diff options
author | Christina Fu <cfu@redhat.com> | 2017-03-17 11:49:41 -0700 |
---|---|---|
committer | Christina Fu <cfu@redhat.com> | 2017-03-17 16:11:18 -0700 |
commit | 9054186e8d66fbdd023d95ae375aa13feaf905ee (patch) | |
tree | 736eeb6b80e7d456e18b071c5c64813650befd8c /base/ca | |
parent | d06e291b25087dfd4cd70e6f97e2c0f4f84bd121 (diff) | |
download | pki-9054186e8d66fbdd023d95ae375aa13feaf905ee.tar.gz pki-9054186e8d66fbdd023d95ae375aa13feaf905ee.tar.xz pki-9054186e8d66fbdd023d95ae375aa13feaf905ee.zip |
pagure#2605 CMC feature: id-cmc-identityProofV2 per rfc5272 (part 1)
This patch provides methods that can be shared between the CA and the ISharedToken plugins:
1. the convenience routines for quick encryption, decryption, hashing methods that take default algorithms.
2. The establishment of Issuance Protection Certificate
Diffstat (limited to 'base/ca')
-rw-r--r-- | base/ca/src/com/netscape/ca/CertificateAuthority.java | 61 |
1 files changed, 60 insertions, 1 deletions
diff --git a/base/ca/src/com/netscape/ca/CertificateAuthority.java b/base/ca/src/com/netscape/ca/CertificateAuthority.java index 7ad40a9f6..d8f3cfc4f 100644 --- a/base/ca/src/com/netscape/ca/CertificateAuthority.java +++ b/base/ca/src/com/netscape/ca/CertificateAuthority.java @@ -305,6 +305,11 @@ public class CertificateAuthority protected Hashtable<String, ListenerPlugin> mListenerPlugins = null; + // for CMC shared secret operations + protected X509Certificate mIssuanceProtCert = null; + protected PublicKey mIssuanceProtPubKey = null; + protected PrivateKey mIssuanceProtPrivKey = null; + /** * Internal constants */ @@ -606,16 +611,70 @@ public class CertificateAuthority CMS.debug("CertificateAuthority: finished init of host authority"); } + + // set up CA Issuance Protection Cert + if (initSigUnitSucceeded) + initIssuanceProtectionCert(); } catch (EBaseException e) { CMS.debug(e); if (CMS.isPreOpMode()) { - CMS.debug("CertificateAuthority.init(): Swallow exception in pre-op mode"); + CMS.debug("CertificateAuthority: Swallow exception in pre-op mode"); return; } throw e; } } + /** + * initIssuanceProtectionCert sets the CA Issuance Protection cert + */ + private void initIssuanceProtectionCert() + throws EBaseException { + String method = "CertificateAuthority: initIssuanceProtectionCert: "; + CryptoManager cManager = null; + + String name = null; + String defaultName = "cert.subsystem.nickname"; + String certNickName = null; + try { + cManager = CryptoManager.getInstance(); + name = "cert.issuance_protection.nickname"; + CMS.debug(method + " about to look for CA Issuance Protection cert: "+ + name); + certNickName = mConfig.getString(name); + } catch (EBaseException e) { + CMS.debug(method + name + " not found; use defaultName : " + defaultName ); + name = defaultName ; + certNickName = mConfig.getString(name); + } catch (Exception e) { + throw new EBaseException(method + e); + } + CMS.debug(method + "found nickname: "+ certNickName); + + try { + mIssuanceProtCert = cManager.findCertByNickname(certNickName); + if (mIssuanceProtCert != null) { + CMS.debug(method + " found CA Issuance Protection cert:" + certNickName); + mIssuanceProtPubKey = mIssuanceProtCert.getPublicKey(); + mIssuanceProtPrivKey = cManager.getInstance().findPrivKeyByCert(mIssuanceProtCert); + } + } catch (Exception e) { + throw new EBaseException(method + e); + } + } + + public PublicKey getIssuanceProtPubKey() { + return mIssuanceProtPubKey; + } + + public PrivateKey getIssuanceProtPrivKey() { + return mIssuanceProtPrivKey; + } + + public X509Certificate getIssuanceProtCert() { + return mIssuanceProtCert; + } + private void checkForNewerCert() throws EBaseException { if (authoritySerial == null) return; |