MgmtEntry.Ca entry = new MgmtEntry.Ca(new NameId(rs.getInt("ID"), name), rs.getInt("SN_SIZE"), rs.getLong("NEXT_CRLNO"), rs.getString("SIGNER_TYPE"), rs.getString("SIGNER_CONF"), caUris, rs.getInt("NUM_CRLS"), rs.getInt("EXPIRATION_PERIOD")); entry.setCert(generateCert(rs.getString("CERT"))); entry.setStatus(CaStatus.forName(rs.getString("STATUS"))); entry.setMaxValidity(CertValidity.getInstance(rs.getString("MAX_VALIDITY"))); entry.setKeepExpiredCertInDays(rs.getInt("KEEP_EXPIRED_CERT_DAYS")); entry.setCrlSignerName(crlsignerName); entry.setCmpResponderName(cmpResponderName); entry.setScepResponderName(scepResponderName); entry.setExtraControl(new ConfPairs(extraControl).unmodifiable()); entry.setCmpControl(new CmpControl(cmpcontrol)); } catch (InvalidConfException ex) { throw new CaMgmtException("invalid CMP_CONTROL: " + cmpcontrol); if (StringUtil.isNotBlank(crlcontrol)) { try { entry.setCrlControl(new CrlControl(crlcontrol)); } catch (InvalidConfException ex) { throw new CaMgmtException("invalid CRL_CONTROL: " + crlcontrol, ex); entry.setScepControl(new ScepControl(scepcontrol)); } catch (InvalidConfException ex) {
caEntry.getIdent().setId(id + 1); } catch (DataAccessException ex) { throw new CaMgmtException(ex); ps = prepareStatement(sql); int idx = 1; ps.setInt(idx++, caEntry.getIdent().getId()); ps.setString(idx++, caEntry.getIdent().getName()); ps.setString(idx++, caEntry.getSubject()); ps.setInt(idx++, caEntry.getSerialNoBitLen()); ps.setLong(idx++, caEntry.getNextCrlNumber()); ps.setString(idx++, caEntry.getStatus().getStatus()); CaUris caUris = caEntry.getCaUris(); ps.setString(idx++, (caUris == null) ? null : caEntry.getCaUris().getEncoded()); ps.setString(idx++, caEntry.getMaxValidity().toString()); byte[] encodedCert = caEntry.getCert().getEncoded(); ps.setString(idx++, Base64.encodeToString(encodedCert)); ps.setString(idx++, caEntry.getSignerType()); ps.setString(idx++, caEntry.getCrlSignerName()); ps.setString(idx++, caEntry.getCmpResponderName()); ps.setString(idx++, caEntry.getScepResponderName()); CrlControl crlControl = caEntry.getCrlControl(); ps.setString(idx++, (crlControl == null ? null : crlControl.getConf())); CmpControl cmpControl = caEntry.getCmpControl(); ps.setString(idx++, (cmpControl == null ? null : cmpControl.getConf()));
if (caInfos.containsKey(caName)) { MgmtEntry.Ca entryB = caInfos.get(caName).getCaEntry(); if (caEntry.getCert() == null && genSelfIssued != null) { SignerConf signerConf = new SignerConf(caEntry.getSignerConf()); ConcurrentContentSigner signer; try { signer = securityFactory.createSigner(caEntry.getSignerType(), signerConf, (X509Certificate) null); } catch (ObjectCreationException ex) { throw new CaMgmtException(concat("could not create signer for CA ", caName), ex); caEntry.setCert(signer.getCertificate()); if (caEntry.equals(entryB, true, true)) { LOG.info("ignore existed CA {}", caName); } else {
byte[] certBytes; try { certBytes = entry.getCert().getEncoded(); } catch (CertificateEncodingException ex) { throw new CaMgmtException(concat("could not encode CA certificate ", name)); if (entry.getCrlSignerName() != null) { includeCrlSignerNames.add(entry.getCrlSignerName()); ciJaxb.setCrlSignerName(entry.getCrlSignerName()); if (entry.getCmpResponderName() != null) { includeSignerNames.add(entry.getCmpResponderName()); ciJaxb.setCmpResponderName(entry.getCmpResponderName()); if (entry.getScepResponderName() != null) { includeSignerNames.add(entry.getScepResponderName()); ciJaxb.setScepResponderName(entry.getScepResponderName()); if (entry.getCmpControl() != null) { ciJaxb.setCmpControl( new HashMap<>(new ConfPairs(entry.getCmpControl().getConf()).asMap())); if (entry.getCrlControl() != null) { ciJaxb.setCrlControl( new HashMap<>(new ConfPairs(entry.getCrlControl().getConf()).asMap())); if (entry.getScepControl() != null) { ciJaxb.setScepControl( new HashMap<>(new ConfPairs(entry.getScepControl().getConf()).asMap()));
caEntry = new MgmtEntry.Ca(new NameId(null, name), ci.getSnSize(), ci.getNextCrlNo(), expandConf(ci.getSignerType()), getValue(ci.getSignerConf(), zipEntries), caUris, numCrls, exprirationPeriod); caEntry.setCmpControl(new CmpControl( new ConfPairs(ci.getCmpControl()).getEncoded())); caEntry.setCrlControl(new CrlControl( new ConfPairs(ci.getCrlControl()).getEncoded())); caEntry.setScepControl(new ScepControl( new ConfPairs(ci.getScepControl()).getEncoded())); caEntry.setCmpResponderName(ci.getCmpResponderName()); caEntry.setScepResponderName(ci.getScepResponderName()); caEntry.setCrlSignerName(ci.getCrlSignerName()); caEntry.setDuplicateKeyPermitted(ci.isDuplicateKey()); caEntry.setDuplicateSubjectPermitted(ci.isDuplicateSubject()); if (ci.getExtraControl() != null) { caEntry.setExtraControl(new ConfPairs(ci.getExtraControl()).unmodifiable()); caEntry.setKeepExpiredCertInDays(keepExpiredCertDays); caEntry.setMaxValidity(Certprofile.CertValidity.getInstance(ci.getMaxValidity())); caEntry.setPermission(getIntPermission(ci.getPermissions())); caEntry.setProtocolSupport(new ProtocolSupport(ci.getProtocolSupport()));
throw new IllegalCmdParamException("please specify the signerType"); tmpSignerType = caEntry.getSignerType();
CaStatus status = caInfos.get(caName).getCaEntry().getStatus(); if (CaStatus.ACTIVE != status) { continue;
MgmtEntry.Ca entry = new MgmtEntry.Ca(new NameId(null, caName), snBitLen, nextCrlNumber, signerType, signerConf, caUris, numCrls.intValue(), expirationPeriod.intValue()); entry.setKeepExpiredCertInDays(keepExpiredCertInDays.intValue()); entry.setDuplicateKeyPermitted(duplicateKeyPermitted); entry.setDuplicateSubjectPermitted(duplicateSubjectPermitted); isEnabled(supportRestS, false, "support-rest"), isEnabled(supportScepS, false, "support-scep")); entry.setProtocolSupport(protocolSupport); entry.setSaveRequest(isEnabled(saveReqS, false, "save-req")); entry.setValidityMode(validityMode); entry.setStatus(CaStatus.forName(caStatus)); entry.setCmpControl(new CmpControl(cmpControl)); entry.setCrlControl(new CrlControl(crlControl)); entry.setScepControl(new ScepControl(scepControl)); entry.setCmpResponderName(cmpResponderName); entry.setCmpResponderName(scepResponderName); entry.setCrlSignerName(crlSignerName);
int numCrls = caEntry.getNumCrls(); String signerType = caEntry.getSignerType(); int expirationPeriod = caEntry.getExpirationPeriod(); if (expirationPeriod < 0) { System.err.println("invalid expirationPeriod: " + expirationPeriod); : RandomSerialNumberGenerator.getInstance().nextSerialNumber(caEntry.getSerialNoBitLen()); caEntry.getSignerConf(), certprofile, csr, serialOfThisCert, caEntry.getCaUris(), caEntry.getExtraControl()); } catch (OperationException | InvalidConfException ex) { throw new CaMgmtException(concat(ex.getClass().getName(), ": ", ex.getMessage()), ex); String name = caEntry.getIdent().getName(); long nextCrlNumber = caEntry.getNextCrlNumber(); MgmtEntry.Ca entry = new MgmtEntry.Ca(new NameId(null, name), caEntry.getSerialNoBitLen(), nextCrlNumber, signerType, signerConf, caEntry.getCaUris(), numCrls, expirationPeriod); entry.setCert(caCert); entry.setCmpControl(caEntry.getCmpControl()); entry.setCrlControl(caEntry.getCrlControl()); entry.setScepControl(caEntry.getScepControl()); entry.setCmpResponderName(caEntry.getCmpResponderName()); entry.setScepResponderName(caEntry.getScepResponderName()); entry.setCrlSignerName(caEntry.getCrlSignerName()); entry.setDuplicateKeyPermitted(caEntry.isDuplicateKeyPermitted()); entry.setDuplicateSubjectPermitted(caEntry.isDuplicateSubjectPermitted()); entry.setExtraControl(caEntry.getExtraControl());
Args.notNull(caEntry, "caEntry"); asssertMasterMode(); NameId ident = caEntry.getIdent(); String name = ident.getName(); String origSignerConf = caEntry.getSignerConf(); String newSignerConf = canonicalizeSignerConf(caEntry.getSignerType(), origSignerConf, null, securityFactory); if (!origSignerConf.equals(newSignerConf)) { caEntry.setSignerConf(newSignerConf); List<String[]> signerConfs = MgmtEntry.Ca.splitCaSignerConfs(caEntry.getSignerConf()); ConcurrentContentSigner signer; for (String[] m : signerConfs) { SignerConf signerConf = new SignerConf(m[1]); signer = securityFactory.createSigner(caEntry.getSignerType(), signerConf, caEntry.getCert()); if (caEntry.getCert() == null) { if (signer.getCertificate() == null) { throw new CaMgmtException("CA signer without certificate is not allowed"); caEntry.setCert(signer.getCertificate());
public CaEntryWrapper(MgmtEntry.Ca caEntry) { ident = caEntry.getIdent(); status = caEntry.getStatus(); maxValidity = caEntry.getMaxValidity(); signerType = caEntry.getSignerType(); signerConf = caEntry.getSignerConf(); if (caEntry.getScepControl() != null) { scepControl = caEntry.getScepControl().getConf(); if (caEntry.getCrlControl() != null) { crlControl = caEntry.getCrlControl().getConf(); crlSignerName = caEntry.getCrlSignerName(); if (caEntry.getCmpControl() != null) { cmpControl = caEntry.getCmpControl().getConf(); cmpResponderName = caEntry.getCmpResponderName(); scepResponderName = caEntry.getScepResponderName(); duplicateKeyPermitted = caEntry.isDuplicateKeyPermitted(); duplicateSubjectPermitted = caEntry.isDuplicateSubjectPermitted(); protocolSupport = caEntry.getProtocoSupport(); saveRequest = caEntry.isSaveRequest(); validityMode = caEntry.getValidityMode(); permission = caEntry.getPermission(); expirationPeriod = caEntry.getExpirationPeriod(); keepExpiredCertInDays = caEntry.getKeepExpiredCertInDays(); if (caEntry.getExtraControl() != null) { extraControl = caEntry.getExtraControl().getEncoded();
public MgmtEntry.Ca toCaEntry() throws CertificateException, CaMgmtException, InvalidConfException { MgmtEntry.Ca rv = new MgmtEntry.Ca(ident, serialNoBitLen, nextCrlNumber, signerType, signerConf, caUris, numCrls, expirationPeriod); if (certBytes != null) { rv.setCert(X509Util.parseCert(certBytes)); rv.setCmpControl(new CmpControl(cmpControl)); rv.setCmpResponderName(cmpResponderName); rv.setCrlControl(new CrlControl(crlControl)); rv.setCrlSignerName(crlSignerName); rv.setDuplicateKeyPermitted(duplicateKeyPermitted); rv.setDuplicateSubjectPermitted(duplicateSubjectPermitted); rv.setExtraControl(new ConfPairs(extraControl)); rv.setKeepExpiredCertInDays(keepExpiredCertInDays); rv.setMaxValidity(maxValidity); rv.setNextCrlNumber(nextCrlNumber); rv.setPermission(permission); rv.setProtocolSupport(protocolSupport); rv.setRevocationInfo(revocationInfo); rv.setSaveRequest(saveRequest); if (scepControl != null) {
List<String[]> signerConfs = MgmtEntry.Ca.splitCaSignerConfs(caEntry.getSignerConf()); ConcurrentContentSigner signer; try { signer = securityFactory.createSigner(caEntry.getSignerType(), signerConf, caEntry.getCert()); if (dfltSigner == null) { dfltSigner = signer;
@Override protected Object execute0() throws Exception { StringBuilder sb = new StringBuilder(); if (name == null) { sb.append("successful CAs:\n"); String prefix = " "; printCaNames(sb, caManager.getSuccessfulCaNames(), prefix); sb.append("failed CAs:\n"); printCaNames(sb, caManager.getFailedCaNames(), prefix); sb.append("inactive CAs:\n"); printCaNames(sb, caManager.getInactiveCaNames(), prefix); } else { MgmtEntry.Ca entry = caManager.getCa(name); if (entry == null) { throw new CmdFailure("could not find CA '" + name + "'"); } else { if (CaStatus.ACTIVE == entry.getStatus()) { boolean started = caManager.getSuccessfulCaNames().contains(entry.getIdent().getName()); sb.append("started: ").append(started).append("\n"); } Set<String> aliases = caManager.getAliasesForCa(name); sb.append("aliases: ").append(toString(aliases)).append("\n"); sb.append(entry.toString(verbose.booleanValue())); } } println(sb.toString()); return null; } // method execute0
@Override public void changeCa(MgmtEntry.ChangeCa entry) throws CaMgmtException { Args.notNull(entry, "entry"); asssertMasterMode(); String name = entry.getIdent().getName(); NameId ident = idNameMap.getCa(name); if (ident == null) { throw new CaMgmtException("Unknown CA " + name); } entry.getIdent().setId(ident.getId()); queryExecutor.changeCa(entry, caInfos.get(name).getCaEntry(), securityFactory); if (createCa(name)) { CaInfo caInfo = caInfos.get(name); if (CaStatus.ACTIVE != caInfo.getCaEntry().getStatus()) { return; } if (startCa(name)) { LOG.info("started CA {}", name); } else { LOG.error("could not start CA {}", name); } } else { LOG.error("could not create CA {}", name); } } // method changeCa
public SingleCa(String name, GenSelfIssued genSelfIssued, MgmtEntry.Ca caEntry, List<String> aliases, List<String> profileNames, List<MgmtEntry.CaHasRequestor> requestors, List<MgmtEntry.CaHasUser> users, List<String> publisherNames) { this.name = Args.notBlank(name, "name"); if (genSelfIssued != null) { if (caEntry == null) { throw new IllegalArgumentException( "caEntry may not be null if genSelfIssued is non-null"); } if (caEntry instanceof MgmtEntry.Ca) { if (((MgmtEntry.Ca) caEntry).getCert() != null) { throw new IllegalArgumentException( "caEntry.cert may not be null if genSelfIssued is non-null"); } } } this.genSelfIssued = genSelfIssued; this.caEntry = caEntry; this.aliases = aliases; this.profileNames = profileNames; this.requestors = requestors; this.users = users; this.publisherNames = publisherNames; }
@Override protected Set<String> getEnums() { Set<String> caNames; try { caNames = caManager.getCaNames(); } catch (CaMgmtException ex) { return Collections.emptySet(); } Set<String> ret = new HashSet<>(); for (String name : caNames) { MgmtEntry.Ca caEntry; try { caEntry = caManager.getCa(name); } catch (CaMgmtException ex) { continue; } X509Certificate cert = caEntry.getCert(); if (cert.getIssuerX500Principal().equals(cert.getSubjectX500Principal())) { ret.add(name); } } return ret; }
protected BigInteger getSerialNumber() throws CmdFailure, IllegalCmdParamException, CertificateException, IOException, CaMgmtException { MgmtEntry.Ca ca = caManager.getCa(caName); if (ca == null) { throw new CmdFailure("CA " + caName + " not available"); } BigInteger serialNumber; if (serialNumberS != null) { serialNumber = toBigInt(serialNumberS); } else if (certFile != null) { X509Certificate caCert = ca.getCert(); X509Certificate cert = X509Util.parseCert(new File(certFile)); if (!X509Util.issues(caCert, cert)) { throw new CmdFailure("certificate '" + certFile + "' is not issued by CA " + caName); } serialNumber = cert.getSerialNumber(); } else { throw new IllegalCmdParamException("neither serialNumber nor certFile is specified"); } return serialNumber; }
public CaInfo(MgmtEntry.Ca caEntry, CertStore certStore) throws OperationException { this.caEntry = Args.notNull(caEntry, "caEntry"); this.certStore = Args.notNull(certStore, "certStore"); X509Certificate cert = caEntry.getCert(); this.notBefore = cert.getNotBefore(); this.notAfter = cert.getNotAfter(); this.serialNumber = cert.getSerialNumber(); this.selfSigned = cert.getIssuerX500Principal().equals(cert.getSubjectX500Principal()); Certificate bcCert; try { byte[] encodedCert = cert.getEncoded(); bcCert = Certificate.getInstance(encodedCert); } catch (CertificateEncodingException ex) { throw new OperationException(ErrorCode.SYSTEM_FAILURE, "could not encode the CA certificate"); } this.certInCmpFormat = new CMPCertificate(bcCert); this.publicCaInfo = new PublicCaInfo(cert, caEntry.getCaUris(), caEntry.getExtraControl()); this.noNewCertificateAfter = notAfter.getTime() - MS_PER_DAY * caEntry.getExpirationPeriod(); this.randomSnGenerator = RandomSerialNumberGenerator.getInstance(); } // constructor
@Override protected Object execute0() throws Exception { MgmtEntry.Ca caEntry = getCaEntry(); byte[] csr = IoUtil.read(csrFile); BigInteger serialNumber = null; if (serialS != null) { serialNumber = toBigInt(serialS); } X509Certificate rootcaCert = caManager.generateRootCa(caEntry, rootcaProfile, csr, serialNumber); if (rootcaCertOutFile != null) { saveVerbose("saved root certificate to file", rootcaCertOutFile, encodeCert(rootcaCert.getEncoded(), outform)); } println("generated root CA " + caEntry.getIdent().getName()); return null; }