Search in sources :

Example 31 with ConfPairs

use of org.xipki.common.ConfPairs in project xipki by xipki.

the class RevokeSuspendedCertsControl method toString.

@Override
public String toString() {
    ConfPairs pairs = new ConfPairs();
    pairs.putPair(KEY_REVOCATION_REASON, targetReason.getDescription());
    pairs.putPair(KEY_UNCHANGED_SINCE, unchangedSince.toString());
    return pairs.getEncoded();
}
Also used : ConfPairs(org.xipki.common.ConfPairs)

Example 32 with ConfPairs

use of org.xipki.common.ConfPairs in project xipki by xipki.

the class CaEntry method splitCaSignerConfs.

public static List<String[]> splitCaSignerConfs(String conf) throws XiSecurityException {
    ConfPairs pairs = new ConfPairs(conf);
    String str = pairs.value("algo");
    if (str == null) {
        throw new XiSecurityException("no algo is defined in CA signerConf");
    }
    List<String> list = StringUtil.split(str, ":");
    if (CollectionUtil.isEmpty(list)) {
        throw new XiSecurityException("empty algo is defined in CA signerConf");
    }
    List<String[]> signerConfs = new ArrayList<>(list.size());
    for (String n : list) {
        String c14nAlgo;
        try {
            c14nAlgo = AlgorithmUtil.canonicalizeSignatureAlgo(n);
        } catch (NoSuchAlgorithmException ex) {
            throw new XiSecurityException(ex.getMessage(), ex);
        }
        pairs.putPair("algo", c14nAlgo);
        signerConfs.add(new String[] { c14nAlgo, pairs.getEncoded() });
    }
    return signerConfs;
}
Also used : XiSecurityException(org.xipki.security.exception.XiSecurityException) ArrayList(java.util.ArrayList) ConfPairs(org.xipki.common.ConfPairs) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)

Example 33 with ConfPairs

use of org.xipki.common.ConfPairs in project xipki by xipki.

the class CaCheckCmd method execute0.

@Override
protected Object execute0() throws Exception {
    X509ChangeCaEntry ey = getChangeCaEntry();
    String caName = ey.getIdent().getName();
    println("checking CA" + caName);
    CaEntry entry = caManager.getCa(caName);
    if (entry == null) {
        throw new CmdFailure("could not find CA '" + caName + "'");
    }
    if (!(entry instanceof X509CaEntry)) {
        throw new CmdFailure("CA '" + caName + "' is not an X509-CA");
    }
    X509CaEntry ca = (X509CaEntry) entry;
    // CA cert uris
    if (ey.getCaCertUris() != null) {
        MgmtQaShellUtil.assertEquals("CA cert URIs", ey.getCaCertUris(), ca.getCaCertUris());
    }
    // CA certificate
    if (ey.getCert() != null) {
        if (!ey.getCert().equals(ca.getCert())) {
            throw new CmdFailure("CA cert is not as expected");
        }
    }
    // SN size
    if (ey.getSerialNoBitLen() != null) {
        assertObjEquals("serial number bit length", ey.getSerialNoBitLen(), ca.getSerialNoBitLen());
    }
    // CMP control name
    if (ey.getCmpControlName() != null) {
        MgmtQaShellUtil.assertEquals("CMP control name", ey.getCmpControlName(), ca.getCmpControlName());
    }
    // CRL signer name
    if (ey.getCrlSignerName() != null) {
        MgmtQaShellUtil.assertEquals("CRL signer name", ey.getCrlSignerName(), ca.getCrlSignerName());
    }
    // CRL uris
    if (ey.getCrlUris() != null) {
        MgmtQaShellUtil.assertEquals("CRL URIs", ey.getCrlUris(), ca.getCrlUris());
    }
    // DeltaCRL uris
    if (ey.getDeltaCrlUris() != null) {
        MgmtQaShellUtil.assertEquals("Delta CRL URIs", ey.getDeltaCrlUris(), ca.getDeltaCrlUris());
    }
    // Duplicate key mode
    if (ey.getDuplicateKeyPermitted() != null) {
        assertObjEquals("Duplicate key permitted", ey.getDuplicateKeyPermitted(), ca.isDuplicateKeyPermitted());
    }
    // Duplicate subject mode
    if (ey.getDuplicateSubjectPermitted() != null) {
        assertObjEquals("Duplicate subject permitted", ey.getDuplicateSubjectPermitted(), ca.isDuplicateSubjectPermitted());
    }
    // Expiration period
    if (ey.getExpirationPeriod() != null) {
        assertObjEquals("Expiration period", ey.getExpirationPeriod(), ca.getExpirationPeriod());
    }
    // Extra control
    if (ey.getExtraControl() != null) {
        assertObjEquals("Extra control", ey.getExtraControl(), ca.getExtraControl());
    }
    // Max validity
    if (ey.getMaxValidity() != null) {
        assertObjEquals("Max validity", ey.getMaxValidity(), ca.getMaxValidity());
    }
    // Keep expired certificate
    if (ey.getKeepExpiredCertInDays() != null) {
        assertObjEquals("keepExiredCertInDays", ey.getKeepExpiredCertInDays(), ca.getKeepExpiredCertInDays());
    }
    // Num CRLs
    if (ey.getNumCrls() != null) {
        assertObjEquals("num CRLs", ey.getNumCrls(), ca.getNumCrls());
    }
    // OCSP uris
    if (ey.getOcspUris() != null) {
        MgmtQaShellUtil.assertEquals("OCSP URIs", ey.getOcspUris(), ca.getOcspUris());
    }
    // Permissions
    if (ey.getPermission() != null) {
        assertObjEquals("permission", ey.getPermission(), ca.getPermission());
    }
    // Responder name
    if (ey.getResponderName() != null) {
        MgmtQaShellUtil.assertEquals("responder name", ey.getResponderName(), ca.getResponderName());
    }
    // Signer Type
    if (ey.getSignerType() != null) {
        MgmtQaShellUtil.assertEquals("signer type", ey.getSignerType(), ca.getSignerType());
    }
    if (ey.getSignerConf() != null) {
        ConfPairs ex = new ConfPairs(ey.getSignerConf());
        ex.removePair("keystore");
        ConfPairs is = new ConfPairs(ca.getSignerConf());
        is.removePair("keystore");
        assertObjEquals("signer conf", ex, is);
    }
    // Status
    if (ey.getStatus() != null) {
        assertObjEquals("status", ey.getStatus(), ca.getStatus());
    }
    // validity mode
    if (ey.getValidityMode() != null) {
        assertObjEquals("validity mode", ey.getValidityMode(), ca.getValidityMode());
    }
    println(" checked CA" + caName);
    return null;
}
Also used : X509CaEntry(org.xipki.ca.server.mgmt.api.x509.X509CaEntry) CaEntry(org.xipki.ca.server.mgmt.api.CaEntry) X509ChangeCaEntry(org.xipki.ca.server.mgmt.api.x509.X509ChangeCaEntry) CmdFailure(org.xipki.console.karaf.CmdFailure) ConfPairs(org.xipki.common.ConfPairs) X509ChangeCaEntry(org.xipki.ca.server.mgmt.api.x509.X509ChangeCaEntry) X509CaEntry(org.xipki.ca.server.mgmt.api.x509.X509CaEntry)

Example 34 with ConfPairs

use of org.xipki.common.ConfPairs in project xipki by xipki.

the class SignerConf method getKeystoreSignerConf.

public static SignerConf getKeystoreSignerConf(String keystoreFile, String password, int parallelism, HashAlgo hashAlgo, SignatureAlgoControl signatureAlgoControl) {
    ParamUtil.requireNonBlank("keystoreFile", keystoreFile);
    ParamUtil.requireNonBlank("password", password);
    ParamUtil.requireMin("parallelism", parallelism, 1);
    ParamUtil.requireNonNull("hashAlgo", hashAlgo);
    ConfPairs conf = new ConfPairs("password", password);
    conf.putPair("parallelism", Integer.toString(parallelism));
    conf.putPair("keystore", "file:" + keystoreFile);
    return new SignerConf(conf.getEncoded(), hashAlgo, signatureAlgoControl);
}
Also used : ConfPairs(org.xipki.common.ConfPairs)

Example 35 with ConfPairs

use of org.xipki.common.ConfPairs in project xipki by xipki.

the class SignerConf method getKeystoreSignerConf.

public static SignerConf getKeystoreSignerConf(InputStream keystoreStream, String password, String signatureAlgorithm, int parallelism) throws IOException {
    ParamUtil.requireNonNull("keystoreStream", keystoreStream);
    ParamUtil.requireNonBlank("password", password);
    ParamUtil.requireNonNull("signatureAlgorithm", signatureAlgorithm);
    ParamUtil.requireMin("parallelism", parallelism, 1);
    ConfPairs conf = new ConfPairs("password", password);
    conf.putPair("algo", signatureAlgorithm);
    conf.putPair("parallelism", Integer.toString(parallelism));
    conf.putPair("keystore", "base64:" + Base64.encodeToString(IoUtil.read(keystoreStream)));
    return new SignerConf(conf.getEncoded());
}
Also used : ConfPairs(org.xipki.common.ConfPairs)

Aggregations

ConfPairs (org.xipki.common.ConfPairs)38 HashMap (java.util.HashMap)8 Test (org.junit.Test)7 X509CaEntry (org.xipki.ca.server.mgmt.api.x509.X509CaEntry)5 IOException (java.io.IOException)4 CertificateException (java.security.cert.CertificateException)4 X509Certificate (java.security.cert.X509Certificate)4 SQLException (java.sql.SQLException)4 NameId (org.xipki.ca.api.NameId)4 CertValidity (org.xipki.ca.api.profile.CertValidity)4 CaMgmtException (org.xipki.ca.server.mgmt.api.CaMgmtException)4 ValidityMode (org.xipki.ca.server.mgmt.api.ValidityMode)4 DataAccessException (org.xipki.datasource.DataAccessException)4 SignerConf (org.xipki.security.SignerConf)4 XiSecurityException (org.xipki.security.exception.XiSecurityException)4 PreparedStatement (java.sql.PreparedStatement)3 OperationException (org.xipki.ca.api.OperationException)3 CaStatus (org.xipki.ca.server.mgmt.api.CaStatus)3 X509CaUris (org.xipki.ca.server.mgmt.api.x509.X509CaUris)3 X509ChangeCaEntry (org.xipki.ca.server.mgmt.api.x509.X509ChangeCaEntry)3