use of com.intel.mtwilson.tag.common.X509AttrBuilder in project OpenAttestation by OpenAttestation.
the class TagCertificateAuthority method createTagCertificate.
/**
* Does not attempt to match the subject to the selection. Do not call
* directly unless you have already verified that you want to create a
* certificate for the given subject with the given selection with no
* further checks.
*
* @param subject
* @param selection element representing a set of host attributes by
* reference via the selection uuid or selection name or inline via the
* attribute elements
* @return
* @throws Exception
*/
public byte[] createTagCertificate(UUID subject, SelectionType selection) throws IOException, com.intel.mtwilson.ApiException {
// check if we have a private key to use for signing
PrivateKey cakey = Global.cakey();
X509Certificate cakeyCert = Global.cakeyCert();
if (cakey == null || cakeyCert == null) {
throw new IllegalStateException("Missing tag certificate authority key");
}
X509AttrBuilder builder = X509AttrBuilder.factory().issuerName(cakeyCert).issuerPrivateKey(cakey).dateSerial().subjectUuid(subject).expires(configuration.getTagValiditySeconds(), TimeUnit.SECONDS);
for (AttributeType attribute : selection.getAttribute()) {
X509AttrBuilder.Attribute oidAndValue = Util.toAttributeOidValue(attribute);
builder.attribute(oidAndValue.oid, oidAndValue.value);
}
byte[] attributeCertificateBytes = builder.build();
if (attributeCertificateBytes == null) {
log.error("Cannot build attribute certificate");
for (Fault fault : builder.getFaults()) {
log.error(String.format("%s: %s", fault.getClass().getName(), fault.toString()));
}
throw new IllegalArgumentException("Cannot build attribute certificate");
}
// if auto-import to mtwilson is enabled, do it here, but if there is an exception we only log it
try {
log.debug("Tag certificate auto-import enabled: {}", configuration.isTagProvisionAutoImport());
if (configuration.isTagProvisionAutoImport()) {
//String url = My.configuration().getAssetTagMtWilsonBaseUrl();
String url = ASConfig.getMtWilsonURL().toString();
if (url != null && !url.isEmpty()) {
AssetTagCertCreateRequest request = new AssetTagCertCreateRequest();
request.setCertificate(attributeCertificateBytes);
log.debug("Importing tag certificate to Mt Wilson");
Global.mtwilson().importAssetTagCertificate(request);
}
}
} catch (IOException e) {
log.error("Failed to auto-import tag certificate to Mt Wilson", e);
} catch (SignatureException e) {
log.error("Failed to auto-import tag certificate to Mt Wilson", e);
}
return attributeCertificateBytes;
}
Aggregations