java source code of CaCertstoreDbExporter

xipki-master
- security
  - src
    - main
      - resources
        OSGI-INF
        blueprint
        config.xml
      - java
        org
        xipki
        security
        SecurityFactoryImpl.java
        CrlReason.java
        KeyCertPair.java
        CollectionAlgorithmValidator.java
        ConcurrentContentSigner.java
        SignerFactory.java
        ctlog
        CtLogMessages.java
        package-info.java
        CtLog.java
        CertpathValidationModel.java
        X509ExtensionType.java
        SignerFactoryRegister.java
        CryptException.java
        DHSigStaticKeyCertPair.java
        AbstractSecurityFactory.java
        pkcs12
        P12KeyGenerationResult.java
        P12KeyGenerator.java
        P12XdhMacContentSignerBuilder.java
        AESGmacContentSigner.java
        HmacContentSigner.java
        P12MacContentSignerBuilder.java
        KeypairWithCert.java
        KeystoreGenerationParameters.java
        package-info.java
        P12SignerFactory.java
        P12ContentSignerBuilder.java
        DfltConcurrentContentSigner.java
        BadInputException.java
        ExtensionExistence.java
        SignerConf.java
        FpIdCalculator.java
        util
        CmpFailureUtil.java
        DSAParameterCache.java
        AlgorithmUtil.java
        SignerUtil.java
        X509Util.java
        package-info.java
        GMUtil.java
        KeyUtil.java
        RSABrokenKey.java
        SecurityFactory.java
        NoIdleSignerException.java
        asn1
        Asn1StreamParser.java
        CrlStreamParser.java
        package-info.java
        SignerFactoryRegisterImpl.java
        KeyUsage.java
        XiSecurityException.java
        package-info.java
        SignerException.java
        X509Cert.java
        pkcs11
        P11IdentityId.java
        P11PlainRSASigner.java
        P11CryptServiceFactory.java
        P11Slot.java
        P11ContentSignerBuilder.java
        P11MacContentSignerBuilder.java
        P11Params.java
        P11TokenException.java
        P11DuplicateEntityException.java
        P11KeyParameter.java
        P11PrivateKey.java
        P11CryptServiceFactoryImpl.java
        P11CryptService.java
        iaik
        IaikP11Slot.java
        IaikP11ModuleFactory.java
        package-info.java
        IaikP11Identity.java
        IaikP11Module.java
        P11UnsupportedMechanismException.java
        P11ContentSigner.java
        P11Identity.java
        Pkcs11conf.java
        P11PermissionException.java
        package-info.java
        P11SignerFactory.java
        P11SlotIdentifier.java
        P11ModuleFactoryRegisterImpl.java
        P11ModuleFactory.java
        P11ModuleConf.java
        P11ObjectIdentifier.java
        DigestOutputStream.java
        P11Module.java
        P11RSAKeyParameter.java
        P11UnknownEntityException.java
        P11ModuleFactoryRegister.java
        AlgorithmCode.java
        EdECConstants.java
        KeypairGenerationResult.java
        cmp
        CmpUtf8Pairs.java
        PkiStatusInfo.java
        CmpUtil.java
        ProtectionVerificationResult.java
        VerifiedPkiMessage.java
        package-info.java
        ProtectionResult.java
        TlsExtensionType.java
        HashAlgo.java
        XiSecurityConstants.java
        CertRevocationInfo.java
        SignatureSigner.java
        XiWrappedContentSigner.java
        BadAsn1ObjectException.java
        SignatureAlgoControl.java
        HashCalculator.java
        IssuerHash.java
        AlgorithmValidator.java
        DSAPlainDigestSigner.java
        ObjectIdentifiers.java
        Providers.java
        XiContentSigner.java
        bc
        XiXDHContentVerifierProvider.java
        package-info.java
        XiRSAContentVerifierProviderBuilder.java
        XiECContentVerifierProviderBuilder.java
        XiEdDSAContentVerifierProvider.java
        Securities.java
        ConcurrentBagEntrySigner.java
    - test
      - resources
        crls
        crl-4
        ca.crt
        no-revoked-certs.crl
        crl-5
        ca.crt
        no-crlnumber.crl
        crl-6
        ca.crt
        no-extensions.crl
        crl-1
        ca.crt
        subcawithcrl1.crl
        crl-3
        ca.crt
        subcawithcrl1.crl
        crl-2
        ca1-crl.crl
        ca1-cert.crt
        ctlog-certs
        cab-domain-validated1.crt
        githubcom.pem
        letsencrypt
        google-xenon2020-pubkey.pem
        letsencrypt-org.pem
        ca-of-letsencrypt-org.pem
        cab-org-validated1.crt
        test1.p12
        test1.der
      - java
        org
        xipki
        security
        pkcs12
        test
        Pkcs12RSATest.java
        Pkcs12SHA256withRSATest.java
        test
        CtLogVerifyTest.java
        CtLogTest.java
        CrlStreamParserTest.java
        cmp
        test
        CmpUtf8PairsTest.java
  - pom.xml
- password
  - src
    - main
      - resources
        OSGI-INF
        blueprint
        config.xml
      - java
        org
        xipki
        password
        Passwords.java
        PasswordResolverException.java
        OBFPasswordService.java
        PasswordCallback.java
        PasswordResolverImpl.java
        PasswordBasedEncryption.java
        PasswordResolver.java
        PBEPasswordService.java
        package-info.java
        SecurePasswordInputPanel.java
        PBEAlgo.java
        SinglePasswordResolver.java
    - test
      - java
        org
        xipki
        password
        test
        PBEWithHmacSHA256AndAES256Test.java
  - pom.xml
- ocsp-server
  - src
    - main
      - resources
        sql
        ocsp-cache-init.xml
        version
      - java
        org
        xipki
        ocsp
        server
        IssuerFilter.java
        QuadrupleState.java
        RequestOption.java
        OcspResponseStatus.java
        OcspResponderException.java
        Template.java
        ResponderImpl.java
        OcspServerImpl.java
        type
        ExtendedExtension.java
        Extensions.java
        OID.java
        ResponseData.java
        ResponderID.java
        package-info.java
        OcspRequest.java
        CertID.java
        ASN1Type.java
        Extension.java
        EncodingException.java
        WritableOnlyExtension.java
        TaggedCertSequence.java
        SingleResponse.java
        OcspServerConf.java
        ResponderOption.java
        store
        CrlDbCertStatusStore.java
        CrlInfo.java
        IssuerEntry.java
        IssuerStore.java
        SimpleIssuerEntry.java
        DbCertStatusStore.java
        package-info.java
        ResponseCacher.java
        ejbca
        package-info.java
        EjbcaCertStatusStore.java
        EjbcaIssuerStore.java
        EjbcaIssuerEntry.java
        ImportCrl.java
        CaDbCertStatusStore.java
        package-info.java
        ResponseSigner.java
        OCSPRespBuilder.java
    - test
      - java
        org
        xipki
        ocsp
        server
        impl
        test
        Foo.java
  - pom.xml
- shells
  - dbtool-shell
    - src
      - main
        java
        org
        xipki
        dbtool
        shell
        Actions.java
        package-info.java
    - pom.xml
  - security-shell
    - src
      - main
        java
        org
        xipki
        security
        shell
        P11Actions.java
        P12Actions.java
        Actions.java
        SecurityCompleters.java
        package-info.java
      - test
        java
        org
        xipki
        security
        shell
        test
        ExtensionsConfCreatorDemo.java
    - pom.xml
  - qa-shell
    - src
      - main
        java
        org
        xipki
        qa
        shell
        QaSecurityActions.java
        QaCaActions.java
        QaP11Actions.java
        package-info.java
        QaCompleters.java
        QaOcspActions.java
    - pom.xml
  - ocsp-mgmt-shell
    - src
      - main
        java
        org
        xipki
        ocsp
        mgmt
        shell
        Actions.java
        package-info.java
    - pom.xml
  - cmpclient-shell
    - src
      - main
        java
        org
        xipki
        cmpclient
        shell
        Actions.java
        CmpClientCompleters.java
        package-info.java
    - pom.xml
  - pom.xml
  - ca-mgmt-shell
    - src
      - main
        java
        org
        xipki
        ca
        mgmt
        shell
        CaActions.java
        DbActions.java
        package-info.java
        CertActions.java
        ShellUtil.java
        CaCompleters.java
    - pom.xml
  - scep-client-shell
    - src
      - main
        java
        org
        xipki
        scep
        client
        shell
        Actions.java
        package-info.java
    - pom.xml
  - ocsp-client-shell
    - src
      - main
        java
        org
        xipki
        ocsp
        client
        shell
        Actions.java
        package-info.java
    - pom.xml
  - shell-base
    - src
      - main
        resources
        OSGI-INF
        blueprint
        config.xml
        java
        org
        xipki
        shell
        IllegalCmdParamException.java
        Actions.java
        XiAction.java
        FileUtils.java
        package-info.java
        Completers.java
        CmdFailure.java
        DynamicEnumCompleter.java
        EnumCompleter.java
    - pom.xml
- ca-api
  - src
    - main
      - resources
        conf
        areacode.cfg
        rdnorder.cfg
      - java
        org
        xipki
        ca
        api
        CertificateInfo.java
        CertWithDbId.java
        publisher
        CertPublisherException.java
        CertPublisherFactory.java
        CertPublisher.java
        package-info.java
        CertPublisherFactoryRegister.java
        NameId.java
        RequestType.java
        mgmt
        PermissionConstants.java
        MgmtRequest.java
        CaConf.java
        CrlControl.java
        CmpControl.java
        CaMgmtException.java
        CaConfType.java
        RevokeSuspendedControl.java
        RequestorInfo.java
        ProtocolSupport.java
        ValidityMode.java
        MgmtMessage.java
        MgmtEntry.java
        CaManager.java
        package-info.java
        CertListInfo.java
        CertListOrderBy.java
        MgmtResponse.java
        CertWithStatusInfo.java
        CaStatus.java
        ScepControl.java
        CaSystemStatus.java
        CertWithRevocationInfo.java
        CtlogControl.java
        CaConfs.java
        OperationException.java
        BadCertTemplateException.java
        package-info.java
        BadFormatException.java
        PublicCaInfo.java
        RestAPIConstants.java
        profile
        ExtensionValues.java
        TextVadidator.java
        KeypairGenControl.java
        ExtensionValue.java
        CertprofileException.java
        CertprofileFactory.java
        ExtensionSpec.java
        package-info.java
        Range.java
        CertprofileFactoryRegister.java
        KeyParametersOption.java
        Certprofile.java
        SubjectDnSpec.java
        DomainValidator.java
        BaseCertprofile.java
        CaUris.java
        InsuffientPermissionException.java
  - pom.xml
- ocsp-api
  - src
    - main
      - java
        org
        xipki
        ocsp
        api
        OcspStoreException.java
        ResponderAndPath.java
        OcspStore.java
        OcspRespWithCacheInfo.java
        mgmt
        OcspManager.java
        MgmtRequest.java
        MgmtMessage.java
        package-info.java
        MgmtResponse.java
        OcspMgmtException.java
        RequestIssuer.java
        package-info.java
        OcspServer.java
        Responder.java
        CertStatusInfo.java
  - pom.xml
- security-extra
  - src
    - main
      - resources
        OSGI-INF
        blueprint
        config.xml
      - java
        org
        xipki
        security
        pkcs11
        provider
        P11ECDSASignatureSpi.java
        P11RSAPSSSignatureSpi.java
        P11PlainECDSASignatureSpi.java
        P11DSASignatureSpi.java
        XiKeyStoreSpi.java
        XiProvider.java
        P11RSADigestSignatureSpi.java
        package-info.java
        XiSM2ParameterSpec.java
        AbstractP11ECDSASignatureSpi.java
        XiProviderRegister.java
        P11SM3WithSM2SignatureSpi.java
        proxy
        ProxyP11Module.java
        ProxyP11ModuleFactory.java
        package-info.java
        ProxyMessage.java
        P11ProxyConstants.java
        ProxyP11Identity.java
        ProxyP11Slot.java
        emulator
        EmulatorP11Slot.java
        SM2Signer.java
        EmulatorP11ModuleFactory.java
        EmulatorP11Identity.java
        package-info.java
        PrivateKeyCryptor.java
        EmulatorP11Module.java
  - pom.xml
- examples
  - certprofile-example
    - src
      - main
        java
        org
        xipki
        ca
        certprofile
        demo
        package-info.java
        DemoCertprofile.java
        CertprofileFactoryImpl.java
    - pom.xml
  - pom.xml
  - lite-caclient-example
    - src
      - main
        java
        org
        xipki
        litecaclient
        TlsInit.java
        PbmMacCmpCaClient.java
        package-info.java
        RestCaClient.java
        example
        SignatureCmpCaClientExample.java
        Base64.java
        CaClientExample.java
        RestCaClientExample.java
        PbmMacCmpCaClientExample.java
        package-info.java
        KeyAndCert.java
        ObjectIdentifiers.java
        SdkUtil.java
        SignatureCmpCaClient.java
        CmpCaClient.java
    - pom.xml
  - ocsp-store-example
    - src
      - main
        java
        org
        xipki
        ocsp
        server
        store
        example
        IssuerEntry.java
        DummyStore.java
        package-info.java
    - pom.xml
  - dummy-ctlog-server
    - src
      - main
        java
        org
        xipki
        ctlog
        dummyserver
        CtLogServletRSA.java
        CtLogServletEC.java
        package-info.java
        CtLogServlet.java
        webapp
        WEB-INF
        web.xml
    - pom.xml
  - scep-example
    - src
      - main
        java
        org
        xipki
        scep
        example
        CaClientExample.java
        package-info.java
        ScepClientExample.java
    - pom.xml
  - ocsp-store-example-assembly
    - src
      - assembly
        unfiltered
        xipki
        etc
        ocsp
        ocsp-responder.json
        keycerts
        ocsp1.p12
        ca-cert.pem
        README.md
        descriptors
        main.xml
    - pom.xml
- pom.xml
- audit
  - src
    - main
      - java
        org
        xipki
        audit
        PciAuditEvent.java
        AuditEvent.java
        services
        package-info.java
        EmbedAuditService.java
        SyslogAuditService.java
        AuditServiceRuntimeException.java
        AuditService.java
        package-info.java
        AuditLevel.java
        AuditEventData.java
        AuditStatus.java
        Audits.java
  - pom.xml
- p11proxy-servlet
  - src
    - main
      - resources
        version
        log4j2.properties
      - java
        org
        xipki
        p11proxy
        servlet
        LocalP11CryptServicePool.java
        P11ProxyResponder.java
        package-info.java
        P11ProxyConf.java
        HttpProxyServlet.java
        ProxyServletFilter.java
      - webapp
        META-INF
        MANIFEST.MF
        WEB-INF
        web.xml
  - pom.xml
- LICENSE
- dbtool
  - src
    - main
      - java
        org
        xipki
        dbtool
        package-info.java
        LiquibaseMain.java
        InvalidInputException.java
        InitDbMain.java
  - pom.xml
- util
  - src
    - main
      - java
        org
        xipki
        util
        ValidatableConf.java
        ProcessLog.java
        StringUtil.java
        Base64Url.java
        HealthCheckResult.java
        FileOrValue.java
        Curl.java
        RandomUtil.java
        Base64.java
        LruCache.java
        DefaultCurl.java
        Hex.java
        Validity.java
        Args.java
        ObjectCreationException.java
        CompareUtil.java
        ReqRespDebug.java
        LogUtil.java
        package-info.java
        BenchmarkExecutor.java
        DateUtil.java
        XipkiBaseDir.java
        http
        SslContextConf.java
        SSLContextBuilder.java
        package-info.java
        HostnameVerifiers.java
        concurrent
        ConcurrentBag.java
        ConcurrentBagEntry.java
        FastList.java
        ClockSource.java
        package-info.java
        CountLatch.java
        IoUtil.java
        FileOrBinary.java
        HttpConstants.java
        CollectionUtil.java
        ConfPairs.java
        PemEncoder.java
        TripleState.java
        InvalidConfException.java
    - test
      - resources
        HEADER.txt
      - java
        org
        xipki
        common
        test
        DateUtilTest.java
        ConfPairsTest.java
        CanonicalizeCode.java
  - pom.xml
- ca-servlet
  - src
    - main
      - resources
        log4j2.properties
      - java
        org
        xipki
        ca
        servlet
        HttpCmpServlet.java
        HttpRestServlet.java
        TlsHelper.java
        HttpMgmtServlet.java
        HttpScepServlet.java
        HttpRespAuditException.java
        package-info.java
        HealthCheckServlet.java
        HttpRequestMetadataRetrieverImpl.java
        CaServletFilter.java
      - webapp
        META-INF
        MANIFEST.MF
        WEB-INF
        web.xml
  - pom.xml
- ca-mgmt-client
  - src
    - main
      - resources
        OSGI-INF
        blueprint
        config.xml
      - java
        org
        xipki
        ca
        mgmt
        db
        DbToolBase.java
        package-info.java
        port
        AbstractOcspCertstoreDbImporter.java
        DbPorter.java
        OcspCertstoreDbImporter.java
        DbPortWorker.java
        CaCertstoreDbImporter.java
        CaCertstore.java
        CaconfDbExporter.java
        OcspCertstoreDbExporter.java
        OcspCertstore.java
        OcspCertStoreFromCaDbImporter.java
        package-info.java
        CaconfDbImporter.java
        IdentifidDbObject.java
        CaCertstoreDbExporter.java
        DbSchemaInfo.java
        diffdb
        DigestDiffWorker.java
        RefDigestReader.java
        TargetDigestReader.java
        QueueEntry.java
        DigestDiffReporter.java
        DigestDiff.java
        DbType.java
        package-info.java
        IdentifiedDigestEntry.java
        CertsBundle.java
        DigestEntry.java
        client
        CaMgmtClient.java
        package-info.java
  - pom.xml
- CHANGELOG.md
- ocsp-mgmt-client
  - src
    - main
      - resources
        OSGI-INF
        blueprint
        config.xml
      - java
        org
        xipki
        ocsp
        mgmt
        client
        OcspMgmtClient.java
        package-info.java
  - pom.xml
- datasource
  - src
    - main
      - java
        org
        xipki
        datasource
        DataSourceConf.java
        DataAccessException.java
        SqlStateCodes.java
        package-info.java
        DataSourceFactory.java
        SqlErrorCodes.java
        DataSourceWrapper.java
        DatabaseType.java
  - pom.xml
- .travis.yml
- README.md
- ocsp-client
  - src
    - main
      - resources
        OSGI-INF
        blueprint
        config.xml
      - java
        org
        xipki
        ocsp
        client
        OcspRequestorException.java
        XiOCSPReqBuilder.java
        OcspRequestor.java
        OcspResponseException.java
        package-info.java
        RequestOptions.java
        AbstractOcspRequestor.java
        HttpOcspRequestor.java
  - pom.xml
- CODE_OF_CONDUCT.md
- cmpclient
  - src
    - main
      - resources
        OSGI-INF
        blueprint
        config.xml
      - java
        org
        xipki
        cmpclient
        EnrollCertRequest.java
        CertIdOrError.java
        CertprofileInfo.java
        CmpClientException.java
        CmpClientConf.java
        UnrevokeOrRemoveCertRequest.java
        package-info.java
        internal
        CaConf.java
        EnrollCertResponse.java
        RevokeCertResponse.java
        CsrEnrollCertRequest.java
        RemoveExpiredCertsResult.java
        Requestor.java
        package-info.java
        CmpClientImpl.java
        Responder.java
        ResultEntry.java
        CmpAgent.java
        PkiErrorException.java
        RevokeCertRequest.java
        EnrollCertResult.java
        CmpClient.java
        IdentifiedObject.java
  - pom.xml
- ca-server
  - src
    - main
      - resources
        sql
        ca-init.xml
        ca-init-v4.xml
        ocsp-init.xml
        version
      - java
        org
        xipki
        ca
        server
        CertRepublisher.java
        CaServerConf.java
        CaUtil.java
        CertRevInfoWithSerial.java
        RandomSerialNumberGenerator.java
        publisher
        OcspCertPublisher.java
        package-info.java
        OcspStoreQueryExecutor.java
        OcspCertPublisherFactory.java
        CaAuditConstants.java
        CertTemplateData.java
        SelfSignedCertBuilder.java
        DhpocControl.java
        CtLogClient.java
        IdentifiedCertprofile.java
        CaIdNameMap.java
        X509Ca.java
        CaManagerImpl.java
        PasswordHash.java
        CtLogPublicKeyFinder.java
        RequestorEntryWrapper.java
        package-info.java
        RestResponder.java
        SignerEntryWrapper.java
        UniqueIdGenerator.java
        CertStore.java
        cmp
        BaseCmpResponder.java
        CmpResponder.java
        package-info.java
        CrmfKeyWrapper.java
        PendingCertificatePool.java
        CaManagerQueryExecutor.java
        IdentifiedCertPublisher.java
        ScepResponder.java
        HttpRequestMetadataRetriever.java
        CaInfo.java
    - test
      - java
        org
        xipki
        ca
        server
        PasswordHashTest.java
  - pom.xml
- qa
  - src
    - main
      - resources
        OSGI-INF
        blueprint
        config.xml
        testkeys
        ec-1.3.132.0.26.p12
        ec-1.2.840.10045.3.0.5.p12
        ec-1.3.132.0.36.p12
        ec-1.3.132.0.10.p12
        ec-1.3.132.0.27.p12
        ec-1.2.840.10045.3.0.16.p12
        rsa-2048-0x10000000000000001.p12
        dsa-2048-256.p12
        ec-1.3.132.0.4.p12
        ec-1.3.36.3.3.2.8.1.1.6.p12
        rsa-4096-0x10000000000000001.p12
        ec-1.3.36.3.3.2.8.1.1.4.p12
        dsa-3072-256.p12
        ec-1.2.840.10045.3.0.13.p12
        ec-1.2.840.10045.3.1.2.p12
        ec-1.3.132.0.29.p12
        ec-1.3.132.0.16.p12
        rsa-4096-0x100000001.p12
        ec-1.3.36.3.3.2.8.1.1.9.p12
        ec-1.3.36.3.3.2.8.1.1.14.p12
        ec-1.3.36.3.3.2.8.1.1.7.p12
        ec-1.3.36.3.3.2.8.1.1.10.p12
        ec-1.2.840.10045.3.0.20.p12
        ec-1.3.36.3.3.2.8.1.1.8.p12
        ec-1.3.132.0.28.p12
        dsa-1024-160.p12
        ec-1.3.132.0.5.p12
        ec-1.2.840.10045.3.0.6.p12
        ec-1.2.840.10045.3.0.11.p12
        ec-1.3.132.0.9.p12
        ec-1.3.132.0.38.p12
        ec-1.2.840.10045.3.0.3.p12
        ec-1.2.840.10045.3.0.2.p12
        rsa-3072-0x10001.p12
        ec-1.2.840.10045.3.0.12.p12
        ec-1.3.132.0.35.p12
        ec-1.2.840.10045.3.0.7.p12
        ec-1.2.840.10045.3.0.4.p12
        ec-1.3.132.0.34.p12
        ec-1.3.132.0.33.p12
        ec-1.2.840.10045.3.1.7.p12
        dsa-2048-224.p12
        rsa-2048-0x10001.p12
        ec-1.3.132.0.15.p12
        ec-1.3.132.0.8.p12
        ec-1.3.132.0.30.p12
        ec-1.2.840.10045.3.1.4.p12
        ec-1.3.36.3.3.2.8.1.1.5.p12
        ec-1.2.840.10045.3.1.1.p12
        ec-1.3.132.0.2.p12
        ec-1.3.36.3.3.2.8.1.1.2.p12
        ec-1.2.840.10045.3.1.6.p12
        ec-1.2.840.10045.3.0.18.p12
        ec-1.2.840.10045.3.0.1.p12
        ec-1.3.132.0.24.p12
        ec-1.3.132.0.3.p12
        ec-1.3.132.0.6.p12
        ec-1.3.36.3.3.2.8.1.1.12.p12
        ec-1.3.36.3.3.2.8.1.1.13.p12
        ec-1.2.840.10045.3.0.19.p12
        rsa-1024-0x100000001.p12
        rsa-4096-0x10001.p12
        ec-1.3.132.0.22.p12
        ec-1.3.132.0.32.p12
        ec-1.3.132.0.7.p12
        ec-1.3.132.0.1.p12
        ec-1.2.840.10045.3.1.3.p12
        ec-1.3.36.3.3.2.8.1.1.1.p12
        ec-1.3.132.0.39.p12
        rsa-1024-0x10001.p12
        rsa-2048-0x100000001.p12
        ec-1.2.840.10045.3.0.10.p12
        ec-1.2.840.10045.3.0.17.p12
        rsa-1024-0x10000000000000001.p12
        ec-1.3.132.0.17.p12
        ec-1.3.132.0.31.p12
        rsa-3072-0x100000001.p12
        rsa-3072-0x10000000000000001.p12
        ec-1.3.36.3.3.2.8.1.1.11.p12
        ec-1.3.36.3.3.2.8.1.1.3.p12
        ec-1.3.132.0.25.p12
        ec-1.3.132.0.37.p12
        ec-1.3.132.0.23.p12
        ec-1.2.840.10045.3.1.5.p12
      - java
        org
        xipki
        qa
        security
        P11KeyGenSpeed.java
        P12SignSpeed.java
        P12KeyGenSpeed.java
        P11SignSpeed.java
        package-info.java
        ca
        QaconfType.java
        CaEnrollBenchKeyEntry.java
        SubjectChecker.java
        CaEnrollBenchmark.java
        IssuerInfo.java
        package-info.java
        CertprofileQa.java
        CaEnrollBenchEntry.java
        CaQaSystemManager.java
        QaExtensionValue.java
        ExtensionsChecker.java
        PublicKeyChecker.java
        CaQaSystemManagerImpl.java
        ValidationIssue.java
        RangeBigIntegerIterator.java
        ocsp
        OcspBenchRequestor.java
        OcspResponseOption.java
        OcspError.java
        OcspQa.java
        package-info.java
        OcspCertStatus.java
        OcspBenchmark.java
        package-info.java
        ValidationResult.java
        BigIntegerRange.java
        FileBigIntegerIterator.java
        BenchmarkHttpClient.java
  - pom.xml
- commands.md
- .gitignore
- scep-client
  - src
    - main
      - java
        org
        xipki
        scep
        transaction
        CaCapability.java
        PkiStatus.java
        Nonce.java
        Operation.java
        TransactionId.java
        package-info.java
        FailInfo.java
        MessageType.java
        TransactionException.java
        client
        Client.java
        CaIdentifier.java
        package-info.java
        ScepClient.java
        EnrolmentResponse.java
        ScepClientException.java
        ScepHttpResponse.java
        CaCertValidator.java
        util
        ScepUtil.java
        ScepConstants.java
        package-info.java
        message
        PkiMessage.java
        CaCaps.java
        DecodedPkiMessage.java
        DecodedNextCaMessage.java
        CertificateValidator.java
        IssuerAndSubject.java
        MessageDecodingException.java
        EnvelopedDataDecryptor.java
        NextCaMessage.java
        AuthorityCertStore.java
        package-info.java
        ScepObjectIdentifiers.java
        MessageEncodingException.java
    - test
      - java
        org
        xipki
        scep
        client
        test
        CaWithoutRaTest.java
        MyUtil.java
        DESOnlyCaTest.java
        HttpGetOnlyCaTest.java
        AbstractCaTest.java
        package-info.java
        CaTest.java
        NoCmsSignerCertCaTest.java
        serveremulator
        AuditEvent.java
        CaException.java
        NextCaAndRa.java
        ScepServlet.java
        CaEmulator.java
        ScepServerContainer.java
        package-info.java
        RaEmulator.java
        ScepResponder.java
        ScepControl.java
        ScepServer.java
  - pom.xml
- assemblies
  - xipki-qa
    - src
      - main
        filtered
        lib
        jdbc
        features.xml
        unfiltered
        xipki
        ctlog
        dummy-ctlog-ec-pubkey.pem
        dummy-ctlog-rsa-pubkey.pem
        cmpclient
        template.cmpclient-mac.json
        template.cmpclient-signature.json
        etc
        ca
        ca.json
        ocsp
        template.ocsp-responder.json
        ca-qa
        qa-certcheck-conf.json
        qa-benchmark-conf.json
        qa
        lifecycle.script
        cab
        template.subca.json
        lifecycle.script
        template.rootca.json
        template.cmpclient.json
        template.ra.script
        initdb.script
        template.ca-load.script
        extensions
        extensions-syntax-ext-implicit-tag.json
        extensions-gmt0015.json
        extensions-syntax-ext-explicit-tag.json
        extensions-syntax-ext.json
        extensions-apple-wwdr.json
        extensions-ee-complex.json
        keys
        crlsigner.p12
        dhpoc_certs.pem
        dhpoc.p12
        template.rest.script
        qa.d
        template.subca.json
        template.rootca.json
        template.subcawithcrl.json
        template.ra.script
        prepare-keys.script
        scep-server.script
        initdb.script
        template.ca-load.script
        template.ca.script
        main.script
        certprofile
        certprofile-subca.json
        certprofile-cab-individual-validated.json
        certprofile-tls-c.json
        certprofile-tls.json
        certprofile-syntax-ext-implicit-tag.json
        certprofile-cab-rootca.json
        certprofile-constant-ext-explicit-tag.json
        certprofile-apple-wwdr.json
        certprofile-x25519.json
        certprofile-cab-subca.json
        certprofile-ee-complex.json
        certprofile-x448.json
        certprofile-multi-valued-rdn.json
        certprofile-syntax-ext.json
        certprofile-cross.json
        certprofile-scep.json
        certprofile-ed25519.json
        certprofile-extended.json
        certprofile-qc.json
        certprofile-cab-org-validated.json
        certprofile-fixed-partial-subject.json
        certprofile-ed448.json
        certprofile-multiple-ous.json
        certprofile-subca-complex.json
        certprofile-constant-ext-implicit-tag.json
        certprofile-smime-legacy.json
        certprofile-ocsp.json
        certprofile-constant-ext.json
        certprofile-smime.json
        certprofile-gmt0015.json
        certprofile-max-time.json
        certprofile-rootca.json
        certprofile-cab-domain-validated.json
        certprofile-syntax-ext-explicit-tag.json
        benchmark.script
        setenv.script
        scep.script
        ocsp.script
        main-mgmt.script
        camgmt-qa.script
        p12
        ec
        ee-complex2.p12
        ee-complex1.p12
        gmt0015_1.p12
        smime-legacy1.p12
        tls2.p12
        tls1.p12
        multi-valued-rdn1.p12
        apple-wwdr1.p12
        tls-c1.p12
        multiple-ous1.p12
        rest-tls1.p12
        syntax-ext-explicit-tag1.p12
        fixed-partial-subject2.p12
        smime1.p12
        ocsp1.p12
        fixed-partial-subject1.p12
        syntax-ext-implicit-tag1.p12
        cab-individual-validated1.p12
        gmt0015_2.p12
        tls-neg.p12
        ocsp2.p12
        cross1.p12
        tls-c2.p12
        syntax-ext1.p12
        cab-domain-validated1.p12
        constant-ext-implicit-tag1.p12
        qc1.p12
        cab-org-validated2.p12
        constant-ext1.p12
        constant-ext-explicit-tag1.p12
        cab-individual-validated2.p12
        cab-org-validated1.p12
        cab-domain-validated2.p12
        multiple-ous2.p12
        max-time1.p12
        sm2
        ee-complex2.p12
        ee-complex1.p12
        gmt0015_1.p12
        smime-legacy1.p12
        tls2.p12
        tls1.p12
        multi-valued-rdn1.p12
        apple-wwdr1.p12
        tls-c1.p12
        multiple-ous1.p12
        rest-tls1.p12
        syntax-ext-explicit-tag1.p12
        fixed-partial-subject2.p12
        smime1.p12
        ocsp1.p12
        fixed-partial-subject1.p12
        syntax-ext-implicit-tag1.p12
        cab-individual-validated1.p12
        gmt0015_2.p12
        tls-neg.p12
        ocsp2.p12
        cross1.p12
        tls-c2.p12
        syntax-ext1.p12
        cab-domain-validated1.p12
        constant-ext-implicit-tag1.p12
        qc1.p12
        cab-org-validated2.p12
        constant-ext1.p12
        constant-ext-explicit-tag1.p12
        cab-individual-validated2.p12
        cab-org-validated1.p12
        cab-domain-validated2.p12
        multiple-ous2.p12
        max-time1.p12
        dsa
        ee-complex2.p12
        ee-complex1.p12
        gmt0015_1.p12
        smime-legacy1.p12
        tls2.p12
        tls1.p12
        multi-valued-rdn1.p12
        apple-wwdr1.p12
        tls-c1.p12
        multiple-ous1.p12
        rest-tls1.p12
        syntax-ext-explicit-tag1.p12
        fixed-partial-subject2.p12
        smime1.p12
        ocsp1.p12
        fixed-partial-subject1.p12
        syntax-ext-implicit-tag1.p12
        cab-individual-validated1.p12
        gmt0015_2.p12
        tls-neg.p12
        ocsp2.p12
        cross1.p12
        tls-c2.p12
        syntax-ext1.p12
        cab-domain-validated1.p12
        constant-ext-implicit-tag1.p12
        qc1.p12
        cab-org-validated2.p12
        constant-ext1.p12
        constant-ext-explicit-tag1.p12
        cab-individual-validated2.p12
        cab-org-validated1.p12
        cab-domain-validated2.p12
        multiple-ous2.p12
        max-time1.p12
        rsa
        ee-complex2.p12
        ee-complex1.p12
        gmt0015_1.p12
        smime-legacy1.p12
        tls2.p12
        tls1.p12
        multi-valued-rdn1.p12
        apple-wwdr1.p12
        tls-c1.p12
        multiple-ous1.p12
        rest-tls1.p12
        syntax-ext-explicit-tag1.p12
        fixed-partial-subject2.p12
        smime1.p12
        ocsp1.p12
        fixed-partial-subject1.p12
        syntax-ext-implicit-tag1.p12
        cab-individual-validated1.p12
        gmt0015_2.p12
        tls-neg.p12
        ocsp2.p12
        cross1.p12
        tls-c2.p12
        syntax-ext1.p12
        cab-domain-validated1.p12
        constant-ext-implicit-tag1.p12
        qc1.p12
        cab-org-validated2.p12
        constant-ext1.p12
        constant-ext-explicit-tag1.p12
        cab-individual-validated2.p12
        cab-org-validated1.p12
        cab-domain-validated2.p12
        multiple-ous2.p12
        max-time1.p12
        shared
        scep1.p12
        scep-ocsp2.p12
        scep-ocsp1-2.p12
        scep-ocsp1.p12
        genkeys.script
        ca-qa.script
        tools
        cmpclient.json
        main.script
        certprofile
        certprofile-tls-ed25519.json
        certprofile-tls-rsa.json
        certprofile-tls-x25519.json
        certprofile-tls-dsa-ec.json
        certprofile-rootca.json
        certprofile-tls-ed448.json
        certprofile-tls-x448.json
        gencerts.script
        template.ca-conf.json
        rest.sh
        eddsa
        template.subca.json
        lifecycle.script
        qa.script
        cmpclient.json
        ra.script
        template.rootca.json
        prepare-keys.script
        initdb.script
        template.ca-load.script
        reimport.script
        descriptors
        main.xml
    - pom.xml
    - README.md
  - ca-war
    - src
      - assembly
        unfiltered
        xipki
        etc
        ca
        database
        h2
        ca-db.properties
        ocsp-db.properties
        hsqldb
        ca-db.properties
        ocsp-db.properties
        oracle
        ca-db.properties
        ocsp-db.properties
        mysql
        ca-db.properties
        ocsp-db.properties
        pgsql
        ca-db.properties
        ocsp-db.properties
        mariadb
        ca-db.properties
        ocsp-db.properties
        db2
        ca-db.properties
        ocsp-db.properties
        ca.json
        audit.syslog.cfg
        descriptors
        main.xml
    - pom.xml
    - README.md
  - ocsp-war
    - src
      - assembly
        unfiltered
        xipki
        crls
        template
        crl-mycrl1
        UPDATEME
        README
        REVOCATION
        crl.url
        README
        etc
        ocsp
        database
        h2
        ocsp-cache-db.properties
        ocsp-crl-db.properties
        ca-db.properties
        ocsp-db.properties
        hsqldb
        ocsp-cache-db.properties
        ocsp-crl-db.properties
        ca-db.properties
        ocsp-db.properties
        oracle
        ocsp-cache-db.properties
        ocsp-crl-db.properties
        ca-db.properties
        ocsp-db.properties
        mysql
        ocsp-cache-db.properties
        ocsp-crl-db.properties
        ca-db.properties
        ocsp-db.properties
        pgsql
        ocsp-cache-db.properties
        ocsp-crl-db.properties
        ca-db.properties
        ocsp-db.properties
        mariadb
        ocsp-cache-db.properties
        ocsp-crl-db.properties
        ca-db.properties
        ocsp-db.properties
        db2
        ocsp-cache-db.properties
        ocsp-crl-db.properties
        ca-db.properties
        ocsp-db.properties
        example
        crl-store
        ocsp-responder.json
        ejbca-store
        ocsp-responder.json
        xipki-ca-db-store
        ocsp-responder.json
        xipki-db-store
        ocsp-responder.json
        ocsp.json
        keycerts
        ocsp1.p12
        descriptors
        main.xml
    - pom.xml
    - README.md
  - pom.xml
  - xipki-cli
    - src
      - main
        filtered
        etc
        branding.properties
        branding-ssh.properties
        patchkaraf
        org.ops4j.pax.logging.cfg.patch
        unfiltered
        xipki
        ca-setup
        configure-ocsp.script
        cacert-present
        setup-ec-p12.script
        README
        setup-dsa-p12.script
        setup-ec-yubikey.script
        setup-sm2-p11.script
        setup-sm2-p12.script
        setup-dsa-p11.script
        setup-ec-p11.script
        setup-rsa-p11.script
        template.ca-conf.json
        setup-rsa-p12.script
        certprofile
        certprofile-subca.json
        certprofile-tls-c.json
        certprofile-tls.json
        certprofile-scep.json
        certprofile-ocsp.json
        certprofile-smime.json
        certprofile-rootca.json
        cacert-none
        setup-ec-p12.script
        README
        setup-dsa-p12.script
        setup-ec-yubikey.script
        setup-sm2-p11.script
        setup-sm2-p12.script
        configure-ca.script
        setup-dsa-p11.script
        setup-ec-p11.script
        setup-rsa-p11.script
        template.ca-conf.json
        setup-rsa-p12.script
        client-script
        cmp-client.script
        scep-client.script
        rest-client.script
        rest.sh
        cmpclient
        cmpclient-mac.json
        cmpclient-signature.json
        etc
        org.xipki.shell.curl.cfg
        org.xipki.ca.mgmt.client.cfg
        org.xipki.ocsp.mgmt.client.cfg
        org.xipki.password.cfg
        org.xipki.cmpclient.cfg
        org.xipki.ocsp.client.cfg
        custom.properties
        org.xipki.security.cfg
        custom.system.properties
        descriptors
        main.xml
    - pom.xml
  - p11proxy-war
    - src
      - assembly
        unfiltered
        xipki
        etc
        p11proxy
        p11proxy.json
        descriptors
        main.xml
    - pom.xml
    - README.md
  - features
    - pom.xml
    - cli
      - src
        main
        filtered
        features.xml
      - pom.xml
    - qa
      - src
        main
        filtered
        features.xml
      - pom.xml
  - shared
    - dbtool
      - lib
        log4j2.properties
      - bin
        initdb.bat
        initdb.sh
    - license
      - bouncycastle-LICENSE.txt
      - Apache-License-v2.txt
      - iaikPKCS11Wrapper-LICENSE.txt
    - conf
      - tomcat
        bin
        setenv.bat
        setenv.sh
      - xipki
        security
        masterpassword.secret
        example
        pkcs11-emulator.json
        pkcs11-proxy.json
        pkcs11-yubikey.json
        pkcs11-hsm.json
- doc
  - database
    - misc
    - Perf-MySQL.md
    - db-sequence.txt
  - dev-env
    - xipki_google_checks.xml
    - eclipse-java-google-style.xml
    - README.md
  - git
    - git-commands.md
  - standards
    - etsi
    - public-tls
      - rfc6962.txt
    - misc
    - pkcs
    - commonpki
    - ietf
      - cms-rfc5652.txt
      - ocsp-rfc2560.txt
      - est-rfc7030.txt
      - x509-rfc6962.txt
      - notes.txt
      - cmc-rfc5274.txt
      - draft-gutmann-scep-00.txt
      - x509-rfc4262.txt
      - cmc-rfc6402.txt
      - dh-poc-rfc6955.txt
      - edwards-rfc8410.txt
      - x509-rfc7633.txt
      - cmp-rfc4211.txt
      - cmc-rfc5273.txt
      - draft-nourse-scep-23.txt
      - ocsp-rfc6960.txt
      - edwards-rfc8032.txt
      - cmc-rfc5272.txt
      - x509-rfc3739.txt
      - edwards-rfc7748.txt
      - pkcs5-rfc8018.txt
- ocsp-servlet
  - src
    - main
      - resources
        log4j2.properties
      - java
        org
        xipki
        ocsp
        servlet
        OcspConf.java
        TlsHelper.java
        HttpMgmtServlet.java
        OcspServletFilter.java
        package-info.java
        HealthCheckServlet.java
        OcspServlet.java
      - webapp
        META-INF
        MANIFEST.MF
        WEB-INF
        web.xml
  - pom.xml
- certprofile-xijson
  - src
    - main
      - java
        org
        xipki
        ca
        certprofile
        xijson
        QcStatementOption.java
        AdmissionExtension.java
        CertificatePolicyInformation.java
        NotBeforeOption.java
        MonetaryValueOption.java
        SubjectDirectoryAttributesControl.java
        BiometricInfoOption.java
        XijsonCertprofile.java
        DirectoryStringType.java
        package-info.java
        ExtensionSyntaxChecker.java
        CertificatePolicyQualifier.java
        conf
        AlgorithmType.java
        X509ProfileType.java
        GeneralSubtreeType.java
        Subject.java
        CertificatePolicyInformationType.java
        GeneralNameType.java
        SubjectToSubjectAltNameType.java
        ExtensionType.java
        KeyParametersType.java
        package-info.java
        KeypairGenerationType.java
        Describable.java
        QcStatementType.java
        CertprofileFactoryImpl.java
    - test
      - java
        org
        xipki
        ca
        certprofile
        test
        ProfileConfCreatorDemo.java
        DummyMain.java
  - pom.xml

/*
 *
 * Copyright (c) 2013 - 2020 Lijun Liao
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.xipki.ca.mgmt.db.port;

import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.nio.charset.Charset;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.nio.file.StandardOpenOption;
import java.security.cert.CRLException;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.LinkedList;
import java.util.List;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.zip.ZipEntry;
import java.util.zip.ZipOutputStream;

import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.cert.X509CRLHolder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.datasource.DataAccessException;
import org.xipki.datasource.DataSourceWrapper;
import org.xipki.security.HashAlgo;
import org.xipki.security.util.X509Util;
import org.xipki.util.Args;
import org.xipki.util.Base64;
import org.xipki.util.InvalidConfException;
import org.xipki.util.IoUtil;
import org.xipki.util.LogUtil;
import org.xipki.util.ProcessLog;
import org.xipki.util.StringUtil;

import com.alibaba.fastjson.JSON;

/**
 * Database exporter of CA CertStore.
 *
 * @author Lijun Liao
 * @since 2.0.0
 */

class CaCertstoreDbExporter extends DbPorter {

  private static final Logger LOG = LoggerFactory.getLogger(CaCertstoreDbExporter.class);

  private final int numCertsInBundle;

  private final int numCertsPerSelect;

  private final boolean resume;

  CaCertstoreDbExporter(DataSourceWrapper datasource, String baseDir, int numCertsInBundle,
      int numCertsPerSelect, boolean resume, AtomicBoolean stopMe)
          throws DataAccessException {
    super(datasource, baseDir, stopMe);

    this.numCertsInBundle = Args.positive(numCertsInBundle, "numCertsInBundle");
    this.numCertsPerSelect = Args.positive(numCertsPerSelect, "numCertsPerSelect");
    this.resume = resume;
  } // constructor

  public void export() throws Exception {
    CaCertstore certstore;
    if (resume) {
      try (InputStream is = Files.newInputStream(Paths.get(baseDir, FILENAME_CA_CERTSTORE))) {
        certstore = JSON.parseObject(is, CaCertstore.class);
      }
      certstore.validate();

      if (certstore.getVersion() > VERSION) {
        throw new Exception("could not continue with CertStore greater than "
            + VERSION + ": " + certstore.getVersion());
      }
    } else {
      certstore = new CaCertstore();
      certstore.setVersion(VERSION);
    }

    Exception exception = null;
    System.out.println("exporting CA certstore from database");
    try {
      if (!resume) {
        exportPublishQueue(certstore);
        exportDeltaCrlCache(certstore);
      }

      File processLogFile = new File(baseDir, DbPorter.EXPORT_PROCESS_LOG_FILENAME);

      Long idProcessedInLastProcess = null;
      CaDbEntryType typeProcessedInLastProcess = null;
      if (processLogFile.exists()) {
        byte[] content = IoUtil.read(processLogFile);
        if (content != null && content.length > 0) {
          String str = new String(content);
          int idx = str.indexOf(':');
          String typeName = str.substring(0, idx).trim();
          typeProcessedInLastProcess = CaDbEntryType.valueOf(typeName);
          idProcessedInLastProcess = Long.parseLong(str.substring(idx + 1).trim());
        }
      }

      if (CaDbEntryType.CRL == typeProcessedInLastProcess || typeProcessedInLastProcess == null) {
        exception = exportEntries(CaDbEntryType.CRL, certstore, processLogFile,
            idProcessedInLastProcess);
        typeProcessedInLastProcess = null;
        idProcessedInLastProcess = null;
      }

      CaDbEntryType[] types = {CaDbEntryType.CERT, CaDbEntryType.REQUEST, CaDbEntryType.REQCERT};

      for (CaDbEntryType type : types) {
        if (exception == null
            && (type == typeProcessedInLastProcess || typeProcessedInLastProcess == null)) {
          exception = exportEntries(type, certstore, processLogFile, idProcessedInLastProcess);
          typeProcessedInLastProcess = null;
          idProcessedInLastProcess = null;
        }
      }

      certstore.validate();
      try (OutputStream os = Files.newOutputStream(Paths.get(baseDir, FILENAME_CA_CERTSTORE))) {
        JSON.writeJSONString(os, Charset.forName("UTF-8"), certstore);
      }
    } catch (Exception ex) {
      System.err.println("could not export CA certstore from database");
      exception = ex;
    }

    if (exception == null) {
      System.out.println(" exported CA certstore from database");
    } else {
      throw exception;
    }
  } // method export

  private Exception exportEntries(CaDbEntryType type, CaCertstore certstore,
      File processLogFile, Long idProcessedInLastProcess) {
    String tablesText = "table " + type.getTableName();

    File dir = new File(baseDir, type.getDirName());
    dir.mkdirs();

    OutputStream entriesFileOs = null;
    try {
      entriesFileOs = Files.newOutputStream(Paths.get(baseDir, type.getDirName() + ".mf"),
          StandardOpenOption.CREATE, StandardOpenOption.APPEND);
      exportEntries(type, certstore, processLogFile, entriesFileOs, idProcessedInLastProcess);
      return null;
    } catch (Exception ex) {
      // delete the temporary files
      deleteTmpFiles(baseDir, "tmp-");

      System.err.println("\nexporting " + tablesText + " has been cancelled due to error,\n"
          + "please continue with the option '--resume'");
      LOG.error("Exception", ex);
      return ex;
    } finally {
      IoUtil.closeQuietly(entriesFileOs);
    }
  } // method exportEntries

  private void exportEntries(CaDbEntryType type, CaCertstore certstore, File processLogFile,
      OutputStream filenameListOs, Long idProcessedInLastProcess) throws Exception {
    // CHECKSTYLE:SKIP
    int numEntriesPerSelect = Math.max(1, Math.round(type.getSqlBatchFactor() * numCertsPerSelect));
    int numEntriesPerZip = Math.max(1, Math.round(type.getSqlBatchFactor() * numCertsInBundle));
    File entriesDir = new File(baseDir, type.getDirName());
    String tableName = type.getTableName();

    int numProcessedBefore;
    String coreSql;

    switch (type) {
      case CERT:
        numProcessedBefore = certstore.getCountCerts();
        coreSql = "ID,SN,CA_ID,PID,RID,RTYPE,TID,UID,EE,LUPDATE,REV,RR,RT,RIT,FP_RS,"
            + "REQ_SUBJECT,CRL_SCOPE,CERT FROM CERT WHERE ID>=?";
        break;
      case CRL:
        numProcessedBefore = certstore.getCountCrls();
        coreSql = "ID,CA_ID,CRL_SCOPE,CRL FROM CRL WHERE ID>=?";
        break;
      case REQUEST:
        numProcessedBefore = certstore.getCountRequests();
        coreSql = "ID,LUPDATE,DATA FROM REQUEST WHERE ID>=?";
        break;
      case REQCERT:
        numProcessedBefore = certstore.getCountReqCerts();
        coreSql = "ID,RID,CID FROM REQCERT WHERE ID>=?";
        break;
      default:
        throw new IllegalStateException("unknown CaDbEntryType " + type);
    }

    Long minId = (idProcessedInLastProcess != null) ? idProcessedInLastProcess + 1
        : min(tableName, "ID");

    String tablesText = "table " + type.getTableName();
    System.out.println("exporting " + tablesText + " from ID " + minId);

    final long maxId = max(tableName, "ID");
    long total = count(tableName) - numProcessedBefore;
    if (total < 1) {
      total = 1; // to avoid exception
    }

    String sql = datasource.buildSelectFirstSql(numEntriesPerSelect, "ID ASC", coreSql);

    Object entriesInCurrentFile = createContainer(type);
    PreparedStatement ps = prepareStatement(sql.toString());

    int numEntriesInCurrentFile = 0;

    int sum = 0;
    File currentEntriesZipFile = new File(baseDir,
        "tmp-" + type.getDirName() + "-" + System.currentTimeMillis() + ".zip");
    ZipOutputStream currentEntriesZip = getZipOutputStream(currentEntriesZipFile);

    long minIdOfCurrentFile = -1;
    long maxIdOfCurrentFile = -1;

    ProcessLog processLog = new ProcessLog(total);
    processLog.printHeader();

    try {
      Long id = null;
      boolean interrupted = false;
      long lastMaxId = minId - 1;

      while (true) {
        if (stopMe.get()) {
          interrupted = true;
          break;
        }

        ps.setLong(1, lastMaxId + 1);

        ResultSet rs = ps.executeQuery();

        // no entries anymore
        if (!rs.next()) {
          break;
        }

        do {
          id = rs.getLong("ID");
          if (lastMaxId < id) {
            lastMaxId = id;
          }

          if (minIdOfCurrentFile == -1) {
            minIdOfCurrentFile = id;
          } else if (minIdOfCurrentFile > id) {
            minIdOfCurrentFile = id;
          }

          if (maxIdOfCurrentFile == -1) {
            maxIdOfCurrentFile = id;
          } else if (maxIdOfCurrentFile < id) {
            maxIdOfCurrentFile = id;
          }

          if (CaDbEntryType.CERT == type) {
            byte[] certBytes = Base64.decodeFast(rs.getString("CERT"));

            String sha1 = HashAlgo.SHA1.hexHash(certBytes);
            String certFileName = sha1 + ".der";
            ZipEntry certZipEntry = new ZipEntry(certFileName);
            currentEntriesZip.putNextEntry(certZipEntry);
            try {
              currentEntriesZip.write(certBytes);
            } finally {
              currentEntriesZip.closeEntry();
            }

            CaCertstore.Cert cert = new CaCertstore.Cert();
            cert.setId(id);
            cert.setCaId(rs.getInt("CA_ID"));
            cert.setEe(rs.getBoolean("EE"));
            cert.setFile(certFileName);

            long fpReqSubject = rs.getLong("FP_RS");
            if (fpReqSubject != 0) {
              cert.setFpRs(fpReqSubject);
              cert.setRs(rs.getString("REQ_SUBJECT"));
            }

            cert.setPid(rs.getInt("PID"));
            cert.setReqType(rs.getInt("RTYPE"));
            cert.setRid(rs.getInt("RID"));
            cert.setSn(rs.getString("SN"));

            String str = rs.getString("TID");
            if (StringUtil.isNotBlank(str)) {
              cert.setTid(str);
            }

            int userId = rs.getInt("UID");
            if (userId != 0) {
              cert.setUid(userId);
            }
            cert.setUpdate(rs.getLong("LUPDATE"));

            int revoked = rs.getInt("REV");
            cert.setRev(revoked);

            if (revoked == 1) {
              cert.setRr(rs.getInt("RR"));
              cert.setRt(rs.getLong("RT"));
              long revInvTime = rs.getLong("RIT");
              if (revInvTime != 0) {
                cert.setRit(revInvTime);
              }
            }

            cert.setCrlScope(rs.getInt("CRL_SCOPE"));

            cert.validate();
            ((CaCertstore.Certs) entriesInCurrentFile).add(cert);
          } else if (CaDbEntryType.CRL == type) {
            byte[] crlBytes = Base64.decodeFast(rs.getString("CRL"));

            X509CRLHolder x509Crl = null;
            try {
              x509Crl = X509Util.parseCrl(crlBytes);
            } catch (CRLException ex) {
              LogUtil.error(LOG, ex, "could not parse CRL with id " + id);
              throw ex;
            } catch (Exception ex) {
              LogUtil.error(LOG, ex, "could not parse CRL with id " + id);
              throw new CRLException(ex.getMessage(), ex);
            }

            byte[] extnValue = X509Util.getCoreExtValue(x509Crl.getExtensions(),
                                  Extension.cRLNumber);
            if (extnValue == null) {
              LOG.warn("CRL without CRL number, ignore it");
              continue;
            }
            String sha1 = HashAlgo.SHA1.hexHash(crlBytes);

            final String crlFilename = sha1 + ".crl";
            ZipEntry certZipEntry = new ZipEntry(crlFilename);
            currentEntriesZip.putNextEntry(certZipEntry);
            try {
              currentEntriesZip.write(crlBytes);
            } finally {
              currentEntriesZip.closeEntry();
            }

            CaCertstore.Crl crl = new CaCertstore.Crl();
            crl.setId(id);

            crl.setCaId(rs.getInt("CA_ID"));

            BigInteger crlNumber = ASN1Integer.getInstance(extnValue).getPositiveValue();
            crl.setCrlNo(crlNumber.toString());
            crl.setCrlScope(rs.getInt("CRL_SCOPE"));
            crl.setFile(crlFilename);

            crl.validate();
            ((CaCertstore.Crls) entriesInCurrentFile).add(crl);
          } else if (CaDbEntryType.REQUEST == type) {
            byte[] dataBytes = Base64.decodeFast(rs.getString("DATA"));
            String sha1 = HashAlgo.SHA1.hexHash(dataBytes);
            final String dataFilename = sha1 + ".req";
            ZipEntry certZipEntry = new ZipEntry(dataFilename);
            currentEntriesZip.putNextEntry(certZipEntry);
            try {
              currentEntriesZip.write(dataBytes);
            } finally {
              currentEntriesZip.closeEntry();
            }

            CaCertstore.Request entry = new CaCertstore.Request();
            entry.setId(id);
            entry.setUpdate(rs.getLong("LUPDATE"));
            entry.setFile(dataFilename);

            entry.validate();
            ((CaCertstore.Requests) entriesInCurrentFile).add(entry);
          } else if (CaDbEntryType.REQCERT == type) {
            CaCertstore.ReqCert entry = new CaCertstore.ReqCert();
            entry.setId(id);
            entry.setCid(rs.getLong("CID"));
            entry.setRid(rs.getLong("RID"));

            entry.validate();
            ((CaCertstore.ReqCerts) entriesInCurrentFile).add(entry);
          } else {
            throw new IllegalStateException("unknown CaDbEntryType " + type);
          }

          numEntriesInCurrentFile++;
          sum++;

          if (numEntriesInCurrentFile == numEntriesPerZip) {
            String currentEntriesFilename = buildFilename(type.getDirName() + "_", ".zip",
                minIdOfCurrentFile, maxIdOfCurrentFile, maxId);
            finalizeZip(currentEntriesZip, "overview.json", entriesInCurrentFile);
            currentEntriesZipFile.renameTo(new File(entriesDir, currentEntriesFilename));

            writeLine(filenameListOs, currentEntriesFilename);
            setCount(type, certstore, numProcessedBefore + sum);
            echoToFile(tableName + ":" + Long.toString(id), processLogFile);

            processLog.addNumProcessed(numEntriesInCurrentFile);
            processLog.printStatus();

            // reset
            entriesInCurrentFile = createContainer(type);
            numEntriesInCurrentFile = 0;
            minIdOfCurrentFile = -1;
            maxIdOfCurrentFile = -1;
            currentEntriesZipFile = new File(baseDir, "tmp-" + type.getDirName() + "-"
                + System.currentTimeMillis() + ".zip");
            currentEntriesZip = getZipOutputStream(currentEntriesZipFile);
          }
        } while (rs.next());

        rs.close();
      } // end for

      if (interrupted) {
        currentEntriesZip.close();
        throw new InterruptedException("interrupted by the user");
      }

      if (numEntriesInCurrentFile > 0) {
        finalizeZip(currentEntriesZip, "overview.json", entriesInCurrentFile);

        String currentEntriesFilename = buildFilename(type.getDirName() + "_", ".zip",
            minIdOfCurrentFile, maxIdOfCurrentFile, maxId);
        currentEntriesZipFile.renameTo(new File(entriesDir, currentEntriesFilename));

        writeLine(filenameListOs, currentEntriesFilename);
        setCount(type, certstore, numProcessedBefore + sum);
        if (id != null) {
          echoToFile(Long.toString(id), processLogFile);
        }

        processLog.addNumProcessed(numEntriesInCurrentFile);
      } else {
        currentEntriesZip.close();
        currentEntriesZipFile.delete();
      }

    } catch (SQLException ex) {
      throw translate(null, ex);
    } finally {
      releaseResources(ps, null);
    } // end try

    processLog.printTrailer();
    // all successful, delete the processLogFile
    processLogFile.delete();
    System.out.println(" exported " + sum + " entries from " + tablesText);
  } // method exportEntries

  private void exportPublishQueue(CaCertstore certstore)
      throws DataAccessException, InvalidConfException {
    System.out.println("exporting table PUBLISHQUEUE");

    String sql = "SELECT CID,PID,CA_ID FROM PUBLISHQUEUE WHERE CID>=? AND CID<? ORDER BY CID ASC";
    final int minId = (int) min("PUBLISHQUEUE", "CID");
    final int maxId = (int) max("PUBLISHQUEUE", "CID");

    List<CaCertstore.ToPublish> queue = new LinkedList<>();
    certstore.setPublishQueue(queue);
    if (maxId == 0) {
      System.out.println(" exported table PUBLISHQUEUE");
      return;
    }

    PreparedStatement ps = prepareStatement(sql);
    ResultSet rs = null;

    final int n = 500;

    try {
      for (int i = minId; i <= maxId; i += n) {
        ps.setInt(1, i);
        ps.setInt(2, i + n);

        rs = ps.executeQuery();

        while (rs.next()) {
          CaCertstore.ToPublish toPub = new CaCertstore.ToPublish();
          toPub.setPubId(rs.getInt("PID"));
          toPub.setCertId(rs.getInt("CID"));
          toPub.setCaId(rs.getInt("CA_ID"));

          toPub.validate();
          queue.add(toPub);
        }
      }
    } catch (SQLException ex) {
      throw translate(sql, ex);
    } finally {
      releaseResources(ps, rs);
    }
    System.out.println(" exported table PUBLISHQUEUE");
  } // method exportPublishQueue

  private void exportDeltaCrlCache(CaCertstore certstore)
      throws DataAccessException, InvalidConfException {
    System.out.println("exporting table DELTACRL_CACHE");

    final String sql = "SELECT SN,CA_ID FROM DELTACRL_CACHE";

    List<CaCertstore.DeltaCrlCacheEntry> deltaCache = new LinkedList<>();
    certstore.setDeltaCrlCache(deltaCache);

    PreparedStatement ps = prepareStatement(sql);
    ResultSet rs = null;

    try {
      rs = ps.executeQuery();

      while (rs.next()) {
        CaCertstore.DeltaCrlCacheEntry entry = new CaCertstore.DeltaCrlCacheEntry();
        entry.setCaId(rs.getInt("CA_ID"));
        entry.setSerial(rs.getString("SN"));

        entry.validate();
        deltaCache.add(entry);
      }
    } catch (SQLException ex) {
      throw translate(sql, ex);
    } finally {
      releaseResources(ps, rs);
    }

    System.out.println(" exported table DELTACRL_CACHE");
  } // method exportDeltaCrlCache

  private void finalizeZip(ZipOutputStream zipOutStream, String filename, Object container)
      throws IOException {
    ZipEntry certZipEntry = new ZipEntry(filename);
    zipOutStream.putNextEntry(certZipEntry);
    try {
      JSON.writeJSONString(zipOutStream, Charset.forName("UTF-8"), container);
    } finally {
      zipOutStream.closeEntry();
    }

    zipOutStream.close();
  } // method finalizeZip

  private static Object createContainer(CaDbEntryType type) throws IOException {
    switch (type) {
      case CERT:
        return new CaCertstore.Certs();
      case CRL:
        return new CaCertstore.Crls();
      case REQUEST:
        return new CaCertstore.Requests();
      case REQCERT:
        return new CaCertstore.ReqCerts();
      default:
        throw new IllegalStateException("unknown CaDbEntryType " + type);
    }
  } // method createContainer

  private static void setCount(CaDbEntryType type, CaCertstore certstore, int num) {
    switch (type) {
      case CERT:
        certstore.setCountCerts(num);
        break;
      case CRL:
        certstore.setCountCrls(num);
        break;
      case REQUEST:
        certstore.setCountRequests(num);
        break;
      case REQCERT:
        certstore.setCountReqCerts(num);
        break;
      default:
        throw new IllegalStateException("unknown CaDbEntryType " + type);
    }
  } // method setCount
}