Java > Open Source Codes > org > ejbca > core > model > ca > publisher > ExternalOCSPPublisher


1 /*************************************************************************
2  * *
3  * EJBCA: The OpenSource Certificate Authority *
4  * *
5  * This software is free software; you can redistribute it and/or *
6  * modify it under the terms of the GNU Lesser General Public *
7  * License as published by the Free Software Foundation; either *
8  * version 2.1 of the License, or any later version. *
9  * *
10  * See terms of license at gnu.org. *
11  * *
12  *************************************************************************/
13
14 package org.ejbca.core.model.ca.publisher;
15
16 import java.security.cert.Certificate ;
17 import java.security.cert.X509Certificate ;
18 import java.sql.PreparedStatement ;
19 import java.sql.SQLException ;
20 import java.util.Properties ;
21
22 import org.apache.commons.lang.StringUtils;
23 import org.apache.log4j.Logger;
24 import org.ejbca.core.ejb.ServiceLocator;
25 import org.ejbca.core.ejb.protect.TableProtectSessionHome;
26 import org.ejbca.core.ejb.protect.TableProtectSessionRemote;
27 import org.ejbca.core.model.InternalResources;
28 import org.ejbca.core.model.SecConst;
29 import org.ejbca.core.model.ca.store.CertificateInfo;
30 import org.ejbca.core.model.log.Admin;
31 import org.ejbca.core.model.ra.ExtendedInformation;
32 import org.ejbca.util.Base64;
33 import org.ejbca.util.CertTools;
34 import org.ejbca.util.JDBCUtil;
35
36 /**
37  * Publisher writing certificates to an external Database, used by external OCSP responder.
38  *
39  * @author lars
40  * @version $Id: ExternalOCSPPublisher.java,v 1.12 2006/12/13 10:34:08 anatom Exp $
41  *
42  */
43 public class ExternalOCSPPublisher implements ICustomPublisher {
44
45     private static final Logger log = Logger.getLogger(ExternalOCSPPublisher.class);
46     /** Internal localization of logs and errors */
47     private static final InternalResources intres = InternalResources.getInstance();
48
49     private String dataSource;
50     private boolean protect = false;
51
52     /**
53      *
54      */
55     public ExternalOCSPPublisher() {
56         super();
57     }
58
59     /* (non-Javadoc)
60      * @see se.anatom.ejbca.ca.publisher.ICustomPublisher#init(java.util.Properties)
61      */
62     public void init(Properties properties) {
63         dataSource = properties.getProperty("dataSource");
64         String prot = properties.getProperty("protect");
65         if (StringUtils.equalsIgnoreCase(prot, "true")) {
66             protect = true;
67         }
68         log.debug("dataSource='"+dataSource+"'.");
69     }
70
71     protected class StoreCertPreparer implements JDBCUtil.Preparer {
72         final Certificate incert;
73         final String username;
74         final String cafp;
75         final int status;
76         final int type;
77         final long revocationDate;
78         final int reason;
79         StoreCertPreparer(Certificate ic,
80                           String un, String cf, int s, long d, int r, int t) {
81             super();
82             incert = ic;
83             username = un;
84             cafp = cf;
85             status = s;
86             type = t;
87             revocationDate = d;
88             reason = r;
89         }
90         public void prepare(PreparedStatement ps) throws Exception {
91             ps.setString(1, new String (Base64.encode(incert.getEncoded(), true)));
92             ps.setString(2, CertTools.getSubjectDN((X509Certificate )incert));
93             ps.setString(3, CertTools.getIssuerDN((X509Certificate )incert));
94             ps.setString(4, cafp);
95             ps.setString(5, ((X509Certificate )incert).getSerialNumber().toString());
96             ps.setInt(6, status);
97             ps.setInt(7, type);
98             ps.setString(8, username);
99             ps.setLong(9, ((X509Certificate )incert).getNotAfter().getTime());
100             ps.setLong(10, revocationDate);
101             ps.setInt(11, reason);
102             ps.setString(12,CertTools.getFingerprintAsString((X509Certificate )incert));
103         }
104         public String getInfoString() {
105             return "Store:, Username: "+username+", Issuer:"+CertTools.getIssuerDN((X509Certificate )incert)+", Serno: "+((X509Certificate )incert).getSerialNumber().toString()+", Subject: "+CertTools.getSubjectDN((X509Certificate )incert);
106         }
107     }
108
109     /* (non-Javadoc)
110      * @see se.anatom.ejbca.ca.publisher.ICustomPublisher#storeCertificate(se.anatom.ejbca.log.Admin, java.security.cert.Certificate, java.lang.String, java.lang.String, java.lang.String, int, int, se.anatom.ejbca.ra.ExtendedInformation)
111      */
112     public boolean storeCertificate(Admin admin, Certificate incert,
113                                     String username, String password,
114                                     String cafp, int status, int type, long revocationDate, int revocationReason,
115                                     ExtendedInformation extendedinformation)
116     throws PublisherException {
117         boolean fail = true;
118         if (log.isDebugEnabled()) {
119             String fingerprint = CertTools.getFingerprintAsString((X509Certificate )incert);
120             log.debug("Publishing certificate with fingerprint "+fingerprint+", status "+status+", type "+type+" to external OCSP");
121         }
122         StoreCertPreparer prep = new StoreCertPreparer(incert, username, cafp, status, revocationDate, revocationReason, type);
123         try {
124             JDBCUtil.execute( "INSERT INTO CertificateData (base64Cert,subjectDN,issuerDN,cAFingerprint,serialNumber,status,type,username,expireDate,revocationDate,revocationReason,fingerprint) VALUES (?,?,?,?,?,?,?,?,?,?,?,?);",
125                     prep, dataSource);
126             fail = false;
127         } catch (Exception e) {
128             // If it is an SQL exception, we probably had a duplicate key, so we are actually trying to re-publish
129 if (e instanceof SQLException ) {
130                 String msg = intres.getLocalizedMessage("publisher.entryexists");
131                 log.info(msg);
132                 //JDBCPreparer uprep = new UpdatePreparer(incert, status, revocationDate, revocationReason);
133 StoreCertPreparer uprep = new StoreCertPreparer(incert, username, cafp, status, revocationDate, revocationReason, type);
134                 try {
135                     JDBCUtil.execute( "UPDATE CertificateData SET base64Cert=?,subjectDN=?,issuerDN=?,cAFingerprint=?,serialNumber=?,status=?,type=?,username=?,expireDate=?,revocationDate=?,revocationReason=? WHERE fingerprint=?;",
136                             uprep, dataSource );
137                     fail = false;
138                 } catch (Exception ue) {
139                     String lmsg = intres.getLocalizedMessage("publisher.errorextocsppubl", uprep.getInfoString());
140                     log.error(lmsg, ue);
141                     PublisherException pe = new PublisherException(lmsg);
142                     pe.initCause(ue);
143                     throw pe;
144                 }
145             } else {
146                 String lmsg = intres.getLocalizedMessage("publisher.errorextocsppubl", prep.getInfoString());
147                 log.error(lmsg, e);
148                 PublisherException pe = new PublisherException(lmsg);
149                 pe.initCause(e);
150                 throw pe;
151             }
152         }
153         // If we managed to update the OCSP database, and protection is enabled, we have to update the protection database
154 if (!fail && protect) {
155             X509Certificate cert = (X509Certificate )incert;
156             String fp = CertTools.getFingerprintAsString(cert);
157             String serno = cert.getSerialNumber().toString();
158             String issuer = CertTools.getIssuerDN(cert);
159             String subject = CertTools.getSubjectDN(cert);
160             long expire = cert.getNotAfter().getTime();
161             CertificateInfo entry = new CertificateInfo(fp, cafp, serno, issuer, subject, status, type, expire, revocationDate, revocationReason);
162             TableProtectSessionHome home = (TableProtectSessionHome)ServiceLocator.getInstance().getRemoteHome("TableProtectSession", TableProtectSessionHome.class);
163             try {
164                 TableProtectSessionRemote remote = home.create();
165                 remote.protectExternal(admin, entry, dataSource);
166             } catch (Exception e) {
167                 String msg = intres.getLocalizedMessage("protect.errorcreatesession");
168                 log.error(msg, e);
169             }
170
171         }
172         return true;
173     }
174
175     /* Does nothing, this publisher only publishes Certificates.
176      * @see se.anatom.ejbca.ca.publisher.ICustomPublisher#storeCRL(se.anatom.ejbca.log.Admin, byte[], java.lang.String, int)
177      */
178     public boolean storeCRL(Admin admin, byte[] incrl, String cafp, int number)
179     throws PublisherException {
180         return true;
181     }
182
183     protected class UpdatePreparer implements JDBCUtil.Preparer {
184         final Certificate cert;
185         final int reason;
186         final int status;
187         final long date;
188         UpdatePreparer(Certificate c, int s, long d, int r) {
189             cert = c;
190             reason = r;
191             date = d;
192             status = s;
193         }
194         public void prepare(PreparedStatement ps) throws Exception {
195             ps.setInt(1, status);
196             ps.setLong(2, date);
197             ps.setInt(3, reason);
198             ps.setString(4, CertTools.getFingerprintAsString((X509Certificate )cert));
199         }
200         public String getInfoString() {
201             return "Revoke:, Issuer:"+CertTools.getIssuerDN((X509Certificate )cert)+", Serno: "+((X509Certificate )cert).getSerialNumber().toString()+", Subject: "+CertTools.getSubjectDN((X509Certificate )cert);
202             
203         }
204     }
205     /* (non-Javadoc)
206      * @see se.anatom.ejbca.ca.publisher.ICustomPublisher#revokeCertificate(se.anatom.ejbca.log.Admin, java.security.cert.Certificate, int)
207      */
208     public void revokeCertificate(Admin admin, Certificate incert, int reason) throws PublisherException {
209         if (log.isDebugEnabled()) {
210             String fingerprint = CertTools.getFingerprintAsString((X509Certificate )incert);
211             log.debug("Revoking certificate with fingerprint "+fingerprint+", reason "+reason+" in external OCSP");
212         }
213         boolean fail = true;
214         long now = System.currentTimeMillis();
215         UpdatePreparer prep = new UpdatePreparer(incert, 40, now, reason);
216         try {
217             JDBCUtil.execute( "UPDATE CertificateData SET status=?, revocationDate=?, revocationReason=? WHERE fingerprint=?;",
218                      prep, dataSource);
219             fail = false;
220         } catch (Exception e) {
221             String msg = intres.getLocalizedMessage("publisher.errorextocsppubl", prep.getInfoString());
222             log.error(msg, e);
223             PublisherException pe = new PublisherException(msg);
224             pe.initCause(e);
225             throw pe;
226         }
227         // If we managed to update the OCSP database, and protection is enabled, we have to update the protection database
228 if (!fail && protect) {
229             X509Certificate cert = (X509Certificate )incert;
230             String fp = CertTools.getFingerprintAsString(cert);
231             String serno = cert.getSerialNumber().toString();
232             String issuer = CertTools.getIssuerDN(cert);
233             String subject = CertTools.getSubjectDN(cert);
234             long expire = cert.getNotAfter().getTime();
235             // Cafp and type we don't have access to here, we don't use them so enter dummy values
236 CertificateInfo entry = new CertificateInfo(fp, null, serno, issuer, subject, 40, SecConst.USER_ENDUSER, expire, now, reason);
237             TableProtectSessionHome home = (TableProtectSessionHome)ServiceLocator.getInstance().getRemoteHome("TableProtectSession", TableProtectSessionHome.class);
238             try {
239                 TableProtectSessionRemote remote = home.create();
240                 remote.protectExternal(admin, entry, dataSource);
241             } catch (Exception e) {
242                 String msg = intres.getLocalizedMessage("protect.errorcreatesession");
243                 log.error(msg, e);
244             }
245         }
246     }
247
248     protected class DoNothingPreparer implements JDBCUtil.Preparer {
249         public void prepare(PreparedStatement ps) {
250         }
251         public String getInfoString() {
252             return null;
253         }
254     }
255     /* (non-Javadoc)
256      * @see se.anatom.ejbca.ca.publisher.ICustomPublisher#testConnection(se.anatom.ejbca.log.Admin)
257      */
258     public void testConnection(Admin admin) throws PublisherConnectionException {
259         try {
260             JDBCUtil.execute("SELECT NOW();", new DoNothingPreparer(), dataSource);
261         } catch (Exception e) {
262             final PublisherConnectionException pce = new PublisherConnectionException("Connection in init failed: "+e.getMessage());
263             pce.initCause(e);
264             throw pce;
265         }
266     }
267 }
268

A to Z: JavaDoc & Examples

---

Daily Java News & Articles

---

Open Source Projects

---

Open Source Codes

---

Free Computer Books

---

Remove Frame

---

Popular Tags