Search in sources :

Example 1 with CertificateSerial

use of org.candlepin.model.CertificateSerial in project candlepin by candlepin.

the class ConsumerImporter method store.

public void store(Owner owner, ConsumerDTO consumer, ConflictOverrides forcedConflicts, IdentityCertificate idcert) throws SyncDataFormatException {
    if (consumer.getUuid() == null) {
        throw new SyncDataFormatException(i18n.tr("No ID for upstream subscription management application."));
    }
    // Make sure no other owner is already using this upstream UUID:
    Owner alreadyUsing = curator.lookupWithUpstreamUuid(consumer.getUuid());
    if (alreadyUsing != null && !alreadyUsing.getKey().equals(owner.getKey())) {
        log.error("Cannot import manifest for org: {}", owner.getKey());
        log.error("Upstream distributor {} already in used by org: {}", consumer.getUuid(), alreadyUsing.getKey());
        // delete their manifest after which it could be used elsewhere.
        throw new SyncDataFormatException(i18n.tr("This subscription management application has already been imported by another owner."));
    }
    if (owner.getUpstreamUuid() != null && !owner.getUpstreamUuid().equals(consumer.getUuid())) {
        if (!forcedConflicts.isForced(Importer.Conflict.DISTRIBUTOR_CONFLICT)) {
            throw new ImportConflictException(i18n.tr("Owner has already imported from another subscription management application."), Importer.Conflict.DISTRIBUTOR_CONFLICT);
        } else {
            log.warn("Forcing import from a new distributor for org: {}", owner.getKey());
            log.warn("Old distributor UUID: {}", owner.getUpstreamUuid());
            log.warn("New distributor UUID: {}", consumer.getUuid());
        }
    }
    /*
         * WARNING: Strange quirk here, we create a certificate serial object here which does not
         * match the actual serial of the identity certificate. Presumably this is to prevent
         * potential conflicts with a serial that came from somewhere else. This is consistent with
         * importing entitlement certs (as subscription certs).
         */
    if (idcert != null) {
        CertificateSerial cs = new CertificateSerial();
        cs.setCollected(idcert.getSerial().isCollected());
        cs.setExpiration(idcert.getSerial().getExpiration());
        cs.setUpdated(idcert.getSerial().getUpdated());
        cs.setCreated(idcert.getSerial().getCreated());
        serialCurator.create(cs);
        idcert.setId(null);
        idcert.setSerial(cs);
        idCertCurator.create(idcert);
    }
    // create an UpstreamConsumer from the imported ConsumerDto
    ConsumerType type = new ConsumerType();
    populateEntity(type, consumer.getType());
    Owner ownerToUse = new Owner();
    if (consumer.getOwner() != null) {
        populateEntity(ownerToUse, consumer.getOwner());
    }
    UpstreamConsumer uc = new UpstreamConsumer(consumer.getName(), ownerToUse, type, consumer.getUuid());
    uc.setWebUrl(consumer.getUrlWeb());
    uc.setApiUrl(consumer.getUrlApi());
    uc.setIdCert(idcert);
    uc.setContentAccessMode(consumer.getContentAccessMode());
    owner.setUpstreamConsumer(uc);
    curator.merge(owner);
}
Also used : Owner(org.candlepin.model.Owner) CertificateSerial(org.candlepin.model.CertificateSerial) ConsumerType(org.candlepin.model.ConsumerType) UpstreamConsumer(org.candlepin.model.UpstreamConsumer)

Example 2 with CertificateSerial

use of org.candlepin.model.CertificateSerial in project candlepin by candlepin.

the class DefaultIdentityCertServiceAdapter method generate.

private IdentityCertificate generate(Consumer consumer) throws GeneralSecurityException, IOException {
    Calendar cal = Calendar.getInstance();
    cal.add(Calendar.HOUR, -1);
    Date startDate = cal.getTime();
    Date endDate = this.endDateGenerator.apply(new Date());
    CertificateSerial serial = new CertificateSerial(endDate);
    // We need the sequence generated id before we create the EntitlementCertificate,
    // otherwise we could have used cascading create
    serialCurator.create(serial);
    String dn = createDN(consumer);
    IdentityCertificate identityCert = new IdentityCertificate();
    KeyPair keyPair = keyPairCurator.getConsumerKeyPair(consumer);
    X509Certificate x509cert = pki.createX509Certificate(dn, null, null, startDate, endDate, keyPair, BigInteger.valueOf(serial.getId()), consumer.getName());
    identityCert.setCert(new String(pki.getPemEncoded(x509cert)));
    identityCert.setKey(new String(pki.getPemEncoded(keyPair.getPrivate())));
    identityCert.setSerial(serial);
    consumer.setIdCert(identityCert);
    return idCertCurator.create(identityCert);
}
Also used : KeyPair(java.security.KeyPair) Calendar(java.util.Calendar) CertificateSerial(org.candlepin.model.CertificateSerial) Date(java.util.Date) X509Certificate(java.security.cert.X509Certificate) IdentityCertificate(org.candlepin.model.IdentityCertificate)

Example 3 with CertificateSerial

use of org.candlepin.model.CertificateSerial in project candlepin by candlepin.

the class CrlFileUtil method syncCRLWithDB.

@Transactional
public boolean syncCRLWithDB(File file) throws IOException {
    List<BigInteger> revoke = new LinkedList<>();
    List<CertificateSerial> serials = this.certificateSerialCurator.retrieveTobeCollectedSerials().list();
    for (CertificateSerial serial : serials) {
        revoke.add(serial.getSerial());
        serial.setCollected(true);
    }
    List<BigInteger> unrevoke = new LinkedList<>();
    for (CertificateSerial serial : this.certificateSerialCurator.getExpiredSerials()) {
        unrevoke.add(serial.getSerial());
    }
    if (revoke.size() > 0 || unrevoke.size() > 0) {
        this.updateCRLFile(file, revoke, unrevoke);
        // Store the state of the newly-revoked serials as "collected"
        this.certificateSerialCurator.saveOrUpdateAll(serials, true, true);
    }
    return true;
}
Also used : BigInteger(java.math.BigInteger) CertificateSerial(org.candlepin.model.CertificateSerial) LinkedList(java.util.LinkedList) Transactional(com.google.inject.persist.Transactional)

Example 4 with CertificateSerial

use of org.candlepin.model.CertificateSerial in project candlepin by candlepin.

the class SubscriptionReconcilerTest method createEntitlementCertificate.

protected EntitlementCertificate createEntitlementCertificate(String key, String cert) {
    EntitlementCertificate toReturn = new EntitlementCertificate();
    CertificateSerial certSerial = new CertificateSerial(new Date());
    certSerial.setCollected(true);
    certSerial.setUpdated(new Date());
    certSerial.setCreated(new Date());
    toReturn.setKeyAsBytes(key.getBytes());
    toReturn.setCertAsBytes(cert.getBytes());
    toReturn.setSerial(certSerial);
    return toReturn;
}
Also used : EntitlementCertificate(org.candlepin.model.EntitlementCertificate) CertificateSerial(org.candlepin.model.CertificateSerial) Date(java.util.Date)

Example 5 with CertificateSerial

use of org.candlepin.model.CertificateSerial in project candlepin by candlepin.

the class DefaultIdentityCertServiceAdapterTest method testGenerate.

@Test
public void testGenerate() throws GeneralSecurityException, IOException {
    Consumer consumer = mock(Consumer.class);
    when(consumer.getId()).thenReturn("42");
    when(consumer.getUuid()).thenReturn(Util.generateUUID());
    KeyPair kp = createKeyPair();
    when(kpc.getConsumerKeyPair(consumer)).thenReturn(kp);
    when(idcur.find(consumer.getId())).thenReturn(null);
    when(csc.create(any(CertificateSerial.class))).thenAnswer(new Answer<CertificateSerial>() {

        public CertificateSerial answer(InvocationOnMock invocation) {
            Object[] args = invocation.getArguments();
            CertificateSerial cs = (CertificateSerial) args[0];
            cs.setId(42L);
            return cs;
        }
    });
    when(pki.getPemEncoded(any(X509Certificate.class))).thenReturn("x509cert".getBytes());
    when(pki.getPemEncoded(any(PrivateKey.class))).thenReturn("priv".getBytes());
    when(idcur.create(any(IdentityCertificate.class))).thenAnswer(new Answer<IdentityCertificate>() {

        public IdentityCertificate answer(InvocationOnMock invocation) {
            Object[] args = invocation.getArguments();
            IdentityCertificate ic = (IdentityCertificate) args[0];
            ic.setId("42");
            return ic;
        }
    });
    IdentityCertificate ic = dicsa.generateIdentityCert(consumer);
    assertNotNull(ic);
    assertEquals("priv", ic.getKey());
    assertEquals("x509cert", ic.getCert());
    assertNotNull(ic.getCertAsBytes());
    assertNotNull(ic.getKeyAsBytes());
    verify(consumer).setIdCert(ic);
    verify(csc).create(any(CertificateSerial.class));
}
Also used : KeyPair(java.security.KeyPair) PrivateKey(java.security.PrivateKey) Consumer(org.candlepin.model.Consumer) InvocationOnMock(org.mockito.invocation.InvocationOnMock) CertificateSerial(org.candlepin.model.CertificateSerial) X509Certificate(java.security.cert.X509Certificate) IdentityCertificate(org.candlepin.model.IdentityCertificate) Test(org.junit.Test)

Aggregations

CertificateSerial (org.candlepin.model.CertificateSerial)46 Date (java.util.Date)23 Test (org.junit.Test)21 Consumer (org.candlepin.model.Consumer)16 IdentityCertificate (org.candlepin.model.IdentityCertificate)16 Entitlement (org.candlepin.model.Entitlement)11 EntitlementCertificate (org.candlepin.model.EntitlementCertificate)11 HashSet (java.util.HashSet)9 CandlepinQuery (org.candlepin.model.CandlepinQuery)9 Owner (org.candlepin.model.Owner)9 File (java.io.File)8 FileInputStream (java.io.FileInputStream)7 InputStream (java.io.InputStream)7 KeyPair (java.security.KeyPair)7 X509Certificate (java.security.cert.X509Certificate)7 ZipInputStream (java.util.zip.ZipInputStream)7 Principal (org.candlepin.auth.Principal)7 ConsumerType (org.candlepin.model.ConsumerType)7 HashMap (java.util.HashMap)6 KeyPair (org.candlepin.model.KeyPair)6