diff options
author | Endi S. Dewata <edewata@redhat.com> | 2017-06-29 08:23:09 +0200 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2017-07-07 01:36:41 +0200 |
commit | 2dd97bf5569974fc7cc5a65c863594d176a0a346 (patch) | |
tree | 153a66a0464c38281ef6280aaeb1202cbc84dea3 /base/server | |
parent | c39cc840b5c2f322cee88ab94e53d20a8e3bfad0 (diff) | |
download | pki-2dd97bf5569974fc7cc5a65c863594d176a0a346.tar.gz pki-2dd97bf5569974fc7cc5a65c863594d176a0a346.tar.xz pki-2dd97bf5569974fc7cc5a65c863594d176a0a346.zip |
Refactored ConfigurationUtils.handleLocalCert().
The code for creating and importing local cert into NSS database
has been moved into ConfigurationUtils.handleLocalCert().
https://pagure.io/dogtagpki/issue/2280
Change-Id: Idac7bc3e08e95f94fe50c417898ef12b2288d17c
Diffstat (limited to 'base/server')
-rw-r--r-- | base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java | 90 | ||||
-rw-r--r-- | base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java | 9 |
2 files changed, 51 insertions, 48 deletions
diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java index 510518571..0c35c95cc 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java +++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java @@ -3180,8 +3180,11 @@ public class ConfigurationUtils { cr.addCertificateRecord(record); } - public static void handleCerts(Cert cert) throws Exception { + public static void handleCert(Cert cert) throws Exception { + String certTag = cert.getCertTag(); + CMS.debug("ConfigurationUtils.handleCert(" + certTag + ")"); + String subsystem = cert.getSubsystem(); String nickname = cert.getNickname(); IConfigStore config = CMS.getConfigStore(); @@ -3190,56 +3193,19 @@ public class ConfigurationUtils { if (!enable) return; - CMS.debug("handleCerts(): for cert tag '" + cert.getCertTag() + "' using cert type '" + cert.getType() + "'"); + CMS.debug("ConfigurationUtils: cert type: " + cert.getType()); + String b64 = cert.getCert(); String tokenname = config.getString("preop.module.token", ""); if (cert.getType().equals("local") && b64.equals("...certificate be generated internally...")) { - CMS.debug("handleCerts(): processing local cert"); - - String pubKeyType = config.getString(PCERT_PREFIX + certTag + ".keytype"); - X509Key x509key = null; - if (pubKeyType.equals("rsa")) { - x509key = getRSAX509Key(config, certTag); - } else if (pubKeyType.equals("ecc")) { - x509key = getECCX509Key(config, certTag); - } - - if (CertUtil.findCertificate(tokenname, nickname)) { - if (!certTag.equals("sslserver")) - return; + if (CertUtil.findCertificate(tokenname, nickname) && !certTag.equals("sslserver")) { + // if cert already exists (except SSL server cert), skip creation + return; } - X509CertImpl impl = CertUtil.createLocalCert(config, x509key, PCERT_PREFIX, certTag, cert.getType()); - - if (impl != null) { - byte[] certb = impl.getEncoded(); - String certs = CryptoUtil.base64Encode(certb); - cert.setCert(certs); - config.putString(subsystem + "." + certTag + ".cert", certs); - CMS.debug("handleCerts(): nickname=" + nickname); - - try { - CMS.debug("handleCerts(): deleting existing cert"); - if (certTag.equals("sslserver") && CertUtil.findBootstrapServerCert()) - CertUtil.deleteBootstrapServerCert(); - if (CertUtil.findCertificate(tokenname, nickname)) - CertUtil.deleteCert(tokenname, nickname); - - CMS.debug("handleCerts(): importing new cert"); - if (certTag.equals("signing") && subsystem.equals("ca")) - CryptoUtil.importUserCertificate(impl, nickname); - else - CryptoUtil.importUserCertificate(impl, nickname, false); - CMS.debug("handleCerts(): cert imported for certTag '" + certTag + "'"); - - } catch (Exception ee) { - CMS.debug(ee); - CMS.debug("handleCerts(): import certificate for certTag=" + certTag + " Exception: " - + ee.toString()); - } - } + handleLocalCert(config, cert, tokenname); } else if (cert.getType().equals("remote")) { @@ -3283,12 +3249,46 @@ public class ConfigurationUtils { if (!CryptoUtil.isInternalToken(tokenname)) NickName = tokenname + ":" + nickname; - CMS.debug("handleCerts(): set trust on CA signing cert " + NickName); + CMS.debug("ConfigurationUtils: set trust on CA signing cert " + NickName); CryptoUtil.trustCertByNickname(NickName); CMS.reinit(ICertificateAuthority.ID); } } + private static void handleLocalCert( + IConfigStore config, + Cert cert, + String tokenname) + throws Exception { + + String certTag = cert.getCertTag(); + CMS.debug("ConfigurationUtils.handleLocalCert(" + certTag + ")"); + + String pubKeyType = config.getString(PCERT_PREFIX + certTag + ".keytype"); + + X509Key x509key = null; + if (pubKeyType.equals("rsa")) { + x509key = getRSAX509Key(config, certTag); + } else if (pubKeyType.equals("ecc")) { + x509key = getECCX509Key(config, certTag); + } + + CMS.debug("ConfigurationUtils: creating local cert"); + + X509CertImpl impl = CertUtil.createLocalCert(config, x509key, PCERT_PREFIX, certTag, cert.getType()); + + byte[] binCert = impl.getEncoded(); + String strCert = CryptoUtil.base64Encode(binCert); + cert.setCert(strCert); + + String subsystem = cert.getSubsystem(); + config.putString(subsystem + "." + certTag + ".cert", strCert); + + CMS.debug("ConfigurationUtils: importing local cert"); + + CertUtil.importCert(subsystem, certTag, tokenname, cert.getNickname(), impl); + } + public static void setCertPermissions(String tag) throws EBaseException, NotInitializedException, ObjectNotFoundException, TokenException { if (tag.equals("signing") || tag.equals("external_signing")) diff --git a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java index afbb24a78..479d8dff8 100644 --- a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java +++ b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java @@ -179,10 +179,10 @@ public class SystemConfigService extends PKIService implements SystemConfigResou for (Cert cert : certs) { try { - CMS.debug("Processing '" + cert.getCertTag() + "' certificate:"); - ConfigurationUtils.handleCerts(cert); + CMS.debug("=== Handling " + cert.getCertTag() + " cert ==="); + ConfigurationUtils.handleCert(cert); ConfigurationUtils.setCertPermissions(cert.getCertTag()); - CMS.debug("Processed '" + cert.getCertTag() + "' certificate."); + } catch (Exception e) { CMS.debug(e); throw new PKIException("Error in configuring system certificates: " + e, e); @@ -300,6 +300,9 @@ public class SystemConfigService extends PKIService implements SystemConfigResou hasSigningCert.setValue(false); for (String tag : certList) { + + CMS.debug("=== Processing " + tag + " cert ==="); + boolean enable = cs.getBoolean("preop.cert." + tag + ".enable", true); if (!enable) continue; |