diff options
author | Endi S. Dewata <edewata@redhat.com> | 2017-06-30 22:59:16 +0200 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2017-07-07 01:36:49 +0200 |
commit | 1634a18d391b1aad9ce4aeadb3a8989c0e168b66 (patch) | |
tree | 7123c1e5d255e9a665045f91c71f823ed20c9708 /base/server/cms/src/com/netscape/cms | |
parent | 2dd97bf5569974fc7cc5a65c863594d176a0a346 (diff) | |
download | pki-1634a18d391b1aad9ce4aeadb3a8989c0e168b66.tar.gz pki-1634a18d391b1aad9ce4aeadb3a8989c0e168b66.tar.xz pki-1634a18d391b1aad9ce4aeadb3a8989c0e168b66.zip |
Refactored CertUtil.createLocalRequest().
The code that sets the certificate request extra data has been
moved into CertUtil.createLocalRequest().
The incorrect profile ID in subsystemCert.profile has been fixed.
https://pagure.io/dogtagpki/issue/2280
Change-Id: Ic76ac3dfcbf0c4ab95abea0680697d87f00f292b
Diffstat (limited to 'base/server/cms/src/com/netscape/cms')
-rw-r--r-- | base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java | 109 |
1 files changed, 62 insertions, 47 deletions
diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java index 827b71a2a..005e95361 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java +++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java @@ -266,20 +266,30 @@ public class CertUtil { /* * create requests so renewal can work on these initial certs */ - public static IRequest createLocalRequest(IRequestQueue queue, String serialNum, X509CertInfo info) - throws EBaseException { + public static IRequest createLocalRequest( + IConfigStore cs, + IRequestQueue queue, + String tag, + CertInfoProfile profile, + X509CertInfo info, + X509Key x509key) + throws Exception { + // RequestId rid = new RequestId(serialNum); // just need a request, no need to get into a queue // IRequest r = new EnrollmentRequest(rid); - CMS.debug("CertUtil: createLocalRequest for serial: " + serialNum); + + CMS.debug("CertUtil.createLocalRequest(" + tag + ")"); + IRequest req = queue.newRequest("enrollment"); - CMS.debug("certUtil: newRequest called"); + req.setExtData("profile", "true"); req.setExtData("requestversion", "1.0.0"); req.setExtData("req_seq_num", "0"); + req.setExtData(IEnrollProfile.REQUEST_CERTINFO, info); - req.setExtData(IEnrollProfile.REQUEST_EXTENSIONS, - new CertificateExtensions()); + req.setExtData(IEnrollProfile.REQUEST_EXTENSIONS, new CertificateExtensions()); + req.setExtData("requesttype", "enrollment"); req.setExtData("requestor_name", ""); req.setExtData("requestor_email", ""); @@ -290,6 +300,37 @@ public class CertUtil { req.setExtData("isencryptioncert", "false"); req.setExtData("profileapprovedby", "system"); + Boolean injectSAN = cs.getBoolean("service.injectSAN", false); + CMS.debug("createLocalCert: inject SAN: " + injectSAN); + + if (tag.equals("sslserver") && injectSAN) { + injectSANextensionIntoRequest(cs, req); + } + + req.setExtData("req_key", x509key.toString()); + + String origProfileID = profile.getID(); + int idx = origProfileID.lastIndexOf('.'); + if (idx > 0) { + origProfileID = origProfileID.substring(0, idx); + } + + // store original profile id in cert request + req.setExtData("origprofileid", origProfileID); + + // store mapped profile ID for use in renewal + req.setExtData("profileid", profile.getProfileIDMapping()); + req.setExtData("profilesetid", profile.getProfileSetIDMapping()); + + if (!tag.equals("signing")) { + /* + * (applies to non-CA-signing cert only) + * installAdjustValidity tells ValidityDefault to adjust the + * notAfter value to that of the CA's signing cert if needed + */ + req.setExtData("installAdjustValidity", "true"); + } + // mark request as complete CMS.debug("certUtil: calling setRequestStatus"); req.setRequestStatus(RequestStatus.COMPLETE); @@ -421,11 +462,6 @@ public class CertUtil { CMS.debug("CertUtil.createLocalCert(" + certTag + ")"); - String profile = config.getString(prefix + certTag + ".profile"); - - Boolean injectSAN = config.getBoolean("service.injectSAN", false); - CMS.debug("createLocalCert: injectSAN: " + injectSAN); - String dn = config.getString(prefix + certTag + ".dn"); String keyAlgorithm = null; Date date = new Date(); @@ -471,50 +507,29 @@ public class CertUtil { CMS.debug("Cert Template: " + info); - String instanceRoot = CMS.getConfigStore().getString("instanceRoot"); - String configurationRoot = CMS.getConfigStore().getString("configurationRoot"); + String instanceRoot = config.getString("instanceRoot"); + String configurationRoot = config.getString("configurationRoot"); + + String profileName = config.getString(prefix + certTag + ".profile"); + CMS.debug("CertUtil: profile: " + profileName); - CertInfoProfile processor = new CertInfoProfile(instanceRoot + configurationRoot + profile); + CertInfoProfile profile = new CertInfoProfile(instanceRoot + configurationRoot + profileName); // cfu - create request to enable renewal IRequestQueue queue = ca.getRequestQueue(); - IRequest req = createLocalRequest(queue, serialNo.toString(), info); - if (certTag.equals("sslserver") && injectSAN) { - injectSANextensionIntoRequest(config, req); - } - - CMS.debug("CertUtil profile: " + profile); - req.setExtData("req_key", x509key.toString()); - - // store original profile id in cert request - int idx = profile.lastIndexOf('.'); - if (idx == -1) { - CMS.debug("CertUtil profileName contains no ."); - req.setExtData("origprofileid", profile); - } else { - String name = profile.substring(0, idx); - req.setExtData("origprofileid", name); - } - - // store mapped profile ID for use in renewal - String profileId = processor.getProfileIDMapping(); - req.setExtData("profileid", profileId); - req.setExtData("profilesetid", processor.getProfileSetIDMapping()); + IRequest req = createLocalRequest( + config, + queue, + certTag, + profile, + info, + x509key); RequestId reqId = req.getRequestId(); config.putString("preop.cert." + certTag + ".reqId", reqId.toString()); - if (!certTag.equals("signing")) { - /* - * (applies to non-CA-signing cert only) - * installAdjustValidity tells ValidityDefault to adjust the - * notAfter value to that of the CA's signing cert if needed - */ - req.setExtData("installAdjustValidity", "true"); - } - - processor.populate(req, info); + profile.populate(req, info); /* java.security.PrivateKey pk = ca.getSigningUnit().getPrivateKey(); @@ -560,7 +575,7 @@ public class CertUtil { MetaInfo meta = new MetaInfo(); meta.set(ICertRecord.META_REQUEST_ID, reqId.toString()); - meta.set(ICertRecord.META_PROFILE_ID, profileId); + meta.set(ICertRecord.META_PROFILE_ID, profile.getProfileIDMapping()); ICertRecord record = cr.createCertRecord(cert.getSerialNumber(), cert, meta); cr.addCertificateRecord(record); |