public void commitNextCrlNo(NameId ca, long nextCrlNo) throws OperationException { try { queryExecutor.commitNextCrlNoIfLess(ca, nextCrlNo); } catch (CaMgmtException ex) { if (ex.getCause() instanceof DataAccessException) { throw new OperationException(ErrorCode.DATABASE_FAILURE, ex.getMessage()); } else { throw new OperationException(ErrorCode.SYSTEM_FAILURE, ex.getMessage()); } } catch (RuntimeException ex) { throw new OperationException(ErrorCode.SYSTEM_FAILURE, ex.getMessage()); } }
private PreparedStatement borrowPreparedStatement(String sqlQuery) throws OperationException { try { return datasource.prepareStatement(sqlQuery); } catch (DataAccessException ex) { LOG.debug("DataAccessException", ex); throw new OperationException(DATABASE_FAILURE, ex.getMessage()); } } // method borrowPreparedStatement
public void removeCert(CmpRequestorInfo requestor, BigInteger serialNumber, RequestType reqType, String msgId) throws OperationException { Args.notNull(requestor, "requestor"); try { checkPermission(requestor, PermissionConstants.REMOVE_CERT); } catch (InsuffientPermissionException ex) { throw new OperationException(ErrorCode.NOT_PERMITTED, ex.getMessage()); } CertWithDbId returnedObj = getCa().removeCert(serialNumber, msgId); if (returnedObj == null) { throw new OperationException(ErrorCode.UNKNOWN_CERT, "cert not exists"); } }
public void addRequestCert(long requestId, long certId) throws OperationException { final String sql = SQL_ADD_REQCERT; long id = idGenerator.nextId(); PreparedStatement ps = borrowPreparedStatement(sql); try { ps.setLong(1, id); ps.setLong(2, requestId); ps.setLong(3, certId); ps.executeUpdate(); } catch (SQLException ex) { throw new OperationException(DATABASE_FAILURE, datasource.translate(sql, ex).getMessage()); } finally { datasource.releaseResources(ps, null); } }
public void removeFromPublishQueue(NameId publisher, long certId) throws OperationException { final String sql = SQL_REMOVE_PUBLISHQUEUE; PreparedStatement ps = borrowPreparedStatement(sql); try { ps.setInt(1, publisher.getId()); ps.setLong(2, certId); ps.executeUpdate(); } catch (SQLException ex) { throw new OperationException(DATABASE_FAILURE, datasource.translate(sql, ex).getMessage()); } finally { datasource.releaseResources(ps, null); } }
public long getCountOfCerts(NameId ca, boolean onlyRevoked) throws OperationException { final String sql = onlyRevoked ? "SELECT COUNT(*) FROM CERT WHERE CA_ID=? AND REV=1" : "SELECT COUNT(*) FROM CERT WHERE CA_ID=?"; ResultSet rs = null; PreparedStatement ps = borrowPreparedStatement(sql); try { ps.setInt(1, ca.getId()); rs = ps.executeQuery(); rs.next(); return rs.getLong(1); } catch (SQLException ex) { throw new OperationException(DATABASE_FAILURE, datasource.translate(sql, ex).getMessage()); } finally { datasource.releaseResources(ps, rs); } }
public void clearDeltaCrlCache(NameId ca, long maxId) throws OperationException { final String sql = SQL_CLEAR_DELTACRL_CACHE; PreparedStatement ps = borrowPreparedStatement(sql); try { ps.setLong(1, maxId + 1); ps.setInt(2, ca.getId()); ps.executeUpdate(); } catch (SQLException ex) { throw new OperationException(DATABASE_FAILURE, datasource.translate(sql, ex).getMessage()); } finally { datasource.releaseResources(ps, null); } }
public void deleteUnreferencedRequests() throws OperationException { final String sql = SQL_DELETE_UNREFERENCED_REQUEST; PreparedStatement ps = borrowPreparedStatement(sql); ResultSet rs = null; try { ps.executeUpdate(); } catch (SQLException ex) { throw new OperationException(DATABASE_FAILURE, datasource.translate(sql, ex).getMessage()); } finally { datasource.releaseResources(ps, rs); } }
public boolean isCertForSubjectIssued(NameId ca, long subjectFp) throws OperationException { Args.notNull(ca, "ca"); String sql = sqlCertforSubjectIssued; ResultSet rs = null; PreparedStatement ps = borrowPreparedStatement(sql); try { ps.setInt(1, ca.getId()); ps.setLong(2, subjectFp); rs = ps.executeQuery(); return rs.next(); } catch (SQLException ex) { throw new OperationException(DATABASE_FAILURE, datasource.translate(sql, ex).getMessage()); } finally { datasource.releaseResources(ps, rs); } }
public boolean isCertForKeyIssued(NameId ca, long keyFp) throws OperationException { Args.notNull(ca, "ca"); String sql = sqlCertForKeyIssued; ResultSet rs = null; PreparedStatement ps = borrowPreparedStatement(sql); try { ps.setInt(1, ca.getId()); ps.setLong(2, keyFp); rs = ps.executeQuery(); return rs.next(); } catch (SQLException ex) { throw new OperationException(DATABASE_FAILURE, datasource.translate(sql, ex).getMessage()); } finally { datasource.releaseResources(ps, rs); } }
public void addToPublishQueue(NameId publisher, long certId, NameId ca) throws OperationException { Args.notNull(ca, "ca"); final String sql = SQL_INSERT_PUBLISHQUEUE; PreparedStatement ps = borrowPreparedStatement(sql); try { ps.setInt(1, publisher.getId()); ps.setInt(2, ca.getId()); ps.setLong(3, certId); ps.executeUpdate(); } catch (SQLException ex) { throw new OperationException(DATABASE_FAILURE, datasource.translate(sql, ex).getMessage()); } finally { datasource.releaseResources(ps, null); } }
public void checkCsr(CertificationRequest csr) throws OperationException { Args.notNull(csr, "csr"); if (!caManager.getSecurityFactory().verifyPopo(csr, getCmpControl().getPopoAlgoValidator())) { LOG.warn("could not validate POP for the pkcs#10 requst"); throw new OperationException(BAD_POP); } }
public CertWithDbId removeCert(BigInteger serialNumber, String msgId) throws OperationException { if (caInfo.isSelfSigned() && caInfo.getSerialNumber().equals(serialNumber)) { throw new OperationException(NOT_PERMITTED, "insufficient permission to remove CA certificate"); } AuditEvent event = newPerfAuditEvent(CaAuditConstants.TYPE_remove_cert, msgId); boolean successful = true; try { CertWithDbId ret = removeCert0(serialNumber, event); successful = (ret != null); return ret; } finally { finish(event, successful); } } // method removeCertificate
public CertWithDbId unrevokeCert(BigInteger serialNumber, String msgId) throws OperationException { if (caInfo.isSelfSigned() && caInfo.getSerialNumber().equals(serialNumber)) { throw new OperationException(NOT_PERMITTED, "insufficient permission to unrevoke CA certificate"); } AuditEvent event = newPerfAuditEvent(CaAuditConstants.TYPE_unrevoke_cert, msgId); boolean successful = true; try { CertWithDbId ret = unrevokeCert0(serialNumber, false, event); successful = true; return ret; } finally { finish(event, successful); } } // method unrevokeCertificate
private void refreshCa() throws OperationException { try { X509Ca ca = caManager.getX509Ca(caIdent); X509Cert currentCaCert = ca.getCaInfo().getCert(); if (currentCaCert.equals(caCert)) { return; } caCert = currentCaCert; caCertRespBytes = new ScepCaCertRespBytes(currentCaCert.getCert(), responderCert); } catch (CaMgmtException | CertificateException | CMSException ex) { throw new OperationException(ErrorCode.SYSTEM_FAILURE, ex.getMessage()); } }
private SignedData getCert(X509Ca ca, BigInteger serialNumber) throws FailInfoException, OperationException { X509Certificate cert; try { cert = ca.getCert(serialNumber); } catch (CertificateException ex) { final String message = "could not get certificate for CA '" + caIdent + "' and serialNumber=" + LogUtil.formatCsn(serialNumber) + ")"; LogUtil.error(LOG, ex, message); throw new OperationException(ErrorCode.SYSTEM_FAILURE, ex); } if (cert == null) { throw FailInfoException.BAD_CERTID; } return buildSignedData(cert); } // method getCert
private static void checkUserPermission(ByUserRequestorInfo requestor, String certprofile) throws OperationException { int permission = PermissionConstants.ENROLL_CERT; if (!requestor.isPermitted(permission)) { throw new OperationException(ErrorCode.NOT_PERMITTED, PermissionConstants.getTextForCode(permission) + " is not permitted for user " + requestor.getCaHasUser().getUserIdent().getName()); } if (!requestor.isCertprofilePermitted(certprofile)) { throw new OperationException(ErrorCode.NOT_PERMITTED, "Certificate profile " + certprofile + " is not permitted for user " + requestor.getCaHasUser().getUserIdent().getName()); } }
public X509CRL generateCrlOnDemand(CmpRequestorInfo requestor, RequestType reqType, String msgId) throws OperationException { Args.notNull(requestor, "requestor"); try { checkPermission(requestor, PermissionConstants.GEN_CRL); } catch (InsuffientPermissionException ex) { throw new OperationException(ErrorCode.NOT_PERMITTED, ex.getMessage()); } return getCa().generateCrlOnDemand(msgId); }
public CertificateList getCrl(CmpRequestorInfo requestor, BigInteger crlNumber) throws OperationException { Args.notNull(requestor, "requestor"); try { checkPermission(requestor, PermissionConstants.GET_CRL); } catch (InsuffientPermissionException ex) { throw new OperationException(ErrorCode.NOT_PERMITTED, ex.getMessage()); } X509Ca ca = getCa(); return (crlNumber == null) ? ca.getBcCurrentCrl() : ca.getBcCrl(crlNumber); }
private SignedData buildSignedData(X509Certificate cert) throws OperationException { CMSSignedDataGenerator cmsSignedDataGen = new CMSSignedDataGenerator(); try { X509CertificateHolder certHolder = new X509CertificateHolder(cert.getEncoded()); cmsSignedDataGen.addCertificate(certHolder); if (control.isIncludeCaCert()) { refreshCa(); cmsSignedDataGen.addCertificate(caCert.getCertHolder()); } CMSSignedData signedData = cmsSignedDataGen.generate(new CMSAbsentContent()); return SignedData.getInstance(signedData.toASN1Structure().getContent()); } catch (CMSException | IOException | CertificateEncodingException ex) { LogUtil.error(LOG, ex); throw new OperationException(ErrorCode.SYSTEM_FAILURE, ex); } } // method buildSignedData