From 7524be0fb18304d2562059a82607da0fdd9a2f1d Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata@redhat.com>
Date: Thu, 29 Jun 2017 08:40:42 +0200
Subject: Refactored CertUtil.importCert().

The code for importing certificate into NSS database has been
moved into CertUtil.importCert().

https://pagure.io/dogtagpki/issue/2280

Change-Id: I6a7a01b9170a5c0e9973ab1d5a7484349765dc5e
---
 .../com/netscape/cms/servlet/csadmin/CertUtil.java | 30 ++++++++++++++++++++++
 .../cms/servlet/csadmin/ConfigurationUtils.java    | 23 +----------------
 .../com/netscape/cmsutil/crypto/CryptoUtil.java    | 13 +++++-----
 3 files changed, 37 insertions(+), 29 deletions(-)

(limited to 'base')

diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java
index 5e181be6e..c2f87bb83 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java
@@ -826,4 +826,34 @@ public class CertUtil {
 
         deleteCert(CryptoUtil.INTERNAL_TOKEN_FULL_NAME, nickname);
     }
+
+    public static void importCert(
+            String subsystem,
+            String tag,
+            String tokenname,
+            String nickname,
+            X509CertImpl impl
+            ) throws Exception {
+
+        CMS.debug("CertUtil.importCert(" + tag + ")");
+
+        if (tag.equals("sslserver") && findBootstrapServerCert()) {
+            CMS.debug("CertUtil: deleting temporary SSL server cert");
+            deleteBootstrapServerCert();
+        }
+
+        if (findCertificate(tokenname, nickname)) {
+            CMS.debug("CertUtil: deleting existing " + tag + " cert");
+            deleteCert(tokenname, nickname);
+        }
+
+        CMS.debug("CertUtil: importing " + tag + " cert");
+
+        if (subsystem.equals("ca") && tag.equals("signing") ) {
+            CryptoUtil.importUserCertificate(impl, nickname);
+
+        } else {
+            CryptoUtil.importUserCertificate(impl, nickname, false);
+        }
+    }
 }
diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
index 03e4915bf..97a4bc3a8 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
@@ -3310,34 +3310,13 @@ public class ConfigurationUtils {
             }
 
         } else {
-            CMS.debug("handleCerts(): processing " + cert.getType() + " cert");
 
             b64 = CryptoUtil.stripCertBrackets(b64.trim());
             String certs = CryptoUtil.normalizeCertStr(b64);
             byte[] certb = CryptoUtil.base64Decode(certs);
             X509CertImpl impl = new X509CertImpl(certb);
 
-            CMS.debug("handleCerts(): deleting existing cert");
-            try {
-                if (certTag.equals("sslserver") && CertUtil.findBootstrapServerCert())
-                    CertUtil.deleteBootstrapServerCert();
-                if (CertUtil.findCertificate(tokenname, nickname)) {
-                    CertUtil.deleteCert(tokenname, nickname);
-                }
-            } catch (Exception e) {
-                CMS.debug(e);
-            }
-
-            CMS.debug("handleCerts(): importing new cert");
-            try {
-                if (certTag.equals("signing") && subsystem.equals("ca"))
-                    CryptoUtil.importUserCertificate(impl, nickname);
-                else
-                    CryptoUtil.importUserCertificate(impl, nickname, false);
-            } catch (Exception ee) {
-                CMS.debug("handleCerts(): Failed to import user certificate." + ee.toString());
-                throw new Exception("Unable to import " + certTag + " certificate: " + ee, ee);
-            }
+            CertUtil.importCert(subsystem, certTag, tokenname, nickname, impl);
         }
 
         //update requests in request queue for local certs to allow renewal
diff --git a/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java b/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java
index eca8dddb6..707a12388 100644
--- a/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java
+++ b/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java
@@ -2064,25 +2064,24 @@ public class CryptoUtil {
                 TokenException,
                 CryptoManager.NicknameConflictException,
                 CryptoManager.UserCertConflictException {
-        CryptoManager cm = CryptoManager.getInstance();
 
-        cm.importUserCACertPackage(cert.getEncoded(), nickname);
-        trustCertByNickname(nickname);
+        importUserCertificate(cert, nickname, true);
     }
 
-    public static void importUserCertificate(X509CertImpl cert, String nickname,
-            boolean trust)
+    public static void importUserCertificate(X509CertImpl cert, String nickname, boolean trust)
             throws CryptoManager.NotInitializedException,
                 CertificateEncodingException,
                 NoSuchItemOnTokenException,
                 TokenException,
                 CryptoManager.NicknameConflictException,
                 CryptoManager.UserCertConflictException {
-        CryptoManager cm = CryptoManager.getInstance();
 
+        CryptoManager cm = CryptoManager.getInstance();
         cm.importUserCACertPackage(cert.getEncoded(), nickname);
-        if (trust)
+
+        if (trust) {
             trustCertByNickname(nickname);
+        }
     }
 
     public static java.security.cert.X509Certificate[] getX509CertificateFromPKCS7(byte[] b) throws IOException {
-- 
cgit