Class CrossCertPairSubsystem

  • All Implemented Interfaces:
    ISubsystem, ICrossCertPairSubsystem

    public class CrossCertPairSubsystem
    extends java.lang.Object
    implements ICrossCertPairSubsystem
    Subsystem for handling cross certificate pairing and publishing Intended use:
    • when signing a subordinate CA cert which is intended to be part of the crossCertificatePair
    • when this ca submits a request (with existing CA signing key material to another ca for cross-signing
    In both cases, administrator needs to "import" the crossSigned certificates via the admin console. When importCert() is called, the imported cert will be stored in the internal db first until it's pairing cert shows up. If it happens that the above two cases finds its pairing cert already there, then a CertifiatePair is created and put in the internal db "crosscertificatepair;binary" attribute
    Version:
    $Revision$, $Date$
    Author:
    cfu
    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void addCAcert​(netscape.ldap.LDAPConnection conn, byte[] certEnc)  
      void addXCertPair​(netscape.ldap.LDAPConnection conn, netscape.ldap.LDAPAttribute certPairs, CertificatePair pair)  
      protected boolean arePair​(java.security.cert.X509Certificate cert1, java.security.cert.X509Certificate cert2)
      are cert1 and cert2 cross-signed certs?
      java.security.cert.X509Certificate byteArray2X509Cert​(byte[] certBytes)
      convert byte array to X509Certificate
      static boolean byteArraysAreEqual​(byte[] a, byte[] b)
      compares contents two byte arrays returning true if exactly same.
      static boolean ByteValueExists​(netscape.ldap.LDAPAttribute attr, byte[] bval)
      checks if a byte attribute has a certain value.
      void deleteCAcert​(netscape.ldap.LDAPConnection conn, byte[] certEnc)  
      IConfigStore getConfigStore()
      Returns the root configuration storage of this system.
      protected netscape.ldap.LDAPConnection getConn()  
      java.lang.String getId()
      Retrieves subsystem identifier.
      void importCert​(byte[] certBytes)
      "import" the CA cert cross-signed by another CA (potentially a bridge CA) into internal ldap db.
      void importCert​(java.lang.Object certObj)
      "import" the CA cert cross-signed by another CA (potentially a bridge CA) into internal ldap db.
      void init​(IConfigStore config)
      Initializes this subsystem with the given configuration store.
      void publishCertPairs()
      publish all cert pairs, if publisher is on
      protected void returnConn​(netscape.ldap.LDAPConnection conn)  
      void setId​(java.lang.String id)
      Sets specific to this subsystem.
      void shutdown()
      Stops this system.
      void startup()
      Notifies this subsystem if owner is in running mode.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Constructor Detail

      • CrossCertPairSubsystem

        public CrossCertPairSubsystem()
    • Method Detail

      • getId

        public java.lang.String getId()
        Retrieves subsystem identifier.
        Specified by:
        getId in interface ISubsystem
        Returns:
        subsystem identifier
      • setId

        public void setId​(java.lang.String id)
                   throws EBaseException
        Description copied from interface: ISubsystem
        Sets specific to this subsystem.
        Specified by:
        setId in interface ISubsystem
        Parameters:
        id - subsystem identifier
        Throws:
        EBaseException - failed to set id
      • importCert

        public void importCert​(byte[] certBytes)
                        throws EBaseException
        "import" the CA cert cross-signed by another CA (potentially a bridge CA) into internal ldap db. the imported cert will be stored in the internal db first until it's pairing cert shows up. If it happens that it finds its pairing cert already there, then a CertifiatePair is created and put in the internal db "crosscertificatepair;binary" attribute
        Specified by:
        importCert in interface ICrossCertPairSubsystem
        Parameters:
        certBytes - cert in byte array to be imported
        Throws:
        EBaseException - when certBytes conversion to X509 certificate fails
      • importCert

        public void importCert​(java.lang.Object certObj)
                        throws EBaseException
        "import" the CA cert cross-signed by another CA (potentially a bridge CA) into internal ldap db. the imported cert will be stored in the internal db first until it's pairing cert shows up. If it happens that it finds its pairing cert already there, then a CertifiatePair is created and put in the internal db "crosscertificatepair;binary" attribute
        Parameters:
        certBytes - cert in byte array to be imported
        Throws:
        EBaseException
      • arePair

        protected boolean arePair​(java.security.cert.X509Certificate cert1,
                                  java.security.cert.X509Certificate cert2)
        are cert1 and cert2 cross-signed certs?
        Parameters:
        cert1 - the cert for comparison in our internal db
        cert2 - the cert that's being considered
      • byteArray2X509Cert

        public java.security.cert.X509Certificate byteArray2X509Cert​(byte[] certBytes)
                                                              throws java.security.cert.CertificateException
        Description copied from interface: ICrossCertPairSubsystem
        convert byte array to X509Certificate
        Specified by:
        byteArray2X509Cert in interface ICrossCertPairSubsystem
        Returns:
        X509Certificate the X509Certificate class representation of the certificate byte array
        Throws:
        java.security.cert.CertificateException - when conversion fails
      • addXCertPair

        public void addXCertPair​(netscape.ldap.LDAPConnection conn,
                                 netscape.ldap.LDAPAttribute certPairs,
                                 CertificatePair pair)
                          throws netscape.ldap.LDAPException,
                                 java.io.IOException
        Throws:
        netscape.ldap.LDAPException
        java.io.IOException
      • ByteValueExists

        public static boolean ByteValueExists​(netscape.ldap.LDAPAttribute attr,
                                              byte[] bval)
        checks if a byte attribute has a certain value.
      • byteArraysAreEqual

        public static boolean byteArraysAreEqual​(byte[] a,
                                                 byte[] b)
        compares contents two byte arrays returning true if exactly same.
      • addCAcert

        public void addCAcert​(netscape.ldap.LDAPConnection conn,
                              byte[] certEnc)
                       throws netscape.ldap.LDAPException
        Throws:
        netscape.ldap.LDAPException
      • deleteCAcert

        public void deleteCAcert​(netscape.ldap.LDAPConnection conn,
                                 byte[] certEnc)
                          throws netscape.ldap.LDAPException
        Throws:
        netscape.ldap.LDAPException
      • shutdown

        public void shutdown()
        Stops this system.
        Specified by:
        shutdown in interface ISubsystem
      • getConfigStore

        public IConfigStore getConfigStore()
        Description copied from interface: ISubsystem
        Returns the root configuration storage of this system.

        Specified by:
        getConfigStore in interface ISubsystem
        Returns:
        configuration store of this subsystem