- protected CA(Access access, String caName, String env) throws IOException, CertException {
- trustedCAs = new String[4]; // starting array
- this.name = caName;
- this.env = env;
- permNS = CM_CA_PREFIX + name;
- permType = access.getProperty(permNS + ".perm_type",null);
- if(permType==null) {
- throw new CertException(permNS + ".perm_type" + MUST_EXIST_TO_CREATE_CSRS_FOR + caName);
- }
- caIssuerDNs = Split.splitTrim(':', access.getProperty(Config.CADI_X509_ISSUERS, null));
-
- String tag = CA.CM_CA_PREFIX+caName+CA.CM_CA_BASE_SUBJECT;
-
- String fields = access.getProperty(tag, null);
- if(fields==null) {
- throw new CertException(tag + MUST_EXIST_TO_CREATE_CSRS_FOR + caName);
- }
- access.log(Level.INFO, tag, "=",fields);
- rdns = RDN.parse('/',fields);
- for(RDN rdn : rdns) {
- if(rdn.aoi==BCStyle.EmailAddress) { // Cert Specs say Emails belong in Subject
- throw new CertException("email address is not allowed in " + CM_CA_BASE_SUBJECT);
- }
- }
-
- idDomains = new ArrayList<>();
- StringBuilder sb = null;
- for(String s : Split.splitTrim(',', access.getProperty(CA.CM_CA_PREFIX+caName+".idDomains", ""))) {
- if(s.length()>0) {
- if(sb==null) {
- sb = new StringBuilder();
- } else {
- sb.append(", ");
- }
- idDomains.add(s);
- sb.append(s);
- }
- }
- if(sb!=null) {
- access.printf(Level.INIT, "CA '%s' supports Personal Certificates for %s", caName, sb);
- }
-
- String dataDir = access.getProperty(CM_PUBLIC_DIR,null);
- if(dataDir!=null) {
- File data = new File(dataDir);
- byte[] bytes;
- if(data.exists()) {
- String trustCas = access.getProperty(CM_TRUST_CAS,null);
- if(trustCas!=null) {
- for(String fname : Split.splitTrim(',', trustCas)) {
- File crt;
- if(fname.contains("/")) {
- crt = new File(fname);
- } else {
- crt = new File(data,fname);
- }
- if(crt.exists()) {
- access.printf(Level.INIT, "Loading CA Cert from %s", crt.getAbsolutePath());
- bytes = new byte[(int)crt.length()];
- FileInputStream fis = new FileInputStream(crt);
- try {
- int read = fis.read(bytes);
- if(read>0) {
- addTrustedCA(new String(bytes));
- }
- } finally {
- fis.close();
- }
- } else {
- access.printf(Level.INIT, "FAILED to Load CA Cert from %s", crt.getAbsolutePath());
- }
- }
- } else {
- access.printf(Level.INIT, "Cannot load external TRUST CAs: No property %s",CM_TRUST_CAS);
- }
- } else {
- access.printf(Level.INIT, "Cannot load external TRUST CAs: %s doesn't exist, or is not accessible",data.getAbsolutePath());
- }
- }
- }
+ protected CA(Access access, String caName, String env) throws IOException, CertException {
+ trustedCAs = new String[4]; // starting array
+ this.name = caName;
+ this.env = env;
+ permNS = CM_CA_PREFIX + name;
+ permType = access.getProperty(permNS + ".perm_type",null);
+ if(permType==null) {
+ throw new CertException(permNS + ".perm_type" + MUST_EXIST_TO_CREATE_CSRS_FOR + caName);
+ }
+ caIssuerDNs = Split.splitTrim(':', access.getProperty(Config.CADI_X509_ISSUERS, null));
+
+ String tag = CA.CM_CA_PREFIX+caName+CA.CM_CA_BASE_SUBJECT;
+
+ String fields = access.getProperty(tag, null);
+ if(fields==null) {
+ throw new CertException(tag + MUST_EXIST_TO_CREATE_CSRS_FOR + caName);
+ }
+ access.log(Level.INFO, tag, "=",fields);
+ rdns = RDN.parse('/',fields);
+ for(RDN rdn : rdns) {
+ if(rdn.aoi==BCStyle.EmailAddress) { // Cert Specs say Emails belong in Subject
+ throw new CertException("email address is not allowed in " + CM_CA_BASE_SUBJECT);
+ }
+ }
+
+ idDomains = new ArrayList<>();
+ StringBuilder sb = null;
+ for(String s : Split.splitTrim(',', access.getProperty(CA.CM_CA_PREFIX+caName+".idDomains", ""))) {
+ if(s.length()>0) {
+ if(sb==null) {
+ sb = new StringBuilder();
+ } else {
+ sb.append(", ");
+ }
+ idDomains.add(s);
+ sb.append(s);
+ }
+ }
+ if(sb!=null) {
+ access.printf(Level.INIT, "CA '%s' supports Personal Certificates for %s", caName, sb);
+ }
+
+ String dataDir = access.getProperty(CM_PUBLIC_DIR,null);
+ if(dataDir!=null) {
+ File data = new File(dataDir);
+ byte[] bytes;
+ if(data.exists()) {
+ String trustCas = access.getProperty(CM_TRUST_CAS,null);
+ if(trustCas!=null) {
+ for(String fname : Split.splitTrim(',', trustCas)) {
+ File crt;
+ if(fname.contains("/")) {
+ crt = new File(fname);
+ } else {
+ crt = new File(data,fname);
+ }
+ if(crt.exists()) {
+ access.printf(Level.INIT, "Loading CA Cert from %s", crt.getAbsolutePath());
+ bytes = new byte[(int)crt.length()];
+ FileInputStream fis = new FileInputStream(crt);
+ try {
+ int read = fis.read(bytes);
+ if(read>0) {
+ addTrustedCA(new String(bytes));
+ }
+ } finally {
+ fis.close();
+ }
+ } else {
+ access.printf(Level.INIT, "FAILED to Load CA Cert from %s", crt.getAbsolutePath());
+ }
+ }
+ } else {
+ access.printf(Level.INIT, "Cannot load external TRUST CAs: No property %s",CM_TRUST_CAS);
+ }
+ } else {
+ access.printf(Level.INIT, "Cannot load external TRUST CAs: %s doesn't exist, or is not accessible",data.getAbsolutePath());
+ }
+ }
+ }