Example 1 with DataSourceWrapper
use of org.xipki.datasource.DataSourceWrapper in project xipki by xipki.
the class OcspServerImpl method init0.
private void init0() throws InvalidConfException, DataAccessException, PasswordResolverException {
if (confFile == null) {
throw new IllegalStateException("confFile is not set");
}
if (datasourceFactory == null) {
throw new IllegalStateException("datasourceFactory is not set");
}
if (securityFactory == null) {
throw new IllegalStateException("securityFactory is not set");
}
OCSPServer conf = parseConf(confFile);
// -- check the duplication names
Set<String> set = new HashSet<>();
// Duplication name check: responder
for (ResponderType m : conf.getResponders().getResponder()) {
String name = m.getName();
if (set.contains(name)) {
throw new InvalidConfException("duplicated definition of responder named '" + name + "'");
}
if (StringUtil.isBlank(name)) {
throw new InvalidConfException("responder name must not be empty");
}
for (int i = 0; i < name.length(); i++) {
char ch = name.charAt(i);
if (!((ch >= '0' && ch <= '9') || (ch >= 'A' && ch <= 'Z') || (ch >= 'a' && ch <= 'z') || ch == '-') || ch == '_' || ch == '.') {
throw new InvalidConfException("invalid OCSP responder name '" + name + "'");
}
}
// end for
set.add(name);
}
// end for
// Duplication name check: signer
set.clear();
for (SignerType m : conf.getSigners().getSigner()) {
String name = m.getName();
if (set.contains(name)) {
throw new InvalidConfException("duplicated definition of signer option named '" + name + "'");
}
set.add(name);
}
// Duplication name check: requests
set.clear();
for (RequestOptionType m : conf.getRequestOptions().getRequestOption()) {
String name = m.getName();
if (set.contains(name)) {
throw new InvalidConfException("duplicated definition of request option named '" + name + "'");
}
set.add(name);
}
// Duplication name check: response
set.clear();
for (ResponseOptionType m : conf.getResponseOptions().getResponseOption()) {
String name = m.getName();
if (set.contains(name)) {
throw new InvalidConfException("duplicated definition of response option named '" + name + "'");
}
set.add(name);
}
// Duplication name check: store
set.clear();
for (StoreType m : conf.getStores().getStore()) {
String name = m.getName();
if (set.contains(name)) {
throw new InvalidConfException("duplicated definition of store named '" + name + "'");
}
}
// Duplication name check: datasource
set.clear();
if (conf.getDatasources() != null) {
for (DatasourceType m : conf.getDatasources().getDatasource()) {
String name = m.getName();
if (set.contains(name)) {
throw new InvalidConfException("duplicated definition of datasource named '" + name + "'");
}
set.add(name);
}
}
this.master = conf.isMaster();
// Response Cache
ResponseCacheType cacheType = conf.getResponseCache();
if (cacheType != null) {
DatasourceType cacheSourceConf = cacheType.getDatasource();
DataSourceWrapper datasource;
InputStream dsStream = null;
try {
dsStream = getInputStream(cacheSourceConf.getConf());
datasource = datasourceFactory.createDataSource(cacheSourceConf.getName(), dsStream, securityFactory.getPasswordResolver());
} catch (IOException ex) {
throw new InvalidConfException(ex.getMessage(), ex);
} finally {
close(dsStream);
}
responseCacher = new ResponseCacher(datasource, master, cacheType.getValidity());
responseCacher.init();
}
// signers
for (SignerType m : conf.getSigners().getSigner()) {
ResponderSigner signer = initSigner(m);
signers.put(m.getName(), signer);
}
// requests
for (RequestOptionType m : conf.getRequestOptions().getRequestOption()) {
RequestOption option = new RequestOption(m);
requestOptions.put(m.getName(), option);
}
// responses
for (ResponseOptionType m : conf.getResponseOptions().getResponseOption()) {
ResponseOption option = new ResponseOption(m);
responseOptions.put(m.getName(), option);
}
// datasources
Map<String, DataSourceWrapper> datasources = new HashMap<>();
if (conf.getDatasources() != null) {
for (DatasourceType m : conf.getDatasources().getDatasource()) {
String name = m.getName();
DataSourceWrapper datasource;
InputStream dsStream = null;
try {
dsStream = getInputStream(m.getConf());
datasource = datasourceFactory.createDataSource(name, dsStream, securityFactory.getPasswordResolver());
} catch (IOException ex) {
throw new InvalidConfException(ex.getMessage(), ex);
} finally {
close(dsStream);
}
datasources.put(name, datasource);
}
// end for
}
// end if
// responders
Map<String, ResponderOption> responderOptions = new HashMap<>();
for (ResponderType m : conf.getResponders().getResponder()) {
ResponderOption option = new ResponderOption(m);
String optName = option.getSignerName();
if (!signers.containsKey(optName)) {
throw new InvalidConfException("no signer named '" + optName + "' is defined");
}
String reqOptName = option.getRequestOptionName();
if (!requestOptions.containsKey(reqOptName)) {
throw new InvalidConfException("no requestOption named '" + reqOptName + "' is defined");
}
String respOptName = option.getResponseOptionName();
if (!responseOptions.containsKey(respOptName)) {
throw new InvalidConfException("no responseOption named '" + respOptName + "' is defined");
}
// required HashAlgorithms for certificate
List<StoreType> storeDefs = conf.getStores().getStore();
Set<String> storeNames = new HashSet<>(storeDefs.size());
for (StoreType storeDef : storeDefs) {
storeNames.add(storeDef.getName());
}
responderOptions.put(m.getName(), option);
}
// stores
for (StoreType m : conf.getStores().getStore()) {
OcspStore store = newStore(m, datasources);
stores.put(m.getName(), store);
}
// responders
for (String name : responderOptions.keySet()) {
ResponderOption option = responderOptions.get(name);
List<OcspStore> statusStores = new ArrayList<>(option.getStoreNames().size());
for (String storeName : option.getStoreNames()) {
statusStores.add(stores.get(storeName));
}
ResponseOption responseOption = responseOptions.get(option.getResponseOptionName());
ResponderSigner signer = signers.get(option.getSignerName());
if (signer.isMacSigner()) {
if (responseOption.isResponderIdByName()) {
throw new InvalidConfException("could not use ResponderIdByName for signer " + option.getSignerName());
}
if (EmbedCertsMode.NONE != responseOption.getEmbedCertsMode()) {
throw new InvalidConfException("could not embed certifcate in response for signer " + option.getSignerName());
}
}
ResponderImpl responder = new ResponderImpl(option, requestOptions.get(option.getRequestOptionName()), responseOption, signer, statusStores);
responders.put(name, responder);
}
// end for
// servlet paths
List<SizeComparableString> tmpList = new LinkedList<>();
for (String name : responderOptions.keySet()) {
ResponderImpl responder = responders.get(name);
ResponderOption option = responderOptions.get(name);
List<String> strs = option.getServletPaths();
for (String path : strs) {
tmpList.add(new SizeComparableString(path));
path2responderMap.put(path, responder);
}
}
// Sort the servlet paths according to the length of path. The first one is the
// longest, and the last one is the shortest.
Collections.sort(tmpList);
List<String> list2 = new ArrayList<>(tmpList.size());
for (SizeComparableString m : tmpList) {
list2.add(m.str);
}
this.servletPaths = list2;
}
Also used :
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
InvalidConfException(org.xipki.common.InvalidConfException)
DatasourceType(org.xipki.ocsp.server.impl.jaxb.DatasourceType)
SignerType(org.xipki.ocsp.server.impl.jaxb.SignerType)
StoreType(org.xipki.ocsp.server.impl.jaxb.StoreType)
OcspStore(org.xipki.ocsp.api.OcspStore)
HashSet(java.util.HashSet)
RequestOptionType(org.xipki.ocsp.server.impl.jaxb.RequestOptionType)
ResponseOptionType(org.xipki.ocsp.server.impl.jaxb.ResponseOptionType)
ByteArrayInputStream(java.io.ByteArrayInputStream)
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
FileInputStream(java.io.FileInputStream)
InputStream(java.io.InputStream)
ResponseCacheType(org.xipki.ocsp.server.impl.jaxb.ResponseCacheType)
IOException(java.io.IOException)
ResponderType(org.xipki.ocsp.server.impl.jaxb.ResponderType)
LinkedList(java.util.LinkedList)
OCSPServer(org.xipki.ocsp.server.impl.jaxb.OCSPServer)
DataSourceWrapper(org.xipki.datasource.DataSourceWrapper)
Example 2 with DataSourceWrapper
use of org.xipki.datasource.DataSourceWrapper in project xipki by xipki.
the class CaManagerImpl method init.
private void init() throws CaMgmtException {
if (securityFactory == null) {
throw new IllegalStateException("securityFactory is not set");
}
if (datasourceFactory == null) {
throw new IllegalStateException("datasourceFactory is not set");
}
if (x509CertProfileFactoryRegister == null) {
throw new IllegalStateException("x509CertProfileFactoryRegister is not set");
}
if (x509CertPublisherFactoryRegister == null) {
throw new IllegalStateException("x509CertPublisherFactoryRegister is not set");
}
if (caConfFile == null) {
throw new IllegalStateException("caConfFile is not set");
}
Properties caConfProps = new Properties();
try {
caConfProps.load(new FileInputStream(IoUtil.expandFilepath(caConfFile)));
} catch (IOException ex) {
throw new CaMgmtException("could not parse CA configuration" + caConfFile, ex);
}
String caModeStr = caConfProps.getProperty("ca.mode");
if (caModeStr != null) {
if ("slave".equalsIgnoreCase(caModeStr)) {
masterMode = false;
} else if ("master".equalsIgnoreCase(caModeStr)) {
masterMode = true;
} else {
throw new CaMgmtException(concat("invalid ca.mode '", caModeStr, "'"));
}
} else {
masterMode = true;
}
int shardId;
String shardIdStr = caConfProps.getProperty("ca.shardId");
if (StringUtil.isBlank(shardIdStr)) {
throw new CaMgmtException("ca.shardId is not set");
}
LOG.info("ca.shardId: {}", shardIdStr);
try {
shardId = Integer.parseInt(shardIdStr);
} catch (NumberFormatException ex) {
throw new CaMgmtException(concat("invalid ca.shardId '", shardIdStr, "'"));
}
if (shardId < 0 || shardId > 127) {
throw new CaMgmtException("ca.shardId is not in [0, 127]");
}
if (this.datasources == null) {
this.datasources = new ConcurrentHashMap<>();
for (Object objKey : caConfProps.keySet()) {
String key = (String) objKey;
if (!StringUtil.startsWithIgnoreCase(key, "datasource.")) {
continue;
}
String datasourceFile = caConfProps.getProperty(key);
try {
String datasourceName = key.substring("datasource.".length());
DataSourceWrapper datasource = datasourceFactory.createDataSourceForFile(datasourceName, datasourceFile, securityFactory.getPasswordResolver());
Connection conn = datasource.getConnection();
datasource.returnConnection(conn);
this.datasources.put(datasourceName, datasource);
} catch (DataAccessException | PasswordResolverException | IOException | RuntimeException ex) {
throw new CaMgmtException(concat(ex.getClass().getName(), " while parsing datasource ", datasourceFile, ": ", ex.getMessage()), ex);
}
}
this.datasource = this.datasources.get("ca");
}
if (this.datasource == null) {
throw new CaMgmtException("no datasource named 'ca' configured");
}
this.queryExecutor = new CaManagerQueryExecutor(this.datasource);
initEnvironmentParamters();
String envEpoch = envParameterResolver.getParameter(ENV_EPOCH);
if (masterMode) {
lockCa(true);
if (envEpoch == null) {
final long day = 24L * 60 * 60 * 1000;
envEpoch = queryExecutor.setEpoch(new Date(System.currentTimeMillis() - day));
LOG.info("set environment {} to {}", ENV_EPOCH, envEpoch);
}
queryExecutor.addRequestorIfNeeded(RequestorInfo.NAME_BY_CA);
queryExecutor.addRequestorIfNeeded(RequestorInfo.NAME_BY_USER);
} else {
if (envEpoch == null) {
throw new CaMgmtException("The CA system must be started first with ca.mode = master");
}
}
LOG.info("use EPOCH: {}", envEpoch);
long epoch = DateUtil.parseUtcTimeyyyyMMdd(envEpoch).getTime();
UniqueIdGenerator idGen = new UniqueIdGenerator(epoch, shardId);
try {
this.certstore = new CertificateStore(datasource, idGen);
} catch (DataAccessException ex) {
throw new CaMgmtException(ex.getMessage(), ex);
}
initCaAliases();
initCertprofiles();
initPublishers();
initCmpControls();
initRequestors();
initResponders();
initCrlSigners();
initCas();
initSceps();
}
Also used :
Connection(java.sql.Connection)
IOException(java.io.IOException)
Properties(java.util.Properties)
FileInputStream(java.io.FileInputStream)
Date(java.util.Date)
CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException)
CertificateStore(org.xipki.ca.server.impl.store.CertificateStore)
PasswordResolverException(org.xipki.password.PasswordResolverException)
DataSourceWrapper(org.xipki.datasource.DataSourceWrapper)
DataAccessException(org.xipki.datasource.DataAccessException)
Example 3 with DataSourceWrapper
use of org.xipki.datasource.DataSourceWrapper in project xipki by xipki.
the class OcspServerImpl method newStore.
// method initSigner
private OcspStore newStore(StoreType conf, Map<String, DataSourceWrapper> datasources) throws InvalidConfException {
OcspStore store;
String type = conf.getSource().getType();
if ("CRL".equalsIgnoreCase(type)) {
store = new CrlDbCertStatusStore();
} else if ("XIPKI-DB".equals(type)) {
store = new DbCertStatusStore();
} else {
try {
store = ocspStoreFactoryRegister.newOcspStore(conf.getSource().getType());
} catch (ObjectCreationException ex) {
throw new InvalidConfException("ObjectCreationException of store " + conf.getName() + ":" + ex.getMessage(), ex);
}
}
store.setName(conf.getName());
Integer interval = conf.getRetentionInterval();
int retentionInterva = (interval == null) ? -1 : interval.intValue();
store.setRetentionInterval(retentionInterva);
store.setUnknownSerialAsGood(getBoolean(conf.isUnknownSerialAsGood(), false));
store.setIncludeArchiveCutoff(getBoolean(conf.isIncludeArchiveCutoff(), true));
store.setIncludeCrlId(getBoolean(conf.isIncludeCrlID(), true));
store.setIgnoreExpiredCert(getBoolean(conf.isIgnoreExpiredCert(), true));
store.setIgnoreNotYetValidCert(getBoolean(conf.isIgnoreNotYetValidCert(), true));
String datasourceName = conf.getSource().getDatasource();
DataSourceWrapper datasource = null;
if (datasourceName != null) {
datasource = datasources.get(datasourceName);
if (datasource == null) {
throw new InvalidConfException("datasource named '" + datasourceName + "' not defined");
}
}
try {
store.init(conf.getSource().getConf(), datasource);
} catch (OcspStoreException ex) {
throw new InvalidConfException("CertStatusStoreException of store " + conf.getName() + ":" + ex.getMessage(), ex);
}
return store;
}
Also used :
CrlDbCertStatusStore(org.xipki.ocsp.server.impl.store.crl.CrlDbCertStatusStore)
DbCertStatusStore(org.xipki.ocsp.server.impl.store.db.DbCertStatusStore)
BigInteger(java.math.BigInteger)
CrlDbCertStatusStore(org.xipki.ocsp.server.impl.store.crl.CrlDbCertStatusStore)
OcspStoreException(org.xipki.ocsp.api.OcspStoreException)
OcspStore(org.xipki.ocsp.api.OcspStore)
ObjectCreationException(org.xipki.common.ObjectCreationException)
InvalidConfException(org.xipki.common.InvalidConfException)
DataSourceWrapper(org.xipki.datasource.DataSourceWrapper)
Example 4 with DataSourceWrapper
use of org.xipki.datasource.DataSourceWrapper in project xipki by xipki.
the class OcspCertPublisher method initialize.
@Override
public void initialize(String conf, PasswordResolver passwordResolver, Map<String, DataSourceWrapper> datasources) throws CertPublisherException {
ParamUtil.requireNonNull("conf", conf);
ParamUtil.requireNonEmpty("datasources", datasources);
ConfPairs pairs = new ConfPairs(conf);
String str = pairs.value("publish.goodcerts");
this.publishsGoodCert = (str == null) ? true : Boolean.parseBoolean(str);
str = pairs.value("asyn");
this.asyn = (str == null) ? false : Boolean.parseBoolean(str);
ConfPairs confPairs = new ConfPairs(conf);
String datasourceName = confPairs.value("datasource");
DataSourceWrapper datasource = null;
if (datasourceName != null) {
datasource = datasources.get(datasourceName);
}
if (datasource == null) {
throw new CertPublisherException("no datasource named '" + datasourceName + "' is specified");
}
try {
queryExecutor = new OcspStoreQueryExecutor(datasource, this.publishsGoodCert);
} catch (NoSuchAlgorithmException | DataAccessException ex) {
throw new CertPublisherException(ex.getMessage(), ex);
}
}
Also used :
ConfPairs(org.xipki.common.ConfPairs)
CertPublisherException(org.xipki.ca.api.publisher.CertPublisherException)
DataSourceWrapper(org.xipki.datasource.DataSourceWrapper)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
DataAccessException(org.xipki.datasource.DataAccessException)
Example 5 with DataSourceWrapper
use of org.xipki.datasource.DataSourceWrapper in project xipki by xipki.
the class CaManagerImpl method shutdown.
// method startCa
public void shutdown() {
LOG.info("stopping CA system");
shutdownScheduledThreadPoolExecutor();
if (persistentScheduledThreadPoolExecutor != null) {
persistentScheduledThreadPoolExecutor.shutdown();
while (!persistentScheduledThreadPoolExecutor.isTerminated()) {
try {
Thread.sleep(100);
} catch (InterruptedException ex) {
LOG.error("interrupted: {}", ex.getMessage());
}
}
persistentScheduledThreadPoolExecutor = null;
}
for (String caName : x509cas.keySet()) {
X509Ca ca = x509cas.get(caName);
try {
ca.shutdown();
} catch (Throwable th) {
LogUtil.error(LOG, th, concat("could not call ca.shutdown() for CA ", caName));
}
}
if (caLockedByMe) {
try {
unlockCa();
} catch (Throwable th) {
LogUtil.error(LOG, th, "could not unlock CA system");
}
}
File caLockFile = new File("calock");
if (caLockFile.exists()) {
caLockFile.delete();
}
for (String dsName : datasources.keySet()) {
DataSourceWrapper ds = datasources.get(dsName);
try {
ds.close();
} catch (Exception ex) {
LogUtil.warn(LOG, ex, concat("could not close datasource ", dsName));
}
}
auditLogPciEvent(true, "SHUTDOWN");
LOG.info("stopped CA system");
}
Also used :
DataSourceWrapper(org.xipki.datasource.DataSourceWrapper)
File(java.io.File)
CertprofileException(org.xipki.ca.api.profile.CertprofileException)
KeyStoreException(java.security.KeyStoreException)
XiSecurityException(org.xipki.security.exception.XiSecurityException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
InvalidConfException(org.xipki.common.InvalidConfException)
SocketException(java.net.SocketException)
IOException(java.io.IOException)
CertPublisherException(org.xipki.ca.api.publisher.CertPublisherException)
OperationException(org.xipki.ca.api.OperationException)
CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException)
ObjectCreationException(org.xipki.common.ObjectCreationException)
DataAccessException(org.xipki.datasource.DataAccessException)
JAXBException(javax.xml.bind.JAXBException)
FileNotFoundException(java.io.FileNotFoundException)
SAXException(org.xml.sax.SAXException)
CertificateException(java.security.cert.CertificateException)
PasswordResolverException(org.xipki.password.PasswordResolverException)
Aggregations
DataSourceWrapper (org.xipki.datasource.DataSourceWrapper)6
FileInputStream (java.io.FileInputStream)3
IOException (java.io.IOException)3
InvalidConfException (org.xipki.common.InvalidConfException)3
DataAccessException (org.xipki.datasource.DataAccessException)3
BigInteger (java.math.BigInteger)2
Properties (java.util.Properties)2
CertPublisherException (org.xipki.ca.api.publisher.CertPublisherException)2
CaMgmtException (org.xipki.ca.server.mgmt.api.CaMgmtException)2
ObjectCreationException (org.xipki.common.ObjectCreationException)2
OcspStore (org.xipki.ocsp.api.OcspStore)2
PasswordResolverException (org.xipki.password.PasswordResolverException)2
ByteArrayInputStream (java.io.ByteArrayInputStream)1
File (java.io.File)1
FileNotFoundException (java.io.FileNotFoundException)1
InputStream (java.io.InputStream)1
SocketException (java.net.SocketException)1
KeyStoreException (java.security.KeyStoreException)1
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1
CertificateEncodingException (java.security.cert.CertificateEncodingException)1
