EndorseTpm.java

/*
 * Copyright (C) 2014 Intel Corporation
 * All rights reserved.
 */
package com.intel.mtwilson.privacyca.v2.rpc;

import com.intel.mtwilson.launcher.ws.ext.RPC;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.util.concurrent.Callable;
import com.intel.mtwilson.My;
import gov.niarl.his.privacyca.TpmUtils;
import java.io.File;
import org.apache.shiro.authz.annotation.RequiresPermissions;

/**
 *
 * @author jbuhacoff
 */
@RPC("endorse_tpm")
@RequiresPermissions("tpms:endorse")
public class EndorseTpm implements Callable<X509Certificate> {
    private static final org.slf4j.Logger log = org.slf4j.LoggerFactory.getLogger(EndorseTpm.class);

    private byte[] ekModulus;

    public void setEkModulus(byte[] ekModulus) {
        this.ekModulus = ekModulus;
    }

    public byte[] getEkModulus() {
        return ekModulus;
    }
    
    @Override
    @RequiresPermissions("tpms:endorse")    
    public X509Certificate call() throws Exception {
        // load privacy ca ek signing key (cakey) and corresponding certificate (cacert)
        String EndorsementP12Pass = My.configuration().getPrivacyCaEndorsementPassword();
        File TpmEndorsmentP12 = My.configuration().getPrivacyCaEndorsementP12();
        Integer validityDays = My.configuration().getPrivacyCaEndorsementValidityDays();
        RSAPrivateKey cakey = TpmUtils.privKeyFromP12(TpmEndorsmentP12.getAbsolutePath(), EndorsementP12Pass);
        X509Certificate cacert = TpmUtils.certFromP12(TpmEndorsmentP12.getAbsolutePath(), EndorsementP12Pass);
        X509Certificate ekcert = TpmUtils.makeEkCert(ekModulus, cakey, cacert, validityDays);
        log.info("Endorsed EK sha1 {} serial {}", TpmUtils.sha1hash(ekcert.getEncoded()), ekcert.getSerialNumber());
        return ekcert;
    }
    
}