Examples with X509ExtensionWrapper org.candlepin.pki.X509ExtensionWrapper used on opensource projects

Search in sources :

Example 21 with X509ExtensionWrapper

use of org.candlepin.pki.X509ExtensionWrapper in project candlepin by candlepin.

the class X509ExtensionUtil method contentExtensions.

public Set<X509ExtensionWrapper> contentExtensions(Collection<ProductContent> productContentList, String contentPrefix, Map<String, EnvironmentContent> promotedContent, Consumer consumer, Product skuProduct) {
    Set<ProductContent> productContent = new HashSet<>(productContentList);
    Set<X509ExtensionWrapper> toReturn = new LinkedHashSet<>();
    boolean enableEnvironmentFiltering = config.getBoolean(ConfigProperties.ENV_CONTENT_FILTERING);
    List<String> skuDisabled = skuProduct.getSkuDisabledContentIds();
    List<String> skuEnabled = skuProduct.getSkuEnabledContentIds();
    // informative error message to the user.
    for (ProductContent pc : productContent) {
        // augment the content path with the prefix if it is passed in
        String contentPath = this.createFullContentPath(contentPrefix, pc);
        // skip it. see rhbz#997970
        if (!OIDUtil.CF_REPO_TYPE.containsKey(pc.getContent().getType())) {
            log.warn("No content type OID found for {} with content type: {}", pc.getContent(), pc.getContent().getType());
            continue;
        }
        String contentOid = OIDUtil.REDHAT_OID + "." + OIDUtil.TOPLEVEL_NAMESPACES.get(OIDUtil.CHANNEL_FAMILY_NAMESPACE_KEY) + "." + pc.getContent().getId().toString() + "." + OIDUtil.CF_REPO_TYPE.get(pc.getContent().getType());
        toReturn.add(new X509ExtensionWrapper(contentOid, false, pc.getContent().getType()));
        toReturn.add(new X509ExtensionWrapper(contentOid + "." + OIDUtil.CHANNEL_FAMILY_OIDS.get(OIDUtil.CF_NAME_KEY), false, pc.getContent().getName()));
        toReturn.add(new X509ExtensionWrapper(contentOid + "." + OIDUtil.CHANNEL_FAMILY_OIDS.get(OIDUtil.CF_LABEL_KEY), false, pc.getContent().getLabel()));
        toReturn.add(new X509ExtensionWrapper(contentOid + "." + OIDUtil.CHANNEL_FAMILY_OIDS.get(OIDUtil.CF_VENDOR_ID_KEY), false, pc.getContent().getVendor()));
        toReturn.add(new X509ExtensionWrapper(contentOid + "." + OIDUtil.CHANNEL_FAMILY_OIDS.get(OIDUtil.CF_DOWNLOAD_URL_KEY), false, contentPath));
        toReturn.add(new X509ExtensionWrapper(contentOid + "." + OIDUtil.CHANNEL_FAMILY_OIDS.get(OIDUtil.CF_GPG_URL_KEY), false, pc.getContent().getGpgUrl()));
        Boolean enabled = pc.isEnabled();
        log.debug("default enabled flag = " + enabled);
        // sku level content enable override. if on both lists, active wins.
        if (skuDisabled.contains(pc.getContent().getId())) {
            enabled = false;
        }
        if (skuEnabled.contains(pc.getContent().getId())) {
            enabled = true;
        }
        // content:
        if (enableEnvironmentFiltering && consumer.getEnvironmentId() != null) {
            // we know content has been promoted at this point:
            Boolean enabledOverride = promotedContent.get(pc.getContent().getId()).getEnabled();
            if (enabledOverride != null) {
                log.debug("overriding enabled flag: {}", enabledOverride);
                enabled = enabledOverride;
            }
        }
        toReturn.add(new X509ExtensionWrapper(contentOid + "." + OIDUtil.CHANNEL_FAMILY_OIDS.get(OIDUtil.CF_ENABLED), false, (enabled) ? "1" : "0"));
        // Include metadata expiry if specified on the content:
        if (pc.getContent().getMetadataExpire() != null) {
            toReturn.add(new X509ExtensionWrapper(contentOid + "." + OIDUtil.CHANNEL_FAMILY_OIDS.get(OIDUtil.CF_METADATA_EXPIRE), false, pc.getContent().getMetadataExpire().toString()));
        }
        // Include required tags if specified on the content set:
        String requiredTags = pc.getContent().getRequiredTags();
        if ((requiredTags != null) && !requiredTags.equals("")) {
            toReturn.add(new X509ExtensionWrapper(contentOid + "." + OIDUtil.CHANNEL_FAMILY_OIDS.get(OIDUtil.CF_REQUIRED_TAGS), false, requiredTags));
        }
    }
    return toReturn;
}
Also used : LinkedHashSet(java.util.LinkedHashSet) X509ExtensionWrapper(org.candlepin.pki.X509ExtensionWrapper) ProductContent(org.candlepin.model.ProductContent) HashSet(java.util.HashSet) LinkedHashSet(java.util.LinkedHashSet)

Example 22 with X509ExtensionWrapper

use of org.candlepin.pki.X509ExtensionWrapper in project candlepin by candlepin.

the class DefaultEntitlementCertServiceAdapter method createX509Certificate.

// TODO: productModels not used by V1 certificates. This whole v1/v3 split needs
// a re-org. Passing them here because it eliminates a substantial performance hit
// recalculating this for the entitlement body in v3 certs.
public X509Certificate createX509Certificate(Consumer consumer, Owner owner, Pool pool, Entitlement ent, Product product, Set<Product> products, List<org.candlepin.model.dto.Product> productModels, BigInteger serialNumber, KeyPair keyPair, boolean useContentPrefix) throws GeneralSecurityException, IOException {
    // oidutil is busted at the moment, so do this manually
    Set<X509ExtensionWrapper> extensions;
    Set<X509ByteExtensionWrapper> byteExtensions = new LinkedHashSet<>();
    products.add(product);
    Map<String, EnvironmentContent> promotedContent = getPromotedContent(consumer);
    String contentPrefix = getContentPrefix(consumer, owner, useContentPrefix);
    if (shouldGenerateV3(consumer)) {
        extensions = prepareV3Extensions();
        byteExtensions = prepareV3ByteExtensions(product, productModels, contentPrefix, promotedContent);
    } else {
        extensions = prepareV1Extensions(products, pool, consumer, ent.getQuantity(), contentPrefix, promotedContent);
    }
    Date endDate = setupEntitlementEndDate(pool, consumer);
    ent.setEndDateOverride(endDate);
    Calendar calNow = Calendar.getInstance();
    Calendar calMinusHour = Calendar.getInstance();
    calMinusHour.add(Calendar.HOUR, -1);
    Date startDate = pool.getStartDate();
    if (pool.getStartDate().getTime() > calMinusHour.getTime().getTime() && pool.getStartDate().getTime() < calNow.getTime().getTime()) {
        startDate = calMinusHour.getTime();
    }
    X509Certificate x509Cert = this.pki.createX509Certificate(createDN(ent, owner), extensions, byteExtensions, startDate, endDate, keyPair, serialNumber, null);
    return x509Cert;
}
Also used : LinkedHashSet(java.util.LinkedHashSet) Calendar(java.util.Calendar) X509ByteExtensionWrapper(org.candlepin.pki.X509ByteExtensionWrapper) X509ExtensionWrapper(org.candlepin.pki.X509ExtensionWrapper) EnvironmentContent(org.candlepin.model.EnvironmentContent) Date(java.util.Date) X509Certificate(java.security.cert.X509Certificate)

Example 23 with X509ExtensionWrapper

use of org.candlepin.pki.X509ExtensionWrapper in project candlepin by candlepin.

the class DefaultEntitlementCertServiceAdapter method prepareV1Extensions.

public Set<X509ExtensionWrapper> prepareV1Extensions(Set<Product> products, Pool pool, Consumer consumer, Integer quantity, String contentPrefix, Map<String, EnvironmentContent> promotedContent) {
    Set<X509ExtensionWrapper> result = new LinkedHashSet<>();
    Set<String> entitledProductIds = entCurator.listEntitledProductIds(consumer, pool);
    int contentCounter = 0;
    boolean enableEnvironmentFiltering = config.getBoolean(ConfigProperties.ENV_CONTENT_FILTERING);
    Product skuProd = pool.getProduct();
    for (Product prod : Collections2.filter(products, X509Util.PROD_FILTER_PREDICATE)) {
        log.debug("Adding X509 extensions for product: {}", prod);
        result.addAll(extensionUtil.productExtensions(prod));
        Set<ProductContent> filteredContent = extensionUtil.filterProductContent(prod, consumer, promotedContent, enableEnvironmentFiltering, entitledProductIds);
        filteredContent = extensionUtil.filterContentByContentArch(filteredContent, consumer, prod);
        // Keep track of the number of content sets that are being added.
        contentCounter += filteredContent.size();
        log.debug("Adding X509 extensions for content: {}", filteredContent);
        result.addAll(extensionUtil.contentExtensions(filteredContent, contentPrefix, promotedContent, consumer, skuProd));
    }
    // informative error message to the user.
    if (contentCounter > X509ExtensionUtil.V1_CONTENT_LIMIT) {
        String cause = i18n.tr("Too many content sets for certificate {0}. A newer " + "client may be available to address this problem. " + "See knowledge database https://access.redhat.com/knowledge/node/129003 for more " + "information.", pool.getProductName());
        throw new CertificateSizeException(cause);
    }
    result.addAll(extensionUtil.subscriptionExtensions(pool));
    result.addAll(extensionUtil.entitlementExtensions(quantity));
    result.addAll(extensionUtil.consumerExtensions(consumer));
    if (log.isDebugEnabled()) {
        for (X509ExtensionWrapper eWrapper : result) {
            log.debug("Extension {} with value {}", eWrapper.getOid(), eWrapper.getValue());
        }
    }
    return result;
}
Also used : LinkedHashSet(java.util.LinkedHashSet) CertificateSizeException(org.candlepin.util.CertificateSizeException) Product(org.candlepin.model.Product) X509ExtensionWrapper(org.candlepin.pki.X509ExtensionWrapper) ProductContent(org.candlepin.model.ProductContent)

Example 24 with X509ExtensionWrapper

use of org.candlepin.pki.X509ExtensionWrapper in project candlepin by candlepin.

the class ProductCertificateCurator method createCertForProduct.

private ProductCertificate createCertForProduct(Product product) throws GeneralSecurityException, IOException {
    log.debug("Generating cert for product: {}", product);
    KeyPair keyPair = this.pki.generateNewKeyPair();
    Set<X509ExtensionWrapper> extensions = this.extensionUtil.productExtensions(product);
    // TODO: Should this use the RH product ID, or the object's UUID?
    BigInteger serial = BigInteger.valueOf(product.getId().hashCode()).abs();
    Calendar future = Calendar.getInstance();
    future.add(Calendar.YEAR, 10);
    X509Certificate x509Cert = this.pki.createX509Certificate("CN=" + product.getId(), extensions, null, new Date(), future.getTime(), keyPair, serial, null);
    ProductCertificate cert = new ProductCertificate();
    cert.setKeyAsBytes(this.pki.getPemEncoded(keyPair.getPrivate()));
    cert.setCertAsBytes(this.pki.getPemEncoded(x509Cert));
    cert.setProduct(product);
    return cert;
}
Also used : KeyPair(java.security.KeyPair) Calendar(java.util.Calendar) BigInteger(java.math.BigInteger) X509ExtensionWrapper(org.candlepin.pki.X509ExtensionWrapper) X509Certificate(java.security.cert.X509Certificate) Date(java.util.Date)

Example 25 with X509ExtensionWrapper

use of org.candlepin.pki.X509ExtensionWrapper in project candlepin by candlepin.

the class DefaultContentAccessCertServiceAdapter method createX509Certificate.

public X509Certificate createX509Certificate(Consumer consumer, Owner owner, BigInteger serialNumber, KeyPair keyPair, Date startDate, Date endDate) throws GeneralSecurityException, IOException {
    // fake a product dto as a container for the org content
    org.candlepin.model.dto.Product container = new org.candlepin.model.dto.Product();
    org.candlepin.model.dto.Content dContent = new org.candlepin.model.dto.Content();
    List<org.candlepin.model.dto.Content> dtoContents = new ArrayList<>();
    dtoContents.add(dContent);
    Environment environment = this.environmentCurator.getConsumerEnvironment(consumer);
    dContent.setPath(getContentPrefix(owner, environment));
    container.setContent(dtoContents);
    Set<X509ExtensionWrapper> extensions = prepareV3Extensions();
    Set<X509ByteExtensionWrapper> byteExtensions = prepareV3ByteExtensions(container);
    X509Certificate x509Cert = this.pki.createX509Certificate(createDN(consumer, owner), extensions, byteExtensions, startDate, endDate, keyPair, serialNumber, null);
    return x509Cert;
}
Also used : ArrayList(java.util.ArrayList) Product(org.candlepin.model.Product) X509Certificate(java.security.cert.X509Certificate) Content(org.candlepin.model.Content) EnvironmentContent(org.candlepin.model.EnvironmentContent) Environment(org.candlepin.model.Environment) X509ByteExtensionWrapper(org.candlepin.pki.X509ByteExtensionWrapper) X509ExtensionWrapper(org.candlepin.pki.X509ExtensionWrapper)

Aggregations

X509ExtensionWrapper (org.candlepin.pki.X509ExtensionWrapper)25 Product (org.candlepin.model.Product)13 HashSet (java.util.HashSet)12 Test (org.junit.Test)12 Matchers.anyString (org.mockito.Matchers.anyString)12 HashMap (java.util.HashMap)8 LinkedHashSet (java.util.LinkedHashSet)8 IOException (java.io.IOException)7 CertificateSizeException (org.candlepin.util.CertificateSizeException)7 UnsupportedEncodingException (java.io.UnsupportedEncodingException)6 GeneralSecurityException (java.security.GeneralSecurityException)6 CertificateExpiredException (java.security.cert.CertificateExpiredException)6 ArrayList (java.util.ArrayList)6 Map (java.util.Map)6 ProductContent (org.candlepin.model.ProductContent)6 ExpectedException (org.junit.rules.ExpectedException)6 Matchers.anyMap (org.mockito.Matchers.anyMap)6 List (java.util.List)5 EnvironmentContent (org.candlepin.model.EnvironmentContent)5 X509Certificate (java.security.cert.X509Certificate)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial