summaryrefslogtreecommitdiffstats
path: root/base/server/cms/src/org
diff options
context:
space:
mode:
Diffstat (limited to 'base/server/cms/src/org')
-rw-r--r--base/server/cms/src/org/dogtagpki/server/rest/SystemCertService.java113
1 files changed, 83 insertions, 30 deletions
diff --git a/base/server/cms/src/org/dogtagpki/server/rest/SystemCertService.java b/base/server/cms/src/org/dogtagpki/server/rest/SystemCertService.java
index 02f9004ec..e4bb09cc2 100644
--- a/base/server/cms/src/org/dogtagpki/server/rest/SystemCertService.java
+++ b/base/server/cms/src/org/dogtagpki/server/rest/SystemCertService.java
@@ -19,25 +19,28 @@
package org.dogtagpki.server.rest;
import java.net.URI;
-import java.security.cert.CertificateEncodingException;
+import java.security.Principal;
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.HttpHeaders;
-import javax.ws.rs.core.Request;
import javax.ws.rs.core.Response;
-import javax.ws.rs.core.UriInfo;
+
+import netscape.security.x509.X509CertImpl;
import org.jboss.resteasy.plugins.providers.atom.Link;
+import org.mozilla.jss.crypto.X509Certificate;
import com.netscape.certsrv.apps.CMS;
+import com.netscape.certsrv.base.IConfigStore;
import com.netscape.certsrv.base.PKIException;
import com.netscape.certsrv.base.ResourceNotFoundException;
import com.netscape.certsrv.cert.CertData;
+import com.netscape.certsrv.dbs.certdb.CertId;
import com.netscape.certsrv.kra.IKeyRecoveryAuthority;
import com.netscape.certsrv.security.ITransportKeyUnit;
+import com.netscape.certsrv.system.KRAConnectorInfo;
import com.netscape.certsrv.system.SystemCertResource;
+import com.netscape.cms.servlet.admin.KRAConnectorProcessor;
import com.netscape.cms.servlet.base.PKIService;
+import com.netscape.cmsutil.util.Utils;
/**
* This is the class used to list, retrieve and modify system certificates for all Java subsystems.
@@ -47,26 +50,52 @@ import com.netscape.cms.servlet.base.PKIService;
*/
public class SystemCertService extends PKIService implements SystemCertResource {
- @Context
- private UriInfo uriInfo;
+ /**
+ * Used to retrieve the transport certificate
+ */
+ public Response getTransportCert() {
+
+ try {
+ IConfigStore cs = CMS.getConfigStore();
+ String type = cs.getString("cs.type");
+
+ CertData certData;
+ if ("CA".equals(type)) {
+ certData = getTransportCertFromCA();
- @Context
- private HttpHeaders headers;
+ } else if ("KRA".equals(type)) {
+ certData = getTransportCertFromKRA();
- @Context
- private Request request;
+ } else {
+ throw new ResourceNotFoundException("Transport certificate not available in " + type);
+ }
+
+ URI uri = uriInfo.getRequestUri();
+ certData.setLink(new Link("self", uri));
- @Context
- private HttpServletRequest servletRequest;
+ return sendConditionalGetResponse(DEFAULT_LONG_CACHE_LIFETIME, certData, request);
- public SystemCertService() {
- CMS.debug("SystemCertService.<init>()");
+ } catch (PKIException e) {
+ throw e;
+
+ } catch (Exception e) {
+ CMS.debug(e);
+ throw new PKIException(e);
+ }
}
- /**
- * Used to retrieve the transport certificate
- */
- public Response getTransportCert() {
+ public CertData getTransportCertFromCA() throws Exception {
+ KRAConnectorProcessor processor = new KRAConnectorProcessor(getLocale(headers));
+ KRAConnectorInfo info = processor.getConnectorInfo();
+ String encodedCert = info.getTransportCert();
+
+ byte[] bytes = Utils.base64decode(encodedCert);
+ X509CertImpl cert = new X509CertImpl(bytes);
+
+ return createCertificateData(cert);
+ }
+
+ public CertData getTransportCertFromKRA() throws Exception {
IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS.getSubsystem("kra");
if (kra == null) {
@@ -80,24 +109,48 @@ public class SystemCertService extends PKIService implements SystemCertResource
throw new PKIException("No transport key unit.");
}
- org.mozilla.jss.crypto.X509Certificate transportCert = tu.getCertificate();
+ X509Certificate transportCert = tu.getCertificate();
if (transportCert == null) {
CMS.debug("getTransportCert: transport cert is null");
throw new PKIException("Transport cert not found.");
}
- try {
- CertData cert = createCertificateData(transportCert);
+ return createCertificateData(transportCert);
+ }
- URI uri = uriInfo.getRequestUri();
- cert.setLink(new Link("self", uri));
+ public CertData createCertificateData(X509CertImpl cert) throws Exception {
- return sendConditionalGetResponse(DEFAULT_LONG_CACHE_LIFETIME, cert, request);
+ CertData data = new CertData();
- } catch (CertificateEncodingException e) {
- CMS.debug(e);
- throw new PKIException("Unable to encode transport cert");
- }
+ data.setSerialNumber(new CertId(cert.getSerialNumber()));
+
+ Principal issuerDN = cert.getIssuerDN();
+ if (issuerDN != null) data.setIssuerDN(issuerDN.toString());
+
+ Principal subjectDN = cert.getSubjectDN();
+ if (subjectDN != null) data.setSubjectDN(subjectDN.toString());
+
+ String b64 = CertData.HEADER + "\n" + CMS.BtoA(cert.getEncoded()) + CertData.FOOTER;
+ data.setEncoded(b64);
+
+ return data;
}
+ public CertData createCertificateData(X509Certificate cert) throws Exception {
+
+ CertData data = new CertData();
+
+ data.setSerialNumber(new CertId(cert.getSerialNumber()));
+
+ Principal issuerDN = cert.getIssuerDN();
+ if (issuerDN != null) data.setIssuerDN(issuerDN.toString());
+
+ Principal subjectDN = cert.getSubjectDN();
+ if (subjectDN != null) data.setSubjectDN(subjectDN.toString());
+
+ String b64 = CertData.HEADER + "\n" + CMS.BtoA(cert.getEncoded()) + CertData.FOOTER;
+ data.setEncoded(b64);
+
+ return data;
+ }
}
generated by cgit (git 2.34.1) at 2026-03-06 09:49:54 +0000