Search in sources :

Example 11 with X509ExtensionWrapper

use of org.candlepin.pki.X509ExtensionWrapper in project candlepin by candlepin.

the class DefaultEntitlementCertServiceAdapterTest method testPrepareV3EntitlementDataForDefaults.

@Test
public void testPrepareV3EntitlementDataForDefaults() throws IOException {
    Set<Product> products = new HashSet<>();
    products.add(product);
    consumer.setFact("system.certificate_version", "3.3");
    consumer.setFact("uname.machine", "x86_64");
    subscription.getProduct().setAttribute(Product.Attributes.WARNING_PERIOD, "0");
    subscription.getProduct().setAttribute(Product.Attributes.MANAGEMENT_ENABLED, "false");
    entitlement.getPool().setAttribute(Product.Attributes.VIRT_ONLY, "false");
    for (ProductContent pc : product.getProductContent()) {
        pc.setEnabled(true);
    }
    Set<X509ExtensionWrapper> extensions = certServiceAdapter.prepareV3Extensions();
    Map<String, X509ExtensionWrapper> map = new HashMap<>();
    for (X509ExtensionWrapper ext : extensions) {
        map.put(ext.getOid(), ext);
    }
    assertTrue(map.containsKey("1.3.6.1.4.1.2312.9.6"));
    assertEquals(map.get("1.3.6.1.4.1.2312.9.6").getValue(), ("3.3"));
    byte[] payload = v3extensionUtil.createEntitlementDataPayload(getProductModels(product, products, "prefix", entitlement), consumer, pool, entitlement.getQuantity());
    String stringValue = "";
    try {
        stringValue = processPayload(payload);
    } catch (Exception e) {
        throw new RuntimeException(e);
    }
    Map<String, Object> data = (Map<String, Object>) Util.fromJson(stringValue, Map.class);
    assertEquals(data.get("consumer"), "test-consumer");
    // each has been set to the default and should not be populated in the cert
    Map<String, Object> subs = (Map<String, Object>) data.get("subscription");
    assertNull(subs.get("warning"));
    assertNull(subs.get("management"));
    assertNull(subs.get("virt_only"));
    List<Map<String, Object>> prods = (List<Map<String, Object>>) data.get("products");
    for (Map<String, Object> prod : prods) {
        List<Map<String, Object>> contents = (List<Map<String, Object>>) prod.get("content");
        for (Map<String, Object> cont : contents) {
            assertNull(cont.get("enabled"));
        }
    }
}
Also used : HashMap(java.util.HashMap) Product(org.candlepin.model.Product) Matchers.anyString(org.mockito.Matchers.anyString) ProductContent(org.candlepin.model.ProductContent) CertificateExpiredException(java.security.cert.CertificateExpiredException) GeneralSecurityException(java.security.GeneralSecurityException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) ExpectedException(org.junit.rules.ExpectedException) CertificateSizeException(org.candlepin.util.CertificateSizeException) IOException(java.io.IOException) X509ExtensionWrapper(org.candlepin.pki.X509ExtensionWrapper) List(java.util.List) ArrayList(java.util.ArrayList) Map(java.util.Map) Matchers.anyMap(org.mockito.Matchers.anyMap) HashMap(java.util.HashMap) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 12 with X509ExtensionWrapper

use of org.candlepin.pki.X509ExtensionWrapper in project candlepin by candlepin.

the class DefaultEntitlementCertServiceAdapterTest method testPrepareV1ExtensionsFileUnknownContentType.

@Test
public void testPrepareV1ExtensionsFileUnknownContentType() throws IOException, GeneralSecurityException {
    Set<Product> products = new HashSet<>();
    // product with a kickstart content
    Product unknownContentTypeProduct = TestUtil.createProduct("12345", "a product");
    unknownContentTypeProduct.setAttribute(Product.Attributes.VERSION, "version");
    unknownContentTypeProduct.setAttribute(Product.Attributes.VARIANT, "variant");
    unknownContentTypeProduct.setAttribute(Product.Attributes.TYPE, "SVC");
    unknownContentTypeProduct.setAttribute(Product.Attributes.ARCHITECTURE, ARCH_LABEL);
    unknownContentTypeProduct.addContent(unknownTypeContent, false);
    products.clear();
    products.add(unknownContentTypeProduct);
    setupEntitlements(ARCH_LABEL, "1.0");
    Set<X509ExtensionWrapper> extensions = certServiceAdapter.prepareV1Extensions(products, pool, consumer, entitlement.getQuantity(), "", null);
    Map<String, X509ExtensionWrapper> map = getEncodedContent(extensions);
    Map<String, String> extMap = getEncodedContentMap(extensions);
    // we skip content of unknown type for v1 certs
    assertFalse(isEncodedContentValid(map));
    assertFalse(map.containsKey(CONTENT_URL_UNKNOWN_TYPE));
    assertFalse(map.containsKey(CONTENT_TYPE_UNKNOWN));
    assertFalse(extMapHasContentType(unknownTypeContent, extMap, "1"));
    assertFalse(extMapHasContentType(unknownTypeContent, extMap, "2"));
    assertFalse(extMapHasContentType(unknownTypeContent, extMap, "3"));
    // make sure we don't set content type to "null"
    assertFalse(extMapHasContentType(unknownTypeContent, extMap, "null"));
}
Also used : Product(org.candlepin.model.Product) X509ExtensionWrapper(org.candlepin.pki.X509ExtensionWrapper) Matchers.anyString(org.mockito.Matchers.anyString) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 13 with X509ExtensionWrapper

use of org.candlepin.pki.X509ExtensionWrapper in project candlepin by candlepin.

the class X509ExtensionUtil method subscriptionExtensions.

public Set<X509ExtensionWrapper> subscriptionExtensions(Pool pool) {
    SimpleDateFormat iso8601DateFormat = Util.getUTCDateFormat();
    Set<X509ExtensionWrapper> toReturn = new LinkedHashSet<>();
    // Subscription/order info
    // need the sub product name, not id here
    // NOTE: order ~= subscription
    // entitlement == entitlement
    String subscriptionOid = OIDUtil.REDHAT_OID + "." + OIDUtil.TOPLEVEL_NAMESPACES.get(OIDUtil.ORDER_NAMESPACE_KEY);
    if (pool.getProductId() != null) {
        toReturn.add(new X509ExtensionWrapper(subscriptionOid + "." + OIDUtil.ORDER_OIDS.get(OIDUtil.ORDER_NAME_KEY), false, pool.getProductName()));
    }
    toReturn.add(new X509ExtensionWrapper(subscriptionOid + "." + OIDUtil.ORDER_OIDS.get(OIDUtil.ORDER_NUMBER_KEY), false, pool.getOrderNumber()));
    toReturn.add(new X509ExtensionWrapper(subscriptionOid + "." + OIDUtil.ORDER_OIDS.get(OIDUtil.ORDER_SKU_KEY), false, pool.getProductId().toString()));
    toReturn.add(new X509ExtensionWrapper(subscriptionOid + "." + OIDUtil.ORDER_OIDS.get(OIDUtil.ORDER_QUANTITY_KEY), false, pool.getQuantity().toString()));
    String socketLimit = pool.getProduct().getAttributeValue(Product.Attributes.SOCKETS);
    if (socketLimit != null) {
        toReturn.add(new X509ExtensionWrapper(subscriptionOid + "." + OIDUtil.ORDER_OIDS.get(OIDUtil.ORDER_SOCKETLIMIT_KEY), false, socketLimit));
    }
    toReturn.add(new X509ExtensionWrapper(subscriptionOid + "." + OIDUtil.ORDER_OIDS.get(OIDUtil.ORDER_STARTDATE_KEY), false, iso8601DateFormat.format(pool.getStartDate())));
    toReturn.add(new X509ExtensionWrapper(subscriptionOid + "." + OIDUtil.ORDER_OIDS.get(OIDUtil.ORDER_ENDDATE_KEY), false, iso8601DateFormat.format(pool.getEndDate())));
    // TODO : use keys
    String warningPeriod = pool.getProduct().getAttributeValue(Product.Attributes.WARNING_PERIOD);
    if (warningPeriod == null) {
        warningPeriod = "0";
    }
    toReturn.add(new X509ExtensionWrapper(subscriptionOid + "." + OIDUtil.ORDER_OIDS.get(OIDUtil.ORDER_WARNING_PERIOD), false, warningPeriod));
    if (pool.getContractNumber() != null) {
        toReturn.add(new X509ExtensionWrapper(subscriptionOid + "." + OIDUtil.ORDER_OIDS.get(OIDUtil.ORDER_CONTRACT_NUMBER_KEY), false, pool.getContractNumber()));
    }
    // Add the account number
    if (pool.getAccountNumber() != null) {
        toReturn.add(new X509ExtensionWrapper(subscriptionOid + "." + OIDUtil.ORDER_OIDS.get(OIDUtil.ORDER_ACCOUNT_NUMBER_KEY), false, pool.getAccountNumber()));
    }
    // Add Smart Management, default to "not managed"
    String mgmt = pool.getProduct().getAttributeValue(Product.Attributes.MANAGEMENT_ENABLED);
    mgmt = (mgmt == null) ? "0" : mgmt;
    toReturn.add(new X509ExtensionWrapper(subscriptionOid + "." + OIDUtil.ORDER_OIDS.get(OIDUtil.ORDER_PROVIDES_MANAGEMENT_KEY), false, mgmt));
    String supportLevel = pool.getProduct().getAttributeValue(Product.Attributes.SUPPORT_LEVEL);
    String supportType = pool.getProduct().getAttributeValue(Product.Attributes.SUPPORT_TYPE);
    if (supportLevel != null) {
        toReturn.add(new X509ExtensionWrapper(subscriptionOid + "." + OIDUtil.ORDER_OIDS.get(OIDUtil.ORDER_SUPPORT_LEVEL), false, supportLevel));
    }
    if (supportType != null) {
        toReturn.add(new X509ExtensionWrapper(subscriptionOid + "." + OIDUtil.ORDER_OIDS.get(OIDUtil.ORDER_SUPPORT_TYPE), false, supportType));
    }
    String stackingId = pool.getProduct().getAttributeValue(Product.Attributes.STACKING_ID);
    if (stackingId != null) {
        toReturn.add(new X509ExtensionWrapper(subscriptionOid + "." + OIDUtil.ORDER_OIDS.get(OIDUtil.ORDER_STACKING_ID), false, stackingId));
    }
    // code "true" as "1" so it matches other bools in the cert
    String virtOnly = pool.getAttributeValue(Product.Attributes.VIRT_ONLY);
    if (virtOnly != null && virtOnly.equals("true")) {
        toReturn.add(new X509ExtensionWrapper(subscriptionOid + "." + OIDUtil.ORDER_OIDS.get(OIDUtil.ORDER_VIRT_ONLY_KEY), false, "1"));
    }
    return toReturn;
}
Also used : LinkedHashSet(java.util.LinkedHashSet) X509ExtensionWrapper(org.candlepin.pki.X509ExtensionWrapper) SimpleDateFormat(java.text.SimpleDateFormat)

Example 14 with X509ExtensionWrapper

use of org.candlepin.pki.X509ExtensionWrapper in project candlepin by candlepin.

the class X509V3ExtensionUtil method getExtensions.

public Set<X509ExtensionWrapper> getExtensions() {
    Set<X509ExtensionWrapper> toReturn = new LinkedHashSet<>();
    X509ExtensionWrapper versionExtension = new X509ExtensionWrapper(OIDUtil.REDHAT_OID + "." + OIDUtil.TOPLEVEL_NAMESPACES.get(OIDUtil.ENTITLEMENT_VERSION_KEY), false, thisVersion);
    toReturn.add(versionExtension);
    return toReturn;
}
Also used : LinkedHashSet(java.util.LinkedHashSet) X509ExtensionWrapper(org.candlepin.pki.X509ExtensionWrapper)

Example 15 with X509ExtensionWrapper

use of org.candlepin.pki.X509ExtensionWrapper in project candlepin by candlepin.

the class UeberCertificateGenerator method createX509Certificate.

private X509Certificate createX509Certificate(UeberCertData data, BigInteger serialNumber, KeyPair keyPair) throws GeneralSecurityException, IOException {
    Set<X509ByteExtensionWrapper> byteExtensions = new LinkedHashSet<>();
    Set<X509ExtensionWrapper> extensions = new LinkedHashSet<>();
    extensions.addAll(extensionUtil.productExtensions(data.getProduct()));
    extensions.addAll(extensionUtil.contentExtensions(data.getProduct().getProductContent(), null, new HashMap<>(), new Consumer(), data.getProduct()));
    extensions.addAll(extensionUtil.subscriptionExtensions(data.getEntitlement().getPool()));
    extensions.addAll(extensionUtil.entitlementExtensions(data.getEntitlement().getQuantity()));
    extensions.addAll(extensionUtil.consumerExtensions(data.getConsumer()));
    if (log.isDebugEnabled()) {
        log.debug("Ueber certificate extensions for Owner: {}", data.getOwner().getKey());
        for (X509ExtensionWrapper eWrapper : extensions) {
            log.debug("Extension {} with value {}", eWrapper.getOid(), eWrapper.getValue());
        }
    }
    String dn = "O=" + data.getOwner().getKey();
    return this.pki.createX509Certificate(dn, extensions, byteExtensions, data.getStartDate(), data.getEndDate(), keyPair, serialNumber, null);
}
Also used : LinkedHashSet(java.util.LinkedHashSet) HashMap(java.util.HashMap) X509ByteExtensionWrapper(org.candlepin.pki.X509ByteExtensionWrapper) X509ExtensionWrapper(org.candlepin.pki.X509ExtensionWrapper)

Aggregations

X509ExtensionWrapper (org.candlepin.pki.X509ExtensionWrapper)25 Product (org.candlepin.model.Product)13 HashSet (java.util.HashSet)12 Test (org.junit.Test)12 Matchers.anyString (org.mockito.Matchers.anyString)12 HashMap (java.util.HashMap)8 LinkedHashSet (java.util.LinkedHashSet)8 IOException (java.io.IOException)7 CertificateSizeException (org.candlepin.util.CertificateSizeException)7 UnsupportedEncodingException (java.io.UnsupportedEncodingException)6 GeneralSecurityException (java.security.GeneralSecurityException)6 CertificateExpiredException (java.security.cert.CertificateExpiredException)6 ArrayList (java.util.ArrayList)6 Map (java.util.Map)6 ProductContent (org.candlepin.model.ProductContent)6 ExpectedException (org.junit.rules.ExpectedException)6 Matchers.anyMap (org.mockito.Matchers.anyMap)6 List (java.util.List)5 EnvironmentContent (org.candlepin.model.EnvironmentContent)5 X509Certificate (java.security.cert.X509Certificate)4