Package com.netscape.cms.servlet.csadmin
Class CertUtil
- java.lang.Object
-
- com.netscape.cms.servlet.csadmin.CertUtil
-
public class CertUtil extends java.lang.Object
-
-
Field Summary
Fields Modifier and Type Field Description static org.slf4j.Loggerlogger
-
Constructor Summary
Constructors Constructor Description CertUtil()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static voidaddUserCertificate(X509CertImpl cert)static java.lang.StringbuildSANSSLserverURLExtension(IConfigStore config)static voidcreateCertRecord(IRequest request, CertInfoProfile profile, X509CertImpl cert)static voidcreateCertRecord(IRequest request, CertInfoProfile profile, org.mozilla.jss.crypto.X509Certificate cert)static X509CertImplcreateLocalCert(IConfigStore config, X509Key x509key, java.lang.String prefix, java.lang.String certTag, java.lang.String type)static IRequestcreateLocalRequest(IConfigStore cs, IRequestQueue queue, java.lang.String tag, CertInfoProfile profile, X509CertInfo info, X509Key x509key)static X509CertImplcreateRemoteCert(java.lang.String hostname, int port, javax.ws.rs.core.MultivaluedMap<java.lang.String,java.lang.String> content, javax.servlet.http.HttpServletResponse response)static voiddeleteCert(java.lang.String tokenname, org.mozilla.jss.crypto.X509Certificate cert)static org.mozilla.jss.crypto.X509CertificatefindCertificate(java.lang.String fullnickname)static java.lang.StringfingerPrintFormat(java.lang.String content)static java.lang.StringgetAdminProfileAlgorithm(IConfigStore config)reads from the admin cert profile caAdminCert.profile and determines the algorithm as follows: 1.static PKCS10getPKCS10(IConfigStore config, java.lang.String prefix, Cert certObj, org.apache.velocity.context.Context context)static voidinjectSANextensionIntoRequest(IConfigStore config, IRequest req)static booleanprivateKeyExistsOnToken(java.lang.String certTag, java.lang.String tokenname, java.lang.String nickname)static voidupdateLocalRequest(IConfigStore config, java.lang.String certTag, byte[] certReq, java.lang.String reqType, java.lang.String subjectName)update local cert request with the actual request called from CertRequestPanel.java
-
-
-
Method Detail
-
createRemoteCert
public static X509CertImpl createRemoteCert(java.lang.String hostname, int port, javax.ws.rs.core.MultivaluedMap<java.lang.String,java.lang.String> content, javax.servlet.http.HttpServletResponse response) throws java.lang.Exception
- Throws:
java.lang.Exception
-
getPKCS10
public static PKCS10 getPKCS10(IConfigStore config, java.lang.String prefix, Cert certObj, org.apache.velocity.context.Context context) throws java.io.IOException
- Throws:
java.io.IOException
-
injectSANextensionIntoRequest
public static void injectSANextensionIntoRequest(IConfigStore config, IRequest req) throws java.lang.Exception
- Throws:
java.lang.Exception
-
buildSANSSLserverURLExtension
public static java.lang.String buildSANSSLserverURLExtension(IConfigStore config) throws java.lang.Exception
- Throws:
java.lang.Exception
-
createLocalRequest
public static IRequest createLocalRequest(IConfigStore cs, IRequestQueue queue, java.lang.String tag, CertInfoProfile profile, X509CertInfo info, X509Key x509key) throws java.lang.Exception
- Throws:
java.lang.Exception
-
updateLocalRequest
public static void updateLocalRequest(IConfigStore config, java.lang.String certTag, byte[] certReq, java.lang.String reqType, java.lang.String subjectName) throws java.lang.Exception
update local cert request with the actual request called from CertRequestPanel.java- Throws:
EBaseExceptionEPropertyNotFoundjava.lang.Exception
-
getAdminProfileAlgorithm
public static java.lang.String getAdminProfileAlgorithm(IConfigStore config) throws EBaseException, java.io.FileNotFoundException, java.io.IOException
reads from the admin cert profile caAdminCert.profile and determines the algorithm as follows: 1. First gets list of allowed algorithms from profile (constraint.params.signingAlgsAllowed) If entry does not exist, uses entry "ca.profiles.defaultSigningAlgsAllowed" from CS.cfg If that entry does not exist, uses basic default 2. Gets default.params.signingAlg from profile. If entry does not exist or equals "-", selects first algorithm in allowed algorithm list that matches CA signing key type Otherwise returns entry if it matches signing CA key type.- Throws:
EBaseExceptionjava.io.IOExceptionjava.io.FileNotFoundException
-
createLocalCert
public static X509CertImpl createLocalCert(IConfigStore config, X509Key x509key, java.lang.String prefix, java.lang.String certTag, java.lang.String type) throws java.lang.Exception
- Throws:
java.lang.Exception
-
createCertRecord
public static void createCertRecord(IRequest request, CertInfoProfile profile, org.mozilla.jss.crypto.X509Certificate cert) throws java.lang.Exception
- Throws:
java.lang.Exception
-
createCertRecord
public static void createCertRecord(IRequest request, CertInfoProfile profile, X509CertImpl cert) throws java.lang.Exception
- Throws:
java.lang.Exception
-
addUserCertificate
public static void addUserCertificate(X509CertImpl cert)
-
fingerPrintFormat
public static java.lang.String fingerPrintFormat(java.lang.String content)
-
privateKeyExistsOnToken
public static boolean privateKeyExistsOnToken(java.lang.String certTag, java.lang.String tokenname, java.lang.String nickname)
-
findCertificate
public static org.mozilla.jss.crypto.X509Certificate findCertificate(java.lang.String fullnickname) throws java.lang.Exception- Throws:
java.lang.Exception
-
deleteCert
public static void deleteCert(java.lang.String tokenname, org.mozilla.jss.crypto.X509Certificate cert) throws java.lang.Exception- Throws:
java.lang.Exception
-
-