Example 1 with File
use of com.intel.mtwilson.datatypes.File in project OpenAttestation by OpenAttestation.
the class Global method cakey.
public static PrivateKey cakey() {
if (cakey == null) {
log.debug("Loading CA key...");
try (FileDAO fileDao = TagJdbi.fileDao()) {
File cakeyFile = fileDao.findByName("cakey");
if (cakeyFile == null) {
log.debug("Cannot find 'cakey' file");
} else {
String content = new String(cakeyFile.getContent(), "UTF-8");
cakey = RsaUtil.decodePemPrivateKey(content);
cakeyCert = X509Util.decodePemCertificate(content);
}
} catch (Exception e) {
log.error("Cannot load cakey", e);
cakey = null;
cakeyCert = null;
}
}
return cakey;
}
Also used :
File(com.intel.mtwilson.datatypes.File)
IOException(java.io.IOException)
Example 2 with File
use of com.intel.mtwilson.datatypes.File in project OpenAttestation by OpenAttestation.
the class AssetTagCertBO method validateAssetTagCert.
/**
* Validates the asset tag certificate and returns back true/false accordingly.
*
* @param atagObj
* @return
*/
private boolean validateAssetTagCert(MwAssetTagCertificate atagObj) {
boolean isValid = false;
try {
// First let us verify if the revoked flag is set
if (atagObj.getRevoked() == true)
return false;
// X509AttributeCertificate provides a helper function that validates both the dates and the signature.
// For that we need to first get the CA certificate that signed the Attribute Certificate. We need to
// extract this from the PEM file list and pass it to the helper function
X509AttributeCertificate atagAttrCertForHost = X509AttributeCertificate.valueOf(atagObj.getCertificate());
List<X509Certificate> atagCaCerts = null;
////////////////
FileDAO fileDao;
try {
fileDao = TagJdbi.fileDao();
File cacertFile = fileDao.findByName("cacerts");
if (cacertFile == null) {
log.error("Error loading the cacert pem file to extract the CA certificate(s).");
} else {
atagCaCerts = X509Util.decodePemCertificates(new String(cacertFile.getContent(), "UTF-8"));
//IOUtils.closeQuietly(atagCaIn);
log.debug("Added {} certificates from AssetTagCA.pem", atagCaCerts.size());
// cacerts = X509Util.decodePemCertificates(new String(cacertFile.getContent(), "UTF-8"));
}
} catch (Exception e) {
log.error("Cannot load cacerts", e);
atagCaCerts = null;
}
// The below isValid function verifies both the signature and the dates.
if (atagCaCerts != null) {
for (X509Certificate atagCACert : atagCaCerts) {
if (atagAttrCertForHost.isValid(atagCACert))
return true;
}
}
} catch (Exception ex) {
throw new ASException(ex);
}
return isValid;
}
Also used :
FileDAO(com.intel.mtwilson.tag.dao.jdbi.FileDAO)
X509AttributeCertificate(com.intel.mtwilson.datatypes.X509AttributeCertificate)
File(com.intel.mtwilson.datatypes.File)
X509Certificate(java.security.cert.X509Certificate)
ASException(com.intel.mountwilson.as.common.ASException)
ApiException(com.intel.mtwilson.ApiException)
CryptographyException(com.intel.mtwilson.crypto.CryptographyException)
SignatureException(java.security.SignatureException)
IOException(java.io.IOException)
KeyManagementException(java.security.KeyManagementException)
CertificateException(java.security.cert.CertificateException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
ASException(com.intel.mountwilson.as.common.ASException)
Example 3 with File
use of com.intel.mtwilson.datatypes.File in project OpenAttestation by OpenAttestation.
the class Global method mtwilson.
//public static MtWilson mtwilson() {
public static ApiClient mtwilson() {
if (mtwilson == null) {
// the mtwilson api client keystore is stored in our database as a file
log.debug("Preparing Mt Wilson Web Service API Client...");
FileDAO fileDao = null;
//ByteArrayResource keystoreResource = null; //292 and 293 Variable is not being used after assigned
try {
fileDao = TagJdbi.fileDao();
File mtwilsonKeystoreFile = fileDao.findByName("mtwilson-client-keystore");
if (mtwilsonKeystoreFile == null) {
log.debug("Cannot find 'mtwilson-client-keystore' file");
}
// else {
// keystoreResource = new ByteArrayResource(mtwilsonKeystoreFile.getContent());
// }
} catch (Exception e) {
log.error("Cannot load mtwilson-client-keystore", e);
} finally {
if (fileDao != null) {
fileDao.close();
}
}
try {
if (mtwilson == null) {
// tries jvm properties, environment variables, then mtwilson.properties; you can set location of mtwilson.properties with -Dmtwilson.home=/path/to/dir
org.apache.commons.configuration.Configuration conf = ConfigurationUtil.getConfiguration();
mtwilson = new ApiClient(conf);
}
//mtwilson = factory.clientForUserInResource(keystoreResource, keystoreUsername, keystorePassword, url);
} catch (Exception e) {
log.error("Cannot create MtWilson client", e);
}
}
return mtwilson;
}
Also used :
ApiClient(com.intel.mtwilson.ApiClient)
File(com.intel.mtwilson.datatypes.File)
IOException(java.io.IOException)
Example 4 with File
use of com.intel.mtwilson.datatypes.File in project OpenAttestation by OpenAttestation.
the class FileResultMapper method map.
@Override
public File map(int i, ResultSet rs, StatementContext sc) throws SQLException {
File file = new File();
file.setId(UUID.valueOf(rs.getString("id")));
file.setName(rs.getString("name"));
file.setContent(rs.getBytes("content"));
file.setContentType(rs.getString("contentType"));
return file;
}
Also used :
File(com.intel.mtwilson.datatypes.File)
Example 5 with File
use of com.intel.mtwilson.datatypes.File in project OpenAttestation by OpenAttestation.
the class TagCreateCaKey method execute.
@Override
public void execute(String[] args) throws Exception {
// file name, and either outfile or stdout
String dn;
if (args.length > 0) {
dn = args[0];
} else {
dn = "CN=asset-tag-service,OU=mtwilson";
}
// create a new key pair
KeyPair cakey = RsaUtil.generateRsaKeyPair(2048);
X509Builder builder = X509Builder.factory();
X509Certificate cacert = builder.selfSigned(dn, cakey).expires(3650, TimeUnit.DAYS).build();
if (cacert == null) {
// log.error("Failed to create certificate"); // no need to print this, if the build failed there are guaranteed to be faults to print...
List<Fault> faults = builder.getFaults();
for (Fault fault : faults) {
log.error(String.format("%s: %s", fault.getClass().getName(), fault.toString()));
// log.error(String.format("%s%s", fault.toString(), fault.getCause() == null ? "" : ": "+fault.getCause().getMessage()));
}
return;
}
String privateKeyPem = RsaUtil.encodePemPrivateKey(cakey.getPrivate());
String cacertPem = X509Util.encodePemCertificate(cacert);
String combinedPrivateKeyAndCertPem = privateKeyPem + cacertPem;
byte[] combinedPrivateKeyAndCertPemBytes = combinedPrivateKeyAndCertPem.getBytes("UTF-8");
byte[] cacertPemContent = cacertPem.getBytes("UTF-8");
// for now... there can only be ONE CA private key in the database (but we support storing multiple certs)
File cakeyFile = TagJdbi.fileDao().findByName(PRIVATEKEY_FILE);
if (cakeyFile == null) {
// create new private key file
TagJdbi.fileDao().insert(new UUID(), PRIVATEKEY_FILE, "text/plain", combinedPrivateKeyAndCertPemBytes);
} else {
// replace existing private key...
TagJdbi.fileDao().update(cakeyFile.getId(), PRIVATEKEY_FILE, "text/plain", combinedPrivateKeyAndCertPemBytes);
}
// add the ca cert to the list of approved certs
File cacertsFile = TagJdbi.fileDao().findByName(CACERTS_FILE);
if (cacertsFile == null) {
// create new cacerts file
TagJdbi.fileDao().insert(new UUID(), CACERTS_FILE, "text/plain", cacertPemContent);
} else {
// append new cacert to existing file in database
byte[] content = ByteArray.concat(cacertsFile.getContent(), cacertPemContent);
TagJdbi.fileDao().update(cacertsFile.getId(), CACERTS_FILE, "text/plain", content);
// and write to disk also for easy sharing with mtwilson: tag-cacerts.pem
try (FileOutputStream out = new FileOutputStream(ASConfig.getAssetTagCaCertificateFile())) {
IOUtils.write(content, out);
}
}
}
Also used :
KeyPair(java.security.KeyPair)
X509Builder(com.intel.mtwilson.crypto.X509Builder)
FileOutputStream(java.io.FileOutputStream)
Fault(com.intel.mtwilson.util.validation.Fault)
UUID(com.intel.mtwilson.util.io.UUID)
File(com.intel.mtwilson.datatypes.File)
X509Certificate(java.security.cert.X509Certificate)
Aggregations
File (com.intel.mtwilson.datatypes.File)6
IOException (java.io.IOException)4
X509Certificate (java.security.cert.X509Certificate)2
ASException (com.intel.mountwilson.as.common.ASException)1
ApiClient (com.intel.mtwilson.ApiClient)1
ApiException (com.intel.mtwilson.ApiException)1
CryptographyException (com.intel.mtwilson.crypto.CryptographyException)1
X509Builder (com.intel.mtwilson.crypto.X509Builder)1
X509AttributeCertificate (com.intel.mtwilson.datatypes.X509AttributeCertificate)1
FileDAO (com.intel.mtwilson.tag.dao.jdbi.FileDAO)1
UUID (com.intel.mtwilson.util.io.UUID)1
Fault (com.intel.mtwilson.util.validation.Fault)1
FileOutputStream (java.io.FileOutputStream)1
KeyManagementException (java.security.KeyManagementException)1
KeyPair (java.security.KeyPair)1
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1
SignatureException (java.security.SignatureException)1
CertificateException (java.security.cert.CertificateException)1
