Search in sources :

Example 1 with ObjectCreationException

use of org.xipki.common.ObjectCreationException in project xipki by xipki.

the class OcspServerImpl method initSigner.

private ResponderSigner initSigner(SignerType signerType) throws InvalidConfException {
    X509Certificate[] explicitCertificateChain = null;
    X509Certificate explicitResponderCert = null;
    if (signerType.getCert() != null) {
        explicitResponderCert = parseCert(signerType.getCert());
    }
    if (explicitResponderCert != null) {
        Set<X509Certificate> caCerts = null;
        if (signerType.getCaCerts() != null) {
            caCerts = new HashSet<>();
            for (FileOrValueType certConf : signerType.getCaCerts().getCaCert()) {
                caCerts.add(parseCert(certConf));
            }
        }
        explicitCertificateChain = X509Util.buildCertPath(explicitResponderCert, caCerts);
    }
    String responderSignerType = signerType.getType();
    String responderKeyConf = signerType.getKey();
    List<String> sigAlgos = signerType.getAlgorithms().getAlgorithm();
    List<ConcurrentContentSigner> singleSigners = new ArrayList<>(sigAlgos.size());
    for (String sigAlgo : sigAlgos) {
        try {
            ConcurrentContentSigner requestorSigner = securityFactory.createSigner(responderSignerType, new SignerConf("algo=" + sigAlgo + "," + responderKeyConf), explicitCertificateChain);
            singleSigners.add(requestorSigner);
        } catch (ObjectCreationException ex) {
            throw new InvalidConfException(ex.getMessage(), ex);
        }
    }
    try {
        return new ResponderSigner(singleSigners);
    } catch (CertificateException | IOException ex) {
        throw new InvalidConfException(ex.getMessage(), ex);
    }
}
Also used : FileOrValueType(org.xipki.ocsp.server.impl.jaxb.FileOrValueType) ArrayList(java.util.ArrayList) SignerConf(org.xipki.security.SignerConf) InvalidConfException(org.xipki.common.InvalidConfException) CertificateException(java.security.cert.CertificateException) IOException(java.io.IOException) X509Certificate(java.security.cert.X509Certificate) ConcurrentContentSigner(org.xipki.security.ConcurrentContentSigner) ObjectCreationException(org.xipki.common.ObjectCreationException)

Example 2 with ObjectCreationException

use of org.xipki.common.ObjectCreationException in project xipki by xipki.

the class X509SelfSignedCertBuilder method generateSelfSigned.

public static GenerateSelfSignedResult generateSelfSigned(SecurityFactory securityFactory, String signerType, String signerConf, IdentifiedX509Certprofile certprofile, CertificationRequest csr, BigInteger serialNumber, List<String> caCertUris, List<String> ocspUris, List<String> crlUris, List<String> deltaCrlUris, ConfPairs extraControl) throws OperationException, InvalidConfException {
    ParamUtil.requireNonNull("securityFactory", securityFactory);
    ParamUtil.requireNonBlank("signerType", signerType);
    ParamUtil.requireNonNull("certprofile", certprofile);
    ParamUtil.requireNonNull("csr", csr);
    ParamUtil.requireNonNull("serialNumber", serialNumber);
    if (serialNumber.compareTo(BigInteger.ZERO) != 1) {
        throw new IllegalArgumentException("serialNumber must not be non-positive: " + serialNumber);
    }
    X509CertLevel level = certprofile.getCertLevel();
    if (X509CertLevel.RootCA != level) {
        throw new IllegalArgumentException("certprofile is not of level " + X509CertLevel.RootCA);
    }
    if (!securityFactory.verifyPopo(csr, null)) {
        throw new InvalidConfException("could not validate POP for the CSR");
    }
    if ("pkcs12".equalsIgnoreCase(signerType) || "jks".equalsIgnoreCase(signerType)) {
        ConfPairs keyValues = new ConfPairs(signerConf);
        String keystoreConf = keyValues.value("keystore");
        if (keystoreConf == null) {
            throw new InvalidConfException("required parameter 'keystore' for types PKCS12 and JKS, is not specified");
        }
    }
    ConcurrentContentSigner signer;
    try {
        List<String[]> signerConfs = CaEntry.splitCaSignerConfs(signerConf);
        List<String> restrictedSigAlgos = certprofile.getSignatureAlgorithms();
        String thisSignerConf = null;
        if (CollectionUtil.isEmpty(restrictedSigAlgos)) {
            thisSignerConf = signerConfs.get(0)[1];
        } else {
            for (String algo : restrictedSigAlgos) {
                for (String[] m : signerConfs) {
                    if (m[0].equals(algo)) {
                        thisSignerConf = m[1];
                        break;
                    }
                }
                if (thisSignerConf != null) {
                    break;
                }
            }
        }
        if (thisSignerConf == null) {
            throw new OperationException(ErrorCode.SYSTEM_FAILURE, "CA does not support any signature algorithm restricted by the cert profile");
        }
        signer = securityFactory.createSigner(signerType, new SignerConf(thisSignerConf), (X509Certificate[]) null);
    } catch (XiSecurityException | ObjectCreationException ex) {
        throw new OperationException(ErrorCode.SYSTEM_FAILURE, ex);
    }
    SubjectPublicKeyInfo publicKeyInfo;
    if (signer.getCertificate() != null) {
        // this cert is the dummy one which can be considered only as public key container
        Certificate bcCert;
        try {
            bcCert = Certificate.getInstance(signer.getCertificate().getEncoded());
        } catch (Exception ex) {
            throw new OperationException(ErrorCode.SYSTEM_FAILURE, "could not reparse certificate: " + ex.getMessage());
        }
        publicKeyInfo = bcCert.getSubjectPublicKeyInfo();
    } else {
        PublicKey signerPublicKey = signer.getPublicKey();
        try {
            publicKeyInfo = KeyUtil.createSubjectPublicKeyInfo(signerPublicKey);
        } catch (InvalidKeyException ex) {
            throw new OperationException(ErrorCode.SYSTEM_FAILURE, "cannot generate SubjectPublicKeyInfo from publicKey: " + ex.getMessage());
        }
    }
    X509Certificate newCert = generateCertificate(signer, certprofile, csr, serialNumber, publicKeyInfo, caCertUris, ocspUris, crlUris, deltaCrlUris, extraControl);
    return new GenerateSelfSignedResult(signerConf, newCert);
}
Also used : RSAPublicKey(java.security.interfaces.RSAPublicKey) ECPublicKey(java.security.interfaces.ECPublicKey) PublicKey(java.security.PublicKey) DSAPublicKey(java.security.interfaces.DSAPublicKey) InvalidConfException(org.xipki.common.InvalidConfException) ConfPairs(org.xipki.common.ConfPairs) SignerConf(org.xipki.security.SignerConf) InvalidKeyException(java.security.InvalidKeyException) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) CertprofileException(org.xipki.ca.api.profile.CertprofileException) ObjectCreationException(org.xipki.common.ObjectCreationException) InvalidKeyException(java.security.InvalidKeyException) XiSecurityException(org.xipki.security.exception.XiSecurityException) NoIdleSignerException(org.xipki.security.exception.NoIdleSignerException) InvalidConfException(org.xipki.common.InvalidConfException) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) OperationException(org.xipki.ca.api.OperationException) X509Certificate(java.security.cert.X509Certificate) ConcurrentContentSigner(org.xipki.security.ConcurrentContentSigner) XiSecurityException(org.xipki.security.exception.XiSecurityException) ObjectCreationException(org.xipki.common.ObjectCreationException) X509CertLevel(org.xipki.ca.api.profile.x509.X509CertLevel) OperationException(org.xipki.ca.api.OperationException) X509Certificate(java.security.cert.X509Certificate) Certificate(org.bouncycastle.asn1.x509.Certificate)

Example 3 with ObjectCreationException

use of org.xipki.common.ObjectCreationException in project xipki by xipki.

the class ResponderEntryWrapper method initSigner.

public void initSigner(SecurityFactory securityFactory) throws ObjectCreationException {
    ParamUtil.requireNonNull("securityFactory", securityFactory);
    if (signer != null) {
        return;
    }
    if (dbEntry == null) {
        throw new ObjectCreationException("dbEntry is null");
    }
    X509Certificate responderCert = dbEntry.getCertificate();
    dbEntry.setConfFaulty(true);
    signer = securityFactory.createSigner(dbEntry.getType(), new SignerConf(dbEntry.getConf()), responderCert);
    if (signer.getCertificate() == null) {
        throw new ObjectCreationException("signer without certificate is not allowed");
    }
    dbEntry.setConfFaulty(false);
    if (dbEntry.getBase64Cert() == null) {
        dbEntry.setCertificate(signer.getCertificate());
        subjectAsX500Name = X500Name.getInstance(signer.getBcCertificate().getSubject());
        subjectAsGeneralName = new GeneralName(subjectAsX500Name);
    }
}
Also used : ObjectCreationException(org.xipki.common.ObjectCreationException) SignerConf(org.xipki.security.SignerConf) GeneralName(org.bouncycastle.asn1.x509.GeneralName) X509Certificate(java.security.cert.X509Certificate)

Example 4 with ObjectCreationException

use of org.xipki.common.ObjectCreationException in project xipki by xipki.

the class CaManagerImpl method createResponder.

// method shutdownPublisher
ResponderEntryWrapper createResponder(ResponderEntry dbEntry) throws CaMgmtException {
    ParamUtil.requireNonNull("dbEntry", dbEntry);
    ResponderEntryWrapper ret = new ResponderEntryWrapper();
    ret.setDbEntry(dbEntry);
    try {
        ret.initSigner(securityFactory);
    } catch (ObjectCreationException ex) {
        final String message = "createCmpResponder";
        LOG.debug(message, ex);
        throw new CaMgmtException(ex.getMessage());
    }
    return ret;
}
Also used : CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException) ObjectCreationException(org.xipki.common.ObjectCreationException) ResponderEntryWrapper(org.xipki.ca.server.impl.cmp.ResponderEntryWrapper)

Example 5 with ObjectCreationException

use of org.xipki.common.ObjectCreationException in project xipki by xipki.

the class CaManagerImpl method createPublisher.

// method createCertprofile
IdentifiedX509CertPublisher createPublisher(PublisherEntry dbEntry) throws CaMgmtException {
    ParamUtil.requireNonNull("dbEntry", dbEntry);
    String type = dbEntry.getType();
    X509CertPublisher publisher;
    IdentifiedX509CertPublisher ret;
    try {
        if ("OCSP".equalsIgnoreCase(type)) {
            publisher = new OcspCertPublisher();
        } else {
            publisher = x509CertPublisherFactoryRegister.newPublisher(type);
        }
        ret = new IdentifiedX509CertPublisher(dbEntry, publisher);
        ret.initialize(securityFactory.getPasswordResolver(), datasources);
        return ret;
    } catch (ObjectCreationException | CertPublisherException | RuntimeException ex) {
        String msg = "invalid configuration for the publisher " + dbEntry.getIdent();
        LogUtil.error(LOG, ex, msg);
        throw new CaMgmtException(msg, ex);
    }
}
Also used : CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException) OcspCertPublisher(org.xipki.ca.server.impl.ocsp.OcspCertPublisher) X509CertPublisher(org.xipki.ca.api.publisher.x509.X509CertPublisher) ObjectCreationException(org.xipki.common.ObjectCreationException) CertPublisherException(org.xipki.ca.api.publisher.CertPublisherException)

Aggregations

ObjectCreationException (org.xipki.common.ObjectCreationException)18 X509Certificate (java.security.cert.X509Certificate)11 SignerConf (org.xipki.security.SignerConf)11 IOException (java.io.IOException)7 XiSecurityException (org.xipki.security.exception.XiSecurityException)7 CaMgmtException (org.xipki.ca.server.mgmt.api.CaMgmtException)6 ConcurrentContentSigner (org.xipki.security.ConcurrentContentSigner)6 CertificateException (java.security.cert.CertificateException)5 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4 InvalidConfException (org.xipki.common.InvalidConfException)4 BigInteger (java.math.BigInteger)3 InvalidKeyException (java.security.InvalidKeyException)3 PublicKey (java.security.PublicKey)3 CertificateEncodingException (java.security.cert.CertificateEncodingException)3 X509CaEntry (org.xipki.ca.server.mgmt.api.x509.X509CaEntry)3 ConfPairs (org.xipki.common.ConfPairs)3 FileInputStream (java.io.FileInputStream)2 FileNotFoundException (java.io.FileNotFoundException)2 NoSuchProviderException (java.security.NoSuchProviderException)2 SignatureException (java.security.SignatureException)2