Examples with IssuerStore - org.xipki.ocsp.api.IssuerStore

Example 1 with IssuerStore

use of org.xipki.ocsp.api.IssuerStore in project xipki by xipki.

the class DbCertStatusStore method initIssuerStore.

private synchronized void initIssuerStore() {
    if (storeUpdateInProcess.get()) {
        return;
    }
    storeUpdateInProcess.set(true);
    try {
        if (initialized) {
            final String sql = "SELECT ID,REV,RT,S1C FROM ISSUER";
            PreparedStatement ps = preparedStatement(sql);
            ResultSet rs = null;
            try {
                Map<Integer, SimpleIssuerEntry> newIssuers = new HashMap<>();
                rs = ps.executeQuery();
                while (rs.next()) {
                    String sha1Fp = rs.getString("S1C");
                    if (!issuerFilter.includeIssuerWithSha1Fp(sha1Fp)) {
                        continue;
                    }
                    int id = rs.getInt("ID");
                    boolean revoked = rs.getBoolean("REV");
                    Long revTimeMs = revoked ? rs.getLong("RT") * 1000 : null;
                    SimpleIssuerEntry issuerEntry = new SimpleIssuerEntry(id, revTimeMs);
                    newIssuers.put(id, issuerEntry);
                }
                // no change in the issuerStore
                Set<Integer> newIds = newIssuers.keySet();
                Set<Integer> ids = (issuerStore != null) ? issuerStore.getIds() : Collections.emptySet();
                boolean issuersUnchanged = (ids.size() == newIds.size()) && ids.containsAll(newIds) && newIds.containsAll(ids);
                if (issuersUnchanged) {
                    for (Integer id : newIds) {
                        IssuerEntry entry = issuerStore.getIssuerForId(id);
                        SimpleIssuerEntry newEntry = newIssuers.get(id);
                        if (newEntry.match(entry)) {
                            issuersUnchanged = false;
                            break;
                        }
                    }
                }
                if (issuersUnchanged) {
                    return;
                }
            } finally {
                releaseDbResources(ps, rs);
            }
        }
        // end if(initialized)
        final String sql = "SELECT ID,NBEFORE,REV,RT,S1C,CERT,CRL_INFO FROM ISSUER";
        PreparedStatement ps = preparedStatement(sql);
        ResultSet rs = null;
        try {
            rs = ps.executeQuery();
            List<IssuerEntry> caInfos = new LinkedList<>();
            while (rs.next()) {
                String sha1Fp = rs.getString("S1C");
                if (!issuerFilter.includeIssuerWithSha1Fp(sha1Fp)) {
                    continue;
                }
                int id = rs.getInt("ID");
                String b64Cert = rs.getString("CERT");
                X509Certificate cert = X509Util.parseBase64EncodedCert(b64Cert);
                IssuerEntry caInfoEntry = new IssuerEntry(id, cert);
                String crlInfoStr = rs.getString("CRL_INFO");
                if (StringUtil.isNotBlank(crlInfoStr)) {
                    CrlInfo crlInfo = new CrlInfo(crlInfoStr);
                    caInfoEntry.setCrlInfo(crlInfo);
                }
                RequestIssuer reqIssuer = new RequestIssuer(HashAlgo.SHA1, caInfoEntry.getEncodedHash(HashAlgo.SHA1));
                for (IssuerEntry existingIssuer : caInfos) {
                    if (existingIssuer.matchHash(reqIssuer)) {
                        throw new Exception("found at least two issuers with the same subject and key");
                    }
                }
                boolean revoked = rs.getBoolean("REV");
                if (revoked) {
                    long lo = rs.getLong("RT");
                    caInfoEntry.setRevocationInfo(new Date(lo * 1000));
                }
                caInfos.add(caInfoEntry);
            }
            // end while (rs.next())
            initialized = false;
            this.issuerStore = new IssuerStore(caInfos);
            LOG.info("Updated issuers: {}", name);
            initializationFailed = false;
            initialized = true;
        } finally {
            releaseDbResources(ps, rs);
        }
    } catch (Throwable th) {
        storeUpdateInProcess.set(false);
        LogUtil.error(LOG, th, "could not executing initIssuerStore()");
        initializationFailed = true;
        initialized = true;
    }
}

Also used : RequestIssuer(org.xipki.ocsp.api.RequestIssuer) IssuerEntry(org.xipki.ocsp.api.IssuerEntry) HashMap(java.util.HashMap) PreparedStatement(java.sql.PreparedStatement) IssuerStore(org.xipki.ocsp.api.IssuerStore) LinkedList(java.util.LinkedList) X509Certificate(java.security.cert.X509Certificate) OcspStoreException(org.xipki.ocsp.api.OcspStoreException) SQLException(java.sql.SQLException) DataAccessException(org.xipki.datasource.DataAccessException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) Date(java.util.Date) BigInteger(java.math.BigInteger) CrlInfo(org.xipki.ocsp.api.CrlInfo) ResultSet(java.sql.ResultSet)

Example 2 with IssuerStore

use of org.xipki.ocsp.api.IssuerStore in project xipki by xipki.

the class ResponseCacher method initIssuerStore.

// method updateCacheStore0
private boolean initIssuerStore() throws DataAccessException, CertificateException {
    PreparedStatement ps = null;
    ResultSet rs = null;
    try {
        ps = prepareStatement(SQL_SELECT_ISSUER);
        rs = ps.executeQuery();
        List<IssuerEntry> caInfos = new LinkedList<>();
        PreparedStatement deleteIssuerStmt = null;
        while (rs.next()) {
            int id = rs.getInt("ID");
            String b64Cert = rs.getString("CERT");
            X509Certificate cert = X509Util.parseBase64EncodedCert(b64Cert);
            IssuerEntry caInfoEntry = new IssuerEntry(id, cert);
            RequestIssuer reqIssuer = new RequestIssuer(HashAlgo.SHA1, caInfoEntry.getEncodedHash(HashAlgo.SHA1));
            boolean duplicated = false;
            for (IssuerEntry existingIssuer : caInfos) {
                if (existingIssuer.matchHash(reqIssuer)) {
                    duplicated = true;
                    break;
                }
            }
            String subject = cert.getSubjectX500Principal().getName();
            if (duplicated) {
                if (deleteIssuerStmt == null) {
                    deleteIssuerStmt = prepareStatement(SQL_DELETE_ISSUER);
                }
                deleteIssuerStmt.setInt(1, id);
                deleteIssuerStmt.executeUpdate();
                LOG.warn("Delete duplicated issuer {}: {}", id, subject);
            } else {
                LOG.info("added issuer {}: {}", id, subject);
                caInfos.add(caInfoEntry);
            }
        }
        // end while (rs.next())
        this.issuerStore = new IssuerStore(caInfos);
        LOG.info("Updated issuers");
    } catch (SQLException ex) {
        throw datasource.translate(SQL_SELECT_ISSUER, ex);
    } finally {
        datasource.releaseResources(ps, rs, false);
    }
    return true;
}

Also used : RequestIssuer(org.xipki.ocsp.api.RequestIssuer) IssuerEntry(org.xipki.ocsp.api.IssuerEntry) SQLException(java.sql.SQLException) ResultSet(java.sql.ResultSet) PreparedStatement(java.sql.PreparedStatement) IssuerStore(org.xipki.ocsp.api.IssuerStore) LinkedList(java.util.LinkedList) X509Certificate(java.security.cert.X509Certificate)

Aggregations

X509Certificate (java.security.cert.X509Certificate)2 PreparedStatement (java.sql.PreparedStatement)2 ResultSet (java.sql.ResultSet)2 SQLException (java.sql.SQLException)2 LinkedList (java.util.LinkedList)2 IssuerEntry (org.xipki.ocsp.api.IssuerEntry)2 IssuerStore (org.xipki.ocsp.api.IssuerStore)2 RequestIssuer (org.xipki.ocsp.api.RequestIssuer)2 IOException (java.io.IOException)1 BigInteger (java.math.BigInteger)1 CertificateException (java.security.cert.CertificateException)1 Date (java.util.Date)1 HashMap (java.util.HashMap)1 DataAccessException (org.xipki.datasource.DataAccessException)1 CrlInfo (org.xipki.ocsp.api.CrlInfo)1 OcspStoreException (org.xipki.ocsp.api.OcspStoreException)1