Example 1 with AssetTagCertCreateRequest
use of com.intel.mtwilson.datatypes.AssetTagCertCreateRequest in project OpenAttestation by OpenAttestation.
the class MtWilsonImportTagCertificate method run.
@Override
@RequiresPermissions("tag_certificates:import")
public void run() {
log.debug("RPC:MtWilsonImportTagCertificate - Got request to deploy certificate with ID {}.", certificateId);
CertificateLocator locator = new CertificateLocator();
locator.id = certificateId;
try (CertificateDAO dao = TagJdbi.certificateDao()) {
Certificate obj = dao.findById(certificateId);
if (obj != null) {
log.debug("RPC:MtWilsonImportTagCertificate - Sha1 of the certificate about to be deployed is {}.", obj.getSha1());
AssetTagCertCreateRequest request = new AssetTagCertCreateRequest();
request.setCertificate(obj.getCertificate());
Global.mtwilson().importAssetTagCertificate(request);
log.info("RPC:MtWilsonImportTagCertificate - Certificate with id {} has been deployed successfully.");
} else {
log.error("RPC:MtWilsonImportTagCertificate - Specified Certificate with id {} is not valid.", certificateId);
throw new RepositoryInvalidInputException(locator);
}
} catch (RepositoryException re) {
throw re;
} catch (Exception ex) {
log.error("RPC:MtWilsonImportTagCertificate - Error during certificate deployment.", ex);
throw new RepositoryException(ex);
}
}
Also used :
CertificateLocator(com.intel.mtwilson.datatypes.CertificateLocator)
CertificateDAO(com.intel.mtwilson.tag.dao.jdbi.CertificateDAO)
AssetTagCertCreateRequest(com.intel.mtwilson.datatypes.AssetTagCertCreateRequest)
RepositoryException(com.intel.mtwilson.tag.repository.RepositoryException)
RepositoryInvalidInputException(com.intel.mtwilson.tag.repository.RepositoryInvalidInputException)
RepositoryInvalidInputException(com.intel.mtwilson.tag.repository.RepositoryInvalidInputException)
RepositoryException(com.intel.mtwilson.tag.repository.RepositoryException)
Certificate(com.intel.mtwilson.datatypes.Certificate)
RequiresPermissions(org.apache.shiro.authz.annotation.RequiresPermissions)
Example 2 with AssetTagCertCreateRequest
use of com.intel.mtwilson.datatypes.AssetTagCertCreateRequest in project OpenAttestation by OpenAttestation.
the class TagCertificateAuthority method createTagCertificate.
/**
* Does not attempt to match the subject to the selection. Do not call
* directly unless you have already verified that you want to create a
* certificate for the given subject with the given selection with no
* further checks.
*
* @param subject
* @param selection element representing a set of host attributes by
* reference via the selection uuid or selection name or inline via the
* attribute elements
* @return
* @throws Exception
*/
public byte[] createTagCertificate(UUID subject, SelectionType selection) throws IOException, com.intel.mtwilson.ApiException {
// check if we have a private key to use for signing
PrivateKey cakey = Global.cakey();
X509Certificate cakeyCert = Global.cakeyCert();
if (cakey == null || cakeyCert == null) {
throw new IllegalStateException("Missing tag certificate authority key");
}
X509AttrBuilder builder = X509AttrBuilder.factory().issuerName(cakeyCert).issuerPrivateKey(cakey).dateSerial().subjectUuid(subject).expires(configuration.getTagValiditySeconds(), TimeUnit.SECONDS);
for (AttributeType attribute : selection.getAttribute()) {
X509AttrBuilder.Attribute oidAndValue = Util.toAttributeOidValue(attribute);
builder.attribute(oidAndValue.oid, oidAndValue.value);
}
byte[] attributeCertificateBytes = builder.build();
if (attributeCertificateBytes == null) {
log.error("Cannot build attribute certificate");
for (Fault fault : builder.getFaults()) {
log.error(String.format("%s: %s", fault.getClass().getName(), fault.toString()));
}
throw new IllegalArgumentException("Cannot build attribute certificate");
}
// if auto-import to mtwilson is enabled, do it here, but if there is an exception we only log it
try {
log.debug("Tag certificate auto-import enabled: {}", configuration.isTagProvisionAutoImport());
if (configuration.isTagProvisionAutoImport()) {
//String url = My.configuration().getAssetTagMtWilsonBaseUrl();
String url = ASConfig.getMtWilsonURL().toString();
if (url != null && !url.isEmpty()) {
AssetTagCertCreateRequest request = new AssetTagCertCreateRequest();
request.setCertificate(attributeCertificateBytes);
log.debug("Importing tag certificate to Mt Wilson");
Global.mtwilson().importAssetTagCertificate(request);
}
}
} catch (IOException e) {
log.error("Failed to auto-import tag certificate to Mt Wilson", e);
} catch (SignatureException e) {
log.error("Failed to auto-import tag certificate to Mt Wilson", e);
}
return attributeCertificateBytes;
}
Also used :
PrivateKey(java.security.PrivateKey)
Fault(com.intel.mtwilson.util.validation.Fault)
IOException(java.io.IOException)
SignatureException(java.security.SignatureException)
X509Certificate(java.security.cert.X509Certificate)
AssetTagCertCreateRequest(com.intel.mtwilson.datatypes.AssetTagCertCreateRequest)
X509AttrBuilder(com.intel.mtwilson.tag.common.X509AttrBuilder)
Aggregations
AssetTagCertCreateRequest (com.intel.mtwilson.datatypes.AssetTagCertCreateRequest)2
Certificate (com.intel.mtwilson.datatypes.Certificate)1
CertificateLocator (com.intel.mtwilson.datatypes.CertificateLocator)1
X509AttrBuilder (com.intel.mtwilson.tag.common.X509AttrBuilder)1
CertificateDAO (com.intel.mtwilson.tag.dao.jdbi.CertificateDAO)1
RepositoryException (com.intel.mtwilson.tag.repository.RepositoryException)1
RepositoryInvalidInputException (com.intel.mtwilson.tag.repository.RepositoryInvalidInputException)1
Fault (com.intel.mtwilson.util.validation.Fault)1
IOException (java.io.IOException)1
PrivateKey (java.security.PrivateKey)1
SignatureException (java.security.SignatureException)1
X509Certificate (java.security.cert.X509Certificate)1
RequiresPermissions (org.apache.shiro.authz.annotation.RequiresPermissions)1
