/**
* Create the Master Certificate for the GridTalk.
*
* @param certFile The file that contains the Certificate.
* @return the UID of the created certificate.
*/
private Long createMasterCertificate(File certFile) throws Throwable {
Long certUID = null;
X509Certificate cert = GridCertUtilities.loadX509Certificate(certFile.getAbsolutePath());
ICertificateManagerObj mgr = ServiceLookupHelper.getCertificateManager();
// retrieve existing master cert
Certificate existCert =
mgr.findCertificateByIDAndName(_ctx.getGridNodeID().intValue(), _ctx.getMasterCertName());
// revoke
Logger.log(
"[ConnectionSetupRequestDelegate.createMasterCertificate] Revoking cert "
+ existCert.getUId());
mgr.revokeCertificateByUId((Long) existCert.getKey());
// insert new cert
mgr.insertCertificate(_ctx.getGridNodeID(), _ctx.getMasterCertName(), cert);
/*NSL20051115 Somehow this method still returns the revoked cert... so alternative is to
* use issuername & serialnumber to retrieve -- guarantee to be unique
Certificate newCert = mgr.findCertificateByIDAndName(
_ctx.getGridNodeID().intValue(), _ctx.getMasterCertName());
*/
String issuerName = GridCertUtilities.writeIssuerNameToString(cert.getIssuerX500Principal());
String serialNum =
GridCertUtilities.writeByteArrayToString(cert.getSerialNumber().toByteArray());
Certificate newCert = mgr.findCertificateByIssureAndSerialNum(issuerName, serialNum);
certUID = (Long) newCert.getKey();
Logger.log("[ConnectionSetupRequestDelegate.createMasterCertificate] New cert UID=" + certUID);
// update private key
mgr.updatePrivateKeyByCertificate(existCert.getPrivateKey(), newCert.getCertificate());
// update IsMaster
mgr.updateMasterAndPartnerByUId(certUID, true, false);
return certUID;
}
