicalizeSignerConf(dbEntry.getType(), conf, null, securityFactory);
if (!conf.equals(newConf)) {
dbEntry.setConf(newConf);
}
}
X509CrlSignerEntryWrapper crlSigner = createX509CrlSigner(dbEntry);
X509CrlSignerEntry tmpDbEntry = crlSigner.getDbEntry();
queryExecutor.addCrlSigner(tmpDbEntry);
crlSigners.put(name, crlSigner);
crlSignerDbEntries.put(name, tmpDbEntry);
}
use of org.xipki.ca.server.mgmt.api.x509.X509CrlSignerEntry in project xipki by xipki.
the class CrlSignerAddCmd method execute0.
@Override
protected Object execute0() throws Exception {
String base64Cert = null;
if (!"CA".equalsIgnoreCase(signerType)) {
if (signerCertFile != null) {
byte[] encodedCert = IoUtil.read(signerCertFile);
base64Cert = IoUtil.base64Encode(encodedCert, false);
X509Util.parseCert(encodedCert);
}
if (signerConf != null) {
if ("PKCS12".equalsIgnoreCase(signerType) || "JKS".equalsIgnoreCase(signerType)) {
signerConf = ShellUtil.canonicalizeSignerConf(signerType, signerConf, passwordResolver, securityFactory);
}
}
}
X509CrlSignerEntry entry = new X509CrlSignerEntry(name, signerType, signerConf, base64Cert, crlControl);
String msg = "CRL signer " + name;
try {
caManager.addCrlSigner(entry);
println("added " + msg);
return null;
} catch (CaMgmtException ex) {
throw new CmdFailure("could not add " + msg + ", error: " + ex.getMessage(), ex);
}
}
Aggregations