Refactored ConfigurationUtils.handleLocalCert().

The code for creating and importing local cert into NSS database
has been moved into ConfigurationUtils.handleLocalCert().

https://pagure.io/dogtagpki/issue/2280

Change-Id: Idac7bc3e08e95f94fe50c417898ef12b2288d17c

2 files changed, 51 insertions, 48 deletions

diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
index 510518571..0c35c95cc 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
@@ -3180,8 +3180,11 @@ public class ConfigurationUtils {
         cr.addCertificateRecord(record);
     }
 
-    public static void handleCerts(Cert cert) throws Exception {
+    public static void handleCert(Cert cert) throws Exception {
+
         String certTag = cert.getCertTag();
+        CMS.debug("ConfigurationUtils.handleCert(" + certTag + ")");
+
         String subsystem = cert.getSubsystem();
         String nickname = cert.getNickname();
         IConfigStore config = CMS.getConfigStore();
@@ -3190,56 +3193,19 @@ public class ConfigurationUtils {
         if (!enable)
             return;
 
-        CMS.debug("handleCerts(): for cert tag '" + cert.getCertTag() + "' using cert type '" + cert.getType() + "'");
+        CMS.debug("ConfigurationUtils: cert type: " + cert.getType());
+
         String b64 = cert.getCert();
         String tokenname = config.getString("preop.module.token", "");
 
         if (cert.getType().equals("local") && b64.equals("...certificate be generated internally...")) {
 
-            CMS.debug("handleCerts(): processing local cert");
-
-            String pubKeyType = config.getString(PCERT_PREFIX + certTag + ".keytype");
-            X509Key x509key = null;
-            if (pubKeyType.equals("rsa")) {
-                x509key = getRSAX509Key(config, certTag);
-            } else if (pubKeyType.equals("ecc")) {
-                x509key = getECCX509Key(config, certTag);
-            }
-
-            if (CertUtil.findCertificate(tokenname, nickname)) {
-                if (!certTag.equals("sslserver"))
-                    return;
+            if (CertUtil.findCertificate(tokenname, nickname) && !certTag.equals("sslserver")) {
+                // if cert already exists (except SSL server cert), skip creation
+                return;
             }
-            X509CertImpl impl = CertUtil.createLocalCert(config, x509key, PCERT_PREFIX, certTag, cert.getType());
-
-            if (impl != null) {
-                byte[] certb = impl.getEncoded();
-                String certs = CryptoUtil.base64Encode(certb);
 
-                cert.setCert(certs);
-                config.putString(subsystem + "." + certTag + ".cert", certs);
-                CMS.debug("handleCerts(): nickname=" + nickname);
-
-                try {
-                    CMS.debug("handleCerts(): deleting existing cert");
-                    if (certTag.equals("sslserver") && CertUtil.findBootstrapServerCert())
-                        CertUtil.deleteBootstrapServerCert();
-                    if (CertUtil.findCertificate(tokenname, nickname))
-                        CertUtil.deleteCert(tokenname, nickname);
-
-                    CMS.debug("handleCerts(): importing new cert");
-                    if (certTag.equals("signing") && subsystem.equals("ca"))
-                        CryptoUtil.importUserCertificate(impl, nickname);
-                    else
-                        CryptoUtil.importUserCertificate(impl, nickname, false);
-                    CMS.debug("handleCerts(): cert imported for certTag '" + certTag + "'");
-
-                } catch (Exception ee) {
-                    CMS.debug(ee);
-                    CMS.debug("handleCerts(): import certificate for certTag=" + certTag + " Exception: "
-                            + ee.toString());
-                }
-            }
+            handleLocalCert(config, cert, tokenname);
 
         } else if (cert.getType().equals("remote")) {
 
@@ -3283,12 +3249,46 @@ public class ConfigurationUtils {
             if (!CryptoUtil.isInternalToken(tokenname))
                 NickName = tokenname + ":" + nickname;
 
-            CMS.debug("handleCerts(): set trust on CA signing cert " + NickName);
+            CMS.debug("ConfigurationUtils: set trust on CA signing cert " + NickName);
             CryptoUtil.trustCertByNickname(NickName);
             CMS.reinit(ICertificateAuthority.ID);
         }
     }
 
+    private static void handleLocalCert(
+            IConfigStore config,
+            Cert cert,
+            String tokenname)
+            throws Exception {
+
+        String certTag = cert.getCertTag();
+        CMS.debug("ConfigurationUtils.handleLocalCert(" + certTag + ")");
+
+        String pubKeyType = config.getString(PCERT_PREFIX + certTag + ".keytype");
+
+        X509Key x509key = null;
+        if (pubKeyType.equals("rsa")) {
+            x509key = getRSAX509Key(config, certTag);
+        } else if (pubKeyType.equals("ecc")) {
+            x509key = getECCX509Key(config, certTag);
+        }
+
+        CMS.debug("ConfigurationUtils: creating local cert");
+
+        X509CertImpl impl = CertUtil.createLocalCert(config, x509key, PCERT_PREFIX, certTag, cert.getType());
+
+        byte[] binCert = impl.getEncoded();
+        String strCert = CryptoUtil.base64Encode(binCert);
+        cert.setCert(strCert);
+
+        String subsystem = cert.getSubsystem();
+        config.putString(subsystem + "." + certTag + ".cert", strCert);
+
+        CMS.debug("ConfigurationUtils: importing local cert");
+
+        CertUtil.importCert(subsystem, certTag, tokenname, cert.getNickname(), impl);
+    }
+
     public static void setCertPermissions(String tag) throws EBaseException, NotInitializedException,
             ObjectNotFoundException, TokenException {
         if (tag.equals("signing") || tag.equals("external_signing"))
diff --git a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java
index afbb24a78..479d8dff8 100644
--- a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java
+++ b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java
@@ -179,10 +179,10 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
 
         for (Cert cert : certs) {
             try {
-                CMS.debug("Processing '" + cert.getCertTag() + "' certificate:");
-                ConfigurationUtils.handleCerts(cert);
+                CMS.debug("=== Handling " + cert.getCertTag() + " cert ===");
+                ConfigurationUtils.handleCert(cert);
                 ConfigurationUtils.setCertPermissions(cert.getCertTag());
-                CMS.debug("Processed '" + cert.getCertTag() + "' certificate.");
+
             } catch (Exception e) {
                 CMS.debug(e);
                 throw new PKIException("Error in configuring system certificates: " + e, e);
@@ -300,6 +300,9 @@ public class SystemConfigService extends PKIService implements SystemConfigResou
             hasSigningCert.setValue(false);
 
             for (String tag : certList) {
+
+                CMS.debug("=== Processing " + tag + " cert ===");
+
                 boolean enable = cs.getBoolean("preop.cert." + tag + ".enable", true);
                 if (!enable) continue;