java source code of OcspCertstoreDbExporter

xipki-master
- security
  - src
    - main
      - resources
        OSGI-INF
        blueprint
        config.xml
      - java
        org
        xipki
        security
        SecurityFactoryImpl.java
        CrlReason.java
        KeyCertPair.java
        CollectionAlgorithmValidator.java
        ConcurrentContentSigner.java
        SignerFactory.java
        ctlog
        CtLogMessages.java
        package-info.java
        CtLog.java
        CertpathValidationModel.java
        X509ExtensionType.java
        SignerFactoryRegister.java
        CryptException.java
        DHSigStaticKeyCertPair.java
        AbstractSecurityFactory.java
        pkcs12
        P12KeyGenerationResult.java
        P12KeyGenerator.java
        P12XdhMacContentSignerBuilder.java
        AESGmacContentSigner.java
        HmacContentSigner.java
        P12MacContentSignerBuilder.java
        KeypairWithCert.java
        KeystoreGenerationParameters.java
        package-info.java
        P12SignerFactory.java
        P12ContentSignerBuilder.java
        DfltConcurrentContentSigner.java
        BadInputException.java
        ExtensionExistence.java
        SignerConf.java
        FpIdCalculator.java
        util
        CmpFailureUtil.java
        DSAParameterCache.java
        AlgorithmUtil.java
        SignerUtil.java
        X509Util.java
        package-info.java
        GMUtil.java
        KeyUtil.java
        RSABrokenKey.java
        SecurityFactory.java
        NoIdleSignerException.java
        asn1
        Asn1StreamParser.java
        CrlStreamParser.java
        package-info.java
        SignerFactoryRegisterImpl.java
        KeyUsage.java
        XiSecurityException.java
        package-info.java
        SignerException.java
        X509Cert.java
        pkcs11
        P11IdentityId.java
        P11PlainRSASigner.java
        P11CryptServiceFactory.java
        P11Slot.java
        P11ContentSignerBuilder.java
        P11MacContentSignerBuilder.java
        P11Params.java
        P11TokenException.java
        P11DuplicateEntityException.java
        P11KeyParameter.java
        P11PrivateKey.java
        P11CryptServiceFactoryImpl.java
        P11CryptService.java
        iaik
        IaikP11Slot.java
        IaikP11ModuleFactory.java
        package-info.java
        IaikP11Identity.java
        IaikP11Module.java
        P11UnsupportedMechanismException.java
        P11ContentSigner.java
        P11Identity.java
        Pkcs11conf.java
        P11PermissionException.java
        package-info.java
        P11SignerFactory.java
        P11SlotIdentifier.java
        P11ModuleFactoryRegisterImpl.java
        P11ModuleFactory.java
        P11ModuleConf.java
        P11ObjectIdentifier.java
        DigestOutputStream.java
        P11Module.java
        P11RSAKeyParameter.java
        P11UnknownEntityException.java
        P11ModuleFactoryRegister.java
        AlgorithmCode.java
        EdECConstants.java
        KeypairGenerationResult.java
        cmp
        CmpUtf8Pairs.java
        PkiStatusInfo.java
        CmpUtil.java
        ProtectionVerificationResult.java
        VerifiedPkiMessage.java
        package-info.java
        ProtectionResult.java
        TlsExtensionType.java
        HashAlgo.java
        XiSecurityConstants.java
        CertRevocationInfo.java
        SignatureSigner.java
        XiWrappedContentSigner.java
        BadAsn1ObjectException.java
        SignatureAlgoControl.java
        HashCalculator.java
        IssuerHash.java
        AlgorithmValidator.java
        DSAPlainDigestSigner.java
        ObjectIdentifiers.java
        Providers.java
        XiContentSigner.java
        bc
        XiXDHContentVerifierProvider.java
        package-info.java
        XiRSAContentVerifierProviderBuilder.java
        XiECContentVerifierProviderBuilder.java
        XiEdDSAContentVerifierProvider.java
        Securities.java
        ConcurrentBagEntrySigner.java
    - test
      - resources
        crls
        crl-4
        ca.crt
        no-revoked-certs.crl
        crl-5
        ca.crt
        no-crlnumber.crl
        crl-6
        ca.crt
        no-extensions.crl
        crl-1
        ca.crt
        subcawithcrl1.crl
        crl-3
        ca.crt
        subcawithcrl1.crl
        crl-2
        ca1-crl.crl
        ca1-cert.crt
        ctlog-certs
        cab-domain-validated1.crt
        githubcom.pem
        letsencrypt
        google-xenon2020-pubkey.pem
        letsencrypt-org.pem
        ca-of-letsencrypt-org.pem
        cab-org-validated1.crt
        test1.p12
        test1.der
      - java
        org
        xipki
        security
        pkcs12
        test
        Pkcs12RSATest.java
        Pkcs12SHA256withRSATest.java
        test
        CtLogVerifyTest.java
        CtLogTest.java
        CrlStreamParserTest.java
        cmp
        test
        CmpUtf8PairsTest.java
  - pom.xml
- password
  - src
    - main
      - resources
        OSGI-INF
        blueprint
        config.xml
      - java
        org
        xipki
        password
        Passwords.java
        PasswordResolverException.java
        OBFPasswordService.java
        PasswordCallback.java
        PasswordResolverImpl.java
        PasswordBasedEncryption.java
        PasswordResolver.java
        PBEPasswordService.java
        package-info.java
        SecurePasswordInputPanel.java
        PBEAlgo.java
        SinglePasswordResolver.java
    - test
      - java
        org
        xipki
        password
        test
        PBEWithHmacSHA256AndAES256Test.java
  - pom.xml
- ocsp-server
  - src
    - main
      - resources
        sql
        ocsp-cache-init.xml
        version
      - java
        org
        xipki
        ocsp
        server
        IssuerFilter.java
        QuadrupleState.java
        RequestOption.java
        OcspResponseStatus.java
        OcspResponderException.java
        Template.java
        ResponderImpl.java
        OcspServerImpl.java
        type
        ExtendedExtension.java
        Extensions.java
        OID.java
        ResponseData.java
        ResponderID.java
        package-info.java
        OcspRequest.java
        CertID.java
        ASN1Type.java
        Extension.java
        EncodingException.java
        WritableOnlyExtension.java
        TaggedCertSequence.java
        SingleResponse.java
        OcspServerConf.java
        ResponderOption.java
        store
        CrlDbCertStatusStore.java
        CrlInfo.java
        IssuerEntry.java
        IssuerStore.java
        SimpleIssuerEntry.java
        DbCertStatusStore.java
        package-info.java
        ResponseCacher.java
        ejbca
        package-info.java
        EjbcaCertStatusStore.java
        EjbcaIssuerStore.java
        EjbcaIssuerEntry.java
        ImportCrl.java
        CaDbCertStatusStore.java
        package-info.java
        ResponseSigner.java
        OCSPRespBuilder.java
    - test
      - java
        org
        xipki
        ocsp
        server
        impl
        test
        Foo.java
  - pom.xml
- shells
  - dbtool-shell
    - src
      - main
        java
        org
        xipki
        dbtool
        shell
        Actions.java
        package-info.java
    - pom.xml
  - security-shell
    - src
      - main
        java
        org
        xipki
        security
        shell
        P11Actions.java
        P12Actions.java
        Actions.java
        SecurityCompleters.java
        package-info.java
      - test
        java
        org
        xipki
        security
        shell
        test
        ExtensionsConfCreatorDemo.java
    - pom.xml
  - qa-shell
    - src
      - main
        java
        org
        xipki
        qa
        shell
        QaSecurityActions.java
        QaCaActions.java
        QaP11Actions.java
        package-info.java
        QaCompleters.java
        QaOcspActions.java
    - pom.xml
  - ocsp-mgmt-shell
    - src
      - main
        java
        org
        xipki
        ocsp
        mgmt
        shell
        Actions.java
        package-info.java
    - pom.xml
  - cmpclient-shell
    - src
      - main
        java
        org
        xipki
        cmpclient
        shell
        Actions.java
        CmpClientCompleters.java
        package-info.java
    - pom.xml
  - pom.xml
  - ca-mgmt-shell
    - src
      - main
        java
        org
        xipki
        ca
        mgmt
        shell
        CaActions.java
        DbActions.java
        package-info.java
        CertActions.java
        ShellUtil.java
        CaCompleters.java
    - pom.xml
  - scep-client-shell
    - src
      - main
        java
        org
        xipki
        scep
        client
        shell
        Actions.java
        package-info.java
    - pom.xml
  - ocsp-client-shell
    - src
      - main
        java
        org
        xipki
        ocsp
        client
        shell
        Actions.java
        package-info.java
    - pom.xml
  - shell-base
    - src
      - main
        resources
        OSGI-INF
        blueprint
        config.xml
        java
        org
        xipki
        shell
        IllegalCmdParamException.java
        Actions.java
        XiAction.java
        FileUtils.java
        package-info.java
        Completers.java
        CmdFailure.java
        DynamicEnumCompleter.java
        EnumCompleter.java
    - pom.xml
- ca-api
  - src
    - main
      - resources
        conf
        areacode.cfg
        rdnorder.cfg
      - java
        org
        xipki
        ca
        api
        CertificateInfo.java
        CertWithDbId.java
        publisher
        CertPublisherException.java
        CertPublisherFactory.java
        CertPublisher.java
        package-info.java
        CertPublisherFactoryRegister.java
        NameId.java
        RequestType.java
        mgmt
        PermissionConstants.java
        MgmtRequest.java
        CaConf.java
        CrlControl.java
        CmpControl.java
        CaMgmtException.java
        CaConfType.java
        RevokeSuspendedControl.java
        RequestorInfo.java
        ProtocolSupport.java
        ValidityMode.java
        MgmtMessage.java
        MgmtEntry.java
        CaManager.java
        package-info.java
        CertListInfo.java
        CertListOrderBy.java
        MgmtResponse.java
        CertWithStatusInfo.java
        CaStatus.java
        ScepControl.java
        CaSystemStatus.java
        CertWithRevocationInfo.java
        CtlogControl.java
        CaConfs.java
        OperationException.java
        BadCertTemplateException.java
        package-info.java
        BadFormatException.java
        PublicCaInfo.java
        RestAPIConstants.java
        profile
        ExtensionValues.java
        TextVadidator.java
        KeypairGenControl.java
        ExtensionValue.java
        CertprofileException.java
        CertprofileFactory.java
        ExtensionSpec.java
        package-info.java
        Range.java
        CertprofileFactoryRegister.java
        KeyParametersOption.java
        Certprofile.java
        SubjectDnSpec.java
        DomainValidator.java
        BaseCertprofile.java
        CaUris.java
        InsuffientPermissionException.java
  - pom.xml
- ocsp-api
  - src
    - main
      - java
        org
        xipki
        ocsp
        api
        OcspStoreException.java
        ResponderAndPath.java
        OcspStore.java
        OcspRespWithCacheInfo.java
        mgmt
        OcspManager.java
        MgmtRequest.java
        MgmtMessage.java
        package-info.java
        MgmtResponse.java
        OcspMgmtException.java
        RequestIssuer.java
        package-info.java
        OcspServer.java
        Responder.java
        CertStatusInfo.java
  - pom.xml
- security-extra
  - src
    - main
      - resources
        OSGI-INF
        blueprint
        config.xml
      - java
        org
        xipki
        security
        pkcs11
        provider
        P11ECDSASignatureSpi.java
        P11RSAPSSSignatureSpi.java
        P11PlainECDSASignatureSpi.java
        P11DSASignatureSpi.java
        XiKeyStoreSpi.java
        XiProvider.java
        P11RSADigestSignatureSpi.java
        package-info.java
        XiSM2ParameterSpec.java
        AbstractP11ECDSASignatureSpi.java
        XiProviderRegister.java
        P11SM3WithSM2SignatureSpi.java
        proxy
        ProxyP11Module.java
        ProxyP11ModuleFactory.java
        package-info.java
        ProxyMessage.java
        P11ProxyConstants.java
        ProxyP11Identity.java
        ProxyP11Slot.java
        emulator
        EmulatorP11Slot.java
        SM2Signer.java
        EmulatorP11ModuleFactory.java
        EmulatorP11Identity.java
        package-info.java
        PrivateKeyCryptor.java
        EmulatorP11Module.java
  - pom.xml
- examples
  - certprofile-example
    - src
      - main
        java
        org
        xipki
        ca
        certprofile
        demo
        package-info.java
        DemoCertprofile.java
        CertprofileFactoryImpl.java
    - pom.xml
  - pom.xml
  - lite-caclient-example
    - src
      - main
        java
        org
        xipki
        litecaclient
        TlsInit.java
        PbmMacCmpCaClient.java
        package-info.java
        RestCaClient.java
        example
        SignatureCmpCaClientExample.java
        Base64.java
        CaClientExample.java
        RestCaClientExample.java
        PbmMacCmpCaClientExample.java
        package-info.java
        KeyAndCert.java
        ObjectIdentifiers.java
        SdkUtil.java
        SignatureCmpCaClient.java
        CmpCaClient.java
    - pom.xml
  - ocsp-store-example
    - src
      - main
        java
        org
        xipki
        ocsp
        server
        store
        example
        IssuerEntry.java
        DummyStore.java
        package-info.java
    - pom.xml
  - dummy-ctlog-server
    - src
      - main
        java
        org
        xipki
        ctlog
        dummyserver
        CtLogServletRSA.java
        CtLogServletEC.java
        package-info.java
        CtLogServlet.java
        webapp
        WEB-INF
        web.xml
    - pom.xml
  - scep-example
    - src
      - main
        java
        org
        xipki
        scep
        example
        CaClientExample.java
        package-info.java
        ScepClientExample.java
    - pom.xml
  - ocsp-store-example-assembly
    - src
      - assembly
        unfiltered
        xipki
        etc
        ocsp
        ocsp-responder.json
        keycerts
        ocsp1.p12
        ca-cert.pem
        README.md
        descriptors
        main.xml
    - pom.xml
- pom.xml
- audit
  - src
    - main
      - java
        org
        xipki
        audit
        PciAuditEvent.java
        AuditEvent.java
        services
        package-info.java
        EmbedAuditService.java
        SyslogAuditService.java
        AuditServiceRuntimeException.java
        AuditService.java
        package-info.java
        AuditLevel.java
        AuditEventData.java
        AuditStatus.java
        Audits.java
  - pom.xml
- p11proxy-servlet
  - src
    - main
      - resources
        version
        log4j2.properties
      - java
        org
        xipki
        p11proxy
        servlet
        LocalP11CryptServicePool.java
        P11ProxyResponder.java
        package-info.java
        P11ProxyConf.java
        HttpProxyServlet.java
        ProxyServletFilter.java
      - webapp
        META-INF
        MANIFEST.MF
        WEB-INF
        web.xml
  - pom.xml
- LICENSE
- dbtool
  - src
    - main
      - java
        org
        xipki
        dbtool
        package-info.java
        LiquibaseMain.java
        InvalidInputException.java
        InitDbMain.java
  - pom.xml
- util
  - src
    - main
      - java
        org
        xipki
        util
        ValidatableConf.java
        ProcessLog.java
        StringUtil.java
        Base64Url.java
        HealthCheckResult.java
        FileOrValue.java
        Curl.java
        RandomUtil.java
        Base64.java
        LruCache.java
        DefaultCurl.java
        Hex.java
        Validity.java
        Args.java
        ObjectCreationException.java
        CompareUtil.java
        ReqRespDebug.java
        LogUtil.java
        package-info.java
        BenchmarkExecutor.java
        DateUtil.java
        XipkiBaseDir.java
        http
        SslContextConf.java
        SSLContextBuilder.java
        package-info.java
        HostnameVerifiers.java
        concurrent
        ConcurrentBag.java
        ConcurrentBagEntry.java
        FastList.java
        ClockSource.java
        package-info.java
        CountLatch.java
        IoUtil.java
        FileOrBinary.java
        HttpConstants.java
        CollectionUtil.java
        ConfPairs.java
        PemEncoder.java
        TripleState.java
        InvalidConfException.java
    - test
      - resources
        HEADER.txt
      - java
        org
        xipki
        common
        test
        DateUtilTest.java
        ConfPairsTest.java
        CanonicalizeCode.java
  - pom.xml
- ca-servlet
  - src
    - main
      - resources
        log4j2.properties
      - java
        org
        xipki
        ca
        servlet
        HttpCmpServlet.java
        HttpRestServlet.java
        TlsHelper.java
        HttpMgmtServlet.java
        HttpScepServlet.java
        HttpRespAuditException.java
        package-info.java
        HealthCheckServlet.java
        HttpRequestMetadataRetrieverImpl.java
        CaServletFilter.java
      - webapp
        META-INF
        MANIFEST.MF
        WEB-INF
        web.xml
  - pom.xml
- ca-mgmt-client
  - src
    - main
      - resources
        OSGI-INF
        blueprint
        config.xml
      - java
        org
        xipki
        ca
        mgmt
        db
        DbToolBase.java
        package-info.java
        port
        AbstractOcspCertstoreDbImporter.java
        DbPorter.java
        OcspCertstoreDbImporter.java
        DbPortWorker.java
        CaCertstoreDbImporter.java
        CaCertstore.java
        CaconfDbExporter.java
        OcspCertstoreDbExporter.java
        OcspCertstore.java
        OcspCertStoreFromCaDbImporter.java
        package-info.java
        CaconfDbImporter.java
        IdentifidDbObject.java
        CaCertstoreDbExporter.java
        DbSchemaInfo.java
        diffdb
        DigestDiffWorker.java
        RefDigestReader.java
        TargetDigestReader.java
        QueueEntry.java
        DigestDiffReporter.java
        DigestDiff.java
        DbType.java
        package-info.java
        IdentifiedDigestEntry.java
        CertsBundle.java
        DigestEntry.java
        client
        CaMgmtClient.java
        package-info.java
  - pom.xml
- CHANGELOG.md
- ocsp-mgmt-client
  - src
    - main
      - resources
        OSGI-INF
        blueprint
        config.xml
      - java
        org
        xipki
        ocsp
        mgmt
        client
        OcspMgmtClient.java
        package-info.java
  - pom.xml
- datasource
  - src
    - main
      - java
        org
        xipki
        datasource
        DataSourceConf.java
        DataAccessException.java
        SqlStateCodes.java
        package-info.java
        DataSourceFactory.java
        SqlErrorCodes.java
        DataSourceWrapper.java
        DatabaseType.java
  - pom.xml
- .travis.yml
- README.md
- ocsp-client
  - src
    - main
      - resources
        OSGI-INF
        blueprint
        config.xml
      - java
        org
        xipki
        ocsp
        client
        OcspRequestorException.java
        XiOCSPReqBuilder.java
        OcspRequestor.java
        OcspResponseException.java
        package-info.java
        RequestOptions.java
        AbstractOcspRequestor.java
        HttpOcspRequestor.java
  - pom.xml
- CODE_OF_CONDUCT.md
- cmpclient
  - src
    - main
      - resources
        OSGI-INF
        blueprint
        config.xml
      - java
        org
        xipki
        cmpclient
        EnrollCertRequest.java
        CertIdOrError.java
        CertprofileInfo.java
        CmpClientException.java
        CmpClientConf.java
        UnrevokeOrRemoveCertRequest.java
        package-info.java
        internal
        CaConf.java
        EnrollCertResponse.java
        RevokeCertResponse.java
        CsrEnrollCertRequest.java
        RemoveExpiredCertsResult.java
        Requestor.java
        package-info.java
        CmpClientImpl.java
        Responder.java
        ResultEntry.java
        CmpAgent.java
        PkiErrorException.java
        RevokeCertRequest.java
        EnrollCertResult.java
        CmpClient.java
        IdentifiedObject.java
  - pom.xml
- ca-server
  - src
    - main
      - resources
        sql
        ca-init.xml
        ca-init-v4.xml
        ocsp-init.xml
        version
      - java
        org
        xipki
        ca
        server
        CertRepublisher.java
        CaServerConf.java
        CaUtil.java
        CertRevInfoWithSerial.java
        RandomSerialNumberGenerator.java
        publisher
        OcspCertPublisher.java
        package-info.java
        OcspStoreQueryExecutor.java
        OcspCertPublisherFactory.java
        CaAuditConstants.java
        CertTemplateData.java
        SelfSignedCertBuilder.java
        DhpocControl.java
        CtLogClient.java
        IdentifiedCertprofile.java
        CaIdNameMap.java
        X509Ca.java
        CaManagerImpl.java
        PasswordHash.java
        CtLogPublicKeyFinder.java
        RequestorEntryWrapper.java
        package-info.java
        RestResponder.java
        SignerEntryWrapper.java
        UniqueIdGenerator.java
        CertStore.java
        cmp
        BaseCmpResponder.java
        CmpResponder.java
        package-info.java
        CrmfKeyWrapper.java
        PendingCertificatePool.java
        CaManagerQueryExecutor.java
        IdentifiedCertPublisher.java
        ScepResponder.java
        HttpRequestMetadataRetriever.java
        CaInfo.java
    - test
      - java
        org
        xipki
        ca
        server
        PasswordHashTest.java
  - pom.xml
- qa
  - src
    - main
      - resources
        OSGI-INF
        blueprint
        config.xml
        testkeys
        ec-1.3.132.0.26.p12
        ec-1.2.840.10045.3.0.5.p12
        ec-1.3.132.0.36.p12
        ec-1.3.132.0.10.p12
        ec-1.3.132.0.27.p12
        ec-1.2.840.10045.3.0.16.p12
        rsa-2048-0x10000000000000001.p12
        dsa-2048-256.p12
        ec-1.3.132.0.4.p12
        ec-1.3.36.3.3.2.8.1.1.6.p12
        rsa-4096-0x10000000000000001.p12
        ec-1.3.36.3.3.2.8.1.1.4.p12
        dsa-3072-256.p12
        ec-1.2.840.10045.3.0.13.p12
        ec-1.2.840.10045.3.1.2.p12
        ec-1.3.132.0.29.p12
        ec-1.3.132.0.16.p12
        rsa-4096-0x100000001.p12
        ec-1.3.36.3.3.2.8.1.1.9.p12
        ec-1.3.36.3.3.2.8.1.1.14.p12
        ec-1.3.36.3.3.2.8.1.1.7.p12
        ec-1.3.36.3.3.2.8.1.1.10.p12
        ec-1.2.840.10045.3.0.20.p12
        ec-1.3.36.3.3.2.8.1.1.8.p12
        ec-1.3.132.0.28.p12
        dsa-1024-160.p12
        ec-1.3.132.0.5.p12
        ec-1.2.840.10045.3.0.6.p12
        ec-1.2.840.10045.3.0.11.p12
        ec-1.3.132.0.9.p12
        ec-1.3.132.0.38.p12
        ec-1.2.840.10045.3.0.3.p12
        ec-1.2.840.10045.3.0.2.p12
        rsa-3072-0x10001.p12
        ec-1.2.840.10045.3.0.12.p12
        ec-1.3.132.0.35.p12
        ec-1.2.840.10045.3.0.7.p12
        ec-1.2.840.10045.3.0.4.p12
        ec-1.3.132.0.34.p12
        ec-1.3.132.0.33.p12
        ec-1.2.840.10045.3.1.7.p12
        dsa-2048-224.p12
        rsa-2048-0x10001.p12
        ec-1.3.132.0.15.p12
        ec-1.3.132.0.8.p12
        ec-1.3.132.0.30.p12
        ec-1.2.840.10045.3.1.4.p12
        ec-1.3.36.3.3.2.8.1.1.5.p12
        ec-1.2.840.10045.3.1.1.p12
        ec-1.3.132.0.2.p12
        ec-1.3.36.3.3.2.8.1.1.2.p12
        ec-1.2.840.10045.3.1.6.p12
        ec-1.2.840.10045.3.0.18.p12
        ec-1.2.840.10045.3.0.1.p12
        ec-1.3.132.0.24.p12
        ec-1.3.132.0.3.p12
        ec-1.3.132.0.6.p12
        ec-1.3.36.3.3.2.8.1.1.12.p12
        ec-1.3.36.3.3.2.8.1.1.13.p12
        ec-1.2.840.10045.3.0.19.p12
        rsa-1024-0x100000001.p12
        rsa-4096-0x10001.p12
        ec-1.3.132.0.22.p12
        ec-1.3.132.0.32.p12
        ec-1.3.132.0.7.p12
        ec-1.3.132.0.1.p12
        ec-1.2.840.10045.3.1.3.p12
        ec-1.3.36.3.3.2.8.1.1.1.p12
        ec-1.3.132.0.39.p12
        rsa-1024-0x10001.p12
        rsa-2048-0x100000001.p12
        ec-1.2.840.10045.3.0.10.p12
        ec-1.2.840.10045.3.0.17.p12
        rsa-1024-0x10000000000000001.p12
        ec-1.3.132.0.17.p12
        ec-1.3.132.0.31.p12
        rsa-3072-0x100000001.p12
        rsa-3072-0x10000000000000001.p12
        ec-1.3.36.3.3.2.8.1.1.11.p12
        ec-1.3.36.3.3.2.8.1.1.3.p12
        ec-1.3.132.0.25.p12
        ec-1.3.132.0.37.p12
        ec-1.3.132.0.23.p12
        ec-1.2.840.10045.3.1.5.p12
      - java
        org
        xipki
        qa
        security
        P11KeyGenSpeed.java
        P12SignSpeed.java
        P12KeyGenSpeed.java
        P11SignSpeed.java
        package-info.java
        ca
        QaconfType.java
        CaEnrollBenchKeyEntry.java
        SubjectChecker.java
        CaEnrollBenchmark.java
        IssuerInfo.java
        package-info.java
        CertprofileQa.java
        CaEnrollBenchEntry.java
        CaQaSystemManager.java
        QaExtensionValue.java
        ExtensionsChecker.java
        PublicKeyChecker.java
        CaQaSystemManagerImpl.java
        ValidationIssue.java
        RangeBigIntegerIterator.java
        ocsp
        OcspBenchRequestor.java
        OcspResponseOption.java
        OcspError.java
        OcspQa.java
        package-info.java
        OcspCertStatus.java
        OcspBenchmark.java
        package-info.java
        ValidationResult.java
        BigIntegerRange.java
        FileBigIntegerIterator.java
        BenchmarkHttpClient.java
  - pom.xml
- commands.md
- .gitignore
- scep-client
  - src
    - main
      - java
        org
        xipki
        scep
        transaction
        CaCapability.java
        PkiStatus.java
        Nonce.java
        Operation.java
        TransactionId.java
        package-info.java
        FailInfo.java
        MessageType.java
        TransactionException.java
        client
        Client.java
        CaIdentifier.java
        package-info.java
        ScepClient.java
        EnrolmentResponse.java
        ScepClientException.java
        ScepHttpResponse.java
        CaCertValidator.java
        util
        ScepUtil.java
        ScepConstants.java
        package-info.java
        message
        PkiMessage.java
        CaCaps.java
        DecodedPkiMessage.java
        DecodedNextCaMessage.java
        CertificateValidator.java
        IssuerAndSubject.java
        MessageDecodingException.java
        EnvelopedDataDecryptor.java
        NextCaMessage.java
        AuthorityCertStore.java
        package-info.java
        ScepObjectIdentifiers.java
        MessageEncodingException.java
    - test
      - java
        org
        xipki
        scep
        client
        test
        CaWithoutRaTest.java
        MyUtil.java
        DESOnlyCaTest.java
        HttpGetOnlyCaTest.java
        AbstractCaTest.java
        package-info.java
        CaTest.java
        NoCmsSignerCertCaTest.java
        serveremulator
        AuditEvent.java
        CaException.java
        NextCaAndRa.java
        ScepServlet.java
        CaEmulator.java
        ScepServerContainer.java
        package-info.java
        RaEmulator.java
        ScepResponder.java
        ScepControl.java
        ScepServer.java
  - pom.xml
- assemblies
  - xipki-qa
    - src
      - main
        filtered
        lib
        jdbc
        features.xml
        unfiltered
        xipki
        ctlog
        dummy-ctlog-ec-pubkey.pem
        dummy-ctlog-rsa-pubkey.pem
        cmpclient
        template.cmpclient-mac.json
        template.cmpclient-signature.json
        etc
        ca
        ca.json
        ocsp
        template.ocsp-responder.json
        ca-qa
        qa-certcheck-conf.json
        qa-benchmark-conf.json
        qa
        lifecycle.script
        cab
        template.subca.json
        lifecycle.script
        template.rootca.json
        template.cmpclient.json
        template.ra.script
        initdb.script
        template.ca-load.script
        extensions
        extensions-syntax-ext-implicit-tag.json
        extensions-gmt0015.json
        extensions-syntax-ext-explicit-tag.json
        extensions-syntax-ext.json
        extensions-apple-wwdr.json
        extensions-ee-complex.json
        keys
        crlsigner.p12
        dhpoc_certs.pem
        dhpoc.p12
        template.rest.script
        qa.d
        template.subca.json
        template.rootca.json
        template.subcawithcrl.json
        template.ra.script
        prepare-keys.script
        scep-server.script
        initdb.script
        template.ca-load.script
        template.ca.script
        main.script
        certprofile
        certprofile-subca.json
        certprofile-cab-individual-validated.json
        certprofile-tls-c.json
        certprofile-tls.json
        certprofile-syntax-ext-implicit-tag.json
        certprofile-cab-rootca.json
        certprofile-constant-ext-explicit-tag.json
        certprofile-apple-wwdr.json
        certprofile-x25519.json
        certprofile-cab-subca.json
        certprofile-ee-complex.json
        certprofile-x448.json
        certprofile-multi-valued-rdn.json
        certprofile-syntax-ext.json
        certprofile-cross.json
        certprofile-scep.json
        certprofile-ed25519.json
        certprofile-extended.json
        certprofile-qc.json
        certprofile-cab-org-validated.json
        certprofile-fixed-partial-subject.json
        certprofile-ed448.json
        certprofile-multiple-ous.json
        certprofile-subca-complex.json
        certprofile-constant-ext-implicit-tag.json
        certprofile-smime-legacy.json
        certprofile-ocsp.json
        certprofile-constant-ext.json
        certprofile-smime.json
        certprofile-gmt0015.json
        certprofile-max-time.json
        certprofile-rootca.json
        certprofile-cab-domain-validated.json
        certprofile-syntax-ext-explicit-tag.json
        benchmark.script
        setenv.script
        scep.script
        ocsp.script
        main-mgmt.script
        camgmt-qa.script
        p12
        ec
        ee-complex2.p12
        ee-complex1.p12
        gmt0015_1.p12
        smime-legacy1.p12
        tls2.p12
        tls1.p12
        multi-valued-rdn1.p12
        apple-wwdr1.p12
        tls-c1.p12
        multiple-ous1.p12
        rest-tls1.p12
        syntax-ext-explicit-tag1.p12
        fixed-partial-subject2.p12
        smime1.p12
        ocsp1.p12
        fixed-partial-subject1.p12
        syntax-ext-implicit-tag1.p12
        cab-individual-validated1.p12
        gmt0015_2.p12
        tls-neg.p12
        ocsp2.p12
        cross1.p12
        tls-c2.p12
        syntax-ext1.p12
        cab-domain-validated1.p12
        constant-ext-implicit-tag1.p12
        qc1.p12
        cab-org-validated2.p12
        constant-ext1.p12
        constant-ext-explicit-tag1.p12
        cab-individual-validated2.p12
        cab-org-validated1.p12
        cab-domain-validated2.p12
        multiple-ous2.p12
        max-time1.p12
        sm2
        ee-complex2.p12
        ee-complex1.p12
        gmt0015_1.p12
        smime-legacy1.p12
        tls2.p12
        tls1.p12
        multi-valued-rdn1.p12
        apple-wwdr1.p12
        tls-c1.p12
        multiple-ous1.p12
        rest-tls1.p12
        syntax-ext-explicit-tag1.p12
        fixed-partial-subject2.p12
        smime1.p12
        ocsp1.p12
        fixed-partial-subject1.p12
        syntax-ext-implicit-tag1.p12
        cab-individual-validated1.p12
        gmt0015_2.p12
        tls-neg.p12
        ocsp2.p12
        cross1.p12
        tls-c2.p12
        syntax-ext1.p12
        cab-domain-validated1.p12
        constant-ext-implicit-tag1.p12
        qc1.p12
        cab-org-validated2.p12
        constant-ext1.p12
        constant-ext-explicit-tag1.p12
        cab-individual-validated2.p12
        cab-org-validated1.p12
        cab-domain-validated2.p12
        multiple-ous2.p12
        max-time1.p12
        dsa
        ee-complex2.p12
        ee-complex1.p12
        gmt0015_1.p12
        smime-legacy1.p12
        tls2.p12
        tls1.p12
        multi-valued-rdn1.p12
        apple-wwdr1.p12
        tls-c1.p12
        multiple-ous1.p12
        rest-tls1.p12
        syntax-ext-explicit-tag1.p12
        fixed-partial-subject2.p12
        smime1.p12
        ocsp1.p12
        fixed-partial-subject1.p12
        syntax-ext-implicit-tag1.p12
        cab-individual-validated1.p12
        gmt0015_2.p12
        tls-neg.p12
        ocsp2.p12
        cross1.p12
        tls-c2.p12
        syntax-ext1.p12
        cab-domain-validated1.p12
        constant-ext-implicit-tag1.p12
        qc1.p12
        cab-org-validated2.p12
        constant-ext1.p12
        constant-ext-explicit-tag1.p12
        cab-individual-validated2.p12
        cab-org-validated1.p12
        cab-domain-validated2.p12
        multiple-ous2.p12
        max-time1.p12
        rsa
        ee-complex2.p12
        ee-complex1.p12
        gmt0015_1.p12
        smime-legacy1.p12
        tls2.p12
        tls1.p12
        multi-valued-rdn1.p12
        apple-wwdr1.p12
        tls-c1.p12
        multiple-ous1.p12
        rest-tls1.p12
        syntax-ext-explicit-tag1.p12
        fixed-partial-subject2.p12
        smime1.p12
        ocsp1.p12
        fixed-partial-subject1.p12
        syntax-ext-implicit-tag1.p12
        cab-individual-validated1.p12
        gmt0015_2.p12
        tls-neg.p12
        ocsp2.p12
        cross1.p12
        tls-c2.p12
        syntax-ext1.p12
        cab-domain-validated1.p12
        constant-ext-implicit-tag1.p12
        qc1.p12
        cab-org-validated2.p12
        constant-ext1.p12
        constant-ext-explicit-tag1.p12
        cab-individual-validated2.p12
        cab-org-validated1.p12
        cab-domain-validated2.p12
        multiple-ous2.p12
        max-time1.p12
        shared
        scep1.p12
        scep-ocsp2.p12
        scep-ocsp1-2.p12
        scep-ocsp1.p12
        genkeys.script
        ca-qa.script
        tools
        cmpclient.json
        main.script
        certprofile
        certprofile-tls-ed25519.json
        certprofile-tls-rsa.json
        certprofile-tls-x25519.json
        certprofile-tls-dsa-ec.json
        certprofile-rootca.json
        certprofile-tls-ed448.json
        certprofile-tls-x448.json
        gencerts.script
        template.ca-conf.json
        rest.sh
        eddsa
        template.subca.json
        lifecycle.script
        qa.script
        cmpclient.json
        ra.script
        template.rootca.json
        prepare-keys.script
        initdb.script
        template.ca-load.script
        reimport.script
        descriptors
        main.xml
    - pom.xml
    - README.md
  - ca-war
    - src
      - assembly
        unfiltered
        xipki
        etc
        ca
        database
        h2
        ca-db.properties
        ocsp-db.properties
        hsqldb
        ca-db.properties
        ocsp-db.properties
        oracle
        ca-db.properties
        ocsp-db.properties
        mysql
        ca-db.properties
        ocsp-db.properties
        pgsql
        ca-db.properties
        ocsp-db.properties
        mariadb
        ca-db.properties
        ocsp-db.properties
        db2
        ca-db.properties
        ocsp-db.properties
        ca.json
        audit.syslog.cfg
        descriptors
        main.xml
    - pom.xml
    - README.md
  - ocsp-war
    - src
      - assembly
        unfiltered
        xipki
        crls
        template
        crl-mycrl1
        UPDATEME
        README
        REVOCATION
        crl.url
        README
        etc
        ocsp
        database
        h2
        ocsp-cache-db.properties
        ocsp-crl-db.properties
        ca-db.properties
        ocsp-db.properties
        hsqldb
        ocsp-cache-db.properties
        ocsp-crl-db.properties
        ca-db.properties
        ocsp-db.properties
        oracle
        ocsp-cache-db.properties
        ocsp-crl-db.properties
        ca-db.properties
        ocsp-db.properties
        mysql
        ocsp-cache-db.properties
        ocsp-crl-db.properties
        ca-db.properties
        ocsp-db.properties
        pgsql
        ocsp-cache-db.properties
        ocsp-crl-db.properties
        ca-db.properties
        ocsp-db.properties
        mariadb
        ocsp-cache-db.properties
        ocsp-crl-db.properties
        ca-db.properties
        ocsp-db.properties
        db2
        ocsp-cache-db.properties
        ocsp-crl-db.properties
        ca-db.properties
        ocsp-db.properties
        example
        crl-store
        ocsp-responder.json
        ejbca-store
        ocsp-responder.json
        xipki-ca-db-store
        ocsp-responder.json
        xipki-db-store
        ocsp-responder.json
        ocsp.json
        keycerts
        ocsp1.p12
        descriptors
        main.xml
    - pom.xml
    - README.md
  - pom.xml
  - xipki-cli
    - src
      - main
        filtered
        etc
        branding.properties
        branding-ssh.properties
        patchkaraf
        org.ops4j.pax.logging.cfg.patch
        unfiltered
        xipki
        ca-setup
        configure-ocsp.script
        cacert-present
        setup-ec-p12.script
        README
        setup-dsa-p12.script
        setup-ec-yubikey.script
        setup-sm2-p11.script
        setup-sm2-p12.script
        setup-dsa-p11.script
        setup-ec-p11.script
        setup-rsa-p11.script
        template.ca-conf.json
        setup-rsa-p12.script
        certprofile
        certprofile-subca.json
        certprofile-tls-c.json
        certprofile-tls.json
        certprofile-scep.json
        certprofile-ocsp.json
        certprofile-smime.json
        certprofile-rootca.json
        cacert-none
        setup-ec-p12.script
        README
        setup-dsa-p12.script
        setup-ec-yubikey.script
        setup-sm2-p11.script
        setup-sm2-p12.script
        configure-ca.script
        setup-dsa-p11.script
        setup-ec-p11.script
        setup-rsa-p11.script
        template.ca-conf.json
        setup-rsa-p12.script
        client-script
        cmp-client.script
        scep-client.script
        rest-client.script
        rest.sh
        cmpclient
        cmpclient-mac.json
        cmpclient-signature.json
        etc
        org.xipki.shell.curl.cfg
        org.xipki.ca.mgmt.client.cfg
        org.xipki.ocsp.mgmt.client.cfg
        org.xipki.password.cfg
        org.xipki.cmpclient.cfg
        org.xipki.ocsp.client.cfg
        custom.properties
        org.xipki.security.cfg
        custom.system.properties
        descriptors
        main.xml
    - pom.xml
  - p11proxy-war
    - src
      - assembly
        unfiltered
        xipki
        etc
        p11proxy
        p11proxy.json
        descriptors
        main.xml
    - pom.xml
    - README.md
  - features
    - pom.xml
    - cli
      - src
        main
        filtered
        features.xml
      - pom.xml
    - qa
      - src
        main
        filtered
        features.xml
      - pom.xml
  - shared
    - dbtool
      - lib
        log4j2.properties
      - bin
        initdb.bat
        initdb.sh
    - license
      - bouncycastle-LICENSE.txt
      - Apache-License-v2.txt
      - iaikPKCS11Wrapper-LICENSE.txt
    - conf
      - tomcat
        bin
        setenv.bat
        setenv.sh
      - xipki
        security
        masterpassword.secret
        example
        pkcs11-emulator.json
        pkcs11-proxy.json
        pkcs11-yubikey.json
        pkcs11-hsm.json
- doc
  - database
    - misc
    - Perf-MySQL.md
    - db-sequence.txt
  - dev-env
    - xipki_google_checks.xml
    - eclipse-java-google-style.xml
    - README.md
  - git
    - git-commands.md
  - standards
    - etsi
    - public-tls
      - rfc6962.txt
    - misc
    - pkcs
    - commonpki
    - ietf
      - cms-rfc5652.txt
      - ocsp-rfc2560.txt
      - est-rfc7030.txt
      - x509-rfc6962.txt
      - notes.txt
      - cmc-rfc5274.txt
      - draft-gutmann-scep-00.txt
      - x509-rfc4262.txt
      - cmc-rfc6402.txt
      - dh-poc-rfc6955.txt
      - edwards-rfc8410.txt
      - x509-rfc7633.txt
      - cmp-rfc4211.txt
      - cmc-rfc5273.txt
      - draft-nourse-scep-23.txt
      - ocsp-rfc6960.txt
      - edwards-rfc8032.txt
      - cmc-rfc5272.txt
      - x509-rfc3739.txt
      - edwards-rfc7748.txt
      - pkcs5-rfc8018.txt
- ocsp-servlet
  - src
    - main
      - resources
        log4j2.properties
      - java
        org
        xipki
        ocsp
        servlet
        OcspConf.java
        TlsHelper.java
        HttpMgmtServlet.java
        OcspServletFilter.java
        package-info.java
        HealthCheckServlet.java
        OcspServlet.java
      - webapp
        META-INF
        MANIFEST.MF
        WEB-INF
        web.xml
  - pom.xml
- certprofile-xijson
  - src
    - main
      - java
        org
        xipki
        ca
        certprofile
        xijson
        QcStatementOption.java
        AdmissionExtension.java
        CertificatePolicyInformation.java
        NotBeforeOption.java
        MonetaryValueOption.java
        SubjectDirectoryAttributesControl.java
        BiometricInfoOption.java
        XijsonCertprofile.java
        DirectoryStringType.java
        package-info.java
        ExtensionSyntaxChecker.java
        CertificatePolicyQualifier.java
        conf
        AlgorithmType.java
        X509ProfileType.java
        GeneralSubtreeType.java
        Subject.java
        CertificatePolicyInformationType.java
        GeneralNameType.java
        SubjectToSubjectAltNameType.java
        ExtensionType.java
        KeyParametersType.java
        package-info.java
        KeypairGenerationType.java
        Describable.java
        QcStatementType.java
        CertprofileFactoryImpl.java
    - test
      - java
        org
        xipki
        ca
        certprofile
        test
        ProfileConfCreatorDemo.java
        DummyMain.java
  - pom.xml

/*
 *
 * Copyright (c) 2013 - 2020 Lijun Liao
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.xipki.ca.mgmt.db.port;

import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.charset.Charset;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.nio.file.StandardOpenOption;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.LinkedList;
import java.util.List;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.zip.ZipEntry;
import java.util.zip.ZipOutputStream;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.datasource.DataAccessException;
import org.xipki.datasource.DataSourceWrapper;
import org.xipki.util.Args;
import org.xipki.util.IoUtil;
import org.xipki.util.ProcessLog;
import org.xipki.util.StringUtil;

import com.alibaba.fastjson.JSON;

/**
 * Database exporter of OCSP CertStore.
 *
 * @author Lijun Liao
 * @since 2.0.0
 */

class OcspCertstoreDbExporter extends DbPorter {

  public static final String PROCESS_LOG_FILENAME = "export.process";

  private static final Logger LOG = LoggerFactory.getLogger(OcspCertstoreDbExporter.class);

  private final int numCertsInBundle;

  private final int numCertsPerSelect;

  private final boolean resume;

  OcspCertstoreDbExporter(DataSourceWrapper datasource, String baseDir, int numCertsInBundle,
      int numCertsPerSelect, boolean resume, AtomicBoolean stopMe) throws Exception {
    super(datasource, baseDir, stopMe);

    this.numCertsInBundle = Args.positive(numCertsInBundle, "numCertsInBundle");
    this.numCertsPerSelect = Args.positive(numCertsPerSelect, "numCertsPerSelect");

    if (resume) {
      File processLogFile = new File(baseDir, PROCESS_LOG_FILENAME);
      if (!processLogFile.exists()) {
        throw new Exception("could not process with '--resume' option");
      }
    }
    this.resume = resume;
  } // constructor

  public void export() throws Exception {
    OcspCertstore certstore;
    if (resume) {
      try (InputStream is = Files.newInputStream(Paths.get(baseDir, FILENAME_OCSP_CERTSTORE))) {
        certstore = JSON.parseObject(is, OcspCertstore.class);
      }
      certstore.validate();

      if (certstore.getVersion() > VERSION) {
        throw new Exception("could not continue with Certstore greater than " + VERSION
            + ": " + certstore.getVersion());
      }
    } else {
      certstore = new OcspCertstore();
      certstore.setVersion(VERSION);
    }
    System.out.println("exporting OCSP certstore from database");

    if (!resume) {
      exportHashAlgo(certstore);
      exportIssuer(certstore);
      exportCrlInfo(certstore);
    }

    File processLogFile = new File(baseDir, PROCESS_LOG_FILENAME);
    Exception exception = exportCert(certstore, processLogFile);

    try (OutputStream os = Files.newOutputStream(Paths.get(baseDir, FILENAME_OCSP_CERTSTORE))) {
      JSON.writeJSONString(os, certstore);
    }

    if (exception == null) {
      System.out.println(" exported OCSP certstore from database");
    } else {
      throw exception;
    }
  } // method export

  private void exportHashAlgo(OcspCertstore certstore) throws DataAccessException {
    String certHashAlgoStr = dbSchemaInfo.getVariableValue("CERTHASH_ALGO");
    if (certHashAlgoStr == null) {
      throw new DataAccessException("CERTHASH_ALGO is not defined in table DBSCHEMA");
    }

    certstore.setCerthashAlgo(certHashAlgoStr);
  } // method exportHashAlgo

  private void exportIssuer(OcspCertstore certstore) throws DataAccessException, IOException {
    System.out.println("exporting table ISSUER");
    List<OcspCertstore.Issuer> issuers = new LinkedList<>();
    certstore.setIssuers(issuers);
    final String sql = "SELECT ID,CERT,REV_INFO,CRL_ID FROM ISSUER";

    Statement stmt = null;
    ResultSet rs = null;

    try {
      stmt = createStatement();
      rs = stmt.executeQuery(sql);

      while (rs.next()) {
        int id = rs.getInt("ID");

        OcspCertstore.Issuer issuer = new OcspCertstore.Issuer();
        issuer.setId(id);

        String certFileName = "issuer-conf/cert-issuer-" + id;
        IoUtil.save(new File(baseDir, certFileName), StringUtil.toUtf8Bytes(rs.getString("CERT")));
        issuer.setCertFile(certFileName);
        issuer.setRevInfo(rs.getString("REV_INFO"));

        int crlId = rs.getInt("CRL_ID");
        if (crlId != 0) {
          issuer.setCrlId(crlId);
        }

        issuers.add(issuer);
      }
    } catch (SQLException ex) {
      throw translate(sql, ex);
    } finally {
      releaseResources(stmt, rs);
    }

    System.out.println(" exported table ISSUER");
  } // method exportIssuer

  private void exportCrlInfo(OcspCertstore certstore) throws DataAccessException, IOException {
    System.out.println("exporting table CRL_INFO");
    List<OcspCertstore.CrlInfo> crlInfos = new LinkedList<>();
    certstore.setCrlInfos(crlInfos);
    final String sql = "SELECT ID,NAME,INFO FROM CRL_INFO";

    Statement stmt = null;
    ResultSet rs = null;

    try {
      stmt = createStatement();
      rs = stmt.executeQuery(sql);

      while (rs.next()) {
        OcspCertstore.CrlInfo crlInfo = new OcspCertstore.CrlInfo();
        crlInfo.setId(rs.getInt("ID"));
        crlInfo.setName(rs.getString("NAME"));
        crlInfo.setInfo(rs.getString("INFO"));

        crlInfos.add(crlInfo);
      }
    } catch (SQLException ex) {
      throw translate(sql, ex);
    } finally {
      releaseResources(stmt, rs);
    }

    System.out.println(" exported table CRL_INFO");
  } // method exportCrlInfo

  private Exception exportCert(OcspCertstore certstore, File processLogFile) {
    new File(baseDir, OcspDbEntryType.CERT.getDirName()).mkdirs();

    OutputStream certsFileOs = null;

    try {
      certsFileOs = Files.newOutputStream(
          Paths.get(baseDir, OcspDbEntryType.CERT.getDirName() + ".mf"),
          StandardOpenOption.CREATE, StandardOpenOption.APPEND);
      exportCert0(certstore, processLogFile, certsFileOs);
      return null;
    } catch (Exception ex) {
      // delete the temporary files
      deleteTmpFiles(baseDir, "tmp-certs-");
      System.err.println("\nexporting table CERT has been cancelled due to error,\n"
          + "please continue with the option '--resume'");
      LOG.error("Exception", ex);
      return ex;
    } finally {
      IoUtil.closeQuietly(certsFileOs);
    }
  } // method exportCert

  private void exportCert0(OcspCertstore certstore, File processLogFile, OutputStream certsFileOs)
      throws Exception {
    File certsDir = new File(baseDir, OcspDbEntryType.CERT.getDirName());
    Long minId = null;
    if (processLogFile.exists()) {
      byte[] content = IoUtil.read(processLogFile);
      if (content != null && content.length > 0) {
        minId = Long.parseLong(new String(content).trim());
        minId++;
      }
    }

    if (minId == null) {
      minId = min("CERT", "ID");
    }

    System.out.println("exporting table CERT from ID " + minId);

    final String coreSql = "ID,SN,IID,LUPDATE,REV,RR,RT,RIT,NAFTER,NBEFORE,HASH,SUBJECT,CRL_ID "
        + "FROM CERT WHERE ID>=?";
    final String certSql = datasource.buildSelectFirstSql(numCertsPerSelect, "ID ASC", coreSql);

    final long maxId = max("CERT", "ID");

    int numProcessedBefore = certstore.getCountCerts();
    final long total = count("CERT") - numProcessedBefore;
    ProcessLog processLog = new ProcessLog(total);

    PreparedStatement certPs = prepareStatement(certSql);

    int sum = 0;
    int numCertInCurrentFile = 0;

    OcspCertstore.Certs certsInCurrentFile = new OcspCertstore.Certs();

    File currentCertsZipFile = new File(baseDir,
        "tmp-certs-" + System.currentTimeMillis() + ".zip");
    ZipOutputStream currentCertsZip = getZipOutputStream(currentCertsZipFile);

    long minCertIdOfCurrentFile = -1;
    long maxCertIdOfCurrentFile = -1;

    processLog.printHeader();

    String sql = null;
    Long id = null;

    try {
      boolean interrupted = false;

      long lastMaxId = minId - 1;

      while (true) {
        if (stopMe.get()) {
          interrupted = true;
          break;
        }

        sql = certSql;
        certPs.setLong(1, lastMaxId + 1);

        ResultSet rs = certPs.executeQuery();

        if (!rs.next()) {
          break;
        }

        do {
          id = rs.getLong("ID");
          if (lastMaxId < id) {
            lastMaxId = id;
          }

          if (minCertIdOfCurrentFile == -1) {
            minCertIdOfCurrentFile = id;
          } else if (minCertIdOfCurrentFile > id) {
            minCertIdOfCurrentFile = id;
          }

          if (maxCertIdOfCurrentFile == -1) {
            maxCertIdOfCurrentFile = id;
          } else if (maxCertIdOfCurrentFile < id) {
            maxCertIdOfCurrentFile = id;
          }

          OcspCertstore.Cert cert = new OcspCertstore.Cert();

          cert.setId(id);

          cert.setIid(rs.getInt("IID"));
          cert.setSn(rs.getString("SN"));
          cert.setUpdate(rs.getLong("LUPDATE"));

          boolean revoked = rs.getBoolean("REV");
          cert.setRev(revoked);

          if (revoked) {
            cert.setRr(rs.getInt("RR"));
            cert.setRt(rs.getLong("RT"));
            long rit = rs.getLong("RIT");
            if (rit != 0) {
              cert.setRit(rit);
            }
          }

          String hash = rs.getString("HASH");
          if (hash != null) {
            cert.setHash(hash);
          }

          String subject = rs.getString("SUBJECT");
          if (subject != null) {
            cert.setSubject(subject);
          }

          long nafter = rs.getLong("NAFTER");
          if (nafter != 0) {
            cert.setNafter(nafter);
          }

          long nbefore = rs.getLong("NBEFORE");
          if (nbefore != 0) {
            cert.setNbefore(nbefore);
          }

          int crlId = rs.getInt("CRL_ID");
          if (crlId != 0) {
            cert.setCrlId(crlId);
          }

          certsInCurrentFile.add(cert);
          numCertInCurrentFile++;
          sum++;

          if (numCertInCurrentFile == numCertsInBundle) {
            finalizeZip(currentCertsZip, certsInCurrentFile);

            String currentCertsFilename = buildFilename("certs_", ".zip",
                minCertIdOfCurrentFile, maxCertIdOfCurrentFile, maxId);
            currentCertsZipFile.renameTo(new File(certsDir, currentCertsFilename));

            writeLine(certsFileOs, currentCertsFilename);
            certstore.setCountCerts(numProcessedBefore + sum);
            echoToFile(Long.toString(id), processLogFile);

            processLog.addNumProcessed(numCertInCurrentFile);
            processLog.printStatus();

            // reset
            certsInCurrentFile = new OcspCertstore.Certs();
            numCertInCurrentFile = 0;
            minCertIdOfCurrentFile = -1;
            maxCertIdOfCurrentFile = -1;
            currentCertsZipFile = new File(baseDir,
                "tmp-certs-" + System.currentTimeMillis() + ".zip");
            currentCertsZip = getZipOutputStream(currentCertsZipFile);
          } // end if
        } while (rs.next());

        rs.close();
      } // end for

      if (interrupted) {
        throw new InterruptedException("interrupted by the user");
      }

      if (numCertInCurrentFile > 0) {
        finalizeZip(currentCertsZip, certsInCurrentFile);

        String currentCertsFilename = buildFilename("certs_", ".zip",
            minCertIdOfCurrentFile, maxCertIdOfCurrentFile, maxId);
        currentCertsZipFile.renameTo(new File(certsDir, currentCertsFilename));

        writeLine(certsFileOs, currentCertsFilename);
        certstore.setCountCerts(numProcessedBefore + sum);
        if (id != null) {
          echoToFile(Long.toString(id), processLogFile);
        }

        processLog.addNumProcessed(numCertInCurrentFile);
      } else {
        currentCertsZip.close();
        currentCertsZipFile.delete();
      }
    } catch (SQLException ex) {
      throw translate(sql, ex);
    } finally {
      releaseResources(certPs, null);
    }

    processLog.printTrailer();
    // all successful, delete the processLogFile
    processLogFile.delete();

    System.out.println(" exported " + processLog.numProcessed() + " certificates from tables CERT");
  } // method exportCert0

  private void finalizeZip(ZipOutputStream zipOutStream, OcspCertstore.Certs certs)
      throws IOException {
    ZipEntry certZipEntry = new ZipEntry("certs.json");
    zipOutStream.putNextEntry(certZipEntry);
    try {
      JSON.writeJSONString(zipOutStream, Charset.forName("UTF-8"), certs);
    } finally {
      zipOutStream.closeEntry();
    }

    zipOutStream.close();
  } // method finalizeZip

}