@Override
protected Object _doExecute() throws Exception {
X509ChangeCAEntry ey = getChangeCAEntry();
String caName = ey.getName();
out("checking CA" + caName);
CAEntry entry = caManager.getCA(caName);
if (entry == null) {
throw new UnexpectedException("could not find CA '" + caName + "'");
}
if (entry instanceof X509CAEntry == false) {
throw new UnexpectedException("CA '" + caName + "' is not an X509-CA");
}
X509CAEntry ca = (X509CAEntry) entry;
// CA cert uris
if (ey.getCaCertUris() != null) {
List<String> ex = ey.getCaCertUris();
List<String> is = ca.getCacertUris();
MgmtQAShellUtil.assertEquals("CA cert uris", ex, is);
}
// CA certificate
if (ey.getCert() != null) {
X509Certificate ex = ey.getCert();
X509Certificate is = ca.getCertificate();
if (ex.equals(is) == false) {
throw new CmdFailure("CA cert is not as expected");
}
}
// CMP control name
if (ey.getCmpControlName() != null) {
String ex = ey.getCmpControlName();
String is = ca.getCmpControlName();
MgmtQAShellUtil.assertEquals("CMP control name", ex, is);
}
// CRL signer name
if (ey.getCrlSignerName() != null) {
String ex = ey.getCrlSignerName();
String is = ca.getCrlSignerName();
MgmtQAShellUtil.assertEquals("CRL signer name", ex, is);
}
// CRL uris
if (ey.getCrlUris() != null) {
List<String> ex = ey.getCrlUris();
List<String> is = ca.getCrlUris();
MgmtQAShellUtil.assertEquals("CRL uris", ex, is);
}
// DeltaCRL uris
if (ey.getDeltaCrlUris() != null) {
List<String> ex = ey.getDeltaCrlUris();
List<String> is = ca.getDeltaCrlUris();
MgmtQAShellUtil.assertEquals("Delta CRL uris", ex, is);
}
// Duplicate key mode
if (ey.getDuplicateKeyMode() != null) {
DuplicationMode ex = ey.getDuplicateKeyMode();
DuplicationMode is = ca.getDuplicateKeyMode();
if (ex.equals(is) == false) {
throw new CmdFailure("Duplicate key mode: is '" + is + "', but expected '" + ex + "'");
}
}
// Duplicate subject mode
if (ey.getDuplicateSubjectMode() != null) {
DuplicationMode ex = ey.getDuplicateSubjectMode();
DuplicationMode is = ca.getDuplicateSubjectMode();
if (ex.equals(is) == false) {
throw new CmdFailure("Duplicate subject mode: is '" + is + "', but expected '" + ex + "'");
}
}
// Expiration period
if (ey.getExpirationPeriod() != null) {
Integer ex = ey.getExpirationPeriod();
Integer is = ca.getExpirationPeriod();
if (ex.equals(is) == false) {
throw new CmdFailure("Expiration period: is '" + is + "', but expected '" + ex + "'");
}
}
// Extra control
if (ey.getExtraControl() != null) {
String ex = ey.getExtraControl();
String is = ca.getExtraControl();
if (ex.equals(is) == false) {
throw new CmdFailure("Extra control: is '" + is + "', but expected '" + ex + "'");
}
}
// Max validity
if (ey.getMaxValidity() != null) {
CertValidity ex = ey.getMaxValidity();
CertValidity is = ca.getMaxValidity();
if (ex.equals(is) == false) {
throw new CmdFailure("Max validity: is '" + is + "', but expected '" + ex + "'");
}
}
// Num CRLs
if (ey.getNumCrls() != null) {
int ex = ey.getNumCrls();
int is = ca.getNumCrls();
if (ex != is) {
throw new CmdFailure("num CRLs: is '" + is + "', but expected '" + ex + "'");
}
}
// OCSP uris
if (ey.getOcspUris() != null) {
List<String> ex = ey.getOcspUris();
List<String> is = ca.getOcspUris();
MgmtQAShellUtil.assertEquals("OCSP uris", ex, is);
}
// Permissions
if (ey.getPermissions() != null) {
Set<Permission> ex = ey.getPermissions();
Set<Permission> is = ca.getPermissions();
MgmtQAShellUtil.assertEquals("permissions", ex, is);
}
// Responder name
if (ey.getResponderName() != null) {
String ex = ey.getResponderName();
String is = ca.getResponderName();
MgmtQAShellUtil.assertEquals("responder name", ex, is);
}
// Signer Type
if (ey.getSignerType() != null) {
String ex = ey.getSignerType();
String is = ca.getSignerType();
MgmtQAShellUtil.assertEquals("signer type", ex, is);
}
if (ey.getSignerConf() != null) {
CmpUtf8Pairs ex = new CmpUtf8Pairs(ey.getSignerConf());
ex.removeUtf8Pair("keystore");
CmpUtf8Pairs is = new CmpUtf8Pairs(ca.getSignerConf());
is.removeUtf8Pair("keystore");
if (ex.equals(is) == false) {
throw new CmdFailure("signer conf: is '" + is + "', but expected '" + ex + "'");
}
}
// Status
if (ey.getStatus() != null) {
CAStatus ex = ey.getStatus();
CAStatus is = ca.getStatus();
if (ex.equals(is) == false) {
throw new CmdFailure("status: is '" + is + "', but expected '" + ex + "'");
}
}
// validity mode
if (ey.getValidityMode() != null) {
ValidityMode ex = ey.getValidityMode();
ValidityMode is = ca.getValidityMode();
if (ex.equals(is) == false) {
throw new CmdFailure("validity mode: is '" + is + "', but expected '" + ex + "'");
}
}
out(" checked CA" + caName);
return null;
}
