Example 11 with CertRevocationInfo
use of org.xipki.security.CertRevocationInfo in project xipki by xipki.
the class CaManagerImpl method revokeCa.
// method republishCertificates
@Override
public void revokeCa(String caName, CertRevocationInfo revocationInfo) throws CaMgmtException {
caName = ParamUtil.requireNonBlank("caName", caName).toLowerCase();
ParamUtil.requireNonNull("revocationInfo", revocationInfo);
asssertMasterMode();
if (!x509cas.containsKey(caName)) {
throw new CaMgmtException(concat("unkown CA ", caName));
}
LOG.info("revoking CA '{}'", caName);
X509Ca ca = x509cas.get(caName);
CertRevocationInfo currentRevInfo = ca.getCaInfo().getRevocationInfo();
if (currentRevInfo != null) {
CrlReason currentReason = currentRevInfo.getReason();
if (currentReason != CrlReason.CERTIFICATE_HOLD) {
throw new CaMgmtException(concat("CA ", caName, " has been revoked with reason ", currentReason.name()));
}
}
queryExecutor.revokeCa(caName, revocationInfo);
try {
ca.revokeCa(revocationInfo, CaAuditConstants.MSGID_ca_mgmt);
} catch (OperationException ex) {
throw new CaMgmtException(concat("could not revoke CA ", ex.getMessage()), ex);
}
LOG.info("revoked CA '{}'", caName);
auditLogPciEvent(true, concat("REVOKE CA ", caName));
}
Also used :
CertRevocationInfo(org.xipki.security.CertRevocationInfo)
CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException)
CrlReason(org.xipki.security.CrlReason)
OperationException(org.xipki.ca.api.OperationException)
Example 12 with CertRevocationInfo
use of org.xipki.security.CertRevocationInfo in project xipki by xipki.
the class CertStoreQueryExecutor method getCertificateInfo.
// method getCertWithRevocationInfo
X509CertificateInfo getCertificateInfo(NameId ca, X509Cert caCert, BigInteger serial, CaIdNameMap idNameMap) throws DataAccessException, OperationException, CertificateException {
ParamUtil.requireNonNull("ca", ca);
ParamUtil.requireNonNull("caCert", caCert);
ParamUtil.requireNonNull("idNameMap", idNameMap);
ParamUtil.requireNonNull("serial", serial);
final String sql = sqls.sqlCertInfo;
String b64Cert;
boolean revoked;
int revReason = 0;
long revTime = 0;
long revInvTime = 0;
int certprofileId;
int requestorId;
ResultSet rs = null;
PreparedStatement ps = borrowPreparedStatement(sql);
try {
int idx = 1;
ps.setInt(idx++, ca.getId());
ps.setString(idx++, serial.toString(16));
rs = ps.executeQuery();
if (!rs.next()) {
return null;
}
b64Cert = rs.getString("CERT");
certprofileId = rs.getInt("PID");
requestorId = rs.getInt("RID");
revoked = rs.getBoolean("REV");
if (revoked) {
revReason = rs.getInt("RR");
revTime = rs.getLong("RT");
revInvTime = rs.getLong("RIT");
}
} catch (SQLException ex) {
throw datasource.translate(sql, ex);
} finally {
releaseDbResources(ps, rs);
}
try {
byte[] encodedCert = Base64.decodeFast(b64Cert);
X509Certificate cert = X509Util.parseCert(encodedCert);
X509CertWithDbId certWithMeta = new X509CertWithDbId(cert, encodedCert);
byte[] subjectPublicKeyInfo = Certificate.getInstance(encodedCert).getTBSCertificate().getSubjectPublicKeyInfo().getEncoded();
X509CertificateInfo certInfo = new X509CertificateInfo(certWithMeta, ca, caCert, subjectPublicKeyInfo, idNameMap.getCertprofile(certprofileId), idNameMap.getRequestor(requestorId));
if (!revoked) {
return certInfo;
}
Date invalidityTime = (revInvTime == 0) ? null : new Date(revInvTime * 1000);
CertRevocationInfo revInfo = new CertRevocationInfo(revReason, new Date(revTime * 1000), invalidityTime);
certInfo.setRevocationInfo(revInfo);
return certInfo;
} catch (IOException ex) {
LOG.warn("getCertificateInfo()", ex);
throw new OperationException(ErrorCode.SYSTEM_FAILURE, ex);
}
}
Also used :
SQLException(java.sql.SQLException)
PreparedStatement(java.sql.PreparedStatement)
X509CertWithDbId(org.xipki.ca.api.X509CertWithDbId)
X509CertificateInfo(org.xipki.ca.api.publisher.x509.X509CertificateInfo)
DERPrintableString(org.bouncycastle.asn1.DERPrintableString)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
IOException(java.io.IOException)
X509Certificate(java.security.cert.X509Certificate)
Date(java.util.Date)
CertRevocationInfo(org.xipki.security.CertRevocationInfo)
ResultSet(java.sql.ResultSet)
OperationException(org.xipki.ca.api.OperationException)
Example 13 with CertRevocationInfo
use of org.xipki.security.CertRevocationInfo in project xipki by xipki.
the class CertStoreQueryExecutor method unrevokeCert.
// method revokeSuspendedCert
X509CertWithDbId unrevokeCert(NameId ca, BigInteger serialNumber, boolean force, boolean publishToDeltaCrlCache, CaIdNameMap idNamMap) throws OperationException, DataAccessException {
ParamUtil.requireNonNull("ca", ca);
ParamUtil.requireNonNull("serialNumber", serialNumber);
X509CertWithRevocationInfo certWithRevInfo = getCertWithRevocationInfo(ca, serialNumber, idNamMap);
if (certWithRevInfo == null) {
LOG.warn("certificate with CA={} and serialNumber={} does not exist", ca.getName(), LogUtil.formatCsn(serialNumber));
return null;
}
CertRevocationInfo currentRevInfo = certWithRevInfo.getRevInfo();
if (currentRevInfo == null) {
throw new OperationException(ErrorCode.CERT_UNREVOKED, "certificate is not revoked");
}
CrlReason currentReason = currentRevInfo.getReason();
if (!force) {
if (currentReason != CrlReason.CERTIFICATE_HOLD) {
throw new OperationException(ErrorCode.NOT_PERMITTED, "could not unrevoke certificate revoked with reason " + currentReason.getDescription());
}
}
final String sql = "UPDATE CERT SET LUPDATE=?,REV=?,RT=?,RIT=?,RR=? WHERE ID=?";
long certId = certWithRevInfo.getCert().getCertId().longValue();
long currentTimeSeconds = System.currentTimeMillis() / 1000;
PreparedStatement ps = borrowPreparedStatement(sql);
try {
int idx = 1;
ps.setLong(idx++, currentTimeSeconds);
setBoolean(ps, idx++, false);
ps.setNull(idx++, Types.INTEGER);
ps.setNull(idx++, Types.INTEGER);
ps.setNull(idx++, Types.INTEGER);
ps.setLong(idx++, certId);
int count = ps.executeUpdate();
if (count != 1) {
String message = (count > 1) ? count + " rows modified, but exactly one is expected" : "no row is modified, but exactly one is expected";
throw new OperationException(ErrorCode.SYSTEM_FAILURE, message);
}
} catch (SQLException ex) {
throw datasource.translate(sql, ex);
} finally {
releaseDbResources(ps, null);
}
if (publishToDeltaCrlCache) {
publishToDeltaCrlCache(ca, certWithRevInfo.getCert().getCert().getSerialNumber());
}
return certWithRevInfo.getCert();
}
Also used :
CertRevocationInfo(org.xipki.security.CertRevocationInfo)
SQLException(java.sql.SQLException)
PreparedStatement(java.sql.PreparedStatement)
CrlReason(org.xipki.security.CrlReason)
DERPrintableString(org.bouncycastle.asn1.DERPrintableString)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
OperationException(org.xipki.ca.api.OperationException)
Example 14 with CertRevocationInfo
use of org.xipki.security.CertRevocationInfo in project xipki by xipki.
the class CaRevokeCmd method execute0.
@Override
protected Object execute0() throws Exception {
CrlReason crlReason = CrlReason.forNameOrText(reason);
if (!PERMITTED_REASONS.contains(crlReason)) {
throw new IllegalCmdParamException("reason " + reason + " is not permitted");
}
if (!caManager.getCaNames().contains(caName)) {
throw new IllegalCmdParamException("invalid CA name " + caName);
}
Date revocationDate = null;
revocationDate = isNotBlank(revocationDateS) ? DateUtil.parseUtcTimeyyyyMMddhhmmss(revocationDateS) : new Date();
Date invalidityDate = null;
if (isNotBlank(invalidityDateS)) {
invalidityDate = DateUtil.parseUtcTimeyyyyMMddhhmmss(invalidityDateS);
}
CertRevocationInfo revInfo = new CertRevocationInfo(crlReason, revocationDate, invalidityDate);
String msg = "CA " + caName;
try {
caManager.revokeCa(caName, revInfo);
println("revoked " + msg);
return null;
} catch (CaMgmtException ex) {
throw new CmdFailure("could not revoke " + msg + ", error: " + ex.getMessage(), ex);
}
}
Also used :
CertRevocationInfo(org.xipki.security.CertRevocationInfo)
CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException)
CmdFailure(org.xipki.console.karaf.CmdFailure)
IllegalCmdParamException(org.xipki.console.karaf.IllegalCmdParamException)
CrlReason(org.xipki.security.CrlReason)
Date(java.util.Date)
Aggregations
CertRevocationInfo (org.xipki.security.CertRevocationInfo)14
Date (java.util.Date)9
PreparedStatement (java.sql.PreparedStatement)8
SQLException (java.sql.SQLException)8
DERPrintableString (org.bouncycastle.asn1.DERPrintableString)7
OperationException (org.xipki.ca.api.OperationException)7
DEROctetString (org.bouncycastle.asn1.DEROctetString)6
ResultSet (java.sql.ResultSet)5
CrlReason (org.xipki.security.CrlReason)5
X509Certificate (java.security.cert.X509Certificate)4
X509CertWithDbId (org.xipki.ca.api.X509CertWithDbId)3
CaMgmtException (org.xipki.ca.server.mgmt.api.CaMgmtException)3
X509CertificateInfo (org.xipki.ca.api.publisher.x509.X509CertificateInfo)2
CertStatusInfo (org.xipki.ocsp.api.CertStatusInfo)2
OcspStoreException (org.xipki.ocsp.api.OcspStoreException)2
File (java.io.File)1
FileInputStream (java.io.FileInputStream)1
IOException (java.io.IOException)1
BigInteger (java.math.BigInteger)1
CertificateException (java.security.cert.CertificateException)1
