use of org.xipki.common.InvalidConfException in project xipki by xipki.
the class CaLoadTestTemplateEnroll method parse.
// method nextCertRequests
public static EnrollTemplateType parse(InputStream configStream) throws InvalidConfException {
ParamUtil.requireNonNull("configStream", configStream);
Object root;
synchronized (jaxbUnmarshallerLock) {
try {
if (jaxbUnmarshaller == null) {
JAXBContext context = JAXBContext.newInstance(ObjectFactory.class);
jaxbUnmarshaller = context.createUnmarshaller();
final SchemaFactory schemaFact = SchemaFactory.newInstance(javax.xml.XMLConstants.W3C_XML_SCHEMA_NS_URI);
URL url = ObjectFactory.class.getResource("/xsd/loadtest.xsd");
jaxbUnmarshaller.setSchema(schemaFact.newSchema(url));
}
root = jaxbUnmarshaller.unmarshal(configStream);
} catch (SAXException ex) {
throw new InvalidConfException("parsing profile failed, message: " + ex.getMessage(), ex);
} catch (JAXBException ex) {
throw new InvalidConfException("parsing profile failed, message: " + XmlUtil.getMessage(ex), ex);
}
}
try {
configStream.close();
} catch (IOException ex) {
LOG.warn("could not close xmlConfStream: {}", ex.getMessage());
}
if (root instanceof JAXBElement) {
return (EnrollTemplateType) ((JAXBElement<?>) root).getValue();
} else {
throw new InvalidConfException("invalid root element type");
}
}
use of org.xipki.common.InvalidConfException in project xipki by xipki.
the class P11ModuleConf method getSlotIdFilters.
private static Set<P11SlotIdFilter> getSlotIdFilters(SlotsType type) throws InvalidConfException {
if (type == null || CollectionUtil.isEmpty(type.getSlot())) {
return null;
}
Set<P11SlotIdFilter> filters = new HashSet<>();
for (SlotType slotType : type.getSlot()) {
Long slotId = null;
if (slotType.getId() != null) {
String str = slotType.getId().trim();
try {
slotId = StringUtil.startsWithIgnoreCase(str, "0X") ? Long.parseLong(str.substring(2), 16) : Long.parseLong(str);
} catch (NumberFormatException ex) {
String message = "invalid slotId '" + str + "'";
LOG.error(message);
throw new InvalidConfException(message);
}
}
filters.add(new P11SlotIdFilter(slotType.getIndex(), slotId));
}
return filters;
}
use of org.xipki.common.InvalidConfException in project xipki by xipki.
the class OcspServerImpl method init0.
private void init0() throws InvalidConfException, DataAccessException, PasswordResolverException {
if (confFile == null) {
throw new IllegalStateException("confFile is not set");
}
if (datasourceFactory == null) {
throw new IllegalStateException("datasourceFactory is not set");
}
if (securityFactory == null) {
throw new IllegalStateException("securityFactory is not set");
}
OCSPServer conf = parseConf(confFile);
// -- check the duplication names
Set<String> set = new HashSet<>();
// Duplication name check: responder
for (ResponderType m : conf.getResponders().getResponder()) {
String name = m.getName();
if (set.contains(name)) {
throw new InvalidConfException("duplicated definition of responder named '" + name + "'");
}
if (StringUtil.isBlank(name)) {
throw new InvalidConfException("responder name must not be empty");
}
for (int i = 0; i < name.length(); i++) {
char ch = name.charAt(i);
if (!((ch >= '0' && ch <= '9') || (ch >= 'A' && ch <= 'Z') || (ch >= 'a' && ch <= 'z') || ch == '-') || ch == '_' || ch == '.') {
throw new InvalidConfException("invalid OCSP responder name '" + name + "'");
}
}
// end for
set.add(name);
}
// end for
// Duplication name check: signer
set.clear();
for (SignerType m : conf.getSigners().getSigner()) {
String name = m.getName();
if (set.contains(name)) {
throw new InvalidConfException("duplicated definition of signer option named '" + name + "'");
}
set.add(name);
}
// Duplication name check: requests
set.clear();
for (RequestOptionType m : conf.getRequestOptions().getRequestOption()) {
String name = m.getName();
if (set.contains(name)) {
throw new InvalidConfException("duplicated definition of request option named '" + name + "'");
}
set.add(name);
}
// Duplication name check: response
set.clear();
for (ResponseOptionType m : conf.getResponseOptions().getResponseOption()) {
String name = m.getName();
if (set.contains(name)) {
throw new InvalidConfException("duplicated definition of response option named '" + name + "'");
}
set.add(name);
}
// Duplication name check: store
set.clear();
for (StoreType m : conf.getStores().getStore()) {
String name = m.getName();
if (set.contains(name)) {
throw new InvalidConfException("duplicated definition of store named '" + name + "'");
}
}
// Duplication name check: datasource
set.clear();
if (conf.getDatasources() != null) {
for (DatasourceType m : conf.getDatasources().getDatasource()) {
String name = m.getName();
if (set.contains(name)) {
throw new InvalidConfException("duplicated definition of datasource named '" + name + "'");
}
set.add(name);
}
}
this.master = conf.isMaster();
// Response Cache
ResponseCacheType cacheType = conf.getResponseCache();
if (cacheType != null) {
DatasourceType cacheSourceConf = cacheType.getDatasource();
DataSourceWrapper datasource;
InputStream dsStream = null;
try {
dsStream = getInputStream(cacheSourceConf.getConf());
datasource = datasourceFactory.createDataSource(cacheSourceConf.getName(), dsStream, securityFactory.getPasswordResolver());
} catch (IOException ex) {
throw new InvalidConfException(ex.getMessage(), ex);
} finally {
close(dsStream);
}
responseCacher = new ResponseCacher(datasource, master, cacheType.getValidity());
responseCacher.init();
}
// signers
for (SignerType m : conf.getSigners().getSigner()) {
ResponderSigner signer = initSigner(m);
signers.put(m.getName(), signer);
}
// requests
for (RequestOptionType m : conf.getRequestOptions().getRequestOption()) {
RequestOption option = new RequestOption(m);
requestOptions.put(m.getName(), option);
}
// responses
for (ResponseOptionType m : conf.getResponseOptions().getResponseOption()) {
ResponseOption option = new ResponseOption(m);
responseOptions.put(m.getName(), option);
}
// datasources
Map<String, DataSourceWrapper> datasources = new HashMap<>();
if (conf.getDatasources() != null) {
for (DatasourceType m : conf.getDatasources().getDatasource()) {
String name = m.getName();
DataSourceWrapper datasource;
InputStream dsStream = null;
try {
dsStream = getInputStream(m.getConf());
datasource = datasourceFactory.createDataSource(name, dsStream, securityFactory.getPasswordResolver());
} catch (IOException ex) {
throw new InvalidConfException(ex.getMessage(), ex);
} finally {
close(dsStream);
}
datasources.put(name, datasource);
}
// end for
}
// end if
// responders
Map<String, ResponderOption> responderOptions = new HashMap<>();
for (ResponderType m : conf.getResponders().getResponder()) {
ResponderOption option = new ResponderOption(m);
String optName = option.getSignerName();
if (!signers.containsKey(optName)) {
throw new InvalidConfException("no signer named '" + optName + "' is defined");
}
String reqOptName = option.getRequestOptionName();
if (!requestOptions.containsKey(reqOptName)) {
throw new InvalidConfException("no requestOption named '" + reqOptName + "' is defined");
}
String respOptName = option.getResponseOptionName();
if (!responseOptions.containsKey(respOptName)) {
throw new InvalidConfException("no responseOption named '" + respOptName + "' is defined");
}
// required HashAlgorithms for certificate
List<StoreType> storeDefs = conf.getStores().getStore();
Set<String> storeNames = new HashSet<>(storeDefs.size());
for (StoreType storeDef : storeDefs) {
storeNames.add(storeDef.getName());
}
responderOptions.put(m.getName(), option);
}
// stores
for (StoreType m : conf.getStores().getStore()) {
OcspStore store = newStore(m, datasources);
stores.put(m.getName(), store);
}
// responders
for (String name : responderOptions.keySet()) {
ResponderOption option = responderOptions.get(name);
List<OcspStore> statusStores = new ArrayList<>(option.getStoreNames().size());
for (String storeName : option.getStoreNames()) {
statusStores.add(stores.get(storeName));
}
ResponseOption responseOption = responseOptions.get(option.getResponseOptionName());
ResponderSigner signer = signers.get(option.getSignerName());
if (signer.isMacSigner()) {
if (responseOption.isResponderIdByName()) {
throw new InvalidConfException("could not use ResponderIdByName for signer " + option.getSignerName());
}
if (EmbedCertsMode.NONE != responseOption.getEmbedCertsMode()) {
throw new InvalidConfException("could not embed certifcate in response for signer " + option.getSignerName());
}
}
ResponderImpl responder = new ResponderImpl(option, requestOptions.get(option.getRequestOptionName()), responseOption, signer, statusStores);
responders.put(name, responder);
}
// end for
// servlet paths
List<SizeComparableString> tmpList = new LinkedList<>();
for (String name : responderOptions.keySet()) {
ResponderImpl responder = responders.get(name);
ResponderOption option = responderOptions.get(name);
List<String> strs = option.getServletPaths();
for (String path : strs) {
tmpList.add(new SizeComparableString(path));
path2responderMap.put(path, responder);
}
}
// Sort the servlet paths according to the length of path. The first one is the
// longest, and the last one is the shortest.
Collections.sort(tmpList);
List<String> list2 = new ArrayList<>(tmpList.size());
for (SizeComparableString m : tmpList) {
list2.add(m.str);
}
this.servletPaths = list2;
}
use of org.xipki.common.InvalidConfException in project xipki by xipki.
the class OcspServerImpl method initSigner.
private ResponderSigner initSigner(SignerType signerType) throws InvalidConfException {
X509Certificate[] explicitCertificateChain = null;
X509Certificate explicitResponderCert = null;
if (signerType.getCert() != null) {
explicitResponderCert = parseCert(signerType.getCert());
}
if (explicitResponderCert != null) {
Set<X509Certificate> caCerts = null;
if (signerType.getCaCerts() != null) {
caCerts = new HashSet<>();
for (FileOrValueType certConf : signerType.getCaCerts().getCaCert()) {
caCerts.add(parseCert(certConf));
}
}
explicitCertificateChain = X509Util.buildCertPath(explicitResponderCert, caCerts);
}
String responderSignerType = signerType.getType();
String responderKeyConf = signerType.getKey();
List<String> sigAlgos = signerType.getAlgorithms().getAlgorithm();
List<ConcurrentContentSigner> singleSigners = new ArrayList<>(sigAlgos.size());
for (String sigAlgo : sigAlgos) {
try {
ConcurrentContentSigner requestorSigner = securityFactory.createSigner(responderSignerType, new SignerConf("algo=" + sigAlgo + "," + responderKeyConf), explicitCertificateChain);
singleSigners.add(requestorSigner);
} catch (ObjectCreationException ex) {
throw new InvalidConfException(ex.getMessage(), ex);
}
}
try {
return new ResponderSigner(singleSigners);
} catch (CertificateException | IOException ex) {
throw new InvalidConfException(ex.getMessage(), ex);
}
}
use of org.xipki.common.InvalidConfException in project xipki by xipki.
the class OcspServerImpl method parseConf.
private static OCSPServer parseConf(String confFilename) throws InvalidConfException {
try {
JAXBContext jaxbContext = JAXBContext.newInstance(ObjectFactory.class);
Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
SchemaFactory schemaFact = SchemaFactory.newInstance(javax.xml.XMLConstants.W3C_XML_SCHEMA_NS_URI);
Schema schema = schemaFact.newSchema(OcspServerImpl.class.getResource("/xsd/ocsp-conf.xsd"));
unmarshaller.setSchema(schema);
return (OCSPServer) unmarshaller.unmarshal(new File(IoUtil.expandFilepath(confFilename)));
} catch (SAXException ex) {
throw new InvalidConfException("parse profile failed, message: " + ex.getMessage(), ex);
} catch (JAXBException ex) {
throw new InvalidConfException("parse profile failed, message: " + XmlUtil.getMessage(ex), ex);
}
}
Aggregations