Certificate.java

/*
 * To change this template, choose Tools | Templates
 * and open the template in the editor.
 */
package com.intel.mtwilson.tag.model;

import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonIgnore;
import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlRootElement;
import com.intel.dcsg.cpg.crypto.Sha1Digest;
import com.intel.dcsg.cpg.crypto.Sha256Digest;
import com.intel.dcsg.cpg.validation.Regex;
import com.intel.dcsg.cpg.validation.RegexPatterns;
import com.intel.dcsg.cpg.validation.Unchecked;
import com.intel.dcsg.cpg.x509.X509CertificateEncodingException;
import com.intel.dcsg.cpg.x509.X509CertificateFormatException;
import com.intel.dcsg.cpg.x509.X509Util;
import com.intel.mtwilson.jaxrs2.CertificateDocument;
import java.io.UnsupportedEncodingException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import org.apache.commons.codec.binary.Base64;

/**
 *
 * @author ssbangal
 */
@JacksonXmlRootElement(localName="certificate")
public class Certificate extends CertificateDocument{
    
    private static final org.slf4j.Logger log = org.slf4j.LoggerFactory.getLogger(Certificate.class);
    
    private byte[] certificate;
    private Sha1Digest sha1; // 20 bytes      SHA1(CERTIFICATE)  the certificate fingerprint
    private Sha256Digest sha256; // 32 bytes      SHA256(CERTIFICATE)  the certificate fingerprint
    private String subject;
    private String issuer;
    private Date notBefore;
    private Date notAfter;
    private boolean revoked = false;

    public byte[] getCertificate() {
        return certificate;
    }

    public void setCertificate(byte[] certificate) {
        this.certificate = certificate;
    }

    @Unchecked
    public Sha1Digest getSha1() {
        return sha1;
    }

    public void setSha1(Sha1Digest sha1) {
        this.sha1 = sha1;
    }

    @Unchecked
    public Sha256Digest getSha256() {
        return sha256;
    }

    public void setSha256(Sha256Digest sha256) {
        this.sha256 = sha256;
    }

    public String getSubject() {
        return subject;
    }

    public void setSubject(String subject) {
        this.subject = subject;
    }
    
    @Regex(RegexPatterns.ANY_VALUE)    
    public String getIssuer() {
        return issuer;
    }

    public void setIssuer(String issuer) {
        this.issuer = issuer;
    }

    public Date getNotBefore() {
        return notBefore;
    }

    public void setNotBefore(Date notBefore) {
        this.notBefore = notBefore;
    }

    public Date getNotAfter() {
        return notAfter;
    }

    public void setNotAfter(Date notAfter) {
        this.notAfter = notAfter;
    }

    public boolean isRevoked() {
        return revoked;
    }

    public void setRevoked(boolean revoked) {
        this.revoked = revoked;
    }

    
    // you still need to setUuid() after calling this since it's not included in the serialized form
    @JsonCreator
    public static Certificate valueOf(String text) throws UnsupportedEncodingException {
        byte[] data = Base64.decodeBase64(text);
        return valueOf(data);
    }

    // you still need to setUuid() after calling this since it's not included in the serialized form
    public static Certificate valueOf(byte[] data) throws UnsupportedEncodingException {
        Certificate certificate = new Certificate();
        certificate.setCertificate(data);
        certificate.setSha1(Sha1Digest.digestOf(data)); // throws UnsupportedEncodingException
        certificate.setSha256(Sha256Digest.digestOf(data)); // throws UnsupportedEncodingException
//        certificate.setPcrEventSha256(Sha256Digest.digestOf(certificate.getSha256().toByteArray()));
//        certificate.setPcrEventSha1(Sha1Digest.digestOf(certificate.getSha1().toByteArray()));
        X509AttributeCertificate attrcert = X509AttributeCertificate.valueOf(data);
        certificate.setIssuer(attrcert.getIssuer());
        certificate.setSubject(attrcert.getSubject());
        certificate.setNotBefore(attrcert.getNotBefore());
        certificate.setNotAfter(attrcert.getNotAfter());
        // assuming revoked = false (default value)
        log.debug("valueOf ok");
        return certificate;
    }
    
    @JsonIgnore
    @Override
    public X509Certificate getX509Certificate() {
        if( certificate == null ) { return null; }
        try {
            log.debug("Certificate bytes length {}", certificate.length);
            return X509Util.decodeDerCertificate(certificate);
        }
        catch(CertificateException e) {
            //throw new IllegalArgumentException("Cannot decode certificate", e); 
//            throw new ASException(ce, ErrorCode.MS_CERTIFICATE_ENCODING_ERROR, ce.getClass().getSimpleName()); 
            throw new X509CertificateFormatException(e, certificate);
        }
    }

    @JsonIgnore
    @Override
    public void setX509Certificate(X509Certificate certificate) {
        if( certificate == null ) {
            this.certificate = null;
            return;
        }
        try {
            this.certificate = certificate.getEncoded();
        }
        catch(CertificateEncodingException e) {
            log.error("Error decoding certificate.", e);
            //throw new IllegalArgumentException("Cannot decode certificate", e); 
//            throw new ASException(ErrorCode.MS_CERTIFICATE_ENCODING_ERROR, ce.getClass().getSimpleName());
            throw new X509CertificateEncodingException(e, certificate);
        }
    }
    
    
}