protected EntitlementCertificate createEntitlementCertificate(String key, String cert) {
EntitlementCertificate toReturn = new EntitlementCertificate();
CertificateSerial certSerial = new CertificateSerial(1L, new Date());
toReturn.setKeyAsBytes(key.getBytes());
toReturn.setCertAsBytes(cert.getBytes());
toReturn.setSerial(certSerial);
return toReturn;
}
@Test
public void testUeberCertIsRegeneratedOnNextInvocation() throws Exception {
EntitlementCertificate firstCert = or.createUeberCertificate(principal, owner.getKey());
Product firstProduct = productCurator.lookupByName(owner, owner.getKey() + UEBER_PRODUCT);
EntitlementCertificate secondCert = or.createUeberCertificate(principal, owner.getKey());
Product secondProduct = productCurator.lookupByName(owner, owner.getKey() + UEBER_PRODUCT);
// make sure we didn't regenerate the whole thing
assertTrue(firstProduct.getUuid() == secondProduct.getUuid());
// only the ueber cert
assertFalse(firstCert.getId() == secondCert.getId());
}
private void exportEntitlementsCerts(
File baseDir, Consumer consumer, Set<Long> serials, boolean manifest) throws IOException {
File entCertDir = new File(baseDir.getCanonicalPath(), "entitlement_certificates");
entCertDir.mkdir();
for (EntitlementCertificate cert : entCertAdapter.listForConsumer(consumer)) {
if (manifest && !this.exportRules.canExport(cert.getEntitlement())) {
if (log.isDebugEnabled()) {
log.debug(
"Skipping export of entitlement cert with product: {}",
cert.getEntitlement().getPool().getProductId());
}
continue;
}
if ((serials == null) || (serials.contains(cert.getSerial().getId()))) {
log.debug("Exporting entitlement certificate: " + cert.getSerial());
File file = new File(entCertDir.getCanonicalPath(), cert.getSerial().getId() + ".pem");
FileWriter writer = null;
try {
writer = new FileWriter(file);
entCert.export(writer, cert);
} finally {
if (writer != null) {
writer.close();
}
}
}
}
}
private EntitlementCertificate generateEntitlementCert(
Entitlement entitlement, Subscription sub, Product product, boolean thisIsUeberCert)
throws GeneralSecurityException, IOException {
log.info("Generating entitlement cert.");
KeyPair keyPair = keyPairCurator.getConsumerKeyPair(entitlement.getConsumer());
CertificateSerial serial = new CertificateSerial(entitlement.getEndDate());
// We need the sequence generated id before we create the EntitlementCertificate,
// otherwise we could have used cascading create
serial = serialCurator.create(serial);
Set<Product> products = new HashSet<Product>(getProvidedProducts(entitlement.getPool(), sub));
// If creating a certificate for a distributor, we need
// to add any derived products as well so that their content
// is available in the upstream certificate.
products.addAll(getDerivedProductsForDistributor(sub, entitlement));
log.info("Creating X509 cert.");
X509Certificate x509Cert =
createX509Certificate(
entitlement,
product,
products,
BigInteger.valueOf(serial.getId()),
keyPair,
!thisIsUeberCert);
EntitlementCertificate cert = new EntitlementCertificate();
cert.setSerial(serial);
cert.setKeyAsBytes(pki.getPemEncoded(keyPair.getPrivate()));
products.add(product);
Map<String, EnvironmentContent> promotedContent = getPromotedContent(entitlement);
String contentPrefix = getContentPrefix(entitlement, !thisIsUeberCert);
log.info("Getting PEM encoded cert.");
String pem = new String(this.pki.getPemEncoded(x509Cert));
if (shouldGenerateV3(entitlement)) {
byte[] payloadBytes =
v3extensionUtil.createEntitlementDataPayload(
products, entitlement, contentPrefix, promotedContent);
String payload = "-----BEGIN ENTITLEMENT DATA-----\n";
payload += Util.toBase64(payloadBytes);
payload += "-----END ENTITLEMENT DATA-----\n";
byte[] bytes = pki.getSHA256WithRSAHash(new ByteArrayInputStream(payloadBytes));
String signature = "-----BEGIN RSA SIGNATURE-----\n";
signature += Util.toBase64(bytes);
signature += "-----END RSA SIGNATURE-----\n";
pem += payload + signature;
}
cert.setCert(pem);
cert.setEntitlement(entitlement);
if (log.isDebugEnabled()) {
log.debug("Generated cert serial number: " + serial.getId());
log.debug("Key: " + cert.getKey());
log.debug("Cert: " + cert.getCert());
}
log.info("Persisting cert.");
entitlement.getCertificates().add(cert);
entCertCurator.create(cert);
return cert;
}
@Test
public void shouldReturnInCorrectCertificate() {
Entitlement e =
entitlementCurator.findByCertificateSerial(firstCertificate.getSerial().getId());
assertNotSame(secondEntitlement, e);
}
@Test
public void shouldReturnCorrectCertificate() {
Entitlement e =
entitlementCurator.findByCertificateSerial(secondCertificate.getSerial().getId());
assertEquals(secondEntitlement, e);
}