Search in sources :

Example 1 with InvalidConfException

use of org.xipki.common.InvalidConfException in project xipki by xipki.

the class CaLoadTestTemplateEnroll method parse.

// method nextCertRequests
public static EnrollTemplateType parse(InputStream configStream) throws InvalidConfException {
    ParamUtil.requireNonNull("configStream", configStream);
    Object root;
    synchronized (jaxbUnmarshallerLock) {
        try {
            if (jaxbUnmarshaller == null) {
                JAXBContext context = JAXBContext.newInstance(ObjectFactory.class);
                jaxbUnmarshaller = context.createUnmarshaller();
                final SchemaFactory schemaFact = SchemaFactory.newInstance(javax.xml.XMLConstants.W3C_XML_SCHEMA_NS_URI);
                URL url = ObjectFactory.class.getResource("/xsd/loadtest.xsd");
                jaxbUnmarshaller.setSchema(schemaFact.newSchema(url));
            }
            root = jaxbUnmarshaller.unmarshal(configStream);
        } catch (SAXException ex) {
            throw new InvalidConfException("parsing profile failed, message: " + ex.getMessage(), ex);
        } catch (JAXBException ex) {
            throw new InvalidConfException("parsing profile failed, message: " + XmlUtil.getMessage(ex), ex);
        }
    }
    try {
        configStream.close();
    } catch (IOException ex) {
        LOG.warn("could not close xmlConfStream: {}", ex.getMessage());
    }
    if (root instanceof JAXBElement) {
        return (EnrollTemplateType) ((JAXBElement<?>) root).getValue();
    } else {
        throw new InvalidConfException("invalid root element type");
    }
}
Also used : SchemaFactory(javax.xml.validation.SchemaFactory) EnrollTemplateType(org.xipki.ca.client.shell.loadtest.jaxb.EnrollTemplateType) JAXBException(javax.xml.bind.JAXBException) InvalidConfException(org.xipki.common.InvalidConfException) JAXBContext(javax.xml.bind.JAXBContext) IOException(java.io.IOException) JAXBElement(javax.xml.bind.JAXBElement) URL(java.net.URL) SAXException(org.xml.sax.SAXException)

Example 2 with InvalidConfException

use of org.xipki.common.InvalidConfException in project xipki by xipki.

the class P11ModuleConf method getSlotIdFilters.

private static Set<P11SlotIdFilter> getSlotIdFilters(SlotsType type) throws InvalidConfException {
    if (type == null || CollectionUtil.isEmpty(type.getSlot())) {
        return null;
    }
    Set<P11SlotIdFilter> filters = new HashSet<>();
    for (SlotType slotType : type.getSlot()) {
        Long slotId = null;
        if (slotType.getId() != null) {
            String str = slotType.getId().trim();
            try {
                slotId = StringUtil.startsWithIgnoreCase(str, "0X") ? Long.parseLong(str.substring(2), 16) : Long.parseLong(str);
            } catch (NumberFormatException ex) {
                String message = "invalid slotId '" + str + "'";
                LOG.error(message);
                throw new InvalidConfException(message);
            }
        }
        filters.add(new P11SlotIdFilter(slotType.getIndex(), slotId));
    }
    return filters;
}
Also used : InvalidConfException(org.xipki.common.InvalidConfException) HashSet(java.util.HashSet) SlotType(org.xipki.security.pkcs11.jaxb.SlotType)

Example 3 with InvalidConfException

use of org.xipki.common.InvalidConfException in project xipki by xipki.

the class OcspServerImpl method init0.

private void init0() throws InvalidConfException, DataAccessException, PasswordResolverException {
    if (confFile == null) {
        throw new IllegalStateException("confFile is not set");
    }
    if (datasourceFactory == null) {
        throw new IllegalStateException("datasourceFactory is not set");
    }
    if (securityFactory == null) {
        throw new IllegalStateException("securityFactory is not set");
    }
    OCSPServer conf = parseConf(confFile);
    // -- check the duplication names
    Set<String> set = new HashSet<>();
    // Duplication name check: responder
    for (ResponderType m : conf.getResponders().getResponder()) {
        String name = m.getName();
        if (set.contains(name)) {
            throw new InvalidConfException("duplicated definition of responder named '" + name + "'");
        }
        if (StringUtil.isBlank(name)) {
            throw new InvalidConfException("responder name must not be empty");
        }
        for (int i = 0; i < name.length(); i++) {
            char ch = name.charAt(i);
            if (!((ch >= '0' && ch <= '9') || (ch >= 'A' && ch <= 'Z') || (ch >= 'a' && ch <= 'z') || ch == '-') || ch == '_' || ch == '.') {
                throw new InvalidConfException("invalid OCSP responder name '" + name + "'");
            }
        }
        // end for
        set.add(name);
    }
    // end for
    // Duplication name check: signer
    set.clear();
    for (SignerType m : conf.getSigners().getSigner()) {
        String name = m.getName();
        if (set.contains(name)) {
            throw new InvalidConfException("duplicated definition of signer option named '" + name + "'");
        }
        set.add(name);
    }
    // Duplication name check: requests
    set.clear();
    for (RequestOptionType m : conf.getRequestOptions().getRequestOption()) {
        String name = m.getName();
        if (set.contains(name)) {
            throw new InvalidConfException("duplicated definition of request option named '" + name + "'");
        }
        set.add(name);
    }
    // Duplication name check: response
    set.clear();
    for (ResponseOptionType m : conf.getResponseOptions().getResponseOption()) {
        String name = m.getName();
        if (set.contains(name)) {
            throw new InvalidConfException("duplicated definition of response option named '" + name + "'");
        }
        set.add(name);
    }
    // Duplication name check: store
    set.clear();
    for (StoreType m : conf.getStores().getStore()) {
        String name = m.getName();
        if (set.contains(name)) {
            throw new InvalidConfException("duplicated definition of store named '" + name + "'");
        }
    }
    // Duplication name check: datasource
    set.clear();
    if (conf.getDatasources() != null) {
        for (DatasourceType m : conf.getDatasources().getDatasource()) {
            String name = m.getName();
            if (set.contains(name)) {
                throw new InvalidConfException("duplicated definition of datasource named '" + name + "'");
            }
            set.add(name);
        }
    }
    this.master = conf.isMaster();
    // Response Cache
    ResponseCacheType cacheType = conf.getResponseCache();
    if (cacheType != null) {
        DatasourceType cacheSourceConf = cacheType.getDatasource();
        DataSourceWrapper datasource;
        InputStream dsStream = null;
        try {
            dsStream = getInputStream(cacheSourceConf.getConf());
            datasource = datasourceFactory.createDataSource(cacheSourceConf.getName(), dsStream, securityFactory.getPasswordResolver());
        } catch (IOException ex) {
            throw new InvalidConfException(ex.getMessage(), ex);
        } finally {
            close(dsStream);
        }
        responseCacher = new ResponseCacher(datasource, master, cacheType.getValidity());
        responseCacher.init();
    }
    // signers
    for (SignerType m : conf.getSigners().getSigner()) {
        ResponderSigner signer = initSigner(m);
        signers.put(m.getName(), signer);
    }
    // requests
    for (RequestOptionType m : conf.getRequestOptions().getRequestOption()) {
        RequestOption option = new RequestOption(m);
        requestOptions.put(m.getName(), option);
    }
    // responses
    for (ResponseOptionType m : conf.getResponseOptions().getResponseOption()) {
        ResponseOption option = new ResponseOption(m);
        responseOptions.put(m.getName(), option);
    }
    // datasources
    Map<String, DataSourceWrapper> datasources = new HashMap<>();
    if (conf.getDatasources() != null) {
        for (DatasourceType m : conf.getDatasources().getDatasource()) {
            String name = m.getName();
            DataSourceWrapper datasource;
            InputStream dsStream = null;
            try {
                dsStream = getInputStream(m.getConf());
                datasource = datasourceFactory.createDataSource(name, dsStream, securityFactory.getPasswordResolver());
            } catch (IOException ex) {
                throw new InvalidConfException(ex.getMessage(), ex);
            } finally {
                close(dsStream);
            }
            datasources.put(name, datasource);
        }
    // end for
    }
    // end if
    // responders
    Map<String, ResponderOption> responderOptions = new HashMap<>();
    for (ResponderType m : conf.getResponders().getResponder()) {
        ResponderOption option = new ResponderOption(m);
        String optName = option.getSignerName();
        if (!signers.containsKey(optName)) {
            throw new InvalidConfException("no signer named '" + optName + "' is defined");
        }
        String reqOptName = option.getRequestOptionName();
        if (!requestOptions.containsKey(reqOptName)) {
            throw new InvalidConfException("no requestOption named '" + reqOptName + "' is defined");
        }
        String respOptName = option.getResponseOptionName();
        if (!responseOptions.containsKey(respOptName)) {
            throw new InvalidConfException("no responseOption named '" + respOptName + "' is defined");
        }
        // required HashAlgorithms for certificate
        List<StoreType> storeDefs = conf.getStores().getStore();
        Set<String> storeNames = new HashSet<>(storeDefs.size());
        for (StoreType storeDef : storeDefs) {
            storeNames.add(storeDef.getName());
        }
        responderOptions.put(m.getName(), option);
    }
    // stores
    for (StoreType m : conf.getStores().getStore()) {
        OcspStore store = newStore(m, datasources);
        stores.put(m.getName(), store);
    }
    // responders
    for (String name : responderOptions.keySet()) {
        ResponderOption option = responderOptions.get(name);
        List<OcspStore> statusStores = new ArrayList<>(option.getStoreNames().size());
        for (String storeName : option.getStoreNames()) {
            statusStores.add(stores.get(storeName));
        }
        ResponseOption responseOption = responseOptions.get(option.getResponseOptionName());
        ResponderSigner signer = signers.get(option.getSignerName());
        if (signer.isMacSigner()) {
            if (responseOption.isResponderIdByName()) {
                throw new InvalidConfException("could not use ResponderIdByName for signer " + option.getSignerName());
            }
            if (EmbedCertsMode.NONE != responseOption.getEmbedCertsMode()) {
                throw new InvalidConfException("could not embed certifcate in response for signer " + option.getSignerName());
            }
        }
        ResponderImpl responder = new ResponderImpl(option, requestOptions.get(option.getRequestOptionName()), responseOption, signer, statusStores);
        responders.put(name, responder);
    }
    // end for
    // servlet paths
    List<SizeComparableString> tmpList = new LinkedList<>();
    for (String name : responderOptions.keySet()) {
        ResponderImpl responder = responders.get(name);
        ResponderOption option = responderOptions.get(name);
        List<String> strs = option.getServletPaths();
        for (String path : strs) {
            tmpList.add(new SizeComparableString(path));
            path2responderMap.put(path, responder);
        }
    }
    // Sort the servlet paths according to the length of path. The first one is the
    // longest, and the last one is the shortest.
    Collections.sort(tmpList);
    List<String> list2 = new ArrayList<>(tmpList.size());
    for (SizeComparableString m : tmpList) {
        list2.add(m.str);
    }
    this.servletPaths = list2;
}
Also used : HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) InvalidConfException(org.xipki.common.InvalidConfException) DatasourceType(org.xipki.ocsp.server.impl.jaxb.DatasourceType) SignerType(org.xipki.ocsp.server.impl.jaxb.SignerType) StoreType(org.xipki.ocsp.server.impl.jaxb.StoreType) OcspStore(org.xipki.ocsp.api.OcspStore) HashSet(java.util.HashSet) RequestOptionType(org.xipki.ocsp.server.impl.jaxb.RequestOptionType) ResponseOptionType(org.xipki.ocsp.server.impl.jaxb.ResponseOptionType) ByteArrayInputStream(java.io.ByteArrayInputStream) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) FileInputStream(java.io.FileInputStream) InputStream(java.io.InputStream) ResponseCacheType(org.xipki.ocsp.server.impl.jaxb.ResponseCacheType) IOException(java.io.IOException) ResponderType(org.xipki.ocsp.server.impl.jaxb.ResponderType) LinkedList(java.util.LinkedList) OCSPServer(org.xipki.ocsp.server.impl.jaxb.OCSPServer) DataSourceWrapper(org.xipki.datasource.DataSourceWrapper)

Example 4 with InvalidConfException

use of org.xipki.common.InvalidConfException in project xipki by xipki.

the class OcspServerImpl method initSigner.

private ResponderSigner initSigner(SignerType signerType) throws InvalidConfException {
    X509Certificate[] explicitCertificateChain = null;
    X509Certificate explicitResponderCert = null;
    if (signerType.getCert() != null) {
        explicitResponderCert = parseCert(signerType.getCert());
    }
    if (explicitResponderCert != null) {
        Set<X509Certificate> caCerts = null;
        if (signerType.getCaCerts() != null) {
            caCerts = new HashSet<>();
            for (FileOrValueType certConf : signerType.getCaCerts().getCaCert()) {
                caCerts.add(parseCert(certConf));
            }
        }
        explicitCertificateChain = X509Util.buildCertPath(explicitResponderCert, caCerts);
    }
    String responderSignerType = signerType.getType();
    String responderKeyConf = signerType.getKey();
    List<String> sigAlgos = signerType.getAlgorithms().getAlgorithm();
    List<ConcurrentContentSigner> singleSigners = new ArrayList<>(sigAlgos.size());
    for (String sigAlgo : sigAlgos) {
        try {
            ConcurrentContentSigner requestorSigner = securityFactory.createSigner(responderSignerType, new SignerConf("algo=" + sigAlgo + "," + responderKeyConf), explicitCertificateChain);
            singleSigners.add(requestorSigner);
        } catch (ObjectCreationException ex) {
            throw new InvalidConfException(ex.getMessage(), ex);
        }
    }
    try {
        return new ResponderSigner(singleSigners);
    } catch (CertificateException | IOException ex) {
        throw new InvalidConfException(ex.getMessage(), ex);
    }
}
Also used : FileOrValueType(org.xipki.ocsp.server.impl.jaxb.FileOrValueType) ArrayList(java.util.ArrayList) SignerConf(org.xipki.security.SignerConf) InvalidConfException(org.xipki.common.InvalidConfException) CertificateException(java.security.cert.CertificateException) IOException(java.io.IOException) X509Certificate(java.security.cert.X509Certificate) ConcurrentContentSigner(org.xipki.security.ConcurrentContentSigner) ObjectCreationException(org.xipki.common.ObjectCreationException)

Example 5 with InvalidConfException

use of org.xipki.common.InvalidConfException in project xipki by xipki.

the class OcspServerImpl method parseConf.

private static OCSPServer parseConf(String confFilename) throws InvalidConfException {
    try {
        JAXBContext jaxbContext = JAXBContext.newInstance(ObjectFactory.class);
        Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
        SchemaFactory schemaFact = SchemaFactory.newInstance(javax.xml.XMLConstants.W3C_XML_SCHEMA_NS_URI);
        Schema schema = schemaFact.newSchema(OcspServerImpl.class.getResource("/xsd/ocsp-conf.xsd"));
        unmarshaller.setSchema(schema);
        return (OCSPServer) unmarshaller.unmarshal(new File(IoUtil.expandFilepath(confFilename)));
    } catch (SAXException ex) {
        throw new InvalidConfException("parse profile failed, message: " + ex.getMessage(), ex);
    } catch (JAXBException ex) {
        throw new InvalidConfException("parse profile failed, message: " + XmlUtil.getMessage(ex), ex);
    }
}
Also used : SchemaFactory(javax.xml.validation.SchemaFactory) Schema(javax.xml.validation.Schema) JAXBException(javax.xml.bind.JAXBException) InvalidConfException(org.xipki.common.InvalidConfException) JAXBContext(javax.xml.bind.JAXBContext) OCSPServer(org.xipki.ocsp.server.impl.jaxb.OCSPServer) Unmarshaller(javax.xml.bind.Unmarshaller) File(java.io.File) SAXException(org.xml.sax.SAXException)

Aggregations

InvalidConfException (org.xipki.common.InvalidConfException)20 CaMgmtException (org.xipki.ca.server.mgmt.api.CaMgmtException)10 PreparedStatement (java.sql.PreparedStatement)6 SQLException (java.sql.SQLException)6 IOException (java.io.IOException)5 CertificateException (java.security.cert.CertificateException)5 ObjectCreationException (org.xipki.common.ObjectCreationException)5 XiSecurityException (org.xipki.security.exception.XiSecurityException)5 BigInteger (java.math.BigInteger)4 X509Certificate (java.security.cert.X509Certificate)4 OperationException (org.xipki.ca.api.OperationException)4 JAXBException (javax.xml.bind.JAXBException)3 CmpControlEntry (org.xipki.ca.server.mgmt.api.CmpControlEntry)3 SAXException (org.xml.sax.SAXException)3 CertificateEncodingException (java.security.cert.CertificateEncodingException)2 ResultSet (java.sql.ResultSet)2 ArrayList (java.util.ArrayList)2 HashSet (java.util.HashSet)2 AtomicInteger (java.util.concurrent.atomic.AtomicInteger)2 JAXBContext (javax.xml.bind.JAXBContext)2