Package org.ejbca.core.ejb.ca.store

Examples of org.ejbca.core.ejb.ca.store.CertificateData

479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
                                certificateStoreSession.setArchivedStatus(Admin.getInternalAdmin(), data.getCertificateFingerprint());
                        } else {
                                Date revDate = data.getRevocationDate();
                                if (revDate == null) {
                                        data.setRevocationDate(now);
                                        CertificateData certdata = CertificateData.findByFingerprint(entityManager, data.getCertificateFingerprint());
                                        if (certdata == null) {
                                                throw new FinderException("No certificate with fingerprint " + data.getCertificateFingerprint());
                                        }
                                        // Set revocation date in the database
                                        certdata.setRevocationDate(now);
                                }
                        }
                }
                // a full CRL
                byte[] crlBytes = createCRL(admin, ca, revcerts, -1);
View Full Code Here
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
  }

  public void testCertificateData() {
    LOG.trace(">testCertificateData");
    logMemStats();
    CertificateData entity = new CertificateData();
    entity.setBase64Cert(CLOB_1MiB);
    entity.setCaFingerprint(VARCHAR_250B);
    entity.setCertificateProfileId(BOGUS_INTEGER);
    entity.setExpireDate(0L);
    entity.setFingerprint(VARCHAR_250B);
    entity.setIssuerDN(VARCHAR_250B);
    //setPrivateField(entity, "issuerDN", VARCHAR_250B);
    entity.setRevocationDate(0L);
    entity.setRevocationReason(0);
    entity.setRowProtection(CLOB_10KiB);
    entity.setRowVersion(0);
    entity.setSerialNumber(VARCHAR_250B);
    entity.setStatus(0);
    entity.setSubjectDN(VARCHAR_250B);
    //setPrivateField(entity, "subjectDN", VARCHAR_250B);
    entity.setSubjectKeyId(VARCHAR_250B);
    entity.setTag(VARCHAR_250B);
    entity.setType(0);
    entity.setUpdateTime(Long.valueOf(0L));
    entity.setUsername(VARCHAR_250B);
    storeAndRemoveEntity(entity);
    LOG.trace("<testCertificateData");
  }
View Full Code Here
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
   
    Query query = ocspEntityManager.createQuery("select a from CertificateData a WHERE a.certificateProfileId=:certificateProfileId order by a.fingerprint asc");
    query.setParameter("certificateProfileId", 1);
    query.setMaxResults(2);
    List<CertificateData> certificateDataList = query.getResultList();
    CertificateData certificateData1 = certificateDataList.get(0);
    CertificateData certificateData2 = certificateDataList.get(1);
    query = ocspEntityManager.createQuery("select a from CertificateData a WHERE a.certificateProfileId=:certificateProfileId order by a.fingerprint desc");
    query.setParameter("certificateProfileId", 1);
    query.setMaxResults(1);
    CertificateData certificateData3 = (CertificateData) query.getSingleResult();

    ocspEntityManager.getTransaction().begin();
    ocspEntityManager.remove(certificateData1);
    ocspEntityManager.getTransaction().commit();
    int result = new OcspMonitoringTool().executeInternal(args);
View Full Code Here
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
  public void test03DetectAddedFakes() throws Exception {
    log.trace(">test03DetectAddedFakes");
    Query query = ocspEntityManager.createQuery("select a from CertificateData a WHERE a.certificateProfileId=:certificateProfileId");
    query.setParameter("certificateProfileId", 1);
    query.setMaxResults(1);
    CertificateData fakeCertificateData = (CertificateData) query.getSingleResult();
    ocspEntityManager.clear()// Detach

    fakeCertificateData.setFingerprint("0000000000000000000000000000000000000000");
    ocspEntityManager.getTransaction().begin();
    ocspEntityManager.persist(fakeCertificateData);
    ocspEntityManager.getTransaction().commit();
    int result = new OcspMonitoringTool().executeInternal(args);
    ocspEntityManager.getTransaction().begin();
    ocspEntityManager.remove(fakeCertificateData);
    ocspEntityManager.getTransaction().commit();
    assertTrue("Did not detect fake first cert.", result == -1);

    fakeCertificateData.setFingerprint("8000000000000000000000000000000000000000");
    ocspEntityManager.getTransaction().begin();
    ocspEntityManager.persist(fakeCertificateData);
    ocspEntityManager.getTransaction().commit();
    result = new OcspMonitoringTool().executeInternal(args);
    ocspEntityManager.getTransaction().begin();
    ocspEntityManager.remove(fakeCertificateData);
    ocspEntityManager.getTransaction().commit();
    assertTrue("Did not detect fake middle cert.", result == -1);
   
    fakeCertificateData.setFingerprint("ffffffffffffffffffffffffffffffffffffffff");
    ocspEntityManager.getTransaction().begin();
    ocspEntityManager.persist(fakeCertificateData);
    ocspEntityManager.getTransaction().commit();
    result = new OcspMonitoringTool().executeInternal(args);
    ocspEntityManager.getTransaction().begin();
View Full Code Here
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
   * Modify an entity in OCSP: set updateTime = now
   */
  public void test04DetectTampering() throws Exception {
    log.trace(">test04DetectTampering");
    ocspEntityManager.getTransaction().begin();
    CertificateData certificateData = CertificateData.getNextBatch(ocspEntityManager, 1, "8", 1).get(0);
    long updateTime = certificateData.getUpdateTime();
    String serialNumber = certificateData.getSerialNumber();
   
    certificateData.setSerialNumber("0");
    certificateData.setUpdateTime(updateTime);
    ocspEntityManager.getTransaction().commit();
    int result = new OcspMonitoringTool().executeInternal(args);
    ocspEntityManager.getTransaction().begin();
    certificateData.setSerialNumber(serialNumber);
    certificateData.setUpdateTime(updateTime);
    ocspEntityManager.merge(certificateData);
    ocspEntityManager.getTransaction().commit();
    assertTrue("Did not detect modified cert.", result == -1);
   
    ocspEntityManager.getTransaction().begin();
    certificateData.setSerialNumber("0");
    certificateData.setUpdateTime(updateTime-1000);
    ocspEntityManager.merge(certificateData);
    ocspEntityManager.getTransaction().commit();
    result = new OcspMonitoringTool().executeInternal(args);
    ocspEntityManager.getTransaction().begin();
    certificateData.setSerialNumber(serialNumber);
    certificateData.setUpdateTime(updateTime);
    ocspEntityManager.merge(certificateData);
    ocspEntityManager.getTransaction().commit();
    assertTrue("Did not detect modified cert.", result == -1);
   
    ocspEntityManager.getTransaction().begin();
    certificateData.setSerialNumber("0");
    certificateData.setUpdateTime(updateTime+1000);
    ocspEntityManager.merge(certificateData);
    ocspEntityManager.getTransaction().commit();
    result = new OcspMonitoringTool().executeInternal(args);
    ocspEntityManager.getTransaction().begin();
    certificateData.setSerialNumber(serialNumber);
    certificateData.setUpdateTime(updateTime);
    ocspEntityManager.merge(certificateData);
    ocspEntityManager.getTransaction().commit();
    assertTrue("Did not detect modified cert.", result == -1);

    ocspEntityManager.getTransaction().begin();
    certificateData.setSerialNumber("0");
    certificateData.setUpdateTime(new Date().getTime());
    ocspEntityManager.merge(certificateData);
    ocspEntityManager.getTransaction().commit();
    result = new OcspMonitoringTool().executeInternal(args);
    ocspEntityManager.getTransaction().begin();
    certificateData.setSerialNumber(serialNumber);
    certificateData.setUpdateTime(updateTime);
    ocspEntityManager.merge(certificateData);
    ocspEntityManager.getTransaction().commit();
    assertTrue("Did not detect modified cert.", result == -1);

    log.trace("<test04DetectTampering");
View Full Code Here
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
  public void test05OnlyCheckSpecifiedProfileIds() throws Exception {
    log.trace(">test05OnlyCheckSpecifiedProfileIds");
    Query query = ocspEntityManager.createQuery("select a from CertificateData a WHERE a.certificateProfileId=:certificateProfileId");
    query.setParameter("certificateProfileId", 1);
    query.setMaxResults(1);
    CertificateData fakeCertificateData = (CertificateData) query.getSingleResult();
    ocspEntityManager.clear()// Detach

    ocspEntityManager.getTransaction().begin();
    fakeCertificateData.setFingerprint("8000000000000000000000000000000000000000");
    fakeCertificateData.setCertificateProfileId(123456);
    ocspEntityManager.persist(fakeCertificateData);
    ocspEntityManager.getTransaction().commit();
    int result = new OcspMonitoringTool().executeInternal(args);
    ocspEntityManager.getTransaction().begin();
    ocspEntityManager.remove(fakeCertificateData);
View Full Code Here
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
                  recheckList.add(new RecheckEntry(certificateDataList.get(caRowIndex).getFingerprint(), certificateDataList.get(caRowIndex).getUpdateTime(), i));
              }
              continue;
            }
            // Compare one row from CA database with one row from the current OCSP responder
            CertificateData certificateData = certificateDataList.get(caRowIndex);
            CertificateData ocspCertificateData = ocspCertificateDataList.get(ocspRowIndex);
            if (!certificateData.equals(ocspCertificateData, inclusionMode, strictStatus)) {
              int test = certificateData.getFingerprint().compareTo(ocspCertificateData.getFingerprint());
                if (log.isDebugEnabled()) {
                log.debug("cd.fp=" + certificateData.getFingerprint() +" ocd.fp=" + ocspCertificateData.getFingerprint());
                }
              if (test > 0) {
                // Extra row in OCSP database
                  if (log.isDebugEnabled()) {
                  log.debug("An extra cert with fingerprint "+ocspCertificateData.getFingerprint()+" might exist in the OCSP database " + ocspEntityManagerName);
                  }
                  if (ocspCertificateData.getUpdateTime() > new Date().getTime()+timeToConfirmError) {
                  handleError(errorList, ocspEntityManagerNames.get(i), ocspCertificateData.getFingerprint(), ocspCertificateData.getIssuerDN(), ocspCertificateData.getSerialNumber()
                      ,ERROR_NOTEXISTINGCALIMIT);
                  } else {
                  recheckList.add(new RecheckEntry(ocspCertificateData.getFingerprint(), ocspCertificateData.getUpdateTime(), i));
                  }
                ocspRowIndex++;
                continue;
              } else if (test < 0) {
                // Missing row in OCSP database
                  if (log.isDebugEnabled()) {
                  log.debug("A cert with fingerprint "+certificateData.getFingerprint()+" might be missing in the OCSP database " + ocspEntityManagerName);
                  }
                recheckList.add(new RecheckEntry(certificateData.getFingerprint(), certificateData.getUpdateTime(), i));
                caRowIndex++;
                continue;
              } else {
                // Row exists but is not equal
                  if (log.isDebugEnabled()) {
                  log.debug("A cert with fingerprint "+ocspCertificateData.getFingerprint()+" might not be in sync in the OCSP database " + ocspEntityManagerName);
                  }
                if (certificateData.getUpdateTime() == ocspCertificateData.getUpdateTime()) {
                  // Since the time is the same, someone has tampered with the rest of the data
                  handleError(errorList, ocspEntityManagerName, certificateData.getFingerprint(), certificateData.getIssuerDN(), certificateData.getSerialNumber()
                      ,ERROR_TAMPERED);
                } else if (certificateData.getUpdateTime() > ocspCertificateData.getUpdateTime()) {
                  // Might have a pending update for this OCSP, re-check later
                    if (log.isDebugEnabled()) {
                    log.debug("A cert with fingerprint "+ocspCertificateData.getFingerprint()+" might not have been updated in the OCSP database " + ocspEntityManagerName);
                    }
                  recheckList.add(new RecheckEntry(certificateData.getFingerprint(), certificateData.getUpdateTime(), i));
                } else {
                  // An update for this OCSP might have gone through since we read the CA database, re-check later
                    if (log.isDebugEnabled()) {
                    log.debug("A cert with fingerprint "+ocspCertificateData.getFingerprint()+" in the OCSP database " + ocspEntityManagerName + " might not have been updated in the CA database.");
                    }
                    if (ocspCertificateData.getUpdateTime() > new Date().getTime()+timeToConfirmError) {
                    handleError(errorList, ocspEntityManagerNames.get(i), ocspCertificateData.getFingerprint(), ocspCertificateData.getIssuerDN(), ocspCertificateData.getSerialNumber()
                        ,ERROR_NOTEXISTINGCALIMIT);
                    } else {
                    recheckList.add(new RecheckEntry(ocspCertificateData.getFingerprint(), ocspCertificateData.getUpdateTime(), i));
                    }
                }
              }
            }
            ocspRowIndex++;
            caRowIndex++;
          }
        }
        currentFingerprint = certificateDataList.get(certificateDataList.size()-1).getFingerprint();
        recheckList = processRecheckList(recheckList, caEntityManager, ocspEntityManagers, ocspEntityManagerNames, inclusionMode, strictStatus, errorList, timeToConfirmError);
        }
        // Make sure we don't have any unhandled CertificateData at any of the OCSP responders left
      for (int i=0; i<ocspEntityManagers.size(); i++) {
          String ocspCurrentFingerprint = currentFingerprint;
        EntityManager ocspEntityManager = ocspEntityManagers.get(i);
        List<CertificateData> ocspCertificateDataList;
          while ( (ocspCertificateDataList = CertificateData.getNextBatch(ocspEntityManager, certificateProfileId,  ocspCurrentFingerprint, batchSize)) != null
              && ocspCertificateDataList.size()>0) {
            for (CertificateData ocspCertificateData : ocspCertificateDataList) {
            // An update for this OCSP might have gone through since we read the CA database, re-check later
              if (ocspCertificateData.getUpdateTime() > new Date().getTime()+timeToConfirmError) {
              handleError(errorList, ocspEntityManagerNames.get(i), ocspCertificateData.getFingerprint(), ocspCertificateData.getIssuerDN(), ocspCertificateData.getSerialNumber()
                  ,ERROR_NOTEXISTINGCALIMIT);
              } else {
                recheckList.add(new RecheckEntry(ocspCertificateData.getFingerprint(), ocspCertificateData.getUpdateTime(), i));
              }
            }
          ocspCurrentFingerprint = ocspCertificateDataList.get(ocspCertificateDataList.size()-1).getFingerprint();
          }
      }
View Full Code Here
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
  private List<RecheckEntry> processRecheckList(List<RecheckEntry> recheckList, EntityManager caEntityManager, List<EntityManager> ocspEntityManagers, List<String> ocspEntityManagerNames, boolean inclusionMode, boolean strictStatus, List<String> errorList, long timeToConfirmError) {
    List<RecheckEntry> toKeep = new ArrayList<RecheckEntry>();
    for (RecheckEntry re : recheckList) {
      long now = new Date().getTime();
      if ( (now-re.updateTime) >= timeToConfirmError ) {
        CertificateData certificateData = CertificateData.findByFingerprint(caEntityManager, re.fingerprint);
        if (certificateData==null) {
          CertificateData ocspCertificateData = CertificateData.findByFingerprint(ocspEntityManagers.get(re.ocspEntityManagerIndex), re.fingerprint);
          handleError(errorList, ocspEntityManagerNames.get(re.ocspEntityManagerIndex), re.fingerprint, ocspCertificateData.getIssuerDN(), ocspCertificateData.getSerialNumber()
              ,ERROR_NOTEXISTINGCA);
        } else if (certificateData.getUpdateTime() > re.updateTime) {
            if (log.isDebugEnabled()) {
            log.debug("A newer CertificateData with fingerprint "+certificateData.getFingerprint()+" exist in the CA database. Re-checking later it in list.");
            }
          re.updateTime = certificateData.getUpdateTime();
          toKeep.add(re);
        } else if (certificateData.getUpdateTime() < re.updateTime) {
          handleError(errorList, ocspEntityManagerNames.get(re.ocspEntityManagerIndex), certificateData.getFingerprint(), certificateData.getIssuerDN(), certificateData.getSerialNumber()
              ,ERROR_UPDATEDOCSP);
        } else {
          CertificateData ocspCertificateData = CertificateData.findByFingerprint(ocspEntityManagers.get(re.ocspEntityManagerIndex), re.fingerprint);
          if (ocspCertificateData == null) {
            handleError(errorList, ocspEntityManagerNames.get(re.ocspEntityManagerIndex), certificateData.getFingerprint(), certificateData.getIssuerDN(), certificateData.getSerialNumber()
                ,ERROR_NOTEXISTINGOCSP);
          } else if (ocspCertificateData.getUpdateTime() < certificateData.getUpdateTime()) {
            handleError(errorList, ocspEntityManagerNames.get(re.ocspEntityManagerIndex), certificateData.getFingerprint(), certificateData.getIssuerDN(), certificateData.getSerialNumber()
                ,ERROR_NOTUPDATED);
          } else if (ocspCertificateData.getUpdateTime() > certificateData.getUpdateTime()) {
            certificateData = CertificateData.findByFingerprint(caEntityManager, re.fingerprint);
            if (ocspCertificateData.getUpdateTime() <= certificateData.getUpdateTime()) {
              re.updateTime = certificateData.getUpdateTime();
              toKeep.add(re);
            } else {
              handleError(errorList, ocspEntityManagerNames.get(re.ocspEntityManagerIndex), certificateData.getFingerprint(), certificateData.getIssuerDN(), certificateData.getSerialNumber()
                  ,ERROR_TAMPERED);
View Full Code Here
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
                        // Read the actual certificate and try to publish it
                        // again
                        // TODO: we might need change fetch-type for all but the
                        // actual cert or a native query w SqlResultSetMapping..
                  
                        CertificateData cd = CertificateData.findByFingerprint(entityManager, fingerprint);

                        if (cd == null) {
                            throw new FinderException();
                        }
                        try {
                          published = publisherQueueSession.storeCertificateNonTransactional(publisher, admin, cd.getCertificate(), username, password, userDataDN,
                              cd.getCaFingerprint(), cd.getStatus(), cd.getType(), cd.getRevocationDate(), cd.getRevocationReason(), cd.getTag(), cd
                              .getCertificateProfileId(), cd.getUpdateTime(), ei);
                        } catch (EJBException e) {
                          final Throwable t = e.getCause();
                          if (t instanceof PublisherException) {
                            throw (PublisherException)t;
                          } else {
View Full Code Here
TOP

Related Classes of org.ejbca.core.ejb.ca.store.CertificateData

  • org.cesecore.core.ejb.ca.crl.CrlCreateSessionBean
  • org.ejbca.core.ejb.ca.publisher.PublisherQueueSessionBean
  • org.ejbca.core.ejb.DatabaseSchemaTest
  • org.ejbca.core.model.ca.crl.RevokedCertInfo
  • org.ejbca.core.model.ca.store.CertificateInfo
  • org.ejbca.ui.cli.OcspMonitoringTool
  • org.ejbca.ui.cli.OcspMonitoringToolTest
  • java.math.BigInteger
  • java.security.cert.Certificate
  • java.security.PublicKey
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.