Package de.trustable.ca3s.core.service.adcs

Class ADCSConnector

  • @Service
public class ADCSConnector
extends Object

    • Constructor Detail

      • ADCSConnector

        public ADCSConnector​(CryptoService cryptoUtil,
                     CertificateUtil certUtil,
                     Ca3sTrustManager ca3sTrustManager,
                     CSRRepository csrRepository,
                     CSRUtil csrUtil,
                     CertificateRepository certificateRepository,
                     ProtectedContentUtil protUtil,
                     AuditService auditService,
                     @Value("${ca3s.connection.protection.salt:ca3sSalt}")
                     String ca3sSalt,
                     @Value("${ca3s.connection.protection.iterations:4567}")
                     int iterations,
                     @Value("${ca3s.connection.protection.api-key-salt:apiKeySalt}")
                     String apiKeySalt,
                     @Value("${ca3s.connection.protection.api-key-iterations:3756}")
                     int apiKeyIterations,
                     @Value("${ca3s.connection.protection.pbeAlgo:PBKDF2WithHmacSHA256}")
                     String pbeAlgo)
        Adapter class to connect to an ADCS server using the parameter given in a CaConnectorConfig

    • Method Detail

      • getStatus

        public CAStatus getStatus​(CAConnectorConfig caConfig)
        Retrieve the current status of the ADCSProxy
        Parameters:
        caConfig - set of configuration items
        Returns:
        current status

      • signCertificateRequest

        public Certificate signCertificateRequest​(CSR csr,
                                          CAConnectorConfig config)
                                   throws GeneralSecurityException
        Send a csr object to the ADCS and retrieve a created certificate
        Parameters:
        csr - the CSR object, not just a P10 PEM string, holding e.g. a CRS status
        config - CAConnectorConfig
        Returns:
        the freshly created certificate, already stored in the database
        Throws:
        GeneralSecurityException - something went wrong, e.g. a rejection of the CSR. The status of the CSR is updated accordingly.

      • revokeCertificate

        public void revokeCertificate​(Certificate certDao,
                              org.bouncycastle.asn1.x509.CRLReason crlReason,
                              Date revocationDate,
                              CAConnectorConfig config)
                       throws GeneralSecurityException
        Revoke (or reactivate) a given certificate created by the ADCS server identified by connector config
        Parameters:
        certDao - the certificate object to be revoked
        crlReason - the revocation reason. The reason 'removeFromCRL' reactivates a certificate that was put 'on hold' previously.
        revocationDate - the revocation date
        config - the connection data identifying an ADCS instance
        Throws:
        GeneralSecurityException - something went wrong, e.g. revocation reason is unknown

      • retrieveCertificatesOffsetOnly

        public int retrieveCertificatesOffsetOnly​(CAConnectorConfig config)
                                   throws de.trustable.ca3s.adcsCertUtil.OODBConnectionsADCSException,
                                          de.trustable.ca3s.adcsCertUtil.ADCSProxyUnavailableException
        Try to retrieve new certificates added since the last call. This method is usually called by a timer. A chunk of certificates starting with a given offset will be requested. If there are new certificates available (with a ADCS request id greater than the offset) the content of these new certificates will be retrieved in distinct calls and stored in the internal database. The highest request ID will be stored as starting offset for subsequent calls. The number of certificates is limited to avoid blocking the calling cron job.
        Parameters:
        config - the connection data identifying an ADCS instance
        Returns:
        the number in imported certificates
        Throws:
        de.trustable.ca3s.adcsCertUtil.OODBConnectionsADCSException - something went wrong
        de.trustable.ca3s.adcsCertUtil.ADCSProxyUnavailableException - something went wrong, the adcsProxy is unavailable

      • retrieveCertificatesByResolvedDate

        public int retrieveCertificatesByResolvedDate​(CAConnectorConfig config)
                                       throws de.trustable.ca3s.adcsCertUtil.OODBConnectionsADCSException,
                                              de.trustable.ca3s.adcsCertUtil.ADCSProxyUnavailableException
        Try to retrieve new certificates resolved since the last call. This method is usually called by a timer. A chunk of certificates with an resolved date after the timestamp of the last call will be requested. If there are new resolved certificates available the content of these new certificates will be retrieved in distinct calls and stored in the internal database. The number of certificates is limited to avoid blocking the calling cron job.
        Parameters:
        config - the connection data identifying an ADCS instance
        Returns:
        the number in imported certificates
        Throws:
        de.trustable.ca3s.adcsCertUtil.OODBConnectionsADCSException - something went wrong
        de.trustable.ca3s.adcsCertUtil.ADCSProxyUnavailableException - something went wrong, the adcsProxy is unavailable

      • retrieveCertificatesByRevokedDate

        public int retrieveCertificatesByRevokedDate​(CAConnectorConfig config)
                                      throws de.trustable.ca3s.adcsCertUtil.OODBConnectionsADCSException,
                                             de.trustable.ca3s.adcsCertUtil.ADCSProxyUnavailableException
        Throws:
        de.trustable.ca3s.adcsCertUtil.OODBConnectionsADCSException
        de.trustable.ca3s.adcsCertUtil.ADCSProxyUnavailableException

      • retrieveCertificates

        @Transactional
public int retrieveCertificates​(CAConnectorConfig config)
                         throws de.trustable.ca3s.adcsCertUtil.OODBConnectionsADCSException,
                                de.trustable.ca3s.adcsCertUtil.ADCSProxyUnavailableException
        Try to retrieve new certificates added since the last call. This method is usually called by a timer. The number of certificates is limited to avoid blocking the calling cron job.
        Parameters:
        config - the connection data identifying an ADCS instance
        Returns:
        the number in imported certificates
        Throws:
        de.trustable.ca3s.adcsCertUtil.OODBConnectionsADCSException - something went wrong
        de.trustable.ca3s.adcsCertUtil.ADCSProxyUnavailableException - something went wrong, the adcsProxy is unavailable

      • importCertificate

        @Transactional(propagation=REQUIRED)
public Certificate importCertificate​(de.trustable.ca3s.adcsCertUtil.ADCSWinNativeConnector adcsConnector,
                                     String caName,
                                     String reqId,
                                     CAConnectorConfig config)
                              throws de.trustable.ca3s.adcsCertUtil.ADCSException
        retrieve a single certificate content and store it in the internal database
        Parameters:
        adcsConnector - the current connector
        caName - the textual description of the ADCS CA
        reqId - te ADCS request id of the certificate to be retrieved
        config - the connection data identifying an ADCS instance
        Throws:
        de.trustable.ca3s.adcsCertUtil.ADCSException - something went wrong