use of org.xipki.common.ConfPairs in project xipki by xipki.
the class RevokeSuspendedCertsControl method toString.
@Override
public String toString() {
ConfPairs pairs = new ConfPairs();
pairs.putPair(KEY_REVOCATION_REASON, targetReason.getDescription());
pairs.putPair(KEY_UNCHANGED_SINCE, unchangedSince.toString());
return pairs.getEncoded();
}
use of org.xipki.common.ConfPairs in project xipki by xipki.
the class CaEntry method splitCaSignerConfs.
public static List<String[]> splitCaSignerConfs(String conf) throws XiSecurityException {
ConfPairs pairs = new ConfPairs(conf);
String str = pairs.value("algo");
if (str == null) {
throw new XiSecurityException("no algo is defined in CA signerConf");
}
List<String> list = StringUtil.split(str, ":");
if (CollectionUtil.isEmpty(list)) {
throw new XiSecurityException("empty algo is defined in CA signerConf");
}
List<String[]> signerConfs = new ArrayList<>(list.size());
for (String n : list) {
String c14nAlgo;
try {
c14nAlgo = AlgorithmUtil.canonicalizeSignatureAlgo(n);
} catch (NoSuchAlgorithmException ex) {
throw new XiSecurityException(ex.getMessage(), ex);
}
pairs.putPair("algo", c14nAlgo);
signerConfs.add(new String[] { c14nAlgo, pairs.getEncoded() });
}
return signerConfs;
}
use of org.xipki.common.ConfPairs in project xipki by xipki.
the class CaCheckCmd method execute0.
@Override
protected Object execute0() throws Exception {
X509ChangeCaEntry ey = getChangeCaEntry();
String caName = ey.getIdent().getName();
println("checking CA" + caName);
CaEntry entry = caManager.getCa(caName);
if (entry == null) {
throw new CmdFailure("could not find CA '" + caName + "'");
}
if (!(entry instanceof X509CaEntry)) {
throw new CmdFailure("CA '" + caName + "' is not an X509-CA");
}
X509CaEntry ca = (X509CaEntry) entry;
// CA cert uris
if (ey.getCaCertUris() != null) {
MgmtQaShellUtil.assertEquals("CA cert URIs", ey.getCaCertUris(), ca.getCaCertUris());
}
// CA certificate
if (ey.getCert() != null) {
if (!ey.getCert().equals(ca.getCert())) {
throw new CmdFailure("CA cert is not as expected");
}
}
// SN size
if (ey.getSerialNoBitLen() != null) {
assertObjEquals("serial number bit length", ey.getSerialNoBitLen(), ca.getSerialNoBitLen());
}
// CMP control name
if (ey.getCmpControlName() != null) {
MgmtQaShellUtil.assertEquals("CMP control name", ey.getCmpControlName(), ca.getCmpControlName());
}
// CRL signer name
if (ey.getCrlSignerName() != null) {
MgmtQaShellUtil.assertEquals("CRL signer name", ey.getCrlSignerName(), ca.getCrlSignerName());
}
// CRL uris
if (ey.getCrlUris() != null) {
MgmtQaShellUtil.assertEquals("CRL URIs", ey.getCrlUris(), ca.getCrlUris());
}
// DeltaCRL uris
if (ey.getDeltaCrlUris() != null) {
MgmtQaShellUtil.assertEquals("Delta CRL URIs", ey.getDeltaCrlUris(), ca.getDeltaCrlUris());
}
// Duplicate key mode
if (ey.getDuplicateKeyPermitted() != null) {
assertObjEquals("Duplicate key permitted", ey.getDuplicateKeyPermitted(), ca.isDuplicateKeyPermitted());
}
// Duplicate subject mode
if (ey.getDuplicateSubjectPermitted() != null) {
assertObjEquals("Duplicate subject permitted", ey.getDuplicateSubjectPermitted(), ca.isDuplicateSubjectPermitted());
}
// Expiration period
if (ey.getExpirationPeriod() != null) {
assertObjEquals("Expiration period", ey.getExpirationPeriod(), ca.getExpirationPeriod());
}
// Extra control
if (ey.getExtraControl() != null) {
assertObjEquals("Extra control", ey.getExtraControl(), ca.getExtraControl());
}
// Max validity
if (ey.getMaxValidity() != null) {
assertObjEquals("Max validity", ey.getMaxValidity(), ca.getMaxValidity());
}
// Keep expired certificate
if (ey.getKeepExpiredCertInDays() != null) {
assertObjEquals("keepExiredCertInDays", ey.getKeepExpiredCertInDays(), ca.getKeepExpiredCertInDays());
}
// Num CRLs
if (ey.getNumCrls() != null) {
assertObjEquals("num CRLs", ey.getNumCrls(), ca.getNumCrls());
}
// OCSP uris
if (ey.getOcspUris() != null) {
MgmtQaShellUtil.assertEquals("OCSP URIs", ey.getOcspUris(), ca.getOcspUris());
}
// Permissions
if (ey.getPermission() != null) {
assertObjEquals("permission", ey.getPermission(), ca.getPermission());
}
// Responder name
if (ey.getResponderName() != null) {
MgmtQaShellUtil.assertEquals("responder name", ey.getResponderName(), ca.getResponderName());
}
// Signer Type
if (ey.getSignerType() != null) {
MgmtQaShellUtil.assertEquals("signer type", ey.getSignerType(), ca.getSignerType());
}
if (ey.getSignerConf() != null) {
ConfPairs ex = new ConfPairs(ey.getSignerConf());
ex.removePair("keystore");
ConfPairs is = new ConfPairs(ca.getSignerConf());
is.removePair("keystore");
assertObjEquals("signer conf", ex, is);
}
// Status
if (ey.getStatus() != null) {
assertObjEquals("status", ey.getStatus(), ca.getStatus());
}
// validity mode
if (ey.getValidityMode() != null) {
assertObjEquals("validity mode", ey.getValidityMode(), ca.getValidityMode());
}
println(" checked CA" + caName);
return null;
}
use of org.xipki.common.ConfPairs in project xipki by xipki.
the class SignerConf method getKeystoreSignerConf.
public static SignerConf getKeystoreSignerConf(String keystoreFile, String password, int parallelism, HashAlgo hashAlgo, SignatureAlgoControl signatureAlgoControl) {
ParamUtil.requireNonBlank("keystoreFile", keystoreFile);
ParamUtil.requireNonBlank("password", password);
ParamUtil.requireMin("parallelism", parallelism, 1);
ParamUtil.requireNonNull("hashAlgo", hashAlgo);
ConfPairs conf = new ConfPairs("password", password);
conf.putPair("parallelism", Integer.toString(parallelism));
conf.putPair("keystore", "file:" + keystoreFile);
return new SignerConf(conf.getEncoded(), hashAlgo, signatureAlgoControl);
}
use of org.xipki.common.ConfPairs in project xipki by xipki.
the class SignerConf method getKeystoreSignerConf.
public static SignerConf getKeystoreSignerConf(InputStream keystoreStream, String password, String signatureAlgorithm, int parallelism) throws IOException {
ParamUtil.requireNonNull("keystoreStream", keystoreStream);
ParamUtil.requireNonBlank("password", password);
ParamUtil.requireNonNull("signatureAlgorithm", signatureAlgorithm);
ParamUtil.requireMin("parallelism", parallelism, 1);
ConfPairs conf = new ConfPairs("password", password);
conf.putPair("algo", signatureAlgorithm);
conf.putPair("parallelism", Integer.toString(parallelism));
conf.putPair("keystore", "base64:" + Base64.encodeToString(IoUtil.read(keystoreStream)));
return new SignerConf(conf.getEncoded());
}
Aggregations