Package org.ejbca.core.ejb.ca.store

Examples of org.ejbca.core.ejb.ca.store.CertificateData


                                certificateStoreSession.setArchivedStatus(Admin.getInternalAdmin(), data.getCertificateFingerprint());
                        } else {
                                Date revDate = data.getRevocationDate();
                                if (revDate == null) {
                                        data.setRevocationDate(now);
                                        CertificateData certdata = CertificateData.findByFingerprint(entityManager, data.getCertificateFingerprint());
                                        if (certdata == null) {
                                                throw new FinderException("No certificate with fingerprint " + data.getCertificateFingerprint());
                                        }
                                        // Set revocation date in the database
                                        certdata.setRevocationDate(now);
                                }
                        }
                }
                // a full CRL
                byte[] crlBytes = createCRL(admin, ca, revcerts, -1);
View Full Code Here


  }

  public void testCertificateData() {
    LOG.trace(">testCertificateData");
    logMemStats();
    CertificateData entity = new CertificateData();
    entity.setBase64Cert(CLOB_1MiB);
    entity.setCaFingerprint(VARCHAR_250B);
    entity.setCertificateProfileId(BOGUS_INTEGER);
    entity.setExpireDate(0L);
    entity.setFingerprint(VARCHAR_250B);
    entity.setIssuerDN(VARCHAR_250B);
    //setPrivateField(entity, "issuerDN", VARCHAR_250B);
    entity.setRevocationDate(0L);
    entity.setRevocationReason(0);
    entity.setRowProtection(CLOB_10KiB);
    entity.setRowVersion(0);
    entity.setSerialNumber(VARCHAR_250B);
    entity.setStatus(0);
    entity.setSubjectDN(VARCHAR_250B);
    //setPrivateField(entity, "subjectDN", VARCHAR_250B);
    entity.setSubjectKeyId(VARCHAR_250B);
    entity.setTag(VARCHAR_250B);
    entity.setType(0);
    entity.setUpdateTime(Long.valueOf(0L));
    entity.setUsername(VARCHAR_250B);
    storeAndRemoveEntity(entity);
    LOG.trace("<testCertificateData");
  }
View Full Code Here

   
    Query query = ocspEntityManager.createQuery("select a from CertificateData a WHERE a.certificateProfileId=:certificateProfileId order by a.fingerprint asc");
    query.setParameter("certificateProfileId", 1);
    query.setMaxResults(2);
    List<CertificateData> certificateDataList = query.getResultList();
    CertificateData certificateData1 = certificateDataList.get(0);
    CertificateData certificateData2 = certificateDataList.get(1);
    query = ocspEntityManager.createQuery("select a from CertificateData a WHERE a.certificateProfileId=:certificateProfileId order by a.fingerprint desc");
    query.setParameter("certificateProfileId", 1);
    query.setMaxResults(1);
    CertificateData certificateData3 = (CertificateData) query.getSingleResult();

    ocspEntityManager.getTransaction().begin();
    ocspEntityManager.remove(certificateData1);
    ocspEntityManager.getTransaction().commit();
    int result = new OcspMonitoringTool().executeInternal(args);
View Full Code Here

  public void test03DetectAddedFakes() throws Exception {
    log.trace(">test03DetectAddedFakes");
    Query query = ocspEntityManager.createQuery("select a from CertificateData a WHERE a.certificateProfileId=:certificateProfileId");
    query.setParameter("certificateProfileId", 1);
    query.setMaxResults(1);
    CertificateData fakeCertificateData = (CertificateData) query.getSingleResult();
    ocspEntityManager.clear()// Detach

    fakeCertificateData.setFingerprint("0000000000000000000000000000000000000000");
    ocspEntityManager.getTransaction().begin();
    ocspEntityManager.persist(fakeCertificateData);
    ocspEntityManager.getTransaction().commit();
    int result = new OcspMonitoringTool().executeInternal(args);
    ocspEntityManager.getTransaction().begin();
    ocspEntityManager.remove(fakeCertificateData);
    ocspEntityManager.getTransaction().commit();
    assertTrue("Did not detect fake first cert.", result == -1);

    fakeCertificateData.setFingerprint("8000000000000000000000000000000000000000");
    ocspEntityManager.getTransaction().begin();
    ocspEntityManager.persist(fakeCertificateData);
    ocspEntityManager.getTransaction().commit();
    result = new OcspMonitoringTool().executeInternal(args);
    ocspEntityManager.getTransaction().begin();
    ocspEntityManager.remove(fakeCertificateData);
    ocspEntityManager.getTransaction().commit();
    assertTrue("Did not detect fake middle cert.", result == -1);
   
    fakeCertificateData.setFingerprint("ffffffffffffffffffffffffffffffffffffffff");
    ocspEntityManager.getTransaction().begin();
    ocspEntityManager.persist(fakeCertificateData);
    ocspEntityManager.getTransaction().commit();
    result = new OcspMonitoringTool().executeInternal(args);
    ocspEntityManager.getTransaction().begin();
View Full Code Here

   * Modify an entity in OCSP: set updateTime = now
   */
  public void test04DetectTampering() throws Exception {
    log.trace(">test04DetectTampering");
    ocspEntityManager.getTransaction().begin();
    CertificateData certificateData = CertificateData.getNextBatch(ocspEntityManager, 1, "8", 1).get(0);
    long updateTime = certificateData.getUpdateTime();
    String serialNumber = certificateData.getSerialNumber();
   
    certificateData.setSerialNumber("0");
    certificateData.setUpdateTime(updateTime);
    ocspEntityManager.getTransaction().commit();
    int result = new OcspMonitoringTool().executeInternal(args);
    ocspEntityManager.getTransaction().begin();
    certificateData.setSerialNumber(serialNumber);
    certificateData.setUpdateTime(updateTime);
    ocspEntityManager.merge(certificateData);
    ocspEntityManager.getTransaction().commit();
    assertTrue("Did not detect modified cert.", result == -1);
   
    ocspEntityManager.getTransaction().begin();
    certificateData.setSerialNumber("0");
    certificateData.setUpdateTime(updateTime-1000);
    ocspEntityManager.merge(certificateData);
    ocspEntityManager.getTransaction().commit();
    result = new OcspMonitoringTool().executeInternal(args);
    ocspEntityManager.getTransaction().begin();
    certificateData.setSerialNumber(serialNumber);
    certificateData.setUpdateTime(updateTime);
    ocspEntityManager.merge(certificateData);
    ocspEntityManager.getTransaction().commit();
    assertTrue("Did not detect modified cert.", result == -1);
   
    ocspEntityManager.getTransaction().begin();
    certificateData.setSerialNumber("0");
    certificateData.setUpdateTime(updateTime+1000);
    ocspEntityManager.merge(certificateData);
    ocspEntityManager.getTransaction().commit();
    result = new OcspMonitoringTool().executeInternal(args);
    ocspEntityManager.getTransaction().begin();
    certificateData.setSerialNumber(serialNumber);
    certificateData.setUpdateTime(updateTime);
    ocspEntityManager.merge(certificateData);
    ocspEntityManager.getTransaction().commit();
    assertTrue("Did not detect modified cert.", result == -1);

    ocspEntityManager.getTransaction().begin();
    certificateData.setSerialNumber("0");
    certificateData.setUpdateTime(new Date().getTime());
    ocspEntityManager.merge(certificateData);
    ocspEntityManager.getTransaction().commit();
    result = new OcspMonitoringTool().executeInternal(args);
    ocspEntityManager.getTransaction().begin();
    certificateData.setSerialNumber(serialNumber);
    certificateData.setUpdateTime(updateTime);
    ocspEntityManager.merge(certificateData);
    ocspEntityManager.getTransaction().commit();
    assertTrue("Did not detect modified cert.", result == -1);

    log.trace("<test04DetectTampering");
View Full Code Here

  public void test05OnlyCheckSpecifiedProfileIds() throws Exception {
    log.trace(">test05OnlyCheckSpecifiedProfileIds");
    Query query = ocspEntityManager.createQuery("select a from CertificateData a WHERE a.certificateProfileId=:certificateProfileId");
    query.setParameter("certificateProfileId", 1);
    query.setMaxResults(1);
    CertificateData fakeCertificateData = (CertificateData) query.getSingleResult();
    ocspEntityManager.clear()// Detach

    ocspEntityManager.getTransaction().begin();
    fakeCertificateData.setFingerprint("8000000000000000000000000000000000000000");
    fakeCertificateData.setCertificateProfileId(123456);
    ocspEntityManager.persist(fakeCertificateData);
    ocspEntityManager.getTransaction().commit();
    int result = new OcspMonitoringTool().executeInternal(args);
    ocspEntityManager.getTransaction().begin();
    ocspEntityManager.remove(fakeCertificateData);
View Full Code Here

                  recheckList.add(new RecheckEntry(certificateDataList.get(caRowIndex).getFingerprint(), certificateDataList.get(caRowIndex).getUpdateTime(), i));
              }
              continue;
            }
            // Compare one row from CA database with one row from the current OCSP responder
            CertificateData certificateData = certificateDataList.get(caRowIndex);
            CertificateData ocspCertificateData = ocspCertificateDataList.get(ocspRowIndex);
            if (!certificateData.equals(ocspCertificateData, inclusionMode, strictStatus)) {
              int test = certificateData.getFingerprint().compareTo(ocspCertificateData.getFingerprint());
                if (log.isDebugEnabled()) {
                log.debug("cd.fp=" + certificateData.getFingerprint() +" ocd.fp=" + ocspCertificateData.getFingerprint());
                }
              if (test > 0) {
                // Extra row in OCSP database
                  if (log.isDebugEnabled()) {
                  log.debug("An extra cert with fingerprint "+ocspCertificateData.getFingerprint()+" might exist in the OCSP database " + ocspEntityManagerName);
                  }
                  if (ocspCertificateData.getUpdateTime() > new Date().getTime()+timeToConfirmError) {
                  handleError(errorList, ocspEntityManagerNames.get(i), ocspCertificateData.getFingerprint(), ocspCertificateData.getIssuerDN(), ocspCertificateData.getSerialNumber()
                      ,ERROR_NOTEXISTINGCALIMIT);
                  } else {
                  recheckList.add(new RecheckEntry(ocspCertificateData.getFingerprint(), ocspCertificateData.getUpdateTime(), i));
                  }
                ocspRowIndex++;
                continue;
              } else if (test < 0) {
                // Missing row in OCSP database
                  if (log.isDebugEnabled()) {
                  log.debug("A cert with fingerprint "+certificateData.getFingerprint()+" might be missing in the OCSP database " + ocspEntityManagerName);
                  }
                recheckList.add(new RecheckEntry(certificateData.getFingerprint(), certificateData.getUpdateTime(), i));
                caRowIndex++;
                continue;
              } else {
                // Row exists but is not equal
                  if (log.isDebugEnabled()) {
                  log.debug("A cert with fingerprint "+ocspCertificateData.getFingerprint()+" might not be in sync in the OCSP database " + ocspEntityManagerName);
                  }
                if (certificateData.getUpdateTime() == ocspCertificateData.getUpdateTime()) {
                  // Since the time is the same, someone has tampered with the rest of the data
                  handleError(errorList, ocspEntityManagerName, certificateData.getFingerprint(), certificateData.getIssuerDN(), certificateData.getSerialNumber()
                      ,ERROR_TAMPERED);
                } else if (certificateData.getUpdateTime() > ocspCertificateData.getUpdateTime()) {
                  // Might have a pending update for this OCSP, re-check later
                    if (log.isDebugEnabled()) {
                    log.debug("A cert with fingerprint "+ocspCertificateData.getFingerprint()+" might not have been updated in the OCSP database " + ocspEntityManagerName);
                    }
                  recheckList.add(new RecheckEntry(certificateData.getFingerprint(), certificateData.getUpdateTime(), i));
                } else {
                  // An update for this OCSP might have gone through since we read the CA database, re-check later
                    if (log.isDebugEnabled()) {
                    log.debug("A cert with fingerprint "+ocspCertificateData.getFingerprint()+" in the OCSP database " + ocspEntityManagerName + " might not have been updated in the CA database.");
                    }
                    if (ocspCertificateData.getUpdateTime() > new Date().getTime()+timeToConfirmError) {
                    handleError(errorList, ocspEntityManagerNames.get(i), ocspCertificateData.getFingerprint(), ocspCertificateData.getIssuerDN(), ocspCertificateData.getSerialNumber()
                        ,ERROR_NOTEXISTINGCALIMIT);
                    } else {
                    recheckList.add(new RecheckEntry(ocspCertificateData.getFingerprint(), ocspCertificateData.getUpdateTime(), i));
                    }
                }
              }
            }
            ocspRowIndex++;
            caRowIndex++;
          }
        }
        currentFingerprint = certificateDataList.get(certificateDataList.size()-1).getFingerprint();
        recheckList = processRecheckList(recheckList, caEntityManager, ocspEntityManagers, ocspEntityManagerNames, inclusionMode, strictStatus, errorList, timeToConfirmError);
        }
        // Make sure we don't have any unhandled CertificateData at any of the OCSP responders left
      for (int i=0; i<ocspEntityManagers.size(); i++) {
          String ocspCurrentFingerprint = currentFingerprint;
        EntityManager ocspEntityManager = ocspEntityManagers.get(i);
        List<CertificateData> ocspCertificateDataList;
          while ( (ocspCertificateDataList = CertificateData.getNextBatch(ocspEntityManager, certificateProfileId,  ocspCurrentFingerprint, batchSize)) != null
              && ocspCertificateDataList.size()>0) {
            for (CertificateData ocspCertificateData : ocspCertificateDataList) {
            // An update for this OCSP might have gone through since we read the CA database, re-check later
              if (ocspCertificateData.getUpdateTime() > new Date().getTime()+timeToConfirmError) {
              handleError(errorList, ocspEntityManagerNames.get(i), ocspCertificateData.getFingerprint(), ocspCertificateData.getIssuerDN(), ocspCertificateData.getSerialNumber()
                  ,ERROR_NOTEXISTINGCALIMIT);
              } else {
                recheckList.add(new RecheckEntry(ocspCertificateData.getFingerprint(), ocspCertificateData.getUpdateTime(), i));
              }
            }
          ocspCurrentFingerprint = ocspCertificateDataList.get(ocspCertificateDataList.size()-1).getFingerprint();
          }
      }
View Full Code Here

  private List<RecheckEntry> processRecheckList(List<RecheckEntry> recheckList, EntityManager caEntityManager, List<EntityManager> ocspEntityManagers, List<String> ocspEntityManagerNames, boolean inclusionMode, boolean strictStatus, List<String> errorList, long timeToConfirmError) {
    List<RecheckEntry> toKeep = new ArrayList<RecheckEntry>();
    for (RecheckEntry re : recheckList) {
      long now = new Date().getTime();
      if ( (now-re.updateTime) >= timeToConfirmError ) {
        CertificateData certificateData = CertificateData.findByFingerprint(caEntityManager, re.fingerprint);
        if (certificateData==null) {
          CertificateData ocspCertificateData = CertificateData.findByFingerprint(ocspEntityManagers.get(re.ocspEntityManagerIndex), re.fingerprint);
          handleError(errorList, ocspEntityManagerNames.get(re.ocspEntityManagerIndex), re.fingerprint, ocspCertificateData.getIssuerDN(), ocspCertificateData.getSerialNumber()
              ,ERROR_NOTEXISTINGCA);
        } else if (certificateData.getUpdateTime() > re.updateTime) {
            if (log.isDebugEnabled()) {
            log.debug("A newer CertificateData with fingerprint "+certificateData.getFingerprint()+" exist in the CA database. Re-checking later it in list.");
            }
          re.updateTime = certificateData.getUpdateTime();
          toKeep.add(re);
        } else if (certificateData.getUpdateTime() < re.updateTime) {
          handleError(errorList, ocspEntityManagerNames.get(re.ocspEntityManagerIndex), certificateData.getFingerprint(), certificateData.getIssuerDN(), certificateData.getSerialNumber()
              ,ERROR_UPDATEDOCSP);
        } else {
          CertificateData ocspCertificateData = CertificateData.findByFingerprint(ocspEntityManagers.get(re.ocspEntityManagerIndex), re.fingerprint);
          if (ocspCertificateData == null) {
            handleError(errorList, ocspEntityManagerNames.get(re.ocspEntityManagerIndex), certificateData.getFingerprint(), certificateData.getIssuerDN(), certificateData.getSerialNumber()
                ,ERROR_NOTEXISTINGOCSP);
          } else if (ocspCertificateData.getUpdateTime() < certificateData.getUpdateTime()) {
            handleError(errorList, ocspEntityManagerNames.get(re.ocspEntityManagerIndex), certificateData.getFingerprint(), certificateData.getIssuerDN(), certificateData.getSerialNumber()
                ,ERROR_NOTUPDATED);
          } else if (ocspCertificateData.getUpdateTime() > certificateData.getUpdateTime()) {
            certificateData = CertificateData.findByFingerprint(caEntityManager, re.fingerprint);
            if (ocspCertificateData.getUpdateTime() <= certificateData.getUpdateTime()) {
              re.updateTime = certificateData.getUpdateTime();
              toKeep.add(re);
            } else {
              handleError(errorList, ocspEntityManagerNames.get(re.ocspEntityManagerIndex), certificateData.getFingerprint(), certificateData.getIssuerDN(), certificateData.getSerialNumber()
                  ,ERROR_TAMPERED);
View Full Code Here

                        // Read the actual certificate and try to publish it
                        // again
                        // TODO: we might need change fetch-type for all but the
                        // actual cert or a native query w SqlResultSetMapping..
                  
                        CertificateData cd = CertificateData.findByFingerprint(entityManager, fingerprint);

                        if (cd == null) {
                            throw new FinderException();
                        }
                        try {
                          published = publisherQueueSession.storeCertificateNonTransactional(publisher, admin, cd.getCertificate(), username, password, userDataDN,
                              cd.getCaFingerprint(), cd.getStatus(), cd.getType(), cd.getRevocationDate(), cd.getRevocationReason(), cd.getTag(), cd
                              .getCertificateProfileId(), cd.getUpdateTime(), ei);
                        } catch (EJBException e) {
                          final Throwable t = e.getCause();
                          if (t instanceof PublisherException) {
                            throw (PublisherException)t;
                          } else {
View Full Code Here

TOP

Related Classes of org.ejbca.core.ejb.ca.store.CertificateData

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.