1 13 14 package org.ejbca.core.protocol.xkms.client; 15 16 import java.security.cert.CertificateException ; 17 import java.security.cert.X509Certificate ; 18 import java.util.Collection ; 19 20 import org.ejbca.core.protocol.xkms.common.XKMSConstants; 21 import org.ejbca.core.protocol.xkms.common.XKMSUtil; 22 import org.ejbca.ui.cli.ErrorAdminCommandException; 23 import org.ejbca.ui.cli.IAdminCommand; 24 import org.ejbca.ui.cli.IllegalAdminCommandException; 25 import org.ejbca.util.CertTools; 26 import org.w3._2000._09.xmldsig_.KeyInfoType; 27 import org.w3._2000._09.xmldsig_.X509DataType; 28 import org.w3._2002._03.xkms_.KeyBindingType; 29 import org.w3._2002._03.xkms_.ObjectFactory; 30 import org.w3._2002._03.xkms_.RevokeRequestType; 31 import org.w3._2002._03.xkms_.RevokeResultType; 32 33 34 40 public class RevokeCommand extends XKMSCLIBaseCommand implements IAdminCommand{ 41 42 private ObjectFactory xKMSObjectFactory = new ObjectFactory(); 43 private org.w3._2000._09.xmldsig_.ObjectFactory sigFactory = new org.w3._2000._09.xmldsig_.ObjectFactory(); 44 45 private static final int ARG_CERT = 1; 46 private static final int ARG_CERTENCODING = 2; 47 private static final int ARG_REVOKATIONCODE = 3; 48 49 50 51 52 57 public RevokeCommand(String [] args) { 58 super(args); 59 } 60 61 67 public void execute() throws IllegalAdminCommandException, ErrorAdminCommandException { 68 69 try { 70 71 if(args.length != 4 ){ 72 usage(); 73 System.exit(-1); 74 } 75 76 String certEncoding = getCertEncoding(args[ARG_CERTENCODING]); 77 X509Certificate orgCert = getCert(args[ARG_CERT],certEncoding); 78 String revokationCode = args[ARG_REVOKATIONCODE]; 79 80 String reqId = genId(); 81 RevokeRequestType revokeRequestType = xKMSObjectFactory.createRevokeRequestType(); 82 revokeRequestType.setId(reqId); 83 revokeRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CHAIN); 84 revokeRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_PRIVATEKEY); 85 86 X509DataType x509DataType = sigFactory.createX509DataType(); 87 x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName().add(sigFactory.createX509DataTypeX509Certificate(orgCert.getEncoded())); 88 KeyInfoType keyInfoType = sigFactory.createKeyInfoType(); 89 keyInfoType.getContent().add(sigFactory.createX509Data(x509DataType)); 90 91 String keyBindingId = "_" + orgCert.getSerialNumber().toString(); 92 KeyBindingType keyBindingType = xKMSObjectFactory.createKeyBindingType(); 93 keyBindingType.setKeyInfo(keyInfoType); 94 keyBindingType.setId(keyBindingId); 95 revokeRequestType.setRevokeKeyBinding(keyBindingType); 96 97 byte[] first = XKMSUtil.getSecretKeyFromPassphrase(revokationCode, true,20, XKMSUtil.KEY_REVOCATIONCODEIDENTIFIER_PASS1).getEncoded(); 98 revokeRequestType.setRevocationCode(first); 99 100 RevokeResultType revokeResultType = getXKMSInvoker().revoke(revokeRequestType, clientCert, privateKey, null, keyBindingId); 101 102 103 if(revokeResultType.getResultMajor().equals(XKMSConstants.RESULTMAJOR_SUCCESS) && 104 revokeResultType.getResultMinor() == null){ 105 106 getPrintStream().println("Certificate " + orgCert.getSerialNumber().toString(16) + " issued by " + CertTools.getIssuerDN(orgCert) + " revoked successfully."); 107 108 }else{ 109 displayRequestErrors(revokeResultType); 110 } 111 112 } catch (Exception e) { 113 throw new ErrorAdminCommandException(e); 114 } 115 } 116 117 private X509Certificate getCert(String filename, String certEncoding) { 118 X509Certificate retval = null; 119 120 if(certEncoding.equals(ENCODING_PEM)){ 121 try { 122 Collection certs = CertTools.getCertsFromPEM(filename); 123 if(certs.size() > 0){ 124 retval = (X509Certificate ) certs.iterator().next(); 125 } 126 } catch (Exception e) {} 127 128 } 129 if(certEncoding.equals(ENCODING_DER)){ 130 try { 131 byte[] certdata = loadCert(filename); 132 retval = CertTools.getCertfromByteArray(certdata); 133 } catch (CertificateException e) { 134 } 135 } 136 137 if(retval == null){ 138 getPrintStream().println("Error couldn't decode certificate " + filename); 139 usage(); 140 System.exit(-1); 141 } 142 143 return retval; 144 } 145 146 private String getCertEncoding(String arg) { 147 if(arg.equalsIgnoreCase(ENCODING_PEM)){ 148 return ENCODING_PEM; 149 } 150 151 if(arg.equalsIgnoreCase(ENCODING_DER)){ 152 return ENCODING_DER; 153 } 154 155 getPrintStream().println("Illegal cert encoding(should be pem, der) : " + arg); 156 usage(); 157 System.exit(-1); 158 return null; 159 } 160 161 private void displayRequestErrors(RevokeResultType revokeResultType) { 162 if(revokeResultType.getResultMinor().equals(XKMSConstants.RESULTMINOR_NOMATCH)){ 163 getPrintStream().println("Error no user with given certificate could be found"); 164 }else 165 if(revokeResultType.getResultMinor().equals(XKMSConstants.RESULTMINOR_NOAUTHENTICATION)){ 166 getPrintStream().println("Error password couldn't be verified"); 167 }else 168 if(revokeResultType.getResultMinor().equals(XKMSConstants.RESULTMINOR_REFUSED)){ 169 getPrintStream().println("The user doesn't seem to have the wrong status or already been revoked."); 170 }else{ 171 getPrintStream().println("Error occured during processing : " + revokeResultType.getResultMinor()); 172 } 173 } 174 175 protected void usage() { 176 getPrintStream().println("Command used to revoke a certificate"); 177 getPrintStream().println("Usage : revoke <cert file name> <cert encoding (der|pem)> <revocation code> \n\n"); 178 getPrintStream().println("Certificate encoding of the certificate about revoke, PEM and DER supported.\n"); 179 getPrintStream().println("Example: revoke revokecert.pem pem \"revoke phrase\" "); 180 getPrintStream().println("Revokes the certificate in revokecert.pem"); 181 182 183 } 184 185 186 } 187 | Popular Tags |