diff options
author | Endi S. Dewata <edewata@redhat.com> | 2014-07-07 19:47:29 -0400 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2014-07-09 18:47:45 -0400 |
commit | 8f3c7807a2efc4d2699f36795cb9685bf4203c38 (patch) | |
tree | 2d6c29e25d5f3667bc6495c62b85c97a8443f3e8 /base | |
parent | fdc9f763cbb9733cc671e23034bd719df4a14247 (diff) | |
download | pki-8f3c7807a2efc4d2699f36795cb9685bf4203c38.tar.gz pki-8f3c7807a2efc4d2699f36795cb9685bf4203c38.tar.xz pki-8f3c7807a2efc4d2699f36795cb9685bf4203c38.zip |
Added transport cert attributes.
The REST service has been modified to return additional attributes
for transport certificate including serial number, issuer DN,
subject DN, and resource link.
Ticket #1065
Diffstat (limited to 'base')
3 files changed, 28 insertions, 9 deletions
diff --git a/base/kra/functional/drmtest.py b/base/kra/functional/drmtest.py index ce4a1eb37..b309ce09f 100644 --- a/base/kra/functional/drmtest.py +++ b/base/kra/functional/drmtest.py @@ -91,6 +91,7 @@ def main(): # Get transport cert and insert in the certdb transport_nick = "kra transport cert" transport_cert = kraclient.system_certs.get_transport_cert() + print "Subject DN: " + transport_cert.subject_dn print transport_cert.encoded crypto.import_cert(transport_nick, transport_cert, "u,u,u") diff --git a/base/server/cms/src/com/netscape/cms/servlet/base/PKIService.java b/base/server/cms/src/com/netscape/cms/servlet/base/PKIService.java index 9d274705b..b958791bb 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/base/PKIService.java +++ b/base/server/cms/src/com/netscape/cms/servlet/base/PKIService.java @@ -19,6 +19,7 @@ package com.netscape.cms.servlet.base; import java.lang.reflect.Method; import java.net.URI; +import java.security.Principal; import java.security.cert.CertificateEncodingException; import java.util.Arrays; import java.util.HashMap; @@ -39,6 +40,7 @@ import javax.ws.rs.core.Response.ResponseBuilder; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.PKIException; import com.netscape.certsrv.cert.CertData; +import com.netscape.certsrv.dbs.certdb.CertId; import com.netscape.certsrv.logging.IAuditor; import com.netscape.certsrv.logging.ILogger; @@ -168,9 +170,20 @@ public class PKIService { public CertData createCertificateData(org.mozilla.jss.crypto.X509Certificate cert) throws CertificateEncodingException { + CertData data = new CertData(); + + data.setSerialNumber(new CertId(cert.getSerialNumber())); + + Principal issuerDN = cert.getIssuerDN(); + if (issuerDN != null) data.setIssuerDN(issuerDN.toString()); + + Principal subjectDN = cert.getSubjectDN(); + if (subjectDN != null) data.setSubjectDN(subjectDN.toString()); + String b64 = CertData.HEADER + "\n" + CMS.BtoA(cert.getEncoded()) + CertData.FOOTER; data.setEncoded(b64); + return data; } diff --git a/base/server/cms/src/org/dogtagpki/server/rest/SystemCertService.java b/base/server/cms/src/org/dogtagpki/server/rest/SystemCertService.java index c4f26f829..02f9004ec 100644 --- a/base/server/cms/src/org/dogtagpki/server/rest/SystemCertService.java +++ b/base/server/cms/src/org/dogtagpki/server/rest/SystemCertService.java @@ -18,6 +18,7 @@ package org.dogtagpki.server.rest; +import java.net.URI; import java.security.cert.CertificateEncodingException; import javax.servlet.http.HttpServletRequest; @@ -27,6 +28,8 @@ import javax.ws.rs.core.Request; import javax.ws.rs.core.Response; import javax.ws.rs.core.UriInfo; +import org.jboss.resteasy.plugins.providers.atom.Link; + import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.PKIException; import com.netscape.certsrv.base.ResourceNotFoundException; @@ -64,12 +67,8 @@ public class SystemCertService extends PKIService implements SystemCertResource * Used to retrieve the transport certificate */ public Response getTransportCert() { - CertData cert = null; - IKeyRecoveryAuthority kra = null; - - // auth and authz - kra = (IKeyRecoveryAuthority) CMS.getSubsystem("kra"); + IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS.getSubsystem("kra"); if (kra == null) { // no KRA throw new ResourceNotFoundException("KRA subsystem not found."); @@ -80,19 +79,25 @@ public class SystemCertService extends PKIService implements SystemCertResource CMS.debug("getTransportCert: transport key unit is null"); throw new PKIException("No transport key unit."); } + org.mozilla.jss.crypto.X509Certificate transportCert = tu.getCertificate(); if (transportCert == null) { CMS.debug("getTransportCert: transport cert is null"); throw new PKIException("Transport cert not found."); } + try { - cert = createCertificateData(transportCert); + CertData cert = createCertificateData(transportCert); + + URI uri = uriInfo.getRequestUri(); + cert.setLink(new Link("self", uri)); + + return sendConditionalGetResponse(DEFAULT_LONG_CACHE_LIFETIME, cert, request); + } catch (CertificateEncodingException e) { - CMS.debug("getTransportCert: certificate encoding exception with transport cert"); - e.printStackTrace(); + CMS.debug(e); throw new PKIException("Unable to encode transport cert"); } - return sendConditionalGetResponse(DEFAULT_LONG_CACHE_LIFETIME, cert, request); } } |