Search in sources :

Example 16 with InvalidConfException

use of org.xipki.common.InvalidConfException in project xipki by xipki.

the class CaManagerQueryExecutor method createCrlSigner.

// method createRequestor
X509CrlSignerEntry createCrlSigner(String name) throws CaMgmtException {
    final String sql = sqls.sqlSelectCrlSigner;
    PreparedStatement stmt = null;
    ResultSet rs = null;
    try {
        stmt = prepareStatement(sql);
        stmt.setString(1, name);
        rs = stmt.executeQuery();
        if (!rs.next()) {
            throw new CaMgmtException("unknown CRL signer " + name);
        }
        String signerType = rs.getString("SIGNER_TYPE");
        String signerConf = rs.getString("SIGNER_CONF");
        String signerCert = rs.getString("SIGNER_CERT");
        String crlControlConf = rs.getString("CRL_CONTROL");
        return new X509CrlSignerEntry(name, signerType, signerConf, signerCert, crlControlConf);
    } catch (SQLException ex) {
        throw new CaMgmtException(datasource, sql, ex);
    } catch (InvalidConfException ex) {
        throw new CaMgmtException(ex);
    } finally {
        datasource.releaseResources(stmt, rs);
    }
}
Also used : CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException) SQLException(java.sql.SQLException) ResultSet(java.sql.ResultSet) X509CrlSignerEntry(org.xipki.ca.server.mgmt.api.x509.X509CrlSignerEntry) InvalidConfException(org.xipki.common.InvalidConfException) PreparedStatement(java.sql.PreparedStatement)

Example 17 with InvalidConfException

use of org.xipki.common.InvalidConfException in project xipki by xipki.

the class CaManagerQueryExecutor method changeScep.

// method changeCrlSigner
ScepImpl changeScep(String name, NameId caIdent, Boolean active, String responderName, Set<String> certProfiles, String control, CaManagerImpl caManager, final SecurityFactory securityFactory) throws CaMgmtException {
    ParamUtil.requireNonBlank("name", name);
    ParamUtil.requireNonNull("caManager", caManager);
    StringBuilder sqlBuilder = new StringBuilder();
    sqlBuilder.append("UPDATE SCEP SET ");
    AtomicInteger index = new AtomicInteger(1);
    Integer idxCa = addToSqlIfNotNull(sqlBuilder, index, caIdent, "CA_ID");
    Integer idxActive = addToSqlIfNotNull(sqlBuilder, index, active, "ACTIVE");
    Integer idxName = addToSqlIfNotNull(sqlBuilder, index, responderName, "RESPONDER_NAME");
    Integer idxProfiles = addToSqlIfNotNull(sqlBuilder, index, certProfiles, "PROFILES");
    Integer idxControl = addToSqlIfNotNull(sqlBuilder, index, control, "CONTROL");
    sqlBuilder.deleteCharAt(sqlBuilder.length() - 1);
    sqlBuilder.append(" WHERE NAME=?");
    if (index.get() == 1) {
        throw new IllegalArgumentException("nothing to change");
    }
    ScepEntry dbEntry = getScep(name, caManager.idNameMap());
    boolean tmpActive = (active == null) ? dbEntry.isActive() : active;
    String tmpResponderName = (responderName == null) ? dbEntry.getResponderName() : responderName;
    NameId tmpCaIdent;
    if (caIdent == null) {
        tmpCaIdent = dbEntry.getCaIdent();
    } else {
        tmpCaIdent = caIdent;
    }
    Set<String> tmpCertProfiles;
    if (certProfiles == null) {
        tmpCertProfiles = dbEntry.getCertProfiles();
    } else {
        tmpCertProfiles = certProfiles;
    }
    String tmpControl;
    if (control == null) {
        tmpControl = dbEntry.getControl();
    } else if (CaManager.NULL.equals(control)) {
        tmpControl = null;
    } else {
        tmpControl = control;
    }
    ScepEntry newDbEntry;
    try {
        newDbEntry = new ScepEntry(name, tmpCaIdent, tmpActive, tmpResponderName, tmpCertProfiles, tmpControl);
    } catch (InvalidConfException ex) {
        throw new CaMgmtException(ex);
    }
    ScepImpl scep = new ScepImpl(newDbEntry, caManager);
    final String sql = sqlBuilder.toString();
    StringBuilder sb = new StringBuilder();
    PreparedStatement ps = null;
    try {
        ps = prepareStatement(sql);
        if (idxActive != null) {
            setBoolean(ps, idxActive, tmpActive);
            sb.append("active: '").append(tmpActive).append("'; ");
        }
        if (idxCa != null) {
            sb.append("ca: '").append(caIdent).append("'; ");
            ps.setInt(idxCa, caIdent.getId());
        }
        if (idxName != null) {
            String txt = getRealString(tmpResponderName);
            ps.setString(idxName, txt);
            sb.append("responder type: '").append(txt).append("'; ");
        }
        if (idxProfiles != null) {
            sb.append("profiles: '").append(certProfiles).append("'; ");
            ps.setString(idxProfiles, StringUtil.collectionAsStringByComma(certProfiles));
        }
        if (idxControl != null) {
            String txt = getRealString(tmpControl);
            sb.append("control: '").append(tmpControl);
            ps.setString(idxControl, txt);
        }
        if (idxCa != null) {
            sb.append("ca: ").append(caIdent);
            ps.setInt(idxCa, caIdent.getId());
        }
        ps.setString(index.get(), name);
        if (ps.executeUpdate() == 0) {
            throw new CaMgmtException("could not change SCEP " + name);
        }
        final int sbLen = sb.length();
        if (sbLen > 0) {
            sb.delete(sbLen - 2, sbLen);
        }
        LOG.info("changed SCEP: {}", sb);
        return scep;
    } catch (SQLException ex) {
        throw new CaMgmtException(datasource, sql, ex);
    } finally {
        datasource.releaseResources(ps, null);
    }
}
Also used : NameId(org.xipki.ca.api.NameId) SQLException(java.sql.SQLException) InvalidConfException(org.xipki.common.InvalidConfException) ScepImpl(org.xipki.ca.server.impl.scep.ScepImpl) PreparedStatement(java.sql.PreparedStatement) ScepEntry(org.xipki.ca.server.mgmt.api.x509.ScepEntry) AtomicInteger(java.util.concurrent.atomic.AtomicInteger) CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException) AtomicInteger(java.util.concurrent.atomic.AtomicInteger)

Example 18 with InvalidConfException

use of org.xipki.common.InvalidConfException in project xipki by xipki.

the class OcspServerImpl method newStore.

// method initSigner
private OcspStore newStore(StoreType conf, Map<String, DataSourceWrapper> datasources) throws InvalidConfException {
    OcspStore store;
    String type = conf.getSource().getType();
    if ("CRL".equalsIgnoreCase(type)) {
        store = new CrlDbCertStatusStore();
    } else if ("XIPKI-DB".equals(type)) {
        store = new DbCertStatusStore();
    } else {
        try {
            store = ocspStoreFactoryRegister.newOcspStore(conf.getSource().getType());
        } catch (ObjectCreationException ex) {
            throw new InvalidConfException("ObjectCreationException of store " + conf.getName() + ":" + ex.getMessage(), ex);
        }
    }
    store.setName(conf.getName());
    Integer interval = conf.getRetentionInterval();
    int retentionInterva = (interval == null) ? -1 : interval.intValue();
    store.setRetentionInterval(retentionInterva);
    store.setUnknownSerialAsGood(getBoolean(conf.isUnknownSerialAsGood(), false));
    store.setIncludeArchiveCutoff(getBoolean(conf.isIncludeArchiveCutoff(), true));
    store.setIncludeCrlId(getBoolean(conf.isIncludeCrlID(), true));
    store.setIgnoreExpiredCert(getBoolean(conf.isIgnoreExpiredCert(), true));
    store.setIgnoreNotYetValidCert(getBoolean(conf.isIgnoreNotYetValidCert(), true));
    String datasourceName = conf.getSource().getDatasource();
    DataSourceWrapper datasource = null;
    if (datasourceName != null) {
        datasource = datasources.get(datasourceName);
        if (datasource == null) {
            throw new InvalidConfException("datasource named '" + datasourceName + "' not defined");
        }
    }
    try {
        store.init(conf.getSource().getConf(), datasource);
    } catch (OcspStoreException ex) {
        throw new InvalidConfException("CertStatusStoreException of store " + conf.getName() + ":" + ex.getMessage(), ex);
    }
    return store;
}
Also used : CrlDbCertStatusStore(org.xipki.ocsp.server.impl.store.crl.CrlDbCertStatusStore) DbCertStatusStore(org.xipki.ocsp.server.impl.store.db.DbCertStatusStore) BigInteger(java.math.BigInteger) CrlDbCertStatusStore(org.xipki.ocsp.server.impl.store.crl.CrlDbCertStatusStore) OcspStoreException(org.xipki.ocsp.api.OcspStoreException) OcspStore(org.xipki.ocsp.api.OcspStore) ObjectCreationException(org.xipki.common.ObjectCreationException) InvalidConfException(org.xipki.common.InvalidConfException) DataSourceWrapper(org.xipki.datasource.DataSourceWrapper)

Example 19 with InvalidConfException

use of org.xipki.common.InvalidConfException in project xipki by xipki.

the class RevokeCertCmd method execute0.

@Override
protected Object execute0() throws Exception {
    CrlReason crlReason = CrlReason.forNameOrText(reason);
    if (!CrlReason.PERMITTED_CLIENT_CRLREASONS.contains(crlReason)) {
        throw new InvalidConfException("reason " + reason + " is not permitted");
    }
    Date invalidityDate = null;
    if (isNotBlank(invalidityDateS)) {
        invalidityDate = DateUtil.parseUtcTimeyyyyMMddhhmmss(invalidityDateS);
    }
    BigInteger serialNo = getSerialNumber();
    String msg = "certificate (serial number = 0x" + serialNo.toString(16) + ")";
    try {
        caManager.revokeCertificate(caName, serialNo, crlReason, invalidityDate);
        println("revoked " + msg);
        return null;
    } catch (CaMgmtException ex) {
        throw new CmdFailure("could not revoke " + msg + ", error: " + ex.getMessage(), ex);
    }
}
Also used : CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException) CmdFailure(org.xipki.console.karaf.CmdFailure) InvalidConfException(org.xipki.common.InvalidConfException) BigInteger(java.math.BigInteger) CrlReason(org.xipki.security.CrlReason) Date(java.util.Date)

Example 20 with InvalidConfException

use of org.xipki.common.InvalidConfException in project xipki by xipki.

the class CaConf method init.

private void init(CAConfType jaxb, String baseDir, ZipFile zipFile, SecurityFactory securityFactory) throws IOException, InvalidConfException, CaMgmtException {
    // Properties
    if (baseDir != null) {
        properties.put("baseDir", baseDir);
    }
    if (jaxb.getProperties() != null) {
        for (NameValueType m : jaxb.getProperties().getProperty()) {
            String name = m.getName();
            if (properties.containsKey(name)) {
                throw new InvalidConfException("Property " + name + " already defined");
            }
            properties.put(name, m.getValue());
        }
    }
    // CMP controls
    if (jaxb.getCmpcontrols() != null) {
        for (CmpcontrolType m : jaxb.getCmpcontrols().getCmpcontrol()) {
            CmpControlEntry en = new CmpControlEntry(m.getName(), getValue(m.getConf(), zipFile));
            addCmpControl(en);
        }
    }
    // Responders
    if (jaxb.getResponders() != null) {
        for (ResponderType m : jaxb.getResponders().getResponder()) {
            ResponderEntry en = new ResponderEntry(m.getName(), expandConf(m.getType()), getValue(m.getConf(), zipFile), getBase64Binary(m.getCert(), zipFile));
            addResponder(en);
        }
    }
    // Environments
    if (jaxb.getEnvironments() != null) {
        for (NameValueType m : jaxb.getEnvironments().getEnvironment()) {
            addEnvironment(m.getName(), expandConf(m.getValue()));
        }
    }
    // CRL signers
    if (jaxb.getCrlsigners() != null) {
        for (CrlsignerType m : jaxb.getCrlsigners().getCrlsigner()) {
            X509CrlSignerEntry en = new X509CrlSignerEntry(m.getName(), expandConf(m.getSignerType()), getValue(m.getSignerConf(), zipFile), getBase64Binary(m.getSignerCert(), zipFile), expandConf(m.getCrlControl()));
            addCrlSigner(en);
        }
    }
    // Requestors
    if (jaxb.getRequestors() != null) {
        for (RequestorType m : jaxb.getRequestors().getRequestor()) {
            RequestorEntry en = new RequestorEntry(new NameId(null, m.getName()), getBase64Binary(m.getCert(), zipFile));
            addRequestor(en);
        }
    }
    // Users
    if (jaxb.getUsers() != null) {
        for (UserType m : jaxb.getUsers().getUser()) {
            boolean active = (m.isActive() != null) ? m.isActive() : true;
            String password = m.getPassword();
            if (password != null) {
                AddUserEntry en = new AddUserEntry(new NameId(null, m.getName()), active, password);
                addUser(en);
            } else {
                UserEntry en = new UserEntry(new NameId(null, m.getName()), active, m.getHashedPassword());
                addUser(en);
            }
        }
    }
    // Publishers
    if (jaxb.getPublishers() != null) {
        for (PublisherType m : jaxb.getPublishers().getPublisher()) {
            PublisherEntry en = new PublisherEntry(new NameId(null, m.getName()), expandConf(m.getType()), getValue(m.getConf(), zipFile));
            addPublisher(en);
        }
    }
    // CertProfiles
    if (jaxb.getProfiles() != null) {
        for (ProfileType m : jaxb.getProfiles().getProfile()) {
            CertprofileEntry en = new CertprofileEntry(new NameId(null, m.getName()), expandConf(m.getType()), getValue(m.getConf(), zipFile));
            addProfile(en);
        }
    }
    // CAs
    if (jaxb.getCas() != null) {
        for (CaType m : jaxb.getCas().getCa()) {
            String name = m.getName();
            GenSelfIssued genSelfIssued = null;
            X509CaEntry caEntry = null;
            if (m.getCaInfo() != null) {
                X509CaInfoType ci = m.getCaInfo().getX509Ca();
                if (ci.getGenSelfIssued() != null) {
                    String certFilename = null;
                    if (ci.getCert() != null) {
                        if (ci.getCert().getFile() != null) {
                            certFilename = expandConf(ci.getCert().getFile());
                        } else {
                            throw new InvalidConfException("cert.file of CA " + name + " must not be null");
                        }
                    }
                    byte[] csr = getBinary(ci.getGenSelfIssued().getCsr(), zipFile);
                    BigInteger serialNumber = null;
                    String str = ci.getGenSelfIssued().getSerialNumber();
                    if (str != null) {
                        if (str.startsWith("0x") || str.startsWith("0X")) {
                            serialNumber = new BigInteger(str.substring(2), 16);
                        } else {
                            serialNumber = new BigInteger(str);
                        }
                    }
                    genSelfIssued = new GenSelfIssued(ci.getGenSelfIssued().getProfile(), csr, serialNumber, certFilename);
                }
                X509CaUris caUris = new X509CaUris(getStrings(ci.getCacertUris()), getStrings(ci.getOcspUris()), getStrings(ci.getCrlUris()), getStrings(ci.getDeltacrlUris()));
                int exprirationPeriod = (ci.getExpirationPeriod() == null) ? 365 : ci.getExpirationPeriod().intValue();
                int numCrls = (ci.getNumCrls() == null) ? 30 : ci.getNumCrls().intValue();
                caEntry = new X509CaEntry(new NameId(null, name), ci.getSnSize(), ci.getNextCrlNo(), expandConf(ci.getSignerType()), getValue(ci.getSignerConf(), zipFile), caUris, numCrls, exprirationPeriod);
                caEntry.setCmpControlName(ci.getCmpcontrolName());
                caEntry.setCrlSignerName(ci.getCrlsignerName());
                caEntry.setDuplicateKeyPermitted(ci.isDuplicateKey());
                caEntry.setDuplicateSubjectPermitted(ci.isDuplicateSubject());
                if (ci.getExtraControl() != null) {
                    String value = getValue(ci.getExtraControl(), zipFile);
                    if (value != null) {
                        caEntry.setExtraControl(new ConfPairs(value).unmodifiable());
                    }
                }
                int keepExpiredCertDays = (ci.getKeepExpiredCertDays() == null) ? -1 : ci.getKeepExpiredCertDays().intValue();
                caEntry.setKeepExpiredCertInDays(keepExpiredCertDays);
                caEntry.setMaxValidity(CertValidity.getInstance(ci.getMaxValidity()));
                caEntry.setPermission(ci.getPermission());
                caEntry.setResponderName(ci.getResponderName());
                caEntry.setSaveRequest(ci.isSaveReq());
                caEntry.setStatus(CaStatus.forName(ci.getStatus()));
                if (ci.getValidityMode() != null) {
                    caEntry.setValidityMode(ValidityMode.forName(ci.getValidityMode()));
                }
                if (ci.getGenSelfIssued() == null) {
                    X509Certificate caCert;
                    if (ci.getCert() != null) {
                        byte[] bytes = getBinary(ci.getCert(), zipFile);
                        try {
                            caCert = X509Util.parseCert(bytes);
                        } catch (CertificateException ex) {
                            throw new InvalidConfException("invalid certificate of CA " + name, ex);
                        }
                    } else {
                        // extract from the signer configuration
                        ConcurrentContentSigner signer;
                        try {
                            List<String[]> signerConfs = CaEntry.splitCaSignerConfs(getValue(ci.getSignerConf(), zipFile));
                            SignerConf signerConf = new SignerConf(signerConfs.get(0)[1]);
                            signer = securityFactory.createSigner(expandConf(ci.getSignerType()), signerConf, (X509Certificate) null);
                        } catch (ObjectCreationException | XiSecurityException ex) {
                            throw new InvalidConfException("could not create CA signer for CA " + name, ex);
                        }
                        caCert = signer.getCertificate();
                    }
                    caEntry.setCert(caCert);
                }
            }
            List<CaHasRequestorEntry> caHasRequestors = null;
            if (m.getRequestors() != null) {
                caHasRequestors = new LinkedList<>();
                for (CaHasRequestorType req : m.getRequestors().getRequestor()) {
                    CaHasRequestorEntry en = new CaHasRequestorEntry(new NameId(null, req.getRequestorName()));
                    en.setRa(req.isRa());
                    List<String> strs = getStrings(req.getProfiles());
                    if (strs != null) {
                        en.setProfiles(new HashSet<>(strs));
                    }
                    en.setPermission(req.getPermission());
                    caHasRequestors.add(en);
                }
            }
            List<CaHasUserEntry> caHasUsers = null;
            if (m.getUsers() != null) {
                caHasUsers = new LinkedList<>();
                for (CaHasUserType req : m.getUsers().getUser()) {
                    CaHasUserEntry en = new CaHasUserEntry(new NameId(null, req.getUserName()));
                    en.setPermission(req.getPermission());
                    List<String> strs = getStrings(req.getProfiles());
                    if (strs != null) {
                        en.setProfiles(new HashSet<>(strs));
                    }
                    caHasUsers.add(en);
                }
            }
            List<String> aliases = getStrings(m.getAliases());
            List<String> profileNames = getStrings(m.getProfiles());
            List<String> publisherNames = getStrings(m.getPublishers());
            SingleCaConf singleCa = new SingleCaConf(name, genSelfIssued, caEntry, aliases, profileNames, caHasRequestors, caHasUsers, publisherNames);
            addSingleCa(singleCa);
        }
    }
    // SCEPs
    if (jaxb.getSceps() != null) {
        for (ScepType m : jaxb.getSceps().getScep()) {
            String name = m.getName();
            NameId caIdent = new NameId(null, m.getCaName());
            List<String> certProfiles = getStrings(m.getProfiles());
            ScepEntry dbEntry = new ScepEntry(name, caIdent, true, m.getResponderName(), new HashSet<>(certProfiles), m.getControl());
            sceps.put(name, dbEntry);
        }
    }
}
Also used : CmpcontrolType(org.xipki.ca.server.mgmt.api.conf.jaxb.CmpcontrolType) CaHasUserEntry(org.xipki.ca.server.mgmt.api.CaHasUserEntry) NameValueType(org.xipki.ca.server.mgmt.api.conf.jaxb.NameValueType) NameId(org.xipki.ca.api.NameId) PublisherType(org.xipki.ca.server.mgmt.api.conf.jaxb.PublisherType) RequestorType(org.xipki.ca.server.mgmt.api.conf.jaxb.RequestorType) CaHasRequestorType(org.xipki.ca.server.mgmt.api.conf.jaxb.CaHasRequestorType) CertificateException(java.security.cert.CertificateException) CaHasRequestorType(org.xipki.ca.server.mgmt.api.conf.jaxb.CaHasRequestorType) CaType(org.xipki.ca.server.mgmt.api.conf.jaxb.CaType) PublisherEntry(org.xipki.ca.server.mgmt.api.PublisherEntry) CmpControlEntry(org.xipki.ca.server.mgmt.api.CmpControlEntry) ResponderEntry(org.xipki.ca.server.mgmt.api.ResponderEntry) SignerConf(org.xipki.security.SignerConf) ResponderType(org.xipki.ca.server.mgmt.api.conf.jaxb.ResponderType) X509Certificate(java.security.cert.X509Certificate) ScepEntry(org.xipki.ca.server.mgmt.api.x509.ScepEntry) AddUserEntry(org.xipki.ca.server.mgmt.api.AddUserEntry) BigInteger(java.math.BigInteger) UserType(org.xipki.ca.server.mgmt.api.conf.jaxb.UserType) CaHasUserType(org.xipki.ca.server.mgmt.api.conf.jaxb.CaHasUserType) CrlsignerType(org.xipki.ca.server.mgmt.api.conf.jaxb.CrlsignerType) X509CaEntry(org.xipki.ca.server.mgmt.api.x509.X509CaEntry) ScepType(org.xipki.ca.server.mgmt.api.conf.jaxb.ScepType) RequestorEntry(org.xipki.ca.server.mgmt.api.RequestorEntry) CaHasRequestorEntry(org.xipki.ca.server.mgmt.api.CaHasRequestorEntry) InvalidConfException(org.xipki.common.InvalidConfException) XiSecurityException(org.xipki.security.exception.XiSecurityException) X509CrlSignerEntry(org.xipki.ca.server.mgmt.api.x509.X509CrlSignerEntry) ProfileType(org.xipki.ca.server.mgmt.api.conf.jaxb.ProfileType) ConfPairs(org.xipki.common.ConfPairs) CertprofileEntry(org.xipki.ca.server.mgmt.api.CertprofileEntry) X509CaUris(org.xipki.ca.server.mgmt.api.x509.X509CaUris) ConcurrentContentSigner(org.xipki.security.ConcurrentContentSigner) ObjectCreationException(org.xipki.common.ObjectCreationException) CaHasUserType(org.xipki.ca.server.mgmt.api.conf.jaxb.CaHasUserType) X509CaInfoType(org.xipki.ca.server.mgmt.api.conf.jaxb.X509CaInfoType) CaHasUserEntry(org.xipki.ca.server.mgmt.api.CaHasUserEntry) AddUserEntry(org.xipki.ca.server.mgmt.api.AddUserEntry) UserEntry(org.xipki.ca.server.mgmt.api.UserEntry) CaHasRequestorEntry(org.xipki.ca.server.mgmt.api.CaHasRequestorEntry)

Aggregations

InvalidConfException (org.xipki.common.InvalidConfException)20 CaMgmtException (org.xipki.ca.server.mgmt.api.CaMgmtException)10 PreparedStatement (java.sql.PreparedStatement)6 SQLException (java.sql.SQLException)6 IOException (java.io.IOException)5 CertificateException (java.security.cert.CertificateException)5 ObjectCreationException (org.xipki.common.ObjectCreationException)5 XiSecurityException (org.xipki.security.exception.XiSecurityException)5 BigInteger (java.math.BigInteger)4 X509Certificate (java.security.cert.X509Certificate)4 OperationException (org.xipki.ca.api.OperationException)4 JAXBException (javax.xml.bind.JAXBException)3 CmpControlEntry (org.xipki.ca.server.mgmt.api.CmpControlEntry)3 SAXException (org.xml.sax.SAXException)3 CertificateEncodingException (java.security.cert.CertificateEncodingException)2 ResultSet (java.sql.ResultSet)2 ArrayList (java.util.ArrayList)2 HashSet (java.util.HashSet)2 AtomicInteger (java.util.concurrent.atomic.AtomicInteger)2 JAXBContext (javax.xml.bind.JAXBContext)2