diff options
Diffstat (limited to 'base/common/src/com/netscape/cms/profile/def/CAEnrollDefault.java')
-rw-r--r-- | base/common/src/com/netscape/cms/profile/def/CAEnrollDefault.java | 106 |
1 files changed, 106 insertions, 0 deletions
diff --git a/base/common/src/com/netscape/cms/profile/def/CAEnrollDefault.java b/base/common/src/com/netscape/cms/profile/def/CAEnrollDefault.java new file mode 100644 index 000000000..872e32960 --- /dev/null +++ b/base/common/src/com/netscape/cms/profile/def/CAEnrollDefault.java @@ -0,0 +1,106 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.profile.def; + +import java.io.IOException; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.security.cert.CertificateException; + +import netscape.security.x509.CertificateX509Key; +import netscape.security.x509.KeyIdentifier; +import netscape.security.x509.PKIXExtensions; +import netscape.security.x509.SubjectKeyIdentifierExtension; +import netscape.security.x509.X509CertImpl; +import netscape.security.x509.X509CertInfo; +import netscape.security.x509.X509Key; + +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.ca.ICertificateAuthority; + +/** + * This class implements an abstract CA specific + * Enrollment default. This policy can only be + * used with CA subsystem. + * + * @version $Revision$, $Date$ + */ +public abstract class CAEnrollDefault extends EnrollDefault { + public CAEnrollDefault() { + } + + public KeyIdentifier getKeyIdentifier(X509CertInfo info) { + try { + CertificateX509Key ckey = (CertificateX509Key) + info.get(X509CertInfo.KEY); + X509Key key = (X509Key) ckey.get(CertificateX509Key.KEY); + MessageDigest md = MessageDigest.getInstance("SHA-1"); + + md.update(key.getKey()); + byte[] hash = md.digest(); + + return new KeyIdentifier(hash); + } catch (IOException e) { + CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " + + e.toString()); + } catch (CertificateException e) { + CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " + + e.toString()); + } catch (NoSuchAlgorithmException e) { + CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " + + e.toString()); + } + return null; + } + + public KeyIdentifier getCAKeyIdentifier() { + ICertificateAuthority ca = (ICertificateAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_CA); + X509CertImpl caCert = ca.getCACert(); + if (caCert == null) { + // during configuration, we dont have the CA certificate + return null; + } + X509Key key = (X509Key) caCert.getPublicKey(); + + SubjectKeyIdentifierExtension subjKeyIdExt = + (SubjectKeyIdentifierExtension) + caCert.getExtension(PKIXExtensions.SubjectKey_Id.toString()); + if (subjKeyIdExt != null) { + try { + KeyIdentifier keyId = (KeyIdentifier) subjKeyIdExt.get( + SubjectKeyIdentifierExtension.KEY_ID); + return keyId; + } catch (IOException e) { + } + } + + try { + MessageDigest md = MessageDigest.getInstance("SHA-1"); + + md.update(key.getKey()); + byte[] hash = md.digest(); + + return new KeyIdentifier(hash); + } catch (NoSuchAlgorithmException e) { + CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " + + e.toString()); + } + return null; + } +} |