summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java18
-rw-r--r--base/server/cms/src/com/netscape/cms/servlet/base/PKIService.java37
-rw-r--r--base/server/cms/src/org/dogtagpki/server/rest/SystemCertService.java113
3 files changed, 108 insertions, 60 deletions
diff --git a/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java b/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java
index ebca55bc0..e6bd0d981 100644
--- a/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java
@@ -217,7 +217,7 @@ public class ClientCertRequestCLI extends CLI {
String encoded;
if (transportCertFilename == null) {
- SystemCertClient certClient = new SystemCertClient(client, "kra");
+ SystemCertClient certClient = new SystemCertClient(client, "ca");
encoded = certClient.getTransportCert().getEncoded();
} else {
@@ -251,13 +251,19 @@ public class ClientCertRequestCLI extends CLI {
CertEnrollmentRequest request = certClient.getEnrollmentTemplate(profileID);
- ProfileInput kg = request.getInput("Key Generation");
+ // Key Generation / Dual Key Generation
+ for (ProfileInput input : request.getInputs()) {
- ProfileAttribute typeAttr = kg.getAttribute("cert_request_type");
- typeAttr.setValue(requestType);
+ ProfileAttribute typeAttr = input.getAttribute("cert_request_type");
+ if (typeAttr != null) {
+ typeAttr.setValue(requestType);
+ }
- ProfileAttribute csrAttr = kg.getAttribute("cert_request");
- csrAttr.setValue(csr);
+ ProfileAttribute csrAttr = input.getAttribute("cert_request");
+ if (csrAttr != null) {
+ csrAttr.setValue(csr);
+ }
+ }
ProfileInput sn = request.getInput("Subject Name");
if (sn != null) {
diff --git a/base/server/cms/src/com/netscape/cms/servlet/base/PKIService.java b/base/server/cms/src/com/netscape/cms/servlet/base/PKIService.java
index 2fe78bf2a..4ebf075cb 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/base/PKIService.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/base/PKIService.java
@@ -19,14 +19,13 @@ package com.netscape.cms.servlet.base;
import java.lang.reflect.Method;
import java.net.URI;
-import java.security.Principal;
-import java.security.cert.CertificateEncodingException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
+import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.FormParam;
import javax.ws.rs.core.CacheControl;
import javax.ws.rs.core.Context;
@@ -36,11 +35,10 @@ import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Request;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.ResponseBuilder;
+import javax.ws.rs.core.UriInfo;
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.base.PKIException;
-import com.netscape.certsrv.cert.CertData;
-import com.netscape.certsrv.dbs.certdb.CertId;
import com.netscape.certsrv.logging.IAuditor;
import com.netscape.certsrv.logging.ILogger;
@@ -65,7 +63,17 @@ public class PKIService {
public final static int DEFAULT_SIZE = 20;
@Context
- private HttpHeaders headers;
+ protected UriInfo uriInfo;
+
+ @Context
+ protected HttpHeaders headers;
+
+ @Context
+ protected Request request;
+
+ @Context
+ protected HttpServletRequest servletRequest;
+
public ILogger logger = CMS.getLogger();
public IAuditor auditor = CMS.getAuditor();
@@ -169,25 +177,6 @@ public class PKIService {
return builder.build();
}
- public CertData createCertificateData(org.mozilla.jss.crypto.X509Certificate cert)
- throws CertificateEncodingException {
-
- CertData data = new CertData();
-
- data.setSerialNumber(new CertId(cert.getSerialNumber()));
-
- Principal issuerDN = cert.getIssuerDN();
- if (issuerDN != null) data.setIssuerDN(issuerDN.toString());
-
- Principal subjectDN = cert.getSubjectDN();
- if (subjectDN != null) data.setSubjectDN(subjectDN.toString());
-
- String b64 = CertData.HEADER + "\n" + CMS.BtoA(cert.getEncoded()) + CertData.FOOTER;
- data.setEncoded(b64);
-
- return data;
- }
-
public Locale getLocale(HttpHeaders headers) {
if (headers == null) return Locale.getDefault();
diff --git a/base/server/cms/src/org/dogtagpki/server/rest/SystemCertService.java b/base/server/cms/src/org/dogtagpki/server/rest/SystemCertService.java
index 02f9004ec..e4bb09cc2 100644
--- a/base/server/cms/src/org/dogtagpki/server/rest/SystemCertService.java
+++ b/base/server/cms/src/org/dogtagpki/server/rest/SystemCertService.java
@@ -19,25 +19,28 @@
package org.dogtagpki.server.rest;
import java.net.URI;
-import java.security.cert.CertificateEncodingException;
+import java.security.Principal;
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.HttpHeaders;
-import javax.ws.rs.core.Request;
import javax.ws.rs.core.Response;
-import javax.ws.rs.core.UriInfo;
+
+import netscape.security.x509.X509CertImpl;
import org.jboss.resteasy.plugins.providers.atom.Link;
+import org.mozilla.jss.crypto.X509Certificate;
import com.netscape.certsrv.apps.CMS;
+import com.netscape.certsrv.base.IConfigStore;
import com.netscape.certsrv.base.PKIException;
import com.netscape.certsrv.base.ResourceNotFoundException;
import com.netscape.certsrv.cert.CertData;
+import com.netscape.certsrv.dbs.certdb.CertId;
import com.netscape.certsrv.kra.IKeyRecoveryAuthority;
import com.netscape.certsrv.security.ITransportKeyUnit;
+import com.netscape.certsrv.system.KRAConnectorInfo;
import com.netscape.certsrv.system.SystemCertResource;
+import com.netscape.cms.servlet.admin.KRAConnectorProcessor;
import com.netscape.cms.servlet.base.PKIService;
+import com.netscape.cmsutil.util.Utils;
/**
* This is the class used to list, retrieve and modify system certificates for all Java subsystems.
@@ -47,26 +50,52 @@ import com.netscape.cms.servlet.base.PKIService;
*/
public class SystemCertService extends PKIService implements SystemCertResource {
- @Context
- private UriInfo uriInfo;
+ /**
+ * Used to retrieve the transport certificate
+ */
+ public Response getTransportCert() {
+
+ try {
+ IConfigStore cs = CMS.getConfigStore();
+ String type = cs.getString("cs.type");
+
+ CertData certData;
+ if ("CA".equals(type)) {
+ certData = getTransportCertFromCA();
- @Context
- private HttpHeaders headers;
+ } else if ("KRA".equals(type)) {
+ certData = getTransportCertFromKRA();
- @Context
- private Request request;
+ } else {
+ throw new ResourceNotFoundException("Transport certificate not available in " + type);
+ }
+
+ URI uri = uriInfo.getRequestUri();
+ certData.setLink(new Link("self", uri));
- @Context
- private HttpServletRequest servletRequest;
+ return sendConditionalGetResponse(DEFAULT_LONG_CACHE_LIFETIME, certData, request);
- public SystemCertService() {
- CMS.debug("SystemCertService.<init>()");
+ } catch (PKIException e) {
+ throw e;
+
+ } catch (Exception e) {
+ CMS.debug(e);
+ throw new PKIException(e);
+ }
}
- /**
- * Used to retrieve the transport certificate
- */
- public Response getTransportCert() {
+ public CertData getTransportCertFromCA() throws Exception {
+ KRAConnectorProcessor processor = new KRAConnectorProcessor(getLocale(headers));
+ KRAConnectorInfo info = processor.getConnectorInfo();
+ String encodedCert = info.getTransportCert();
+
+ byte[] bytes = Utils.base64decode(encodedCert);
+ X509CertImpl cert = new X509CertImpl(bytes);
+
+ return createCertificateData(cert);
+ }
+
+ public CertData getTransportCertFromKRA() throws Exception {
IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS.getSubsystem("kra");
if (kra == null) {
@@ -80,24 +109,48 @@ public class SystemCertService extends PKIService implements SystemCertResource
throw new PKIException("No transport key unit.");
}
- org.mozilla.jss.crypto.X509Certificate transportCert = tu.getCertificate();
+ X509Certificate transportCert = tu.getCertificate();
if (transportCert == null) {
CMS.debug("getTransportCert: transport cert is null");
throw new PKIException("Transport cert not found.");
}
- try {
- CertData cert = createCertificateData(transportCert);
+ return createCertificateData(transportCert);
+ }
- URI uri = uriInfo.getRequestUri();
- cert.setLink(new Link("self", uri));
+ public CertData createCertificateData(X509CertImpl cert) throws Exception {
- return sendConditionalGetResponse(DEFAULT_LONG_CACHE_LIFETIME, cert, request);
+ CertData data = new CertData();
- } catch (CertificateEncodingException e) {
- CMS.debug(e);
- throw new PKIException("Unable to encode transport cert");
- }
+ data.setSerialNumber(new CertId(cert.getSerialNumber()));
+
+ Principal issuerDN = cert.getIssuerDN();
+ if (issuerDN != null) data.setIssuerDN(issuerDN.toString());
+
+ Principal subjectDN = cert.getSubjectDN();
+ if (subjectDN != null) data.setSubjectDN(subjectDN.toString());
+
+ String b64 = CertData.HEADER + "\n" + CMS.BtoA(cert.getEncoded()) + CertData.FOOTER;
+ data.setEncoded(b64);
+
+ return data;
}
+ public CertData createCertificateData(X509Certificate cert) throws Exception {
+
+ CertData data = new CertData();
+
+ data.setSerialNumber(new CertId(cert.getSerialNumber()));
+
+ Principal issuerDN = cert.getIssuerDN();
+ if (issuerDN != null) data.setIssuerDN(issuerDN.toString());
+
+ Principal subjectDN = cert.getSubjectDN();
+ if (subjectDN != null) data.setSubjectDN(subjectDN.toString());
+
+ String b64 = CertData.HEADER + "\n" + CMS.BtoA(cert.getEncoded()) + CertData.FOOTER;
+ data.setEncoded(b64);
+
+ return data;
+ }
}
generated by cgit (git 2.34.1) at 2024-06-11 21:53:16 +0000