Search in sources :

Example 11 with InvalidConfException

use of org.xipki.common.InvalidConfException in project xipki by xipki.

the class CaManagerImpl method initCmpControls.

// method initCrlSigners
private void initCmpControls() throws CaMgmtException {
    if (cmpControlInitialized) {
        return;
    }
    cmpControls.clear();
    cmpControlDbEntries.clear();
    List<String> names = queryExecutor.namesFromTable("CMPCONTROL");
    for (String name : names) {
        CmpControlEntry cmpControlDb = queryExecutor.createCmpControl(name);
        if (cmpControlDb == null) {
            continue;
        }
        cmpControlDb.setFaulty(true);
        cmpControlDbEntries.put(name, cmpControlDb);
        CmpControl cmpControl;
        try {
            cmpControl = new CmpControl(cmpControlDb);
            cmpControlDb.setFaulty(false);
            cmpControls.put(name, cmpControl);
        } catch (InvalidConfException ex) {
            LogUtil.error(LOG, ex, concat("could not initialize CMP control ", name, ", ignore it"));
        }
    }
    cmpControlInitialized = true;
}
Also used : CmpControlEntry(org.xipki.ca.server.mgmt.api.CmpControlEntry) CmpControl(org.xipki.ca.server.mgmt.api.CmpControl) InvalidConfException(org.xipki.common.InvalidConfException)

Example 12 with InvalidConfException

use of org.xipki.common.InvalidConfException in project xipki by xipki.

the class CaManagerImpl method startCa.

// method startCaSystem0
private boolean startCa(String caName) {
    X509CaInfo caEntry = caInfos.get(caName);
    ConfPairs extraControl = caEntry.getCaEntry().getExtraControl();
    if (extraControl != null) {
        String str = extraControl.value(RevokeSuspendedCertsControl.KEY_REVOCATION_ENABLED);
        boolean enabled = false;
        if (str != null) {
            enabled = Boolean.parseBoolean(str);
        }
        if (enabled) {
            str = extraControl.value(RevokeSuspendedCertsControl.KEY_REVOCATION_REASON);
            CrlReason reason = (str == null) ? CrlReason.CESSATION_OF_OPERATION : CrlReason.forNameOrText(str);
            str = extraControl.value(RevokeSuspendedCertsControl.KEY_UNCHANGED_SINCE);
            CertValidity unchangedSince = (str == null) ? new CertValidity(15, Unit.DAY) : CertValidity.getInstance(str);
            RevokeSuspendedCertsControl control = new RevokeSuspendedCertsControl(reason, unchangedSince);
            caEntry.setRevokeSuspendedCertsControl(control);
        }
    }
    boolean signerRequired = caEntry.isSignerRequired();
    X509CrlSignerEntryWrapper crlSignerEntry = null;
    String crlSignerName = caEntry.getCrlSignerName();
    // CRL will be generated only in master mode
    if (signerRequired && masterMode && crlSignerName != null) {
        crlSignerEntry = crlSigners.get(crlSignerName);
        try {
            crlSignerEntry.getDbEntry().setConfFaulty(true);
            crlSignerEntry.initSigner(securityFactory);
            crlSignerEntry.getDbEntry().setConfFaulty(false);
        } catch (XiSecurityException | OperationException | InvalidConfException ex) {
            LogUtil.error(LOG, ex, concat("X09CrlSignerEntryWrapper.initSigner (name=", crlSignerName, ")"));
            return false;
        }
    }
    X509Ca ca;
    try {
        ca = new X509Ca(this, caEntry, certstore);
        ca.setAuditServiceRegister(auditServiceRegister);
    } catch (OperationException ex) {
        LogUtil.error(LOG, ex, concat("X509CA.<init> (ca=", caName, ")"));
        return false;
    }
    x509cas.put(caName, ca);
    X509CaCmpResponderImpl caResponder = new X509CaCmpResponderImpl(this, caName);
    x509Responders.put(caName, caResponder);
    return true;
}
Also used : X509CaCmpResponderImpl(org.xipki.ca.server.impl.cmp.X509CaCmpResponderImpl) CertValidity(org.xipki.ca.api.profile.CertValidity) RevokeSuspendedCertsControl(org.xipki.ca.server.mgmt.api.x509.RevokeSuspendedCertsControl) ConfPairs(org.xipki.common.ConfPairs) InvalidConfException(org.xipki.common.InvalidConfException) XiSecurityException(org.xipki.security.exception.XiSecurityException) CrlReason(org.xipki.security.CrlReason) OperationException(org.xipki.ca.api.OperationException)

Example 13 with InvalidConfException

use of org.xipki.common.InvalidConfException in project xipki by xipki.

the class CaManagerImpl method addCmpControl.

@Override
public void addCmpControl(CmpControlEntry dbEntry) throws CaMgmtException {
    ParamUtil.requireNonNull("dbEntry", dbEntry);
    asssertMasterMode();
    final String name = dbEntry.getName();
    if (cmpControlDbEntries.containsKey(name)) {
        throw new CaMgmtException(concat("CMP control named ", name, " exists"));
    }
    CmpControl cmpControl;
    try {
        cmpControl = new CmpControl(dbEntry);
    } catch (InvalidConfException ex) {
        LogUtil.error(LOG, ex, "could not add CMP control to certStore");
        throw new CaMgmtException(ex);
    }
    CmpControlEntry tmpDbEntry = cmpControl.getDbEntry();
    queryExecutor.addCmpControl(tmpDbEntry);
    cmpControls.put(name, cmpControl);
    cmpControlDbEntries.put(name, tmpDbEntry);
}
Also used : CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException) CmpControlEntry(org.xipki.ca.server.mgmt.api.CmpControlEntry) CmpControl(org.xipki.ca.server.mgmt.api.CmpControl) InvalidConfException(org.xipki.common.InvalidConfException)

Example 14 with InvalidConfException

use of org.xipki.common.InvalidConfException in project xipki by xipki.

the class CaManagerQueryExecutor method addCrlSigner.

// method addRequestorToCa
void addCrlSigner(X509CrlSignerEntry dbEntry) throws CaMgmtException {
    ParamUtil.requireNonNull("dbEntry", dbEntry);
    String crlControl = dbEntry.crlControl();
    // validate crlControl
    if (crlControl != null) {
        try {
            new CrlControl(crlControl);
        } catch (InvalidConfException ex) {
            throw new CaMgmtException(concat("invalid CRL control '", crlControl, "'"));
        }
    }
    String name = dbEntry.getName();
    String sql = "INSERT INTO CRLSIGNER (NAME,SIGNER_TYPE,SIGNER_CERT,CRL_CONTROL,SIGNER_CONF)" + " VALUES (?,?,?,?,?)";
    PreparedStatement ps = null;
    try {
        ps = prepareStatement(sql);
        int idx = 1;
        ps.setString(idx++, name);
        ps.setString(idx++, dbEntry.getType());
        ps.setString(idx++, (dbEntry.getCert() == null) ? null : Base64.encodeToString(dbEntry.getCert().getEncoded()));
        ps.setString(idx++, crlControl);
        ps.setString(idx++, dbEntry.getConf());
        if (ps.executeUpdate() == 0) {
            throw new CaMgmtException("could not add CRL signer " + name);
        }
        LOG.info("added CRL signer '{}': {}", name, dbEntry.toString(false, true));
    } catch (SQLException ex) {
        throw new CaMgmtException(datasource, sql, ex);
    } catch (CertificateEncodingException ex) {
        throw new CaMgmtException(ex);
    } finally {
        datasource.releaseResources(ps, null);
    }
}
Also used : CrlControl(org.xipki.ca.server.mgmt.api.x509.CrlControl) CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException) SQLException(java.sql.SQLException) InvalidConfException(org.xipki.common.InvalidConfException) PreparedStatement(java.sql.PreparedStatement) CertificateEncodingException(java.security.cert.CertificateEncodingException)

Example 15 with InvalidConfException

use of org.xipki.common.InvalidConfException in project xipki by xipki.

the class CaManagerQueryExecutor method changeCmpControl.

// method changeCertprofile
CmpControl changeCmpControl(String name, String conf) throws CaMgmtException {
    ParamUtil.requireNonBlank("name", name);
    if (conf == null) {
        throw new IllegalArgumentException("nothing to change");
    }
    CmpControlEntry newDbEntry = new CmpControlEntry(name, conf);
    CmpControl cmpControl;
    try {
        cmpControl = new CmpControl(newDbEntry);
    } catch (InvalidConfException ex) {
        throw new CaMgmtException(ex);
    }
    final String sql = "UPDATE CMPCONTROL SET CONF=? WHERE NAME=?";
    PreparedStatement ps = null;
    try {
        ps = prepareStatement(sql);
        ps.setString(1, conf);
        ps.setString(2, name);
        if (ps.executeUpdate() == 0) {
            throw new CaMgmtException("could not CMP control " + name);
        }
        LOG.info("changed CMP control '{}': {}", name, conf);
        return cmpControl;
    } catch (SQLException ex) {
        throw new CaMgmtException(datasource, sql, ex);
    } finally {
        datasource.releaseResources(ps, null);
    }
}
Also used : CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException) SQLException(java.sql.SQLException) CmpControlEntry(org.xipki.ca.server.mgmt.api.CmpControlEntry) CmpControl(org.xipki.ca.server.mgmt.api.CmpControl) InvalidConfException(org.xipki.common.InvalidConfException) PreparedStatement(java.sql.PreparedStatement)

Aggregations

InvalidConfException (org.xipki.common.InvalidConfException)20 CaMgmtException (org.xipki.ca.server.mgmt.api.CaMgmtException)10 PreparedStatement (java.sql.PreparedStatement)6 SQLException (java.sql.SQLException)6 IOException (java.io.IOException)5 CertificateException (java.security.cert.CertificateException)5 ObjectCreationException (org.xipki.common.ObjectCreationException)5 XiSecurityException (org.xipki.security.exception.XiSecurityException)5 BigInteger (java.math.BigInteger)4 X509Certificate (java.security.cert.X509Certificate)4 OperationException (org.xipki.ca.api.OperationException)4 JAXBException (javax.xml.bind.JAXBException)3 CmpControlEntry (org.xipki.ca.server.mgmt.api.CmpControlEntry)3 SAXException (org.xml.sax.SAXException)3 CertificateEncodingException (java.security.cert.CertificateEncodingException)2 ResultSet (java.sql.ResultSet)2 ArrayList (java.util.ArrayList)2 HashSet (java.util.HashSet)2 AtomicInteger (java.util.concurrent.atomic.AtomicInteger)2 JAXBContext (javax.xml.bind.JAXBContext)2