Move Configurator.createRemoteAdminCert() to CACertClient

dogtagpki · Feb 9, 2021 · 2d52e54 · 2d52e54
1 parent 88d1837
commit 2d52e54
Show file tree

Hide file tree

Showing 2 changed files with 70 additions and 60 deletions.
diff --git a/base/common/src/main/java/com/netscape/certsrv/ca/CACertClient.java b/base/common/src/main/java/com/netscape/certsrv/ca/CACertClient.java
@@ -17,12 +17,19 @@
 //--- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.ca;
 
+import java.io.ByteArrayInputStream;
 import java.io.IOException;
 
+import javax.ws.rs.core.MultivaluedHashMap;
+import javax.ws.rs.core.MultivaluedMap;
 import javax.ws.rs.core.Response;
 
 import org.mozilla.jss.netscape.security.x509.X500Name;
+import org.mozilla.jss.netscape.security.x509.X509CertImpl;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
+import com.netscape.certsrv.authentication.EAuthException;
 import com.netscape.certsrv.cert.CertData;
 import com.netscape.certsrv.cert.CertDataInfos;
 import com.netscape.certsrv.cert.CertEnrollmentRequest;
@@ -39,12 +46,16 @@
 import com.netscape.certsrv.dbs.certdb.CertId;
 import com.netscape.certsrv.profile.ProfileDataInfos;
 import com.netscape.certsrv.request.RequestId;
+import com.netscape.cmsutil.crypto.CryptoUtil;
+import com.netscape.cmsutil.xml.XMLObject;
 
 /**
  * @author Endi S. Dewata
  */
 public class CACertClient extends Client {
 
+    public final static Logger logger = LoggerFactory.getLogger(CACertClient.class);
+
     public CertResource certClient;
     public CertRequestResource certRequestClient;
 
@@ -171,4 +182,58 @@ public ProfileDataInfos listEnrollmentTemplates(Integer start, Integer size) thr
         Response response = certRequestClient.listEnrollmentTemplates(start, size);
         return client.getEntity(response, ProfileDataInfos.class);
     }
+
+    public X509CertImpl submitRequest(
+            String certRequestType,
+            String certRequest,
+            String profileID,
+            String subjectDN,
+            String sessionID) throws Exception {
+
+        MultivaluedMap<String, String> content = new MultivaluedHashMap<String, String>();
+        content.putSingle("profileId", profileID);
+        content.putSingle("cert_request_type", certRequestType);
+        content.putSingle("cert_request", certRequest);
+        content.putSingle("xmlOutput", "true");
+        content.putSingle("sessionID", sessionID);
+        content.putSingle("subject", subjectDN);
+
+        String response = client.post("/ca/ee/ca/profileSubmit", content, String.class);
+        logger.info("CACertClient: Response: " + response);
+
+        if (response == null) {
+            logger.error("No response");
+            throw new IOException("No response");
+        }
+
+        ByteArrayInputStream bis = new ByteArrayInputStream(response.getBytes());
+        XMLObject parser = new XMLObject(bis);
+
+        String status = parser.getValue("Status");
+        logger.info("CACertClient: Status: " + status);
+
+        if (status.equals("2")) {
+            logger.error("Authentication failure");
+            throw new EAuthException("Authentication failure");
+        }
+
+        if (!status.equals("0")) {
+            String error = parser.getValue("Error");
+            logger.error("Unable to generate certificate: " + error);
+            throw new IOException("Unable to generate certificate: " + error);
+        }
+
+        String id = parser.getValue("Id");
+        logger.info("CACertClient: Request ID: " + id);
+
+        String serial = parser.getValue("serialno");
+        logger.info("CACertClient: Serial: " + serial);
+
+        String b64 = parser.getValue("b64");
+        logger.info("CACertClient: Cert: " + b64);
+
+        b64 = CryptoUtil.stripCertBrackets(b64.trim());
+        byte[] bytes = CryptoUtil.base64Decode(b64);
+        return new X509CertImpl(bytes);
+    }
 }
diff --git a/base/server/src/com/netscape/cms/servlet/csadmin/Configurator.java b/base/server/src/com/netscape/cms/servlet/csadmin/Configurator.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-import java.io.ByteArrayInputStream;
 import java.io.File;
 import java.io.IOException;
 import java.math.BigInteger;
@@ -54,10 +53,11 @@
 import org.slf4j.LoggerFactory;
 
 import com.netscape.certsrv.account.AccountClient;
-import com.netscape.certsrv.authentication.EAuthException;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.EPropertyNotFound;
 import com.netscape.certsrv.base.PKIException;
+import com.netscape.certsrv.ca.CACertClient;
+import com.netscape.certsrv.ca.CAClient;
 import com.netscape.certsrv.client.ClientConfig;
 import com.netscape.certsrv.client.PKIClient;
 import com.netscape.certsrv.system.AdminSetupRequest;
@@ -75,7 +75,6 @@
 import com.netscape.cmscore.apps.ServerXml;
 import com.netscape.cmscore.cert.CertUtils;
 import com.netscape.cmsutil.crypto.CryptoUtil;
-import com.netscape.cmsutil.xml.XMLObject;
 
 /**
  * Utility class for functions to be used by the RESTful installer.
@@ -863,71 +862,17 @@ public X509CertImpl createAdminCertificate(AdminSetupRequest request) throws Exc
         logger.debug("Configurator: profile: " + profileID);
 
         PKIClient client = Configurator.createClient(caURL, null, null);
+        CAClient caClient = new CAClient(client);
+        CACertClient caCertClient = new CACertClient(caClient);
 
-        return createRemoteAdminCert(
-                client,
+        return caCertClient.submitRequest(
                 certRequestType,
                 certRequest,
                 profileID,
                 adminSubjectDN,
                 sessionID);
     }
 
-    public X509CertImpl createRemoteAdminCert(
-            PKIClient client,
-            String certRequestType,
-            String certRequest,
-            String profileId,
-            String subjectDN,
-            String session_id) throws Exception {
-
-        MultivaluedMap<String, String> content = new MultivaluedHashMap<String, String>();
-        content.putSingle("profileId", profileId);
-        content.putSingle("cert_request_type", certRequestType);
-        content.putSingle("cert_request", certRequest);
-        content.putSingle("xmlOutput", "true");
-        content.putSingle("sessionID", session_id);
-        content.putSingle("subject", subjectDN);
-
-        String response = client.post("/ca/ee/ca/profileSubmit", content, String.class);
-        logger.info("Configurator: Response: " + response);
-
-        if (response == null) {
-            logger.error("Unable to generate admin certificate: no response from CA");
-            throw new IOException("Unable to generate admin certificate: no response from CA");
-        }
-
-        ByteArrayInputStream bis = new ByteArrayInputStream(response.getBytes());
-        XMLObject parser = new XMLObject(bis);
-
-        String status = parser.getValue("Status");
-        logger.info("Configurator: Status: " + status);
-
-        if (status.equals(AUTH_FAILURE)) {
-            logger.error("Unable to generate admin certificate: authentication failure");
-            throw new EAuthException("Unable to generate admin certificate: authentication failure");
-        }
-
-        if (!status.equals(SUCCESS)) {
-            String error = parser.getValue("Error");
-            logger.error("Unable to generate admin certificate: " + error);
-            throw new IOException("Unable to generate admin certificate: " + error);
-        }
-
-        String id = parser.getValue("Id");
-        logger.info("Configurator: Request ID: " + id);
-
-        String serial = parser.getValue("serialno");
-        logger.info("Configurator: Serial: " + serial);
-
-        String b64 = parser.getValue("b64");
-        logger.info("Configurator: Cert: " + b64);
-
-        b64 = CryptoUtil.stripCertBrackets(b64.trim());
-        byte[] bytes = CryptoUtil.base64Decode(b64);
-        return new X509CertImpl(bytes);
-    }
-
     /**
      * save variables needed for cloning and remove preops
      *