Search in sources :

Example 11 with ObjectCreationException

use of org.xipki.common.ObjectCreationException in project xipki by xipki.

the class OcspServerImpl method newStore.

// method initSigner
private OcspStore newStore(StoreType conf, Map<String, DataSourceWrapper> datasources) throws InvalidConfException {
    OcspStore store;
    String type = conf.getSource().getType();
    if ("CRL".equalsIgnoreCase(type)) {
        store = new CrlDbCertStatusStore();
    } else if ("XIPKI-DB".equals(type)) {
        store = new DbCertStatusStore();
    } else {
        try {
            store = ocspStoreFactoryRegister.newOcspStore(conf.getSource().getType());
        } catch (ObjectCreationException ex) {
            throw new InvalidConfException("ObjectCreationException of store " + conf.getName() + ":" + ex.getMessage(), ex);
        }
    }
    store.setName(conf.getName());
    Integer interval = conf.getRetentionInterval();
    int retentionInterva = (interval == null) ? -1 : interval.intValue();
    store.setRetentionInterval(retentionInterva);
    store.setUnknownSerialAsGood(getBoolean(conf.isUnknownSerialAsGood(), false));
    store.setIncludeArchiveCutoff(getBoolean(conf.isIncludeArchiveCutoff(), true));
    store.setIncludeCrlId(getBoolean(conf.isIncludeCrlID(), true));
    store.setIgnoreExpiredCert(getBoolean(conf.isIgnoreExpiredCert(), true));
    store.setIgnoreNotYetValidCert(getBoolean(conf.isIgnoreNotYetValidCert(), true));
    String datasourceName = conf.getSource().getDatasource();
    DataSourceWrapper datasource = null;
    if (datasourceName != null) {
        datasource = datasources.get(datasourceName);
        if (datasource == null) {
            throw new InvalidConfException("datasource named '" + datasourceName + "' not defined");
        }
    }
    try {
        store.init(conf.getSource().getConf(), datasource);
    } catch (OcspStoreException ex) {
        throw new InvalidConfException("CertStatusStoreException of store " + conf.getName() + ":" + ex.getMessage(), ex);
    }
    return store;
}
Also used : CrlDbCertStatusStore(org.xipki.ocsp.server.impl.store.crl.CrlDbCertStatusStore) DbCertStatusStore(org.xipki.ocsp.server.impl.store.db.DbCertStatusStore) BigInteger(java.math.BigInteger) CrlDbCertStatusStore(org.xipki.ocsp.server.impl.store.crl.CrlDbCertStatusStore) OcspStoreException(org.xipki.ocsp.api.OcspStoreException) OcspStore(org.xipki.ocsp.api.OcspStore) ObjectCreationException(org.xipki.common.ObjectCreationException) InvalidConfException(org.xipki.common.InvalidConfException) DataSourceWrapper(org.xipki.datasource.DataSourceWrapper)

Example 12 with ObjectCreationException

use of org.xipki.common.ObjectCreationException in project xipki by xipki.

the class CaClientImpl method init0.

private synchronized void init0(boolean force) throws CaClientException {
    if (confFile == null) {
        throw new IllegalStateException("confFile is not set");
    }
    if (securityFactory == null) {
        throw new IllegalStateException("securityFactory is not set");
    }
    if (!force && initialized.get()) {
        return;
    }
    // reset
    this.casMap.clear();
    this.autoConfCaNames.clear();
    if (this.scheduledThreadPoolExecutor != null) {
        this.scheduledThreadPoolExecutor.shutdownNow();
    }
    this.initialized.set(false);
    LOG.info("initializing ...");
    File configFile = new File(IoUtil.expandFilepath(confFile));
    if (!configFile.exists()) {
        throw new CaClientException("could not find configuration file " + confFile);
    }
    CAClientType config;
    try {
        config = parse(new FileInputStream(configFile));
    } catch (FileNotFoundException ex) {
        throw new CaClientException("could not read file " + confFile);
    }
    int numActiveCAs = 0;
    for (CAType caType : config.getCAs().getCA()) {
        if (!caType.isEnabled()) {
            LOG.info("CA " + caType.getName() + " is disabled");
            continue;
        }
        numActiveCAs++;
    }
    if (numActiveCAs == 0) {
        LOG.warn("no active CA is configured");
    }
    // responders
    Map<String, CmpResponder> responders = new HashMap<>();
    for (ResponderType m : config.getResponders().getResponder()) {
        X509Certificate cert;
        try {
            cert = X509Util.parseCert(readData(m.getCert()));
        } catch (CertificateException | IOException ex) {
            LogUtil.error(LOG, ex, "could not configure responder " + m.getName());
            throw new CaClientException(ex.getMessage(), ex);
        }
        Set<String> algoNames = new HashSet<>();
        for (String algo : m.getSignatureAlgos().getSignatureAlgo()) {
            algoNames.add(algo);
        }
        AlgorithmValidator sigAlgoValidator;
        try {
            sigAlgoValidator = new CollectionAlgorithmValidator(algoNames);
        } catch (NoSuchAlgorithmException ex) {
            throw new CaClientException(ex.getMessage());
        }
        responders.put(m.getName(), new CmpResponder(cert, sigAlgoValidator));
    }
    // CA
    Set<CaConf> cas = new HashSet<>();
    for (CAType caType : config.getCAs().getCA()) {
        if (!caType.isEnabled()) {
            continue;
        }
        String caName = caType.getName();
        try {
            // responder
            CmpResponder responder = responders.get(caType.getResponder());
            if (responder == null) {
                throw new CaClientException("no responder named " + caType.getResponder() + " is configured");
            }
            CaConf ca = new CaConf(caName, caType.getUrl(), caType.getHealthUrl(), caType.getRequestor(), responder);
            // CA cert
            if (caType.getCaCert().getAutoconf() != null) {
                ca.setCertAutoconf(true);
            } else {
                ca.setCertAutoconf(false);
                ca.setCert(X509Util.parseCert(readData(caType.getCaCert().getCert())));
            }
            // CMPControl
            CmpControlType cmpCtrlType = caType.getCmpControl();
            if (cmpCtrlType.getAutoconf() != null) {
                ca.setCmpControlAutoconf(true);
            } else {
                ca.setCmpControlAutoconf(false);
                Boolean tmpBo = cmpCtrlType.isRrAkiRequired();
                ClientCmpControl control = new ClientCmpControl((tmpBo == null) ? false : tmpBo.booleanValue());
                ca.setCmpControl(control);
            }
            // Certprofiles
            CertprofilesType certprofilesType = caType.getCertprofiles();
            if (certprofilesType.getAutoconf() != null) {
                ca.setCertprofilesAutoconf(true);
            } else {
                ca.setCertprofilesAutoconf(false);
                List<CertprofileType> types = certprofilesType.getCertprofile();
                Set<CertprofileInfo> profiles = new HashSet<>(types.size());
                for (CertprofileType m : types) {
                    String conf = null;
                    if (m.getConf() != null) {
                        conf = m.getConf().getValue();
                        if (conf == null) {
                            conf = new String(IoUtil.read(m.getConf().getFile()));
                        }
                    }
                    CertprofileInfo profile = new CertprofileInfo(m.getName(), m.getType(), conf);
                    profiles.add(profile);
                }
                ca.setCertprofiles(profiles);
            }
            cas.add(ca);
            if (ca.isCertAutoconf() || ca.isCertprofilesAutoconf() || ca.isCmpControlAutoconf()) {
                autoConfCaNames.add(caName);
            }
        } catch (IOException | CertificateException ex) {
            LogUtil.error(LOG, ex, "could not configure CA " + caName);
            throw new CaClientException(ex.getMessage(), ex);
        }
    }
    // requestors
    Map<String, X509Certificate> requestorCerts = new HashMap<>();
    Map<String, ConcurrentContentSigner> requestorSigners = new HashMap<>();
    Map<String, Boolean> requestorSignRequests = new HashMap<>();
    for (RequestorType requestorConf : config.getRequestors().getRequestor()) {
        String name = requestorConf.getName();
        requestorSignRequests.put(name, requestorConf.isSignRequest());
        X509Certificate requestorCert = null;
        if (requestorConf.getCert() != null) {
            try {
                requestorCert = X509Util.parseCert(readData(requestorConf.getCert()));
                requestorCerts.put(name, requestorCert);
            } catch (Exception ex) {
                throw new CaClientException(ex.getMessage(), ex);
            }
        }
        if (requestorConf.getSignerType() != null) {
            try {
                SignerConf signerConf = new SignerConf(requestorConf.getSignerConf());
                ConcurrentContentSigner requestorSigner = securityFactory.createSigner(requestorConf.getSignerType(), signerConf, requestorCert);
                requestorSigners.put(name, requestorSigner);
            } catch (ObjectCreationException ex) {
                throw new CaClientException(ex.getMessage(), ex);
            }
        } else {
            if (requestorConf.isSignRequest()) {
                throw new CaClientException("signer of requestor must be configured");
            } else if (requestorCert == null) {
                throw new CaClientException("at least one of certificate and signer of requestor must be configured");
            }
        }
    }
    for (CaConf ca : cas) {
        if (this.casMap.containsKey(ca.getName())) {
            throw new CaClientException("duplicate CAs with the same name " + ca.getName());
        }
        String requestorName = ca.getRequestorName();
        X509CmpRequestor cmpRequestor;
        if (requestorSigners.containsKey(requestorName)) {
            cmpRequestor = new DfltHttpX509CmpRequestor(requestorSigners.get(requestorName), ca.getResponder(), ca.getUrl(), securityFactory);
            cmpRequestor.setSignRequest(requestorSignRequests.get(requestorName));
        } else if (requestorCerts.containsKey(requestorName)) {
            cmpRequestor = new DfltHttpX509CmpRequestor(requestorCerts.get(requestorName), ca.getResponder(), ca.getUrl(), securityFactory);
        } else {
            throw new CaClientException("could not find requestor named " + requestorName + " for CA " + ca.getName());
        }
        ca.setRequestor(cmpRequestor);
        this.casMap.put(ca.getName(), ca);
    }
    if (!autoConfCaNames.isEmpty()) {
        Integer caInfoUpdateInterval = config.getCAs().getCAInfoUpdateInterval();
        if (caInfoUpdateInterval == null) {
            caInfoUpdateInterval = 10;
        } else if (caInfoUpdateInterval <= 0) {
            caInfoUpdateInterval = 0;
        } else if (caInfoUpdateInterval < 5) {
            caInfoUpdateInterval = 5;
        }
        LOG.info("configuring CAs {}", autoConfCaNames);
        Set<String> failedCaNames = autoConfCas(autoConfCaNames);
        // try to re-configure the failed CAs
        if (CollectionUtil.isNonEmpty(failedCaNames)) {
            for (int i = 0; i < 3; i++) {
                LOG.info("configuring ({}-th retry) CAs {}", i + 1, failedCaNames);
                failedCaNames = autoConfCas(failedCaNames);
                if (CollectionUtil.isEmpty(failedCaNames)) {
                    break;
                }
                try {
                    Thread.sleep(10000);
                } catch (InterruptedException ex) {
                    LOG.warn("interrupted", ex);
                }
            }
        }
        if (CollectionUtil.isNonEmpty(failedCaNames)) {
            throw new CaClientException("could not configure following CAs " + failedCaNames);
        }
        if (caInfoUpdateInterval > 0) {
            scheduledThreadPoolExecutor = new ScheduledThreadPoolExecutor(1);
            scheduledThreadPoolExecutor.scheduleAtFixedRate(new ClientConfigUpdater(), caInfoUpdateInterval, caInfoUpdateInterval, TimeUnit.MINUTES);
        }
    }
    initialized.set(true);
    LOG.info("initialized");
}
Also used : CollectionAlgorithmValidator(org.xipki.security.CollectionAlgorithmValidator) AlgorithmValidator(org.xipki.security.AlgorithmValidator) HashMap(java.util.HashMap) ScheduledThreadPoolExecutor(java.util.concurrent.ScheduledThreadPoolExecutor) FileNotFoundException(java.io.FileNotFoundException) RequestorType(org.xipki.ca.client.impl.jaxb.RequestorType) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) CmpControlType(org.xipki.ca.client.impl.jaxb.CmpControlType) CertprofilesType(org.xipki.ca.client.impl.jaxb.CertprofilesType) AtomicBoolean(java.util.concurrent.atomic.AtomicBoolean) HashSet(java.util.HashSet) CertprofileType(org.xipki.ca.client.impl.jaxb.CertprofileType) CertprofileInfo(org.xipki.ca.client.api.CertprofileInfo) CAType(org.xipki.ca.client.impl.jaxb.CAType) SignerConf(org.xipki.security.SignerConf) IOException(java.io.IOException) ResponderType(org.xipki.ca.client.impl.jaxb.ResponderType) FileInputStream(java.io.FileInputStream) X509Certificate(java.security.cert.X509Certificate) CollectionAlgorithmValidator(org.xipki.security.CollectionAlgorithmValidator) ObjectCreationException(org.xipki.common.ObjectCreationException) SignatureException(java.security.SignatureException) JAXBException(javax.xml.bind.JAXBException) FileNotFoundException(java.io.FileNotFoundException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) SAXException(org.xml.sax.SAXException) InvalidKeyException(java.security.InvalidKeyException) CertificateEncodingException(java.security.cert.CertificateEncodingException) PkiErrorException(org.xipki.ca.client.api.PkiErrorException) CaClientException(org.xipki.ca.client.api.CaClientException) MalformedURLException(java.net.MalformedURLException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) NoSuchProviderException(java.security.NoSuchProviderException) BigInteger(java.math.BigInteger) ConcurrentContentSigner(org.xipki.security.ConcurrentContentSigner) CAClientType(org.xipki.ca.client.impl.jaxb.CAClientType) ObjectCreationException(org.xipki.common.ObjectCreationException) File(java.io.File) CaClientException(org.xipki.ca.client.api.CaClientException)

Example 13 with ObjectCreationException

use of org.xipki.common.ObjectCreationException in project xipki by xipki.

the class X509CrlSignerEntryWrapper method initSigner.

public void initSigner(SecurityFactory securityFactory) throws XiSecurityException, OperationException, InvalidConfException {
    ParamUtil.requireNonNull("securityFactory", securityFactory);
    if (signer != null) {
        return;
    }
    if (dbEntry == null) {
        throw new XiSecurityException("dbEntry is null");
    }
    if ("CA".equals(dbEntry.getType())) {
        return;
    }
    dbEntry.setConfFaulty(true);
    X509Certificate responderCert = dbEntry.getCert();
    try {
        signer = securityFactory.createSigner(dbEntry.getType(), new SignerConf(dbEntry.getConf()), responderCert);
    } catch (ObjectCreationException ex1) {
        throw new XiSecurityException("signer without certificate is not allowed");
    }
    X509Certificate signerCert = signer.getCertificate();
    if (signerCert == null) {
        throw new XiSecurityException("signer without certificate is not allowed");
    }
    if (dbEntry.getBase64Cert() == null) {
        dbEntry.setCert(signerCert);
    }
    byte[] encodedSkiValue = signerCert.getExtensionValue(Extension.subjectKeyIdentifier.getId());
    if (encodedSkiValue == null) {
        throw new OperationException(ErrorCode.INVALID_EXTENSION, "CA certificate does not have required extension SubjectKeyIdentifier");
    }
    ASN1OctetString ski;
    try {
        ski = (ASN1OctetString) X509ExtensionUtil.fromExtensionValue(encodedSkiValue);
    } catch (IOException ex) {
        throw new OperationException(ErrorCode.INVALID_EXTENSION, ex);
    }
    this.subjectKeyIdentifier = ski.getOctets();
    if (!X509Util.hasKeyusage(signerCert, KeyUsage.cRLSign)) {
        throw new OperationException(ErrorCode.SYSTEM_FAILURE, "CRL signer does not have keyusage cRLSign");
    }
    dbEntry.setConfFaulty(false);
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) XiSecurityException(org.xipki.security.exception.XiSecurityException) ObjectCreationException(org.xipki.common.ObjectCreationException) SignerConf(org.xipki.security.SignerConf) IOException(java.io.IOException) X509Certificate(java.security.cert.X509Certificate) OperationException(org.xipki.ca.api.OperationException)

Example 14 with ObjectCreationException

use of org.xipki.common.ObjectCreationException in project xipki by xipki.

the class P12CsrGenCmd method getSigner.

@Override
protected ConcurrentContentSigner getSigner(SignatureAlgoControl signatureAlgoControl) throws ObjectCreationException {
    ParamUtil.requireNonNull("signatureAlgoControl", signatureAlgoControl);
    char[] pwd;
    try {
        pwd = getPassword();
    } catch (IOException ex) {
        throw new ObjectCreationException("could not read password: " + ex.getMessage(), ex);
    }
    SignerConf conf = SignerConf.getKeystoreSignerConf(p12File, new String(pwd), 1, HashAlgo.getNonNullInstance(hashAlgo), signatureAlgoControl);
    return securityFactory.createSigner("PKCS12", conf, (X509Certificate[]) null);
}
Also used : ObjectCreationException(org.xipki.common.ObjectCreationException) SignerConf(org.xipki.security.SignerConf) IOException(java.io.IOException) X509Certificate(java.security.cert.X509Certificate)

Example 15 with ObjectCreationException

use of org.xipki.common.ObjectCreationException in project xipki by xipki.

the class CaConf method init.

private void init(CAConfType jaxb, String baseDir, ZipFile zipFile, SecurityFactory securityFactory) throws IOException, InvalidConfException, CaMgmtException {
    // Properties
    if (baseDir != null) {
        properties.put("baseDir", baseDir);
    }
    if (jaxb.getProperties() != null) {
        for (NameValueType m : jaxb.getProperties().getProperty()) {
            String name = m.getName();
            if (properties.containsKey(name)) {
                throw new InvalidConfException("Property " + name + " already defined");
            }
            properties.put(name, m.getValue());
        }
    }
    // CMP controls
    if (jaxb.getCmpcontrols() != null) {
        for (CmpcontrolType m : jaxb.getCmpcontrols().getCmpcontrol()) {
            CmpControlEntry en = new CmpControlEntry(m.getName(), getValue(m.getConf(), zipFile));
            addCmpControl(en);
        }
    }
    // Responders
    if (jaxb.getResponders() != null) {
        for (ResponderType m : jaxb.getResponders().getResponder()) {
            ResponderEntry en = new ResponderEntry(m.getName(), expandConf(m.getType()), getValue(m.getConf(), zipFile), getBase64Binary(m.getCert(), zipFile));
            addResponder(en);
        }
    }
    // Environments
    if (jaxb.getEnvironments() != null) {
        for (NameValueType m : jaxb.getEnvironments().getEnvironment()) {
            addEnvironment(m.getName(), expandConf(m.getValue()));
        }
    }
    // CRL signers
    if (jaxb.getCrlsigners() != null) {
        for (CrlsignerType m : jaxb.getCrlsigners().getCrlsigner()) {
            X509CrlSignerEntry en = new X509CrlSignerEntry(m.getName(), expandConf(m.getSignerType()), getValue(m.getSignerConf(), zipFile), getBase64Binary(m.getSignerCert(), zipFile), expandConf(m.getCrlControl()));
            addCrlSigner(en);
        }
    }
    // Requestors
    if (jaxb.getRequestors() != null) {
        for (RequestorType m : jaxb.getRequestors().getRequestor()) {
            RequestorEntry en = new RequestorEntry(new NameId(null, m.getName()), getBase64Binary(m.getCert(), zipFile));
            addRequestor(en);
        }
    }
    // Users
    if (jaxb.getUsers() != null) {
        for (UserType m : jaxb.getUsers().getUser()) {
            boolean active = (m.isActive() != null) ? m.isActive() : true;
            String password = m.getPassword();
            if (password != null) {
                AddUserEntry en = new AddUserEntry(new NameId(null, m.getName()), active, password);
                addUser(en);
            } else {
                UserEntry en = new UserEntry(new NameId(null, m.getName()), active, m.getHashedPassword());
                addUser(en);
            }
        }
    }
    // Publishers
    if (jaxb.getPublishers() != null) {
        for (PublisherType m : jaxb.getPublishers().getPublisher()) {
            PublisherEntry en = new PublisherEntry(new NameId(null, m.getName()), expandConf(m.getType()), getValue(m.getConf(), zipFile));
            addPublisher(en);
        }
    }
    // CertProfiles
    if (jaxb.getProfiles() != null) {
        for (ProfileType m : jaxb.getProfiles().getProfile()) {
            CertprofileEntry en = new CertprofileEntry(new NameId(null, m.getName()), expandConf(m.getType()), getValue(m.getConf(), zipFile));
            addProfile(en);
        }
    }
    // CAs
    if (jaxb.getCas() != null) {
        for (CaType m : jaxb.getCas().getCa()) {
            String name = m.getName();
            GenSelfIssued genSelfIssued = null;
            X509CaEntry caEntry = null;
            if (m.getCaInfo() != null) {
                X509CaInfoType ci = m.getCaInfo().getX509Ca();
                if (ci.getGenSelfIssued() != null) {
                    String certFilename = null;
                    if (ci.getCert() != null) {
                        if (ci.getCert().getFile() != null) {
                            certFilename = expandConf(ci.getCert().getFile());
                        } else {
                            throw new InvalidConfException("cert.file of CA " + name + " must not be null");
                        }
                    }
                    byte[] csr = getBinary(ci.getGenSelfIssued().getCsr(), zipFile);
                    BigInteger serialNumber = null;
                    String str = ci.getGenSelfIssued().getSerialNumber();
                    if (str != null) {
                        if (str.startsWith("0x") || str.startsWith("0X")) {
                            serialNumber = new BigInteger(str.substring(2), 16);
                        } else {
                            serialNumber = new BigInteger(str);
                        }
                    }
                    genSelfIssued = new GenSelfIssued(ci.getGenSelfIssued().getProfile(), csr, serialNumber, certFilename);
                }
                X509CaUris caUris = new X509CaUris(getStrings(ci.getCacertUris()), getStrings(ci.getOcspUris()), getStrings(ci.getCrlUris()), getStrings(ci.getDeltacrlUris()));
                int exprirationPeriod = (ci.getExpirationPeriod() == null) ? 365 : ci.getExpirationPeriod().intValue();
                int numCrls = (ci.getNumCrls() == null) ? 30 : ci.getNumCrls().intValue();
                caEntry = new X509CaEntry(new NameId(null, name), ci.getSnSize(), ci.getNextCrlNo(), expandConf(ci.getSignerType()), getValue(ci.getSignerConf(), zipFile), caUris, numCrls, exprirationPeriod);
                caEntry.setCmpControlName(ci.getCmpcontrolName());
                caEntry.setCrlSignerName(ci.getCrlsignerName());
                caEntry.setDuplicateKeyPermitted(ci.isDuplicateKey());
                caEntry.setDuplicateSubjectPermitted(ci.isDuplicateSubject());
                if (ci.getExtraControl() != null) {
                    String value = getValue(ci.getExtraControl(), zipFile);
                    if (value != null) {
                        caEntry.setExtraControl(new ConfPairs(value).unmodifiable());
                    }
                }
                int keepExpiredCertDays = (ci.getKeepExpiredCertDays() == null) ? -1 : ci.getKeepExpiredCertDays().intValue();
                caEntry.setKeepExpiredCertInDays(keepExpiredCertDays);
                caEntry.setMaxValidity(CertValidity.getInstance(ci.getMaxValidity()));
                caEntry.setPermission(ci.getPermission());
                caEntry.setResponderName(ci.getResponderName());
                caEntry.setSaveRequest(ci.isSaveReq());
                caEntry.setStatus(CaStatus.forName(ci.getStatus()));
                if (ci.getValidityMode() != null) {
                    caEntry.setValidityMode(ValidityMode.forName(ci.getValidityMode()));
                }
                if (ci.getGenSelfIssued() == null) {
                    X509Certificate caCert;
                    if (ci.getCert() != null) {
                        byte[] bytes = getBinary(ci.getCert(), zipFile);
                        try {
                            caCert = X509Util.parseCert(bytes);
                        } catch (CertificateException ex) {
                            throw new InvalidConfException("invalid certificate of CA " + name, ex);
                        }
                    } else {
                        // extract from the signer configuration
                        ConcurrentContentSigner signer;
                        try {
                            List<String[]> signerConfs = CaEntry.splitCaSignerConfs(getValue(ci.getSignerConf(), zipFile));
                            SignerConf signerConf = new SignerConf(signerConfs.get(0)[1]);
                            signer = securityFactory.createSigner(expandConf(ci.getSignerType()), signerConf, (X509Certificate) null);
                        } catch (ObjectCreationException | XiSecurityException ex) {
                            throw new InvalidConfException("could not create CA signer for CA " + name, ex);
                        }
                        caCert = signer.getCertificate();
                    }
                    caEntry.setCert(caCert);
                }
            }
            List<CaHasRequestorEntry> caHasRequestors = null;
            if (m.getRequestors() != null) {
                caHasRequestors = new LinkedList<>();
                for (CaHasRequestorType req : m.getRequestors().getRequestor()) {
                    CaHasRequestorEntry en = new CaHasRequestorEntry(new NameId(null, req.getRequestorName()));
                    en.setRa(req.isRa());
                    List<String> strs = getStrings(req.getProfiles());
                    if (strs != null) {
                        en.setProfiles(new HashSet<>(strs));
                    }
                    en.setPermission(req.getPermission());
                    caHasRequestors.add(en);
                }
            }
            List<CaHasUserEntry> caHasUsers = null;
            if (m.getUsers() != null) {
                caHasUsers = new LinkedList<>();
                for (CaHasUserType req : m.getUsers().getUser()) {
                    CaHasUserEntry en = new CaHasUserEntry(new NameId(null, req.getUserName()));
                    en.setPermission(req.getPermission());
                    List<String> strs = getStrings(req.getProfiles());
                    if (strs != null) {
                        en.setProfiles(new HashSet<>(strs));
                    }
                    caHasUsers.add(en);
                }
            }
            List<String> aliases = getStrings(m.getAliases());
            List<String> profileNames = getStrings(m.getProfiles());
            List<String> publisherNames = getStrings(m.getPublishers());
            SingleCaConf singleCa = new SingleCaConf(name, genSelfIssued, caEntry, aliases, profileNames, caHasRequestors, caHasUsers, publisherNames);
            addSingleCa(singleCa);
        }
    }
    // SCEPs
    if (jaxb.getSceps() != null) {
        for (ScepType m : jaxb.getSceps().getScep()) {
            String name = m.getName();
            NameId caIdent = new NameId(null, m.getCaName());
            List<String> certProfiles = getStrings(m.getProfiles());
            ScepEntry dbEntry = new ScepEntry(name, caIdent, true, m.getResponderName(), new HashSet<>(certProfiles), m.getControl());
            sceps.put(name, dbEntry);
        }
    }
}
Also used : CmpcontrolType(org.xipki.ca.server.mgmt.api.conf.jaxb.CmpcontrolType) CaHasUserEntry(org.xipki.ca.server.mgmt.api.CaHasUserEntry) NameValueType(org.xipki.ca.server.mgmt.api.conf.jaxb.NameValueType) NameId(org.xipki.ca.api.NameId) PublisherType(org.xipki.ca.server.mgmt.api.conf.jaxb.PublisherType) RequestorType(org.xipki.ca.server.mgmt.api.conf.jaxb.RequestorType) CaHasRequestorType(org.xipki.ca.server.mgmt.api.conf.jaxb.CaHasRequestorType) CertificateException(java.security.cert.CertificateException) CaHasRequestorType(org.xipki.ca.server.mgmt.api.conf.jaxb.CaHasRequestorType) CaType(org.xipki.ca.server.mgmt.api.conf.jaxb.CaType) PublisherEntry(org.xipki.ca.server.mgmt.api.PublisherEntry) CmpControlEntry(org.xipki.ca.server.mgmt.api.CmpControlEntry) ResponderEntry(org.xipki.ca.server.mgmt.api.ResponderEntry) SignerConf(org.xipki.security.SignerConf) ResponderType(org.xipki.ca.server.mgmt.api.conf.jaxb.ResponderType) X509Certificate(java.security.cert.X509Certificate) ScepEntry(org.xipki.ca.server.mgmt.api.x509.ScepEntry) AddUserEntry(org.xipki.ca.server.mgmt.api.AddUserEntry) BigInteger(java.math.BigInteger) UserType(org.xipki.ca.server.mgmt.api.conf.jaxb.UserType) CaHasUserType(org.xipki.ca.server.mgmt.api.conf.jaxb.CaHasUserType) CrlsignerType(org.xipki.ca.server.mgmt.api.conf.jaxb.CrlsignerType) X509CaEntry(org.xipki.ca.server.mgmt.api.x509.X509CaEntry) ScepType(org.xipki.ca.server.mgmt.api.conf.jaxb.ScepType) RequestorEntry(org.xipki.ca.server.mgmt.api.RequestorEntry) CaHasRequestorEntry(org.xipki.ca.server.mgmt.api.CaHasRequestorEntry) InvalidConfException(org.xipki.common.InvalidConfException) XiSecurityException(org.xipki.security.exception.XiSecurityException) X509CrlSignerEntry(org.xipki.ca.server.mgmt.api.x509.X509CrlSignerEntry) ProfileType(org.xipki.ca.server.mgmt.api.conf.jaxb.ProfileType) ConfPairs(org.xipki.common.ConfPairs) CertprofileEntry(org.xipki.ca.server.mgmt.api.CertprofileEntry) X509CaUris(org.xipki.ca.server.mgmt.api.x509.X509CaUris) ConcurrentContentSigner(org.xipki.security.ConcurrentContentSigner) ObjectCreationException(org.xipki.common.ObjectCreationException) CaHasUserType(org.xipki.ca.server.mgmt.api.conf.jaxb.CaHasUserType) X509CaInfoType(org.xipki.ca.server.mgmt.api.conf.jaxb.X509CaInfoType) CaHasUserEntry(org.xipki.ca.server.mgmt.api.CaHasUserEntry) AddUserEntry(org.xipki.ca.server.mgmt.api.AddUserEntry) UserEntry(org.xipki.ca.server.mgmt.api.UserEntry) CaHasRequestorEntry(org.xipki.ca.server.mgmt.api.CaHasRequestorEntry)

Aggregations

ObjectCreationException (org.xipki.common.ObjectCreationException)18 X509Certificate (java.security.cert.X509Certificate)11 SignerConf (org.xipki.security.SignerConf)11 IOException (java.io.IOException)7 XiSecurityException (org.xipki.security.exception.XiSecurityException)7 CaMgmtException (org.xipki.ca.server.mgmt.api.CaMgmtException)6 ConcurrentContentSigner (org.xipki.security.ConcurrentContentSigner)6 CertificateException (java.security.cert.CertificateException)5 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4 InvalidConfException (org.xipki.common.InvalidConfException)4 BigInteger (java.math.BigInteger)3 InvalidKeyException (java.security.InvalidKeyException)3 PublicKey (java.security.PublicKey)3 CertificateEncodingException (java.security.cert.CertificateEncodingException)3 X509CaEntry (org.xipki.ca.server.mgmt.api.x509.X509CaEntry)3 ConfPairs (org.xipki.common.ConfPairs)3 FileInputStream (java.io.FileInputStream)2 FileNotFoundException (java.io.FileNotFoundException)2 NoSuchProviderException (java.security.NoSuchProviderException)2 SignatureException (java.security.SignatureException)2