public Set<X509ByteExtensionWrapper> prepareV3ByteExtensions(
Set<Product> products,
Entitlement ent,
String contentPrefix,
Map<String, EnvironmentContent> promotedContent)
throws IOException {
Set<X509ByteExtensionWrapper> result =
v3extensionUtil.getByteExtensions(products, ent, contentPrefix, promotedContent);
return result;
}
private EntitlementCertificate generateEntitlementCert(
Entitlement entitlement, Subscription sub, Product product, boolean thisIsUeberCert)
throws GeneralSecurityException, IOException {
log.info("Generating entitlement cert.");
KeyPair keyPair = keyPairCurator.getConsumerKeyPair(entitlement.getConsumer());
CertificateSerial serial = new CertificateSerial(entitlement.getEndDate());
// We need the sequence generated id before we create the EntitlementCertificate,
// otherwise we could have used cascading create
serial = serialCurator.create(serial);
Set<Product> products = new HashSet<Product>(getProvidedProducts(entitlement.getPool(), sub));
// If creating a certificate for a distributor, we need
// to add any derived products as well so that their content
// is available in the upstream certificate.
products.addAll(getDerivedProductsForDistributor(sub, entitlement));
log.info("Creating X509 cert.");
X509Certificate x509Cert =
createX509Certificate(
entitlement,
product,
products,
BigInteger.valueOf(serial.getId()),
keyPair,
!thisIsUeberCert);
EntitlementCertificate cert = new EntitlementCertificate();
cert.setSerial(serial);
cert.setKeyAsBytes(pki.getPemEncoded(keyPair.getPrivate()));
products.add(product);
Map<String, EnvironmentContent> promotedContent = getPromotedContent(entitlement);
String contentPrefix = getContentPrefix(entitlement, !thisIsUeberCert);
log.info("Getting PEM encoded cert.");
String pem = new String(this.pki.getPemEncoded(x509Cert));
if (shouldGenerateV3(entitlement)) {
byte[] payloadBytes =
v3extensionUtil.createEntitlementDataPayload(
products, entitlement, contentPrefix, promotedContent);
String payload = "-----BEGIN ENTITLEMENT DATA-----\n";
payload += Util.toBase64(payloadBytes);
payload += "-----END ENTITLEMENT DATA-----\n";
byte[] bytes = pki.getSHA256WithRSAHash(new ByteArrayInputStream(payloadBytes));
String signature = "-----BEGIN RSA SIGNATURE-----\n";
signature += Util.toBase64(bytes);
signature += "-----END RSA SIGNATURE-----\n";
pem += payload + signature;
}
cert.setCert(pem);
cert.setEntitlement(entitlement);
if (log.isDebugEnabled()) {
log.debug("Generated cert serial number: " + serial.getId());
log.debug("Key: " + cert.getKey());
log.debug("Cert: " + cert.getCert());
}
log.info("Persisting cert.");
entitlement.getCertificates().add(cert);
entCertCurator.create(cert);
return cert;
}
public Set<X509ExtensionWrapper> prepareV3Extensions(
Entitlement ent, String contentPrefix, Map<String, EnvironmentContent> promotedContent) {
Set<X509ExtensionWrapper> result =
v3extensionUtil.getExtensions(ent, contentPrefix, promotedContent);
return result;
}
