use of org.xipki.common.ConfPairs in project xipki by xipki.
the class PBEConsumerPasswordCallback method init.
@Override
public void init(String conf) throws PasswordResolverException {
ParamUtil.requireNonBlank("conf", conf);
ConfPairs pairs = new ConfPairs(conf);
String str = pairs.value("name");
if (StringUtil.isBlank(str)) {
throw new PasswordResolverException("name must not be null");
}
this.passwordName = str;
PasswordProducer.registerPasswordConsumer(this.passwordName);
str = pairs.value("tries");
if (StringUtil.isNotBlank(str)) {
int intValue = Integer.parseInt(str);
if (intValue > 0) {
this.tries = intValue;
}
}
}
use of org.xipki.common.ConfPairs in project xipki by xipki.
the class ShellUtil method canonicalizeSignerConf.
public static String canonicalizeSignerConf(String keystoreType, String signerConf, PasswordResolver passwordResolver, SecurityFactory securityFactory) throws Exception {
ParamUtil.requireNonBlank("keystoreType", keystoreType);
ParamUtil.requireNonBlank("signerConf", signerConf);
ParamUtil.requireNonNull("securityFactory", securityFactory);
if (!signerConf.contains("file:") && !signerConf.contains("base64:") && !signerConf.contains("FILE:") && !signerConf.contains("BASE64:")) {
return signerConf;
}
ConfPairs pairs = new ConfPairs(signerConf);
String keystoreConf = pairs.value("keystore");
String passwordHint = pairs.value("password");
if (passwordHint == null) {
throw new IllegalArgumentException("password is not set in " + signerConf);
}
byte[] keystoreBytes;
if (StringUtil.startsWithIgnoreCase(keystoreConf, "file:")) {
String keystoreFile = keystoreConf.substring("file:".length());
keystoreBytes = IoUtil.read(keystoreFile);
} else if (StringUtil.startsWithIgnoreCase(keystoreConf, "base64:")) {
keystoreBytes = Base64.decode(keystoreConf.substring("base64:".length()));
} else {
return signerConf;
}
char[] password;
if (passwordResolver == null) {
password = passwordHint.toCharArray();
} else {
password = passwordResolver.resolvePassword(passwordHint);
}
String keyLabel = pairs.value("key-label");
keystoreBytes = securityFactory.extractMinimalKeyStore(keystoreType, keystoreBytes, keyLabel, password, null);
pairs.putPair("keystore", "base64:" + Base64.encodeToString(keystoreBytes));
return pairs.getEncoded();
}
use of org.xipki.common.ConfPairs in project xipki by xipki.
the class CaManagerImpl method startCa.
// method startCaSystem0
private boolean startCa(String caName) {
X509CaInfo caEntry = caInfos.get(caName);
ConfPairs extraControl = caEntry.getCaEntry().getExtraControl();
if (extraControl != null) {
String str = extraControl.value(RevokeSuspendedCertsControl.KEY_REVOCATION_ENABLED);
boolean enabled = false;
if (str != null) {
enabled = Boolean.parseBoolean(str);
}
if (enabled) {
str = extraControl.value(RevokeSuspendedCertsControl.KEY_REVOCATION_REASON);
CrlReason reason = (str == null) ? CrlReason.CESSATION_OF_OPERATION : CrlReason.forNameOrText(str);
str = extraControl.value(RevokeSuspendedCertsControl.KEY_UNCHANGED_SINCE);
CertValidity unchangedSince = (str == null) ? new CertValidity(15, Unit.DAY) : CertValidity.getInstance(str);
RevokeSuspendedCertsControl control = new RevokeSuspendedCertsControl(reason, unchangedSince);
caEntry.setRevokeSuspendedCertsControl(control);
}
}
boolean signerRequired = caEntry.isSignerRequired();
X509CrlSignerEntryWrapper crlSignerEntry = null;
String crlSignerName = caEntry.getCrlSignerName();
// CRL will be generated only in master mode
if (signerRequired && masterMode && crlSignerName != null) {
crlSignerEntry = crlSigners.get(crlSignerName);
try {
crlSignerEntry.getDbEntry().setConfFaulty(true);
crlSignerEntry.initSigner(securityFactory);
crlSignerEntry.getDbEntry().setConfFaulty(false);
} catch (XiSecurityException | OperationException | InvalidConfException ex) {
LogUtil.error(LOG, ex, concat("X09CrlSignerEntryWrapper.initSigner (name=", crlSignerName, ")"));
return false;
}
}
X509Ca ca;
try {
ca = new X509Ca(this, caEntry, certstore);
ca.setAuditServiceRegister(auditServiceRegister);
} catch (OperationException ex) {
LogUtil.error(LOG, ex, concat("X509CA.<init> (ca=", caName, ")"));
return false;
}
x509cas.put(caName, ca);
X509CaCmpResponderImpl caResponder = new X509CaCmpResponderImpl(this, caName);
x509Responders.put(caName, caResponder);
return true;
}
use of org.xipki.common.ConfPairs in project xipki by xipki.
the class CaManagerQueryExecutor method changeCa.
// method addPublisherToCa
void changeCa(ChangeCaEntry changeCaEntry, SecurityFactory securityFactory) throws CaMgmtException {
ParamUtil.requireNonNull("changeCaEntry", changeCaEntry);
ParamUtil.requireNonNull("securityFactory", securityFactory);
if (!(changeCaEntry instanceof X509ChangeCaEntry)) {
throw new CaMgmtException("unsupported ChangeCAEntry " + changeCaEntry.getClass().getName());
}
X509ChangeCaEntry entry = (X509ChangeCaEntry) changeCaEntry;
X509Certificate cert = entry.getCert();
if (cert != null) {
boolean anyCertIssued;
try {
anyCertIssued = datasource.columnExists(null, "CERT", "CA_ID", entry.getIdent().getId());
} catch (DataAccessException ex) {
throw new CaMgmtException(ex);
}
if (anyCertIssued) {
throw new CaMgmtException("Cannot change the certificate of CA, since it has issued certificates");
}
}
Integer serialNoBitLen = entry.getSerialNoBitLen();
CaStatus status = entry.getStatus();
List<String> crlUris = entry.getCrlUris();
List<String> deltaCrlUris = entry.getDeltaCrlUris();
List<String> ocspUris = entry.getOcspUris();
List<String> caCertUris = entry.getCaCertUris();
CertValidity maxValidity = entry.getMaxValidity();
String signerType = entry.getSignerType();
String signerConf = entry.getSignerConf();
String crlsignerName = entry.getCrlSignerName();
String responderName = entry.getResponderName();
String cmpcontrolName = entry.getCmpControlName();
Boolean duplicateKeyPermitted = entry.getDuplicateKeyPermitted();
Boolean duplicateSubjectPermitted = entry.getDuplicateSubjectPermitted();
Boolean saveReq = entry.getSaveRequest();
Integer permission = entry.getPermission();
Integer numCrls = entry.getNumCrls();
Integer expirationPeriod = entry.getExpirationPeriod();
Integer keepExpiredCertInDays = entry.getKeepExpiredCertInDays();
ValidityMode validityMode = entry.getValidityMode();
ConfPairs extraControl = entry.getExtraControl();
if (signerType != null || signerConf != null || cert != null) {
final String sql = "SELECT SIGNER_TYPE,CERT,SIGNER_CONF FROM CA WHERE ID=?";
PreparedStatement stmt = null;
ResultSet rs = null;
try {
stmt = prepareStatement(sql);
stmt.setInt(1, entry.getIdent().getId());
rs = stmt.executeQuery();
if (!rs.next()) {
throw new CaMgmtException("unknown CA '" + entry.getIdent());
}
String tmpSignerType = rs.getString("SIGNER_TYPE");
String tmpSignerConf = rs.getString("SIGNER_CONF");
String tmpB64Cert = rs.getString("CERT");
if (signerType != null) {
tmpSignerType = signerType;
}
if (signerConf != null) {
tmpSignerConf = getRealString(signerConf);
if (tmpSignerConf != null) {
tmpSignerConf = CaManagerImpl.canonicalizeSignerConf(tmpSignerType, tmpSignerConf, null, securityFactory);
}
}
X509Certificate tmpCert;
if (cert != null) {
tmpCert = cert;
} else {
try {
tmpCert = X509Util.parseBase64EncodedCert(tmpB64Cert);
} catch (CertificateException ex) {
throw new CaMgmtException("could not parse the stored certificate for CA '" + changeCaEntry.getIdent() + "'" + ex.getMessage(), ex);
}
}
try {
List<String[]> signerConfs = CaEntry.splitCaSignerConfs(tmpSignerConf);
for (String[] m : signerConfs) {
securityFactory.createSigner(tmpSignerType, new SignerConf(m[1]), tmpCert);
}
} catch (XiSecurityException | ObjectCreationException ex) {
throw new CaMgmtException("could not create signer for CA '" + changeCaEntry.getIdent() + "'" + ex.getMessage(), ex);
}
} catch (SQLException ex) {
throw new CaMgmtException(datasource, sql, ex);
} finally {
datasource.releaseResources(stmt, rs);
}
}
// end if (signerType)
StringBuilder sqlBuilder = new StringBuilder();
sqlBuilder.append("UPDATE CA SET ");
AtomicInteger index = new AtomicInteger(1);
Integer idxSnSize = addToSqlIfNotNull(sqlBuilder, index, serialNoBitLen, "SN_SIZE");
Integer idxStatus = addToSqlIfNotNull(sqlBuilder, index, status, "STATUS");
Integer idxSubject = addToSqlIfNotNull(sqlBuilder, index, cert, "SUBJECT");
Integer idxCert = addToSqlIfNotNull(sqlBuilder, index, cert, "CERT");
Integer idxCrlUris = addToSqlIfNotNull(sqlBuilder, index, crlUris, "CRL_URIS");
Integer idxDeltaCrlUris = addToSqlIfNotNull(sqlBuilder, index, deltaCrlUris, "DELTACRL_URIS");
Integer idxOcspUris = addToSqlIfNotNull(sqlBuilder, index, ocspUris, "OCSP_URIS");
Integer idxCaCertUris = addToSqlIfNotNull(sqlBuilder, index, caCertUris, "CACERT_URIS");
Integer idxMaxValidity = addToSqlIfNotNull(sqlBuilder, index, maxValidity, "MAX_VALIDITY");
Integer idxSignerType = addToSqlIfNotNull(sqlBuilder, index, signerType, "SIGNER_TYPE");
Integer idxCrlsignerName = addToSqlIfNotNull(sqlBuilder, index, crlsignerName, "CRLSIGNER_NAME");
Integer idxResponderName = addToSqlIfNotNull(sqlBuilder, index, responderName, "RESPONDER_NAME");
Integer idxCmpcontrolName = addToSqlIfNotNull(sqlBuilder, index, cmpcontrolName, "CMPCONTROL_NAME");
Integer idxDuplicateKey = addToSqlIfNotNull(sqlBuilder, index, duplicateKeyPermitted, "DUPLICATE_KEY");
Integer idxDuplicateSubject = addToSqlIfNotNull(sqlBuilder, index, duplicateKeyPermitted, "DUPLICATE_SUBJECT");
Integer idxSaveReq = addToSqlIfNotNull(sqlBuilder, index, saveReq, "SAVE_REQ");
Integer idxPermission = addToSqlIfNotNull(sqlBuilder, index, permission, "PERMISSION");
Integer idxNumCrls = addToSqlIfNotNull(sqlBuilder, index, numCrls, "NUM_CRLS");
Integer idxExpirationPeriod = addToSqlIfNotNull(sqlBuilder, index, expirationPeriod, "EXPIRATION_PERIOD");
Integer idxExpiredCerts = addToSqlIfNotNull(sqlBuilder, index, keepExpiredCertInDays, "KEEP_EXPIRED_CERT_DAYS");
Integer idxValidityMode = addToSqlIfNotNull(sqlBuilder, index, validityMode, "VALIDITY_MODE");
Integer idxExtraControl = addToSqlIfNotNull(sqlBuilder, index, extraControl, "EXTRA_CONTROL");
Integer idxSignerConf = addToSqlIfNotNull(sqlBuilder, index, signerConf, "SIGNER_CONF");
// delete the last ','
sqlBuilder.deleteCharAt(sqlBuilder.length() - 1);
sqlBuilder.append(" WHERE ID=?");
if (index.get() == 1) {
throw new IllegalArgumentException("nothing to change");
}
int idxId = index.get();
final String sql = sqlBuilder.toString();
StringBuilder sb = new StringBuilder();
PreparedStatement ps = null;
try {
ps = prepareStatement(sql);
if (idxSnSize != null) {
sb.append("sn_size: '").append(serialNoBitLen).append("'; ");
ps.setInt(idxSnSize, serialNoBitLen.intValue());
}
if (idxStatus != null) {
sb.append("status: '").append(status.name()).append("'; ");
ps.setString(idxStatus, status.name());
}
if (idxCert != null) {
String subject = X509Util.getRfc4519Name(cert.getSubjectX500Principal());
sb.append("cert: '").append(subject).append("'; ");
ps.setString(idxSubject, subject);
String base64Cert = Base64.encodeToString(cert.getEncoded());
ps.setString(idxCert, base64Cert);
}
if (idxCrlUris != null) {
String txt = StringUtil.collectionAsStringByComma(crlUris);
sb.append("crlUri: '").append(txt).append("'; ");
ps.setString(idxCrlUris, txt);
}
if (idxDeltaCrlUris != null) {
String txt = StringUtil.collectionAsStringByComma(deltaCrlUris);
sb.append("deltaCrlUri: '").append(txt).append("'; ");
ps.setString(idxDeltaCrlUris, txt);
}
if (idxOcspUris != null) {
String txt = StringUtil.collectionAsStringByComma(ocspUris);
sb.append("ocspUri: '").append(txt).append("'; ");
ps.setString(idxOcspUris, txt);
}
if (idxCaCertUris != null) {
String txt = StringUtil.collectionAsStringByComma(caCertUris);
sb.append("caCertUri: '").append(txt).append("'; ");
ps.setString(idxCaCertUris, txt);
}
if (idxMaxValidity != null) {
String txt = maxValidity.toString();
sb.append("maxValidity: '").append(txt).append("'; ");
ps.setString(idxMaxValidity, txt);
}
if (idxSignerType != null) {
sb.append("signerType: '").append(signerType).append("'; ");
ps.setString(idxSignerType, signerType);
}
if (idxSignerConf != null) {
sb.append("signerConf: '").append(SignerConf.toString(signerConf, false, true)).append("'; ");
ps.setString(idxSignerConf, signerConf);
}
if (idxCrlsignerName != null) {
String txt = getRealString(crlsignerName);
sb.append("crlSigner: '").append(txt).append("'; ");
ps.setString(idxCrlsignerName, txt);
}
if (idxResponderName != null) {
String txt = getRealString(responderName);
sb.append("responder: '").append(txt).append("'; ");
ps.setString(idxResponderName, txt);
}
if (idxCmpcontrolName != null) {
String txt = getRealString(cmpcontrolName);
sb.append("cmpControl: '").append(txt).append("'; ");
ps.setString(idxCmpcontrolName, txt);
}
if (idxDuplicateKey != null) {
sb.append("duplicateKey: '").append(duplicateKeyPermitted).append("'; ");
setBoolean(ps, idxDuplicateKey, duplicateKeyPermitted);
}
if (idxDuplicateSubject != null) {
sb.append("duplicateSubject: '").append(duplicateSubjectPermitted).append("'; ");
setBoolean(ps, idxDuplicateSubject, duplicateSubjectPermitted);
}
if (idxSaveReq != null) {
sb.append("saveReq: '").append(saveReq).append("'; ");
setBoolean(ps, idxSaveReq, saveReq);
}
if (idxPermission != null) {
sb.append("permission: '").append(permission).append("'; ");
ps.setInt(idxPermission, permission);
}
if (idxNumCrls != null) {
sb.append("numCrls: '").append(numCrls).append("'; ");
ps.setInt(idxNumCrls, numCrls);
}
if (idxExpirationPeriod != null) {
sb.append("expirationPeriod: '").append(expirationPeriod).append("'; ");
ps.setInt(idxExpirationPeriod, expirationPeriod);
}
if (idxExpiredCerts != null) {
sb.append("keepExpiredCertDays: '").append(keepExpiredCertInDays).append("'; ");
ps.setInt(idxExpiredCerts, keepExpiredCertInDays);
}
if (idxValidityMode != null) {
String txt = validityMode.name();
sb.append("validityMode: '").append(txt).append("'; ");
ps.setString(idxValidityMode, txt);
}
if (idxExtraControl != null) {
sb.append("extraControl: '").append(extraControl).append("'; ");
ps.setString(idxExtraControl, extraControl.getEncoded());
}
ps.setInt(idxId, changeCaEntry.getIdent().getId());
if (ps.executeUpdate() == 0) {
throw new CaMgmtException("could not change CA " + entry.getIdent());
}
if (sb.length() > 0) {
sb.deleteCharAt(sb.length() - 1).deleteCharAt(sb.length() - 1);
}
LOG.info("changed CA '{}': {}", changeCaEntry.getIdent(), sb);
} catch (SQLException ex) {
throw new CaMgmtException(datasource, sql, ex);
} catch (CertificateEncodingException ex) {
throw new CaMgmtException(ex);
} finally {
datasource.releaseResources(ps, null);
}
}
use of org.xipki.common.ConfPairs in project xipki by xipki.
the class CaManagerQueryExecutor method createCaInfo.
// method createResponder
X509CaInfo createCaInfo(String name, boolean masterMode, CertificateStore certstore) throws CaMgmtException {
final String sql = sqls.sqlSelectCa;
PreparedStatement stmt = null;
ResultSet rs = null;
try {
stmt = prepareStatement(sql);
stmt.setString(1, name);
rs = stmt.executeQuery();
if (!rs.next()) {
throw new CaMgmtException("uknown CA " + name);
}
int artCode = rs.getInt("ART");
if (artCode != CertArt.X509PKC.getCode()) {
throw new CaMgmtException("CA " + name + " is not X509CA, and is not supported");
}
String crlUris = rs.getString("CRL_URIS");
String deltaCrlUris = rs.getString("DELTACRL_URIS");
CertRevocationInfo revocationInfo = null;
boolean revoked = rs.getBoolean("REV");
if (revoked) {
int revReason = rs.getInt("RR");
long revTime = rs.getInt("RT");
long revInvalidityTime = rs.getInt("RIT");
Date revInvTime = (revInvalidityTime == 0) ? null : new Date(revInvalidityTime * 1000);
revocationInfo = new CertRevocationInfo(revReason, new Date(revTime * 1000), revInvTime);
}
List<String> tmpCrlUris = null;
if (StringUtil.isNotBlank(crlUris)) {
tmpCrlUris = StringUtil.splitByComma(crlUris);
}
List<String> tmpDeltaCrlUris = null;
if (StringUtil.isNotBlank(deltaCrlUris)) {
tmpDeltaCrlUris = StringUtil.splitByComma(deltaCrlUris);
}
String ocspUris = rs.getString("OCSP_URIS");
List<String> tmpOcspUris = null;
if (StringUtil.isNotBlank(ocspUris)) {
tmpOcspUris = StringUtil.splitByComma(ocspUris);
}
String caCertUris = rs.getString("CACERT_URIS");
List<String> tmpCaCertUris = null;
if (StringUtil.isNotBlank(caCertUris)) {
tmpCaCertUris = StringUtil.splitByComma(caCertUris);
}
X509CaUris caUris = new X509CaUris(tmpCaCertUris, tmpOcspUris, tmpCrlUris, tmpDeltaCrlUris);
int id = rs.getInt("ID");
int serialNoSize = rs.getInt("SN_SIZE");
long nextCrlNo = rs.getLong("NEXT_CRLNO");
String signerType = rs.getString("SIGNER_TYPE");
String signerConf = rs.getString("SIGNER_CONF");
int numCrls = rs.getInt("NUM_CRLS");
int expirationPeriod = rs.getInt("EXPIRATION_PERIOD");
X509CaEntry entry = new X509CaEntry(new NameId(id, name), serialNoSize, nextCrlNo, signerType, signerConf, caUris, numCrls, expirationPeriod);
String b64cert = rs.getString("CERT");
X509Certificate cert = generateCert(b64cert);
entry.setCert(cert);
String status = rs.getString("STATUS");
CaStatus caStatus = CaStatus.forName(status);
entry.setStatus(caStatus);
String maxValidityS = rs.getString("MAX_VALIDITY");
CertValidity maxValidity = CertValidity.getInstance(maxValidityS);
entry.setMaxValidity(maxValidity);
int keepExpiredCertDays = rs.getInt("KEEP_EXPIRED_CERT_DAYS");
entry.setKeepExpiredCertInDays(keepExpiredCertDays);
String crlsignerName = rs.getString("CRLSIGNER_NAME");
if (StringUtil.isNotBlank(crlsignerName)) {
entry.setCrlSignerName(crlsignerName);
}
String responderName = rs.getString("RESPONDER_NAME");
if (StringUtil.isNotBlank(responderName)) {
entry.setResponderName(responderName);
}
String extraControl = rs.getString("EXTRA_CONTROL");
if (StringUtil.isNotBlank(extraControl)) {
entry.setExtraControl(new ConfPairs(extraControl).unmodifiable());
}
String cmpcontrolName = rs.getString("CMPCONTROL_NAME");
if (StringUtil.isNotBlank(cmpcontrolName)) {
entry.setCmpControlName(cmpcontrolName);
}
boolean duplicateKeyPermitted = (rs.getInt("DUPLICATE_KEY") != 0);
entry.setDuplicateKeyPermitted(duplicateKeyPermitted);
boolean duplicateSubjectPermitted = (rs.getInt("DUPLICATE_SUBJECT") != 0);
entry.setDuplicateSubjectPermitted(duplicateSubjectPermitted);
boolean saveReq = (rs.getInt("SAVE_REQ") != 0);
entry.setSaveRequest(saveReq);
int permission = rs.getInt("PERMISSION");
entry.setPermission(permission);
entry.setRevocationInfo(revocationInfo);
String validityModeS = rs.getString("VALIDITY_MODE");
ValidityMode validityMode = null;
if (validityModeS != null) {
validityMode = ValidityMode.forName(validityModeS);
}
if (validityMode == null) {
validityMode = ValidityMode.STRICT;
}
entry.setValidityMode(validityMode);
try {
return new X509CaInfo(entry, certstore);
} catch (OperationException ex) {
throw new CaMgmtException(ex);
}
} catch (SQLException ex) {
throw new CaMgmtException(datasource, sql, ex);
} finally {
datasource.releaseResources(stmt, rs);
}
}
Aggregations