protected EntitlementCertificate createEntitlementCertificate(String key, String cert) { EntitlementCertificate toReturn = new EntitlementCertificate(); CertificateSerial certSerial = new CertificateSerial(1L, new Date()); toReturn.setKeyAsBytes(key.getBytes()); toReturn.setCertAsBytes(cert.getBytes()); toReturn.setSerial(certSerial); return toReturn; }
private EntitlementCertificate generateEntitlementCert( Entitlement entitlement, Subscription sub, Product product, boolean thisIsUeberCert) throws GeneralSecurityException, IOException { log.info("Generating entitlement cert."); KeyPair keyPair = keyPairCurator.getConsumerKeyPair(entitlement.getConsumer()); CertificateSerial serial = new CertificateSerial(entitlement.getEndDate()); // We need the sequence generated id before we create the EntitlementCertificate, // otherwise we could have used cascading create serial = serialCurator.create(serial); Set<Product> products = new HashSet<Product>(getProvidedProducts(entitlement.getPool(), sub)); // If creating a certificate for a distributor, we need // to add any derived products as well so that their content // is available in the upstream certificate. products.addAll(getDerivedProductsForDistributor(sub, entitlement)); log.info("Creating X509 cert."); X509Certificate x509Cert = createX509Certificate( entitlement, product, products, BigInteger.valueOf(serial.getId()), keyPair, !thisIsUeberCert); EntitlementCertificate cert = new EntitlementCertificate(); cert.setSerial(serial); cert.setKeyAsBytes(pki.getPemEncoded(keyPair.getPrivate())); products.add(product); Map<String, EnvironmentContent> promotedContent = getPromotedContent(entitlement); String contentPrefix = getContentPrefix(entitlement, !thisIsUeberCert); log.info("Getting PEM encoded cert."); String pem = new String(this.pki.getPemEncoded(x509Cert)); if (shouldGenerateV3(entitlement)) { byte[] payloadBytes = v3extensionUtil.createEntitlementDataPayload( products, entitlement, contentPrefix, promotedContent); String payload = "-----BEGIN ENTITLEMENT DATA-----\n"; payload += Util.toBase64(payloadBytes); payload += "-----END ENTITLEMENT DATA-----\n"; byte[] bytes = pki.getSHA256WithRSAHash(new ByteArrayInputStream(payloadBytes)); String signature = "-----BEGIN RSA SIGNATURE-----\n"; signature += Util.toBase64(bytes); signature += "-----END RSA SIGNATURE-----\n"; pem += payload + signature; } cert.setCert(pem); cert.setEntitlement(entitlement); if (log.isDebugEnabled()) { log.debug("Generated cert serial number: " + serial.getId()); log.debug("Key: " + cert.getKey()); log.debug("Cert: " + cert.getCert()); } log.info("Persisting cert."); entitlement.getCertificates().add(cert); entCertCurator.create(cert); return cert; }