protected EntitlementCertificate createEntitlementCertificate(String key, String cert) {
   EntitlementCertificate toReturn = new EntitlementCertificate();
   CertificateSerial certSerial = new CertificateSerial(1L, new Date());
   toReturn.setKeyAsBytes(key.getBytes());
   toReturn.setCertAsBytes(cert.getBytes());
   toReturn.setSerial(certSerial);
   return toReturn;
 }
Example #2
0
  @Test
  public void testUeberCertIsRegeneratedOnNextInvocation() throws Exception {
    EntitlementCertificate firstCert = or.createUeberCertificate(principal, owner.getKey());
    Product firstProduct = productCurator.lookupByName(owner, owner.getKey() + UEBER_PRODUCT);

    EntitlementCertificate secondCert = or.createUeberCertificate(principal, owner.getKey());
    Product secondProduct = productCurator.lookupByName(owner, owner.getKey() + UEBER_PRODUCT);

    // make sure we didn't regenerate the whole thing
    assertTrue(firstProduct.getUuid() == secondProduct.getUuid());
    // only the ueber cert
    assertFalse(firstCert.getId() == secondCert.getId());
  }
Example #3
0
  private void exportEntitlementsCerts(
      File baseDir, Consumer consumer, Set<Long> serials, boolean manifest) throws IOException {

    File entCertDir = new File(baseDir.getCanonicalPath(), "entitlement_certificates");
    entCertDir.mkdir();

    for (EntitlementCertificate cert : entCertAdapter.listForConsumer(consumer)) {
      if (manifest && !this.exportRules.canExport(cert.getEntitlement())) {
        if (log.isDebugEnabled()) {
          log.debug(
              "Skipping export of entitlement cert with product: {}",
              cert.getEntitlement().getPool().getProductId());
        }
        continue;
      }

      if ((serials == null) || (serials.contains(cert.getSerial().getId()))) {
        log.debug("Exporting entitlement certificate: " + cert.getSerial());
        File file = new File(entCertDir.getCanonicalPath(), cert.getSerial().getId() + ".pem");
        FileWriter writer = null;
        try {
          writer = new FileWriter(file);
          entCert.export(writer, cert);
        } finally {
          if (writer != null) {
            writer.close();
          }
        }
      }
    }
  }
  private EntitlementCertificate generateEntitlementCert(
      Entitlement entitlement, Subscription sub, Product product, boolean thisIsUeberCert)
      throws GeneralSecurityException, IOException {

    log.info("Generating entitlement cert.");

    KeyPair keyPair = keyPairCurator.getConsumerKeyPair(entitlement.getConsumer());
    CertificateSerial serial = new CertificateSerial(entitlement.getEndDate());
    // We need the sequence generated id before we create the EntitlementCertificate,
    // otherwise we could have used cascading create
    serial = serialCurator.create(serial);

    Set<Product> products = new HashSet<Product>(getProvidedProducts(entitlement.getPool(), sub));

    // If creating a certificate for a distributor, we need
    // to add any derived products as well so that their content
    // is available in the upstream certificate.
    products.addAll(getDerivedProductsForDistributor(sub, entitlement));

    log.info("Creating X509 cert.");
    X509Certificate x509Cert =
        createX509Certificate(
            entitlement,
            product,
            products,
            BigInteger.valueOf(serial.getId()),
            keyPair,
            !thisIsUeberCert);

    EntitlementCertificate cert = new EntitlementCertificate();
    cert.setSerial(serial);
    cert.setKeyAsBytes(pki.getPemEncoded(keyPair.getPrivate()));

    products.add(product);
    Map<String, EnvironmentContent> promotedContent = getPromotedContent(entitlement);
    String contentPrefix = getContentPrefix(entitlement, !thisIsUeberCert);

    log.info("Getting PEM encoded cert.");
    String pem = new String(this.pki.getPemEncoded(x509Cert));

    if (shouldGenerateV3(entitlement)) {
      byte[] payloadBytes =
          v3extensionUtil.createEntitlementDataPayload(
              products, entitlement, contentPrefix, promotedContent);
      String payload = "-----BEGIN ENTITLEMENT DATA-----\n";
      payload += Util.toBase64(payloadBytes);
      payload += "-----END ENTITLEMENT DATA-----\n";

      byte[] bytes = pki.getSHA256WithRSAHash(new ByteArrayInputStream(payloadBytes));
      String signature = "-----BEGIN RSA SIGNATURE-----\n";
      signature += Util.toBase64(bytes);
      signature += "-----END RSA SIGNATURE-----\n";

      pem += payload + signature;
    }

    cert.setCert(pem);

    cert.setEntitlement(entitlement);

    if (log.isDebugEnabled()) {
      log.debug("Generated cert serial number: " + serial.getId());
      log.debug("Key: " + cert.getKey());
      log.debug("Cert: " + cert.getCert());
    }

    log.info("Persisting cert.");
    entitlement.getCertificates().add(cert);
    entCertCurator.create(cert);
    return cert;
  }
 @Test
 public void shouldReturnInCorrectCertificate() {
   Entitlement e =
       entitlementCurator.findByCertificateSerial(firstCertificate.getSerial().getId());
   assertNotSame(secondEntitlement, e);
 }
 @Test
 public void shouldReturnCorrectCertificate() {
   Entitlement e =
       entitlementCurator.findByCertificateSerial(secondCertificate.getSerial().getId());
   assertEquals(secondEntitlement, e);
 }