diff options
-rw-r--r-- | base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java | 48 | ||||
-rw-r--r-- | base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java | 17 |
2 files changed, 17 insertions, 48 deletions
diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java index 8cdfd4742..28f4d33ff 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java +++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java @@ -407,31 +407,17 @@ public class CertUtil { (signingKeyType.equals("dsa") && algorithm.contains("DSA"))); } - public static X509CertImpl createLocalCertWithCA(IConfigStore config, X509Key x509key, - String prefix, String certTag, String type, ICertificateAuthority ca) throws Exception { - return createLocalCert(config, x509key, prefix, certTag, type, ca, null); - } - - public static X509CertImpl createLocalCert(IConfigStore config, X509Key x509key, - String prefix, String certTag, String type, Context context) throws Exception { - return createLocalCert(config, x509key, prefix, certTag, type, null, context); - } - public static X509CertImpl createLocalCert( IConfigStore config, X509Key x509key, String prefix, String certTag, - String type, - ICertificateAuthority ca, - Context context) throws Exception { + String type) throws Exception { CMS.debug("CertUtil.createLocalCert(" + certTag + ")"); String profile = config.getString(prefix + certTag + ".profile"); - boolean caProvided = ca != null; - Boolean injectSAN = config.getBoolean("service.injectSAN", false); CMS.debug("createLocalCert: injectSAN: " + injectSAN); @@ -445,17 +431,8 @@ public class CertUtil { keyAlgorithm = config.getString(prefix + certTag + ".keyalgorithm"); } - if (!caProvided) { - ca = (ICertificateAuthority) CMS.getSubsystem(ICertificateAuthority.ID); - } - + ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(ICertificateAuthority.ID); ICertificateRepository cr = ca.getCertificateRepository(); - if (cr == null) { - if (context != null) { - context.put("errorString", "Ceritifcate Authority is not ready to serve."); - } - throw new IOException("Ceritifcate Authority is not ready to serve."); - } X509CertInfo info; BigInteger serialNo = cr.getNextSerialNumber(); @@ -534,19 +511,16 @@ public class CertUtil { processor.populate(req, info); - PrivateKey caPrik; - if (caProvided) { - java.security.PrivateKey pk = ca.getSigningUnit().getPrivateKey(); - if (!(pk instanceof PrivateKey)) { - throw new Exception("CA Private key must be a JSS PrivateKey"); - } - caPrik = (PrivateKey) pk; - - } else { - String caPriKeyID = config.getString(prefix + "signing" + ".privkey.id"); - byte[] keyIDb = CryptoUtil.string2byte(caPriKeyID); - caPrik = CryptoUtil.findPrivateKeyFromID(keyIDb); + /* + java.security.PrivateKey pk = ca.getSigningUnit().getPrivateKey(); + if (!(pk instanceof PrivateKey)) { + throw new Exception("CA Private key must be a JSS PrivateKey"); } + PrivateKey caPrik = (PrivateKey) pk; + */ + String caPriKeyID = config.getString(prefix + "signing" + ".privkey.id"); + byte[] keyIDb = CryptoUtil.string2byte(caPriKeyID); + PrivateKey caPrik = CryptoUtil.findPrivateKeyFromID(keyIDb); if (caPrik == null) { throw new Exception("Unable to find CA private key"); diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java index 16296513b..9b83830a2 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java +++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java @@ -2750,8 +2750,7 @@ public class ConfigurationUtils { CryptoUtil.string2byte(pubKeyModulus), CryptoUtil.string2byte(pubKeyPublicExponent)); - cert = CertUtil.createLocalCert(config, x509key, - PCERT_PREFIX, certTag, caType, context); + cert = CertUtil.createLocalCert(config, x509key, PCERT_PREFIX, certTag, caType); } else { @@ -2769,8 +2768,7 @@ public class ConfigurationUtils { CryptoUtil.string2byte(pubKeyModulus), CryptoUtil.string2byte(pubKeyPublicExponent)); - cert = CertUtil.createLocalCert(config, x509key, - PCERT_PREFIX, certTag, caType, context); + cert = CertUtil.createLocalCert(config, x509key, PCERT_PREFIX, certTag, caType); } } @@ -2782,8 +2780,7 @@ public class ConfigurationUtils { if (certTag.equals("signing")) { X509Key x509key = CryptoUtil.getPublicX509ECCKey(CryptoUtil.string2byte(pubKeyEncoded)); - cert = CertUtil.createLocalCert(config, x509key, - PCERT_PREFIX, certTag, caType, context); + cert = CertUtil.createLocalCert(config, x509key, PCERT_PREFIX, certTag, caType); } else { @@ -2800,8 +2797,7 @@ public class ConfigurationUtils { X509Key x509key = CryptoUtil.getPublicX509ECCKey( CryptoUtil.string2byte(pubKeyEncoded)); - cert = CertUtil.createLocalCert(config, x509key, - PCERT_PREFIX, certTag, caType, context); + cert = CertUtil.createLocalCert(config, x509key, PCERT_PREFIX, certTag, caType); } } @@ -3212,8 +3208,7 @@ public class ConfigurationUtils { if (!certTag.equals("sslserver")) return; } - X509CertImpl impl = CertUtil.createLocalCert(config, x509key, - PCERT_PREFIX, certTag, cert.getType(), null); + X509CertImpl impl = CertUtil.createLocalCert(config, x509key, PCERT_PREFIX, certTag, cert.getType()); if (impl != null) { byte[] certb = impl.getEncoded(); @@ -3563,7 +3558,7 @@ public class ConfigurationUtils { cs.putString(PCERT_PREFIX + "admin.dn", subject); String caType = cs.getString(PCERT_PREFIX + "admin.type", "local"); - X509CertImpl impl = CertUtil.createLocalCert(cs, x509key, PCERT_PREFIX, "admin", caType, null); + X509CertImpl impl = CertUtil.createLocalCert(cs, x509key, PCERT_PREFIX, "admin", caType); // update the locally created request for renewal CertUtil.updateLocalRequest(cs, "admin", certRequest, certRequestType, subject); |