/**
* Copyright (c) 2009 - 2012 Red Hat, Inc.
*
* This software is licensed to you under the GNU General Public License,
* version 2 (GPLv2). There is NO WARRANTY for this software, express or
* implied, including the implied warranties of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2
* along with this software; if not, see
* http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
*
* Red Hat trademarks are not licensed under GPLv2. No permission is
* granted to use or replicate Red Hat trademarks that are incorporated
* in this software or its documentation.
*/
package org.candlepin.service.impl;
import org.candlepin.model.CertificateSerial;
import org.candlepin.model.CertificateSerialCurator;
import org.candlepin.model.Consumer;
import org.candlepin.model.IdentityCertificate;
import org.candlepin.model.IdentityCertificateCurator;
import org.candlepin.model.KeyPairCurator;
import org.candlepin.pki.PKIUtility;
import org.candlepin.service.IdentityCertServiceAdapter;
import com.google.common.base.Function;
import com.google.inject.Inject;
import com.google.inject.name.Named;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Date;
/**
* DefaultIdentityCertServiceAdapter
*/
public class DefaultIdentityCertServiceAdapter implements
IdentityCertServiceAdapter {
private PKIUtility pki;
private static Logger log =
LoggerFactory.getLogger(DefaultIdentityCertServiceAdapter.class);
private IdentityCertificateCurator idCertCurator;
private KeyPairCurator keyPairCurator;
private CertificateSerialCurator serialCurator;
private Function<Date, Date> endDateGenerator;
@SuppressWarnings("unchecked")
@Inject
public DefaultIdentityCertServiceAdapter(PKIUtility pki,
IdentityCertificateCurator identityCertCurator,
KeyPairCurator keyPairCurator,
CertificateSerialCurator serialCurator,
@Named("endDateGenerator") Function endDtGen) {
this.pki = pki;
this.idCertCurator = identityCertCurator;
this.keyPairCurator = keyPairCurator;
this.serialCurator = serialCurator;
this.endDateGenerator = endDtGen;
}
@Override
public void deleteIdentityCert(Consumer consumer) {
if (consumer.getIdCert() == null) {
log.warn("Unable to delete null identity cert for consumer: {}", consumer.getUuid());
return;
}
IdentityCertificate certificate = idCertCurator
.find(consumer.getIdCert().getId());
if (certificate != null) {
idCertCurator.delete(certificate);
}
}
@Override
public IdentityCertificate generateIdentityCert(Consumer consumer)
throws GeneralSecurityException, IOException {
if (log.isDebugEnabled()) {
log.debug("Generating identity cert for consumer: " +
consumer.getUuid());
}
IdentityCertificate certificate = null;
if (consumer.getIdCert() != null) {
certificate = idCertCurator.find(consumer.getIdCert().getId());
}
if (certificate != null) {
return certificate;
}
return generate(consumer);
}
@Override
public IdentityCertificate regenerateIdentityCert(Consumer consumer)
throws GeneralSecurityException, IOException {
IdentityCertificate certificate = null;
if (consumer.getIdCert() != null) {
certificate = idCertCurator.find(consumer.getIdCert().getId());
}
if (certificate != null) {
consumer.setIdCert(null);
idCertCurator.delete(certificate);
}
return generate(consumer);
}
private IdentityCertificate generate(Consumer consumer)
throws GeneralSecurityException, IOException {
Calendar cal = Calendar.getInstance();
cal.add(Calendar.HOUR, -1);
Date startDate = cal.getTime();
Date endDate = this.endDateGenerator.apply(new Date());
CertificateSerial serial = new CertificateSerial(endDate);
// We need the sequence generated id before we create the EntitlementCertificate,
// otherwise we could have used cascading create
serialCurator.create(serial);
String dn = createDN(consumer);
IdentityCertificate identityCert = new IdentityCertificate();
KeyPair keyPair = keyPairCurator.getConsumerKeyPair(consumer);
X509Certificate x509cert = pki.createX509Certificate(dn, null, null,
startDate, endDate, keyPair, BigInteger.valueOf(serial.getId()),
consumer.getName());
identityCert.setCert(new String(pki.getPemEncoded(x509cert)));
identityCert.setKey(new String(pki.getPemEncoded(keyPair.getPrivate())));
identityCert.setSerial(serial);
identityCert.setConsumer(consumer);
consumer.setIdCert(identityCert);
return idCertCurator.create(identityCert);
}
private String createDN(Consumer consumer) {
StringBuilder sb = new StringBuilder("CN=");
sb.append(consumer.getUuid());
return sb.toString();
}
}