Search in sources :

Example 6 with Certificate

use of com.intel.mtwilson.datatypes.Certificate in project OpenAttestation by OpenAttestation.

the class RevokeTagCertificate method revokeCert.

@POST
public //@RequiresPermissions("tag_certificates:delete")         
void revokeCert(@QueryParam("certId") String certId) {
    log.debug("RPC: RevokeTagCertificate - Got request to revocation of certificate: {}", certId);
    setCertificateId(UUID.valueOf(certId));
    try (CertificateDAO dao = TagJdbi.certificateDao()) {
        CertificateLocator locator = new CertificateLocator();
        locator.id = certificateId;
        Certificate obj = dao.findById(certificateId);
        if (obj != null) {
            // tries jvm properties, environment variables, then mtwilson.properties;  you can set location of mtwilson.properties with -Dmtwilson.home=/path/to/dir
            org.apache.commons.configuration.Configuration conf = ConfigurationUtil.getConfiguration();
            ApiClient mtwilson = new ApiClient(conf);
            log.debug("RPC: RevokeTagCertificate - Sha1 of the certificate about to be revoked is {}.", obj.getSha1());
            dao.updateRevoked(certificateId, true);
            AssetTagCertRevokeRequest request = new AssetTagCertRevokeRequest();
            request.setSha1OfAssetCert(obj.getSha1().toByteArray());
            mtwilson.revokeAssetTagCertificate(request);
            //Global.mtwilson().revokeAssetTagCertificate(request);
            log.info("RPC: RevokeTagCertificate - Certificate with id {} has been revoked successfully.");
        } else {
            log.error("RPC: RevokeTagCertificate - Certificate with id {} does not exist.", certificateId);
            throw new RepositoryInvalidInputException(locator);
        }
    } catch (RepositoryException re) {
        throw re;
    } catch (Exception ex) {
        log.error("RPC: RevokeTagCertificate - Error during certificate revocation.", ex);
        throw new RepositoryException(ex);
    }
}
Also used : CertificateLocator(com.intel.mtwilson.datatypes.CertificateLocator) AssetTagCertRevokeRequest(com.intel.mtwilson.datatypes.AssetTagCertRevokeRequest) CertificateDAO(com.intel.mtwilson.tag.dao.jdbi.CertificateDAO) RepositoryException(com.intel.mtwilson.tag.repository.RepositoryException) ApiClient(com.intel.mtwilson.ApiClient) RepositoryInvalidInputException(com.intel.mtwilson.tag.repository.RepositoryInvalidInputException) RepositoryInvalidInputException(com.intel.mtwilson.tag.repository.RepositoryInvalidInputException) RepositoryException(com.intel.mtwilson.tag.repository.RepositoryException) WebApplicationException(javax.ws.rs.WebApplicationException) Certificate(com.intel.mtwilson.datatypes.Certificate) POST(javax.ws.rs.POST)

Example 7 with Certificate

use of com.intel.mtwilson.datatypes.Certificate in project OpenAttestation by OpenAttestation.

the class ProvisionTagCertificate method storeTagCertificate.

//    protected void storeAsyncRequest(String subject, SelectionsType selections, HttpServletResponse response) throws IOException {
//            String xml = Util.toXml(selections);
//            byte[] plaintext = xml.getBytes(Charset.forName("UTF-8"));
//            CertificateRequest certificateRequest = new CertificateRequest();
//            certificateRequest.setId(new UUID());
//            certificateRequest.setStatus("New");
//            certificateRequest.setSubject(subject);
//            certificateRequest.setContent(plaintext);
//            certificateRequest.setContentType("application/xml"); 
//            getRepository().create(certificateRequest);
//            response.addHeader("Asynchronous", "true");
//            response.addHeader("Link", String.format("</tag-certificate-requests/%s>; rel=status", certificateRequest.getId().toString()));
////            response.addHeader("Link", String.format("</tag-certificates?certificateRequestIdEqualTo=%s>; rel=certificate", certificateRequest.getId().toString()));
//            response.setStatus(Response.Status.ACCEPTED.getStatusCode());        
//    }
//    
protected Certificate storeTagCertificate(String subject, byte[] attributeCertificateBytes) throws IOException {
    X509AttributeCertificateHolder certificateHolder = new X509AttributeCertificateHolder(attributeCertificateBytes);
    Certificate certificate = Certificate.valueOf(certificateHolder.getEncoded());
    certificate.setId(new UUID());
    // Call into the certificate repository to create the new certificate entry in the database.
    certificateRepository.create(certificate);
    return certificate;
}
Also used : X509AttributeCertificateHolder(org.bouncycastle.cert.X509AttributeCertificateHolder) UUID(com.intel.mtwilson.util.io.UUID) Certificate(com.intel.mtwilson.datatypes.Certificate) X509AttributeCertificate(com.intel.mtwilson.datatypes.X509AttributeCertificate)

Example 8 with Certificate

use of com.intel.mtwilson.datatypes.Certificate in project OpenAttestation by OpenAttestation.

the class ProvisionTagCertificate method createOne.

//    
//    /**
//     * Returns the tag certificate bytes or null if one was not generated
//     * 
//     * @param subject
//     * @param selection may be null; the default selection will be used, if configured
//     * @param request
//     * @param response
//     * @return
//     * @throws IOException
//     */
public Certificate createOne(String subject, SelectionsType selections, HttpServletRequest request, HttpServletResponse response) throws IOException, ApiException, SignatureException, SQLException, IllegalArgumentException {
    //        TagConfiguration configuration = new TagConfiguration(My.configuration().getConfiguration());
    //        TagCertificateAuthority ca = new TagCertificateAuthority(configuration);
    TagConfiguration configuration = new TagConfiguration(ASConfig.getConfiguration());
    TagCertificateAuthority ca = new TagCertificateAuthority(configuration);
    // if the subject is an ip address or hostname, resolve it to a hardware uuid with mtwilson - if the host isn't registered in mtwilson we can't get the hardware uuid so we have to reject the request
    if (!UUID.isValid(subject)) {
        String subjectUuid = findSubjectHardwareUuid(subject);
        if (subjectUuid == null) {
            log.error("Cannot find hardware uuid for subject: {}", subject);
            throw new IllegalArgumentException("Invalid subject specified in the call");
        }
        subject = subjectUuid;
    }
    if (selections == null) {
        log.error("Selection input is null");
        throw new IllegalArgumentException("Invalid selections specified.");
    }
    // if external ca is configured then we only save the request to the database and indicate async processing in our response
    //        if( configuration.isTagProvisionExternal() || isAsync(request) ) {
    //            // requires async processing - we store the request, and an external ca will poll for requests, generate certs, and post the certs back to us; the client can periodically check the status and then download the cert when it's available
    //            storeAsyncRequest(subject, selections, response);
    //            return null;
    //        }
    // if always-generate/no-cache (cache mode off) is enabled then generate it right now and return it - no need to check database for existing certs etc. 
    String cacheMode = "on";
    if (selections.getOptions() != null && selections.getOptions().getCache() != null && selections.getOptions().getCache().getMode() != null) {
        cacheMode = selections.getOptions().getCache().getMode().value();
    }
    // first figure out which selection will be used for the given subject - also filters selections to ones that are currently valid or not marked with validity period
    // throws exception if there is no matching selection and no matching default selection
    SelectionType targetSelection = ca.findCurrentSelectionForSubject(UUID.valueOf(subject), selections);
    log.debug("Cache mode {}", cacheMode);
    if ("off".equals(cacheMode) && targetSelection != null) {
        byte[] certificateBytes = ca.createTagCertificate(UUID.valueOf(subject), targetSelection);
        Certificate certificate = storeTagCertificate(subject, certificateBytes);
        return certificate;
    }
    // if there is an existing currently valid certificate we return it
    CertificateFilterCriteria criteria = new CertificateFilterCriteria();
    criteria.subjectEqualTo = subject;
    criteria.revoked = false;
    criteria.validOn = new Iso8601Date(new Date());
    CertificateCollection results = certificateRepository.search(criteria);
    Date today = new Date();
    Certificate latestCert = null;
    BigInteger latestCreateTime = BigInteger.ZERO;
    //  pick the most recently created cert that is currently valid and has the same attributes specified in the selection.  we evaluate the notBefore and notAfter fields of the certificate itself even though we already narrowed the search to currently valid certs using the search criteria. 
    if (!results.getCertificates().isEmpty()) {
        for (Certificate certificate : results.getCertificates()) {
            X509AttributeCertificate attributeCertificate = X509AttributeCertificate.valueOf(certificate.getCertificate());
            if (today.before(attributeCertificate.getNotBefore())) {
                continue;
            }
            if (today.after(attributeCertificate.getNotAfter())) {
                continue;
            }
            if (targetSelection != null && !certificateAttributesEqual(attributeCertificate, targetSelection)) {
                continue;
            }
            // And here we want to return the latest certificate so we keep track as we look through the results.
            if (latestCreateTime.compareTo(attributeCertificate.getSerialNumber()) <= 0) {
                latestCreateTime = attributeCertificate.getSerialNumber();
                latestCert = certificate;
            }
        }
    }
    // Check if a valid certificate was found during the search.
    if (latestCert != null) {
        X509AttributeCertificate attributeCertificate = X509AttributeCertificate.valueOf(latestCert.getCertificate());
        AssetTagCertAssociateRequest atca = new AssetTagCertAssociateRequest();
        atca.setSha1OfAssetCert(Sha1Digest.digestOf(attributeCertificate.getEncoded()).toByteArray());
        AssetTagCertBO object = new AssetTagCertBO();
        try {
            object.mapAssetTagCertToHost(atca);
        } catch (CryptographyException ex) {
            java.util.logging.Logger.getLogger(ProvisionTagCertificate.class.getName()).log(Level.SEVERE, null, ex);
        }
        //            ca.mapTagCertificate(UUID.valueOf(subject), attributeCertificate.);
        return latestCert;
    }
    // no cached certificate so generate a new certificate
    if (targetSelection == null) {
        throw new IllegalArgumentException("No cached certificate and no default selection provided");
    }
    byte[] certificateBytes = ca.createTagCertificate(UUID.valueOf(subject), targetSelection);
    Certificate certificate = storeTagCertificate(subject, certificateBytes);
    return certificate;
}
Also used : CertificateCollection(com.intel.mtwilson.datatypes.CertificateCollection) AssetTagCertBO(com.intel.mtwilson.as.business.AssetTagCertBO) X509AttributeCertificate(com.intel.mtwilson.datatypes.X509AttributeCertificate) Date(java.util.Date) Iso8601Date(com.intel.mtwilson.util.io.Iso8601Date) TagConfiguration(com.intel.mtwilson.tag.TagConfiguration) CryptographyException(com.intel.mtwilson.crypto.CryptographyException) TagCertificateAuthority(com.intel.mtwilson.tag.TagCertificateAuthority) SelectionType(com.intel.mtwilson.tag.selection.xml.SelectionType) CertificateFilterCriteria(com.intel.mtwilson.datatypes.CertificateFilterCriteria) BigInteger(java.math.BigInteger) Iso8601Date(com.intel.mtwilson.util.io.Iso8601Date) Certificate(com.intel.mtwilson.datatypes.Certificate) X509AttributeCertificate(com.intel.mtwilson.datatypes.X509AttributeCertificate) AssetTagCertAssociateRequest(com.intel.mtwilson.datatypes.AssetTagCertAssociateRequest)

Example 9 with Certificate

use of com.intel.mtwilson.datatypes.Certificate in project OpenAttestation by OpenAttestation.

the class CertificateRepository method store.

@Override
public //    @RequiresPermissions("tag_certificates:store") 
void store(Certificate item) {
    log.debug("Certificate:Store - Got request to update Certificate with id {}.", item.getId().toString());
    // will be used if we need to throw an exception
    CertificateLocator locator = new CertificateLocator();
    locator.id = item.getId();
    try (CertificateDAO dao = TagJdbi.certificateDao()) {
        Certificate obj = dao.findById(item.getId());
        // Allowing the user to only edit the revoked field.
        if (obj != null) {
            dao.updateRevoked(item.getId(), item.isRevoked());
            log.debug("Certificate:Store - Updated the Certificate {} successfully.", item.getId().toString());
        } else {
            log.error("Certificate:Store - Certificate will not be updated since it does not exist.");
            throw new RepositoryStoreConflictException(locator);
        }
    } catch (RepositoryException re) {
        throw re;
    } catch (Exception ex) {
        log.error("Certificate:Store - Error during Certificate update.", ex);
        throw new RepositoryStoreException(ex, locator);
    }
}
Also used : CertificateLocator(com.intel.mtwilson.datatypes.CertificateLocator) CertificateDAO(com.intel.mtwilson.tag.dao.jdbi.CertificateDAO) RepositoryException(com.intel.mtwilson.tag.repository.RepositoryException) RepositoryStoreConflictException(com.intel.mtwilson.tag.repository.RepositoryStoreConflictException) RepositoryCreateException(com.intel.mtwilson.tag.repository.RepositoryCreateException) RepositoryDeleteException(com.intel.mtwilson.tag.repository.RepositoryDeleteException) RepositoryStoreException(com.intel.mtwilson.tag.repository.RepositoryStoreException) RepositoryStoreConflictException(com.intel.mtwilson.tag.repository.RepositoryStoreConflictException) RepositoryRetrieveException(com.intel.mtwilson.tag.repository.RepositoryRetrieveException) RepositoryException(com.intel.mtwilson.tag.repository.RepositoryException) RepositorySearchException(com.intel.mtwilson.tag.repository.RepositorySearchException) RepositoryCreateConflictException(com.intel.mtwilson.tag.repository.RepositoryCreateConflictException) Certificate(com.intel.mtwilson.datatypes.Certificate) X509AttributeCertificate(com.intel.mtwilson.datatypes.X509AttributeCertificate) RepositoryStoreException(com.intel.mtwilson.tag.repository.RepositoryStoreException)

Example 10 with Certificate

use of com.intel.mtwilson.datatypes.Certificate in project OpenAttestation by OpenAttestation.

the class CertificateRepository method delete.

@Override
public //    @RequiresPermissions("tag_certificates:delete") 
void delete(CertificateLocator locator) {
    if (locator == null || locator.id == null) {
        return;
    }
    log.debug("Certificate:Delete - Got request to delete Certificate with id {}.", locator.id.toString());
    try (CertificateDAO dao = TagJdbi.certificateDao()) {
        Certificate obj = dao.findById(locator.id);
        if (obj != null) {
            dao.delete(locator.id);
            log.debug("Certificate:Delete - Deleted the Certificate {} successfully.", locator.id.toString());
        } else {
            log.info("Certificate:Delete - Certificate does not exist in the system.");
        }
    } catch (Exception ex) {
        log.error("Certificate:Delete - Error during certificate deletion.", ex);
        throw new RepositoryDeleteException(ex, locator);
    }
}
Also used : RepositoryDeleteException(com.intel.mtwilson.tag.repository.RepositoryDeleteException) CertificateDAO(com.intel.mtwilson.tag.dao.jdbi.CertificateDAO) RepositoryCreateException(com.intel.mtwilson.tag.repository.RepositoryCreateException) RepositoryDeleteException(com.intel.mtwilson.tag.repository.RepositoryDeleteException) RepositoryStoreException(com.intel.mtwilson.tag.repository.RepositoryStoreException) RepositoryStoreConflictException(com.intel.mtwilson.tag.repository.RepositoryStoreConflictException) RepositoryRetrieveException(com.intel.mtwilson.tag.repository.RepositoryRetrieveException) RepositoryException(com.intel.mtwilson.tag.repository.RepositoryException) RepositorySearchException(com.intel.mtwilson.tag.repository.RepositorySearchException) RepositoryCreateConflictException(com.intel.mtwilson.tag.repository.RepositoryCreateConflictException) Certificate(com.intel.mtwilson.datatypes.Certificate) X509AttributeCertificate(com.intel.mtwilson.datatypes.X509AttributeCertificate)

Aggregations

Certificate (com.intel.mtwilson.datatypes.Certificate)11 X509AttributeCertificate (com.intel.mtwilson.datatypes.X509AttributeCertificate)8 RepositoryException (com.intel.mtwilson.tag.repository.RepositoryException)8 CertificateDAO (com.intel.mtwilson.tag.dao.jdbi.CertificateDAO)6 RepositoryCreateConflictException (com.intel.mtwilson.tag.repository.RepositoryCreateConflictException)6 RepositoryCreateException (com.intel.mtwilson.tag.repository.RepositoryCreateException)6 RepositoryDeleteException (com.intel.mtwilson.tag.repository.RepositoryDeleteException)6 RepositoryRetrieveException (com.intel.mtwilson.tag.repository.RepositoryRetrieveException)6 RepositorySearchException (com.intel.mtwilson.tag.repository.RepositorySearchException)6 RepositoryStoreConflictException (com.intel.mtwilson.tag.repository.RepositoryStoreConflictException)6 RepositoryStoreException (com.intel.mtwilson.tag.repository.RepositoryStoreException)6 CertificateLocator (com.intel.mtwilson.datatypes.CertificateLocator)5 CertificateCollection (com.intel.mtwilson.datatypes.CertificateCollection)3 RepositoryInvalidInputException (com.intel.mtwilson.tag.repository.RepositoryInvalidInputException)2 UUID (com.intel.mtwilson.util.io.UUID)2 ApiClient (com.intel.mtwilson.ApiClient)1 AssetTagCertBO (com.intel.mtwilson.as.business.AssetTagCertBO)1 CryptographyException (com.intel.mtwilson.crypto.CryptographyException)1 AssetTagCertAssociateRequest (com.intel.mtwilson.datatypes.AssetTagCertAssociateRequest)1 AssetTagCertCreateRequest (com.intel.mtwilson.datatypes.AssetTagCertCreateRequest)1