BaseCaAdminCommand


1   /*************************************************************************
2    *                                                                       *
3    *  EJBCA: The OpenSource Certificate Authority                          *
4    *                                                                       *
5    *  This software is free software; you can redistribute it and/or       *
6    *  modify it under the terms of the GNU Lesser General Public           *
7    *  License as published by the Free Software Foundation; either         *
8    *  version 2.1 of the License, or any later version.                    *
9    *                                                                       *
10   *  See terms of license at gnu.org.                                     *
11   *                                                                       *
12   *************************************************************************/
13   
14  package org.ejbca.ui.cli;
15  
16  import java.io.ByteArrayOutputStream  ;
17  import java.io.FileOutputStream  ;
18  import java.io.IOException  ;
19  import java.security.InvalidKeyException  ;
20  import java.security.KeyPair  ;
21  import java.security.NoSuchAlgorithmException  ;
22  import java.security.NoSuchProviderException  ;
23  import java.security.SignatureException  ;
24  import java.util.ArrayList  ;
25  import java.util.Collection  ;
26  
27  import javax.naming.Context  ;
28  
29  import org.bouncycastle.asn1.DEROutputStream;
30  import org.bouncycastle.jce.PKCS10CertificationRequest;
31  import org.ejbca.core.ejb.ca.crl.ICreateCRLSessionHome;
32  import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionHome;
33  import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionRemote;
34  import org.ejbca.core.model.ca.caadmin.CAInfo;
35  import org.ejbca.core.model.log.Admin;
36  import org.ejbca.util.Base64;
37  import org.ejbca.util.CertTools;
38  
39  
40  /**
41   * Base for CA commands, contains comom functions for CA operations
42   *
43   * @version $Id: BaseCaAdminCommand.java,v 1.4 2007/01/03 14:49:35 anatom Exp $
44   */
45  public abstract class BaseCaAdminCommand extends BaseAdminCommand {
46      /** Private key alias in PKCS12 keystores */
47      protected String   privKeyAlias = "privateKey";
48      protected char[] privateKeyPass = null;
49      
50      /**
51       * Creates a new instance of BaseCaAdminCommand
52       *
53       * @param args command line arguments
54       */
55      public BaseCaAdminCommand(String  [] args) {
56          super(args, Admin.TYPE_CACOMMANDLINE_USER, "cli");
57          // Install BouncyCastle provider
58          CertTools.installBCProvider();
59      }
60      
61      /** Retrieves the complete certificate chain from the CA
62       *
63       * @param human readable name of CA 
64       * @return array of certificates, from ISignSession.getCertificateChain()
65       */   
66      protected Collection   getCertChain(String   caname) throws Exception  {
67          debug(">getCertChain()");
68          Collection   returnval = new ArrayList  ();
69          try {
70              CAInfo cainfo = this.getCAAdminSessionRemote().getCAInfo(administrator,caname);
71              if (cainfo != null) {
72                  returnval = cainfo.getCertificateChain();
73              } 
74          } catch (Exception   e) {
75              error("Error while getting certfificate chain from CA.", e);
76          }
77          debug("<getCertChain()");
78          return returnval;
79      } // getCertChain 
80  
81      protected void makeCertRequest(String   dn, KeyPair   rsaKeys, String   reqfile)
82          throws NoSuchAlgorithmException  , IOException  , NoSuchProviderException  , InvalidKeyException  , 
83              SignatureException   {
84          debug(">makeCertRequest: dn='" + dn + "', reqfile='" + reqfile + "'.");
85  
86          PKCS10CertificationRequest req = new PKCS10CertificationRequest("SHA1WithRSA",
87                  CertTools.stringToBcX509Name(dn), rsaKeys.getPublic(), null, rsaKeys.getPrivate());
88  
89          /* We don't use these uneccesary attributes
90          DERConstructedSequence kName = new DERConstructedSequence();
91          DERConstructedSet  kSeq = new DERConstructedSet();
92          kName.addObject(PKCSObjectIdentifiers.pkcs_9_at_emailAddress);
93          kSeq.addObject(new DERIA5String("foo@bar.se"));
94          kName.addObject(kSeq);
95          req.setAttributes(kName);
96           */
97          ByteArrayOutputStream   bOut = new ByteArrayOutputStream  ();
98          DEROutputStream dOut = new DEROutputStream(bOut);
99          dOut.writeObject(req);
100         dOut.close();
101 
102         PKCS10CertificationRequest req2 = new PKCS10CertificationRequest(bOut.toByteArray());
103         boolean verify = req2.verify();
104         getOutputStream().println("Verify returned " + verify);
105 
106         if (verify == false) {
107             getOutputStream().println("Aborting!");
108             return;
109         }
110 
111         FileOutputStream   os1 = new FileOutputStream  (reqfile);
112         os1.write("-----BEGIN CERTIFICATE REQUEST-----\n".getBytes());
113         os1.write(Base64.encode(bOut.toByteArray()));
114         os1.write("\n-----END CERTIFICATE REQUEST-----\n".getBytes());
115         os1.close();
116         getOutputStream().println("CertificationRequest '" + reqfile + "' generated successfully.");
117         debug("<makeCertRequest: dn='" + dn + "', reqfile='" + reqfile + "'.");
118     } // makeCertRequest
119 
120     protected void createCRL(String   issuerdn) {
121         debug(">createCRL()");
122 
123         try {
124             Context   context = getInitialContext();
125             ICreateCRLSessionHome home = (ICreateCRLSessionHome) javax.rmi.PortableRemoteObject.narrow(context.lookup(
126                         "CreateCRLSession"), ICreateCRLSessionHome.class);
127             if(issuerdn != null){
128               home.create().run(administrator, issuerdn);
129 
130               ICertificateStoreSessionHome storehome = (ICertificateStoreSessionHome) javax.rmi.PortableRemoteObject.narrow(context.lookup(
131                         "CertificateStoreSession"), ICertificateStoreSessionHome.class);
132               ICertificateStoreSessionRemote storeremote = storehome.create();
133               int number = storeremote.getLastCRLNumber(administrator, issuerdn);
134               getOutputStream().println("CRL with number " + number + " generated.");
135             }else{
136                 int createdcrls = home.create().createCRLs(administrator);
137                 getOutputStream().println("  " + createdcrls + " CRLs have been created."); 
138             }
139         } catch (Exception   e) {
140             error("Error while getting certficate chain from CA.", e);
141         }
142 
143         debug(">createCRL()");
144    } // createCRL
145     
146    protected String   getIssuerDN(String   caname) throws Exception  {            
147       CAInfo cainfo = getCAAdminSessionRemote().getCAInfo(administrator, caname);
148       return cainfo.getSubjectDN();  
149    }
150    
151    protected CAInfo getCAInfo(String   caname) throws Exception   {
152        CAInfo result;
153        try {
154            result = getCAAdminSessionRemote().getCAInfo(administrator, caname);
155        } catch (Exception   e) {
156            debug("Error retriving CA " + caname + " info.", e);
157            throw new Exception  ("Error retriving CA " + caname + " info.");
158        }
159        if (result == null) {
160            debug("CA " + caname + " not found.");
161            throw new Exception  ("CA " + caname + " not found.");
162        }
163        return result;
164    }
165    
166    
167 }
168
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags