use of org.candlepin.model.CertificateSerial in project candlepin by candlepin.
the class ConsumerImporter method store.
public void store(Owner owner, ConsumerDTO consumer, ConflictOverrides forcedConflicts, IdentityCertificate idcert) throws SyncDataFormatException {
if (consumer.getUuid() == null) {
throw new SyncDataFormatException(i18n.tr("No ID for upstream subscription management application."));
}
// Make sure no other owner is already using this upstream UUID:
Owner alreadyUsing = curator.lookupWithUpstreamUuid(consumer.getUuid());
if (alreadyUsing != null && !alreadyUsing.getKey().equals(owner.getKey())) {
log.error("Cannot import manifest for org: {}", owner.getKey());
log.error("Upstream distributor {} already in used by org: {}", consumer.getUuid(), alreadyUsing.getKey());
// delete their manifest after which it could be used elsewhere.
throw new SyncDataFormatException(i18n.tr("This subscription management application has already been imported by another owner."));
}
if (owner.getUpstreamUuid() != null && !owner.getUpstreamUuid().equals(consumer.getUuid())) {
if (!forcedConflicts.isForced(Importer.Conflict.DISTRIBUTOR_CONFLICT)) {
throw new ImportConflictException(i18n.tr("Owner has already imported from another subscription management application."), Importer.Conflict.DISTRIBUTOR_CONFLICT);
} else {
log.warn("Forcing import from a new distributor for org: {}", owner.getKey());
log.warn("Old distributor UUID: {}", owner.getUpstreamUuid());
log.warn("New distributor UUID: {}", consumer.getUuid());
}
}
/*
* WARNING: Strange quirk here, we create a certificate serial object here which does not
* match the actual serial of the identity certificate. Presumably this is to prevent
* potential conflicts with a serial that came from somewhere else. This is consistent with
* importing entitlement certs (as subscription certs).
*/
if (idcert != null) {
CertificateSerial cs = new CertificateSerial();
cs.setCollected(idcert.getSerial().isCollected());
cs.setExpiration(idcert.getSerial().getExpiration());
cs.setUpdated(idcert.getSerial().getUpdated());
cs.setCreated(idcert.getSerial().getCreated());
serialCurator.create(cs);
idcert.setId(null);
idcert.setSerial(cs);
idCertCurator.create(idcert);
}
// create an UpstreamConsumer from the imported ConsumerDto
ConsumerType type = new ConsumerType();
populateEntity(type, consumer.getType());
Owner ownerToUse = new Owner();
if (consumer.getOwner() != null) {
populateEntity(ownerToUse, consumer.getOwner());
}
UpstreamConsumer uc = new UpstreamConsumer(consumer.getName(), ownerToUse, type, consumer.getUuid());
uc.setWebUrl(consumer.getUrlWeb());
uc.setApiUrl(consumer.getUrlApi());
uc.setIdCert(idcert);
uc.setContentAccessMode(consumer.getContentAccessMode());
owner.setUpstreamConsumer(uc);
curator.merge(owner);
}
use of org.candlepin.model.CertificateSerial in project candlepin by candlepin.
the class DefaultIdentityCertServiceAdapter method generate.
private IdentityCertificate generate(Consumer consumer) throws GeneralSecurityException, IOException {
Calendar cal = Calendar.getInstance();
cal.add(Calendar.HOUR, -1);
Date startDate = cal.getTime();
Date endDate = this.endDateGenerator.apply(new Date());
CertificateSerial serial = new CertificateSerial(endDate);
// We need the sequence generated id before we create the EntitlementCertificate,
// otherwise we could have used cascading create
serialCurator.create(serial);
String dn = createDN(consumer);
IdentityCertificate identityCert = new IdentityCertificate();
KeyPair keyPair = keyPairCurator.getConsumerKeyPair(consumer);
X509Certificate x509cert = pki.createX509Certificate(dn, null, null, startDate, endDate, keyPair, BigInteger.valueOf(serial.getId()), consumer.getName());
identityCert.setCert(new String(pki.getPemEncoded(x509cert)));
identityCert.setKey(new String(pki.getPemEncoded(keyPair.getPrivate())));
identityCert.setSerial(serial);
consumer.setIdCert(identityCert);
return idCertCurator.create(identityCert);
}
use of org.candlepin.model.CertificateSerial in project candlepin by candlepin.
the class CrlFileUtil method syncCRLWithDB.
@Transactional
public boolean syncCRLWithDB(File file) throws IOException {
List<BigInteger> revoke = new LinkedList<>();
List<CertificateSerial> serials = this.certificateSerialCurator.retrieveTobeCollectedSerials().list();
for (CertificateSerial serial : serials) {
revoke.add(serial.getSerial());
serial.setCollected(true);
}
List<BigInteger> unrevoke = new LinkedList<>();
for (CertificateSerial serial : this.certificateSerialCurator.getExpiredSerials()) {
unrevoke.add(serial.getSerial());
}
if (revoke.size() > 0 || unrevoke.size() > 0) {
this.updateCRLFile(file, revoke, unrevoke);
// Store the state of the newly-revoked serials as "collected"
this.certificateSerialCurator.saveOrUpdateAll(serials, true, true);
}
return true;
}
use of org.candlepin.model.CertificateSerial in project candlepin by candlepin.
the class SubscriptionReconcilerTest method createEntitlementCertificate.
protected EntitlementCertificate createEntitlementCertificate(String key, String cert) {
EntitlementCertificate toReturn = new EntitlementCertificate();
CertificateSerial certSerial = new CertificateSerial(new Date());
certSerial.setCollected(true);
certSerial.setUpdated(new Date());
certSerial.setCreated(new Date());
toReturn.setKeyAsBytes(key.getBytes());
toReturn.setCertAsBytes(cert.getBytes());
toReturn.setSerial(certSerial);
return toReturn;
}
use of org.candlepin.model.CertificateSerial in project candlepin by candlepin.
the class DefaultIdentityCertServiceAdapterTest method testGenerate.
@Test
public void testGenerate() throws GeneralSecurityException, IOException {
Consumer consumer = mock(Consumer.class);
when(consumer.getId()).thenReturn("42");
when(consumer.getUuid()).thenReturn(Util.generateUUID());
KeyPair kp = createKeyPair();
when(kpc.getConsumerKeyPair(consumer)).thenReturn(kp);
when(idcur.find(consumer.getId())).thenReturn(null);
when(csc.create(any(CertificateSerial.class))).thenAnswer(new Answer<CertificateSerial>() {
public CertificateSerial answer(InvocationOnMock invocation) {
Object[] args = invocation.getArguments();
CertificateSerial cs = (CertificateSerial) args[0];
cs.setId(42L);
return cs;
}
});
when(pki.getPemEncoded(any(X509Certificate.class))).thenReturn("x509cert".getBytes());
when(pki.getPemEncoded(any(PrivateKey.class))).thenReturn("priv".getBytes());
when(idcur.create(any(IdentityCertificate.class))).thenAnswer(new Answer<IdentityCertificate>() {
public IdentityCertificate answer(InvocationOnMock invocation) {
Object[] args = invocation.getArguments();
IdentityCertificate ic = (IdentityCertificate) args[0];
ic.setId("42");
return ic;
}
});
IdentityCertificate ic = dicsa.generateIdentityCert(consumer);
assertNotNull(ic);
assertEquals("priv", ic.getKey());
assertEquals("x509cert", ic.getCert());
assertNotNull(ic.getCertAsBytes());
assertNotNull(ic.getKeyAsBytes());
verify(consumer).setIdCert(ic);
verify(csc).create(any(CertificateSerial.class));
}
Aggregations