Search in sources :

Example 21 with ConfPairs

use of org.xipki.common.ConfPairs in project xipki by xipki.

the class CaManagerQueryExecutor method addCa.

// method deleteRows
void addCa(CaEntry caEntry) throws CaMgmtException {
    ParamUtil.requireNonNull("caEntry", caEntry);
    if (!(caEntry instanceof X509CaEntry)) {
        throw new CaMgmtException("unsupported CAEntry " + caEntry.getClass().getName());
    }
    try {
        int id = (int) datasource.getMax(null, "CA", "ID");
        caEntry.getIdent().setId(id + 1);
    } catch (DataAccessException ex) {
        throw new CaMgmtException(ex);
    }
    X509CaEntry entry = (X509CaEntry) caEntry;
    final String sql = "INSERT INTO CA (ID,NAME,ART,SUBJECT,SN_SIZE,NEXT_CRLNO,STATUS,CRL_URIS," + "DELTACRL_URIS,OCSP_URIS,CACERT_URIS,MAX_VALIDITY,CERT,SIGNER_TYPE,CRLSIGNER_NAME," + "RESPONDER_NAME,CMPCONTROL_NAME,DUPLICATE_KEY,DUPLICATE_SUBJECT,SAVE_REQ,PERMISSION," + "NUM_CRLS,EXPIRATION_PERIOD,KEEP_EXPIRED_CERT_DAYS,VALIDITY_MODE,EXTRA_CONTROL," + "SIGNER_CONF) VALUES(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)";
    // insert to table ca
    PreparedStatement ps = null;
    try {
        ps = prepareStatement(sql);
        int idx = 1;
        ps.setInt(idx++, entry.getIdent().getId());
        ps.setString(idx++, entry.getIdent().getName());
        ps.setInt(idx++, CertArt.X509PKC.getCode());
        ps.setString(idx++, entry.getSubject());
        ps.setInt(idx++, entry.getSerialNoBitLen());
        ps.setLong(idx++, entry.getNextCrlNumber());
        ps.setString(idx++, entry.getStatus().getStatus());
        ps.setString(idx++, entry.getCrlUrisAsString());
        ps.setString(idx++, entry.getDeltaCrlUrisAsString());
        ps.setString(idx++, entry.getOcspUrisAsString());
        ps.setString(idx++, entry.getCaCertUrisAsString());
        ps.setString(idx++, entry.getMaxValidity().toString());
        byte[] encodedCert = entry.getCert().getEncoded();
        ps.setString(idx++, Base64.encodeToString(encodedCert));
        ps.setString(idx++, entry.getSignerType());
        ps.setString(idx++, entry.getCrlSignerName());
        ps.setString(idx++, entry.getResponderName());
        ps.setString(idx++, entry.getCmpControlName());
        setBoolean(ps, idx++, entry.isDuplicateKeyPermitted());
        setBoolean(ps, idx++, entry.isDuplicateSubjectPermitted());
        setBoolean(ps, idx++, entry.isSaveRequest());
        ps.setInt(idx++, entry.getPermission());
        ps.setInt(idx++, entry.getNumCrls());
        ps.setInt(idx++, entry.getExpirationPeriod());
        ps.setInt(idx++, entry.getKeepExpiredCertInDays());
        ps.setString(idx++, entry.getValidityMode().name());
        ConfPairs extraControl = entry.getExtraControl();
        String encodedExtraCtrl = (extraControl == null) ? null : extraControl.getEncoded();
        if (StringUtil.isBlank(encodedExtraCtrl)) {
            ps.setString(idx++, null);
        } else {
            ps.setString(idx++, encodedExtraCtrl);
        }
        ps.setString(idx++, entry.getSignerConf());
        if (ps.executeUpdate() == 0) {
            throw new CaMgmtException("could not add CA " + entry.getIdent());
        }
        if (LOG.isInfoEnabled()) {
            LOG.info("add CA '{}': {}", entry.getIdent(), entry.toString(false, true));
        }
    } catch (SQLException ex) {
        throw new CaMgmtException(datasource, sql, ex);
    } catch (CertificateEncodingException ex) {
        throw new CaMgmtException(ex);
    } finally {
        datasource.releaseResources(ps, null);
    }
}
Also used : CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException) SQLException(java.sql.SQLException) ConfPairs(org.xipki.common.ConfPairs) PreparedStatement(java.sql.PreparedStatement) CertificateEncodingException(java.security.cert.CertificateEncodingException) DataAccessException(org.xipki.datasource.DataAccessException) X509CaEntry(org.xipki.ca.server.mgmt.api.x509.X509CaEntry)

Example 22 with ConfPairs

use of org.xipki.common.ConfPairs in project xipki by xipki.

the class OcspCertPublisher method initialize.

@Override
public void initialize(String conf, PasswordResolver passwordResolver, Map<String, DataSourceWrapper> datasources) throws CertPublisherException {
    ParamUtil.requireNonNull("conf", conf);
    ParamUtil.requireNonEmpty("datasources", datasources);
    ConfPairs pairs = new ConfPairs(conf);
    String str = pairs.value("publish.goodcerts");
    this.publishsGoodCert = (str == null) ? true : Boolean.parseBoolean(str);
    str = pairs.value("asyn");
    this.asyn = (str == null) ? false : Boolean.parseBoolean(str);
    ConfPairs confPairs = new ConfPairs(conf);
    String datasourceName = confPairs.value("datasource");
    DataSourceWrapper datasource = null;
    if (datasourceName != null) {
        datasource = datasources.get(datasourceName);
    }
    if (datasource == null) {
        throw new CertPublisherException("no datasource named '" + datasourceName + "' is specified");
    }
    try {
        queryExecutor = new OcspStoreQueryExecutor(datasource, this.publishsGoodCert);
    } catch (NoSuchAlgorithmException | DataAccessException ex) {
        throw new CertPublisherException(ex.getMessage(), ex);
    }
}
Also used : ConfPairs(org.xipki.common.ConfPairs) CertPublisherException(org.xipki.ca.api.publisher.CertPublisherException) DataSourceWrapper(org.xipki.datasource.DataSourceWrapper) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) DataAccessException(org.xipki.datasource.DataAccessException)

Example 23 with ConfPairs

use of org.xipki.common.ConfPairs in project xipki by xipki.

the class OcspCertStoreFromCaDbImporter method importToDb.

public void importToDb() throws Exception {
    CertStoreType certstore;
    try {
        @SuppressWarnings("unchecked") JAXBElement<CertStoreType> root = (JAXBElement<CertStoreType>) unmarshaller.unmarshal(new File(baseDir, FILENAME_CA_CERTSTORE));
        certstore = root.getValue();
    } catch (JAXBException ex) {
        throw XmlUtil.convert(ex);
    }
    if (certstore.getVersion() > VERSION) {
        throw new InvalidInputException("could not import CertStore greater than " + VERSION + ": " + certstore.getVersion());
    }
    CAConfigurationType caConf;
    try {
        File file = new File(baseDir + File.separator + FILENAME_CA_CONFIGURATION);
        @SuppressWarnings("unchecked") JAXBElement<CAConfigurationType> rootCaConf = (JAXBElement<CAConfigurationType>) unmarshaller.unmarshal(file);
        caConf = rootCaConf.getValue();
    } catch (JAXBException ex) {
        throw XmlUtil.convert(ex);
    }
    if (caConf.getVersion() > VERSION) {
        throw new InvalidInputException("could not import CA Configuration greater than " + VERSION + ": " + certstore.getVersion());
    }
    System.out.println("importing CA certstore to OCSP database");
    try {
        if (!resume) {
            dropIndexes();
        }
        PublisherType publisherType = null;
        for (PublisherType type : caConf.getPublishers().getPublisher()) {
            if (publisherName.equals(type.getName())) {
                publisherType = type;
                break;
            }
        }
        if (publisherType == null) {
            throw new InvalidInputException("unknown publisher " + publisherName);
        }
        String type = publisherType.getType();
        if (!"ocsp".equalsIgnoreCase(type)) {
            throw new InvalidInputException("Unkwown publisher type " + type);
        }
        ConfPairs confPairs = new ConfPairs(value(publisherType.getConf()));
        String str = confPairs.value("publish.goodcerts");
        boolean revokedOnly = false;
        if (str != null) {
            revokedOnly = !Boolean.parseBoolean(str);
        }
        Set<Integer> relatedCaIds = new HashSet<>();
        for (CaHasPublisherType ctype : caConf.getCaHasPublishers().getCaHasPublisher()) {
            if (ctype.getPublisherId() == publisherType.getId()) {
                relatedCaIds.add(ctype.getCaId());
            }
        }
        List<CaType> relatedCas = new LinkedList<>();
        for (CaType m : caConf.getCas().getCa()) {
            if (relatedCaIds.contains(m.getId())) {
                relatedCas.add(m);
            }
        }
        if (relatedCas.isEmpty()) {
            System.out.println("No CA has publisher " + publisherName);
            return;
        }
        Map<Integer, String> profileMap = new HashMap<Integer, String>();
        for (ProfileType ni : caConf.getProfiles().getProfile()) {
            profileMap.put(ni.getId(), ni.getName());
        }
        List<Integer> relatedCertStoreCaIds = resume ? getIssuerIds(relatedCas) : importIssuer(relatedCas);
        File processLogFile = new File(baseDir, DbPorter.IMPORT_TO_OCSP_PROCESS_LOG_FILENAME);
        importCert(certstore, profileMap, revokedOnly, relatedCertStoreCaIds, processLogFile);
        recoverIndexes();
        processLogFile.delete();
    } catch (Exception ex) {
        System.err.println("could not import OCSP certstore to database");
        throw ex;
    }
    System.out.println(" imported OCSP certstore to database");
}
Also used : CaHasPublisherType(org.xipki.ca.dbtool.jaxb.ca.CaHasPublisherType) PublisherType(org.xipki.ca.dbtool.jaxb.ca.PublisherType) HashMap(java.util.HashMap) CaType(org.xipki.ca.dbtool.jaxb.ca.CaType) CertStoreType(org.xipki.ca.dbtool.jaxb.ca.CertStoreType) HashSet(java.util.HashSet) CAConfigurationType(org.xipki.ca.dbtool.jaxb.ca.CAConfigurationType) InvalidInputException(org.xipki.dbtool.InvalidInputException) ProfileType(org.xipki.ca.dbtool.jaxb.ca.ProfileType) JAXBException(javax.xml.bind.JAXBException) ConfPairs(org.xipki.common.ConfPairs) JAXBElement(javax.xml.bind.JAXBElement) LinkedList(java.util.LinkedList) InvalidInputException(org.xipki.dbtool.InvalidInputException) SQLException(java.sql.SQLException) DataAccessException(org.xipki.datasource.DataAccessException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) JAXBException(javax.xml.bind.JAXBException) CaHasPublisherType(org.xipki.ca.dbtool.jaxb.ca.CaHasPublisherType) ZipFile(java.util.zip.ZipFile) File(java.io.File)

Example 24 with ConfPairs

use of org.xipki.common.ConfPairs in project xipki by xipki.

the class CaManagerImpl method canonicalizeSignerConf.

static String canonicalizeSignerConf(String keystoreType, String signerConf, X509Certificate[] certChain, SecurityFactory securityFactory) throws CaMgmtException {
    if (!signerConf.contains("file:") && !signerConf.contains("base64:")) {
        return signerConf;
    }
    ConfPairs pairs = new ConfPairs(signerConf);
    String keystoreConf = pairs.value("keystore");
    String passwordHint = pairs.value("password");
    String keyLabel = pairs.value("key-label");
    byte[] ksBytes;
    if (StringUtil.startsWithIgnoreCase(keystoreConf, "file:")) {
        String keystoreFile = keystoreConf.substring("file:".length());
        try {
            ksBytes = IoUtil.read(keystoreFile);
        } catch (IOException ex) {
            throw new CaMgmtException("IOException: " + ex.getMessage(), ex);
        }
    } else if (StringUtil.startsWithIgnoreCase(keystoreConf, "base64:")) {
        ksBytes = Base64.decode(keystoreConf.substring("base64:".length()));
    } else {
        return signerConf;
    }
    try {
        char[] password = securityFactory.getPasswordResolver().resolvePassword(passwordHint);
        ksBytes = securityFactory.extractMinimalKeyStore(keystoreType, ksBytes, keyLabel, password, certChain);
    } catch (KeyStoreException ex) {
        throw new CaMgmtException("KeyStoreException: " + ex.getMessage(), ex);
    } catch (PasswordResolverException ex) {
        throw new CaMgmtException("PasswordResolverException: " + ex.getMessage(), ex);
    }
    pairs.putPair("keystore", "base64:" + Base64.encodeToString(ksBytes));
    return pairs.getEncoded();
}
Also used : CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException) PasswordResolverException(org.xipki.password.PasswordResolverException) ConfPairs(org.xipki.common.ConfPairs) IOException(java.io.IOException) KeyStoreException(java.security.KeyStoreException)

Example 25 with ConfPairs

use of org.xipki.common.ConfPairs in project xipki by xipki.

the class ConfPairsTest method test1.

@Test
public void test1() {
    ConfPairs pairs = new ConfPairs("key-a?", "value-a=");
    pairs.putPair("key-b", "value-b");
    String expEncoded = "key-a?=value-a\\=,key-b=value-b";
    Map<String, String> expNameValues = new HashMap<>();
    expNameValues.put("key-a?", "value-a=");
    expNameValues.put("key-b", "value-b");
    check(pairs, expEncoded, expNameValues);
}
Also used : HashMap(java.util.HashMap) ConfPairs(org.xipki.common.ConfPairs) Test(org.junit.Test)

Aggregations

ConfPairs (org.xipki.common.ConfPairs)38 HashMap (java.util.HashMap)8 Test (org.junit.Test)7 X509CaEntry (org.xipki.ca.server.mgmt.api.x509.X509CaEntry)5 IOException (java.io.IOException)4 CertificateException (java.security.cert.CertificateException)4 X509Certificate (java.security.cert.X509Certificate)4 SQLException (java.sql.SQLException)4 NameId (org.xipki.ca.api.NameId)4 CertValidity (org.xipki.ca.api.profile.CertValidity)4 CaMgmtException (org.xipki.ca.server.mgmt.api.CaMgmtException)4 ValidityMode (org.xipki.ca.server.mgmt.api.ValidityMode)4 DataAccessException (org.xipki.datasource.DataAccessException)4 SignerConf (org.xipki.security.SignerConf)4 XiSecurityException (org.xipki.security.exception.XiSecurityException)4 PreparedStatement (java.sql.PreparedStatement)3 OperationException (org.xipki.ca.api.OperationException)3 CaStatus (org.xipki.ca.server.mgmt.api.CaStatus)3 X509CaUris (org.xipki.ca.server.mgmt.api.x509.X509CaUris)3 X509ChangeCaEntry (org.xipki.ca.server.mgmt.api.x509.X509ChangeCaEntry)3