@Override
public boolean _place(Trans trans, CertInfo certInfo, Artifact arti) throws CadiException {
- File fks = new File(dir,arti.getNs()+'.'+(kst==Agent.PKCS12?"p12":kst));
+ final String ext = (kst==Agent.PKCS12?"p12":kst);
+ File fks = new File(dir,arti.getNs()+'.'+ext);
try {
KeyStore jks = KeyStore.getInstance(kst);
if (fks.exists()) {
X509Certificate x509;
List<X509Certificate> chainList = new ArrayList<>();
Set<X509Certificate> caSet = new HashSet<>();
+ X509Certificate curr = null;
for (Certificate c : certColl) {
x509 = (X509Certificate)c;
// Is a Root (self-signed, anyway)
if (x509.getSubjectDN().equals(x509.getIssuerDN())) {
caSet.add(x509);
} else {
- chainList.add(x509);
+ // Expect Certs in Trust Chain Order.
+ if(curr==null) {
+ chainList.add(x509);
+ curr=x509;
+ } else {
+ // Only Add Cert next on the list
+ if(curr.getIssuerDN().equals(x509.getSubjectDN())) {
+ chainList.add(x509);
+ curr=x509;
+ }
+ }
}
}
-// chainList.addAll(caSet);
- //Collections.reverse(chainList);
// Properties, etc
// Add CADI Keyfile Entry to Properties
- addProperty(Config.CADI_KEYFILE,arti.getDir()+'/'+arti.getNs() + ".keyfile");
+ File keyfile = new File(arti.getDir()+'/'+arti.getNs() + ".keyfile");
+ PropHolder props = PropHolder.get(arti, "cred.props");
+ props.add(Config.CADI_KEYFILE,keyfile.getAbsolutePath());
+
// Set Keystore Password
- addProperty(Config.CADI_KEYSTORE,fks.getAbsolutePath());
+ props.add(Config.CADI_KEYSTORE,fks.getAbsolutePath());
String keystorePass = Symm.randomGen(Agent.PASS_SIZE);
- addEncProperty(Config.CADI_KEYSTORE_PASSWORD,keystorePass);
+ String encP = props.addEnc(Config.CADI_KEYSTORE_PASSWORD,keystorePass);
+ // Since there are now more than one Keystore type, the keystore password property might
+ // be overwritten, making the store useless without key. So we write it specifically
+ // as well.
+ props.add(Config.CADI_KEYSTORE_PASSWORD+'_'+ext,encP);
char[] keystorePassArray = keystorePass.toCharArray();
jks.load(null,keystorePassArray); // load in
// dictates that you live with the default, meaning, they are the same
String keyPass = keystorePass; //Symm.randomGen(CmAgent.PASS_SIZE);
PrivateKey pk = Factory.toPrivateKey(trans, certInfo.getPrivatekey());
- addEncProperty(Config.CADI_KEY_PASSWORD, keyPass);
- addProperty(Config.CADI_ALIAS, arti.getMechid());
+ props.addEnc(Config.CADI_KEY_PASSWORD, keyPass);
+ props.add(Config.CADI_ALIAS, arti.getMechid());
// Set<Attribute> attribs = new HashSet<>();
// if (kst.equals("pkcs12")) {
// // Friendly Name
pkEntry, protParam);
// Write out
- write(fks,Chmod.to400,jks,keystorePassArray);
+ write(fks,Chmod.to644,jks,keystorePassArray);
// Change out to TrustStore
// NOTE: PKCS12 does NOT support Trusted Entries. Put in JKS Always
jks = KeyStore.getInstance(Agent.JKS);
// Set Truststore Password
- addProperty(Config.CADI_TRUSTSTORE,fks.getAbsolutePath());
+ props.add(Config.CADI_TRUSTSTORE,fks.getAbsolutePath());
String trustStorePass = Symm.randomGen(Agent.PASS_SIZE);
- addEncProperty(Config.CADI_TRUSTSTORE_PASSWORD,trustStorePass);
+ props.addEnc(Config.CADI_TRUSTSTORE_PASSWORD,trustStorePass);
char[] truststorePassArray = trustStorePass.toCharArray();
jks.load(null,truststorePassArray); // load in