Package com.netscape.cms.servlet.csadmin
Class CertUtil
- java.lang.Object
-
- com.netscape.cms.servlet.csadmin.CertUtil
-
public class CertUtil extends java.lang.Object
-
-
Field Summary
Fields Modifier and Type Field Description static org.slf4j.Logger
logger
-
Constructor Summary
Constructors Constructor Description CertUtil()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static void
addUserCertificate(X509CertImpl cert)
static java.lang.String
buildSANSSLserverURLExtension(IConfigStore config)
static void
createCertRecord(IRequest request, CertInfoProfile profile, X509CertImpl cert)
static void
createCertRecord(IRequest request, CertInfoProfile profile, org.mozilla.jss.crypto.X509Certificate cert)
static X509CertImpl
createLocalCert(IConfigStore config, X509Key x509key, java.lang.String prefix, java.lang.String certTag, java.lang.String type)
static IRequest
createLocalRequest(IConfigStore cs, IRequestQueue queue, java.lang.String tag, CertInfoProfile profile, X509CertInfo info, X509Key x509key)
static X509CertImpl
createRemoteCert(java.lang.String hostname, int port, javax.ws.rs.core.MultivaluedMap<java.lang.String,java.lang.String> content, javax.servlet.http.HttpServletResponse response)
static void
deleteCert(java.lang.String tokenname, org.mozilla.jss.crypto.X509Certificate cert)
static org.mozilla.jss.crypto.X509Certificate
findCertificate(java.lang.String fullnickname)
static java.lang.String
fingerPrintFormat(java.lang.String content)
static java.lang.String
getAdminProfileAlgorithm(IConfigStore config)
reads from the admin cert profile caAdminCert.profile and determines the algorithm as follows: 1.static PKCS10
getPKCS10(IConfigStore config, java.lang.String prefix, Cert certObj, org.apache.velocity.context.Context context)
static void
injectSANextensionIntoRequest(IConfigStore config, IRequest req)
static boolean
privateKeyExistsOnToken(java.lang.String certTag, java.lang.String tokenname, java.lang.String nickname)
static void
updateLocalRequest(IConfigStore config, java.lang.String certTag, byte[] certReq, java.lang.String reqType, java.lang.String subjectName)
update local cert request with the actual request called from CertRequestPanel.java
-
-
-
Method Detail
-
createRemoteCert
public static X509CertImpl createRemoteCert(java.lang.String hostname, int port, javax.ws.rs.core.MultivaluedMap<java.lang.String,java.lang.String> content, javax.servlet.http.HttpServletResponse response) throws java.lang.Exception
- Throws:
java.lang.Exception
-
getPKCS10
public static PKCS10 getPKCS10(IConfigStore config, java.lang.String prefix, Cert certObj, org.apache.velocity.context.Context context) throws java.io.IOException
- Throws:
java.io.IOException
-
injectSANextensionIntoRequest
public static void injectSANextensionIntoRequest(IConfigStore config, IRequest req) throws java.lang.Exception
- Throws:
java.lang.Exception
-
buildSANSSLserverURLExtension
public static java.lang.String buildSANSSLserverURLExtension(IConfigStore config) throws java.lang.Exception
- Throws:
java.lang.Exception
-
createLocalRequest
public static IRequest createLocalRequest(IConfigStore cs, IRequestQueue queue, java.lang.String tag, CertInfoProfile profile, X509CertInfo info, X509Key x509key) throws java.lang.Exception
- Throws:
java.lang.Exception
-
updateLocalRequest
public static void updateLocalRequest(IConfigStore config, java.lang.String certTag, byte[] certReq, java.lang.String reqType, java.lang.String subjectName) throws java.lang.Exception
update local cert request with the actual request called from CertRequestPanel.java- Throws:
EBaseException
EPropertyNotFound
java.lang.Exception
-
getAdminProfileAlgorithm
public static java.lang.String getAdminProfileAlgorithm(IConfigStore config) throws EBaseException, java.io.FileNotFoundException, java.io.IOException
reads from the admin cert profile caAdminCert.profile and determines the algorithm as follows: 1. First gets list of allowed algorithms from profile (constraint.params.signingAlgsAllowed) If entry does not exist, uses entry "ca.profiles.defaultSigningAlgsAllowed" from CS.cfg If that entry does not exist, uses basic default 2. Gets default.params.signingAlg from profile. If entry does not exist or equals "-", selects first algorithm in allowed algorithm list that matches CA signing key type Otherwise returns entry if it matches signing CA key type.- Throws:
EBaseException
java.io.IOException
java.io.FileNotFoundException
-
createLocalCert
public static X509CertImpl createLocalCert(IConfigStore config, X509Key x509key, java.lang.String prefix, java.lang.String certTag, java.lang.String type) throws java.lang.Exception
- Throws:
java.lang.Exception
-
createCertRecord
public static void createCertRecord(IRequest request, CertInfoProfile profile, org.mozilla.jss.crypto.X509Certificate cert) throws java.lang.Exception
- Throws:
java.lang.Exception
-
createCertRecord
public static void createCertRecord(IRequest request, CertInfoProfile profile, X509CertImpl cert) throws java.lang.Exception
- Throws:
java.lang.Exception
-
addUserCertificate
public static void addUserCertificate(X509CertImpl cert)
-
fingerPrintFormat
public static java.lang.String fingerPrintFormat(java.lang.String content)
-
privateKeyExistsOnToken
public static boolean privateKeyExistsOnToken(java.lang.String certTag, java.lang.String tokenname, java.lang.String nickname)
-
findCertificate
public static org.mozilla.jss.crypto.X509Certificate findCertificate(java.lang.String fullnickname) throws java.lang.Exception
- Throws:
java.lang.Exception
-
deleteCert
public static void deleteCert(java.lang.String tokenname, org.mozilla.jss.crypto.X509Certificate cert) throws java.lang.Exception
- Throws:
java.lang.Exception
-
-