Added transport cert attributes.

The REST service has been modified to return additional attributes for transport certificate including serial number, issuer DN, subject DN, and resource link. Ticket #1065
author: Endi S. Dewata <edewata@redhat.com> 2014-07-07 19:47:29 -0400
committer: Endi S. Dewata <edewata@redhat.com> 2014-07-09 18:47:45 -0400
commit: 8f3c7807a2efc4d2699f36795cb9685bf4203c38 (patch)
tree: 2d6c29e25d5f3667bc6495c62b85c97a8443f3e8 /base
parent: fdc9f763cbb9733cc671e23034bd719df4a14247 (diff)
download: pki-8f3c7807a2efc4d2699f36795cb9685bf4203c38.tar.gz
pki-8f3c7807a2efc4d2699f36795cb9685bf4203c38.tar.xz
pki-8f3c7807a2efc4d2699f36795cb9685bf4203c38.zip
3 files changed, 28 insertions, 9 deletions
diff --git a/base/kra/functional/drmtest.py b/base/kra/functional/drmtest.py
index ce4a1eb37..b309ce09f 100644
--- a/base/kra/functional/drmtest.py
+++ b/base/kra/functional/drmtest.py
@@ -91,6 +91,7 @@ def main():
     # Get transport cert and insert in the certdb
     transport_nick = "kra transport cert"
     transport_cert = kraclient.system_certs.get_transport_cert()
+    print "Subject DN: " + transport_cert.subject_dn
     print transport_cert.encoded
     crypto.import_cert(transport_nick, transport_cert, "u,u,u")
 
diff --git a/base/server/cms/src/com/netscape/cms/servlet/base/PKIService.java b/base/server/cms/src/com/netscape/cms/servlet/base/PKIService.java
index 9d274705b..b958791bb 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/base/PKIService.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/base/PKIService.java
@@ -19,6 +19,7 @@ package com.netscape.cms.servlet.base;
 
 import java.lang.reflect.Method;
 import java.net.URI;
+import java.security.Principal;
 import java.security.cert.CertificateEncodingException;
 import java.util.Arrays;
 import java.util.HashMap;
@@ -39,6 +40,7 @@ import javax.ws.rs.core.Response.ResponseBuilder;
 import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.base.PKIException;
 import com.netscape.certsrv.cert.CertData;
+import com.netscape.certsrv.dbs.certdb.CertId;
 import com.netscape.certsrv.logging.IAuditor;
 import com.netscape.certsrv.logging.ILogger;
 
@@ -168,9 +170,20 @@ public class PKIService {
 
     public CertData createCertificateData(org.mozilla.jss.crypto.X509Certificate cert)
             throws CertificateEncodingException {
+
         CertData data = new CertData();
+
+        data.setSerialNumber(new CertId(cert.getSerialNumber()));
+
+        Principal issuerDN = cert.getIssuerDN();
+        if (issuerDN != null) data.setIssuerDN(issuerDN.toString());
+
+        Principal subjectDN = cert.getSubjectDN();
+        if (subjectDN != null) data.setSubjectDN(subjectDN.toString());
+
         String b64 = CertData.HEADER + "\n" + CMS.BtoA(cert.getEncoded()) + CertData.FOOTER;
         data.setEncoded(b64);
+
         return data;
     }
 
diff --git a/base/server/cms/src/org/dogtagpki/server/rest/SystemCertService.java b/base/server/cms/src/org/dogtagpki/server/rest/SystemCertService.java
index c4f26f829..02f9004ec 100644
--- a/base/server/cms/src/org/dogtagpki/server/rest/SystemCertService.java
+++ b/base/server/cms/src/org/dogtagpki/server/rest/SystemCertService.java
@@ -18,6 +18,7 @@
 
 package org.dogtagpki.server.rest;
 
+import java.net.URI;
 import java.security.cert.CertificateEncodingException;
 
 import javax.servlet.http.HttpServletRequest;
@@ -27,6 +28,8 @@ import javax.ws.rs.core.Request;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.UriInfo;
 
+import org.jboss.resteasy.plugins.providers.atom.Link;
+
 import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.base.PKIException;
 import com.netscape.certsrv.base.ResourceNotFoundException;
@@ -64,12 +67,8 @@ public class SystemCertService extends PKIService implements SystemCertResource
      * Used to retrieve the transport certificate
      */
     public Response getTransportCert() {
-        CertData cert = null;
-        IKeyRecoveryAuthority kra = null;
-
-        // auth and authz
 
-        kra = (IKeyRecoveryAuthority) CMS.getSubsystem("kra");
+        IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS.getSubsystem("kra");
         if (kra == null) {
             // no KRA
             throw new ResourceNotFoundException("KRA subsystem not found.");
@@ -80,19 +79,25 @@ public class SystemCertService extends PKIService implements SystemCertResource
             CMS.debug("getTransportCert: transport key unit is null");
             throw new PKIException("No transport key unit.");
         }
+
         org.mozilla.jss.crypto.X509Certificate transportCert = tu.getCertificate();
         if (transportCert == null) {
             CMS.debug("getTransportCert: transport cert is null");
             throw new PKIException("Transport cert not found.");
         }
+
         try {
-            cert = createCertificateData(transportCert);
+            CertData cert = createCertificateData(transportCert);
+
+            URI uri = uriInfo.getRequestUri();
+            cert.setLink(new Link("self", uri));
+
+            return sendConditionalGetResponse(DEFAULT_LONG_CACHE_LIFETIME, cert, request);
+
         } catch (CertificateEncodingException e) {
-            CMS.debug("getTransportCert: certificate encoding exception with transport cert");
-            e.printStackTrace();
+            CMS.debug(e);
             throw new PKIException("Unable to encode transport cert");
         }
-        return sendConditionalGetResponse(DEFAULT_LONG_CACHE_LIFETIME, cert, request);
     }
 
 }
author	Endi S. Dewata <edewata@redhat.com>	2014-07-07 19:47:29 -0400
committer	Endi S. Dewata <edewata@redhat.com>	2014-07-09 18:47:45 -0400
commit	8f3c7807a2efc4d2699f36795cb9685bf4203c38 (patch)
tree	2d6c29e25d5f3667bc6495c62b85c97a8443f3e8 /base
parent	fdc9f763cbb9733cc671e23034bd719df4a14247 (diff)
download	pki-8f3c7807a2efc4d2699f36795cb9685bf4203c38.tar.gz pki-8f3c7807a2efc4d2699f36795cb9685bf4203c38.tar.xz pki-8f3c7807a2efc4d2699f36795cb9685bf4203c38.zip