use of org.xipki.common.ConfPairs in project xipki by xipki.
the class CaManagerQueryExecutor method addCa.
// method deleteRows
void addCa(CaEntry caEntry) throws CaMgmtException {
ParamUtil.requireNonNull("caEntry", caEntry);
if (!(caEntry instanceof X509CaEntry)) {
throw new CaMgmtException("unsupported CAEntry " + caEntry.getClass().getName());
}
try {
int id = (int) datasource.getMax(null, "CA", "ID");
caEntry.getIdent().setId(id + 1);
} catch (DataAccessException ex) {
throw new CaMgmtException(ex);
}
X509CaEntry entry = (X509CaEntry) caEntry;
final String sql = "INSERT INTO CA (ID,NAME,ART,SUBJECT,SN_SIZE,NEXT_CRLNO,STATUS,CRL_URIS," + "DELTACRL_URIS,OCSP_URIS,CACERT_URIS,MAX_VALIDITY,CERT,SIGNER_TYPE,CRLSIGNER_NAME," + "RESPONDER_NAME,CMPCONTROL_NAME,DUPLICATE_KEY,DUPLICATE_SUBJECT,SAVE_REQ,PERMISSION," + "NUM_CRLS,EXPIRATION_PERIOD,KEEP_EXPIRED_CERT_DAYS,VALIDITY_MODE,EXTRA_CONTROL," + "SIGNER_CONF) VALUES(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)";
// insert to table ca
PreparedStatement ps = null;
try {
ps = prepareStatement(sql);
int idx = 1;
ps.setInt(idx++, entry.getIdent().getId());
ps.setString(idx++, entry.getIdent().getName());
ps.setInt(idx++, CertArt.X509PKC.getCode());
ps.setString(idx++, entry.getSubject());
ps.setInt(idx++, entry.getSerialNoBitLen());
ps.setLong(idx++, entry.getNextCrlNumber());
ps.setString(idx++, entry.getStatus().getStatus());
ps.setString(idx++, entry.getCrlUrisAsString());
ps.setString(idx++, entry.getDeltaCrlUrisAsString());
ps.setString(idx++, entry.getOcspUrisAsString());
ps.setString(idx++, entry.getCaCertUrisAsString());
ps.setString(idx++, entry.getMaxValidity().toString());
byte[] encodedCert = entry.getCert().getEncoded();
ps.setString(idx++, Base64.encodeToString(encodedCert));
ps.setString(idx++, entry.getSignerType());
ps.setString(idx++, entry.getCrlSignerName());
ps.setString(idx++, entry.getResponderName());
ps.setString(idx++, entry.getCmpControlName());
setBoolean(ps, idx++, entry.isDuplicateKeyPermitted());
setBoolean(ps, idx++, entry.isDuplicateSubjectPermitted());
setBoolean(ps, idx++, entry.isSaveRequest());
ps.setInt(idx++, entry.getPermission());
ps.setInt(idx++, entry.getNumCrls());
ps.setInt(idx++, entry.getExpirationPeriod());
ps.setInt(idx++, entry.getKeepExpiredCertInDays());
ps.setString(idx++, entry.getValidityMode().name());
ConfPairs extraControl = entry.getExtraControl();
String encodedExtraCtrl = (extraControl == null) ? null : extraControl.getEncoded();
if (StringUtil.isBlank(encodedExtraCtrl)) {
ps.setString(idx++, null);
} else {
ps.setString(idx++, encodedExtraCtrl);
}
ps.setString(idx++, entry.getSignerConf());
if (ps.executeUpdate() == 0) {
throw new CaMgmtException("could not add CA " + entry.getIdent());
}
if (LOG.isInfoEnabled()) {
LOG.info("add CA '{}': {}", entry.getIdent(), entry.toString(false, true));
}
} catch (SQLException ex) {
throw new CaMgmtException(datasource, sql, ex);
} catch (CertificateEncodingException ex) {
throw new CaMgmtException(ex);
} finally {
datasource.releaseResources(ps, null);
}
}
use of org.xipki.common.ConfPairs in project xipki by xipki.
the class OcspCertPublisher method initialize.
@Override
public void initialize(String conf, PasswordResolver passwordResolver, Map<String, DataSourceWrapper> datasources) throws CertPublisherException {
ParamUtil.requireNonNull("conf", conf);
ParamUtil.requireNonEmpty("datasources", datasources);
ConfPairs pairs = new ConfPairs(conf);
String str = pairs.value("publish.goodcerts");
this.publishsGoodCert = (str == null) ? true : Boolean.parseBoolean(str);
str = pairs.value("asyn");
this.asyn = (str == null) ? false : Boolean.parseBoolean(str);
ConfPairs confPairs = new ConfPairs(conf);
String datasourceName = confPairs.value("datasource");
DataSourceWrapper datasource = null;
if (datasourceName != null) {
datasource = datasources.get(datasourceName);
}
if (datasource == null) {
throw new CertPublisherException("no datasource named '" + datasourceName + "' is specified");
}
try {
queryExecutor = new OcspStoreQueryExecutor(datasource, this.publishsGoodCert);
} catch (NoSuchAlgorithmException | DataAccessException ex) {
throw new CertPublisherException(ex.getMessage(), ex);
}
}
use of org.xipki.common.ConfPairs in project xipki by xipki.
the class OcspCertStoreFromCaDbImporter method importToDb.
public void importToDb() throws Exception {
CertStoreType certstore;
try {
@SuppressWarnings("unchecked") JAXBElement<CertStoreType> root = (JAXBElement<CertStoreType>) unmarshaller.unmarshal(new File(baseDir, FILENAME_CA_CERTSTORE));
certstore = root.getValue();
} catch (JAXBException ex) {
throw XmlUtil.convert(ex);
}
if (certstore.getVersion() > VERSION) {
throw new InvalidInputException("could not import CertStore greater than " + VERSION + ": " + certstore.getVersion());
}
CAConfigurationType caConf;
try {
File file = new File(baseDir + File.separator + FILENAME_CA_CONFIGURATION);
@SuppressWarnings("unchecked") JAXBElement<CAConfigurationType> rootCaConf = (JAXBElement<CAConfigurationType>) unmarshaller.unmarshal(file);
caConf = rootCaConf.getValue();
} catch (JAXBException ex) {
throw XmlUtil.convert(ex);
}
if (caConf.getVersion() > VERSION) {
throw new InvalidInputException("could not import CA Configuration greater than " + VERSION + ": " + certstore.getVersion());
}
System.out.println("importing CA certstore to OCSP database");
try {
if (!resume) {
dropIndexes();
}
PublisherType publisherType = null;
for (PublisherType type : caConf.getPublishers().getPublisher()) {
if (publisherName.equals(type.getName())) {
publisherType = type;
break;
}
}
if (publisherType == null) {
throw new InvalidInputException("unknown publisher " + publisherName);
}
String type = publisherType.getType();
if (!"ocsp".equalsIgnoreCase(type)) {
throw new InvalidInputException("Unkwown publisher type " + type);
}
ConfPairs confPairs = new ConfPairs(value(publisherType.getConf()));
String str = confPairs.value("publish.goodcerts");
boolean revokedOnly = false;
if (str != null) {
revokedOnly = !Boolean.parseBoolean(str);
}
Set<Integer> relatedCaIds = new HashSet<>();
for (CaHasPublisherType ctype : caConf.getCaHasPublishers().getCaHasPublisher()) {
if (ctype.getPublisherId() == publisherType.getId()) {
relatedCaIds.add(ctype.getCaId());
}
}
List<CaType> relatedCas = new LinkedList<>();
for (CaType m : caConf.getCas().getCa()) {
if (relatedCaIds.contains(m.getId())) {
relatedCas.add(m);
}
}
if (relatedCas.isEmpty()) {
System.out.println("No CA has publisher " + publisherName);
return;
}
Map<Integer, String> profileMap = new HashMap<Integer, String>();
for (ProfileType ni : caConf.getProfiles().getProfile()) {
profileMap.put(ni.getId(), ni.getName());
}
List<Integer> relatedCertStoreCaIds = resume ? getIssuerIds(relatedCas) : importIssuer(relatedCas);
File processLogFile = new File(baseDir, DbPorter.IMPORT_TO_OCSP_PROCESS_LOG_FILENAME);
importCert(certstore, profileMap, revokedOnly, relatedCertStoreCaIds, processLogFile);
recoverIndexes();
processLogFile.delete();
} catch (Exception ex) {
System.err.println("could not import OCSP certstore to database");
throw ex;
}
System.out.println(" imported OCSP certstore to database");
}
use of org.xipki.common.ConfPairs in project xipki by xipki.
the class CaManagerImpl method canonicalizeSignerConf.
static String canonicalizeSignerConf(String keystoreType, String signerConf, X509Certificate[] certChain, SecurityFactory securityFactory) throws CaMgmtException {
if (!signerConf.contains("file:") && !signerConf.contains("base64:")) {
return signerConf;
}
ConfPairs pairs = new ConfPairs(signerConf);
String keystoreConf = pairs.value("keystore");
String passwordHint = pairs.value("password");
String keyLabel = pairs.value("key-label");
byte[] ksBytes;
if (StringUtil.startsWithIgnoreCase(keystoreConf, "file:")) {
String keystoreFile = keystoreConf.substring("file:".length());
try {
ksBytes = IoUtil.read(keystoreFile);
} catch (IOException ex) {
throw new CaMgmtException("IOException: " + ex.getMessage(), ex);
}
} else if (StringUtil.startsWithIgnoreCase(keystoreConf, "base64:")) {
ksBytes = Base64.decode(keystoreConf.substring("base64:".length()));
} else {
return signerConf;
}
try {
char[] password = securityFactory.getPasswordResolver().resolvePassword(passwordHint);
ksBytes = securityFactory.extractMinimalKeyStore(keystoreType, ksBytes, keyLabel, password, certChain);
} catch (KeyStoreException ex) {
throw new CaMgmtException("KeyStoreException: " + ex.getMessage(), ex);
} catch (PasswordResolverException ex) {
throw new CaMgmtException("PasswordResolverException: " + ex.getMessage(), ex);
}
pairs.putPair("keystore", "base64:" + Base64.encodeToString(ksBytes));
return pairs.getEncoded();
}
use of org.xipki.common.ConfPairs in project xipki by xipki.
the class ConfPairsTest method test1.
@Test
public void test1() {
ConfPairs pairs = new ConfPairs("key-a?", "value-a=");
pairs.putPair("key-b", "value-b");
String expEncoded = "key-a?=value-a\\=,key-b=value-b";
Map<String, String> expNameValues = new HashMap<>();
expNameValues.put("key-a?", "value-a=");
expNameValues.put("key-b", "value-b");
check(pairs, expEncoded, expNameValues);
}
Aggregations