use of org.candlepin.pki.X509ExtensionWrapper in project candlepin by candlepin.
the class DefaultEntitlementCertServiceAdapterTest method testPrepareV3EntitlementDataForDefaults.
@Test
public void testPrepareV3EntitlementDataForDefaults() throws IOException {
Set<Product> products = new HashSet<>();
products.add(product);
consumer.setFact("system.certificate_version", "3.3");
consumer.setFact("uname.machine", "x86_64");
subscription.getProduct().setAttribute(Product.Attributes.WARNING_PERIOD, "0");
subscription.getProduct().setAttribute(Product.Attributes.MANAGEMENT_ENABLED, "false");
entitlement.getPool().setAttribute(Product.Attributes.VIRT_ONLY, "false");
for (ProductContent pc : product.getProductContent()) {
pc.setEnabled(true);
}
Set<X509ExtensionWrapper> extensions = certServiceAdapter.prepareV3Extensions();
Map<String, X509ExtensionWrapper> map = new HashMap<>();
for (X509ExtensionWrapper ext : extensions) {
map.put(ext.getOid(), ext);
}
assertTrue(map.containsKey("1.3.6.1.4.1.2312.9.6"));
assertEquals(map.get("1.3.6.1.4.1.2312.9.6").getValue(), ("3.3"));
byte[] payload = v3extensionUtil.createEntitlementDataPayload(getProductModels(product, products, "prefix", entitlement), consumer, pool, entitlement.getQuantity());
String stringValue = "";
try {
stringValue = processPayload(payload);
} catch (Exception e) {
throw new RuntimeException(e);
}
Map<String, Object> data = (Map<String, Object>) Util.fromJson(stringValue, Map.class);
assertEquals(data.get("consumer"), "test-consumer");
// each has been set to the default and should not be populated in the cert
Map<String, Object> subs = (Map<String, Object>) data.get("subscription");
assertNull(subs.get("warning"));
assertNull(subs.get("management"));
assertNull(subs.get("virt_only"));
List<Map<String, Object>> prods = (List<Map<String, Object>>) data.get("products");
for (Map<String, Object> prod : prods) {
List<Map<String, Object>> contents = (List<Map<String, Object>>) prod.get("content");
for (Map<String, Object> cont : contents) {
assertNull(cont.get("enabled"));
}
}
}
use of org.candlepin.pki.X509ExtensionWrapper in project candlepin by candlepin.
the class DefaultEntitlementCertServiceAdapterTest method testPrepareV1ExtensionsFileUnknownContentType.
@Test
public void testPrepareV1ExtensionsFileUnknownContentType() throws IOException, GeneralSecurityException {
Set<Product> products = new HashSet<>();
// product with a kickstart content
Product unknownContentTypeProduct = TestUtil.createProduct("12345", "a product");
unknownContentTypeProduct.setAttribute(Product.Attributes.VERSION, "version");
unknownContentTypeProduct.setAttribute(Product.Attributes.VARIANT, "variant");
unknownContentTypeProduct.setAttribute(Product.Attributes.TYPE, "SVC");
unknownContentTypeProduct.setAttribute(Product.Attributes.ARCHITECTURE, ARCH_LABEL);
unknownContentTypeProduct.addContent(unknownTypeContent, false);
products.clear();
products.add(unknownContentTypeProduct);
setupEntitlements(ARCH_LABEL, "1.0");
Set<X509ExtensionWrapper> extensions = certServiceAdapter.prepareV1Extensions(products, pool, consumer, entitlement.getQuantity(), "", null);
Map<String, X509ExtensionWrapper> map = getEncodedContent(extensions);
Map<String, String> extMap = getEncodedContentMap(extensions);
// we skip content of unknown type for v1 certs
assertFalse(isEncodedContentValid(map));
assertFalse(map.containsKey(CONTENT_URL_UNKNOWN_TYPE));
assertFalse(map.containsKey(CONTENT_TYPE_UNKNOWN));
assertFalse(extMapHasContentType(unknownTypeContent, extMap, "1"));
assertFalse(extMapHasContentType(unknownTypeContent, extMap, "2"));
assertFalse(extMapHasContentType(unknownTypeContent, extMap, "3"));
// make sure we don't set content type to "null"
assertFalse(extMapHasContentType(unknownTypeContent, extMap, "null"));
}
use of org.candlepin.pki.X509ExtensionWrapper in project candlepin by candlepin.
the class X509ExtensionUtil method subscriptionExtensions.
public Set<X509ExtensionWrapper> subscriptionExtensions(Pool pool) {
SimpleDateFormat iso8601DateFormat = Util.getUTCDateFormat();
Set<X509ExtensionWrapper> toReturn = new LinkedHashSet<>();
// Subscription/order info
// need the sub product name, not id here
// NOTE: order ~= subscription
// entitlement == entitlement
String subscriptionOid = OIDUtil.REDHAT_OID + "." + OIDUtil.TOPLEVEL_NAMESPACES.get(OIDUtil.ORDER_NAMESPACE_KEY);
if (pool.getProductId() != null) {
toReturn.add(new X509ExtensionWrapper(subscriptionOid + "." + OIDUtil.ORDER_OIDS.get(OIDUtil.ORDER_NAME_KEY), false, pool.getProductName()));
}
toReturn.add(new X509ExtensionWrapper(subscriptionOid + "." + OIDUtil.ORDER_OIDS.get(OIDUtil.ORDER_NUMBER_KEY), false, pool.getOrderNumber()));
toReturn.add(new X509ExtensionWrapper(subscriptionOid + "." + OIDUtil.ORDER_OIDS.get(OIDUtil.ORDER_SKU_KEY), false, pool.getProductId().toString()));
toReturn.add(new X509ExtensionWrapper(subscriptionOid + "." + OIDUtil.ORDER_OIDS.get(OIDUtil.ORDER_QUANTITY_KEY), false, pool.getQuantity().toString()));
String socketLimit = pool.getProduct().getAttributeValue(Product.Attributes.SOCKETS);
if (socketLimit != null) {
toReturn.add(new X509ExtensionWrapper(subscriptionOid + "." + OIDUtil.ORDER_OIDS.get(OIDUtil.ORDER_SOCKETLIMIT_KEY), false, socketLimit));
}
toReturn.add(new X509ExtensionWrapper(subscriptionOid + "." + OIDUtil.ORDER_OIDS.get(OIDUtil.ORDER_STARTDATE_KEY), false, iso8601DateFormat.format(pool.getStartDate())));
toReturn.add(new X509ExtensionWrapper(subscriptionOid + "." + OIDUtil.ORDER_OIDS.get(OIDUtil.ORDER_ENDDATE_KEY), false, iso8601DateFormat.format(pool.getEndDate())));
// TODO : use keys
String warningPeriod = pool.getProduct().getAttributeValue(Product.Attributes.WARNING_PERIOD);
if (warningPeriod == null) {
warningPeriod = "0";
}
toReturn.add(new X509ExtensionWrapper(subscriptionOid + "." + OIDUtil.ORDER_OIDS.get(OIDUtil.ORDER_WARNING_PERIOD), false, warningPeriod));
if (pool.getContractNumber() != null) {
toReturn.add(new X509ExtensionWrapper(subscriptionOid + "." + OIDUtil.ORDER_OIDS.get(OIDUtil.ORDER_CONTRACT_NUMBER_KEY), false, pool.getContractNumber()));
}
// Add the account number
if (pool.getAccountNumber() != null) {
toReturn.add(new X509ExtensionWrapper(subscriptionOid + "." + OIDUtil.ORDER_OIDS.get(OIDUtil.ORDER_ACCOUNT_NUMBER_KEY), false, pool.getAccountNumber()));
}
// Add Smart Management, default to "not managed"
String mgmt = pool.getProduct().getAttributeValue(Product.Attributes.MANAGEMENT_ENABLED);
mgmt = (mgmt == null) ? "0" : mgmt;
toReturn.add(new X509ExtensionWrapper(subscriptionOid + "." + OIDUtil.ORDER_OIDS.get(OIDUtil.ORDER_PROVIDES_MANAGEMENT_KEY), false, mgmt));
String supportLevel = pool.getProduct().getAttributeValue(Product.Attributes.SUPPORT_LEVEL);
String supportType = pool.getProduct().getAttributeValue(Product.Attributes.SUPPORT_TYPE);
if (supportLevel != null) {
toReturn.add(new X509ExtensionWrapper(subscriptionOid + "." + OIDUtil.ORDER_OIDS.get(OIDUtil.ORDER_SUPPORT_LEVEL), false, supportLevel));
}
if (supportType != null) {
toReturn.add(new X509ExtensionWrapper(subscriptionOid + "." + OIDUtil.ORDER_OIDS.get(OIDUtil.ORDER_SUPPORT_TYPE), false, supportType));
}
String stackingId = pool.getProduct().getAttributeValue(Product.Attributes.STACKING_ID);
if (stackingId != null) {
toReturn.add(new X509ExtensionWrapper(subscriptionOid + "." + OIDUtil.ORDER_OIDS.get(OIDUtil.ORDER_STACKING_ID), false, stackingId));
}
// code "true" as "1" so it matches other bools in the cert
String virtOnly = pool.getAttributeValue(Product.Attributes.VIRT_ONLY);
if (virtOnly != null && virtOnly.equals("true")) {
toReturn.add(new X509ExtensionWrapper(subscriptionOid + "." + OIDUtil.ORDER_OIDS.get(OIDUtil.ORDER_VIRT_ONLY_KEY), false, "1"));
}
return toReturn;
}
use of org.candlepin.pki.X509ExtensionWrapper in project candlepin by candlepin.
the class X509V3ExtensionUtil method getExtensions.
public Set<X509ExtensionWrapper> getExtensions() {
Set<X509ExtensionWrapper> toReturn = new LinkedHashSet<>();
X509ExtensionWrapper versionExtension = new X509ExtensionWrapper(OIDUtil.REDHAT_OID + "." + OIDUtil.TOPLEVEL_NAMESPACES.get(OIDUtil.ENTITLEMENT_VERSION_KEY), false, thisVersion);
toReturn.add(versionExtension);
return toReturn;
}
use of org.candlepin.pki.X509ExtensionWrapper in project candlepin by candlepin.
the class UeberCertificateGenerator method createX509Certificate.
private X509Certificate createX509Certificate(UeberCertData data, BigInteger serialNumber, KeyPair keyPair) throws GeneralSecurityException, IOException {
Set<X509ByteExtensionWrapper> byteExtensions = new LinkedHashSet<>();
Set<X509ExtensionWrapper> extensions = new LinkedHashSet<>();
extensions.addAll(extensionUtil.productExtensions(data.getProduct()));
extensions.addAll(extensionUtil.contentExtensions(data.getProduct().getProductContent(), null, new HashMap<>(), new Consumer(), data.getProduct()));
extensions.addAll(extensionUtil.subscriptionExtensions(data.getEntitlement().getPool()));
extensions.addAll(extensionUtil.entitlementExtensions(data.getEntitlement().getQuantity()));
extensions.addAll(extensionUtil.consumerExtensions(data.getConsumer()));
if (log.isDebugEnabled()) {
log.debug("Ueber certificate extensions for Owner: {}", data.getOwner().getKey());
for (X509ExtensionWrapper eWrapper : extensions) {
log.debug("Extension {} with value {}", eWrapper.getOid(), eWrapper.getValue());
}
}
String dn = "O=" + data.getOwner().getKey();
return this.pki.createX509Certificate(dn, extensions, byteExtensions, data.getStartDate(), data.getEndDate(), keyPair, serialNumber, null);
}
Aggregations