|
1
13
14 package org.ejbca.core.protocol.xkms.client;
15
16 import java.security.cert.CertificateException  ;
17 import java.security.cert.X509Certificate ;
18 import java.util.Collection ;
19
20 import org.ejbca.core.protocol.xkms.common.XKMSConstants;
21 import org.ejbca.core.protocol.xkms.common.XKMSUtil;
22 import org.ejbca.ui.cli.ErrorAdminCommandException;
23 import org.ejbca.ui.cli.IAdminCommand;
24 import org.ejbca.ui.cli.IllegalAdminCommandException;
25 import org.ejbca.util.CertTools;
26 import org.w3._2000._09.xmldsig_.KeyInfoType;
27 import org.w3._2000._09.xmldsig_.X509DataType;
28 import org.w3._2002._03.xkms_.KeyBindingType;
29 import org.w3._2002._03.xkms_.ObjectFactory;
30 import org.w3._2002._03.xkms_.RevokeRequestType;
31 import org.w3._2002._03.xkms_.RevokeResultType;
32
33
34
40 public class RevokeCommand extends XKMSCLIBaseCommand implements IAdminCommand{
41
42 private ObjectFactory xKMSObjectFactory = new ObjectFactory();
43 private org.w3._2000._09.xmldsig_.ObjectFactory sigFactory = new org.w3._2000._09.xmldsig_.ObjectFactory();
44
45 private static final int ARG_CERT = 1;
46 private static final int ARG_CERTENCODING = 2;
47 private static final int ARG_REVOKATIONCODE = 3;
48
49
50
51
52
57 public RevokeCommand(String [] args) {
58 super(args);
59 }
60
61
67 public void execute() throws IllegalAdminCommandException, ErrorAdminCommandException {
68
69 try {
70
71 if(args.length != 4 ){
72 usage();
73 System.exit(-1);
74 }
75
76 String certEncoding = getCertEncoding(args[ARG_CERTENCODING]);
77 X509Certificate orgCert = getCert(args[ARG_CERT],certEncoding);
78 String revokationCode = args[ARG_REVOKATIONCODE];
79
80 String reqId = genId();
81 RevokeRequestType revokeRequestType = xKMSObjectFactory.createRevokeRequestType();
82 revokeRequestType.setId(reqId);
83 revokeRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CHAIN);
84 revokeRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_PRIVATEKEY);
85
86 X509DataType x509DataType = sigFactory.createX509DataType();
87 x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName().add(sigFactory.createX509DataTypeX509Certificate(orgCert.getEncoded()));
88 KeyInfoType keyInfoType = sigFactory.createKeyInfoType();
89 keyInfoType.getContent().add(sigFactory.createX509Data(x509DataType));
90
91 String keyBindingId = "_" + orgCert.getSerialNumber().toString();
92 KeyBindingType keyBindingType = xKMSObjectFactory.createKeyBindingType();
93 keyBindingType.setKeyInfo(keyInfoType);
94 keyBindingType.setId(keyBindingId);
95 revokeRequestType.setRevokeKeyBinding(keyBindingType);
96
97 byte[] first = XKMSUtil.getSecretKeyFromPassphrase(revokationCode, true,20, XKMSUtil.KEY_REVOCATIONCODEIDENTIFIER_PASS1).getEncoded();
98 revokeRequestType.setRevocationCode(first);
99
100 RevokeResultType revokeResultType = getXKMSInvoker().revoke(revokeRequestType, clientCert, privateKey, null, keyBindingId);
101
102
103 if(revokeResultType.getResultMajor().equals(XKMSConstants.RESULTMAJOR_SUCCESS) &&
104 revokeResultType.getResultMinor() == null){
105
106 getPrintStream().println("Certificate " + orgCert.getSerialNumber().toString(16) + " issued by " + CertTools.getIssuerDN(orgCert) + " revoked successfully.");
107
108 }else{
109 displayRequestErrors(revokeResultType);
110 }
111
112 } catch (Exception e) {
113 throw new ErrorAdminCommandException(e);
114 }
115 }
116
117 private X509Certificate getCert(String filename, String certEncoding) {
118 X509Certificate retval = null;
119
120 if(certEncoding.equals(ENCODING_PEM)){
121 try {
122 Collection certs = CertTools.getCertsFromPEM(filename);
123 if(certs.size() > 0){
124 retval = (X509Certificate ) certs.iterator().next();
125 }
126 } catch (Exception e) {}
127
128 }
129 if(certEncoding.equals(ENCODING_DER)){
130 try {
131 byte[] certdata = loadCert(filename);
132 retval = CertTools.getCertfromByteArray(certdata);
133 } catch (CertificateException e) {
134 }
135 }
136
137 if(retval == null){
138 getPrintStream().println("Error couldn't decode certificate " + filename);
139 usage();
140 System.exit(-1);
141 }
142
143 return retval;
144 }
145
146 private String getCertEncoding(String arg) {
147 if(arg.equalsIgnoreCase(ENCODING_PEM)){
148 return ENCODING_PEM;
149 }
150
151 if(arg.equalsIgnoreCase(ENCODING_DER)){
152 return ENCODING_DER;
153 }
154
155 getPrintStream().println("Illegal cert encoding(should be pem, der) : " + arg);
156 usage();
157 System.exit(-1);
158 return null;
159 }
160
161 private void displayRequestErrors(RevokeResultType revokeResultType) {
162 if(revokeResultType.getResultMinor().equals(XKMSConstants.RESULTMINOR_NOMATCH)){
163 getPrintStream().println("Error no user with given certificate could be found");
164 }else
165 if(revokeResultType.getResultMinor().equals(XKMSConstants.RESULTMINOR_NOAUTHENTICATION)){
166 getPrintStream().println("Error password couldn't be verified");
167 }else
168 if(revokeResultType.getResultMinor().equals(XKMSConstants.RESULTMINOR_REFUSED)){
169 getPrintStream().println("The user doesn't seem to have the wrong status or already been revoked.");
170 }else{
171 getPrintStream().println("Error occured during processing : " + revokeResultType.getResultMinor());
172 }
173 }
174
175 protected void usage() {
176 getPrintStream().println("Command used to revoke a certificate");
177 getPrintStream().println("Usage : revoke <cert file name> <cert encoding (der|pem)> <revocation code> \n\n");
178 getPrintStream().println("Certificate encoding of the certificate about revoke, PEM and DER supported.\n");
179 getPrintStream().println("Example: revoke revokecert.pem pem \"revoke phrase\" ");
180 getPrintStream().println("Revokes the certificate in revokecert.pem");
181
182
183 }
184
185
186 }
187 |
Popular Tags |
Java API By Example, From Geeks To Geeks.