log.debug("Generating entitlement cert for:");
log.debug(" consumer: {}", entitlement.getConsumer().getUuid());
log.debug(" product: {}" , product.getId());
KeyPair keyPair = keyPairCurator.getConsumerKeyPair(entitlement.getConsumer());
CertificateSerial serial = new CertificateSerial(entitlement.getEndDate());
// We need the sequence generated id before we create the EntitlementCertificate,
// otherwise we could have used cascading create
serial = serialCurator.create(serial);
Set<Product> products = new HashSet<Product>(getProvidedProducts(
entitlement.getPool(), sub));
// If creating a certificate for a distributor, we need
// to add any derived products as well so that their content
// is available in the upstream certificate.
products.addAll(getDerivedProductsForDistributor(sub, entitlement));
X509Certificate x509Cert = createX509Certificate(entitlement,
product, products, BigInteger.valueOf(serial.getId()), keyPair,
!thisIsUeberCert);
EntitlementCertificate cert = new EntitlementCertificate();
cert.setSerial(serial);
cert.setKeyAsBytes(pki.getPemEncoded(keyPair.getPrivate()));
products.add(product);
Map<String, EnvironmentContent> promotedContent = getPromotedContent(entitlement);
String contentPrefix = getContentPrefix(entitlement, !thisIsUeberCert);
String pem = new String(this.pki.getPemEncoded(x509Cert));
if (shouldGenerateV3(entitlement)) {
byte[] payloadBytes = v3extensionUtil.createEntitlementDataPayload(products,
entitlement, contentPrefix, promotedContent);
String payload = "-----BEGIN ENTITLEMENT DATA-----\n";
payload += Util.toBase64(payloadBytes);
payload += "-----END ENTITLEMENT DATA-----\n";
byte[] bytes = pki.getSHA256WithRSAHash(new ByteArrayInputStream(payloadBytes));
String signature = "-----BEGIN RSA SIGNATURE-----\n";
signature += Util.toBase64(bytes);
signature += "-----END RSA SIGNATURE-----\n";
pem += payload + signature;
}
cert.setCert(pem);
cert.setEntitlement(entitlement);
if (log.isDebugEnabled()) {
log.debug("Generated cert serial number: " + serial.getId());
log.debug("Key: " + cert.getKey());
log.debug("Cert: " + cert.getCert());
}
entitlement.getCertificates().add(cert);