Search in sources :

Example 1 with X509AttrBuilder

use of com.intel.mtwilson.tag.common.X509AttrBuilder in project OpenAttestation by OpenAttestation.

the class TagCertificateAuthority method createTagCertificate.

/**
     * Does not attempt to match the subject to the selection. Do not call
     * directly unless you have already verified that you want to create a
     * certificate for the given subject with the given selection with no
     * further checks.
     *
     * @param subject
     * @param selection element representing a set of host attributes by
     * reference via the selection uuid or selection name or inline via the
     * attribute elements
     * @return
     * @throws Exception
     */
public byte[] createTagCertificate(UUID subject, SelectionType selection) throws IOException, com.intel.mtwilson.ApiException {
    // check if we have a private key to use for signing
    PrivateKey cakey = Global.cakey();
    X509Certificate cakeyCert = Global.cakeyCert();
    if (cakey == null || cakeyCert == null) {
        throw new IllegalStateException("Missing tag certificate authority key");
    }
    X509AttrBuilder builder = X509AttrBuilder.factory().issuerName(cakeyCert).issuerPrivateKey(cakey).dateSerial().subjectUuid(subject).expires(configuration.getTagValiditySeconds(), TimeUnit.SECONDS);
    for (AttributeType attribute : selection.getAttribute()) {
        X509AttrBuilder.Attribute oidAndValue = Util.toAttributeOidValue(attribute);
        builder.attribute(oidAndValue.oid, oidAndValue.value);
    }
    byte[] attributeCertificateBytes = builder.build();
    if (attributeCertificateBytes == null) {
        log.error("Cannot build attribute certificate");
        for (Fault fault : builder.getFaults()) {
            log.error(String.format("%s: %s", fault.getClass().getName(), fault.toString()));
        }
        throw new IllegalArgumentException("Cannot build attribute certificate");
    }
    // if auto-import to mtwilson is enabled, do it here, but if there is an exception we only log it
    try {
        log.debug("Tag certificate auto-import enabled: {}", configuration.isTagProvisionAutoImport());
        if (configuration.isTagProvisionAutoImport()) {
            //String url = My.configuration().getAssetTagMtWilsonBaseUrl();
            String url = ASConfig.getMtWilsonURL().toString();
            if (url != null && !url.isEmpty()) {
                AssetTagCertCreateRequest request = new AssetTagCertCreateRequest();
                request.setCertificate(attributeCertificateBytes);
                log.debug("Importing tag certificate to Mt Wilson");
                Global.mtwilson().importAssetTagCertificate(request);
            }
        }
    } catch (IOException e) {
        log.error("Failed to auto-import tag certificate to Mt Wilson", e);
    } catch (SignatureException e) {
        log.error("Failed to auto-import tag certificate to Mt Wilson", e);
    }
    return attributeCertificateBytes;
}
Also used : PrivateKey(java.security.PrivateKey) Fault(com.intel.mtwilson.util.validation.Fault) IOException(java.io.IOException) SignatureException(java.security.SignatureException) X509Certificate(java.security.cert.X509Certificate) AssetTagCertCreateRequest(com.intel.mtwilson.datatypes.AssetTagCertCreateRequest) X509AttrBuilder(com.intel.mtwilson.tag.common.X509AttrBuilder)

Aggregations

AssetTagCertCreateRequest (com.intel.mtwilson.datatypes.AssetTagCertCreateRequest)1 X509AttrBuilder (com.intel.mtwilson.tag.common.X509AttrBuilder)1 Fault (com.intel.mtwilson.util.validation.Fault)1 IOException (java.io.IOException)1 PrivateKey (java.security.PrivateKey)1 SignatureException (java.security.SignatureException)1 X509Certificate (java.security.cert.X509Certificate)1