use of org.xipki.common.ObjectCreationException in project xipki by xipki.
the class OcspServerImpl method initSigner.
private ResponderSigner initSigner(SignerType signerType) throws InvalidConfException {
X509Certificate[] explicitCertificateChain = null;
X509Certificate explicitResponderCert = null;
if (signerType.getCert() != null) {
explicitResponderCert = parseCert(signerType.getCert());
}
if (explicitResponderCert != null) {
Set<X509Certificate> caCerts = null;
if (signerType.getCaCerts() != null) {
caCerts = new HashSet<>();
for (FileOrValueType certConf : signerType.getCaCerts().getCaCert()) {
caCerts.add(parseCert(certConf));
}
}
explicitCertificateChain = X509Util.buildCertPath(explicitResponderCert, caCerts);
}
String responderSignerType = signerType.getType();
String responderKeyConf = signerType.getKey();
List<String> sigAlgos = signerType.getAlgorithms().getAlgorithm();
List<ConcurrentContentSigner> singleSigners = new ArrayList<>(sigAlgos.size());
for (String sigAlgo : sigAlgos) {
try {
ConcurrentContentSigner requestorSigner = securityFactory.createSigner(responderSignerType, new SignerConf("algo=" + sigAlgo + "," + responderKeyConf), explicitCertificateChain);
singleSigners.add(requestorSigner);
} catch (ObjectCreationException ex) {
throw new InvalidConfException(ex.getMessage(), ex);
}
}
try {
return new ResponderSigner(singleSigners);
} catch (CertificateException | IOException ex) {
throw new InvalidConfException(ex.getMessage(), ex);
}
}
use of org.xipki.common.ObjectCreationException in project xipki by xipki.
the class X509SelfSignedCertBuilder method generateSelfSigned.
public static GenerateSelfSignedResult generateSelfSigned(SecurityFactory securityFactory, String signerType, String signerConf, IdentifiedX509Certprofile certprofile, CertificationRequest csr, BigInteger serialNumber, List<String> caCertUris, List<String> ocspUris, List<String> crlUris, List<String> deltaCrlUris, ConfPairs extraControl) throws OperationException, InvalidConfException {
ParamUtil.requireNonNull("securityFactory", securityFactory);
ParamUtil.requireNonBlank("signerType", signerType);
ParamUtil.requireNonNull("certprofile", certprofile);
ParamUtil.requireNonNull("csr", csr);
ParamUtil.requireNonNull("serialNumber", serialNumber);
if (serialNumber.compareTo(BigInteger.ZERO) != 1) {
throw new IllegalArgumentException("serialNumber must not be non-positive: " + serialNumber);
}
X509CertLevel level = certprofile.getCertLevel();
if (X509CertLevel.RootCA != level) {
throw new IllegalArgumentException("certprofile is not of level " + X509CertLevel.RootCA);
}
if (!securityFactory.verifyPopo(csr, null)) {
throw new InvalidConfException("could not validate POP for the CSR");
}
if ("pkcs12".equalsIgnoreCase(signerType) || "jks".equalsIgnoreCase(signerType)) {
ConfPairs keyValues = new ConfPairs(signerConf);
String keystoreConf = keyValues.value("keystore");
if (keystoreConf == null) {
throw new InvalidConfException("required parameter 'keystore' for types PKCS12 and JKS, is not specified");
}
}
ConcurrentContentSigner signer;
try {
List<String[]> signerConfs = CaEntry.splitCaSignerConfs(signerConf);
List<String> restrictedSigAlgos = certprofile.getSignatureAlgorithms();
String thisSignerConf = null;
if (CollectionUtil.isEmpty(restrictedSigAlgos)) {
thisSignerConf = signerConfs.get(0)[1];
} else {
for (String algo : restrictedSigAlgos) {
for (String[] m : signerConfs) {
if (m[0].equals(algo)) {
thisSignerConf = m[1];
break;
}
}
if (thisSignerConf != null) {
break;
}
}
}
if (thisSignerConf == null) {
throw new OperationException(ErrorCode.SYSTEM_FAILURE, "CA does not support any signature algorithm restricted by the cert profile");
}
signer = securityFactory.createSigner(signerType, new SignerConf(thisSignerConf), (X509Certificate[]) null);
} catch (XiSecurityException | ObjectCreationException ex) {
throw new OperationException(ErrorCode.SYSTEM_FAILURE, ex);
}
SubjectPublicKeyInfo publicKeyInfo;
if (signer.getCertificate() != null) {
// this cert is the dummy one which can be considered only as public key container
Certificate bcCert;
try {
bcCert = Certificate.getInstance(signer.getCertificate().getEncoded());
} catch (Exception ex) {
throw new OperationException(ErrorCode.SYSTEM_FAILURE, "could not reparse certificate: " + ex.getMessage());
}
publicKeyInfo = bcCert.getSubjectPublicKeyInfo();
} else {
PublicKey signerPublicKey = signer.getPublicKey();
try {
publicKeyInfo = KeyUtil.createSubjectPublicKeyInfo(signerPublicKey);
} catch (InvalidKeyException ex) {
throw new OperationException(ErrorCode.SYSTEM_FAILURE, "cannot generate SubjectPublicKeyInfo from publicKey: " + ex.getMessage());
}
}
X509Certificate newCert = generateCertificate(signer, certprofile, csr, serialNumber, publicKeyInfo, caCertUris, ocspUris, crlUris, deltaCrlUris, extraControl);
return new GenerateSelfSignedResult(signerConf, newCert);
}
use of org.xipki.common.ObjectCreationException in project xipki by xipki.
the class ResponderEntryWrapper method initSigner.
public void initSigner(SecurityFactory securityFactory) throws ObjectCreationException {
ParamUtil.requireNonNull("securityFactory", securityFactory);
if (signer != null) {
return;
}
if (dbEntry == null) {
throw new ObjectCreationException("dbEntry is null");
}
X509Certificate responderCert = dbEntry.getCertificate();
dbEntry.setConfFaulty(true);
signer = securityFactory.createSigner(dbEntry.getType(), new SignerConf(dbEntry.getConf()), responderCert);
if (signer.getCertificate() == null) {
throw new ObjectCreationException("signer without certificate is not allowed");
}
dbEntry.setConfFaulty(false);
if (dbEntry.getBase64Cert() == null) {
dbEntry.setCertificate(signer.getCertificate());
subjectAsX500Name = X500Name.getInstance(signer.getBcCertificate().getSubject());
subjectAsGeneralName = new GeneralName(subjectAsX500Name);
}
}
use of org.xipki.common.ObjectCreationException in project xipki by xipki.
the class CaManagerImpl method createResponder.
// method shutdownPublisher
ResponderEntryWrapper createResponder(ResponderEntry dbEntry) throws CaMgmtException {
ParamUtil.requireNonNull("dbEntry", dbEntry);
ResponderEntryWrapper ret = new ResponderEntryWrapper();
ret.setDbEntry(dbEntry);
try {
ret.initSigner(securityFactory);
} catch (ObjectCreationException ex) {
final String message = "createCmpResponder";
LOG.debug(message, ex);
throw new CaMgmtException(ex.getMessage());
}
return ret;
}
use of org.xipki.common.ObjectCreationException in project xipki by xipki.
the class CaManagerImpl method createPublisher.
// method createCertprofile
IdentifiedX509CertPublisher createPublisher(PublisherEntry dbEntry) throws CaMgmtException {
ParamUtil.requireNonNull("dbEntry", dbEntry);
String type = dbEntry.getType();
X509CertPublisher publisher;
IdentifiedX509CertPublisher ret;
try {
if ("OCSP".equalsIgnoreCase(type)) {
publisher = new OcspCertPublisher();
} else {
publisher = x509CertPublisherFactoryRegister.newPublisher(type);
}
ret = new IdentifiedX509CertPublisher(dbEntry, publisher);
ret.initialize(securityFactory.getPasswordResolver(), datasources);
return ret;
} catch (ObjectCreationException | CertPublisherException | RuntimeException ex) {
String msg = "invalid configuration for the publisher " + dbEntry.getIdent();
LogUtil.error(LOG, ex, msg);
throw new CaMgmtException(msg, ex);
}
}
Aggregations