MgmtEntry.Requestor createRequestor(String name) throws CaMgmtException { final String sql = sqlSelectRequestor; PreparedStatement stmt = null; ResultSet rs = null; try { stmt = prepareStatement(sql); stmt.setString(1, name); rs = stmt.executeQuery(); if (!rs.next()) { throw new CaMgmtException("unknown Requestor " + name); } return new MgmtEntry.Requestor(new NameId(rs.getInt("ID"), name), rs.getString("TYPE"), rs.getString("CONF")); } catch (SQLException ex) { throw new CaMgmtException(datasource.translate(sql, ex)); } finally { datasource.releaseResources(stmt, rs); } } // method createRequestor
idNameMap.addRequestor(requestorDbEntry.getIdent()); requestorDbEntries.put(name, requestorDbEntry); RequestorEntryWrapper requestor = new RequestorEntryWrapper();
@Override protected Object execute0() throws Exception { StringBuilder sb = new StringBuilder(); if (name == null) { Set<String> names = caManager.getRequestorNames(); int size = names.size(); if (size == 0 || size == 1) { sb.append((size == 0) ? "no" : "1"); sb.append(" CMP requestor is configured\n"); } else { sb.append(size).append(" CMP requestors are configured:\n"); } List<String> sorted = new ArrayList<>(names); Collections.sort(sorted); for (String entry : sorted) { sb.append("\t").append(entry).append("\n"); } } else { MgmtEntry.Requestor entry = caManager.getRequestor(name); if (entry == null) { throw new CmdFailure("could not find CMP requestor '" + name + "'"); } else { sb.append(entry.toString(verbose.booleanValue())); } } println(sb.toString()); return null; } // method execute0
MgmtEntry.Requestor entryB = requestorDbEntries.get(name); if (entryB != null) { if (entry.equals(entryB, ignoreId)) { LOG.info("ignore existed CMP requestor {}", name); continue;
CaConfType.Requestor type = new CaConfType.Requestor(); type.setName(name); type.setType(entry.getType()); if (MgmtEntry.Requestor.TYPE_CERT.equalsIgnoreCase(entry.getType())) { FileOrBinary fob = createFileOrBinary(zipStream, Base64.decode(entry.getConf()), concat("files/requestor-", name, ".der")); type.setBinaryConf(fob); } else { FileOrValue fov = createFileOrValue(zipStream, entry.getConf(), concat("files/requestor-", name, ".conf")); type.setConf(fov);
new MgmtEntry.Requestor(new NameId(null, m.getName()), m.getType(), conf); addRequestor(en);
void addRequestor(MgmtEntry.Requestor dbEntry) throws CaMgmtException { Args.notNull(dbEntry, "dbEntry"); try { int id = (int) datasource.getMax(null, "REQUESTOR", "ID"); dbEntry.getIdent().setId(id + 1); } catch (DataAccessException ex) { throw new CaMgmtException(ex); } final String sql = "INSERT INTO REQUESTOR (ID,NAME,TYPE,CONF) VALUES (?,?,?,?)"; PreparedStatement ps = null; try { ps = prepareStatement(sql); ps.setInt(1, dbEntry.getIdent().getId()); ps.setString(2, dbEntry.getIdent().getName()); ps.setString(3, dbEntry.getType()); ps.setString(4, dbEntry.getConf()); if (ps.executeUpdate() == 0) { throw new CaMgmtException("could not add requestor " + dbEntry.getIdent()); } if (LOG.isInfoEnabled()) { LOG.info("added requestor '{}': {}", dbEntry.getIdent(), dbEntry.toString(false)); } } catch (SQLException ex) { throw new CaMgmtException(datasource.translate(sql, ex)); } finally { datasource.releaseResources(ps, null); } } // method addRequestor
@Override public void addRequestor(MgmtEntry.Requestor requestorEntry) throws CaMgmtException { Args.notNull(requestorEntry, "requestorEntry"); asssertMasterMode(); String name = requestorEntry.getIdent().getName(); if (requestorDbEntries.containsKey(name)) { throw new CaMgmtException(concat("Requestor named ", name, " exists")); } // encrypt the password PasswordResolver pwdResolver = securityFactory.getPasswordResolver(); if (MgmtEntry.Requestor.TYPE_PBM.equalsIgnoreCase(requestorEntry.getType())) { String conf = requestorEntry.getConf(); if (!StringUtil.startsWithIgnoreCase(conf, "PBE:")) { String encryptedPassword; try { encryptedPassword = pwdResolver.protectPassword("PBE", conf.toCharArray()); } catch (PasswordResolverException ex) { throw new CaMgmtException("could not encrypt requestor " + name, ex); } requestorEntry = new MgmtEntry.Requestor(requestorEntry.getIdent(), requestorEntry.getType(), encryptedPassword); } } RequestorEntryWrapper requestor = new RequestorEntryWrapper(); requestor.setDbEntry(requestorEntry, pwdResolver); queryExecutor.addRequestor(requestorEntry); idNameMap.addRequestor(requestorEntry.getIdent()); requestorDbEntries.put(name, requestorEntry); requestors.put(name, requestor); } // method addRequestor
@Override protected Object execute0() throws Exception { if (!(certFile == null ^ password == null)) { throw new CmdFailure("exactly one of cert and password must be specified"); } MgmtEntry.Requestor entry; if (certFile != null) { X509Certificate cert = X509Util.parseCert(IoUtil.read(certFile)); entry = new MgmtEntry.Requestor(new NameId(null, name), MgmtEntry.Requestor.TYPE_CERT, Base64.encodeToString(cert.getEncoded())); } else { entry = new MgmtEntry.Requestor( new NameId(null, name), MgmtEntry.Requestor.TYPE_PBM, password); String keyId = HashAlgo.SHA1.hexHash(entry.getIdent().getName().getBytes("UTF-8")); println("The key ID is " + keyId); } String msg = "CMP requestor " + name; try { caManager.addRequestor(entry); println("added " + msg); return null; } catch (CaMgmtException ex) { throw new CmdFailure("could not add " + msg + ", error: " + ex.getMessage(), ex); } }
@Override public void removeRequestor(String name) throws CaMgmtException { name = Args.toNonBlankLower(name, "name"); asssertMasterMode(); for (String caName : caHasRequestors.keySet()) { boolean removeMe = false; for (MgmtEntry.CaHasRequestor caHasRequestor : caHasRequestors.get(caName)) { if (caHasRequestor.getRequestorIdent().getName().equals(name)) { removeMe = true; break; } } if (removeMe) { removeRequestorFromCa(name, caName); } } if (!queryExecutor.deleteRowWithName(name, "REQUESTOR")) { throw new CaMgmtException("unknown requestor " + name); } idNameMap.removeRequestor(requestorDbEntries.get(name).getIdent().getId()); requestorDbEntries.remove(name); requestors.remove(name); LOG.info("removed requestor '{}'", name); } // method removeRequestor
public void setDbEntry(MgmtEntry.Requestor dbEntry, PasswordResolver passwordResolver) { this.dbEntry = Args.notNull(dbEntry, "dbEntry"); String type = dbEntry.getType(); String conf = dbEntry.getConf(); dbEntry.setFaulty(true); if (MgmtEntry.Requestor.TYPE_CERT.equalsIgnoreCase(type)) { try { X509Certificate x509Cert = X509Util.parseCert(conf.getBytes()); dbEntry.setFaulty(false); this.cert = new CertWithDbId(x509Cert); } catch (CertificateException ex) { LogUtil.error(LOG, ex, "error while parsing certificate of requestor" + dbEntry.getIdent()); } } else if (MgmtEntry.Requestor.TYPE_PBM.equalsIgnoreCase(type)) { try { this.keyId = HashAlgo.SHA1.hash(dbEntry.getIdent().getName().getBytes("UTF-8")); this.password = passwordResolver.resolvePassword(conf); dbEntry.setFaulty(false); } catch (PasswordResolverException | UnsupportedEncodingException ex) { LogUtil.error(LOG, ex, "error while resolve password of requestor" + dbEntry.getIdent()); } } }
public CmpRequestorInfo getRequestor(X500Name requestorSender) { Set<MgmtEntry.CaHasRequestor> requestorEntries = caManager.getRequestorsForCa(caIdent.getName()); if (CollectionUtil.isEmpty(requestorEntries)) { return null; } for (MgmtEntry.CaHasRequestor m : requestorEntries) { RequestorEntryWrapper entry = caManager.getRequestorWrapper(m.getRequestorIdent().getName()); if (entry.getDbEntry().isFaulty()) { continue; } if (!MgmtEntry.Requestor.TYPE_CERT.equals(entry.getDbEntry().getType())) { continue; } if (entry.getCert().getSubjectAsX500Name().equals(requestorSender)) { return new CmpRequestorInfo(m, entry.getCert()); } } return null; } // method getRequestor
RequestorEntryWrapper changeRequestor(NameId nameId, String type, String conf, PasswordResolver passwordResolver) throws CaMgmtException { Args.notNull(nameId, "nameId"); RequestorEntryWrapper requestor = new RequestorEntryWrapper(); if (MgmtEntry.Requestor.TYPE_PBM.equalsIgnoreCase(type)) { if (!StringUtil.startsWithIgnoreCase(conf, "PBE:")) { try { conf = passwordResolver.protectPassword("PBE", conf.toCharArray()); } catch (PasswordResolverException ex) { throw new CaMgmtException("could not encrypt requestor " + nameId.getName(), ex); } } } requestor.setDbEntry(new MgmtEntry.Requestor(nameId, type, conf), passwordResolver); if (requestor.getDbEntry().isFaulty()) { throw new CaMgmtException("invalid requestor configuration"); } changeIfNotNull("REQUESTOR", col(INT, "ID", nameId.getId()), col(STRING, "TYPE", type), col(STRING, "CONF", conf)); return requestor; } // method changeRequestor
public CmpRequestorInfo getMacRequestor(X500Name sender, byte[] senderKID) { Set<MgmtEntry.CaHasRequestor> requestorEntries = caManager.getRequestorsForCa(caIdent.getName()); if (CollectionUtil.isEmpty(requestorEntries)) { return null; } for (MgmtEntry.CaHasRequestor m : requestorEntries) { RequestorEntryWrapper entry = caManager.getRequestorWrapper(m.getRequestorIdent().getName()); if (!MgmtEntry.Requestor.TYPE_PBM.equals(entry.getDbEntry().getType())) { continue; } if (entry.matchKeyId(senderKID)) { return new CmpRequestorInfo(m, entry.getPassword(), senderKID); } } return null; }
public CmpRequestorInfo getRequestor(X509Certificate requestorCert) { Set<MgmtEntry.CaHasRequestor> requestorEntries = caManager.getRequestorsForCa(caIdent.getName()); if (CollectionUtil.isEmpty(requestorEntries)) { return null; } for (MgmtEntry.CaHasRequestor m : requestorEntries) { RequestorEntryWrapper entry = caManager.getRequestorWrapper(m.getRequestorIdent().getName()); if (!MgmtEntry.Requestor.TYPE_CERT.equals(entry.getDbEntry().getType())) { continue; } if (entry.getCert().getCert().equals(requestorCert)) { return new CmpRequestorInfo(m, entry.getCert()); } } return null; }
public void addRequestor(MgmtEntry.Requestor requestor) { Args.notNull(requestor, "requestor"); this.requestors.put(requestor.getIdent().getName(), requestor); }
@Override public String toString() { return toString(false); }
@Override public boolean equals(Object obj) { if (this == obj) { return true; } else if (!(obj instanceof Requestor)) { return false; } return equals((Requestor) obj, false); }