diff options
3 files changed, 108 insertions, 60 deletions
diff --git a/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java b/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java index ebca55bc0..e6bd0d981 100644 --- a/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java @@ -217,7 +217,7 @@ public class ClientCertRequestCLI extends CLI { String encoded; if (transportCertFilename == null) { - SystemCertClient certClient = new SystemCertClient(client, "kra"); + SystemCertClient certClient = new SystemCertClient(client, "ca"); encoded = certClient.getTransportCert().getEncoded(); } else { @@ -251,13 +251,19 @@ public class ClientCertRequestCLI extends CLI { CertEnrollmentRequest request = certClient.getEnrollmentTemplate(profileID); - ProfileInput kg = request.getInput("Key Generation"); + // Key Generation / Dual Key Generation + for (ProfileInput input : request.getInputs()) { - ProfileAttribute typeAttr = kg.getAttribute("cert_request_type"); - typeAttr.setValue(requestType); + ProfileAttribute typeAttr = input.getAttribute("cert_request_type"); + if (typeAttr != null) { + typeAttr.setValue(requestType); + } - ProfileAttribute csrAttr = kg.getAttribute("cert_request"); - csrAttr.setValue(csr); + ProfileAttribute csrAttr = input.getAttribute("cert_request"); + if (csrAttr != null) { + csrAttr.setValue(csr); + } + } ProfileInput sn = request.getInput("Subject Name"); if (sn != null) { diff --git a/base/server/cms/src/com/netscape/cms/servlet/base/PKIService.java b/base/server/cms/src/com/netscape/cms/servlet/base/PKIService.java index 2fe78bf2a..4ebf075cb 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/base/PKIService.java +++ b/base/server/cms/src/com/netscape/cms/servlet/base/PKIService.java @@ -19,14 +19,13 @@ package com.netscape.cms.servlet.base; import java.lang.reflect.Method; import java.net.URI; -import java.security.Principal; -import java.security.cert.CertificateEncodingException; import java.util.Arrays; import java.util.HashMap; import java.util.List; import java.util.Locale; import java.util.Map; +import javax.servlet.http.HttpServletRequest; import javax.ws.rs.FormParam; import javax.ws.rs.core.CacheControl; import javax.ws.rs.core.Context; @@ -36,11 +35,10 @@ import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Request; import javax.ws.rs.core.Response; import javax.ws.rs.core.Response.ResponseBuilder; +import javax.ws.rs.core.UriInfo; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.PKIException; -import com.netscape.certsrv.cert.CertData; -import com.netscape.certsrv.dbs.certdb.CertId; import com.netscape.certsrv.logging.IAuditor; import com.netscape.certsrv.logging.ILogger; @@ -65,7 +63,17 @@ public class PKIService { public final static int DEFAULT_SIZE = 20; @Context - private HttpHeaders headers; + protected UriInfo uriInfo; + + @Context + protected HttpHeaders headers; + + @Context + protected Request request; + + @Context + protected HttpServletRequest servletRequest; + public ILogger logger = CMS.getLogger(); public IAuditor auditor = CMS.getAuditor(); @@ -169,25 +177,6 @@ public class PKIService { return builder.build(); } - public CertData createCertificateData(org.mozilla.jss.crypto.X509Certificate cert) - throws CertificateEncodingException { - - CertData data = new CertData(); - - data.setSerialNumber(new CertId(cert.getSerialNumber())); - - Principal issuerDN = cert.getIssuerDN(); - if (issuerDN != null) data.setIssuerDN(issuerDN.toString()); - - Principal subjectDN = cert.getSubjectDN(); - if (subjectDN != null) data.setSubjectDN(subjectDN.toString()); - - String b64 = CertData.HEADER + "\n" + CMS.BtoA(cert.getEncoded()) + CertData.FOOTER; - data.setEncoded(b64); - - return data; - } - public Locale getLocale(HttpHeaders headers) { if (headers == null) return Locale.getDefault(); diff --git a/base/server/cms/src/org/dogtagpki/server/rest/SystemCertService.java b/base/server/cms/src/org/dogtagpki/server/rest/SystemCertService.java index 02f9004ec..e4bb09cc2 100644 --- a/base/server/cms/src/org/dogtagpki/server/rest/SystemCertService.java +++ b/base/server/cms/src/org/dogtagpki/server/rest/SystemCertService.java @@ -19,25 +19,28 @@ package org.dogtagpki.server.rest; import java.net.URI; -import java.security.cert.CertificateEncodingException; +import java.security.Principal; -import javax.servlet.http.HttpServletRequest; -import javax.ws.rs.core.Context; -import javax.ws.rs.core.HttpHeaders; -import javax.ws.rs.core.Request; import javax.ws.rs.core.Response; -import javax.ws.rs.core.UriInfo; + +import netscape.security.x509.X509CertImpl; import org.jboss.resteasy.plugins.providers.atom.Link; +import org.mozilla.jss.crypto.X509Certificate; import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.base.PKIException; import com.netscape.certsrv.base.ResourceNotFoundException; import com.netscape.certsrv.cert.CertData; +import com.netscape.certsrv.dbs.certdb.CertId; import com.netscape.certsrv.kra.IKeyRecoveryAuthority; import com.netscape.certsrv.security.ITransportKeyUnit; +import com.netscape.certsrv.system.KRAConnectorInfo; import com.netscape.certsrv.system.SystemCertResource; +import com.netscape.cms.servlet.admin.KRAConnectorProcessor; import com.netscape.cms.servlet.base.PKIService; +import com.netscape.cmsutil.util.Utils; /** * This is the class used to list, retrieve and modify system certificates for all Java subsystems. @@ -47,26 +50,52 @@ import com.netscape.cms.servlet.base.PKIService; */ public class SystemCertService extends PKIService implements SystemCertResource { - @Context - private UriInfo uriInfo; + /** + * Used to retrieve the transport certificate + */ + public Response getTransportCert() { + + try { + IConfigStore cs = CMS.getConfigStore(); + String type = cs.getString("cs.type"); + + CertData certData; + if ("CA".equals(type)) { + certData = getTransportCertFromCA(); - @Context - private HttpHeaders headers; + } else if ("KRA".equals(type)) { + certData = getTransportCertFromKRA(); - @Context - private Request request; + } else { + throw new ResourceNotFoundException("Transport certificate not available in " + type); + } + + URI uri = uriInfo.getRequestUri(); + certData.setLink(new Link("self", uri)); - @Context - private HttpServletRequest servletRequest; + return sendConditionalGetResponse(DEFAULT_LONG_CACHE_LIFETIME, certData, request); - public SystemCertService() { - CMS.debug("SystemCertService.<init>()"); + } catch (PKIException e) { + throw e; + + } catch (Exception e) { + CMS.debug(e); + throw new PKIException(e); + } } - /** - * Used to retrieve the transport certificate - */ - public Response getTransportCert() { + public CertData getTransportCertFromCA() throws Exception { + KRAConnectorProcessor processor = new KRAConnectorProcessor(getLocale(headers)); + KRAConnectorInfo info = processor.getConnectorInfo(); + String encodedCert = info.getTransportCert(); + + byte[] bytes = Utils.base64decode(encodedCert); + X509CertImpl cert = new X509CertImpl(bytes); + + return createCertificateData(cert); + } + + public CertData getTransportCertFromKRA() throws Exception { IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS.getSubsystem("kra"); if (kra == null) { @@ -80,24 +109,48 @@ public class SystemCertService extends PKIService implements SystemCertResource throw new PKIException("No transport key unit."); } - org.mozilla.jss.crypto.X509Certificate transportCert = tu.getCertificate(); + X509Certificate transportCert = tu.getCertificate(); if (transportCert == null) { CMS.debug("getTransportCert: transport cert is null"); throw new PKIException("Transport cert not found."); } - try { - CertData cert = createCertificateData(transportCert); + return createCertificateData(transportCert); + } - URI uri = uriInfo.getRequestUri(); - cert.setLink(new Link("self", uri)); + public CertData createCertificateData(X509CertImpl cert) throws Exception { - return sendConditionalGetResponse(DEFAULT_LONG_CACHE_LIFETIME, cert, request); + CertData data = new CertData(); - } catch (CertificateEncodingException e) { - CMS.debug(e); - throw new PKIException("Unable to encode transport cert"); - } + data.setSerialNumber(new CertId(cert.getSerialNumber())); + + Principal issuerDN = cert.getIssuerDN(); + if (issuerDN != null) data.setIssuerDN(issuerDN.toString()); + + Principal subjectDN = cert.getSubjectDN(); + if (subjectDN != null) data.setSubjectDN(subjectDN.toString()); + + String b64 = CertData.HEADER + "\n" + CMS.BtoA(cert.getEncoded()) + CertData.FOOTER; + data.setEncoded(b64); + + return data; } + public CertData createCertificateData(X509Certificate cert) throws Exception { + + CertData data = new CertData(); + + data.setSerialNumber(new CertId(cert.getSerialNumber())); + + Principal issuerDN = cert.getIssuerDN(); + if (issuerDN != null) data.setIssuerDN(issuerDN.toString()); + + Principal subjectDN = cert.getSubjectDN(); + if (subjectDN != null) data.setSubjectDN(subjectDN.toString()); + + String b64 = CertData.HEADER + "\n" + CMS.BtoA(cert.getEncoded()) + CertData.FOOTER; + data.setEncoded(b64); + + return data; + } } |