KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > ejbca > core > protocol > xkms > client > RevokeCommand


1 /*************************************************************************
2  * *
3  * EJBCA: The OpenSource Certificate Authority *
4  * *
5  * This software is free software; you can redistribute it and/or *
6  * modify it under the terms of the GNU Lesser General Public *
7  * License as published by the Free Software Foundation; either *
8  * version 2.1 of the License, or any later version. *
9  * *
10  * See terms of license at gnu.org. *
11  * *
12  *************************************************************************/

13  
14 package org.ejbca.core.protocol.xkms.client;
15
16 import java.security.cert.CertificateException JavaDoc;
17 import java.security.cert.X509Certificate JavaDoc;
18 import java.util.Collection JavaDoc;
19
20 import org.ejbca.core.protocol.xkms.common.XKMSConstants;
21 import org.ejbca.core.protocol.xkms.common.XKMSUtil;
22 import org.ejbca.ui.cli.ErrorAdminCommandException;
23 import org.ejbca.ui.cli.IAdminCommand;
24 import org.ejbca.ui.cli.IllegalAdminCommandException;
25 import org.ejbca.util.CertTools;
26 import org.w3._2000._09.xmldsig_.KeyInfoType;
27 import org.w3._2000._09.xmldsig_.X509DataType;
28 import org.w3._2002._03.xkms_.KeyBindingType;
29 import org.w3._2002._03.xkms_.ObjectFactory;
30 import org.w3._2002._03.xkms_.RevokeRequestType;
31 import org.w3._2002._03.xkms_.RevokeResultType;
32
33
34 /**
35  * Performes KRSS revoke calls to an web service.
36  *
37  * @version $Id: RevokeCommand.java,v 1.1 2007/01/07 00:31:51 herrvendil Exp $
38  * @author Philip Vendil
39  */

40 public class RevokeCommand extends XKMSCLIBaseCommand implements IAdminCommand{
41
42     private ObjectFactory xKMSObjectFactory = new ObjectFactory();
43     private org.w3._2000._09.xmldsig_.ObjectFactory sigFactory = new org.w3._2000._09.xmldsig_.ObjectFactory();
44     
45     private static final int ARG_CERT = 1;
46     private static final int ARG_CERTENCODING = 2;
47     private static final int ARG_REVOKATIONCODE = 3;
48     
49         
50    
51     
52     /**
53      * Creates a new instance of RaAddUserCommand
54      *
55      * @param args command line arguments
56      */

57     public RevokeCommand(String JavaDoc[] args) {
58         super(args);
59     }
60
61     /**
62      * Runs the command
63      *
64      * @throws IllegalAdminCommandException Error in command args
65      * @throws ErrorAdminCommandException Error running command
66      */

67     public void execute() throws IllegalAdminCommandException, ErrorAdminCommandException {
68         
69         try {
70            
71             if(args.length != 4 ){
72                 usage();
73                 System.exit(-1);
74             }
75   
76             String JavaDoc certEncoding = getCertEncoding(args[ARG_CERTENCODING]);
77             X509Certificate JavaDoc orgCert = getCert(args[ARG_CERT],certEncoding);
78             String JavaDoc revokationCode = args[ARG_REVOKATIONCODE];
79                                                             
80             String JavaDoc reqId = genId();
81             RevokeRequestType revokeRequestType = xKMSObjectFactory.createRevokeRequestType();
82             revokeRequestType.setId(reqId);
83             revokeRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CHAIN);
84             revokeRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_PRIVATEKEY);
85             
86             X509DataType x509DataType = sigFactory.createX509DataType();
87             x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName().add(sigFactory.createX509DataTypeX509Certificate(orgCert.getEncoded()));
88             KeyInfoType keyInfoType = sigFactory.createKeyInfoType();
89             keyInfoType.getContent().add(sigFactory.createX509Data(x509DataType));
90             
91             String JavaDoc keyBindingId = "_" + orgCert.getSerialNumber().toString();
92             KeyBindingType keyBindingType = xKMSObjectFactory.createKeyBindingType();
93             keyBindingType.setKeyInfo(keyInfoType);
94             keyBindingType.setId(keyBindingId);
95             revokeRequestType.setRevokeKeyBinding(keyBindingType);
96             
97             byte[] first = XKMSUtil.getSecretKeyFromPassphrase(revokationCode, true,20, XKMSUtil.KEY_REVOCATIONCODEIDENTIFIER_PASS1).getEncoded();
98             revokeRequestType.setRevocationCode(first);
99             
100             RevokeResultType revokeResultType = getXKMSInvoker().revoke(revokeRequestType, clientCert, privateKey, null, keyBindingId);
101
102             
103             if(revokeResultType.getResultMajor().equals(XKMSConstants.RESULTMAJOR_SUCCESS) &&
104                revokeResultType.getResultMinor() == null){
105  
106                getPrintStream().println("Certificate " + orgCert.getSerialNumber().toString(16) + " issued by " + CertTools.getIssuerDN(orgCert) + " revoked successfully.");
107    
108             }else{
109                 displayRequestErrors(revokeResultType);
110             }
111     
112         } catch (Exception JavaDoc e) {
113             throw new ErrorAdminCommandException(e);
114         }
115     }
116
117     private X509Certificate JavaDoc getCert(String JavaDoc filename, String JavaDoc certEncoding) {
118         X509Certificate JavaDoc retval = null;
119         
120         if(certEncoding.equals(ENCODING_PEM)){
121             try {
122                 Collection JavaDoc certs = CertTools.getCertsFromPEM(filename);
123                 if(certs.size() > 0){
124                     retval = (X509Certificate JavaDoc) certs.iterator().next();
125                 }
126             } catch (Exception JavaDoc e) {}
127
128         }
129         if(certEncoding.equals(ENCODING_DER)){
130             try {
131                 byte[] certdata = loadCert(filename);
132                 retval = CertTools.getCertfromByteArray(certdata);
133             } catch (CertificateException JavaDoc e) {
134             }
135         }
136         
137         if(retval == null){
138             getPrintStream().println("Error couldn't decode certificate " + filename);
139             usage();
140             System.exit(-1);
141         }
142         
143         return retval;
144     }
145
146     private String JavaDoc getCertEncoding(String JavaDoc arg) {
147         if(arg.equalsIgnoreCase(ENCODING_PEM)){
148             return ENCODING_PEM;
149         }
150         
151         if(arg.equalsIgnoreCase(ENCODING_DER)){
152             return ENCODING_DER;
153         }
154         
155         getPrintStream().println("Illegal cert encoding(should be pem, der) : " + arg);
156         usage();
157         System.exit(-1);
158         return null;
159     }
160
161     private void displayRequestErrors(RevokeResultType revokeResultType) {
162         if(revokeResultType.getResultMinor().equals(XKMSConstants.RESULTMINOR_NOMATCH)){
163             getPrintStream().println("Error no user with given certificate could be found");
164         }else
165             if(revokeResultType.getResultMinor().equals(XKMSConstants.RESULTMINOR_NOAUTHENTICATION)){
166                 getPrintStream().println("Error password couldn't be verified");
167             }else
168                 if(revokeResultType.getResultMinor().equals(XKMSConstants.RESULTMINOR_REFUSED)){
169                     getPrintStream().println("The user doesn't seem to have the wrong status or already been revoked.");
170                 }else{
171                     getPrintStream().println("Error occured during processing : " + revokeResultType.getResultMinor());
172                 }
173     }
174
175     protected void usage() {
176         getPrintStream().println("Command used to revoke a certificate");
177         getPrintStream().println("Usage : revoke <cert file name> <cert encoding (der|pem)> <revocation code> \n\n");
178         getPrintStream().println("Certificate encoding of the certificate about revoke, PEM and DER supported.\n");
179         getPrintStream().println("Example: revoke revokecert.pem pem \"revoke phrase\" ");
180         getPrintStream().println("Revokes the certificate in revokecert.pem");
181         
182                         
183     }
184
185
186 }
187
Popular Tags