blob: 1d1d05ed55ef30114781521ac607eae118546250 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
|
// --- BEGIN COPYRIGHT BLOCK ---
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation; version 2 of the License.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License along
// with this program; if not, write to the Free Software Foundation, Inc.,
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
//
// (C) 2007 Red Hat, Inc.
// All rights reserved.
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.def;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import netscape.security.x509.CertificateX509Key;
import netscape.security.x509.KeyIdentifier;
import netscape.security.x509.PKIXExtensions;
import netscape.security.x509.SubjectKeyIdentifierExtension;
import netscape.security.x509.X509CertImpl;
import netscape.security.x509.X509CertInfo;
import netscape.security.x509.X509Key;
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.ca.ICertificateAuthority;
/**
* This class implements an abstract CA specific
* Enrollment default. This policy can only be
* used with CA subsystem.
*
* @version $Revision$, $Date$
*/
public abstract class CAEnrollDefault extends EnrollDefault {
public CAEnrollDefault() {
}
public KeyIdentifier getKeyIdentifier(X509CertInfo info) {
try {
CertificateX509Key ckey = (CertificateX509Key)
info.get(X509CertInfo.KEY);
X509Key key = (X509Key) ckey.get(CertificateX509Key.KEY);
MessageDigest md = MessageDigest.getInstance("SHA-1");
md.update(key.getKey());
byte[] hash = md.digest();
return new KeyIdentifier(hash);
} catch (IOException e) {
CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " +
e.toString());
} catch (CertificateException e) {
CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " +
e.toString());
} catch (NoSuchAlgorithmException e) {
CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " +
e.toString());
}
return null;
}
public KeyIdentifier getCAKeyIdentifier() {
ICertificateAuthority ca = (ICertificateAuthority)
CMS.getSubsystem(CMS.SUBSYSTEM_CA);
X509CertImpl caCert = ca.getCACert();
if (caCert == null) {
// during configuration, we dont have the CA certificate
return null;
}
X509Key key = (X509Key) caCert.getPublicKey();
SubjectKeyIdentifierExtension subjKeyIdExt =
(SubjectKeyIdentifierExtension)
caCert.getExtension(PKIXExtensions.SubjectKey_Id.toString());
if (subjKeyIdExt != null) {
try {
KeyIdentifier keyId = (KeyIdentifier) subjKeyIdExt.get(
SubjectKeyIdentifierExtension.KEY_ID);
return keyId;
} catch (IOException e) {
}
}
try {
MessageDigest md = MessageDigest.getInstance("SHA-1");
md.update(key.getKey());
byte[] hash = md.digest();
return new KeyIdentifier(hash);
} catch (NoSuchAlgorithmException e) {
CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " +
e.toString());
}
return null;
}
}
|