Package com.netscape.cmscore.cert
Class CrossCertPairSubsystem
- java.lang.Object
-
- com.netscape.cmscore.cert.CrossCertPairSubsystem
-
- All Implemented Interfaces:
ISubsystem
,ICrossCertPairSubsystem
public class CrossCertPairSubsystem extends java.lang.Object implements ICrossCertPairSubsystem
Subsystem for handling cross certificate pairing and publishing Intended use:- when signing a subordinate CA cert which is intended to be part of the crossCertificatePair
- when this ca submits a request (with existing CA signing key material to another ca for cross-signing
- Version:
- $Revision$, $Date$
- Author:
- cfu
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.String
DN_XCERTS
static java.lang.String
ID
static java.lang.String
LDAP_ATTR_CA_CERT
static java.lang.String
LDAP_ATTR_XCERT_PAIR
static org.slf4j.Logger
logger
protected java.lang.String
mBaseDN
protected ICertificateAuthority
mCa
protected IConfigStore
mConfig
protected LdapBoundConnFactory
mLdapConnFactory
protected IPublisherProcessor
mPublisherProcessor
protected static java.lang.String
PROP_LDAP
-
Constructor Summary
Constructors Constructor Description CrossCertPairSubsystem()
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description void
addCAcert(netscape.ldap.LDAPConnection conn, byte[] certEnc)
void
addXCertPair(netscape.ldap.LDAPConnection conn, netscape.ldap.LDAPAttribute certPairs, CertificatePair pair)
protected boolean
arePair(java.security.cert.X509Certificate cert1, java.security.cert.X509Certificate cert2)
are cert1 and cert2 cross-signed certs?java.security.cert.X509Certificate
byteArray2X509Cert(byte[] certBytes)
convert byte array to X509Certificatestatic boolean
byteArraysAreEqual(byte[] a, byte[] b)
compares contents two byte arrays returning true if exactly same.static boolean
ByteValueExists(netscape.ldap.LDAPAttribute attr, byte[] bval)
checks if a byte attribute has a certain value.void
deleteCAcert(netscape.ldap.LDAPConnection conn, byte[] certEnc)
IConfigStore
getConfigStore()
Returns the root configuration storage of this system.protected netscape.ldap.LDAPConnection
getConn()
java.lang.String
getId()
Retrieves subsystem identifier.void
importCert(byte[] certBytes)
"import" the CA cert cross-signed by another CA (potentially a bridge CA) into internal ldap db.void
importCert(java.lang.Object certObj)
"import" the CA cert cross-signed by another CA (potentially a bridge CA) into internal ldap db.void
init(IConfigStore config)
Initializes this subsystem with the given configuration store.void
publishCertPairs()
publish all cert pairs, if publisher is onprotected void
returnConn(netscape.ldap.LDAPConnection conn)
void
setId(java.lang.String id)
Sets specific to this subsystem.void
shutdown()
Stops this system.void
startup()
Notifies this subsystem if owner is in running mode.
-
-
-
Field Detail
-
logger
public static org.slf4j.Logger logger
-
ID
public static final java.lang.String ID
- See Also:
- Constant Field Values
-
DN_XCERTS
public static final java.lang.String DN_XCERTS
- See Also:
- Constant Field Values
-
LDAP_ATTR_CA_CERT
public static final java.lang.String LDAP_ATTR_CA_CERT
- See Also:
- Constant Field Values
-
LDAP_ATTR_XCERT_PAIR
public static final java.lang.String LDAP_ATTR_XCERT_PAIR
- See Also:
- Constant Field Values
-
PROP_LDAP
protected static final java.lang.String PROP_LDAP
- See Also:
- Constant Field Values
-
mConfig
protected IConfigStore mConfig
-
mLdapConnFactory
protected LdapBoundConnFactory mLdapConnFactory
-
mBaseDN
protected java.lang.String mBaseDN
-
mCa
protected ICertificateAuthority mCa
-
mPublisherProcessor
protected IPublisherProcessor mPublisherProcessor
-
-
Method Detail
-
getId
public java.lang.String getId()
Retrieves subsystem identifier.- Specified by:
getId
in interfaceISubsystem
- Returns:
- subsystem identifier
-
setId
public void setId(java.lang.String id) throws EBaseException
Description copied from interface:ISubsystem
Sets specific to this subsystem.- Specified by:
setId
in interfaceISubsystem
- Parameters:
id
- subsystem identifier- Throws:
EBaseException
- failed to set id
-
init
public void init(IConfigStore config) throws EBaseException
Description copied from interface:ISubsystem
Initializes this subsystem with the given configuration store.- Specified by:
init
in interfaceISubsystem
- Parameters:
config
- configuration store- Throws:
EBaseException
- failed to initialize
-
importCert
public void importCert(byte[] certBytes) throws EBaseException
"import" the CA cert cross-signed by another CA (potentially a bridge CA) into internal ldap db. the imported cert will be stored in the internal db first until it's pairing cert shows up. If it happens that it finds its pairing cert already there, then a CertifiatePair is created and put in the internal db "crosscertificatepair;binary" attribute- Specified by:
importCert
in interfaceICrossCertPairSubsystem
- Parameters:
certBytes
- cert in byte array to be imported- Throws:
EBaseException
- when certBytes conversion to X509 certificate fails
-
importCert
public void importCert(java.lang.Object certObj) throws EBaseException
"import" the CA cert cross-signed by another CA (potentially a bridge CA) into internal ldap db. the imported cert will be stored in the internal db first until it's pairing cert shows up. If it happens that it finds its pairing cert already there, then a CertifiatePair is created and put in the internal db "crosscertificatepair;binary" attribute- Parameters:
certBytes
- cert in byte array to be imported- Throws:
EBaseException
-
arePair
protected boolean arePair(java.security.cert.X509Certificate cert1, java.security.cert.X509Certificate cert2)
are cert1 and cert2 cross-signed certs?- Parameters:
cert1
- the cert for comparison in our internal dbcert2
- the cert that's being considered
-
byteArray2X509Cert
public java.security.cert.X509Certificate byteArray2X509Cert(byte[] certBytes) throws java.security.cert.CertificateException
Description copied from interface:ICrossCertPairSubsystem
convert byte array to X509Certificate- Specified by:
byteArray2X509Cert
in interfaceICrossCertPairSubsystem
- Returns:
- X509Certificate the X509Certificate class representation of the certificate byte array
- Throws:
java.security.cert.CertificateException
- when conversion fails
-
addXCertPair
public void addXCertPair(netscape.ldap.LDAPConnection conn, netscape.ldap.LDAPAttribute certPairs, CertificatePair pair) throws netscape.ldap.LDAPException, java.io.IOException
- Throws:
netscape.ldap.LDAPException
java.io.IOException
-
ByteValueExists
public static boolean ByteValueExists(netscape.ldap.LDAPAttribute attr, byte[] bval)
checks if a byte attribute has a certain value.
-
byteArraysAreEqual
public static boolean byteArraysAreEqual(byte[] a, byte[] b)
compares contents two byte arrays returning true if exactly same.
-
addCAcert
public void addCAcert(netscape.ldap.LDAPConnection conn, byte[] certEnc) throws netscape.ldap.LDAPException
- Throws:
netscape.ldap.LDAPException
-
deleteCAcert
public void deleteCAcert(netscape.ldap.LDAPConnection conn, byte[] certEnc) throws netscape.ldap.LDAPException
- Throws:
netscape.ldap.LDAPException
-
publishCertPairs
public void publishCertPairs() throws EBaseException
publish all cert pairs, if publisher is on- Specified by:
publishCertPairs
in interfaceICrossCertPairSubsystem
- Throws:
EBaseException
- when publishing fails
-
getConn
protected netscape.ldap.LDAPConnection getConn() throws ELdapException
- Throws:
ELdapException
-
returnConn
protected void returnConn(netscape.ldap.LDAPConnection conn) throws ELdapException
- Throws:
ELdapException
-
startup
public void startup() throws EBaseException
Description copied from interface:ISubsystem
Notifies this subsystem if owner is in running mode.- Specified by:
startup
in interfaceISubsystem
- Throws:
EBaseException
- failed to start up
-
shutdown
public void shutdown()
Stops this system.- Specified by:
shutdown
in interfaceISubsystem
-
getConfigStore
public IConfigStore getConfigStore()
Description copied from interface:ISubsystem
Returns the root configuration storage of this system.- Specified by:
getConfigStore
in interfaceISubsystem
- Returns:
- configuration store of this subsystem
-
-