diff options
Diffstat (limited to 'base/common/src/com/netscape/cmscore/security/SSLSelfSignedCert.java')
-rw-r--r-- | base/common/src/com/netscape/cmscore/security/SSLSelfSignedCert.java | 119 |
1 files changed, 119 insertions, 0 deletions
diff --git a/base/common/src/com/netscape/cmscore/security/SSLSelfSignedCert.java b/base/common/src/com/netscape/cmscore/security/SSLSelfSignedCert.java new file mode 100644 index 000000000..1d70e7a1d --- /dev/null +++ b/base/common/src/com/netscape/cmscore/security/SSLSelfSignedCert.java @@ -0,0 +1,119 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cmscore.security; + +import java.io.IOException; +import java.security.KeyPair; + +import netscape.security.x509.KeyUsageExtension; + +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.IConfigStore; +import com.netscape.certsrv.common.ConfigConstants; +import com.netscape.certsrv.common.Constants; +import com.netscape.certsrv.security.KeyCertData; + +/** + * SSL server certificate + * + * @author Christine Ho + * @version $Revision$, $Date$ + */ +public class SSLSelfSignedCert extends CertificateInfo { + public static final String SUBJECT_NAME = + "CN=SSL, O=Netscape Communications, C=US"; + private String mTokenname = Constants.PR_INTERNAL_TOKEN_NAME; + + public SSLSelfSignedCert(KeyCertData properties) { + this(properties, null); + } + + public SSLSelfSignedCert(KeyCertData properties, KeyPair pair) { + super(properties, pair); + String tmp = (String) mProperties.get(Constants.PR_TOKEN_NAME); + + if ((tmp != null) && + (!tmp.equals(Constants.PR_INTERNAL_TOKEN))) + mTokenname = tmp; + mProperties.remove(Constants.PR_AKI); + + // 020599: This SSL server bit has to be turned on. Otherwise, it + // might crash jss. + mProperties.put(Constants.PR_SSL_SERVER_BIT, Constants.TRUE); + } + + public void updateConfig(IConfigStore cmsFileTmp) throws EBaseException { + String tokenname = (String) mProperties.get(Constants.PR_TOKEN_NAME); + String nickname = getNickname(); + String fullNickname = ""; + + if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { + fullNickname = nickname; + } else { + fullNickname = tokenname + ":" + nickname; + } + cmsFileTmp.putString("radm.https.nickName", fullNickname); + cmsFileTmp.commit(false); + } + + public String getSubjectName() { + return (String) mProperties.get(Constants.PR_SUBJECT_NAME); + } + + public String getNickname() { + String name = (String) mProperties.get(Constants.PR_NICKNAME); + String instanceName = + (String) mProperties.get(ConfigConstants.PR_CERT_INSTANCE_NAME); + + if (name != null) + return name; + return "Remote Admin Server-Cert " + instanceName; + } + + /* + public SignatureAlgorithm getSigningAlgorithm() { + SignatureAlgorithm sAlg = + (SignatureAlgorithm)mProperties.get(Constants.PR_SIGNATURE_ALGORITHM); + if (sAlg != null) { + return sAlg; + } + String alg = (String)mProperties.get(Constants.PR_KEY_TYPE); + + if (alg.equals("RSA")) + return SignatureAlgorithm.RSASignatureWithMD5Digest; + else + return SignatureAlgorithm.DSASignatureWithSHA1Digest; + } + */ + + public String getKeyAlgorithm() { + return (String) mProperties.get(Constants.PR_KEY_TYPE); + } + + public void signed() { + } + + protected KeyUsageExtension getKeyUsageExtension() throws IOException { + KeyUsageExtension extension = new KeyUsageExtension(); + + extension.set(KeyUsageExtension.DIGITAL_SIGNATURE, new Boolean(true)); + //extension.set(KeyUsageExtension.NON_REPUDIATION, new Boolean(true)); + extension.set(KeyUsageExtension.KEY_ENCIPHERMENT, new Boolean(true)); + return extension; + } +} |