CreateEndorsementCA.java

/*
 * Copyright (C) 2014 Intel Corporation
 * All rights reserved.
 */
package com.intel.mtwilson.privacyca.setup;

import com.intel.dcsg.cpg.crypto.RandomUtil;
import com.intel.dcsg.cpg.x509.X509Util;
import com.intel.mtwilson.My;
import com.intel.mtwilson.setup.LocalSetupTask;
import gov.niarl.his.privacyca.TpmUtils;
import java.io.File;
import java.security.cert.X509Certificate;
import org.apache.commons.io.FileUtils;

/**
 *
 * @author jbuhacoff
 */
public class CreateEndorsementCA extends LocalSetupTask {
    private File endorsementPemFile;
    private String endorsementPassword;
    private String endorsementIssuer;
    private File endorsementP12;
    private int endorsementCertificateValidityDays;
    
    @Override
    protected void configure() throws Exception {
        endorsementPemFile = My.configuration().getPrivacyCaEndorsementCacertsFile();
        endorsementIssuer = My.configuration().getPrivacyCaEndorsementIssuer();
        endorsementP12 = My.configuration().getPrivacyCaEndorsementP12();
        endorsementPassword = My.configuration().getPrivacyCaEndorsementPassword();
        endorsementCertificateValidityDays = My.configuration().getPrivacyCaEndorsementValidityDays();
        
        if( endorsementPassword == null || endorsementPassword.isEmpty() ) {
            endorsementPassword = RandomUtil.randomBase64String(16); 
            getConfiguration().setString("mtwilson.privacyca.ek.p12.password", endorsementPassword);
        }
    }

    @Override
    protected void validate() throws Exception {
        if( !endorsementPemFile.exists() ) {
            validation("Privacy CA certs file does not exist");
        }
        if( !endorsementP12.exists() ) {
            validation("Privacy CA p12 file does not exist");
        }
    }

    @Override
    protected void execute() throws Exception {
        TpmUtils.createCaP12(2048, endorsementIssuer, endorsementPassword, endorsementP12.getAbsolutePath(), endorsementCertificateValidityDays);
        X509Certificate pcaCert = TpmUtils.certFromP12(endorsementP12.getAbsolutePath(), endorsementPassword);
        String self = X509Util.encodePemCertificate(pcaCert);
        String existingEndorsementAuthorities = "";
        if( endorsementPemFile.exists() ) {
            existingEndorsementAuthorities = FileUtils.readFileToString(endorsementPemFile);
        }
        FileUtils.writeStringToFile(endorsementPemFile, String.format("%s\n%s", existingEndorsementAuthorities,self)); 
    }
    
}