@Override protected Object execute0() throws Exception { String base64Cert = null; X509Certificate signerCert = null; if (certFile != null) { signerCert = X509Util.parseCert(new File(certFile)); base64Cert = IoUtil.base64Encode(signerCert.getEncoded(), false); } if ("PKCS12".equalsIgnoreCase(type) || "JKS".equalsIgnoreCase(type)) { conf = ShellUtil.canonicalizeSignerConf(type, conf, passwordResolver, securityFactory); } MgmtEntry.Signer entry = new MgmtEntry.Signer(name, type, conf, base64Cert); String msg = "signer " + name; try { caManager.addSigner(entry); println("added " + msg); return null; } catch (CaMgmtException ex) { throw new CmdFailure("could not add " + msg + ", error: " + ex.getMessage(), ex); } }
@Override public void addSigner(MgmtEntry.Signer signerEntry) throws CaMgmtException { Args.notNull(signerEntry, "signerEntry"); asssertMasterMode(); String name = signerEntry.getName(); if (signerDbEntries.containsKey(name)) { throw new CaMgmtException(concat("Signer named ", name, " exists")); } String conf = signerEntry.getConf(); if (conf != null) { String newConf = canonicalizeSignerConf(signerEntry.getType(), conf, null, securityFactory); if (!conf.equals(newConf)) { signerEntry.setConf(newConf); } } SignerEntryWrapper signer = createSigner(signerEntry); queryExecutor.addSigner(signerEntry); signers.put(name, signer); signerDbEntries.put(name, signerEntry); } // method addResponder
@Override protected Object execute0() throws Exception { StringBuilder sb = new StringBuilder(); if (name == null) { Set<String> names = caManager.getSignerNames(); int size = names.size(); if (size == 0 || size == 1) { sb.append((size == 0) ? "no" : "1").append(" signer is configured\n"); } else { sb.append(size).append(" signers are configured:\n"); } List<String> sorted = new ArrayList<>(names); Collections.sort(sorted); for (String entry : sorted) { sb.append("\t").append(entry).append("\n"); } } else { MgmtEntry.Signer entry = caManager.getSigner(name); if (entry == null) { throw new CmdFailure("could not find signer " + name); } else { sb.append(entry.toString(verbose)); } } println(sb.toString()); return null; } // method execute0
MgmtEntry.Signer entryB = signerDbEntries.get(name); if (entryB != null) { if (entry.equals(entryB)) { LOG.info("ignore existed signer {}", name); continue;
CaConfType.Signer conf = new CaConfType.Signer(); conf.setName(name); conf.setType(entry.getType()); conf.setConf(createFileOrValue(zipStream, entry.getConf(), concat("files/signer-", name, ".conf"))); conf.setCert(createFileOrBase64Value(zipStream, entry.getBase64Cert(), concat("files/signer-", name, ".der")));
MgmtEntry.Signer en = new MgmtEntry.Signer(m.getName(), expandConf(m.getType()), getValue(m.getConf(), zipEntries), getBase64Binary(m.getCert(), zipEntries)); addSigner(en);
X509Certificate crlSignerCert; if (caInfo.getCrlSignerName() != null) { crlSignerCert = getCrlSigner().getDbEntry().getCertificate(); } else {
private void initSigners() throws CaMgmtException { if (signerInitialized) { return; } signerDbEntries.clear(); signers.clear(); List<String> names = queryExecutor.namesFromTable("SIGNER"); for (String name : names) { MgmtEntry.Signer entry = queryExecutor.createSigner(name); if (entry == null) { LOG.error("could not initialize signer '{}'", name); continue; } entry.setConfFaulty(true); signerDbEntries.put(name, entry); SignerEntryWrapper signer = createSigner(entry); if (signer != null) { entry.setConfFaulty(false); signers.put(name, signer); LOG.info("loaded signer {}", name); } else { LOG.error("could not load signer {}", name); } } signerInitialized = true; } // method initResponders
MgmtEntry.Signer createSigner(String name) throws CaMgmtException { final String sql = sqlSelectSigner; PreparedStatement stmt = null; ResultSet rs = null; try { stmt = prepareStatement(sql); stmt.setString(1, name); rs = stmt.executeQuery(); if (!rs.next()) { throw new CaMgmtException("unknown signer " + name); } return new MgmtEntry.Signer(name, rs.getString("TYPE"), rs.getString("CONF"), rs.getString("CERT")); } catch (SQLException ex) { throw new CaMgmtException(datasource.translate(sql, ex)); } finally { datasource.releaseResources(stmt, rs); } } // method createResponder
void addSigner(MgmtEntry.Signer dbEntry) throws CaMgmtException { Args.notNull(dbEntry, "dbEntry"); final String sql = "INSERT INTO SIGNER (NAME,TYPE,CERT,CONF) VALUES (?,?,?,?)"; PreparedStatement ps = null; try { ps = prepareStatement(sql); int idx = 1; ps.setString(idx++, dbEntry.getName()); ps.setString(idx++, dbEntry.getType()); ps.setString(idx++, dbEntry.getBase64Cert()); ps.setString(idx++, dbEntry.getConf()); if (ps.executeUpdate() == 0) { throw new CaMgmtException("could not add signer " + dbEntry.getName()); } LOG.info("added signer: {}", dbEntry.toString(false, true)); } catch (SQLException ex) { throw new CaMgmtException(datasource.translate(sql, ex)); } finally { datasource.releaseResources(ps, null); } } // method addSigner
public void initSigner(SecurityFactory securityFactory) throws ObjectCreationException { Args.notNull(securityFactory, "securityFactory"); if (signer != null) { return; } if (dbEntry == null) { throw new ObjectCreationException("dbEntry is null"); } X509Certificate responderCert = dbEntry.getCertificate(); dbEntry.setConfFaulty(true); signer = securityFactory.createSigner(dbEntry.getType(), new SignerConf(dbEntry.getConf()), responderCert); if (signer.getCertificate() == null) { throw new ObjectCreationException("signer without certificate is not allowed"); } dbEntry.setConfFaulty(false); if (dbEntry.getBase64Cert() == null) { dbEntry.setCertificate(signer.getCertificate()); subjectAsX500Name = X500Name.getInstance(signer.getBcCertificate().getSubject()); subjectAsGeneralName = new GeneralName(subjectAsX500Name); } } // method initSigner
SignerEntryWrapper changeSigner(String name, String type, String conf, String base64Cert, CaManagerImpl caManager, SecurityFactory securityFactory) throws CaMgmtException { Args.notBlank(name, "name"); Args.notNull(caManager, "caManager"); MgmtEntry.Signer dbEntry = createSigner(name); String tmpType = (type == null ? dbEntry.getType() : type); if (conf != null) { conf = CaManagerImpl.canonicalizeSignerConf(tmpType, conf, null, securityFactory); } MgmtEntry.Signer newDbEntry = new MgmtEntry.Signer(name, tmpType, (conf == null ? dbEntry.getConf() : conf), (base64Cert == null ? dbEntry.getBase64Cert() : base64Cert)); SignerEntryWrapper responder = caManager.createSigner(newDbEntry); changeIfNotNull("SIGNER", col(STRING, "NAME", name), col(STRING, "TYPE", type), col(STRING, "CERT", base64Cert), col(STRING, "CONF", conf, false, true)); return responder; } // method changeSigner
protected String getSignerConf() throws Exception { if (conf == null) { return null; } String tmpType = type; if (tmpType == null) { MgmtEntry.Signer entry = caManager.getSigner(name); if (entry == null) { throw new IllegalCmdParamException("please specify the type"); } tmpType = entry.getType(); } return ShellUtil.canonicalizeSignerConf(tmpType, conf, passwordResolver, securityFactory); }
public String toString(boolean verbose) { return toString(verbose, true); }
public void addSigner(MgmtEntry.Signer signer) { Args.notNull(signer, "signer"); this.signers.put(signer.getName(), signer); }
@Override public String toString() { return toString(false); }
public void setDbEntry(MgmtEntry.Signer dbEntry) { this.dbEntry = Args.notNull(dbEntry, "dbEntry"); signer = null; if (dbEntry.getCertificate() != null) { subjectAsX500Name = X500Name.getInstance( dbEntry.getCertificate().getSubjectX500Principal().getEncoded()); subjectAsGeneralName = new GeneralName(subjectAsX500Name); } }
public MgmtEntry.Signer toSignerEntry() { String base64Cert = null; if (encodedCert != null) { base64Cert = Base64.encodeToString(encodedCert); } MgmtEntry.Signer ret = new MgmtEntry.Signer(name, type, conf, base64Cert); ret.setConfFaulty(faulty); return ret; } }
public SignerEntryWrapper(MgmtEntry.Signer signerEntry) { this.name = signerEntry.getName(); this.type = signerEntry.getType(); this.conf = signerEntry.getConf(); this.faulty = signerEntry.isFaulty(); if (signerEntry.getBase64Cert() != null) { this.encodedCert = Base64.decode(signerEntry.getBase64Cert()); } }