Search in sources :

Example 6 with ObjectCreationException

use of org.xipki.common.ObjectCreationException in project xipki by xipki.

the class P12ComplexCsrGenCmd method getSigner.

@Override
protected ConcurrentContentSigner getSigner(SignatureAlgoControl signatureAlgoControl) throws ObjectCreationException {
    ParamUtil.requireNonNull("signatureAlgoControl", signatureAlgoControl);
    char[] pwd;
    try {
        pwd = getPassword();
    } catch (IOException ex) {
        throw new ObjectCreationException("could not read password: " + ex.getMessage(), ex);
    }
    SignerConf signerConf = SignerConf.getKeystoreSignerConf(p12File, new String(pwd), 1, HashAlgo.getNonNullInstance(hashAlgo), signatureAlgoControl);
    return securityFactory.createSigner("PKCS12", signerConf, (X509Certificate[]) null);
}
Also used : ObjectCreationException(org.xipki.common.ObjectCreationException) SignerConf(org.xipki.security.SignerConf) IOException(java.io.IOException) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) X509Certificate(java.security.cert.X509Certificate)

Example 7 with ObjectCreationException

use of org.xipki.common.ObjectCreationException in project xipki by xipki.

the class CaManagerImpl method addCa.

@Override
public void addCa(CaEntry caEntry) throws CaMgmtException {
    ParamUtil.requireNonNull("caEntry", caEntry);
    asssertMasterMode();
    NameId ident = caEntry.getIdent();
    String name = ident.getName();
    if (caInfos.containsKey(name)) {
        throw new CaMgmtException(concat("CA named ", name, " exists"));
    }
    String origSignerConf = caEntry.getSignerConf();
    String newSignerConf = canonicalizeSignerConf(caEntry.getSignerType(), origSignerConf, null, securityFactory);
    if (!origSignerConf.equals(newSignerConf)) {
        caEntry.setSignerConf(newSignerConf);
    }
    if (caEntry instanceof X509CaEntry) {
        try {
            X509CaEntry tmpCaEntry = (X509CaEntry) caEntry;
            List<String[]> signerConfs = CaEntry.splitCaSignerConfs(tmpCaEntry.getSignerConf());
            ConcurrentContentSigner signer;
            for (String[] m : signerConfs) {
                SignerConf signerConf = new SignerConf(m[1]);
                signer = securityFactory.createSigner(tmpCaEntry.getSignerType(), signerConf, tmpCaEntry.getCert());
                if (tmpCaEntry.getCert() == null) {
                    if (signer.getCertificate() == null) {
                        throw new CaMgmtException("CA signer without certificate is not allowed");
                    }
                    tmpCaEntry.setCert(signer.getCertificate());
                }
            }
        } catch (XiSecurityException | ObjectCreationException ex) {
            throw new CaMgmtException(concat("could not create signer for new CA ", name, ": ", ex.getMessage()), ex);
        }
    }
    queryExecutor.addCa(caEntry);
    if (!createCa(name)) {
        LOG.error("could not create CA {}", name);
    } else {
        if (startCa(name)) {
            LOG.info("started CA {}", name);
        } else {
            LOG.error("could not start CA {}", name);
        }
    }
}
Also used : CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException) ConcurrentContentSigner(org.xipki.security.ConcurrentContentSigner) XiSecurityException(org.xipki.security.exception.XiSecurityException) NameId(org.xipki.ca.api.NameId) ObjectCreationException(org.xipki.common.ObjectCreationException) SignerConf(org.xipki.security.SignerConf) X509CaEntry(org.xipki.ca.server.mgmt.api.x509.X509CaEntry)

Example 8 with ObjectCreationException

use of org.xipki.common.ObjectCreationException in project xipki by xipki.

the class CaManagerImpl method loadConf.

@Override
public void loadConf(CaConf conf) throws CaMgmtException {
    ParamUtil.requireNonNull("conf", conf);
    if (!caSystemSetuped) {
        throw new CaMgmtException("CA system is not initialized yet.");
    }
    // CMP control
    for (String name : conf.getCmpControlNames()) {
        CmpControlEntry entry = conf.getCmpControl(name);
        CmpControlEntry entryB = cmpControlDbEntries.get(name);
        if (entryB != null) {
            if (entry.equals(entryB)) {
                LOG.info("ignore existed CMP control {}", name);
                continue;
            } else {
                String msg = concat("CMP control ", name, " existed, could not re-added it");
                LOG.error(msg);
                throw new CaMgmtException(msg);
            }
        }
        try {
            addCmpControl(entry);
            LOG.info("added CMP control {}", name);
        } catch (CaMgmtException ex) {
            String msg = concat("could not add CMP control ", name);
            LogUtil.error(LOG, ex, msg);
            throw new CaMgmtException(msg);
        }
    }
    // Responder
    for (String name : conf.getResponderNames()) {
        ResponderEntry entry = conf.getResponder(name);
        ResponderEntry entryB = responderDbEntries.get(name);
        if (entryB != null) {
            if (entry.equals(entryB)) {
                LOG.info("ignore existed CMP responder {}", name);
                continue;
            } else {
                String msg = concat("CMP responder ", name, " existed, could not re-added it");
                LOG.error(msg);
                throw new CaMgmtException(msg);
            }
        }
        try {
            addResponder(entry);
            LOG.info("added CMP responder {}", name);
        } catch (CaMgmtException ex) {
            String msg = concat("could not add CMP responder ", name);
            LogUtil.error(LOG, ex, msg);
            throw new CaMgmtException(msg);
        }
    }
    // Environment
    for (String name : conf.getEnvironmentNames()) {
        String entry = conf.getEnvironment(name);
        String entryB = envParameterResolver.getParameter(name);
        if (entryB != null) {
            if (entry.equals(entryB)) {
                LOG.info("ignore existed environment parameter {}", name);
                continue;
            } else {
                String msg = concat("environment parameter ", name, " existed, could not re-added it");
                LOG.error(msg);
                throw new CaMgmtException(msg);
            }
        }
        try {
            addEnvParam(name, entry);
            LOG.info("could not add environment parameter {}", name);
        } catch (CaMgmtException ex) {
            String msg = concat("could not add environment parameter ", name);
            LogUtil.error(LOG, ex, msg);
            throw new CaMgmtException(msg);
        }
    }
    // CRL signer
    for (String name : conf.getCrlSignerNames()) {
        X509CrlSignerEntry entry = conf.getCrlSigner(name);
        X509CrlSignerEntry entryB = crlSignerDbEntries.get(name);
        if (entryB != null) {
            if (entry.equals(entryB)) {
                LOG.info("ignore existed CRL signer {}", name);
                continue;
            } else {
                String msg = concat("CRL signer ", name, " existed, could not re-added it");
                LOG.error(msg);
                throw new CaMgmtException(msg);
            }
        }
        try {
            addCrlSigner(entry);
            LOG.info("added CRL signer {}", name);
        } catch (CaMgmtException ex) {
            String msg = concat("could not add CRL signer ", name);
            LogUtil.error(LOG, ex, msg);
            throw new CaMgmtException(msg);
        }
    }
    // Requestor
    for (String name : conf.getRequestorNames()) {
        RequestorEntry entry = conf.getRequestor(name);
        RequestorEntry entryB = requestorDbEntries.get(name);
        if (entryB != null) {
            if (entry.equals(entryB)) {
                LOG.info("ignore existed CMP requestor {}", name);
                continue;
            } else {
                String msg = concat("CMP requestor ", name, " existed, could not re-added it");
                LOG.error(msg);
                throw new CaMgmtException(msg);
            }
        }
        try {
            addRequestor(entry);
            LOG.info("added CMP requestor {}", name);
        } catch (CaMgmtException ex) {
            String msg = concat("could not add CMP requestor ", name);
            LogUtil.error(LOG, ex, msg);
            throw new CaMgmtException(msg);
        }
    }
    // Publisher
    for (String name : conf.getPublisherNames()) {
        PublisherEntry entry = conf.getPublisher(name);
        PublisherEntry entryB = publisherDbEntries.get(name);
        if (entryB != null) {
            if (entry.equals(entryB)) {
                LOG.info("ignore existed publisher {}", name);
                continue;
            } else {
                String msg = concat("publisher ", name, " existed, could not re-added it");
                LOG.error(msg);
                throw new CaMgmtException(msg);
            }
        }
        try {
            addPublisher(entry);
            LOG.info("added publisher {}", name);
        } catch (CaMgmtException ex) {
            String msg = "could not add publisher " + name;
            LogUtil.error(LOG, ex, msg);
            throw new CaMgmtException(msg);
        }
    }
    // CertProfile
    for (String name : conf.getCertProfileNames()) {
        CertprofileEntry entry = conf.getCertProfile(name);
        CertprofileEntry entryB = certprofileDbEntries.get(name);
        if (entryB != null) {
            if (entry.equals(entryB)) {
                LOG.info("ignore existed certProfile {}", name);
                continue;
            } else {
                String msg = concat("certProfile ", name, " existed, could not re-added it");
                LOG.error(msg);
                throw new CaMgmtException(msg);
            }
        }
        try {
            addCertprofile(entry);
            LOG.info("added certProfile {}", name);
        } catch (CaMgmtException ex) {
            String msg = concat("could not add certProfile ", name);
            LogUtil.error(LOG, ex, msg);
            throw new CaMgmtException(msg);
        }
    }
    // User
    for (String name : conf.getUserNames()) {
        Object obj = conf.getUser(name);
        UserEntry entryB = queryExecutor.getUser(name, true);
        if (entryB != null) {
            boolean equals = false;
            if (obj instanceof UserEntry) {
                UserEntry entry = (UserEntry) obj;
                equals = entry.equals(entryB);
            } else {
                AddUserEntry entry = (AddUserEntry) obj;
                equals = PasswordHash.validatePassword(entry.getPassword(), entryB.getHashedPassword());
            }
            if (equals) {
                LOG.info("ignore existed user {}", name);
                continue;
            } else {
                String msg = concat("user ", name, " existed, could not re-added it");
                LOG.error(msg);
                throw new CaMgmtException(msg);
            }
        }
        try {
            if (obj instanceof UserEntry) {
                queryExecutor.addUser((UserEntry) obj);
            } else {
                queryExecutor.addUser((AddUserEntry) obj);
            }
            LOG.info("added user {}", name);
        } catch (CaMgmtException ex) {
            String msg = concat("could not add user ", name);
            LogUtil.error(LOG, ex, msg);
            throw new CaMgmtException(msg);
        }
    }
    // CA
    for (String caName : conf.getCaNames()) {
        SingleCaConf scc = conf.getCa(caName);
        GenSelfIssued genSelfIssued = scc.getGenSelfIssued();
        CaEntry caEntry = scc.getCaEntry();
        if (caEntry != null) {
            if (!(caEntry instanceof X509CaEntry)) {
                throw new CaMgmtException(concat("Unsupported CaEntry ", caName, " (only X509CaEntry is supported"));
            }
            X509CaEntry entry = (X509CaEntry) caEntry;
            if (caInfos.containsKey(caName)) {
                CaEntry entryB = caInfos.get(caName).getCaEntry();
                if (entry.getCert() == null && genSelfIssued != null) {
                    SignerConf signerConf = new SignerConf(entry.getSignerConf());
                    ConcurrentContentSigner signer;
                    try {
                        signer = securityFactory.createSigner(entry.getSignerType(), signerConf, (X509Certificate) null);
                    } catch (ObjectCreationException ex) {
                        throw new CaMgmtException(concat("could not create signer for CA ", caName), ex);
                    }
                    entry.setCert(signer.getCertificate());
                }
                if (entry.equals(entryB, true)) {
                    LOG.info("ignore existed CA {}", caName);
                } else {
                    String msg = concat("CA ", caName, " existed, could not re-added it");
                    LOG.error(msg);
                    throw new CaMgmtException(msg);
                }
            } else {
                if (genSelfIssued != null) {
                    X509Certificate cert = generateRootCa(entry, genSelfIssued.getProfile(), genSelfIssued.getCsr(), genSelfIssued.getSerialNumber());
                    LOG.info("generated root CA {}", caName);
                    String fn = genSelfIssued.getCertFilename();
                    if (fn != null) {
                        try {
                            IoUtil.save(fn, cert.getEncoded());
                            LOG.info("saved generated certificate of root CA {} to {}", caName, fn);
                        } catch (CertificateEncodingException ex) {
                            LogUtil.error(LOG, ex, concat("could not encode certificate of CA ", caName));
                        } catch (IOException ex) {
                            LogUtil.error(LOG, ex, concat("error while saving certificate of root CA ", caName, " to ", fn));
                        }
                    }
                } else {
                    try {
                        addCa(entry);
                        LOG.info("added CA {}", caName);
                    } catch (CaMgmtException ex) {
                        String msg = concat("could not add CA ", caName);
                        LogUtil.error(LOG, ex, msg);
                        throw new CaMgmtException(msg);
                    }
                }
            }
        }
        if (scc.getAliases() != null) {
            Set<String> aliasesB = getAliasesForCa(caName);
            for (String aliasName : scc.getAliases()) {
                if (aliasesB != null && aliasesB.contains(aliasName)) {
                    LOG.info("ignored adding existing CA alias {} to CA {}", aliasName, caName);
                } else {
                    try {
                        addCaAlias(aliasName, caName);
                        LOG.info("associated alias {} to CA {}", aliasName, caName);
                    } catch (CaMgmtException ex) {
                        String msg = concat("could not associate alias ", aliasName, " to CA ", caName);
                        LogUtil.error(LOG, ex, msg);
                        throw new CaMgmtException(msg);
                    }
                }
            }
        }
        if (scc.getProfileNames() != null) {
            Set<String> profilesB = caHasProfiles.get(caName);
            for (String profileName : scc.getProfileNames()) {
                if (profilesB != null && profilesB.contains(profileName)) {
                    LOG.info("ignored adding certprofile {} to CA {}", profileName, caName);
                } else {
                    try {
                        addCertprofileToCa(profileName, caName);
                        LOG.info("added certprofile {} to CA {}", profileName, caName);
                    } catch (CaMgmtException ex) {
                        String msg = concat("could not add certprofile ", profileName, " to CA ", caName);
                        LogUtil.error(LOG, ex, msg);
                        throw new CaMgmtException(msg);
                    }
                }
            }
        }
        if (scc.getPublisherNames() != null) {
            Set<String> publishersB = caHasPublishers.get(caName);
            for (String publisherName : scc.getPublisherNames()) {
                if (publishersB != null && publishersB.contains(publisherName)) {
                    LOG.info("ignored adding publisher {} to CA {}", publisherName, caName);
                } else {
                    try {
                        addPublisherToCa(publisherName, caName);
                        LOG.info("added publisher {} to CA {}", publisherName, caName);
                    } catch (CaMgmtException ex) {
                        String msg = concat("could not add publisher ", publisherName, " to CA ", caName);
                        LogUtil.error(LOG, ex, msg);
                        throw new CaMgmtException(msg);
                    }
                }
            }
        }
        if (scc.getRequestors() != null) {
            Set<CaHasRequestorEntry> requestorsB = caHasRequestors.get(caName);
            for (CaHasRequestorEntry requestor : scc.getRequestors()) {
                String requestorName = requestor.getRequestorIdent().getName();
                CaHasRequestorEntry requestorB = null;
                if (requestorsB != null) {
                    for (CaHasRequestorEntry m : requestorsB) {
                        if (m.getRequestorIdent().getName().equals(requestorName)) {
                            requestorB = m;
                            break;
                        }
                    }
                }
                if (requestorB != null) {
                    if (requestor.equals(requestorB)) {
                        LOG.info("ignored adding requestor {} to CA {}", requestorName, caName);
                    } else {
                        String msg = concat("could not add requestor ", requestorName, " to CA", caName);
                        LOG.error(msg);
                        throw new CaMgmtException(msg);
                    }
                } else {
                    try {
                        addRequestorToCa(requestor, caName);
                        LOG.info("added publisher {} to CA {}", requestorName, caName);
                    } catch (CaMgmtException ex) {
                        String msg = concat("could not add requestor ", requestorName, " to CA ", caName);
                        LogUtil.error(LOG, ex, msg);
                        throw new CaMgmtException(msg);
                    }
                }
            }
        }
        if (scc.getUsers() != null) {
            List<CaHasUserEntry> usersB = queryExecutor.getCaHasUsersForCa(caName, idNameMap);
            for (CaHasUserEntry user : scc.getUsers()) {
                String userName = user.getUserIdent().getName();
                CaHasUserEntry userB = null;
                if (usersB != null) {
                    for (CaHasUserEntry m : usersB) {
                        if (m.getUserIdent().getName().equals(userName)) {
                            userB = m;
                            break;
                        }
                    }
                }
                if (userB != null) {
                    if (user.equals(userB)) {
                        LOG.info("ignored adding user {} to CA {}", userName, caName);
                    } else {
                        String msg = concat("could not add user ", userName, " to CA", caName);
                        LOG.error(msg);
                        throw new CaMgmtException(msg);
                    }
                } else {
                    try {
                        addUserToCa(user, caName);
                        LOG.info("added user {} to CA {}", userName, caName);
                    } catch (CaMgmtException ex) {
                        String msg = concat("could not add user ", userName, " to CA ", caName);
                        LogUtil.error(LOG, ex, msg);
                        throw new CaMgmtException(msg);
                    }
                }
            }
        }
    // scc.getUsers()
    }
    // SCEP
    for (String name : conf.getScepNames()) {
        ScepEntry entry = conf.getScep(name);
        ScepEntry entryB = scepDbEntries.get(name);
        if (entryB != null) {
            if (entry.equals(entryB)) {
                LOG.error("ignore existed SCEP {}", name);
                continue;
            } else {
                String msg = concat("SCEP ", name, " existed, could not re-added it");
                LOG.error(msg);
                throw new CaMgmtException(msg);
            }
        } else {
            try {
                addScep(entry);
                LOG.info("added SCEP {}", name);
            } catch (CaMgmtException ex) {
                String msg = concat("could not add SCEP ", name);
                LogUtil.error(LOG, ex, msg);
                throw new CaMgmtException(msg);
            }
        }
    }
}
Also used : CaHasUserEntry(org.xipki.ca.server.mgmt.api.CaHasUserEntry) RequestorEntry(org.xipki.ca.server.mgmt.api.RequestorEntry) CaHasRequestorEntry(org.xipki.ca.server.mgmt.api.CaHasRequestorEntry) X509CaEntry(org.xipki.ca.server.mgmt.api.x509.X509CaEntry) ChangeCaEntry(org.xipki.ca.server.mgmt.api.ChangeCaEntry) CaEntry(org.xipki.ca.server.mgmt.api.CaEntry) PublisherEntry(org.xipki.ca.server.mgmt.api.PublisherEntry) CmpControlEntry(org.xipki.ca.server.mgmt.api.CmpControlEntry) X509CrlSignerEntry(org.xipki.ca.server.mgmt.api.x509.X509CrlSignerEntry) ResponderEntry(org.xipki.ca.server.mgmt.api.ResponderEntry) SignerConf(org.xipki.security.SignerConf) CertificateEncodingException(java.security.cert.CertificateEncodingException) IOException(java.io.IOException) X509Certificate(java.security.cert.X509Certificate) CertprofileEntry(org.xipki.ca.server.mgmt.api.CertprofileEntry) ChangeScepEntry(org.xipki.ca.server.mgmt.api.x509.ChangeScepEntry) ScepEntry(org.xipki.ca.server.mgmt.api.x509.ScepEntry) CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException) ConcurrentContentSigner(org.xipki.security.ConcurrentContentSigner) ObjectCreationException(org.xipki.common.ObjectCreationException) SingleCaConf(org.xipki.ca.server.mgmt.api.conf.SingleCaConf) AddUserEntry(org.xipki.ca.server.mgmt.api.AddUserEntry) AddUserEntry(org.xipki.ca.server.mgmt.api.AddUserEntry) UserEntry(org.xipki.ca.server.mgmt.api.UserEntry) CaHasUserEntry(org.xipki.ca.server.mgmt.api.CaHasUserEntry) ChangeUserEntry(org.xipki.ca.server.mgmt.api.ChangeUserEntry) CaHasRequestorEntry(org.xipki.ca.server.mgmt.api.CaHasRequestorEntry) GenSelfIssued(org.xipki.ca.server.mgmt.api.conf.GenSelfIssued) X509CaEntry(org.xipki.ca.server.mgmt.api.x509.X509CaEntry)

Example 9 with ObjectCreationException

use of org.xipki.common.ObjectCreationException in project xipki by xipki.

the class CaManagerImpl method createCertprofile.

// method createX509CrlSigner
IdentifiedX509Certprofile createCertprofile(CertprofileEntry dbEntry) throws CaMgmtException {
    ParamUtil.requireNonNull("dbEntry", dbEntry);
    try {
        X509Certprofile profile = x509CertProfileFactoryRegister.newCertprofile(dbEntry.getType());
        IdentifiedX509Certprofile ret = new IdentifiedX509Certprofile(dbEntry, profile);
        ret.setEnvParameterResolver(envParameterResolver);
        ret.validate();
        return ret;
    } catch (ObjectCreationException | CertprofileException ex) {
        String msg = "could not initialize Certprofile " + dbEntry.getIdent();
        LogUtil.error(LOG, ex, msg);
        throw new CaMgmtException(msg, ex);
    }
}
Also used : CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException) X509Certprofile(org.xipki.ca.api.profile.x509.X509Certprofile) ObjectCreationException(org.xipki.common.ObjectCreationException) CertprofileException(org.xipki.ca.api.profile.CertprofileException)

Example 10 with ObjectCreationException

use of org.xipki.common.ObjectCreationException in project xipki by xipki.

the class CaManagerQueryExecutor method changeCa.

// method addPublisherToCa
void changeCa(ChangeCaEntry changeCaEntry, SecurityFactory securityFactory) throws CaMgmtException {
    ParamUtil.requireNonNull("changeCaEntry", changeCaEntry);
    ParamUtil.requireNonNull("securityFactory", securityFactory);
    if (!(changeCaEntry instanceof X509ChangeCaEntry)) {
        throw new CaMgmtException("unsupported ChangeCAEntry " + changeCaEntry.getClass().getName());
    }
    X509ChangeCaEntry entry = (X509ChangeCaEntry) changeCaEntry;
    X509Certificate cert = entry.getCert();
    if (cert != null) {
        boolean anyCertIssued;
        try {
            anyCertIssued = datasource.columnExists(null, "CERT", "CA_ID", entry.getIdent().getId());
        } catch (DataAccessException ex) {
            throw new CaMgmtException(ex);
        }
        if (anyCertIssued) {
            throw new CaMgmtException("Cannot change the certificate of CA, since it has issued certificates");
        }
    }
    Integer serialNoBitLen = entry.getSerialNoBitLen();
    CaStatus status = entry.getStatus();
    List<String> crlUris = entry.getCrlUris();
    List<String> deltaCrlUris = entry.getDeltaCrlUris();
    List<String> ocspUris = entry.getOcspUris();
    List<String> caCertUris = entry.getCaCertUris();
    CertValidity maxValidity = entry.getMaxValidity();
    String signerType = entry.getSignerType();
    String signerConf = entry.getSignerConf();
    String crlsignerName = entry.getCrlSignerName();
    String responderName = entry.getResponderName();
    String cmpcontrolName = entry.getCmpControlName();
    Boolean duplicateKeyPermitted = entry.getDuplicateKeyPermitted();
    Boolean duplicateSubjectPermitted = entry.getDuplicateSubjectPermitted();
    Boolean saveReq = entry.getSaveRequest();
    Integer permission = entry.getPermission();
    Integer numCrls = entry.getNumCrls();
    Integer expirationPeriod = entry.getExpirationPeriod();
    Integer keepExpiredCertInDays = entry.getKeepExpiredCertInDays();
    ValidityMode validityMode = entry.getValidityMode();
    ConfPairs extraControl = entry.getExtraControl();
    if (signerType != null || signerConf != null || cert != null) {
        final String sql = "SELECT SIGNER_TYPE,CERT,SIGNER_CONF FROM CA WHERE ID=?";
        PreparedStatement stmt = null;
        ResultSet rs = null;
        try {
            stmt = prepareStatement(sql);
            stmt.setInt(1, entry.getIdent().getId());
            rs = stmt.executeQuery();
            if (!rs.next()) {
                throw new CaMgmtException("unknown CA '" + entry.getIdent());
            }
            String tmpSignerType = rs.getString("SIGNER_TYPE");
            String tmpSignerConf = rs.getString("SIGNER_CONF");
            String tmpB64Cert = rs.getString("CERT");
            if (signerType != null) {
                tmpSignerType = signerType;
            }
            if (signerConf != null) {
                tmpSignerConf = getRealString(signerConf);
                if (tmpSignerConf != null) {
                    tmpSignerConf = CaManagerImpl.canonicalizeSignerConf(tmpSignerType, tmpSignerConf, null, securityFactory);
                }
            }
            X509Certificate tmpCert;
            if (cert != null) {
                tmpCert = cert;
            } else {
                try {
                    tmpCert = X509Util.parseBase64EncodedCert(tmpB64Cert);
                } catch (CertificateException ex) {
                    throw new CaMgmtException("could not parse the stored certificate for CA '" + changeCaEntry.getIdent() + "'" + ex.getMessage(), ex);
                }
            }
            try {
                List<String[]> signerConfs = CaEntry.splitCaSignerConfs(tmpSignerConf);
                for (String[] m : signerConfs) {
                    securityFactory.createSigner(tmpSignerType, new SignerConf(m[1]), tmpCert);
                }
            } catch (XiSecurityException | ObjectCreationException ex) {
                throw new CaMgmtException("could not create signer for CA '" + changeCaEntry.getIdent() + "'" + ex.getMessage(), ex);
            }
        } catch (SQLException ex) {
            throw new CaMgmtException(datasource, sql, ex);
        } finally {
            datasource.releaseResources(stmt, rs);
        }
    }
    // end if (signerType)
    StringBuilder sqlBuilder = new StringBuilder();
    sqlBuilder.append("UPDATE CA SET ");
    AtomicInteger index = new AtomicInteger(1);
    Integer idxSnSize = addToSqlIfNotNull(sqlBuilder, index, serialNoBitLen, "SN_SIZE");
    Integer idxStatus = addToSqlIfNotNull(sqlBuilder, index, status, "STATUS");
    Integer idxSubject = addToSqlIfNotNull(sqlBuilder, index, cert, "SUBJECT");
    Integer idxCert = addToSqlIfNotNull(sqlBuilder, index, cert, "CERT");
    Integer idxCrlUris = addToSqlIfNotNull(sqlBuilder, index, crlUris, "CRL_URIS");
    Integer idxDeltaCrlUris = addToSqlIfNotNull(sqlBuilder, index, deltaCrlUris, "DELTACRL_URIS");
    Integer idxOcspUris = addToSqlIfNotNull(sqlBuilder, index, ocspUris, "OCSP_URIS");
    Integer idxCaCertUris = addToSqlIfNotNull(sqlBuilder, index, caCertUris, "CACERT_URIS");
    Integer idxMaxValidity = addToSqlIfNotNull(sqlBuilder, index, maxValidity, "MAX_VALIDITY");
    Integer idxSignerType = addToSqlIfNotNull(sqlBuilder, index, signerType, "SIGNER_TYPE");
    Integer idxCrlsignerName = addToSqlIfNotNull(sqlBuilder, index, crlsignerName, "CRLSIGNER_NAME");
    Integer idxResponderName = addToSqlIfNotNull(sqlBuilder, index, responderName, "RESPONDER_NAME");
    Integer idxCmpcontrolName = addToSqlIfNotNull(sqlBuilder, index, cmpcontrolName, "CMPCONTROL_NAME");
    Integer idxDuplicateKey = addToSqlIfNotNull(sqlBuilder, index, duplicateKeyPermitted, "DUPLICATE_KEY");
    Integer idxDuplicateSubject = addToSqlIfNotNull(sqlBuilder, index, duplicateKeyPermitted, "DUPLICATE_SUBJECT");
    Integer idxSaveReq = addToSqlIfNotNull(sqlBuilder, index, saveReq, "SAVE_REQ");
    Integer idxPermission = addToSqlIfNotNull(sqlBuilder, index, permission, "PERMISSION");
    Integer idxNumCrls = addToSqlIfNotNull(sqlBuilder, index, numCrls, "NUM_CRLS");
    Integer idxExpirationPeriod = addToSqlIfNotNull(sqlBuilder, index, expirationPeriod, "EXPIRATION_PERIOD");
    Integer idxExpiredCerts = addToSqlIfNotNull(sqlBuilder, index, keepExpiredCertInDays, "KEEP_EXPIRED_CERT_DAYS");
    Integer idxValidityMode = addToSqlIfNotNull(sqlBuilder, index, validityMode, "VALIDITY_MODE");
    Integer idxExtraControl = addToSqlIfNotNull(sqlBuilder, index, extraControl, "EXTRA_CONTROL");
    Integer idxSignerConf = addToSqlIfNotNull(sqlBuilder, index, signerConf, "SIGNER_CONF");
    // delete the last ','
    sqlBuilder.deleteCharAt(sqlBuilder.length() - 1);
    sqlBuilder.append(" WHERE ID=?");
    if (index.get() == 1) {
        throw new IllegalArgumentException("nothing to change");
    }
    int idxId = index.get();
    final String sql = sqlBuilder.toString();
    StringBuilder sb = new StringBuilder();
    PreparedStatement ps = null;
    try {
        ps = prepareStatement(sql);
        if (idxSnSize != null) {
            sb.append("sn_size: '").append(serialNoBitLen).append("'; ");
            ps.setInt(idxSnSize, serialNoBitLen.intValue());
        }
        if (idxStatus != null) {
            sb.append("status: '").append(status.name()).append("'; ");
            ps.setString(idxStatus, status.name());
        }
        if (idxCert != null) {
            String subject = X509Util.getRfc4519Name(cert.getSubjectX500Principal());
            sb.append("cert: '").append(subject).append("'; ");
            ps.setString(idxSubject, subject);
            String base64Cert = Base64.encodeToString(cert.getEncoded());
            ps.setString(idxCert, base64Cert);
        }
        if (idxCrlUris != null) {
            String txt = StringUtil.collectionAsStringByComma(crlUris);
            sb.append("crlUri: '").append(txt).append("'; ");
            ps.setString(idxCrlUris, txt);
        }
        if (idxDeltaCrlUris != null) {
            String txt = StringUtil.collectionAsStringByComma(deltaCrlUris);
            sb.append("deltaCrlUri: '").append(txt).append("'; ");
            ps.setString(idxDeltaCrlUris, txt);
        }
        if (idxOcspUris != null) {
            String txt = StringUtil.collectionAsStringByComma(ocspUris);
            sb.append("ocspUri: '").append(txt).append("'; ");
            ps.setString(idxOcspUris, txt);
        }
        if (idxCaCertUris != null) {
            String txt = StringUtil.collectionAsStringByComma(caCertUris);
            sb.append("caCertUri: '").append(txt).append("'; ");
            ps.setString(idxCaCertUris, txt);
        }
        if (idxMaxValidity != null) {
            String txt = maxValidity.toString();
            sb.append("maxValidity: '").append(txt).append("'; ");
            ps.setString(idxMaxValidity, txt);
        }
        if (idxSignerType != null) {
            sb.append("signerType: '").append(signerType).append("'; ");
            ps.setString(idxSignerType, signerType);
        }
        if (idxSignerConf != null) {
            sb.append("signerConf: '").append(SignerConf.toString(signerConf, false, true)).append("'; ");
            ps.setString(idxSignerConf, signerConf);
        }
        if (idxCrlsignerName != null) {
            String txt = getRealString(crlsignerName);
            sb.append("crlSigner: '").append(txt).append("'; ");
            ps.setString(idxCrlsignerName, txt);
        }
        if (idxResponderName != null) {
            String txt = getRealString(responderName);
            sb.append("responder: '").append(txt).append("'; ");
            ps.setString(idxResponderName, txt);
        }
        if (idxCmpcontrolName != null) {
            String txt = getRealString(cmpcontrolName);
            sb.append("cmpControl: '").append(txt).append("'; ");
            ps.setString(idxCmpcontrolName, txt);
        }
        if (idxDuplicateKey != null) {
            sb.append("duplicateKey: '").append(duplicateKeyPermitted).append("'; ");
            setBoolean(ps, idxDuplicateKey, duplicateKeyPermitted);
        }
        if (idxDuplicateSubject != null) {
            sb.append("duplicateSubject: '").append(duplicateSubjectPermitted).append("'; ");
            setBoolean(ps, idxDuplicateSubject, duplicateSubjectPermitted);
        }
        if (idxSaveReq != null) {
            sb.append("saveReq: '").append(saveReq).append("'; ");
            setBoolean(ps, idxSaveReq, saveReq);
        }
        if (idxPermission != null) {
            sb.append("permission: '").append(permission).append("'; ");
            ps.setInt(idxPermission, permission);
        }
        if (idxNumCrls != null) {
            sb.append("numCrls: '").append(numCrls).append("'; ");
            ps.setInt(idxNumCrls, numCrls);
        }
        if (idxExpirationPeriod != null) {
            sb.append("expirationPeriod: '").append(expirationPeriod).append("'; ");
            ps.setInt(idxExpirationPeriod, expirationPeriod);
        }
        if (idxExpiredCerts != null) {
            sb.append("keepExpiredCertDays: '").append(keepExpiredCertInDays).append("'; ");
            ps.setInt(idxExpiredCerts, keepExpiredCertInDays);
        }
        if (idxValidityMode != null) {
            String txt = validityMode.name();
            sb.append("validityMode: '").append(txt).append("'; ");
            ps.setString(idxValidityMode, txt);
        }
        if (idxExtraControl != null) {
            sb.append("extraControl: '").append(extraControl).append("'; ");
            ps.setString(idxExtraControl, extraControl.getEncoded());
        }
        ps.setInt(idxId, changeCaEntry.getIdent().getId());
        if (ps.executeUpdate() == 0) {
            throw new CaMgmtException("could not change CA " + entry.getIdent());
        }
        if (sb.length() > 0) {
            sb.deleteCharAt(sb.length() - 1).deleteCharAt(sb.length() - 1);
        }
        LOG.info("changed CA '{}': {}", changeCaEntry.getIdent(), sb);
    } catch (SQLException ex) {
        throw new CaMgmtException(datasource, sql, ex);
    } catch (CertificateEncodingException ex) {
        throw new CaMgmtException(ex);
    } finally {
        datasource.releaseResources(ps, null);
    }
}
Also used : CertValidity(org.xipki.ca.api.profile.CertValidity) SQLException(java.sql.SQLException) CertificateException(java.security.cert.CertificateException) CaStatus(org.xipki.ca.server.mgmt.api.CaStatus) ValidityMode(org.xipki.ca.server.mgmt.api.ValidityMode) XiSecurityException(org.xipki.security.exception.XiSecurityException) ResultSet(java.sql.ResultSet) DataAccessException(org.xipki.datasource.DataAccessException) ConfPairs(org.xipki.common.ConfPairs) SignerConf(org.xipki.security.SignerConf) PreparedStatement(java.sql.PreparedStatement) CertificateEncodingException(java.security.cert.CertificateEncodingException) X509ChangeCaEntry(org.xipki.ca.server.mgmt.api.x509.X509ChangeCaEntry) X509Certificate(java.security.cert.X509Certificate) AtomicInteger(java.util.concurrent.atomic.AtomicInteger) CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException) AtomicInteger(java.util.concurrent.atomic.AtomicInteger) ObjectCreationException(org.xipki.common.ObjectCreationException)

Aggregations

ObjectCreationException (org.xipki.common.ObjectCreationException)18 X509Certificate (java.security.cert.X509Certificate)11 SignerConf (org.xipki.security.SignerConf)11 IOException (java.io.IOException)7 XiSecurityException (org.xipki.security.exception.XiSecurityException)7 CaMgmtException (org.xipki.ca.server.mgmt.api.CaMgmtException)6 ConcurrentContentSigner (org.xipki.security.ConcurrentContentSigner)6 CertificateException (java.security.cert.CertificateException)5 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4 InvalidConfException (org.xipki.common.InvalidConfException)4 BigInteger (java.math.BigInteger)3 InvalidKeyException (java.security.InvalidKeyException)3 PublicKey (java.security.PublicKey)3 CertificateEncodingException (java.security.cert.CertificateEncodingException)3 X509CaEntry (org.xipki.ca.server.mgmt.api.x509.X509CaEntry)3 ConfPairs (org.xipki.common.ConfPairs)3 FileInputStream (java.io.FileInputStream)2 FileNotFoundException (java.io.FileNotFoundException)2 NoSuchProviderException (java.security.NoSuchProviderException)2 SignatureException (java.security.SignatureException)2